Update ChefSpec due to changes made in apache2 cookbook.
Depends-On: https://review.opendev.org/756168
Change-Id: I3ec792c519650b2d95a976ad50419a9b417a3514
Signed-off-by: Lance Albertson <lance@osuosl.org>
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.
backport: stein
Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
This adds some attributes for adjusting the thread counts for each wsgi
application. By default we use 10 threads, however for the api service, it needs
to be set to 1 due to this upstream issue [1]. In addition, increase the
processes for the api service to 6 to account for the reduction in threads.
[1] https://docs.openstack.org/releasenotes/nova/stein.html#known-issues
Change-Id: Iebf78d24c57a069eabced1bf35051cbae5014902
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/nova/nova.conf] to
resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Add metadata to enabled_apis as that is the default upstream
- Switch to user resource for managing shell for nova user
- Switch to libvirtd instead of libvirt-bin for Ubuntu service name
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/706157
Change-Id: I7e03fb9dace6e288a3b21f33106245b30b52ce9d
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Fix resource ordering in placement_api
- Improve ChefSpec tests
- Add missing placement_api RHEL tests
- Fix issues with chain file and cipher suite in in wsgi template
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib404ab6bfcae3340fd7f0f924539ca6c445b55cf
This uses edit_resource to add a notification in the nova-api,
nova-api-metadata and nova-placement-api apache configurations when one
of them gets updated. This is a workaround due to the fact we are using
a version of the apache2 cookbook that is still using definitions and
cannot add notifications with definitions.
This is intended to ensure we only restart apache when the configuration
is updated. Otherwise, the old behaviour was to restart apache on every
run which is problematic in production environments. I have been using
this in our production wrapper cookbook for the past year or so without
any issue.
This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.
Also amend the Berksfile to point to the new opendev.org location.
Change-Id: I55e6ea4124017e0f44f92f6a2fb01baad5a27555
Signed-off-by: Lance Albertson <lance@osuosl.org>
- Added basic cellv2 recipe, as it is required from Ocata on
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
- Removed ancient Gemfile
Change-Id: I97b453fc419bfbf01679dadf39a256b1f0f99859
The placement-api has been added by nova for the Newton cycle, it has
become mandatory for Ocata.
It is deployed as a wsgi app similar to what we have for keystone and
gnocchi already.
Change-Id: I1d1f1cc7046cb30a91894a0c884bc861d7f3dd95
* added sync for api_db (required in mitaka) and needed configuration options in
nova.conf
* made libvirtd_opts configurable in preparation for xenial and systemd on
ubuntu (libvirtd needs to be started with just -l option on xenial)
Change-Id: I6c01e45f10d75db96c95c0bb37b016ada2f5933f
Depends-On: Idf6645064a1c2f337f542b29a026969c7d35efbe
* added endpoint attributes (moved from common)
* removed qpid as a messaging option (can be incuded in a wrapper)
* removed os-bare-metal dependencies
* deleted default attributes from nova.conf.rb originated in
openstack-common
* removed fedora and suse as supported platform
* adapted optimized endpoint logic
* removed rubocop exceptions in recipes and regenerated the
.rubocop_todo.yaml containing all remaining exceptions
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
* adapted the specs (unit tests) to work again
* refactored spec_helper.rb method "expect_creates_api_paste"
* added new logic into templates/default/nova.conf.erb
* refactored attributes throughout all recipes that were connected to
the attributes used for the nova.conf.erb template to adapt the new
template attribute syntax
* moved all attributes from attributes/default.rb that were used in
nova_conf.erb to attributes/nova_conf.rb
* refactored attributes to fit upcomming template logic
* refactored recipes/nova_common.rb to fit upcomming template logic
* removed all attributes from default.rb and nova.conf.erb which are set
as default in attributes, openstack doc and used to render the template
* removed nova-network as a supported config option
Depends-On: I9cc1b5cc069987ac83e064322c2291772505ff5f
Depends-On: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Implements: blueprint cookbook-refactoring
Change-Id: I9ac9eeb29ab27f31394830e4b6f999d5870cc0e4
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: Ic874a3e0a8d005e410baa40584f0f00dfc805a56
In Icehouse, the configurations for keystone auth token has been moved
to nova.conf. So we need to remove the configurations from api-paste.ini
and move them to nova.conf.
