As heat is placed behind the proxy we need to enable
proxy headers parsing, so heat is aware about
protocol used to connect to endpoint.
Change-Id: I52e49ab9d866891a81d3c08b82c50c8addd34786
Closes-Bug: #1668227
We misconfigured local cache for services with change
https://review.openstack.org/#/q/Id1034e22d79c3ea6b25575d9bcf8e8750a02365d
Thus, it becomes extremely slow when a controller is down.
With this commit we revert things back to normal with local memcached
for all openstack services leaving keystone memcached shared for tokens
(this was thoroughly tested previously)
Change-Id: I8f6bbf77d27f3d8976985241deb8a948984862f5
Closes-bug: #1657727
Messaging rabbit-* parameters are deprecated in upstream, so
this patch switches all main components to usage of transport_url
Change-Id: I042f68ac1aeb14234898711a25eaebe0836cbb90
Partial-Bug: #1477967
These patches https://review.openstack.org/#/q/topic:old_authtoken
are removing old puppet authtoken parameters and now we need to use
parameters from keystone::authtoken class in each affected module
Closes-Bug: #1640083
Partial-Bug: #1390099
Change-Id: Ife3ed88237ce735b2a068415b1e57fca93498dcd
* Fixes for the openstack tasks and openstack
modules.
* Fixes for fuel tasks.
* Fixes for openstack modules
* Noop tests fixes.
Puppet4 support: common spec
Remove dynamic nova-compute service lookup because the performance
impact of it was too high. Now this value is being statically
chosen by the OS family name.
Puppet4 support: cobbler
* Fix duplicate declarations of systemd services
* upstream dns servers should be an array
Puppet4 support: rsyslog
Fix duplicate rsyslog service
between haproxy and logging tasks
Add tests to ensure that service is present
Puppet4 support: ntp
Fix ntp service duplicate declaration
Puppet4 support: horizon
Fix forgotten include of nova::params
Puppet4 support: apache
Fix broken containment and ordering
Puppet4 support: mysql
Remove duplicate declaration of the access file
Puppet4 support: keystone
user_admin_role should be array
Puppet4 support: openstack controller
Add forgotten include of nova::params
Puppet4 support: server_config
* Check for both undef and empty string value for mtu
* tunel_id_ranges should be array
Puppet4 support: rabbitmq
Add forgotten vhost name variable
Puppet4 support: tools
Rewrite badly writtent spec file variables.
Related-Bug: 1586480
Change-Id: Ia9b474a7076365c0fcad2b55c65e8305477a4647
* Set reauthentication_auth_method = trusts only when Radosgw is not used
* Update YAQL expression for heat
Change-Id: I4f5d8b0bfabfb7a8b8a47cecb3c00a69698c7bf3
Closes-Bug: 1611031
Now we use default values of haertbeat related parameters, and
we need to have an ability to override them using Hiera.
Change-Id: I6d5d26657883aff0f1ff8d3faa1176ff6a8eb220
Closes-Bug: #1576320
Closes-Bug: #1573592
This change updates where we calculate the memcache server information
to the globals hiera data and updates all the openstack services to
use the heira memcached_servers key for consistency. Additionally all
api services have been updated to configure the memcached servers for
the keystone_authtoken middleware configuration to improve the
responsiveness of the service.
Change-Id: Id1034e22d79c3ea6b25575d9bcf8e8750a02365d
Closes-Bug: #1597512
Heat parameters heat_metadata_server_url, heat_waitcondition_server_url,
heat_watch_server_url require to be set with proper protocol and address
in case of usage SSL.
Change-Id: I7baa7b44db4237347ddadccb4537e0080ef62322
Closes-bug: #1582283
Heat-engine service doesn't require pacemaker
control since Fuel 7.0. This patch removes
pacemaker usage by default, but still gives
an ability to enable it (only for "N"-release).
