The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: Ib25279ec008373245eacb3478d6edb74a5cf9063
When Memcached uses IPv6 network, python-memcached requires that each
server name is formatted as is described in the following example.
inet6:[<host>]:<port>
This change ensures the format is properly applied according to
the IP protocol version and cache backend used.
Note that the parameter in keystone was not properly formatted even
when IPs are used to set the parameter. This change fixes that and
ensure the parameter is properly configured.
Also, this change fixes the timing to apply any2array. The function
should be applied before we check the first memcache server by [0],
otherwise the logic to detect IPv6 address does not work as intended.
Closes-Bug: #1964824
Change-Id: I22f8fc7f59b4eeac10c3a274c36daeaa1861fd69
The ip functions in puppetlabs-stdlib are deprecated since 4.13.0[1]
and should be replaced.
Also, this change removes the is_ip_addresses method, because now
the method is used only with the String variables and can be replaced.
[1] 6d185bdaa1
Change-Id: I28f1a718e2d24d5de6cbe40e1b1a68b1072f3f07
This follows other clustered services (like RabbitMQ) and
uses *_node_names (which contain FQDNs), instead of *_node_ips.
Certificate for Memcached TLS is also created using FQDN.
Because of this, validation failed when using pymemcache.
This patch fixes this issue.
Closes-Bug: #1929574
Change-Id: I9d0ddcc88098a5b891829192f1ce656842d0aa15
... because the cinder_catalog_info parameter, which is used by api
and compute, have been migrated from nova to nova::cinder[1].
[1] 72103db985d00b3289b8b936956166f20ef8f3d0
Change-Id: Ic90e3eb0898d9c8317fb994db4275be2db0bc679
... because some parameters of this class are supposed to be used in
both nova-api and nova-compute.
Depends-on: https://review.opendev.org/770684
Change-Id: I0c5700cb5123f81e88da9cbaeafca40525cfd6d8
The port defaults to hiera('memcached_authtoken_port', 11211)
for authtoken middleware and hiera('memcached_port', 11211)
for other uses. Different ports might be set for security
and performance tuning.
Change-Id: I567d6b2cd66d5eb98971cd54987c1fbea3c1da78
Currently when Memcached is disabled in the deployment, puppet-tripleo
fails because some manifests expect that memcached_node_ips is defined
in hieradata.
This patch ensures that we define the default value ([]) for
memcached_node_ips, so that puppet-tripleo doesn't fail even if
the parameter doesn't appear in heradata.
Change-Id: I6d3e32f7f8f0751bdfbd0b6f2e79c5d85e1af284
Downcase in puppet 6.14 throws an error if the input to it is Undef. We
can avoid this by checking for a value before trying to downcase.
See context https://review.rdoproject.org/r/#/c/26297/
Change-Id: Ib2e97060523a4198a14949a15c9171b56928699c
Migrate parameter definitions for nova::cache module from
puppet-tripleo to tht, so that we can be less dependent on puppet
to set configurable items.
Depends-on: https://review.opendev.org/#/c/716988/
Change-Id: I796196f7a6e0f1235ac269a55e64161613018b1d
According to the latest keystone configuration help,
dogpile.cache.memcached is more recommended option in TripleO
deployment than oslo_cache.memcache_pool, because it uses httpd+wsgi
to run apis and has less than 100 threaded servers.
This patch replaces backend used in nova caching, and also introduces
the new parameter tripleo::profile::base::nova::cache_backend so that
operators can use another backend if they want.
Change-Id: I36c0c474fb5e665392c1fb8d93dc3949ab6e8b67
- move nova dbsync from nova-api to nova-conductor
- nova db is more tightly coupled to conductor/computes
- we don't have a nova-api services on a CellController
- super-conductor on Controller will sync cell0 db
- when additional cell
- duplicate service node name hiera for transport_urls on cell stack
- nova -> oslo_messaging_rpc_cell_node_names
- neutron agent -> oslo_messaging_rpc_node_names
- rabbit -> rabbit nodes are cell controllers
bp tripleo-multicell-basic
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Change-Id: I79c1080605611c5c7748a28d2afcc9c7275a2e5d
This is useful for test/debugging purposes only.
It is quite useful to skip the memcache layer in certain situations,
so let's allow to override it via a hiera key, while we clearly
state it as a not support configuration.
