There is now a recipe - not really a new one, it's "vncproxy" with some
attributes renamed - which handles the relevant packages and services
(Debian names confirmed to have been valid at least since Jessie,
Ubuntu and RHEL ones based on existing convention + review comments).
Furthermore, nova.conf is now populated with required enpoint information
- with hopefully sane default values of relevant attributes.
Finally, the attribute node['openstack']['compute']['console_type']
can be used to enable the desired console type; it defaults to 'vnc'
in accordance with default Nova configuration.
Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I0996daddda6d21633930ba73e174f99775a9e0c9
Modern versions of OpenStack (confirmed under Rocky and Victoria)
have two separate keys for specifying memcached servers to use - one
for Nova itself (which the cookbook already handled) and one for the
Keystone middleware (which it did not). As a result, with only the former
set Nova keeps on complaining in the logs (at least under Rocky) about
still using in-process token cache.
Signed-off-by: Marek Szuba <marek.szuba@cern.ch>
Change-Id: I7930048a55a26e66c1dd041245ae5b23794eada1
Update ChefSpec due to changes made in apache2 cookbook.
Depends-On: https://review.opendev.org/756168
Change-Id: I3ec792c519650b2d95a976ad50419a9b417a3514
Signed-off-by: Lance Albertson <lance@osuosl.org>
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.
backport: stein
Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
The major change in this release is that the placement-api code base has been
removed from nova and put into it's own project called placement [1]. Users who
are coming from Stein will need to follow the upgrade guide [2] to properly
upgrade to the new service.
All attributes related to placement-api have been moved into their own files
including configuration file attributes for placement.conf.
Added:
- Template to manage /etc/placement/placement.conf
- Include openstack-compute::_nova_cell recipe to nova-setup so that the db
migrations happen properly
Changed:
- Update release to train
- Migrated from nova-placement-api to placement-api [1]
Fixed:
- Cookstyle & ChefSpec
- Ordering of db syncs which was causing issues for Train
- Set default['openstack']['compute']['syslog']['use'] to false by default
- Various comments
Removed:
- Removed references to nova-consoleauth which has been removed upstream [3]
- Removed references to xvpvnc which was removed upstream
- Unused .rubocop.yml and .rubocop_todo.yml
[1] https://docs.openstack.org/releasenotes/placement/train.html
[2] https://docs.openstack.org/placement/latest/admin/upgrade-to-stein.html
[3] https://docs.openstack.org/releasenotes/nova/train.html#prelude
Change-Id: I996bcd2f63a080e10fadf0c7adf9a0ddcb0b5c7a
Depends-On: https://review.opendev.org/731859
Depends-On: https://review.opendev.org/731860
Depends-On: https://review.opendev.org/731861
This adds some attributes for adjusting the thread counts for each wsgi
application. By default we use 10 threads, however for the api service, it needs
to be set to 1 due to this upstream issue [1]. In addition, increase the
processes for the api service to 6 to account for the reduction in threads.
[1] https://docs.openstack.org/releasenotes/nova/stein.html#known-issues
Change-Id: Iebf78d24c57a069eabced1bf35051cbae5014902
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/nova/nova.conf] to
resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Add metadata to enabled_apis as that is the default upstream
- Switch to user resource for managing shell for nova user
- Switch to libvirtd instead of libvirt-bin for Ubuntu service name
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/706157
Change-Id: I7e03fb9dace6e288a3b21f33106245b30b52ce9d
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Fix resource ordering in placement_api
- Improve ChefSpec tests
- Add missing placement_api RHEL tests
- Fix issues with chain file and cipher suite in in wsgi template
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib404ab6bfcae3340fd7f0f924539ca6c445b55cf
This uses edit_resource to add a notification in the nova-api,
nova-api-metadata and nova-placement-api apache configurations when one
of them gets updated. This is a workaround due to the fact we are using
a version of the apache2 cookbook that is still using definitions and
cannot add notifications with definitions.
This is intended to ensure we only restart apache when the configuration
is updated. Otherwise, the old behaviour was to restart apache on every
run which is problematic in production environments. I have been using
this in our production wrapper cookbook for the past year or so without
any issue.
This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.
Also amend the Berksfile to point to the new opendev.org location.
Change-Id: I55e6ea4124017e0f44f92f6a2fb01baad5a27555
Signed-off-by: Lance Albertson <lance@osuosl.org>
If apache is (re)starting while the chef-client installs the
nova-placement-api package, it may pick up the vanilla apache2 conf file
before chef-client gets around to fixing it which may result in apache2
failing due to a non-working configuration.
