openstack
/
tripleo-heat-templates
Code Issues Proposed changes
tripleo-heat-templates/puppet/services
History
Damien Ciabrini 0fbac20fd6 DB connection: prevent src address from binding to a VIP 
When a service connects to the database VIP from the node hosting this
VIP, the resulting TCP socket has a src address which is by default
bound to the VIP as well. If the VIP is failed over to another node
while the socket's Send-Q is not empty, TCP keepalive won't engage and
the service will become unavailable for a very long time (by default
more than 10m).

To prevent failover issues, DB connections should have the src address
of their TCP socket bound to the IP of the network interface used for
MySQL traffic. This is achieved by passing a new option to the
database connection URIs. This option is available starting from
PyMySQL 0.7.9-2.

We use a new intermediate variable in hiera to hold the IP to be used
as a source address for all DB connections. All services adapt their
database URI accordingly.

Moreover, a new YAML validation check is added to guarantee that new
services will construct their database URI appropriately.

Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035
Closes-Bug: #1643487
(cherry picked from commit 56ebc7e58d)
 		2017-01-09 14:14:15 +00:00
..
database DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
logging restore missing fluentd client functionality 2016-10-06 13:12:50 +00:00
monitoring Use correct type for SensuRedactVariables parameter 2016-11-28 19:39:50 +01:00
network add composable services for Contrail 2016-09-05 20:44:30 +02:00
pacemaker Include redis/mongo hiera when using pacemaker 2016-11-04 16:51:05 +00:00
time Fix NTP servers hieradata 2016-09-27 16:11:10 +02:00
README.rst Add global_config_settings to services' output 2016-08-26 11:11:47 +02:00
aodh-api.yaml Enable proxy headers parsing for Aodh 2016-10-14 08:37:10 +00:00
aodh-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
aodh-evaluator.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
aodh-listener.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
aodh-notifier.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
apache.yaml Provide for RAM-constrained environments 2016-09-21 15:14:20 +02:00
ca-certs.yaml Add deployment of CAs via hieradata 2016-08-22 18:10:26 +03:00
ceilometer-agent-central.yaml telemetry: remove coordination_url hiera settings 2016-10-03 14:50:15 +00:00
ceilometer-agent-compute.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
ceilometer-agent-notification.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
ceilometer-api.yaml Enable proxy headers parsing for Ceilometer 2016-10-14 08:37:27 +00:00
ceilometer-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
ceilometer-collector.yaml Move db::mysql into service_config_settings 2016-09-28 07:01:49 -04:00
ceilometer-expirer.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
ceph-base.yaml glance_multiple_locations when NovaEnableRbdBackend=true 2016-10-17 11:30:52 +02:00
ceph-client.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
ceph-external.yaml Do not manage overcloud repositories when using external Ceph 2016-11-16 16:35:11 +00:00
ceph-mon.yaml Enable Glance multiple locations when using Ceph 2016-10-14 08:36:31 +00:00
ceph-osd.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
ceph-rgw.yaml Configure civetweb bind socket via puppet-tripleo 2016-11-15 11:34:48 +01:00
cinder-api.yaml Move db::mysql into service_config_settings 2016-09-28 07:01:49 -04:00
cinder-backup.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
cinder-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
cinder-scheduler.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
cinder-volume.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
glance-api.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
glance-base.yaml Re-add NFS backend for Glance 2016-11-01 12:31:00 +00:00
glance-registry.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
gnocchi-api.yaml Enable proxy headers parsing for Gnocchi 2016-10-14 08:37:18 +00:00
gnocchi-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
gnocchi-metricd.yaml Add metricd workers support in gnocchi 2016-09-26 09:28:20 +02:00
gnocchi-statsd.yaml gnocchi statsd should be able to send data to port 8125 2016-11-03 12:50:24 +00:00
haproxy.yaml Enables auto-detection for VIP interfaces 2016-12-05 15:54:12 -05:00
heat-api-cfn.yaml Ensure heat-domain hiera is in nodes that contain keystone 2016-11-21 06:35:50 +00:00
heat-api-cloudwatch.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
heat-api.yaml Ensure heat-domain hiera is in nodes that contain keystone 2016-11-21 06:35:50 +00:00
heat-base.yaml Ensure heat-domain hiera is in nodes that contain keystone 2016-11-21 06:35:50 +00:00
heat-engine.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
horizon.yaml Merge "Remove repeated apache-related hieradata" 2016-09-02 12:19:45 +00:00
ironic-api.yaml Move db::mysql into service_config_settings 2016-09-28 07:01:49 -04:00
ironic-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
ironic-conductor.yaml Ironic: update default enabled drivers 2016-09-04 17:48:17 +02:00
keepalived.yaml Enables auto-detection for VIP interfaces 2016-12-05 15:54:12 -05:00
kernel.yaml Defaults kernel.pid_max to 1048576 2016-11-09 14:59:23 +01:00
keystone.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
manila-api.yaml Add firewall rules for manila api service 2016-11-10 13:04:53 +00:00