Change-Id: I9963b2ac5aa46568e31df0fce58c90c797876d79
These have been dropped from some of the puppet classes by default. We
still need to include them so our debug logging works.
Change-Id: I4e65219d9669fdd16b2663b7239354330ffbae38
This solves the problem that bootstrap_nodeid, which is set to the
first node in each role via t-h-t, can match potentially more than
one node - e.g in the event that a service is deployed such that it
spans more than one role.
The SERVICE_short_bootstrap_node_name is automatically generated
based on the composable service template service_name, and this
considers all roles where the service is enabled, e.g it should
only evaluate true once regardles off the roles where the service
is enabled.
Change-Id: I48ec4549552910f3cb8db960b0ff10a6c61b4bb9
Partial-Bug: #1792613
This commit introduces separate oslo.messaging services in place of
a single rabbitmq server. This enables the separation of rpc and
notifications, the continued use of single rabbitmq server as well
as the use of alternative oslo.messaging drivers/backends.
This patch:
* adds oslo_messaging_* hiera parameters
* update rabbitmq and qdrourterd services
* add release note
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Depends-On: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: Ie181a92731e254b7f613ad25fee6cc37e985c315
This commit selects either the rabbitmq hosts or the
hosts associated to oslo.messaging rpc and notify services.
This is required for the transition of t-h-t to the use
of the separated oslo.messaging service backends.
This patch:
*select rpc and notify hosts from rabbitmq or oslo_messaging
*modify qdrouterd inter-router link port
*update qdr unit spec
*add release note
Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I154e2fe6f66b296b9b643627d57696e5178e1815
This is set via all_nodes_config in t-h-t, but it's a special case for
this service, so it'll be better if we handle the ipv6 transformation
in puppet instead of relying on the service specific list mangling in
t-h-t (one aspect of which has been identified as a potential performance
problem).
Related-Bug: #1684272
Change-Id: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
The nova migration config has always been applied by the base::nova profile.
It assumed that libvirtd/nova-compute and are all running on the
same host.
Where this config didn't apply (e.g a nova api host) it was disabled by a flag.
This approach is not compatible with containers. Hieradata for all containers
are combined so per-host flags no longer work, and we can no longer assume
libvirtd and nova-compute run in the same context.
This change refactors the profiles out of the base nova profile and into
a client profile and a target profile that can be included where appropriate.
Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12
Implements: blueprint tripleo-cold-migration
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
An error (e.g a typo) in a custom tripleo-heat-templates environment
file could lead to an invalid match block in /etc/ssh/sshd_config.
SSH fails-safe and refuses all logins in this case.
This change validates the migration_ssh_localaddrs parameter is an
array of IP addresses and removes and duplicate entries.
Change-Id: Ibcf144d960fe52f0eab0d5015bd30cf7c1e37e25
Closes-Bug: #1688308
If migration over ssh is enabled, and then later disabled, the ssh config
for the nova_migration user remains intact. This change clobbers the migration
SSH key to disable login when it is not necessary.
Change-Id: Icc6d5d4f4671b3525a731d334ca6fa7c5419dac3
Closes-Bug: #1688321
This change enhances the security of the migration ssh tunnel:
- The ssh authorized_keys file is only writeable by root.
- Creates a new user for migration instead of using root/nova.
- Disables SSH forwarding for this user.
- Optionally restricts the networks that this user can connect from.
- Uses an ssh wrapper command to whitelist the commands that this user can run
over ssh.
Requires the openstack-nova-migration package from
https://review.rdoproject.org/r/6327
bp tripleo-cold-migration
Change-Id: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.
Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
os_transport_url was updated to allow receiving
a string or an integer as parameter.
Fixes the workarounds in puppet-tripleo
Change-Id: I50993514048bf96b5a42b3425a7d6f98778fe694
Depends-On: I9e56f8e2de542b20fe9e6995506cff5bb435e220
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.
This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata
Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40
Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
nova placement credentials in nova.conf need to be configured at step 3
so Nova services can use them as soon as they start.
Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
nova::placement needs to be declared on more than placement api node,
because credentials are used by different services (at least
nova-compute now).
This patch moves the class to base/nova.pp, at the same step.
So compute nodes will have the credentials and will be able to use
Placement API on multinode environments.