Change-Id: I5b5b32b16c8e9235103bd61f3c3eb1774b093e0a
Closes-Bug: #1342002
The instances path was bring created, but not the state or lock paths.
If these are overridden to different places, nova will fail to start.
Removed the unused hardcoded lock path in api and scheduler recipes.
Moved the path creation to nova-common recipe.
Change-Id: I7538edff91233761a1c6336ca4cfe080eeee093d
Closes-Bug: #1328956
The API service recipes have been pulling in the entire
python-keystone package, which is the entire Keystone
set of services. This hasn't been necessary since
some time after Grizzly, when the tokenauth middleware
was moved to the client.
Closes-Bug: #1305318
Change-Id: I75ff23847936bb288ea49ca41d1e46edb5bd7730
Use the library method auth_uri_transform to transform the auth uri
by the auth version.
Change-Id: Ia12d942ead55728deaac96ea6b5858d4c0bb01ba
Imlements: blueprint move-keystone-authtoken-move-auth-uri-logic
Now that almost all of the rubocop blueprints have been completed, make
one final pass through all of the cookbooks ensuring they're all in
sync with each other.
- Upgrade rubocop to 0.18.1
- Fix violations caused by 0.18.1 upgrade
- Move Excludes for non-existent folders to Includes so they
automatically cover future additions
Change-Id: I00254b346718c1c70e8ad6f8b97e4dbf3f56396f
Implements: blueprint lint-and-unit-testing-for-havana
- Adjust .rubocop.yml to include recipes/**
- Ensure all recipes are rubocop compliant
Change-Id: I7ecb3896b5a2b2d93304014a4ab19cb0e3c2e31c
Addresses: blueprint rubocop-for-compute
The user_password, service_password and db_password functions are redundant
since they simply call "secret". Creates a get_password function that will
accept a "type" of db, service or user.
All instances of these calls have been changed to call get_password
Change-Id: I3f37d2e940dfcaab8c40fe3d039cbd24239ffa42
Partial-Bug: #1195915
Partially addresses LP 1207504
We need to ensure that auth_uri is set properly, that
auth_version defaults to v2.0, even when the v3 Keystone
API is available, and that the non-auth_uri config options
refer to the admin endpoint, not the service endpoint.
Change-Id: Ifbfbbf86bb6956b9b7c366dec5a8a12b383a476b
Allows the auth_version to be only included when a node
attribute is set to v2.0. This ensures that Keystone v3 works
with Nova when not on Keystone v2.0.
Also corrects the auth endpoint to the main endpoint not
the admin one.
Fixes LP #1204627
Change-Id: Ib7c3eae117a33cc2a7a5668e033851acaecd880b
Bring this cookbook in line with other cookbooks
(openstack-block-storage), already following this
pattern.
Change-Id: I34d40d102b94459d700fbd290fad684297e27e66
Since the `signing_dir` is always set in api-paste.ini,
the basedir must exist or the openstack compute API fails
to start. No reason to guard the creation of this dir
now that it is always referenced.
Change-Id: I4c62cba37b801aa5d07151e049e6ad30bf6a8a29
As we have decided to move all cookbooks to use the
[openstack][<service>] attribute namespace convention, move compute
to fit this model.
Change-Id: Ibc19fd5326af0340ea1e3788aa7d2701e187f3a0
In the previous commit, the vast majority of the work to move this
repo to openstack-compute was completed. Functionally it works. This
change is intended to address some cosmetic issues and make it
consistent with work done in other cookbook repos.
All tests pass.
Change-Id: I58216cd87b9ff0a77c599c7b5aab132ab2a9304d
Changed the cookbook name to openstack-compute, fixed all tests, and
addressed attributes. Also addressed calls to external services,
primarily keystone -> openstack-identity.
All tests pass.
Change-Id: Ic567a33cefd78cc3b2217986d3ff7475bc93f874
* Use service_password, db_password, and user_password
new openstack-common library routines
* Use updated calls to keystone_register that utilize
auth_uri and admin pass
Removes use of admin_token and now-irrelevant host/port/scheme
sections of api-paste.ini in favor of admin_user/tenant_name and
admin_password corresponding to the service user/tenant/pass.
Unfortunately these endpoints have invalid path that chokes
URI.parse. We can clean this up more if we like, so that
we do not need to URI.decode everywhere.