39 Commits

Author SHA1 Message Date
ramishra
c9991c2e31 Use 'wallaby' heat_template_version
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
 e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.

Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
2021-03-31 17:35:12 +05:30
ramishra
b4203a30eb Change all *Debug parameter types to boolean
This changes all these parameters as heat would correctly
parse all values. Also, drops all yaql shenanigans
used for their handling and heat conditions.

Also fixes wrong usage of non-existent NeutronWrapperDebug
parameter in ovn-metadata-container-puppet.yaml.

We had converted all ``Debug`` parameters to boolean with
Ib6c3969d4dd75d5fb2cc274266c060acff8d5571.

Change-Id: Ia2bffffde34aa248a4cc60c3895464f1f9d1ded2
2021-03-30 08:29:10 +05:30
ramishra
cc5eb81771 Optimize conditions for TLS support
In 1ceb521805875b41ebfafb1ff7a862df4df6fd16 we added these and
can be simplified as they are are boolean parameters to get
rid of the redundant heat intrinsic functions.

Change-Id: I3851187c83965db5ecafcc945bff1fe3a5aa9ff4
2021-03-19 16:07:05 +05:30
Zuul
b2d49f6e39 Merge "Add TLS support to services using memcached" 2021-03-18 05:15:23 +00:00
Grzegorz Grasza
1ceb521805 Add TLS support to services using memcached
This patch enables TLS connections to memcached in services which
support it. Specifically the settings are consumed by swift's internal
memcached client through puppet-swift; or oslo.cache, through
puppet-ceilometer, puppet-keystone, puppet-nova, puppet-heat
and puppet-oslo.

Depends-on: https://review.opendev.org/772685
Depends-on: https://review.opendev.org/761605
Depends-on: https://review.opendev.org/764764
Depends-on: https://review.opendev.org/764763
Depends-on: https://review.opendev.org/765100
Change-Id: Ic77ed56c32c7071ce126a1528030094b97894653
2021-03-16 15:28:49 +01:00
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
Michele Baldessari
48d0e4d9b6 Notification drivers need to be a list
Convert the NotificationDriver to a comma_delimited_list.
This will still not break existing templates because passing
a string is still completely valid. This is done so that the hiera keys
will be passed down as lists.

The oslo::messaging::notifications::driver expects a list anyway so this
won't break things and will allow us to actually specify multiple
notification drivers correctly. The change that allowed
oslo::notifications to use both strings and lists is
If65946412b42e0919456ed92fdd8e3788ad67872 (Messaging notifications
should be set as a list)

Related-Bug: #1851629

Change-Id: I24c860cd3121e5c307233864818ca86967ff6d72
2020-12-18 11:26:15 +00:00
Oliver Walsh
bf7ef6b4d7 Set toplevel nova::dhcp_domain for all nova services
Setting nova::metadata::dhcp_domain will no longer work unless nova::metadata
is included.
Since I07caa3185427b48e6e7d60965fa3e6157457018c we no longer include
nova::metadata on computes.
So we must now set nova::dhcp_domain in nova-base instead of relying on the
deprecated nova::metadata::dhcp_domain param.

Closes-bug: #1905418
Depends-on: I98fe83e0c245388944529cd19b5e2bbed134e855
Change-Id: Iaf7823ea8d456008c1f4a3d7631657faa65eb6d3
2020-12-04 09:20:54 +00:00
Oliver Walsh
9d82364de8 Refactor nova db config
It is best to avoid placing db creds on the compute nodes to limit the
exposure if an attacker succeeds in gaining access to the hypervisor
host.

Related patches in puppet-nova remove the credentials from nova.conf
however the current scope of db credential hieradata is all nova tripleo
services - so it will but written to the hieradata keys on compute
nodes.

This patch refactors the nova hieradata structure, splitting the
nova-api/nova database hieradata out into individual templates and
selectively including only where necessary, ensuring we have no db
creds on a compute node (unless it is an all-in-one api+compute node).

Depends-On: I07caa3185427b48e6e7d60965fa3e6157457018c
Change-Id: Ia4a29bdd2cd8e894bcc7c0078cf0f0ab0f97de0a
Closes-bug: #1871482
2020-11-18 12:22:48 +00:00
Takashi Kajinami
a2324ccac8 Cleanup unused parameters from nova templates
This patch removes the parameters in nova templates, which has had
no effect recently. This also removes the unused ContainerCli in
parameter definitions.

