This allows openstacklib::defaults to be inherited by each component
module avoiding duplicating the logic currently required when setting
this for the various base distrobutions.
Change-Id: I84b767921d151a61429b2c89e6372c4b447f0d7d
Adds a message that Puppet 4 is deprecated as of
this release, is minimally tested and will be
officially unsupported in the next release.
Change-Id: I5fbd87fc179ee80a749bad02764f129420330f5c
When the system-wide umask setting is more restrictive than the
default setting, the wsgi script directory permissions may not allow
the apache process to access them, resulting in errors.
A similar fix was applied to Keystone some time ago, see [1].
[1] - 4f15fb64b1
Change-Id: Ie9769657dc530bc895a3119b3e458864a8b5f293
We only test and support Puppet 4 and Puppet 5
now and this parameter to the Package resource
defaults to true in these versions making this
unneccesary.
Change-Id: I1459cf5382cd3090c051b25c884399d5cf37d264
To be able to pass OS_PASSWORD=, we need the environment param
to be added to this class.
Needed-By: I8ab8a2c7bb1d93d6fb9d16eabd3a1112b1e1237b
Change-Id: If10b57a38c61cadca48e1e3c1e76d659397849fb
This change adds support for installing the
python3-openstackclient package on Debian.
On Ubuntu and RedHat based the package name
is still python-openstackclient.
Change-Id: I8a0c5dfa9274dca167ad3bb33ab151fb693f5d4d
This patch adds a new parameter named custom_wsgi_script_aliases
to the openstacklib::wsgi::apache class. This can be used to specify
extra WSGI script alias statements for the apache::vhost resource
which is merged with the default one calculated using $path,
$wsgi_script_dir and $wsgi_script_file.
This is the final piece to be able to move keystone::wsgi::apache
over to using openstacklib::wsgi::apache.
Change-Id: I31096140a6f355ec99496053fb06ce6c73094180
This patch adds the params that keystone currently
supports to openstacklib::wsgi::apache so we can move
keystone::wsgi::apache to using this and not drop
any existing available options.
Change-Id: Ifb988fedce958d2607365634efeccf2d7b88d073
With the move of existing policy.json files into code, the file may no
longer be shipped by packaging. The json augeas lens requires that the
file exist or it fails. This change adds a file resource to ensure the
file exists with a basic json construct prior to managing the contents
with augeas.
Change-Id: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Related-Bug: #1742154
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.
Change-Id: I5e7d3588b7b3b106813d6d37b55aa812273d04d6
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
Change-Id: I09b4dfa0873c5a086d4492a7e2ebb72460e507c9
2017-07-20 14:41:23.253791 | manifests/db/mysql/host_access.pp:52:WARNING: arrow should be on the right operand's line
2017-07-20 14:41:23.253911 | manifests/db/mysql/host_access.pp:62:WARNING: arrow should be on the right operand's line
2017-07-20 14:41:23.253949 | manifests/policy/base.pp:43:WARNING: arrow should be on the right operand's line
2017-07-20 14:41:23.253987 | manifests/service_validation.pp:94:WARNING: arrow should be on the right operand's line
Change-Id: I4cee893ae8f2e430149e2cd56b2e9d9d592a75d5
When we switched to the collector as part of
Id09c3358c5843510e6a2a8c0e2d4aeb3607e098b this included using name ==
'httpd' but the package name is different between RHEL/Ubuntu so it
needs to be title == 'httpd' because the title[0] is fixed to be 'httpd'
[0] https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/package.pp#L32
Change-Id: I9d535ab38afea852559df2b3073bd4b74a2a3947
The latest version of puppet now reports these as catalog failures so
this change removes the unnecessary references and the references
should be updated.
Change-Id: Id09c3358c5843510e6a2a8c0e2d4aeb3607e098b
Closes-Bug: #1702964
if wsgi_script file is a symlink to another file (eg.
in a virtual environment) the file resource copied the
symlink instead of creating a new file.
This patch ensures, that symlinks are followed and a
ordinary file is created instead of copying the symlink.
Change-Id: I53e59dbfb8810a519fce24e1e381e0f83c5a1c29
This enables us to set several TLS requirements for the users created
by the host_access resource.
Change-Id: If550f184f85f8fdbc197fc9f930d4446de67090a
when ceilometer api is deployed in httpd, however
the process name is like '/usr/sbin/httpd -DFOREGROUND',
it is ambiguous and make monitoring more difficult.
the aodh, gnocchi module are also like that.
so we should set an appropriate name for wsgi process.
