Cinder needs to send notifications to nova when attached volumes
are being extended. By default, cinder uses the client context
for this, but nova requires admin privileges for this. So we
configure cinder to use the nova service user instead. See
also [0].
[0] https://bugs.launchpad.net/openstack-ansible/+bug/1902914
Change-Id: Ib4c6820dd15ecfa3e3763c188e0a2cc322ecea55
Update ChefSpec due to changes made in apache2 cookbook.
Depends-On: https://review.opendev.org/756168
Change-Id: Ie849f5bae082e94581146793f964d0e001a7c8c8
Signed-off-by: Lance Albertson <lance@osuosl.org>
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Enable sensitive resources for the template[/etc/cinder/cinder.conf]
and to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/706157
Change-Id: I73948a67e798477cfe7d3cf62474d0ea96f90db2
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Other changes:
- Remove selinux for depends as it's not being referenced anywhere in
the cookbook
- Included more ChefSpec tests for api recipe
- Update WSGI template
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: I289091f54750dd5068e98fd4f4853880f4b72c6c
This uses edit_resource to add a notification in the block storage
apache configuration when it gets updated. This is a workaround due to
the fact we are using a version of the apache2 cookbook that is still
using definitions and cannot add notifications with definitions.
This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.
Change-Id: I7efddef83333ca0794ee3c298ca1a2488defe941
Signed-off-by: Lance Albertson <lance@osuosl.org>
The Chef Style Guide[1] does not recommend using hyphens for
cookbook or resource names. To maintain consistency, we should follow
best practices.
[1]: https://docs.chef.io/ruby.html#use-of-hyphens
Depends-On: Ic2b6d8f1cdf719791faaebdbd7e29e789eb3f31c
Change-Id: Ib8c788f69e9545b2d7121199590e3795f2212c7f
- deprecated postgresql support
- dropped apt cookbook dependency
- deprecated node.foo.bar method access for node['foo']['bar'] bracket syntax
- implemented foodcritic and cookstyle corrections
- migrated cinder api to a Chef-managed config
- deprecated cinder-group-active service, as it is no longer needed and gets in
the way of functionality
- added lvm cookbook dependency for better pv/vg handling
Implements blueprint modern-chef
Change-Id: Id248c9267af6750c871487bc8b577aa2011a782a
- cinder-group-active is still SysV, but can and will start via systemd if
coaxed to do so.
- Style and lint fixes for newer chefdk
- Removed ancient Gemfile
- Rewrote metadata.rb for readability
Change-Id: I4c26aea78220eb20fc4e5e964af93414855df5f6
- Apache HTTPD Server is called httpd on RHEL, and apache2 on Debian.
This adds that distinction for the cinder-api web service.
Change-Id: I457c239f0ff80eb78c49f7a1aae989a8368df80f
- cinder-api now runs under apache2 and no longer as systemd service
- cinder-volume needs explicit backend configuration
- don't install deprecated cinder v1 API endpoints
- clean up some config options
To be added in a follow-up:
- Make backend configuration more flexible
- Replace distro provided wsgi setup with our custom one
Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
for default binding to just one service
Change-Id: I4d28b1b2489419c1f033dfcda0effa5a53c537c3
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
Depends-On: I4f97b659361dabd7fac216305d2aad2f1bb98f51
* added endpoint attributes (moved from common)
* removed qpid as a messaging option (can be incuded in a wrapper)
* deleted default attributes from nova.conf.rb originated in
openstack-common
* adapted optimized endpoint logic
* removed rubocop exceptions in recipes and regenerated the
.rubocop_todo.yaml containing all remaining exceptions
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
* removed fedora, suse as supported platform
* adapted the specs (unit tests) to work again
* added new logic into templates/default/cinder.conf.erb
* refactored attributes throughout all recipes that were connected to
the attributes used for the cinder.conf.erb template to adapt the new
template attribute syntax
* moved all attributes from attributes/default.rb that were used in
cinder_conf.erb to attributes/cinder_conf.rb
* refactored attributes to fit upcomming template logic
* refactored recipes to fit upcomming template logic
* removed all attributes from default.rb and cinder.conf.erb which are set
as default in attributes, openstack doc and used to render the template
Depends-On: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Implements: blueprint cookbook-refactoring
Change-Id: Idadc97bd7380d6c4f9f6f33d9c6b1215a5f24772
- According to the bool attribute
node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
nova database slave_connection
- Add the slave_connection generated from db_uri function
Implements: blueprint sql-slave-connection-support
Change-Id: I9520441952993e8c6b4205e6886778815b5a2e4b
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I5ac6d513c3b1397ba7205dc6f661134a93d17741
On some recent platforms, systemd based, the /var/lock/ path gets
cleaned up at reboot and causes issues for projects like cinder.
Nova and neutron changed long ago to base the lock path off the
state path, this change does the same thing now for cinder.
Change-Id: Ibe693c21cfc63dd5b6e1753c85081a952005b293
Closes-Bug: #1449711
Remove deprecated keys and use identity_uri via the new transform
helper method.
Also, cleanup specs for endpoint testing to make sure Common is
fully tested.
Change-Id: I5a26d8cb83193e4bf66bb952f7973838d6acba40
Implements: blueprint identity-uri
Modify config in attributes/default.rb, recipes/cinder-common.rb,
spec/volume_spec.rb, spec/cinder_common_spec.rb and
templates/default/cinder.conf.erb with SAN login and password.
It has been merged in Kilo. iSCSI code is on the way.
Change-Id: I784f69424a5f1b20f99ba5faccc85b3066e23de3
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are working, these are the changes to use
them in the openstack-block-storge recipes.
Change-Id: Ief4b9d011f55236270a4dc18f2b1f3f769d0a493
Partial-Bug: 1412919
Using The san_private_key by itself is a common use case. The
current code requires the san_login and password to be set.
