Cinder needs to send notifications to nova when attached volumes
are being extended. By default, cinder uses the client context
for this, but nova requires admin privileges for this. So we
configure cinder to use the nova service user instead. See
also [0].
[0] https://bugs.launchpad.net/openstack-ansible/+bug/1902914
Change-Id: Ib4c6820dd15ecfa3e3763c188e0a2cc322ecea55
Update ChefSpec due to changes made in apache2 cookbook.
Depends-On: https://review.opendev.org/756168
Change-Id: Ie849f5bae082e94581146793f964d0e001a7c8c8
Signed-off-by: Lance Albertson <lance@osuosl.org>
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Enable sensitive resources for the template[/etc/cinder/cinder.conf]
and to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/706157
Change-Id: I73948a67e798477cfe7d3cf62474d0ea96f90db2
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Other changes:
- Remove selinux for depends as it's not being referenced anywhere in
the cookbook
- Included more ChefSpec tests for api recipe
- Update WSGI template
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: I289091f54750dd5068e98fd4f4853880f4b72c6c
If apache is (re)starting while the chef-client installs the cinder-api
package, it may pick up the package-supplied cinder-wsgi apache2 conf
file before chef-client gets around to disabling it which may result in
apache2 failing due to a non-working configuration.
This changeset eliminates the race by creating an empty configuration
file before installing the software. The solution is based on the
assumption that no reasonably configured package manager will overwrite
an existing, user-created configuration file. The empty configuration
file is left in place to avoid its creation and removal during every
recipe run.
backport: queens
Change-Id: I225a30379820e6e033bcea987fbf1a4db33dbd3a
This uses edit_resource to add a notification in the block storage
apache configuration when it gets updated. This is a workaround due to
the fact we are using a version of the apache2 cookbook that is still
using definitions and cannot add notifications with definitions.
This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.
Change-Id: I7efddef83333ca0794ee3c298ca1a2488defe941
Signed-off-by: Lance Albertson <lance@osuosl.org>
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that.
Depends-On: https://review.opendev.org/666176
Change-Id: Id090b2f70bf2844ce73fc75a1fe4871d3465485d
Signed-off-by: Lance Albertson <lance@osuosl.org>
Also fixes wrong service type reference in for wsgi banner
Change-Id: I82c60b7c4efaa19459a3a0ab835eb4e48f8ee991
Signed-off-by: Manuel Torrinha <manuel.torrinha@tecnico.ulisboa.pt>
- since the target package ships the default conf we won't need this
anymore
- the cinder target.conf is shipped by the cinder package to the right
directory
- removed targets.conf.erb since this isn't used anymore
- removed obsolete specs
Change-Id: I9485cc65231b1da8b24efdb7e25551e4d4688d6a
The Chef Style Guide[1] does not recommend using hyphens for
cookbook or resource names. To maintain consistency, we should follow
best practices.
[1]: https://docs.chef.io/ruby.html#use-of-hyphens
Depends-On: Ic2b6d8f1cdf719791faaebdbd7e29e789eb3f31c
Change-Id: Ib8c788f69e9545b2d7121199590e3795f2212c7f
- scsi-target-utils comes from EPEL. Now that EPEL is disabled, this is removed
in favor of targetcli from the base repo. This is also available for Ubuntu to
provide a consistent outcome.
Change-Id: Ibc146350ef2ddd1d19e35402cbf69e036a759f1d
Implements: blueprint modern-chef
- deprecated postgresql support
- dropped apt cookbook dependency
- deprecated node.foo.bar method access for node['foo']['bar'] bracket syntax
- implemented foodcritic and cookstyle corrections
- migrated cinder api to a Chef-managed config
- deprecated cinder-group-active service, as it is no longer needed and gets in
the way of functionality
- added lvm cookbook dependency for better pv/vg handling
Implements blueprint modern-chef
Change-Id: Id248c9267af6750c871487bc8b577aa2011a782a
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).
We add the domain_name attribute that creates the cinder user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the cinder user is to be
created in the Default domain).
Change-Id: I3d3cad8f870f80b577ded04588c401c27c62fbc8
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).
Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.
Change-Id: I320d0e85287aa5d6368d5be323999f8d9e1c462f
- Changed the default linter to cookstyle
- cinder-group-active was missing a Provides header for the SysV init script
- Switched the qemu package to SCL for CentOS to get a newer release
- Normalized template banner comment
Change-Id: Iec59e0c8e3cb0b83db92a0a9f8db34a40953351f
- cinder-group-active is still SysV, but can and will start via systemd if
coaxed to do so.
- Style and lint fixes for newer chefdk
- Removed ancient Gemfile
- Rewrote metadata.rb for readability
Change-Id: I4c26aea78220eb20fc4e5e964af93414855df5f6
- Apache HTTPD Server is called httpd on RHEL, and apache2 on Debian.