Change-Id: I173e5ae5a377d633dddce185dff11ea7e2f3bada
2020-10-27 13:47:44 +09:00
Takashi Kajinami
afc0b731e0 Disable notification from services by default
Currently we disable Telemetry services like Ceilometer by defaut,
which means that we don't have any consumers for notification messages.
So NotificationDriver should be set as noop by default so that we don't
have unconsumed messages in notification queues.

Change-Id: I1d05749c94bd58ad4badafa7d9755009cb4b64af
Closes-Bug: #1869355
2020-09-30 09:51:08 +09:00
Takashi Kajinami
6a504c03fb Add EnableCache option to enable/disable usage of memcache
Depends-on: https://review.opendev.org/#/c/725020/
Change-Id: Id92c13a591f64b1084cbe4c48f2879d791f66cfe
2020-05-03 00:50:24 +09:00
Oliver Walsh
e6e5355249 Fix NovaCrossAzAttach hiera key
Ib15e305e34a3fddfc6f50986d2e27b6da815bd19 which added NovaCrossAzAttach did
not set the correct hiera key.

Change-Id: I88ce36cdd0eeb74cf8138a1379a2618e9fd32307
2020-04-21 11:11:55 +01:00
Oliver Walsh
f5bcd0acfc Add NovaCrossAZAttach parameter
Adds a parameter to set [cinder]/cross_az_attach in nova to control whether
instances can attach cinder volumes from a different availability zone.
Defaults to true.
Set to false in DCN sample environment files as block I/O between sites would
be extremely slow (if it functions at all).

Change-Id: Ib15e305e34a3fddfc6f50986d2e27b6da815bd19
2020-04-20 18:00:45 +01:00
Takashi Kajinami
2945ed7847 Define nova::cache parameters in tht
Migrate parameter definitions for nova::cache module from
puppet-tripleo to tht, so that we can be less dependent on puppet
to set configurable items.

Change-Id: I546c30363ae0aa7bcc057e629f76dfb74cbec6d8
2020-04-04 09:47:02 +09:00
Alexey Stupnikov
ebfe7897af Remove Nova parameters that are no longer used
Since Train release several puppet classes were removed
from puppet-nova. At the same time, some of them are
still defined in tripleo heat templates.

- nova::use_ipv6 was used to configure IPv6 for nova-network.
  DEFAULT/use_ipv6 nova configuration option was deprecated
  in Ocata release and removed from puppet-nova in Train
  release. Setting this parameter in THT no longer affects
  anything.
- nova::compute::neutron::libvirt_vif_driver seems like an
  artifact: though it was removed from puppet-nova only in
  Train release, actual nova configuration parameter was
  deprecated in IceHouse and hard-coded in Juno.

Puppet-nova change id: I6f7fde1f475acec82bafc66183211f317b4c7795

Change-Id: Ia269193f1f5215612165a2a0228bf4d1859b7b1e
Closes-Bug: #1869528
2020-03-28 22:07:33 +01:00
Zuul
f5587335c8 Merge "Override nova's glance endpoint only when necessary" 2020-03-02 20:21:22 +00:00
Takashi Kajinami
b7ee703964 Use short prameter names for nova::network::neutron
Depends-on: https://review.opendev.org/#/c/709371
Change-Id: If8a3d0a6db1b2950191ab62bdcfd7d2f12935de1
2020-02-24 21:47:35 +09:00
Alan Bishop
cda3c9b340 Override nova's glance endpoint only when necessary
nova::glance_api_servers is deprecated because the corresponding nova
parameter is deprecated. There is a new nova::glance_endpoint_override,
but it should be set only in situations where the intent is to *not*
use ksa to discover glance's endpoint. For example, in a DCN/Edge
deployment, we override the endpoint to force nova to use the glance
service running at the edge site.

