This commit introduces the management of a new component opencontrail[1].
Opencontrail is a Sofware Defined Network solution. A new approach has
been taken here to include it. Since not every deployment will need to
manage an opencontrail solution, every related file have been put into
'manifests/network/contrail' (including the HA bits). The HA bits are
then included in loadbalancer.pp and not created (ie. set to false) by
default.
[1] http://www.opencontrail.org/
Change-Id: I135f575560b0dde707a28e995da5b00b7aa6d765
New version of puppet-lint-paramdoc fails if defines parameters are not
documented. In order not to block backport we stick to 1.1.0.
Change-Id: I17aaeb3c65b0cb68ffe83cd40d823fe9f8833ce0
Heat does not support TCP binding when running SSL termination.
That means we need to make sure using HTTP is configured in HAproxy
options when SSL is part of binding options, defined by the deployer.
Closes-bug: #1467515
Change-Id: I621c2ee624d3d16394529daa4ca6c96ab1c7a067
https://review.openstack.org/#/c/190464/ introduced a new parameter for
nova::vncproxy with a default value set to http.
To be able to configure vncproxy with https we need to add also a new
parameter in cloud::compute::consoleproxy
Change-Id: I91a85cf22fdbdf762e9a59d8087b32bcedb7e085
In large deployment when we want to launch more than 100 vms at the same time
we reach the maximum of connections in haproxy and MySQL.
This patch increase the default value from 1000 to 4096 and allow to override
this value with Hiera.
Change-Id: I1f0d02c3125ce27266ac1198e32e39b1a34ce670
With a new util, we can validate MongoDB cluster is up and running so
let's use it when configuring Ceilometer DB on Collector nodes.
It makes sure we don't try to configure Ceilometer DB while MongoDB is
not ready.
Change-Id: Iad3c4d152e1536427de0741d3ff16bf7dae724a0
Closes-bug: #1451461
Currently the puppet-trove repository is pointing to an empty (ie. '')
commit in the Puppetfile causing r10k to fail with :
failed while running: Cannot check out unresolvable ref '' at
/etc/puppet/modules/trove
Change-Id: Id37cccf2cb390e5b36acc1ada1b2b7e42eddfaec
Nova DB sync is already managed by puppet-nova so to avoid race
condition when deploying Nova, we should drop the nova_db_sync exec in
this module and let puppet-nova does it job with the right
orchestration.
Change-Id: Ia4d93cf84accd10a22b33f03e041d0c23aecca38
Closes-bug: #1453968
Currently we only use one process for Haproxy. This patch allow to adapt
the number of process of Haproxy to the number of processor.
Change-Id: Id5a211b72c397bb6cef0f81f7759702f65f9e828
Stop to require MongoDB validation (this provider requies MongoDB
working on the same node) so we can install MongoDB nodes outside
Telemetry Collector service.
This patch is a workaround until:
https://github.com/puppetlabs/puppetlabs-mongodb/pull/200
is merged so we can use the code in this module.
See https://review.openstack.org/179824
Change-Id: I80b102c3801efea262e6572fce1f64eb8a9a67ad
Elasticsearch package has been upgrade to 1.4.x in J.1.1.0 and J.1.2.0
(1.0.3 in J.1.0.0) but kibana web interface is not compatible with
elasticsearch 1.4.x or higher if you don't change the configuration on
the service.
Change-Id: I19c1a0b08aa63ca0fad6b1a2c390e13775efa443
Closes-bug: #1451828
Install & configure MySQL database by using utf8_general_ci collation
which is the way documented in OpenStack [1] and already the default
in puppetlabs-mysql [2].
[1] http://goo.gl/GA5gyZ
[2] https://github.com/puppetlabs/puppetlabs-mysql/blob/master/manifests/db.pp#L7
This is affecting Puppetfile to update all modules to stable/juno that
contains this commit.
Also affecting MySQL monitoring database to make sure we have the right
collation.
Also updating puppet-nova manifest for MySQL Slave connection and use
nova::db.
Also updating nova-compute libvirt class.
Change-Id: Ib8ce10949038b915ebd70f1b22ca3c147b7b149b
Allow to pass NFS options when using NetApp as a backend for cinder.
