Commit Graph

551 Commits

Author SHA1 Message Date
Ghanshyam Mann 7372103182 Retire openstack-chef: remove repo content
OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I4561c6eefef05c672a4f6cb9d15b1a5a29e81110
2024-02-18 05:01:47 +00:00
Lance Albertson dd5a46c6dd CentOS 8 support
- Update package names
- Migrate to using apache2_mod_wsgi resource and require apache2 ~> 8.6
- Don't add --listen to libvirtd on EL8
- Update ChefSpec

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/815148
Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-network/+/815172
Change-Id: I2e66b923b91d763ea7f484421dbdad883d9117a3
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-22 16:34:14 -07:00
Marek Szuba d15e1572ab Configure SPICE consoles
There is now a recipe - not really a new one, it's "vncproxy" with some
attributes renamed - which handles the relevant packages and services
(Debian names confirmed to have been valid at least since Jessie,
Ubuntu and RHEL ones based on existing convention + review comments).
Furthermore, nova.conf is now populated with required enpoint information
- with hopefully sane default values of relevant attributes.
Finally, the attribute node['openstack']['compute']['console_type']
can be used to enable the desired console type; it defaults to 'vnc'
in accordance with default Nova configuration.

Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I0996daddda6d21633930ba73e174f99775a9e0c9
2021-10-14 22:47:24 +00:00
Lance Albertson 3e101784a9 Chef 17 support
- Remove bind from Berksfile
- Update copyright years
- Require Chef >= 16.0

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/814052
Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-network/+/814057
Change-Id: I84867a131b54d63f3d057c40a1e8ac4b4697c368
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-14 12:45:38 -07:00
Marek Szuba c5e91ee0b9 nova-common: add memcached config keys for keystonemiddleware
Modern versions of OpenStack (confirmed under Rocky and Victoria)
have two separate keys for specifying memcached servers to use - one
for Nova itself (which the cookbook already handled) and one for the
Keystone middleware (which it did not). As a result, with only the former
set Nova keeps on complaining in the logs (at least under Rocky) about
still using in-process token cache.

Signed-off-by: Marek Szuba <marek.szuba@cern.ch>
Change-Id: I7930048a55a26e66c1dd041245ae5b23794eada1
2021-07-15 20:24:37 +00:00
Jens Harbott a581a52dd6 Add a service_user section to nova.conf
This is needed in order to prevent long-running actions like
live-migration from failing if the user provided token expires
in the meantime. [0],[1]

[0] https://docs.openstack.org/nova/train/admin/live-migration-usage.html#addressing-migration-timeouts
[1] https://docs.openstack.org/nova/train/admin/support-compute.html#user-token-timeout

Change-Id: I00e3a6ac974b73b56b49fadc7751f1c0aaf292ac
2021-05-03 12:52:35 +02:00
Lance Albertson af47ea6ef5 Cookstyle 6.19.5 fixes
Update ChefSpec due to changes made in apache2 cookbook.

Depends-On: https://review.opendev.org/756168
Change-Id: I3ec792c519650b2d95a976ad50419a9b417a3514
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-10-05 17:26:51 -07:00
Lance Albertson d645ef3f5e Chef 16 fixes
Depends-On: https://review.opendev.org/747602
Depends-On: https://review.opendev.org/747557
Change-Id: I73514e34628dbf61a35f6e0ad19191cdeb2b6451
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-08-27 17:36:20 -07:00
Roger Luethi 5747451dcb Restart apache only where appropriate
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.

backport: stein

Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
2020-08-04 11:18:13 +00:00
Lance Albertson 6c69ce58b1 Updates for Train
The major change in this release is that the placement-api code base has been
removed from nova and put into it's own project called placement [1]. Users who
are coming from Stein will need to follow the upgrade guide [2] to properly
upgrade to the new service.

All attributes related to placement-api have been moved into their own files
including configuration file attributes for placement.conf.

Added:
- Template to manage /etc/placement/placement.conf
- Include openstack-compute::_nova_cell recipe to nova-setup so that the db
  migrations happen properly

Changed:
- Update release to train
- Migrated from nova-placement-api to placement-api [1]

Fixed:
- Cookstyle & ChefSpec
- Ordering of db syncs which was causing issues for Train
- Set default['openstack']['compute']['syslog']['use'] to false by default
- Various comments

Removed:
- Removed references to nova-consoleauth which has been removed upstream [3]
- Removed references to xvpvnc which was removed upstream
- Unused .rubocop.yml and .rubocop_todo.yml

[1] https://docs.openstack.org/releasenotes/placement/train.html
[2] https://docs.openstack.org/placement/latest/admin/upgrade-to-stein.html
[3] https://docs.openstack.org/releasenotes/nova/train.html#prelude

Change-Id: I996bcd2f63a080e10fadf0c7adf9a0ddcb0b5c7a
Depends-On: https://review.opendev.org/731859
Depends-On: https://review.opendev.org/731860
Depends-On: https://review.opendev.org/731861
2020-06-09 10:09:15 -07:00
Lance Albertson 50be0465fe Set threads=1 for api wsgi
This adds some attributes for adjusting the thread counts for each wsgi
application. By default we use 10 threads, however for the api service, it needs
to be set to 1 due to this upstream issue [1]. In addition, increase the
processes for the api service to 6 to account for the reduction in threads.

