Commit Graph

1185 Commits

Author SHA1 Message Date
Ghanshyam Mann 7372103182 Retire openstack-chef: remove repo content
OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I4561c6eefef05c672a4f6cb9d15b1a5a29e81110
2024-02-18 05:01:47 +00:00
Lance Albertson dd5a46c6dd CentOS 8 support
- Update package names
- Migrate to using apache2_mod_wsgi resource and require apache2 ~> 8.6
- Don't add --listen to libvirtd on EL8
- Update ChefSpec

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/815148
Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-network/+/815172
Change-Id: I2e66b923b91d763ea7f484421dbdad883d9117a3
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-22 16:34:14 -07:00
Marek Szuba d15e1572ab Configure SPICE consoles
There is now a recipe - not really a new one, it's "vncproxy" with some
attributes renamed - which handles the relevant packages and services
(Debian names confirmed to have been valid at least since Jessie,
Ubuntu and RHEL ones based on existing convention + review comments).
Furthermore, nova.conf is now populated with required enpoint information
- with hopefully sane default values of relevant attributes.
Finally, the attribute node['openstack']['compute']['console_type']
can be used to enable the desired console type; it defaults to 'vnc'
in accordance with default Nova configuration.

Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I0996daddda6d21633930ba73e174f99775a9e0c9
2021-10-14 22:47:24 +00:00
Lance Albertson 3e101784a9 Chef 17 support
- Remove bind from Berksfile
- Update copyright years
- Require Chef >= 16.0

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/814052
Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-network/+/814057
Change-Id: I84867a131b54d63f3d057c40a1e8ac4b4697c368
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-14 12:45:38 -07:00
Marek Szuba c5e91ee0b9 nova-common: add memcached config keys for keystonemiddleware
Modern versions of OpenStack (confirmed under Rocky and Victoria)
have two separate keys for specifying memcached servers to use - one
for Nova itself (which the cookbook already handled) and one for the
Keystone middleware (which it did not). As a result, with only the former
set Nova keeps on complaining in the logs (at least under Rocky) about
still using in-process token cache.

Signed-off-by: Marek Szuba <marek.szuba@cern.ch>
Change-Id: I7930048a55a26e66c1dd041245ae5b23794eada1
2021-07-15 20:24:37 +00:00
Ghanshyam Mann b795bd684c Moving IRC network reference to OFTC
Also pull bind cookbook from git to fix version pinning issues.

Change-Id: I0c6a50d33622a9dd6deff66ea204c56d6b5657c6
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-07-15 11:03:34 -07:00
Jens Harbott 4b796ce2fb Set threads=1 for other wsgi-based services
In [0] we followed the release-note about using threads=1 for the nova-api
service, but missed that the nova-metadata and placement service are
affected by the same issue.

[0] Iebf78d24c57a069eabced1bf35051cbae5014902

Change-Id: I9107ca1a135ac090dc9cf80b5192eed4838595df
2021-06-01 14:20:50 +02:00
Jens Harbott a581a52dd6 Add a service_user section to nova.conf
This is needed in order to prevent long-running actions like
live-migration from failing if the user provided token expires
in the meantime. [0],[1]

[0] https://docs.openstack.org/nova/train/admin/live-migration-usage.html#addressing-migration-timeouts
[1] https://docs.openstack.org/nova/train/admin/support-compute.html#user-token-timeout

Change-Id: I00e3a6ac974b73b56b49fadc7751f1c0aaf292ac
2021-05-03 12:52:35 +02:00
Lance Albertson 5afbf620ad Update to Chef Workstation 21.2.303
Depends-On: https://review.opendev.org/c/openstack/openstack-chef/+/779389
Change-Id: I9879a8924b33480b319341b297e943af2c25d847
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-03-08 16:19:03 -08:00
Lance Albertson af47ea6ef5 Cookstyle 6.19.5 fixes
Update ChefSpec due to changes made in apache2 cookbook.

Depends-On: https://review.opendev.org/756168
Change-Id: I3ec792c519650b2d95a976ad50419a9b417a3514
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-10-05 17:26:51 -07:00
Lance Albertson d645ef3f5e Chef 16 fixes
Depends-On: https://review.opendev.org/747602
Depends-On: https://review.opendev.org/747557
Change-Id: I73514e34628dbf61a35f6e0ad19191cdeb2b6451
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-08-27 17:36:20 -07:00
Roger Luethi 5747451dcb Restart apache only where appropriate
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.

backport: stein

Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
2020-08-04 11:18:13 +00:00
Lance Albertson 6c69ce58b1 Updates for Train
The major change in this release is that the placement-api code base has been
removed from nova and put into it's own project called placement [1]. Users who
are coming from Stein will need to follow the upgrade guide [2] to properly
upgrade to the new service.

