Commit Graph

46 Commits

Author SHA1 Message Date
Ghanshyam Mann e06f50cb06 Retire Tripleo: remove repo content
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I73df79a8698625815ea4e3099904da448a49887e
2024-02-24 11:42:30 -08:00
Rajesh Tailor c4890a2b00 Fix typos in parameter descriptions, comments and tests
Change-Id: I75b17e41aff3a63b618b6cada01f225f93a4ff4f
2022-09-17 11:34:15 +05:30
Takashi Kajinami 7e36cf4913 Nova: Replace hiera by lookup
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].

[1] https://puppet.com/docs/puppet/7/hiera_automatic.html

With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.

example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])

Change-Id: Ib25279ec008373245eacb3478d6edb74a5cf9063
2022-05-27 15:58:46 +00:00
Takashi Kajinami c127941d8f Format [oslo_cache] memcache_server when IPv6 is used
When Memcached uses IPv6 network, python-memcached requires that each
server name is formatted as is described in the following example.
 inet6:[<host>]:<port>

This change ensures the format is properly applied according to
the IP protocol version and cache backend used.

Note that the parameter in keystone was not properly formatted even
when IPs are used to set the parameter. This change fixes that and
ensure the parameter is properly configured.

Also, this change fixes the timing to apply any2array. The function
should be applied before we check the first memcache server by [0],
otherwise the logic to detect IPv6 address does not work as intended.

Closes-Bug: #1964824
Change-Id: I22f8fc7f59b4eeac10c3a274c36daeaa1861fd69
2022-03-15 12:15:41 +00:00
Takashi Kajinami e9d96dcec3 Replace deprecated ip functions
The ip functions in puppetlabs-stdlib are deprecated since 4.13.0[1]
and should be replaced.

Also, this change removes the is_ip_addresses method, because now
the method is used only with the String variables and can be replaced.

[1] 6d185bdaa1

Change-Id: I28f1a718e2d24d5de6cbe40e1b1a68b1072f3f07
2021-08-08 03:57:45 +09:00
Grzegorz Grasza 49921d57f5 Set memcached server list from memcached_node_names
This follows other clustered services (like RabbitMQ) and
uses *_node_names (which contain FQDNs), instead of *_node_ips.

Certificate for Memcached TLS is also created using FQDN.
Because of this, validation failed when using pymemcache.
This patch fixes this issue.

Closes-Bug: #1929574
Change-Id: I9d0ddcc88098a5b891829192f1ce656842d0aa15
2021-07-13 11:31:34 +09:00
Takashi Kajinami 6691c97e36 nova: include nova::cinder in more common place
... because the cinder_catalog_info parameter, which is used by api
and compute, have been migrated from nova to nova::cinder[1].

[1] 72103db985d00b3289b8b936956166f20ef8f3d0

Change-Id: Ic90e3eb0898d9c8317fb994db4275be2db0bc679
2021-04-21 22:34:30 +09:00
Takashi Kajinami 2752896548 Include the nova::glance class in more common place
... because some parameters of this class are supposed to be used in
both nova-api and nova-compute.

Depends-on: https://review.opendev.org/770684
Change-Id: I0c5700cb5123f81e88da9cbaeafca40525cfd6d8
2021-03-15 21:54:07 +09:00
Grzegorz Grasza f460e659ba Add ability to specify memcached port
The port defaults to hiera('memcached_authtoken_port', 11211)
for authtoken middleware and hiera('memcached_port', 11211)
for other uses. Different ports might be set for security
and performance tuning.

Change-Id: I567d6b2cd66d5eb98971cd54987c1fbea3c1da78
2021-01-05 16:32:30 +01:00
Takashi Kajinami e2ea1206c8 Accept missing memcached_node_ips
Currently when Memcached is disabled in the deployment, puppet-tripleo
fails because some manifests expect that memcached_node_ips is defined
in hieradata.

This patch ensures that we define the default value ([]) for
memcached_node_ips, so that puppet-tripleo doesn't fail even if
the parameter doesn't appear in heradata.

