The new parameter allows to toggle the apache configuration management.
This will be useful once we get [1] so that we can migrate services to
the new configuration management one by one.
[1] https://review.opendev.org/c/openstack/tripleo-ansible/+/853481
Change-Id: Id1ddbae4946e5c428d0f21ef89e20a11665a370e
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: I2030aef451bda4471cb20a6de935c3b371885889
This change makes that haproxy monitors service availability by sending
HTTP request which is responsed by healthcheck middleware, to ensure
that backend api can respond to requests.
Change-Id: Idbfe6a8e110ec24d9fe64e43d82772bb05fa00ba
The barbican::keystone::authtoken class in imported by
the barbican::authtoken class thus we don't need to include it in
the barbican::api class.
Change-Id: I6e1a144cd3e449491b61d060a3df5355a405e67a
Downcase in puppet 6.14 throws an error if the input to it is Undef. We
can avoid this by checking for a value before trying to downcase.
See context https://review.rdoproject.org/r/#/c/26297/
Change-Id: Ib2e97060523a4198a14949a15c9171b56928699c
Use memcached to cache token in barbican authtoken, as in-process
cache, which we currently use, was already deprecated[1].
[1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: I5dc9be5a9c6fff46b22064aa1f684be8e48ffa66
This solves the problem that bootstrap_nodeid, which is set to the
first node in each role via t-h-t, can match potentially more than
one node - e.g in the event that a service is deployed such that it
spans more than one role.
The SERVICE_short_bootstrap_node_name is automatically generated
based on the composable service template service_name, and this
considers all roles where the service is enabled, e.g it should
only evaluate true once regardles off the roles where the service
is enabled.
Change-Id: I48ec4549552910f3cb8db960b0ff10a6c61b4bb9
Partial-Bug: #1792613
This commit introduces separate oslo.messaging services in place of
a single rabbitmq server. This enables the separation of rpc and
notifications, the continued use of single rabbitmq server as well
as the use of alternative oslo.messaging drivers/backends.
This patch:
* adds oslo_messaging_* hiera parameters
* update rabbitmq and qdrourterd services
* add release note
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Depends-On: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: Ie181a92731e254b7f613ad25fee6cc37e985c315
This commit selects either the rabbitmq hosts or the
hosts associated to oslo.messaging rpc and notify services.
This is required for the transition of t-h-t to the use
of the separated oslo.messaging service backends.
This patch:
*select rpc and notify hosts from rabbitmq or oslo_messaging
*modify qdrouterd inter-router link port
*update qdr unit spec
*add release note
Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I154e2fe6f66b296b9b643627d57696e5178e1815
This profile has multiple purposes:
- group common httpd configurations/instructions
- correct a small issue with the "status" mod
Until now, only Horizon was specifically including this mode, and as
httpd wasn't listening on localhost, it wasn't in use at all.
With this commit, all API using apache will be able to provide the httpd
server status on 127.0.0.1/server-status.
Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f
Closes-Bug: 1724751
This introduces the ability to configure the simple crypto backend
through a general backends manifest. This manifest will gather all the
backends and enable the relevant configurations depending on whether
they're enabled via t-h-t or not.
Change-Id: I44391b91b01bc03c9773410152e117ec6bbba491
This makes sure that the database creation is only executed on the mysql
profile (or container if that's enabled), and stops the conflicts and
errors that were happening when barbican was deployed in containerized
environments.
Change-Id: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Closes-Bug: #1710928
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
Every time we call apache module regardless of using SSL we have to
configure mod_ssl from puppet-apache or we'll hit issue during package
update. File /etc/httpd/conf.d/ssl.conf from mod_ssl package contains
Listen 443 while apache::mod::ssl just configures SSL bits but does not
add Listen. If the apache::mod::ssl is not included the ssl.conf file is
removed and recreated during mod_ssl package update. This causes
conflict on port 443.
Change-Id: Ic5a0719f67d3795a9edca25284d1cf6f088073e8
Related-Bug: 1682448
Resolves: rhbz#1441977
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
os_transport_url was updated to allow receiving
a string or an integer as parameter.
Fixes the workarounds in puppet-tripleo
Change-Id: I50993514048bf96b5a42b3425a7d6f98778fe694
Depends-On: I9e56f8e2de542b20fe9e6995506cff5bb435e220
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.
This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata
Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40
Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
This optionally enables TLS for Barbican API in the internal network.
If internal TLS is enabled, each node that is serving the Barbican API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9