Change-Id: Iada8e9fcccec7dbfe7ac0ec0f9ec6eac1581290e
This change fixes the hiera calls in the base nova profile to use the
parameter rather than continue to call hiera. Additionally this change
includes basic test coverage for the various nova profiles.
Change-Id: If393606eeb3c39ed3a2655bd89c5c276a9cf106e
Having the db_sync code live in the mysql profile causes
coupling that doesn't work unless your MySQL server has the
latest Nova packages installed. This may not work for some
baremetal setups (where an isolated database exists) or
with containers where the MySQL container definately doesn't
have nova packages installed.
Moving this code into the nova-api role also matches where we
were already db syncing the normal API database so it should be
fine and safe.
Change-Id: Ib625e2ac9c8d6bd1d335c58e291facc4ea5839ae
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Configure Nova with new Oslo Messaging parameters for RabbitMQ.
Note: parameters are renamed to be standard, so it will help a future
transition to another backend in TripleO.
Change-Id: Ia67a4dbe5b2bd12c45308a5581f96d0457b8e018
This patch changes the rabbit_hosts config generation to work properly
with IPv6 addresses.
Closes-Bug: #1639881
Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
We use the rabbit_hosts configuration for most of our services but we
haven't been adding the configured port. This patch appends the IP port
used provided to the service's heat template to the IPs in the list.
Note: while we could use the value set for the rabbitmq server in
rabbitmq::port, it doesn't allow for dealing with SSL. This also is also
backwards compatible with the RabbitClientPort parameters used in the
heat templates.
Change-Id: I0000f039144a6b0e98c0a148dc69324f60db3d8b
Closes-Bug: #1633580
Instead of hard-coded yaml aliases in t-h-t, make each service
profile that requires rabbit default to the list of rabbit ips.
Note this could still be extended in future to e.g enable per
service rabbit clusters, but the default is to lookup the
hiera which should be logically equivalent to current t-h-t.
Change-Id: Ie53c93456529420588eb1927703ea91b54095d87
Partially-Implements: blueprint custom-roles
These hiera keys aren't aligned with the service names, which
will be required for composable generation of the ip lists
per service.
Change-Id: I423b544df174254ac511b906b0c570e701678022
Depends-On: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6
Partially-Implements: blueprint custom-roles
As we are staring to manually check overcloud services
the first step is to check that the puppet profiles
are all aligned.
Changes applied:
No logic added or removed in this submission.
Removed unused parameters.
Align header comments structure.
All profiles parameters sorted following:
"Mandatory params first sorted alphabetically
then optional params sorted alphabetically."
Note: Following submissions will check pacemaker,
cinder, mistral and redis services in the base profiles
as some of them has the $pacemaker_master parameter
defaulted to true.
Change-Id: I2f91c3f6baa33f74b5625789eec83233179a9655
Nova {} workaround is not working correctly, we need to merge this patch
so we can move out ::nova from THT completely.
Also we need to use nova::cache to configure memcached parameters.
Co-Authorized-By: Giulio Fidente <gfidente@redhat.com>
Co-Authorized-By: Sven Anderson <sven@redhat.com>
Co-Authorized-By: Emilien Macchi <emilien@redhat.com>
Depends-On: I52d5badb9960124bb8fcb54983db2853c4185e77
Depends-On: I3e400a5f64b85f0d374fc02cc5e4080d19d0f2e4
Depends-On: Iee5f8015cbf40ca0e9a435a7de919ebdb74cf93f
Change-Id: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2
Allow to enable/disable migration bits from a single place, and select
which services are running on a node.
The use case here is to allow container deployements where libvirt &
nova-compute are separated.
Also support collocation for backward compatibility.
Change-Id: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302
Import ::nova class with memcached parameter computed from Hiera, that
was previously in THT, now in nova-base role.
Use step 3 for ::nova since we need it for database resources.
Also make sure nova base profile is included for conductor role and any
nova pacemaker role.
Change-Id: I45244861082edae616f2b82334e7678cefa97bc7
Implements: blueprint refactor-puppet-manifests
This patch implements the base for Nova profiles.
It's a first iteration to deploy Nova using composable roles.
Implements: blueprint refactor-puppet-manifests
Change-Id: I8253e4b61484047948e222e68408e417d2787fb7