Change-Id: I42af3e39da76ae94ca7bbf2797f776c28a75f7e7
Depends-On: Ib7fac4f37ef02d8f577abc98e4cc78b750caba54
2020-02-18 10:52:20 -08:00
Martin Schuppert
f4a4b236cf New Parameter NovaCronArchiveDeleteAllCells and NovaCronArchiveDeleteRowsAge
Introduces two new parameters to configure the archive deleted
instances cron job.
1) NovaCronArchiveDeleteAllCells
To make sure deleted instances get archived also from the cell0
in a single cell deployment and also in additional cell databases
in case of a multi cell deployment.

2) NovaCronArchiveDeleteRowsAge
--before is required to prevent the orphaning of libvirt guests
if/when nova-compute is down when a db archive cron job fires.

This change also modifies
1) the default from 100 to 1000 for NovaCronArchiveDeleteRowsMaxRows
to match the default from the nova-manage command instead the default
of 100 from the puppet-nova parameter.

2) changes the default for NovaCronPurgeShadowTablesAllCells from
false to true also the nova-manage db purge command needs to run
for all cells instead of only the default cell.

Depends-On: https://review.opendev.org/696900
Depends-On: https://review.opendev.org/697299

Change-Id: I91cb1e16f65b23117235d4eac76f03748b47e926
2019-12-10 11:21:09 +01:00
Mike Bayer
4bee12fea1 Add SQLAlchemy-collectd support
The SQLAlchemy-collectd plugin is now shipped in podman
containers under Kolla, this allows heat templates
to pull the plugin into the collectd configuration when
the collectd templates are being used.

A corresponding change in puppet-tripleo under the same change-id
adds support to enable the plugin on the puppet side.

The feature can be enabled for an overcloud by adding:

    EnableSQLAlchemyCollectd: true

to the heat configuration while also including one of the
collectd templates from environments/metrics.

The implementation requires that Openstack services which make
use of SQLAlchemy include directives for the plugin within
the SQLAlchemy URL, so this incurs a change in all templates
that include a MySQL database URL.

Change-Id: If598da717653a383a2d3b3373c56517f8bca832f
2019-10-11 10:16:30 -04:00
Rajesh Tailor
5066737451 Add new role parameters for cpu/ram/disk allocation ratio
This change adds three new role parameters `NovaCPUAllocationRatio`,
`NovaRAMAllocationRatio` and `NovaDiskAllocationRatio` for
configuring cpu_allocation_ratio, ram_allocation_ratio and
disk_allocation_ratio.
The default values for CPU and Disk allocation ratio are taken
as 0.0 as it will be updated by update_available_resource method
as mentioned in [1].
[1] https://specs.openstack.org/openstack/nova-specs/specs/stein/implemented/initial-allocation-ratios.html

Change-Id: Ia3c62668b0c1469e31aa8cd2c984b460eb06d970
2019-08-19 17:29:20 +05:30
Zuul
6ce0d65798 Merge "Configure Max Delay for purge job about shadow tables in nova" 2019-08-16 18:03:20 +00:00
Zuul
d305632788 Merge "Enable service token in nova and cinder" 2019-08-07 04:27:22 +00:00
Zuul
55367ac0f5 Merge "Revert "Also set nova::network::neutron::dhcp_domain"" 2019-07-19 10:58:00 +00:00
Takashi Kajinami
9dfdc9ef69 Enable service token in nova and cinder
This patch enables service token feature in nova and cinder, which
can be used to avoid problems in inter-component request caused by
token expiration for long running tasks.

Depends-on: https://review.opendev.org/#/c/666467/
Depends-on: https://review.opendev.org/#/c/666471/
Depends-on: https://review.opendev.org/#/c/666746/
Depends-on: https://review.opendev.org/#/c/670424/
Change-Id: I0ada9fc8e7e919a763ef4f524449265963264fc0
2019-07-12 10:37:52 +09:00
Martin Schuppert
29aed4d33a Revert "Also set nova::network::neutron::dhcp_domain"
This reverts commit 12aaf4b54c7dfe2e5e3044882af78bb340a5d63c.

Change-Id: I8b797d402657d18669f6c3c28d822605ce7e1035
2019-07-11 13:28:49 +00:00
Takashi Kajinami
5d1a01429b Configure Max Delay for purge job about shadow tables in nova
Recently we have a cron job to purge records in nova shadow tables.
This cron job runs on all controller nodes, but as all controllers
have configuration to run the job at the really same time, which
can result in db lock timeout or db spike.

