The ceilometer_collector_enabled key is never set, thus the resource
has never been used actually.
Change-Id: Id5f5afddbaf6fffec43900dbbe12e3c85969ba7b
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: I4d765dfb7d569942e37d2bbc1d3a382fb9b7a904
This change removes ineffective systemd drop-in for mysql.service.
That systemd service has been unused since all services were
containerized.
Change-Id: Ie5ddbebed8d619678d0a31dbddfb9d7e0f576977
This change fixes the lint errors detected since we removed pins of
lint packages.
Note that this change also replaces absolute name used to call
the tripleo::stunnel::service_proxy resource type, which is not yet
detected by the latest lint rules.
Closes-Bug: #1928079
Change-Id: I12ba801db92cb3df1d05f14f4c150ac765f0b874
Following the change in tripleo-heat-templates, this change removes
all implementation to support the Veritas HyperScale Driver, since
the driver itself has been removed from cinder.
Depends-on: https://review.opendev.org/787587
Change-Id: I4131fcd5bb39dc09527f17b5d149fe18be3f2fd5
Recent mariadb (e.g. 10.3.27) added more DDL checks such as table
create/alter checks and table size checks which conflict with the
schema of a few OpenStack services after a FFU has upgraded the
database without changing the row format in use.
Since no data seems to be impacted, as an immediate measure,
force the innodb_strict_mode to OFF to ensure that all the db_sync
operations can succeed, until we come up with a permanent fix.
Closes-Bug: #1908232
Change-Id: I046dbbb0ffca935119c36d301c2ab7dba469de9c
This MySQL / MariaDB server value was changed
from the value 1 to 2 between MariaDB 10.1 and 10.2 [1]. The
result of this change is that any database connection which is
not gracefully closed results in a log message
"Got an error reading communication packets" in the MySQL server
log, which is misleading as it does not usually refer to any
actionable issue; real connectivity issues are always seen in
application logs and most of these messages in the server
logs are likely to be false positives due to the behavior of HAProxy.
While applications can reduce the occurence of this error by
ensuring that database connections are gracefully closed, this
is already the behavior of oslo.db and SQLAlchemy which maintains
a connection pool that closes out stale connections explicitly
when requests are made.
The majority of these warnings are likely the result of normal HAProxy
operation, where the settings "timeout client" and "timeout server"
are set to 90 minutes, such that any connection older than this
time will be non-gracefully closed by the proxy, generating
the warning. An idle application server process will not have attended
to connections that are older than the timeout period,
leading to these connections being left for HAProxy to handle;
HAProxy's timeout behavior leading to this message in the logs has been
confirmed in local experimentation.
The application server itself is never exposed to this as upon
the start of work will always recycle any connection that is older
than its own timeout, which defaults to 60 minutes for applications
using oslo.config + oslo.db. Without HAProxy having the capability
to close out these connections using MySQL's protocol, the messages
are unavoidable.
The message will also occur anytime an Openstack process is stopped
or killed for all connections that are pooled in that process.
The correct way to diagnose if an application is having connectivity
issues is to look in the application server log itself for error
messages and stack traces that have much more detail as to the context
that produced a particular error message. This warning is also
known to occur when an application server is not able to respond
to packets quickly enough as has been observed with services
such as Cinder where eventlet monkeypatching causes the PyMySQL
client to be blocked; however when this occurs, there is an
informative stack trace and error message in the application logs
that shows what's going on.
As this particular warning message is not useful in that most
occurences will refer to normal behavior as designed, the
log level should be forced to "1" to prevent these messages
as they are causing confusion in downstream environments.
[1] https://mariadb.com/kb/en/upgrading-from-mariadb-101-to-mariadb-102/#incompatible-changes-between-101-and-102
Change-Id: I0efb4f77aaceda635c8983d6b7a240171a7accdc
Sahara support in TripleO will be removed, thus we can drop all
implementation related to it from puppet-tripleo.
Depends-on: https://review.opendev.org/#/c/734119/
Change-Id: Iab22e4d98e74ff05fbc1acbb4ee0bb19df2a7233
Function mysql_password is deprecated and has been removed
in recent puppetlabs-mysql [1]. It has been replaced with
the equivalent, namespaced function mysql::password. Use it
instead.