manila-backend-cephfs.yaml Set proper ceph config path for manila 2016-10-06 10:55:44 +00:00
manila-backend-generic.yaml Add NetApp Manila driver integration and tidy up generic 2016-09-13 14:28:43 +03:00
manila-backend-netapp.yaml Add NetApp Manila driver integration and tidy up generic 2016-09-13 14:28:43 +03:00
manila-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
manila-scheduler.yaml Move db settings from manila-api to manila-base 2016-11-07 08:58:08 -05:00
manila-share.yaml Move db settings from manila-api to manila-base 2016-11-07 08:58:08 -05:00
memcached.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
neutron-api.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
neutron-base.yaml Move trunk service plugin to the proper list 2016-10-16 19:20:03 -02:30
neutron-compute-plugin-midonet.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
neutron-compute-plugin-nuage.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
neutron-compute-plugin-opencontrail.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
neutron-compute-plugin-ovn.yaml OVN heat templates 2016-09-01 16:06:38 -04:00
neutron-compute-plugin-plumgrid.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
neutron-dhcp.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
neutron-l3-compute-dvr.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
neutron-l3.yaml Enable firewalling by default on compute nodes 2016-10-06 17:21:26 -04:00
neutron-metadata.yaml Neutron metadata agent worker count fix 2016-09-22 12:46:37 -02:30
neutron-midonet.yaml Availability monitoring agents support 2016-08-31 09:22:59 -04:00
neutron-ovs-agent.yaml Enable firewalling by default on compute nodes 2016-10-06 17:21:26 -04:00
neutron-ovs-dpdk-agent.yaml Modify the constraint to allow single quote for DPDK core list param 2016-10-18 07:10:13 -04:00
neutron-plugin-ml2-ovn.yaml OVN heat templates 2016-09-01 16:06:38 -04:00
neutron-plugin-ml2.yaml Move trunk service plugin to the proper list 2016-10-16 19:20:03 -02:30
neutron-plugin-nuage.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
neutron-plugin-opencontrail.yaml Fix api_extensions_path in neutron-opencontrail environment 2016-10-18 17:01:44 +00:00
neutron-plugin-plumgrid.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
neutron-sriov-agent.yaml Add base neutron service configuration 2016-09-07 15:28:11 +05:30
nova-api.yaml nova: add missing vnc console port in firewall 2016-11-05 09:02:20 -04:00
nova-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
nova-compute.yaml Merge "Set VNC URL parameters for nova-compute" 2016-09-19 15:57:19 +00:00
nova-conductor.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
nova-consoleauth.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
nova-ironic.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
nova-libvirt.yaml nova: add missing vnc console port in firewall 2016-11-05 09:02:20 -04:00
nova-metadata.yaml Add nova-metadata template 2016-09-20 13:25:53 +03:00
nova-scheduler.yaml Change nova ram_allocation_ratio to match puppet-nova 2016-11-07 15:20:50 +00:00
nova-vnc-proxy.yaml nova: add missing vnc console port in firewall 2016-11-05 09:02:20 -04:00
opendaylight-api.yaml Fixes incorrect reference to OpendaylightApiNetwork 2016-11-10 18:22:02 +00:00
opendaylight-ovs.yaml Fixes missing OVS Firewall config with OpenDaylight 2016-11-14 14:44:44 +00:00
pacemaker.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
rabbitmq.yaml Balance Rabbitmq Queue Master Location on queue declaration with min-masters strategy 2016-10-03 12:54:38 +00:00
sahara-api.yaml Move db::mysql into service_config_settings 2016-09-28 07:01:49 -04:00
sahara-base.yaml DB connection: prevent src address from binding to a VIP 2017-01-09 14:14:15 +00:00
sahara-engine.yaml Add fluentd client service 2016-09-17 01:31:12 +00:00
services.yaml restore missing fluentd client functionality 2016-10-06 13:12:50 +00:00
snmp.yaml Move snmp settings into composable services 2016-09-02 07:14:05 -04:00
swift-base.yaml Move Swift hiera settings into composable services 2016-08-25 20:27:11 -04:00
swift-proxy.yaml set url_base option in static web middleware 2016-11-09 11:50:57 -05:00
swift-ringbuilder.yaml Add option to disable "d1" Swift device 2016-11-04 13:26:00 +00:00
swift-storage.yaml Fix usage of SwiftRawDisks 2016-10-26 16:37:08 +00:00
tripleo-firewall.yaml Re-enable ManageFirewall by default. 2016-10-06 20:40:11 +00:00
tripleo-packages.yaml Add DefaultPasswords to composable services 2016-08-18 12:45:30 -04:00
vip-hosts.yaml Generate VIP info for ctlplane VIP, not management 2016-09-09 08:43:24 +03:00

README.rst

services

A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.

Input Parameters

Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.

Config Settings

Each service may define a config_settings output variable which returns Hiera settings to be configured.

Steps

Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.

  • config_settings: Custom hiera settings for this service.

  • global_config_settings: Additional hiera settings distributed to all roles.

  • step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.

    Steps correlate to the following:

    1. Load Balancer configuration
    2. Core Services (Database/Rabbit/NTP/etc.)
    3. Early Openstack Service setup (Ringbuilder, etc.)
    4. General OpenStack Services
    5. Service activation (Pacemaker)
    6. Fencing (Pacemaker)

Note: Not all roles currently support all steps:

  • ObjectStorage role only supports steps 2, 3 and 4