All attributes related to placement-api have been moved into their own files
including configuration file attributes for placement.conf.

Added:
- Template to manage /etc/placement/placement.conf
- Include openstack-compute::_nova_cell recipe to nova-setup so that the db
  migrations happen properly

Changed:
- Update release to train
- Migrated from nova-placement-api to placement-api [1]

Fixed:
- Cookstyle & ChefSpec
- Ordering of db syncs which was causing issues for Train
- Set default['openstack']['compute']['syslog']['use'] to false by default
- Various comments

Removed:
- Removed references to nova-consoleauth which has been removed upstream [3]
- Removed references to xvpvnc which was removed upstream
- Unused .rubocop.yml and .rubocop_todo.yml

[1] https://docs.openstack.org/releasenotes/placement/train.html
[2] https://docs.openstack.org/placement/latest/admin/upgrade-to-stein.html
[3] https://docs.openstack.org/releasenotes/nova/train.html#prelude

Change-Id: I996bcd2f63a080e10fadf0c7adf9a0ddcb0b5c7a
Depends-On: https://review.opendev.org/731859
Depends-On: https://review.opendev.org/731860
Depends-On: https://review.opendev.org/731861
2020-06-09 10:09:15 -07:00
Lance Albertson 50be0465fe Set threads=1 for api wsgi
This adds some attributes for adjusting the thread counts for each wsgi
application. By default we use 10 threads, however for the api service, it needs
to be set to 1 due to this upstream issue [1]. In addition, increase the
processes for the api service to 6 to account for the reduction in threads.

[1] https://docs.openstack.org/releasenotes/nova/stein.html#known-issues

Change-Id: Iebf78d24c57a069eabced1bf35051cbae5014902
2020-04-09 12:23:41 -07:00
Lance Albertson 2961ebabee Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/nova/nova.conf] to
  resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Add metadata to enabled_apis as that is the default upstream
- Switch to user resource for managing shell for nova user
- Switch to libvirtd instead of libvirt-bin for Ubuntu service name

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/706157
Change-Id: I7e03fb9dace6e288a3b21f33106245b30b52ce9d
2020-03-19 12:36:40 -07:00
Lance Albertson 868900d090 Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Additional fixes:
- Install mod_wsgi as a package on RHEL since there is no built-in
  resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
  with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
  by Chef now automatically.
- Fix resource ordering in placement_api
- Improve ChefSpec tests
- Add missing placement_api RHEL tests
- Fix issues with chain file and cipher suite in in wsgi template
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib404ab6bfcae3340fd7f0f924539ca6c445b55cf
2020-01-30 11:22:19 -08:00
Lance Albertson ef4adacafa Improve ChefSpec test speed by enabling caching
This updates all references of let(:chef_run) to cached(:chef_run) to
speed up tests. By doing this, we have to create a new cached(:chef_run)
block whenever we need to adjust node attributes for testing.

- Remove unused default recipe ChefSpec
- Formatting cleanup

Speed was improved from 7 minutes 17 seconds to 1 minute 34.18 seconds

Change-Id: I8bdde8b68371d25275aa78d9438f5aeff960062f
2020-01-06 12:20:20 -08:00
Lance Albertson baa1464918 Updates for rocky
- Replace git.openstack.org with opendev.org
- Update some documentation
- Move README.md to README.rst for better rendering
- Drop obsolete bootstrap.sh script

Change-Id: I0fd381bceadcd43a258e04b2cbea8a1a3785dd1b
2019-12-06 11:14:20 -08:00
Jens Harbott a848d54f0f Use python3 packages on Ubuntu
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.

Depends-On: https://review.opendev.org/682918
Change-Id: Ia3adf776d48ebbf364530201f85307805a6b48d6
2019-09-19 12:16:32 +00:00
Lance Albertson 82c5b9a243 Properly notify apache restarts on configuration updates
This uses edit_resource to add a notification in the nova-api,
nova-api-metadata and nova-placement-api apache configurations when one
of them gets updated. This is a workaround due to the fact we are using
a version of the apache2 cookbook that is still using definitions and
cannot add notifications with definitions.

This is intended to ensure we only restart apache when the configuration
is updated. Otherwise, the old behaviour was to restart apache on every
run which is problematic in production environments. I have been using
this in our production wrapper cookbook for the past year or so without
any issue.