This patch allows the key to be used without the login and password.
Also removed some clutter comments from the conf template.
Change-Id: Iea84c8310eec39481c115587219cdac35c9b3589
Closes-Bug: #1398469
* add san_password= for storwize
* remove unused san_password attributes, get_password method is used
* add tests for password both storewize and solidfire
Change-Id: I4afde431332ca914d078bc3e30362ef22961016f
Closes-Bug: #1384085
This change adds some attributes into the cookbook so
that they are configurable. They are mainly to configure
for glance_api_insecure and make glance_api_servers to be
prefixed with scheme(http or https).
Change-Id: I79e04b47918fe1ec0b45472bd2cec9afa73d5897
Closes-Bug: #1383619
cinder.conf contains some secret information such as qpid password.
To prevent unauthorized users to access it, this file should be set
as 640 mode.
Fix bug 1369467
Change-Id: I12a0e6e3e492397f1282366ab38ed1e1f46997f7
This implementation allows users to configure multiple backends for
cinder volume. By providing a hash map for different volume driver
sections, cinder.conf can be configured to support multiple backends.
Change-Id: Idec6691168c6a67f1a11f7174a8a97ffb950d7b8
Implements: blueprint cinder-multi-backend-conf
Before this change, a non-vmware user would (without developer mode)
have to create a data bag item for this pass even when not using it,
because otherwise the get_secret's call would fail.
Plus, it's more in line with the other drivers.
Implements: blueprint vmware-password-databag
Change-Id: I48a6e23d6aa9abd106e65e70b40662c8d4cca5fc
1. Add new attribute openstack_vmware_secret_name to indicate the
databag secret key
2. Get the password from databag if dev mode is false
3. Update the test cases
Implements: blueprint vmware-password-databag
Change-Id: Id6872d38c255067a4991aceaa0bf6fb400cce1c8
Sometimes you want the actual endpoint IP to be a load balanced IP, but
the bind IP to be a local IP (different per node).
This change allows that by using attributes from the [block-storage-api-bind] namespace
Implements blueprint increase-ip-binding-flexibility
Change-Id: I79ca114d2d78caaf101357e1400aa046c9943956
Much like a previous commit to allow specifying a bind IP for the API
service (3a576ac), this commit adds a similar ability to specify a bind port.
Change-Id: I62caf397995fbcf3a202992b353c05cc027d07b6
When setup cinder in multiple nodes, cinder-api and cinder-volume
will not exist in same node, so we should avoid value of
"osapi_volume_listen" to be "0.0.0.0" and should set it as
the ip of volume api host.
Change-Id: I6daa46d497297e8e4ab9faa2caa953d242cc424e
Closes-bug: #1305157
Currently, qpid's password is stored in an attribute in the common
cookbook. This change causes the password to be looked up via
get_password method, which is how we obtain the rabbitmq password.
Change-Id: If95c39af79d49894503631fb8acadb4bf8cd0d45
Implements: blueprint use-data-bag-for-qpid-password
- Add SolidFire attributes
- Re-organise SAN attributes, to be generic and import from
SolidFire/storwize
- Add tests for SolidFire attributes/settings
Implements: blueprint solidfire-cinder-provider
Change-Id: Ic91be41ca04426e829a68a66317d34db08e60b6f
Now that almost all of the rubocop blueprints have been completed, make
one final pass through all of the cookbooks ensuring they're all in
sync with each other.
- Upgrade rubocop to 0.18.1
- Fix violations caused by 0.18.1 upgrade
- Add Includes for non-existent folders to Includes so they
automatically cover future additions
Change-Id: I9224b785f50103d348e3b16ea24e5dc8cab84c62
Implements: blueprint lint-and-unit-testing-for-havana
This change removes the attributes we'll be moving to openstack-common
and changes reference of those attributes to reflect new (more
consistent) namespace. We also fix a broken test which doesn't properly
converge after changing a node attribute. Lastly, we handle the rabbit
mq attribute use_ssl.
Change-Id: I12b9c33f89eb35a66bae7420340aff10efd18b1c
Implements: blueprint clean-up-attr-for-mq-and-db
Consolidate all the .rubocop.yml into a single file, finished out cleanups for
all the Ruby files.
Change-Id: I92d5983724d5d0185cd25bea6a0f46657a6c05d4
Addresses: blueprint rubocop-for-block-storage
The user_password, service_password and db_password functions are redundant
since they simply call "secret". Creates a get_password function that will
accept a "type" of db, service or user.
All instances of these calls have been changed to call get_password
Change-Id: Ifdb5c7b3f590431aaa7ffc021cdee34899ac8c15
Partial-Bug: #1195915
Per the mailing list thread, introducing Rubocop as a replacement for Tailor.
Assuming Jenkins likes this, more pedantic patches will follow to make Rubocop
happy. So far this is just spacing issues and adding UTF-8 headers, but more
work will need to be done to remove all of the changes for the .rubocop-todo.yml
Change-Id: I590ac5ec03ce6a00dd73027d6798e36105a32af1
This patch creates the /var/lock/cinder directory (or other location
specified in the corresponding attribute) to use for lock files.
Change-Id: I23d2d8a201f892cc1bf56f8db825f70fc1fdf5d6
Moving all qpid parameters under default["openstack"]["block-storage"]
["mq"]["qpid"] so that other qpid options can be added under it. Rabbit
parameters will be brought under "mq" eventually. MQ is selected
through default["openstack"]["block-storage"]["mq"]["service_type"].
Default is "rabbitmq".
Implements: blueprint qpid-activemq-support
Change-Id: I4c45a1aa8f6a6a505c8a1494d02f8bf5bc19dbfe