This patch makes sure that we set a default value to Max Delay
parameter for the cron job, to avoid the problem caused by the
collision.

Change-Id: Id372ce98d8ba761ef313bd90a406737250503cab
2019-06-26 08:06:29 +09:00
Takashi Kajinami
ea24b7820a Remove duplicated parameters about nova db archive
Perviously we have duplicated parmaeters about nova db archive,
NovaCronDBArchived* and NovaCronArchiveDeleteRows*, which do not
work properly as they conflict with eatch other.

This patch removes the duplication and make tht to have only
NovaCronArchiveDeleteRows.

Change-Id: I45c30a7ee5cbea64daac3c6082dd58a073da910e
2019-06-21 11:22:24 +09:00
Zuul
04face0ceb Merge "Remove extraneous references to RpcXXX parameters" 2019-06-15 05:11:01 +00:00
Alan Bishop
06d6fb3bde Remove extraneous references to RpcXXX parameters
Remove references to RpcPort, RpcUserName, RpcPassword and
RpcUseSSL from all templates that do not actually use the parameter.

Change-Id: I295a7ae93feda24a179a53158ecfc633721bcd59
2019-06-14 08:12:32 -04:00
Zuul
dbfdaf4465 Merge "Configure the region-related settings for core components" 2019-06-14 12:11:10 +00:00
12aaf4b54c Also set nova::network::neutron::dhcp_domain
https://review.opendev.org/#/c/659394 set dhcp_domain
config with metadata manifest, but still nova hosts have dhcp_domain
set to default i.e. novalocal. Until it's clear why api/dhcp_domain
set in nova_metadata volume is not entertained by nova, let's set
nova::network::neutron::dhcp_domain also to ''.

Partial-Bug: #1832537
Change-Id: Ica532e7fe2c4578ec273855cb69179864f4746b4
2019-06-12 21:30:32 +05:30
Alex Schultz
a6ba0bcf36 Cleanup deprecated nova options
Some of the nova::network::neutron options are deprecated and are being
removed. Let's cleanup these options.

Depends-On: https://review.opendev.org/#/c/660741/
Change-Id: I28bfbd7881ef4f386aa3207b017323c989e4563d
2019-06-07 19:16:37 +00:00
Gauvain Pocentek
fa1a6111e3 Configure the region-related settings for core components
These settings become mandatory in a multi-region deployment.

Updated settings for cinder, glance, heat, neutron and nova.

Change-Id: I15aa7ec663da4e29e935b5c4b5819307977f5682
2019-06-04 14:27:16 +02:00
Lee Yarwood
63c4518693 nova: Remove the NovaPlacement service
Deprecated by Ic904aba7c19eda0a0a22dd2d13b9d4182b4595c4 the service can
now be removed in Train.

Change-Id: Ic1d59f93f930f093164ac294730a5cbb08a5bded
2019-04-26 17:33:09 +02:00
Lee Yarwood
555178160b placement: Introduce an extracted PlacementAPI service
This change introduces an optional extracted version of the Placement
service into TripleO. This extracted version will only be required once
the Placement service is fully removed from Nova during the T cycle
(previously S but delayed) at which point the corresponding
NovaPlacement service will also be removed from TripleO.

The majority of this change is code motion between the original
NovaPlacement service and the new PlacementAPI service.

Upgrades from the original NovaPlacement service to the extracted
PlacementAPI service are not currently supported by this change and will
be worked on independently during the Train cycle.

Co-authored-by: mschuppert@redhat.com

Depends-On: https://review.openstack.org/#/c/624335/
Change-Id: I9e3287bcbe9d317f32bf6b468c6ee17f04b6fff9
2019-04-18 17:34:06 +02:00
Andrew Smith
405366fa32 Deprecate messaging params replaced by global oslo params
Depends-On: I03900b39ab257a9563db37e403254b54f846c056
Change-Id: Ib55c72c0bab9aa0ffc05752a680f573cc351ae17
2019-03-28 12:13:07 -06:00
Jill Rouleau
acb61d2c18 step4: flatten nova service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration.

Change-Id: I9bd5c9f007d9f69d7310cdd0106bcc923c1b0acd
2019-02-20 14:28:20 -07:00