Change-Id: I6d3e32f7f8f0751bdfbd0b6f2e79c5d85e1af284
2020-05-02 15:51:17 +00:00
Alex Schultz a566d6b9b8 Add check for bootstrap_node for downcase
Downcase in puppet 6.14 throws an error if the input to it is Undef. We
can avoid this by checking for a value before trying to downcase.

See context https://review.rdoproject.org/r/#/c/26297/

Change-Id: Ib2e97060523a4198a14949a15c9171b56928699c
2020-04-07 14:51:41 -06:00
Takashi Kajinami baf5ab640e Define nova::cache parameters in tht
Migrate parameter definitions for nova::cache module from
puppet-tripleo to tht, so that we can be less dependent on puppet
to set configurable items.

Depends-on: https://review.opendev.org/#/c/716988/
Change-Id: I796196f7a6e0f1235ac269a55e64161613018b1d
2020-04-04 09:48:15 +09:00
Takashi Kajinami 8d4ea840bf Use dogpile.cache.memcached in nova caching
According to the latest keystone configuration help,
dogpile.cache.memcached is more recommended option in TripleO
deployment than oslo_cache.memcache_pool, because it uses httpd+wsgi
to run apis and has less than 100 threaded servers.

This patch replaces backend used in nova caching, and also introduces
the new parameter tripleo::profile::base::nova::cache_backend so that
operators can use another backend if they want.

Change-Id: I36c0c474fb5e665392c1fb8d93dc3949ab6e8b67
2020-03-28 20:52:09 +09:00
Tobias Urdin 1523a4b804 Convert all class usage to relative names
Change-Id: Ib2ed745b682cf12f9469a5a64451adcabec400af
2019-12-08 23:23:25 +01:00
Takashi Kajinami 4e3c36139a Enable service token in nova and cinder
This patch enables service token feature in nova and cinder, which
can be used to avoid problems in inter-component request caused by
token expiration for long running tasks.

Depends-on: https://review.opendev.org/#/c/666467/
Depends-on: https://review.opendev.org/#/c/666471/
Depends-on: https://review.opendev.org/#/c/666746/
Change-Id: Ia9cab3080a6e0ef7433fa0be19b98f8e63bae587
2019-07-12 16:51:45 +09:00
Oliver Walsh 035de7493d cell_v2 multi-cell
- move nova dbsync from nova-api to nova-conductor
  - nova db is more tightly coupled to conductor/computes
  - we don't have a nova-api services on a CellController
  - super-conductor on Controller will sync cell0 db
- when additional cell
  - duplicate service node name hiera for transport_urls on cell stack
  - nova -> oslo_messaging_rpc_cell_node_names
  - neutron agent -> oslo_messaging_rpc_node_names
  - rabbit -> rabbit nodes are cell controllers

bp tripleo-multicell-basic

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: I79c1080605611c5c7748a28d2afcc9c7275a2e5d
2019-02-05 09:53:50 +01:00
Michele Baldessari a63ce4aef8 Allow disabling nova::cache
This is useful for test/debugging purposes only.
It is quite useful to skip the memcache layer in certain situations,
so let's allow to override it via a hiera key, while we clearly
state it as a not support configuration.

Change-Id: I9963b2ac5aa46568e31df0fce58c90c797876d79
2019-01-23 10:25:36 +01:00
Alex Schultz 3ec92d3efc Add explicit logging class inclusion
These have been dropped from some of the puppet classes by default. We
still need to include them so our debug logging works.

Change-Id: I4e65219d9669fdd16b2663b7239354330ffbae38
2018-12-17 14:49:44 -07:00
Steven Hardy 9cde9139c4 Replace bootstrap_nodeid with SERVICE_short_bootstrap_node_name
This solves the problem that bootstrap_nodeid, which is set to the
first node in each role via t-h-t, can match potentially more than
one node - e.g in the event that a service is deployed such that it
spans more than one role.