[1] 5a70627674
Change-Id: I405a986f78f865d89b54dffea17e84d75c068ed7
Closes-Bug: #1878153
... because Panko support has already been removed from
tripleo-heat-templates.
Depends-on: https://review.opendev.org/#/c/680493/
Change-Id: I3ef5c1433691dd31b619e0fdbd5ec433a181ec03
Downcase in puppet 6.14 throws an error if the input to it is Undef. We
can avoid this by checking for a value before trying to downcase.
See context https://review.rdoproject.org/r/#/c/26297/
Change-Id: Ib2e97060523a4198a14949a15c9171b56928699c
Cleaning up the puppet tacker code since we're removing the service
definitions.
Change-Id: Iee2e75c1afd836b08132823ffe26cccdd6ef0002
Depends-On: https://review.opendev.org/#/c/682463/
Related-Bug: #1714270
Along the same lines of https://review.opendev.org/#/c/603996/.
This commits expoxes one more knob to the operators, allowing them
to tweak the value of innodb_lock_wait_timeout (default = 50).
From upstream docs:
~~~
Time in seconds that an InnoDB transaction waits for an InnoDB
row lock (not table lock) before giving up with the error
ERROR 1205 (HY000): Lock wait timeout exceeded; try restarting transaction.
When this occurs, the statement (not transaction) is rolled back.
~~~
As for the other parameters it defaults to 'undef' so to keep the
default value of 50.
Change-Id: Ic2e1666ad39762caf9bf68272fdb00ee42658bb8
This initial change duplicates the existing Nova Placement parameters
and classes with extracted versions to avoid disrupting CI during the
switch.
Change-Id: Ieb5b6586bfcdcf4fe5aef7338ee17f7c9e55b607
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.
The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.
This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].
[1] https://review.openstack.org/#/c/568929/
Change-Id: Iee8c082b5e4dcb7b035faa56a2182718947ad495
- move nova dbsync from nova-api to nova-conductor
- nova db is more tightly coupled to conductor/computes
- we don't have a nova-api services on a CellController
- super-conductor on Controller will sync cell0 db
- when additional cell
- duplicate service node name hiera for transport_urls on cell stack
- nova -> oslo_messaging_rpc_cell_node_names
- neutron agent -> oslo_messaging_rpc_node_names
- rabbit -> rabbit nodes are cell controllers
bp tripleo-multicell-basic
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Change-Id: I79c1080605611c5c7748a28d2afcc9c7275a2e5d
MongoDB hasn't been supported since Pike, it's time to remove the
deployment files. Starting in Stein, it's not possible to deploy MongoDB
anymore. It already changes the default zaqar management_store to
sqlalchemy and the zaqar messaging_store to redis, which is already
set by TripleO Heat Templates.
Change-Id: I470a7e8c25293b2f2cb5420be124a8809481478a
This solves the problem that bootstrap_nodeid, which is set to the
first node in each role via t-h-t, can match potentially more than
one node - e.g in the event that a service is deployed such that it
spans more than one role.
The SERVICE_short_bootstrap_node_name is automatically generated
based on the composable service template service_name, and this
considers all roles where the service is enabled, e.g it should
only evaluate true once regardles off the roles where the service
is enabled.
Change-Id: I48ec4549552910f3cb8db960b0ff10a6c61b4bb9
Partial-Bug: #1792613
This introduces additional mariadb tuning options, namely:
- innodb_log_file_size:
Configure the size in bytes of each log file in a log group.
Generally, the combined size of the log files should be large enough
that the server can smooth out peaks and troughs in workload activity,
which often means that there is enough redo log space to handle more
than an hour of write activity.
The larger the value, the less checkpoint flush activity is required
in the buffer pool, saving disk I/O.
- innodb_flush_method
Defines the method used to flush data to InnoDB data files and log files,
which can affect I/O throughput. If innodb_flush_method is set to NULL
on a Unix-like system, the fsync option is used by default.
The innodb_flush_method options for Unix-like systems include:
- fsync: InnoDB uses the fsync() system call to flush the data and log files.
- O_DSYNC: InnoDB uses O_SYNC to open and flush the log files,
and fsync() to flush the data files.