Change-Id: Ieb18350bf92ee354fce1e1e333ae7c616eb8ded5
Closes-Bug: #1444374
Depends-On: I619305890327ed09b0951582f34fe5eab7f8c427
If HAproxy binding is enabled for RabbitMQ service, we need to ensure
queres are replicated and this is done by a specific policy.
Since OpenStack is already tagging queues with rabbit_ha_queues=True
parameter everywhere, we just create the policy and the queues by
themselves.
This is enabled only if HAproxy binding is enabled for now, because the
feature seems required when using RabbitMQ load-balancing. The other
use-case (when using Oslo messaging to failover to another RabbitMQ node)
does not require this policy. If a node is down, OpenStack will fallback
to another RabbitMQ node in the list from parameters.
This patch allows you to configure 'exactly' or 'all' RabbitMQ HA policy modes.
Why using 'exactly' mode ?
To let operators scale up/down the replication accross an exact number
of nodes.
How it works ?
Queue is mirrored to count nodes in the cluster. If there are less than
count nodes in the cluster, the queue is mirrored to all nodes. If there
are more than count nodes in the cluster, and a node containing a mirror
goes down, then a new mirror will be created on another node.
Also change the Puppetfile to have latest commits in puppetlabs-rabbitmq
to have some fix related to rabbitmq_policy provider.
Without this fix, some parameters are not integers but string, and we
need integer.
Closes-bug #1434474
Change-Id: I3f732360f83e10e0ae525573f9afdb7f68475149
When ceph osd are not on same nodes than cinder a keyring permissions
problem appear. With this ordering the problem doesn't appear anymore
and all node get the right permissions for the ceph keyring file.
Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa
puppet-syntax-future job is failing because of a syntax error in the
manifests.
This patch aims to fix it.
Change-Id: Ib471e862bb7a9f735c5c6f045f4c627723dd6c3a
The J.1.2.0 branch of puppetlabs-rabbitmq eNovance fork has a new commit
and the old one changed the ID due to a push -f.
This commits just update the commit ID so we have the right commit and
RabbitMQ will work correctly.
Change-Id: Ib2b8eee1d853880de0802d5b91e14d726d374c9a
Only the swift-nodes need to be tuned according to
https://bugs.launchpad.net/swift/+bug/1075606. And enlarge the local
port range on the controller can overlap with the listening services.
Changing the local range port
We must don't overlap the local range port and the listening ports.
Listening port on swift nodes are around 6800. With a bad ordering or a
restart we can face a already used port problem.
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: I5e875403946a22ec8c5848af259d3afa84db4e35
Ensure filesystem_store_datadir is a directory with nova or glance permissions
before creating the nfs mount.
Change-Id: I06a0d95af3829cd803b0af0ebc52fd17b18ff2b3
Closes-Bug: #1443994
While we don't have HTTP healthcheck in OpenStack [1], let's use
TCP-connection level to validate a service is up and running.
The reason is when "option httpchk" is specified, a complete HTTP request is
sent once the TCP connection is established, and responses 2xx and 3xx
are considered valid.
So given that, OpenStack APIs are responding with 401 or 500, this healthcheck
appears to be self-defeating [2].
Also introduce a new parameter to allow flexible timeout: api_timeout
(beside galera_timeout).
Sources:
[1] http://specs.openstack.org/openstack/oslo-specs/specs/kilo/oslo-middleware-healthcheck.html
[2] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20httpchk
Change-Id: I0121d28daafa2f509162880e9934eb3e08ae4543
Update the database timeouts to higher values to prevent the services
from disconnecting too frequently:
- set the Galera HAProxy timeout to 90 minutes (with parameter)
- set the database_idle_timeout to 5000 seconds (83 minutes) to allow
the services to drop the connection before HAProxy does
- add `on-marked-down shutdown-sessions` to Galera HAProxy balancer
members to allow shutting down sessions when a Galera host goes down.
Change-Id: I62c70c906a009df43acaf172eb27729d5d257b0f
Currently if the Galera master node is rebooted after installation process
a new Galera cluster is build because of the --wsrep-new-cluster present
in the systemd.service file. This commit aims to update this behavior
accordingly.
Closes-bug: #1439197
Change-Id: I3e4c339ea073bd18177bd0625d694ddd0151b14c