The aodh-evaluator service requires valid tooz backend so that tasks
are distributed properly among multiple nodes. This change ensures
redis vip and password are defined in hieradata so that coordination
backend can always be configured properly.
Change-Id: I4ff71ee1a2a38c225b0d8f70c3fc757e014abdaf
This fixes default values in parameter description which do not match
the actual values or are missing.
Change-Id: I9bd4458c094c301339f7b9d45f25670f3b715bd4
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: Ie4afe07edb1166beb09af7d49bf39abacfd8c716
This reverts commit de98e1411b.
Reason for revert:
Aodh service has never been deprecated in tripleo-heat-templates.
The current warning in puppet-tripleo gives a wrong notice to users.
Deprecation should happen in a consistent manner within all TripleO
repos.
Conflicts:
manifests/profile/base/aodh/api.pp
manifests/profile/base/aodh/evaluator.pp
manifests/profile/base/aodh/listener.pp
manifests/profile/base/aodh/notifier.pp
Resolved conflicts caused by migration of class name format (from
absolute names to relative names)
Change-Id: I43eb5e96a2f15c4c49193c676acccce9c3f413c1
Service assurance framework is going to replace Aodh as alerting solution in T release.
This patch adds warning about the service removal.
Change-Id: Icef377071aaad5b58518a8a436c5821532482be2
This patch reverts the revert of Redis TLS [1], and fixes the
encryption of Redis replication traffic for HA deployments.
In order to encrypt replication traffic, Redis is configured to
drive outgoing replication traffic to a stunnel endpoint on
<localhost:port_xxx>. Stunnel then manages the encryption up to
the peer Redis master.
Likewise, slave Redis nodes advertise themselves as coming from
<localhost:port_yyy> in order to let the Master initiate connection
the Slave over its own stunnel endpoint, should it needs to.
Each redis node is assigned a unique replication port, and has
dedicated stunnels to each one of its peer. This port mapping
info is used by the redis resource agent to manage A/P failover.
The regular Redis port is unchanged, so Redis clients (OpenStack
services, HAproxy, CLI, firewall) are not impacted by this change.
Only SELinux needs to be adapted.
[1] I37501c4c983c87e3a38841272eb176ebbe626a65
Change-Id: I6cc818973fab25b4cd6f7a0d040aaa05a35c5bb1
Related-bug: #1737707
This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
Normalize coordination_url for Telemetry services, so we can deploy them
with IPv6.
Change-Id: Ic6de09acf0d36ca90cc2041c0add1bc2b4a369a5
Partial-Bug: #1629279
Depends-On: I038e2bac22e3bfa5047d2e76e23cff664546464d