Change-Id: I5e8c9be062a88e9ed6442e6cbce6573fba385030
Related-Bug: #1626550
Previously if you wanted to use the openstack::db::mysql for to create a
database and use the same user for multiple databases, the catalog would
fail due to a duplicate mysql_user definition. This change adds the
ability to disable the user creation as well as the grant if the user
does not need it.
Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40
Related-Bug: 1649341
This sets the WSGIChunkedRequest setting in the vhost, which is
something that services like glance need when running over httpd.
Change-Id: I1c8816e9e5a9a38a3a86f3c0c5016df18f09ea62
This patch changes the default worker count from ::processorcount to the
new ::os_workers fact. ::os_workers is based on the number of processors
(currently cpu/4) but is capped at a maximum of 8 worker processors.
This is a much more reasonable default in general and prevents excessive
resource consumption on systems with a large number of CPUs.
Change-Id: I458791aa8027cffeeec49698b302cb96ae5af2e2
This will allow to run the service_validation on demand when required
from a notification, for example.
Change-Id: I18ea45f39cd7f4930de4916d658653d22d8530b3
The default exec timeout in puppet is 300 seconds, this can be a
very long while on services that do not return immediately.
With default values, a command that never returns we're looking at
10*300 seconds (or 50 minutes).
Let's default to something more reasonable, 60 seconds, and also
make it configurable.
Change-Id: I53bd4935fbbb3a86ac1ad522a0f3d8f017151dd0
Removing puppet-lint warnings
in favor of upgrading to latest gem
2016-09-13 21:12:33.947117 | manifests/db/postgresql.pp:37:WARNING: line has more than 140 characters
Change-Id: If40b8e5874c791e0a94bd634c09768c77f0c2d93
When validating a service, it's useful to have logs when exec output
fails.
This patch adds this feature.
Change-Id: I43c9eff8516ea562bf9bde8d5651ddceeb496163
Without this, some OpenStack services will return invalid URLs if
you are using SSL termination at a proxy in front of the service.
Change-Id: I3ee6b5838f4703e3b8b1b6632dd45c94057b2202
Closes-Bug: 1597935
This file is to be included by all puppet modules.
First feature is to make sure that allow_virtual is set to true for all
openstack modules. It's set to false for puppet 3.6.1 to
4.0.0 [1]
[1] https://docs.puppet.com/puppet/3.6/reference/release_notes.html#puppet-361
Change-Id: I9d0a10d48124ee71ea80134ceef96436c8ee196e
Closes-Bug: 1599113
Related-Bug: 1597753
Depends-On: I2699eaa3a10589c9a0c680bb1de489994fe01b67
Mysql puppet providers apply downcase method for hostnames, that
lead us to errors when we use hostnames with upper-case letters.
Change-Id: I0da9e9aac3504d3defdfbb8b916ae7e9ae2339db
Closes-Bug: 1584247
On debian os family systems the methodology is to
start services when installed. This causes a problem
with keystone sometimes at random in CI jobs.
Change-Id: Id0b38743a9bf536f69d155e1d6e664a5585e5e1d
python-openstackclient is used by a few other classes, so switch to
ensure_resource to avoid duplicate package declarations.
Partial-Bug: #1523643
Change-Id: I437b266344cf6ace683379c1999fc08fbdee756c
It's recommended to use WSGIApplicationGroup and WSGIPassAuthorization
options when a service is running under Apache.
Change-Id: Ia6bacab44c1d25f0253c84183f4a561d7682c6e8
Add possibility to pass custom_fragment to apache::vhost
in order to provide lines, that are not supported by module.
(for example LimitRequestFieldSize for keystone)
Change-Id: Ib199dc75c17de0bcdc385afcc33cb3854668a1b2
Mysql server is referenced however not included in this file which
causes problems if you have not already included it.
Change-Id: I833c357cb536b5e1f423dceb89d61530b32a4ee6
Closes-Bug: #1472837
'owner' is not a valid option for the WSGIDaemonProcess directive. The
correct option is 'user' [1]. Trying to set 'owner' causes the service
to be unable to start. This patch corrects that option name.
[1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess
Change-Id: I907fbcb48db823ea8f5caca4496efaaa456ef69c