- littlesync: currently unsupported. Use at your own risk.
- nosync: currently unsupported. Use at your own risk.
- O_DIRECT: InnoDB uses O_DIRECT to open the data files,
and uses fsync() to flush both the data and log files.
- table_open_cache
The number of open tables for all threads. Increasing this value
increases the number of file descriptors that mysqld requires.
You can check whether you need to increase the table cache by checking the
Opened_tables status variable. If the value of Opened_tables is large
and you do not use FLUSH TABLES often, then you should increase the value of
the table_open_cache variable.
default value for all three is 'undef'.
Change-Id: Idcb1c5b4b7556ed9e26319305f3b6b0d00369ef8
This added the "tripleo::<service name>::mysql_user" interface, which
allows folks to create databases, users and grants via hieradata instead
of having to modify puppet-tripleo.
Change-Id: I975d64c73e314159db0f6c1ada14a26491a46d1a
We cannot disable a specific protocol when using SSL in mysql, so in order to
enforce TLS1.1 or greater, we disallow all ciphers provided by SSLv2 SSLv3 and
TLS1.0.
Galera group communication cannot be configured with a list of available
ciphers, so configure gcomm to use AES128-SHA256, which seems to be the closest
from the default AES128-SHA.
Inherit the cipher list settings for the rsync SST.
Change-Id: Ib3625020e60665f91b9009e7f06b9b25a6970a9b
The zaqar service name switched to zaqar-api[1], so the hieradata key
is zaqar_api_enabled now instead of zaqar_enabled.
[1] I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1714213
Change-Id: I692658337e7afc9d0a99b245f8b0b4f76a076bc4
This makes sure that the database creation is only executed on the mysql
profile (or container if that's enabled), and stops the conflicts and
errors that were happening when barbican was deployed in containerized
environments.
Change-Id: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Closes-Bug: #1710928
Adds a hiera-enabled setting for mysql.pp to
allow configuration of innodb_buffer_pool_size, a key
configurational element for MySQL performance tuning.
Change-Id: Iabdcb6f76510becb98cba35c95db550ffce44ff3
Closes-bug: #1704978
Add new hook in the keystone profile for Veritas HyperScale.
Add new hook in the rabbitmq profile for Veritas HyperScale.
Add new hook in the mysql profile for Veritas HyperScale.
Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
Adds the ability to create an empty MySQL database for Zaqar
if zaqar is enabled and settings for the mysql backend are
also available in hiera. This should allow Zaqar's database to
get created when needed, but skipped if MongoDB is used
instead (per overcloud defaults).
Change-Id: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
This forces the MySQL users to use SSL when connecting to MySQL.
bp tls-via-certmonger
Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0
Change-Id: I98856955132b680a159144204da1d5b400fe9794
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
Systemd starts mariadb as user mysql, so in order to allow a large
number of connections (e.g. max_connections=4096) it is necessary to
raise the file descriptor limit via a system drop-in file.
When installing an undercloud, such drop-in file is currently
generated by instack-undercloud (in file puppet-stack-config.pp). But
non-HA overcloud also need such drop-in to be generated.
In order to avoid duplicating code, the drop-in creation code should
be provided by puppet-tripleo. By default, no drop-in is generated;
it has to be enabled by instack-undercloud or tripleo-heat-template
once they will use it (resp. to create undercloud or non-HA overcloud).
This patch does not aim at generating a dynamic file limit based on
the number of connections, this should land in another dedicated
patch. Instead, it just reuses the limit currently set for undercloud
and HA-overclouds.
Also, the generation of the drop-in does not force a mysql restart
like it currently does in instack-undercloud, to avoid unexpected
service disruption on a non-HA overcloud after a minor update.
Co-Authored-By: Tim Rozet <trozet@redhat.com>
Depends-On: I7ca7b5f7614971455cae2bf7c4bf8264b642b0dc
Change-Id: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Partial-Bug: #1648181
Related-Bug: #1524809
This includes a new ironic-inspector profile, and updates
to the mysql and keystone profiles so that a database
and endpoints are also created when the inspector
is enabled.
Change-Id: I4a71a95efb87a10528df0600277768969a32117b