[1] https://docs.openstack.org/releasenotes/nova/stein.html#known-issues

Change-Id: Iebf78d24c57a069eabced1bf35051cbae5014902
2020-04-09 12:23:41 -07:00
Lance Albertson 2961ebabee Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/nova/nova.conf] to
  resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Add metadata to enabled_apis as that is the default upstream
- Switch to user resource for managing shell for nova user
- Switch to libvirtd instead of libvirt-bin for Ubuntu service name

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/706157
Change-Id: I7e03fb9dace6e288a3b21f33106245b30b52ce9d
2020-03-19 12:36:40 -07:00
Lance Albertson 868900d090 Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Additional fixes:
- Install mod_wsgi as a package on RHEL since there is no built-in
  resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
  with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
  by Chef now automatically.
- Fix resource ordering in placement_api
- Improve ChefSpec tests
- Add missing placement_api RHEL tests
- Fix issues with chain file and cipher suite in in wsgi template
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib404ab6bfcae3340fd7f0f924539ca6c445b55cf
2020-01-30 11:22:19 -08:00
Lance Albertson 82c5b9a243 Properly notify apache restarts on configuration updates
This uses edit_resource to add a notification in the nova-api,
nova-api-metadata and nova-placement-api apache configurations when one
of them gets updated. This is a workaround due to the fact we are using
a version of the apache2 cookbook that is still using definitions and
cannot add notifications with definitions.

This is intended to ensure we only restart apache when the configuration
is updated. Otherwise, the old behaviour was to restart apache on every
run which is problematic in production environments. I have been using
this in our production wrapper cookbook for the past year or so without
any issue.

This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.

Also amend the Berksfile to point to the new opendev.org location.

Change-Id: I55e6ea4124017e0f44f92f6a2fb01baad5a27555
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-08-20 12:47:08 +00:00
Roger Luethi ff074af903 placement_api: create valid apache config before installing package
If apache is (re)starting while the chef-client installs the
nova-placement-api package, it may pick up the vanilla apache2 conf file
before chef-client gets around to fixing it which may result in apache2
failing due to a non-working configuration.

This changeset eliminates the race by creating a valid configuration
before installing the software. The solution is based on the assumption
that no reasonably configured package manager will overwrite an
existing, user-created configuration file.

backport: queens

Change-Id: Id9f1d165411fc5b3cc73b29a36840cf4dc63d81b
2019-07-25 09:29:09 +02:00
Lance Albertson 5d469d044e Fixes to support fog-openstack-1.x
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that.  In addition, comment out endpoint type until this PR [1] gets
merged and released.

[1] https://github.com/fog/fog-openstack/pull/494

Depends-On: https://review.opendev.org/666176
Change-Id: I99dceff452695302865d267ca4cd5e8aa094ead5
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-07-03 16:04:19 -07:00
Jens Harbott 9fb22fbbed Drop admin endpoints
The admin endpoints offer no special functionality, users may talk to
the public endpoints instead. The only historic use case has been the
keystone v2 admin endpoint, but with keystone v3 API, even that is no
longer needed.

[0]
https://opendev.org/openstack/openstack-chef-specs/src/branch/master/specs/ocata/all/drop-admin-endpoints.rst

Depends-On: https://review.openstack.org/652050
Change-Id: I8bee6f671187324cfecd820510d2a6d56f26ca77
2019-04-16 09:37:38 +00:00
Zuul c987bedd01 Merge "Rename attributes: vncserver_* -> server_*" 2018-10-05 09:04:40 +00:00
Zuul b0cc7a69d5 Merge "Add www_authenticate_uri to keystone_authtoken" 2018-10-05 08:59:33 +00:00
Roger Luethi 55b58702fa Make nova.conf more readable
This patch replaces nova.conf.erb with openstack-service.conf.erb from
the openstack-common cookbook.