The SERVICE_short_bootstrap_node_name is automatically generated
based on the composable service template service_name, and this
considers all roles where the service is enabled, e.g it should
only evaluate true once regardles off the roles where the service
is enabled.

Change-Id: I48ec4549552910f3cb8db960b0ff10a6c61b4bb9
Partial-Bug: #1792613
2018-10-12 10:14:48 +00:00
Andrew Smith c04557fba4 Support separate oslo.messaging services for RPC and Notifications
This commit introduces separate oslo.messaging services in place of
a single rabbitmq server. This enables the separation of rpc and
notifications, the continued use of single rabbitmq server as well
as the use of alternative oslo.messaging drivers/backends.

This patch:
* adds oslo_messaging_* hiera parameters
* update rabbitmq and qdrourterd services
* add release note

Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Depends-On: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: Ie181a92731e254b7f613ad25fee6cc37e985c315
2018-03-20 12:55:02 -04:00
Andrew Smith 79ccad4b8d Support both rabbitmq and oslo.messaging service nodes
This commit selects either the rabbitmq hosts or the
hosts associated to oslo.messaging rpc and notify services.
This is required for the transition of t-h-t to the use
of the separated oslo.messaging service backends.

This patch:
*select rpc and notify hosts from rabbitmq or oslo_messaging
*modify qdrouterd inter-router link port
*update qdr unit spec
*add release note

Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I154e2fe6f66b296b9b643627d57696e5178e1815
2018-03-16 18:16:42 -04:00
Steven Hardy 6462e2e3c3 Remove dependency on memcached_node_ips_v6
This is set via all_nodes_config in t-h-t, but it's a special case for
this service, so it'll be better if we handle the ipv6 transformation
in puppet instead of relying on the service specific list mangling in
t-h-t (one aspect of which has been identified as a potential performance
problem).

Related-Bug: #1684272
Change-Id: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
2017-07-13 09:17:54 +01:00
Oliver Walsh 6140d801f1 Refactor nova migration config into client & target profiles
The nova migration config has always been applied by the base::nova profile.
It assumed that libvirtd/nova-compute and are all running on the
same host.
Where this config didn't apply (e.g a nova api host) it was disabled by a flag.

This approach is not compatible with containers. Hieradata for all containers
are combined so per-host flags no longer work, and we can no longer assume
libvirtd and nova-compute run in the same context.

This change refactors the profiles out of the base nova profile and into
a client profile and a target profile that can be included where appropriate.

Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12
Implements: blueprint tripleo-cold-migration
2017-07-03 14:34:08 +01:00
Steve Baker 94f13e6608 Ensure hiera step value is an integer
The step is typically set with the hieradata setting an integer value:

  {"step": 1}

However it would be useful for the value to be a string so that
substitutions are possible, for example:

  {"step": "%{::step}"}

This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))

This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:

    find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"

Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
2017-06-14 14:31:52 +12:00
Oliver Walsh 05e696c62d Handle duplicate/invalid entries in migration SSH inbound addresses
An error (e.g a typo) in a custom tripleo-heat-templates environment
file could lead to an invalid match block in /etc/ssh/sshd_config.
SSH fails-safe and refuses all logins in this case.

This change validates the migration_ssh_localaddrs parameter is an
array of IP addresses and removes and duplicate entries.

Change-Id: Ibcf144d960fe52f0eab0d5015bd30cf7c1e37e25
Closes-Bug: #1688308
2017-05-05 12:40:59 +01:00
Oliver Walsh fe8edab1f4 Disable SSH login for nova_migration user when migration over ssh is disabled.
If migration over ssh is enabled, and then later disabled, the ssh config
for the nova_migration user remains intact. This change clobbers the migration
SSH key to disable login when it is not necessary.

Change-Id: Icc6d5d4f4671b3525a731d334ca6fa7c5419dac3
Closes-Bug: #1688321
2017-05-05 12:36:05 +01:00
Oliver Walsh f8ca94a5b7 Restrict nova migration ssh tunnel
This change enhances the security of the migration ssh tunnel:
- The ssh authorized_keys file is only writeable by root.
- Creates a new user for migration instead of using root/nova.
- Disables SSH forwarding for this user.
- Optionally restricts the networks that this user can connect from.
- Uses an ssh wrapper command to whitelist the commands that this user can run
  over ssh.