This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.

Also amend the Berksfile to point to the new opendev.org location.

Change-Id: I55e6ea4124017e0f44f92f6a2fb01baad5a27555
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-08-20 12:47:08 +00:00
Roger Luethi ff074af903 placement_api: create valid apache config before installing package
If apache is (re)starting while the chef-client installs the
nova-placement-api package, it may pick up the vanilla apache2 conf file
before chef-client gets around to fixing it which may result in apache2
failing due to a non-working configuration.

This changeset eliminates the race by creating a valid configuration
before installing the software. The solution is based on the assumption
that no reasonably configured package manager will overwrite an
existing, user-created configuration file.

backport: queens

Change-Id: Id9f1d165411fc5b3cc73b29a36840cf4dc63d81b
2019-07-25 09:29:09 +02:00
Lance Albertson 5d469d044e Fixes to support fog-openstack-1.x
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that.  In addition, comment out endpoint type until this PR [1] gets
merged and released.

[1] https://github.com/fog/fog-openstack/pull/494

Depends-On: https://review.opendev.org/666176
Change-Id: I99dceff452695302865d267ca4cd5e8aa094ead5
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-07-03 16:04:19 -07:00
Jens Harbott 5880fb5975 Stop setting auth_version in DEFAULT section of nova.conf
This option never belonged there anyway, we hardcode to "v3" in the
keystone_authtoken section already.

Change-Id: If2d13f9c4eee0a3e1083b39dc55627007c936c77
2019-04-29 10:59:47 +00:00
Zuul bf0aeae4f5 Merge "Drop admin endpoints" 2019-04-29 09:27:15 +00:00
OpenDev Sysadmins ce5b375ed3 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:31:24 +00:00
Jens Harbott 9fb22fbbed Drop admin endpoints
The admin endpoints offer no special functionality, users may talk to
the public endpoints instead. The only historic use case has been the
keystone v2 admin endpoint, but with keystone v3 API, even that is no
longer needed.

[0]
https://opendev.org/openstack/openstack-chef-specs/src/branch/master/specs/ocata/all/drop-admin-endpoints.rst

Depends-On: https://review.openstack.org/652050
Change-Id: I8bee6f671187324cfecd820510d2a6d56f26ca77
2019-04-16 09:37:38 +00:00
Jens Harbott edaf314d29 Fix deployment for Rocky
Ubuntu now allows to choose between python(2)- and python3-based
packages, installing neither variant by default. So we need to choose
and install one version explicitly, since python3-nova still seems to
have some issues with running under uwsgi, let's start with the python2
variant.

Change-Id: Iee78b5f7de885748fd590e339623f6d2f2fb096b
2019-03-21 13:17:59 +00:00
ZhijunWei 20fb9a2311 Change openstack-dev to openstack-discuss
Change-Id: I0230fe1fe85b25660bee9e6b728062f7b984f25c
2018-12-04 23:21:02 -05:00
Zuul d9446a64f2 Merge "placement: os_region_name -> region_name" 2018-10-05 09:06:12 +00:00
Zuul c987bedd01 Merge "Rename attributes: vncserver_* -> server_*" 2018-10-05 09:04:40 +00:00
Zuul b0cc7a69d5 Merge "Add www_authenticate_uri to keystone_authtoken" 2018-10-05 08:59:33 +00:00
Roger Luethi 55b58702fa Make nova.conf more readable
This patch replaces nova.conf.erb with openstack-service.conf.erb from
the openstack-common cookbook.

Besides removing some redundancy, it also makes nova.conf more readable
(due to a fix to openstack-service.conf.erb that never made it to
nova.conf.erb).

backport: queens pike

Change-Id: I07aeb7617ca152f66ec239cef4bcbef642c66bf7
2018-10-02 17:19:43 +02:00
Roger Luethi 6d78224bdb Rename attributes: vncserver_* -> server_*
Source:
* openstack/nova git repo:
  conf: Rename two VNC options
  Change-Id: Ic05c2c8364e015f6878b0bc25449216624568ad5
  commit e5a03e3c54d57aa29bd8154c9eddf7ee52c6c3b5

Change-Id: I3953195b1f8c7f166b89c7ea7ce7994bcd3c0461
2018-10-02 17:10:26 +02:00
Roger Luethi 7053785ecf Add www_authenticate_uri to keystone_authtoken
Without www_authenticate_uri set, nova logs contain warnings:

WARNING keystonemiddleware.auth_token
        Configuring www_authenticate_uri to point to the public identity
        endpoint is required; clients may not be able to authenticate
        against an admin endpoint

backport: queens

Change-Id: I0ff8202455b576227b882670c7254487b5e11f25
2018-10-02 17:03:39 +02:00
Roger Luethi dca0587ce9 placement: os_region_name -> region_name
Source:
* openstack/nova git repo:
  Update the deprecate os_region_name option
  Change-Id: Id44d456bb1bdb0c5564ad4f5d9cdee2f41226052
  commit d163fb6d697d74ea93ffc394187871a3a8c4ccd8

backport: queens

Change-Id: I47f8451b830892ff0b2d85a553cfe31b8deec1b0
2018-10-02 16:59:23 +02:00
Samuel Cassiba 6ac9b3b655 Rename openstack-chef-repo references to openstack-chef
Change-Id: I2a835de2c2131474ea24378cccb32b1ba743d621
2018-08-06 21:49:24 -07:00
Samuel Cassiba f922173a34 starting rocky development patch
Change-Id: Ic08b45c18b8593c7302dc0977158b8d4e9d58b5a
2018-08-03 23:01:12 -07:00
Samuel Cassiba 79b76424f3 Use internal identity endpoint for services
Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1
Change-Id: Ibce1f2d4796e44941df4b7256de786e49a7386cc
2018-07-16 12:38:42 -07:00
Samuel Cassiba 4992010231 Convert Nova APIs to WSGI services
To be consistent with the install guide[1], the Nova services should be
deployed as WSGI services.

[1] https://docs.openstack.org/nova/queens/install/controller-install-ubuntu.html

Change-Id: I49a767724e744f98d7f008411755c063f96a4c9d
2018-06-26 13:54:13 +00:00
Samuel Cassiba 3a4c7f6b6f Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ife7bb6d09eafd137c6858f6ae18d4d34508928a6
Implements: blueprint simplify-identity-endpoint
2018-06-14 19:17:02 -07:00
Jens Harbott ad3d1c3c65 Refactor libvirtd.conf creation
Replace the hardcoded bloated template with a variant of our standard
template that only includes the values that are really needed.

This will allow deployments to override the default values and for
example deploy libvirtd with TLS authentication according to [0].

[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0007

Change-Id: Ib7b305670f525bbf975ec33ed070e2d960347ef4
2018-04-23 12:35:19 +00:00
Zuul 2c1e4d9822 Merge "cleanup attribute leftovers that are not used anymore" 2018-04-23 10:02:11 +00:00
Zuul 1f93a5962a Merge "fix libvirtd service naming and env file for debian" 2018-04-16 15:29:18 +00:00
Jan Klare 8ed820e319
fix libvirtd service naming and env file for debian
Change-Id: I6a69e3ad43936d032ac252d8a6c9a1d2bc78bfbd
2018-04-16 15:14:02 +02:00
Jan Klare ad88dc2a78
cleanup attribute leftovers that are not used anymore
* removed all unused attributes
* removed vmware specific configuration option that can be set in a
wrapper cookbook (and was not maintained for quite some time)
* removed caseswitch for nova user and group since we currently only
support debian and rhel
* moved all libvirtd related config options to specific attribute file
in preparation for further refactoring

Change-Id: I42a0bbcd03a570b9d6d24ba32ed2cafacc33ec76
2018-04-16 15:09:22 +02:00
Samuel Cassiba 2252e2d80d Add delivery config
Change-Id: I554645dcae0fb8fa9829bb459f681b56a057d93d
Implements: blueprint deprecate-rakefiles
2018-04-11 21:51:34 -07:00
Jan Klare 2434b03f7d
remove all ceph related attributes,recipes,specs and the cookbook dependency
Change-Id: I24f9976ed57a90cb7062ed990e758fd9707d04b4
2018-04-05 16:38:31 +02:00
Samuel Cassiba 0bef2dc3fc starting queens development patch and use git.openstack.org
* use git.openstack.org instead of github for berks dependency
resolution

Depends-On: https://review.openstack.org/549345
Depends-On: https://review.openstack.org/549346
Depends-On: https://review.openstack.org/549348
Change-Id: Ie18c080e001070bb081e30ec0633f3c25a5f2b55
2018-03-06 12:16:08 -08:00
James E. Blair 28fe28e8dd Zuul: Remove project name
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.

Change-Id: I4ba7d342c78ba223329ed924d03efdfbd7ad2262
2018-02-01 14:41:37 -08:00
Zuul c8e1159e59 Merge "compute refactor for Pike and Chef 13" 2017-12-22 21:34:47 +00:00