Besides removing some redundancy, it also makes nova.conf more readable
(due to a fix to openstack-service.conf.erb that never made it to
nova.conf.erb).

backport: queens pike

Change-Id: I07aeb7617ca152f66ec239cef4bcbef642c66bf7
2018-10-02 17:19:43 +02:00
Roger Luethi 6d78224bdb Rename attributes: vncserver_* -> server_*
Source:
* openstack/nova git repo:
  conf: Rename two VNC options
  Change-Id: Ic05c2c8364e015f6878b0bc25449216624568ad5
  commit e5a03e3c54d57aa29bd8154c9eddf7ee52c6c3b5

Change-Id: I3953195b1f8c7f166b89c7ea7ce7994bcd3c0461
2018-10-02 17:10:26 +02:00
Roger Luethi 7053785ecf Add www_authenticate_uri to keystone_authtoken
Without www_authenticate_uri set, nova logs contain warnings:

WARNING keystonemiddleware.auth_token
        Configuring www_authenticate_uri to point to the public identity
        endpoint is required; clients may not be able to authenticate
        against an admin endpoint

backport: queens

Change-Id: I0ff8202455b576227b882670c7254487b5e11f25
2018-10-02 17:03:39 +02:00
Samuel Cassiba f922173a34 starting rocky development patch
Change-Id: Ic08b45c18b8593c7302dc0977158b8d4e9d58b5a
2018-08-03 23:01:12 -07:00
Samuel Cassiba 79b76424f3 Use internal identity endpoint for services
Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1
Change-Id: Ibce1f2d4796e44941df4b7256de786e49a7386cc
2018-07-16 12:38:42 -07:00
Samuel Cassiba 4992010231 Convert Nova APIs to WSGI services
To be consistent with the install guide[1], the Nova services should be
deployed as WSGI services.

[1] https://docs.openstack.org/nova/queens/install/controller-install-ubuntu.html

Change-Id: I49a767724e744f98d7f008411755c063f96a4c9d
2018-06-26 13:54:13 +00:00
Samuel Cassiba 3a4c7f6b6f Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ife7bb6d09eafd137c6858f6ae18d4d34508928a6
Implements: blueprint simplify-identity-endpoint
2018-06-14 19:17:02 -07:00
Jens Harbott ad3d1c3c65 Refactor libvirtd.conf creation
Replace the hardcoded bloated template with a variant of our standard
template that only includes the values that are really needed.

This will allow deployments to override the default values and for
example deploy libvirtd with TLS authentication according to [0].

[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0007

Change-Id: Ib7b305670f525bbf975ec33ed070e2d960347ef4
2018-04-23 12:35:19 +00:00
Zuul 2c1e4d9822 Merge "cleanup attribute leftovers that are not used anymore" 2018-04-23 10:02:11 +00:00
Jan Klare 8ed820e319
fix libvirtd service naming and env file for debian
Change-Id: I6a69e3ad43936d032ac252d8a6c9a1d2bc78bfbd
2018-04-16 15:14:02 +02:00
Jan Klare ad88dc2a78
cleanup attribute leftovers that are not used anymore
* removed all unused attributes
* removed vmware specific configuration option that can be set in a
wrapper cookbook (and was not maintained for quite some time)
* removed caseswitch for nova user and group since we currently only
support debian and rhel
* moved all libvirtd related config options to specific attribute file
in preparation for further refactoring

Change-Id: I42a0bbcd03a570b9d6d24ba32ed2cafacc33ec76
2018-04-16 15:09:22 +02:00
Jan Klare 2434b03f7d
remove all ceph related attributes,recipes,specs and the cookbook dependency
Change-Id: I24f9976ed57a90cb7062ed990e758fd9707d04b4
2018-04-05 16:38:31 +02:00
Zuul c8e1159e59 Merge "compute refactor for Pike and Chef 13" 2017-12-22 21:34:47 +00:00
Jan Klare 1033a5f7e7 rename web_app placement-api to nova-placement-api to align with package
* The nova-placement-api package creates a "nova-placement-api.conf" in
apache2 sites-available, which currently leads to two conflicting
configurations (our "placement-api.conf" and the one from the package
"nova-placement-api.conf"). With this change the
"nova-placement-api.conf" will be replaced with our version of it.

Change-Id: I8ee7f190a6d73cace60a5fcd6b58d6b4e0288a95
2017-12-13 10:26:04 +00:00
Samuel Cassiba 859fc5df20 compute refactor for Pike and Chef 13
- implemented foodcritic and cookstyle corrections
- deprecated node.foo.bar method access for node['foo']['bar'] bracket access
- parameterize run directory for apache2

Implements blueprint modern-chef

Change-Id: I6cf4cd67a96c7d353c4871db02be42ebdc9c1528
2017-12-10 20:02:43 -08:00
Jens Harbott b1f166b674 Fix creation of cell0
We need to use the proper db_uri() result here, like we do for the
database connection options in nova.conf, otherwise things will fail in
a multinode setup.