Closes-bug: #1570297
Change-Id: Ibfe4a610c1196834aeede786cbcfa9521d1bec40
* RUN annotation caused duplication for tasks in the old folder
* RUN should only be used if you need non-standard run configuration
* With ROLE annotation there's no need to update all the tests
when you add new astute.yaml fixture for existing role
* Fix manifest variable in broken tests
Change-Id: I7a1c98bdb51590d8d80cee387de35d5581cf1da2
Partial-bug: #1535339
- Update yaml-to-rspec assignments to match with a new set of
fixtures
- Fix errors in rspec tests to make the work properly with up to
date fixtures
Integration tests are disabled because this patch affects noop
rspec tests only.
Fuel-CI: disable
Partial-bug: #1535339
Change-Id: I02a289d2d206a1f4ac3c829503bbae582717cae1
Use custom mappings (#RUN notation) of noop fixtures
for noop integration tests.
Iteration 2: recover mappings as it before the regression
and map all for the tasks w/o mappings.
Closes-bug: #1561890
Change-Id: I6ca3363ea4b2fae1ec73d61122caef6764ba79d1
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Add posibility to set kombu_compression in OpenStack config files.
This option is disabled by default but its value can be overridden
from hiera. Also some checks were added to prevent from duplication
errors which can come from puppet-openstack patches similar to
https://review.openstack.org/#/c/292309/
Closes-bug: #1546554
Change-Id: I1a835f97c23073d3a450dd58decee2876bee53c9
This uplifts the openstack::heat directly into the calling task.
Closes-bug: #1544179
Change-Id: Id3a39e0c75832e64c2f60664c0ffc0acfa7c0ec3
Blueprint: fuel-remove-conflict-openstack
Fix some outdated noop rspec tests to match with the current
manifests.
Change-Id: I4bf4bc583fba96a5f0b109cf9e74bd82d3fa1bfe
Fuel-CI: disable
Partial-bug: #1535339
* Use external noop tests library and fixtures
* Corrections and fixes for the spec library to make it work
Partial blueprint: deployment-data-dryrun
Fuel-CI: disable
Change-Id: Ie8d1f80bbee04b9bacb43ba4fa39a423624a8301
This change updates the heat task to be idempotent. In order to do this,
we have changed the wait_for_heat_config exec to be refresh only and is
now only triggered if configuration changes are done. Additionally this
change cleans up the pacemaker integration for heat and moves it into
the cluster module. With the addition to the cluster module, unit tests
have been added to the new cluster::heat_engine class.
The resources that were always being executed prior to this change:
- Cs_resource[p_heat-engine]
- Exec[wait_for_heat_config]
Change-Id: Ie0f7137206f2733259bff7b0c2c86fb1634add76
Related-Blueprint: granular-task-idempotency
This commit introduces a couple of classes and a function
to allow a user to specify for which load balancing checkers
to wait.
Change-Id: I9548ae440111fb0c2356ccb897318d30a8e264ff
Related-bug: #1533279
This change leverages the os_database_connection function from
openstacklib to generate the connection strings for our services. As
part of this change, we are moving the database connection string
generation to the osnailyfacter modular tasks and updating the
openstack classes to consume a connection string rather than the
seperate host, user, password, database name and database type.
Additionally as part of this change, we are updating the mysql
connection strings to only include read_time=60 if debian based packages
are used. This is due to the fact that python-pymysql, which is used by
Ubuntu packages, does not support the read_timeout option as part of the
connection string.
Change-Id: I45c51a05ba7cf9648b0202cc3c2216d185bd7eda
Closes-Bug: #1526938
Related-Blueprint: deploy-with-uca-packages
Caching will provide better perfomance with work of huge Sahara clusters
on big deployments.
This feature was merged in the middle of stable liberty development.
Change-Id: I0ddb4422d0f5894c4226c9e19106fc7de110906d
Closes-bug: #1534510
This change updates the heat modular task to only attempt to install the
heat docker packages when using a package set that provides a standalone
package. Currently only the RedHat and Debian based package sets provide
a seperate package. The UCA packages do not provide the heat docker
templates as a separate package.