Requires the openstack-nova-migration package from
https://review.rdoproject.org/r/6327

bp tripleo-cold-migration

Change-Id: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
2017-05-03 20:20:01 +00:00
Oliver Walsh ccbcd11276 Configure migration SSH tunnel
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.

Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-04-03 09:12:55 +01:00
Carlos Camacho 9282075728 Remove todo comment
We can remove the sprintf todo comment (Already fixed).

Change-Id: I407cbf015ccd23a28ee01a669d397479277b4fd3
2017-02-26 21:45:20 +01:00
Carlos Camacho d0e69f73c1 Remove the string cast for using transport_url
os_transport_url was updated to allow receiving
a string or an integer as parameter.

Fixes the workarounds in puppet-tripleo

Change-Id: I50993514048bf96b5a42b3425a7d6f98778fe694
Depends-On: I9e56f8e2de542b20fe9e6995506cff5bb435e220
2017-02-22 10:39:44 +01:00
Andrew Smith e1a1a5cbed Use rpc and notify transport_url for oslo_messaging backends
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.

This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata

Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40

Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
2017-02-17 10:08:38 -05:00
Emilien Macchi 9b12ee02f8 nova: move placement credentials config at step 3
nova placement credentials in nova.conf need to be configured at step 3
so Nova services can use them as soon as they start.

Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
2017-02-13 15:22:52 +00:00
Emilien Macchi 0ea2d528ce Move nova::placement to common nova manifest
nova::placement needs to be declared on more than placement api node,
because credentials are used by different services (at least
nova-compute now).
This patch moves the class to base/nova.pp, at the same step.
So compute nodes will have the credentials and will be able to use
Placement API on multinode environments.

Change-Id: Iada8e9fcccec7dbfe7ac0ec0f9ec6eac1581290e
2017-01-20 00:12:53 +00:00
Alex Schultz 079468f97a Rspec tests for nova profiles
This change fixes the hiera calls in the base nova profile to use the
parameter rather than continue to call hiera. Additionally this change
includes basic test coverage for the various nova profiles.

Change-Id: If393606eeb3c39ed3a2655bd89c5c276a9cf106e
2017-01-09 14:39:41 -07:00
Dan Prince 7af9ff39e9 Move nova cells db sync into nova-api profile
Having the db_sync code live in the mysql profile causes
coupling that doesn't work unless your MySQL server has the
latest Nova packages installed. This may not work for some
baremetal setups (where an isolated database exists) or
with containers where the MySQL container definately doesn't
have nova packages installed.

Moving this code into the nova-api role also matches where we
were already db syncing the normal API database so it should be
fine and safe.

Change-Id: Ib625e2ac9c8d6bd1d335c58e291facc4ea5839ae
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2017-01-09 14:34:45 -07:00
Emilien Macchi fec12dfb66 nova: use transport_url for rabbitmq
Configure Nova with new Oslo Messaging parameters for RabbitMQ.

Note: parameters are renamed to be standard, so it will help a future
transition to another backend in TripleO.

Change-Id: Ia67a4dbe5b2bd12c45308a5581f96d0457b8e018
2016-12-23 14:55:50 +01:00
Juan Antonio Osorio Robles 91597fc569 Use FQDNs for the services' RabbitMQ configuration
This replaces the services' IP-based RabbitMQ configuration and uses
FQDNs instead.

Change-Id: I2be81aecacf50839a029533247981f5edf59cb7f
2016-11-28 15:45:03 +02:00
Brent Eagles 274156e5ba Add proper handling of IPv6 addresses for rabbit host/port handling
This patch changes the rabbit_hosts config generation to work properly
with IPv6 addresses.

Closes-Bug: #1639881
Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
2016-11-08 01:51:27 -03:30
Brent Eagles 597194a419 Add port to rabbitmq node ip list
We use the rabbit_hosts configuration for most of our services but we
haven't been adding the configured port. This patch appends the IP port
used provided to the service's heat template to the IPs in the list.