This changeset eliminates the race by creating a valid configuration
before installing the software. The solution is based on the assumption
that no reasonably configured package manager will overwrite an
existing, user-created configuration file.
backport: queens
Change-Id: Id9f1d165411fc5b3cc73b29a36840cf4dc63d81b
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that. In addition, comment out endpoint type until this PR [1] gets
merged and released.
[1] https://github.com/fog/fog-openstack/pull/494
Depends-On: https://review.opendev.org/666176
Change-Id: I99dceff452695302865d267ca4cd5e8aa094ead5
Signed-off-by: Lance Albertson <lance@osuosl.org>
This patch replaces nova.conf.erb with openstack-service.conf.erb from
the openstack-common cookbook.
Besides removing some redundancy, it also makes nova.conf more readable
(due to a fix to openstack-service.conf.erb that never made it to
nova.conf.erb).
backport: queens pike
Change-Id: I07aeb7617ca152f66ec239cef4bcbef642c66bf7
Without www_authenticate_uri set, nova logs contain warnings:
WARNING keystonemiddleware.auth_token
Configuring www_authenticate_uri to point to the public identity
endpoint is required; clients may not be able to authenticate
against an admin endpoint
backport: queens
Change-Id: I0ff8202455b576227b882670c7254487b5e11f25
Replace the hardcoded bloated template with a variant of our standard
template that only includes the values that are really needed.
This will allow deployments to override the default values and for
example deploy libvirtd with TLS authentication according to [0].
[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0007
Change-Id: Ib7b305670f525bbf975ec33ed070e2d960347ef4
* removed all unused attributes
* removed vmware specific configuration option that can be set in a
wrapper cookbook (and was not maintained for quite some time)
* removed caseswitch for nova user and group since we currently only
support debian and rhel
* moved all libvirtd related config options to specific attribute file
in preparation for further refactoring
Change-Id: I42a0bbcd03a570b9d6d24ba32ed2cafacc33ec76
* The nova-placement-api package creates a "nova-placement-api.conf" in
apache2 sites-available, which currently leads to two conflicting
configurations (our "placement-api.conf" and the one from the package
"nova-placement-api.conf"). With this change the
"nova-placement-api.conf" will be replaced with our version of it.
Change-Id: I8ee7f190a6d73cace60a5fcd6b58d6b4e0288a95
We need to use the proper db_uri() result here, like we do for the
database connection options in nova.conf, otherwise things will fail in
a multinode setup.
Change-Id: I70d27eb4456c9e8b322c05649254624d4be4c5e5
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the users
the role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).
We add the domain_name attribute that creates the nova and placement
users in the desired domain. Note that this change needs a sufficiently
recent openstackclient cookbook -- otherwise the domain_name attribute
is ignored (which does not matter as long as the users are to be created
in the Default domain).
Change-Id: I333da4d0d93c8a0065c6c1001b5ebed8cd6eab5c
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).
Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.
Change-Id: I559ffa40c37f8e073a8e7fcb5186f2270e5ccd72
- Added basic cellv2 recipe, as it is required from Ocata on
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
- Removed ancient Gemfile
Change-Id: I97b453fc419bfbf01679dadf39a256b1f0f99859
- nova-cert is deprecated and causes build failures if attempts to
utilize it are made.
- nova-placement-api package is prefixed with openstack- in RDO.
Change-Id: Iea2070467503f9a434e927e2580ef2b4135e98f7
The placement-api has been added by nova for the Newton cycle, it has
become mandatory for Ocata.
It is deployed as a wsgi app similar to what we have for keystone and
gnocchi already.
Change-Id: I1d1f1cc7046cb30a91894a0c884bc861d7f3dd95
The docker-setup receive has been unmaintained and untested for some
time now. The nova-docker project is also being removed from
OpenStack [1] and people are advised to look at deploying Zun as
a replacement.
This also avoids having to rewrite this receipe in order to remove the
use of the deprecated python cookbook.
[1] https://review.openstack.org/430232
Change-Id: Ia8c9db272c6a0353130fc93d446b385fd72ac250
Partial-Bug: 1558538
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- added needed keystone_authtoken attributes + neutron
- updated readme
Change-Id: I84f850f32f25a318c3ed3c7337a0dfa6f641a5fe
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
The default backend for oslo_cache is dogpile.cache.null, so we need to
explicitly specify the proper backend that we want to use.
Related-Bug: 1572062
Change-Id: I8942f872c072f263959ac8790df7f7eedc9599e2