Change-Id: If66f928f8afdebd3eedad1da9ac9e5c1e23c2101
Related-Blueprint: deploy-with-uca-packages
Add new hiera configuration key 'external_lb'. If it's set to
true then we should not configure Haproxy LB on controllers and
also we should switch 'haproxy_backend_status' to 'http' provider.
We calculate 'external_lb' during 'globals.pp' task - if we have
no VIPs with 'haproxy' namespace, then it's set to 'true'.
It does not change the default deployment scheme.
Also fixing minor issue with default provider for
'haproxy_backend_status' type.
Closes-bug: #1522749
Change-Id: I5539d04d577465bd410494a6c0b7caff18857878
Add new config option reauthentication_auth_plugin for enforce usage
of trusts_auth_plugin for making authenticated requests, when
Sahara is enabled.
Change-Id: I244edf767b3167ac1ff8e25bdc8c304da342b836
Closes-bug: #1529246
We should run db sync only on primary controllers. Currently
upstream modules have posibility to specify should we run
db sync or don't.
Change-Id: If061c0f1b2706ec4fd88966b8620e5586d98b0b8
Closes-bug: #1330875
Heat-engine package is heat-docker dependency,
so if installation of heat-docker package is performed before
heat-engine installation it leads to autostart of heat-engine package
(in that moment override file isn't exist yet, because it will be
triggered directly before evaluation of heat-engine package resource).
As a result, the heat-engine service is run without any configuration.
To fix that we need to sеt heat-engine package installation strictly
before heat-docker package.
Change-Id: I5420e64e3ab6b2ca0305f5f41eb722e3ead42b25
Closes-bug: #1520610
Add second-level hash for TLS support. If user mixing this hash into his
astute.yaml, values from it will be taken to TLS-related tasks instead
of ones from UI.
Hash to use looks like:
use_ssl:
horizon: true
horizon_public: true
horizon_public_hostname: horizon.fuel.local
horizon_public_usercert: true
horizon_public_certdata: KeyPairStoredHere
keystone: true
keystone_public: true
keystone_public_ip: <ip of external keystone>
...
keystone_internal: true
...
keystone_admin: true
...
glance: true
glance_public: true
...
Co-Authored-By: Stanislaw Bogatkin <sbogatkin@mirantis.com>
Related to blueprint selective-ssl
Change-Id: Ic3034b3fea27a370b1f7cbd4e088f361fce96142
We should have oslo.messaging debug enabled
when OpenStack log debug is set to true.
Make default_log_levels configurable through globals.yaml.
NOTE: sahara::logging class can't be used because of
https://github.com/openstack/puppet-sahara/blob/master/manifests/init.pp#L371
It leads to duplicate declaration of this class. That's why
default_log_levels parameter for sahara::logging is configured
through globals.yaml. After new puppet modules sync with upstream
we will get the same problem for another openstack components.
It will be fixed in the way as it's done for sahara now.
Closes-bug: #1509090
Change-Id: Ia8665eaf526158760a5420e7813c7367cc457c0c
This change updates heat to use the auth_uri and identity_uri instead of
the deprecated keystone_host parameter.
Change-Id: Ie9ac86c17ceebb675b2053230668e17bdfb66f88
Closes-Bug: #1514983
Default max template size and default max JSON body size
are 524288 (0.5 MB) and 1048576 (1 MB) respectively.
The value for max template size was increased to 5440000,
so we need to set appropriate value for max JSON body size
to 10880000.
Change-Id: Ib517117681bf70667e16b98d0eb34ac277d3ed31
Closes-bug: #1486616
During creating and using one Heat template for hundreds VMs happens
timeout error, because validating and checking templates are needing
much more time in such enviroments.
Timeouts set in agreement with MOS-Scale team.