Change-Id: I70d27eb4456c9e8b322c05649254624d4be4c5e5
2017-11-30 06:55:07 +00:00
Roger Luethi d82d6a9f7c Remove domain role from nova, placement service users
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the users
the role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the nova and placement
users in the desired domain. Note that this change needs a sufficiently
recent openstackclient cookbook -- otherwise the domain_name attribute
is ignored (which does not matter as long as the users are to be created
in the Default domain).

Change-Id: I333da4d0d93c8a0065c6c1001b5ebed8cd6eab5c
2017-11-13 15:09:39 +00:00
Roger Luethi cb414a9655 Remove superfluous role_name arguments
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).

Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.

Change-Id: I559ffa40c37f8e073a8e7fcb5186f2270e5ccd72
2017-11-13 15:59:02 +01:00
Samuel Cassiba cbe2ef6647 Initial compute Pike updates
- Switched the default linter to cookstyle
- Deprecated config settings for Pike
- Normalized template comment

Depends-On: I7a67ba2520b8e44efec6edd8506f96b0e0dc913b
Change-Id: I7abd4194bb7f322764309cad514040c1f5feca00
2017-09-25 16:57:08 +00:00
Samuel Cassiba 012902ad92 Added cellv2 support
- Added basic cellv2 recipe, as it is required from Ocata on
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
- Removed ancient Gemfile

Change-Id: I97b453fc419bfbf01679dadf39a256b1f0f99859
2017-08-10 17:35:07 -04:00
Samuel Cassiba 814f027230 Deprecated nova-cert, fixups for Ocata
- nova-cert is deprecated and causes build failures if attempts to
  utilize it are made.
- nova-placement-api package is prefixed with openstack- in RDO.

Change-Id: Iea2070467503f9a434e927e2580ef2b4135e98f7
2017-04-14 06:44:07 -07:00
Jens Rosenboom dc339a859d Add recipe to deploy Compute service placement-api
The placement-api has been added by nova for the Newton cycle, it has
become mandatory for Ocata.

It is deployed as a wsgi app similar to what we have for keystone and
gnocchi already.

Change-Id: I1d1f1cc7046cb30a91894a0c884bc861d7f3dd95
2017-03-06 14:34:37 +00:00
Jens Rosenboom ced5be5512 Remove docker-setup receipe
The docker-setup receive has been unmaintained and untested for some
time now. The nova-docker project is also being removed from
OpenStack [1] and people are advised to look at deploying Zun as
a replacement.

This also avoids having to rewrite this receipe in order to remove the
use of the deprecated python cookbook.

[1] https://review.openstack.org/430232

Change-Id: Ia8c9db272c6a0353130fc93d446b385fd72ac250
Partial-Bug: 1558538
2017-02-09 15:06:49 +01:00
Christoph Albers 61fc649dd9 RPC_backend / transport_url workover
- removed deprecated rabbitmq attributes
- added rabbit_transport_url

Change-Id: Iaf33e8f5ae97ee0c07cfccf67d32d0e05f48e5bb
2016-12-20 11:45:34 +00:00
Samuel Cassiba 5261813e40 Deprecated python-novaclient
- deleted client.rb
- deprecated python-novaclient references
- removed neutron packages

Implements blueprint newton-xenial

Change-Id: I8ff0dcad66ab937f18faf82e6af0cc626dfff15a
2016-12-20 08:40:40 +00:00
Christoph Albers e0441b5322 use_cookbook-openstackclient/identity_v3
- Now use cookbook-openstackclient to create endpoints role service and
  user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- added needed keystone_authtoken attributes + neutron
- updated readme

Change-Id: I84f850f32f25a318c3ed3c7337a0dfa6f641a5fe
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
2016-09-30 11:37:41 +02:00
Jenkins 174533e46c Merge "update the README after refactoring and align it with other cookbooks" 2016-04-28 20:54:39 +00:00
Jan Klare 97497a1d00 update the README after refactoring and align it with other cookbooks
* also removed the empty default recipe

Change-Id: Id6e3750f9ae78178ecf4e4370ac6b6b3dbc599c6
2016-04-28 15:01:33 -05:00
Jens Rosenboom 3239a17ce9 Also set the cache backend when using memcached
The default backend for oslo_cache is dogpile.cache.null, so we need to
explicitly specify the proper backend that we want to use.

Related-Bug: 1572062
Change-Id: I8942f872c072f263959ac8790df7f7eedc9599e2
2016-04-19 13:26:13 +02:00
Jenkins 2aec9921b7 Merge "Remove api-ec2 recipe" 2016-04-11 08:23:53 +00:00
Jens Rosenboom e7b8e5b6dc Cleanup options deprecated for mitaka
Some options have been deprecated for Mitaka, replace them with the new
variants.

Change-Id: If4c7ec0348384ba149e18bd865db8d9b2a544555
2016-04-05 15:18:41 +02:00