Note: while we could use the value set for the rabbitmq server in
rabbitmq::port, it doesn't allow for dealing with SSL. This also is also
backwards compatible with the RabbitClientPort parameters used in the
heat templates.

Change-Id: I0000f039144a6b0e98c0a148dc69324f60db3d8b
Closes-Bug: #1633580
2016-10-17 14:31:15 -02:30
Steven Hardy e5f0042e47 Make service profiles default to rabbitmq_node_ips
Instead of hard-coded yaml aliases in t-h-t, make each service
profile that requires rabbit default to the list of rabbit ips.

Note this could still be extended in future to e.g enable per
service rabbit clusters, but the default is to lookup the
hiera which should be logically equivalent to current t-h-t.

Change-Id: Ie53c93456529420588eb1927703ea91b54095d87
Partially-Implements: blueprint custom-roles
2016-09-02 00:26:04 +00:00
Steven Hardy 0b9e06561b Align hiera keys with service names
These hiera keys aren't aligned with the service names, which
will be required for composable generation of the ip lists
per service.

Change-Id: I423b544df174254ac511b906b0c570e701678022
Depends-On: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6
Partially-Implements: blueprint custom-roles
2016-08-11 11:12:36 +01:00
Carlos Camacho 689d80e971 Fix parameters and headers inconsistency in the puppet manifests.
As we are staring to manually check overcloud services
the first step is to check that the puppet profiles
are all aligned.

Changes applied:

  No logic added or removed in this submission.

  Removed unused parameters.

  Align header comments structure.

  All profiles parameters sorted following:
  "Mandatory params first sorted alphabetically
  then optional params sorted alphabetically."

Note: Following submissions will check pacemaker,
cinder, mistral and redis services in the base profiles
as some of them has the $pacemaker_master parameter
defaulted to true.

Change-Id: I2f91c3f6baa33f74b5625789eec83233179a9655
2016-08-08 22:44:01 +02:00
Emilien Macchi 0ef28cef1f profile/base/nova: declare nova class and configure cache correctly.
Nova {} workaround is not working correctly, we need to merge this patch
so we can move out ::nova from THT completely.

Also we need to use nova::cache to configure memcached parameters.

Co-Authorized-By: Giulio Fidente <gfidente@redhat.com>
Co-Authorized-By: Sven Anderson <sven@redhat.com>
Co-Authorized-By: Emilien Macchi <emilien@redhat.com>

Depends-On: I52d5badb9960124bb8fcb54983db2853c4185e77
Depends-On: I3e400a5f64b85f0d374fc02cc5e4080d19d0f2e4
Depends-On: Iee5f8015cbf40ca0e9a435a7de919ebdb74cf93f

Change-Id: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2
2016-07-27 19:33:53 +00:00
Emilien Macchi 5a0d590ef0 nova: manage migration bits in a composable way
Allow to enable/disable migration bits from a single place, and select
which services are running on a node.
The use case here is to allow container deployements where libvirt &
nova-compute are separated.
Also support collocation for backward compatibility.

Change-Id: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302
2016-06-29 20:02:18 +00:00
Emilien Macchi b1080692cd Import ::nova class from THT
Import ::nova class with memcached parameter computed from Hiera, that
was previously in THT, now in nova-base role.

Use step 3 for ::nova since we need it for database resources.

Also make sure nova base profile is included for conductor role and any
nova pacemaker role.

Change-Id: I45244861082edae616f2b82334e7678cefa97bc7
Implements: blueprint refactor-puppet-manifests
2016-06-09 22:03:40 -04:00
Emilien Macchi ae25581f40 Implement Nova base profile
This patch implements the base for Nova profiles.
It's a first iteration to deploy Nova using composable roles.

Implements: blueprint refactor-puppet-manifests
Change-Id: I8253e4b61484047948e222e68408e417d2787fb7
2016-06-04 03:43:12 +00:00