Change-Id: I2c599762625e2a1bc6d3c86a6f1bba26c24f16d0
Closes-bug: #1475274
Closes-bug: #1483833
Currently we have small default size for Heat templates and it
occurs problem for creating templates by Sahara.
Also increasing max_resources_per_stack will help to avoid problem
with exceeded request limit for maximum resources per stack.
Both values set in agreement with MOS-Scale team.
Change-Id: Id2301c1886f5b896daf87c469ed0010a68af3fc3
Related-bug: #1483833
- disable use_stderr option for all components because upstart adds to logs
all output from stderr output of its jobs
- add upstart logs to common fuel logrotate configuration file
- add noop tests
Change-Id: Ifefec5e4c8e3438229018edc7c1aaa53a3a779bd
Upstream patches: https://review.openstack.org/#/q/topic:bug/1482564,n,z
Closes-bug: #1469176
- Refactor ceilometer auth.pp. It's a part of
https://review.openstack.org/#/c/201565/ though it's required by
endpoint task separation
- Moved keystone endpoint creations to separate tasks with initial noop
tests
Misc:
- Created Unified structure in creation tasks. They are separated as
<task>/db.pp and <task>/keystone.pp
- Removed firewall.pp.dist.
- Removed database requirement in ceilometer/tasks.yaml
- Fixed notification in heat.pp
- many linting fixes
Partial blueprint: detach-components-from-controllers
Co-Authored-By: Bartłomiej Piotrowski <bpiotrowski@mirantis.com>
Co-Authored-By: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
Co-Authored-By: Matthew Mosesohn <mmosesohn@mirantis.com>
Change-Id: I61376f2bbeade23ae1d49a82f4e908be28144e78
Key moments:
* Fix lint errors
* Remove duplication of package->service dependencies
* Workoaround for MySQL module
* Fix name for heat-engine service in heat_ha class
* Remove heat_config options from osnailyfacter class
* Configure delegated roles from heat class
* Add retries to heat domain creation command
commit I2fbb97adde6743153fc81f8dba153356c382cb52
* Add retry to heat_domain_id
commit: I1630f54cdfa850a6b4dcbc9b714ebc6195de1fb0
* Update in heat_domain_id_setter
commit: I4c0df7600e10d57429eda854cd8aa6208e1c6539
* Add noop tests for new parameters
Implements: blueprint upgrade-openstack-puppet-modules
Change-Id: Ib9fa8acc54c124f8656d49accbdbbf733f2d3fd3
We can run noop tests via 'rake spec'. This will allow us to:
- Make sure that catalog compiles and there are no dependency
cycles in the graph.
- Use RSpec tests to check that needed puppet resources present
in the catalog for specific astute.yaml configuration.
In order to test just execute these commands:
export WORKSPACE=/tmp/fuel_noop_tests
mkdir -p $WORKSPACE
./utils/jenkins/fuel_noop_tests.sh
It iterates over astsute.yaml files and runs rspec tests for puppet
tasks configured in the astute.yaml for the node.
In order to run specific test and/or specific astute.yaml, you can
set appropriate env variables. For example:
export NOOP_TEST="keystone/*"
export NOOP_YAMLS="tests/noop/astute.yaml/novanet_flat.primary-controller.yaml"
./utils/jenkins/fuel_noop_tests.sh
If you also want to store puppet logs in case of errors, please set
PUPPET_LOGS_DIR env variable:
export PUPPET_LOGS_DIR=/tmp/puppet_error_logs
If you want to store all the delcarated File and Package resources,
please set NOOP_SAVE_RESOURCES_DIR env variable:
export NOOP_SAVE_RESOURCES_DIR=/tmp/puppet_resources
Related-bug: #1402738
Implement blueprint deployment-dryrun
Fuel CI temporarily disabled since this change does not affect
MOS deplyoment process, only CI itself.
Fuel-CI: disable
Change-Id: I38b23832d1e8701440aacb300256f513c466c762
Andreas Jaeger