This adds that distinction for the cinder-api web service.
Change-Id: I457c239f0ff80eb78c49f7a1aae989a8368df80f
- cinder-api now runs under apache2 and no longer as systemd service
- cinder-volume needs explicit backend configuration
- don't install deprecated cinder v1 API endpoints
- clean up some config options
To be added in a follow-up:
- Make backend configuration more flexible
- Replace distro provided wsgi setup with our custom one
Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- added needed keystone_authtoken attributes
- updated README
Change-Id: I2f339055883354c6a8a77daa7967ff279c4d18d9
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
for default binding to just one service
Change-Id: I4d28b1b2489419c1f033dfcda0effa5a53c537c3
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
Depends-On: I4f97b659361dabd7fac216305d2aad2f1bb98f51
* added endpoint attributes (moved from common)
* removed qpid as a messaging option (can be incuded in a wrapper)
* deleted default attributes from nova.conf.rb originated in
openstack-common
* adapted optimized endpoint logic
* removed rubocop exceptions in recipes and regenerated the
.rubocop_todo.yaml containing all remaining exceptions
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
* removed fedora, suse as supported platform
* adapted the specs (unit tests) to work again
* added new logic into templates/default/cinder.conf.erb
* refactored attributes throughout all recipes that were connected to
the attributes used for the cinder.conf.erb template to adapt the new
template attribute syntax
* moved all attributes from attributes/default.rb that were used in
cinder_conf.erb to attributes/cinder_conf.rb
* refactored attributes to fit upcomming template logic
* refactored recipes to fit upcomming template logic
* removed all attributes from default.rb and cinder.conf.erb which are set
as default in attributes, openstack doc and used to render the template
Depends-On: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Implements: blueprint cookbook-refactoring
Change-Id: Idadc97bd7380d6c4f9f6f33d9c6b1215a5f24772
- According to the bool attribute
node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
nova database slave_connection
- Add the slave_connection generated from db_uri function
Implements: blueprint sql-slave-connection-support
Change-Id: I9520441952993e8c6b4205e6886778815b5a2e4b
Currently, when we use GPFSDriver as multi backend volume driver,
cookbook won't create gpfs mount point base directory automatically.
This patch fix this problem.
Closes-Bug: #1476960
Change-Id: I1faf33470747fac6df66854470cf45d35a38f3c1
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I5ac6d513c3b1397ba7205dc6f661134a93d17741
On some recent platforms, systemd based, the /var/lock/ path gets
cleaned up at reboot and causes issues for projects like cinder.
Nova and neutron changed long ago to base the lock path off the
state path, this change does the same thing now for cinder.
Change-Id: Ibe693c21cfc63dd5b6e1753c85081a952005b293
Closes-Bug: #1449711
lvm volume recipe makes use of lvm commands like vgcreate. These
commands are part of the lvm2 package which may not be a
dependency for the base openstack cinder packages anymore. So,
make sure this get installed before using those commands.
Change-Id: I75f47260677b409ff32c4b2c6fc5598a31214ecf
Closes-Bug: #1435968
Remove deprecated keys and use identity_uri via the new transform
helper method.
Also, cleanup specs for endpoint testing to make sure Common is
fully tested.
Change-Id: I5a26d8cb83193e4bf66bb952f7973838d6acba40
Implements: blueprint identity-uri
Currently, if san private key is missing, cookbook will create an
empty one which cause cinder can't work properly.
This patch will check whether san private key is exist or not, if
not, raise an error to remind user to provide one.
Change-Id: Ia1e0a60dec9ef463a908756fffa5f5274ebc0fb7
Since we have no attribute overrides for api-paste.ini, no
need to have a template resource for it. Until we need to
have some attribute, removing this will take away burden of
keeping in sync with base openstack code.
Change-Id: Ic72c638ba61929bc06061b04d13ce986514b0460
Related-Bug: #1433152
Modify config in attributes/default.rb, recipes/cinder-common.rb,
spec/volume_spec.rb, spec/cinder_common_spec.rb and
templates/default/cinder.conf.erb with SAN login and password.
It has been merged in Kilo. iSCSI code is on the way.
Change-Id: I784f69424a5f1b20f99ba5faccc85b3066e23de3
In RHEL7, tgtd is replaced by LIO, and target deamon service and
targetcli package is used to manage iscsi target.
This fix also set iscsi_helper to lioadm for RHEL7
Change-Id: I5a5b1faec6a6aed9b9f3d5632e704a59e2d5c7b7
closes-bug: #1409619
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are working, these are the changes to use
them in the openstack-block-storge recipes.
Change-Id: Ief4b9d011f55236270a4dc18f2b1f3f769d0a493
Partial-Bug: 1412919