We may want to be able to specific different containers at a role level.
This requires switching the container image parameters to be role
specific too allow for role based overrides.
Change-Id: I4090e889a32abd51e7c11139737a7a18e27d18e7
This new linter ensures we don't have any trailing "/" in the container
volume definitions.
Those trailing "/" may create issues with the containers, for instance
for specific mounts such as "/dev"[1].
This patch also takes the opportunity to fix those trailing "/" for the
affected files, in order to start on a clean basis.
[1] https://launchpad.net/bugs/1950176
Change-Id: If951f9643d67574c1225301aab7c9e4b0d316b7f
Related-Bug: #1950176
In analogy to I0b65b2c7878fe5ebd0d7f1a6f2ba8df23f2f0b28
where the memory was limited in the puppet part
Change-Id: I83a245b51dd58457001e82e0ee5b04c1fc6de2ac
to guard nodes from running out of memory.
If there is a connection issue with collectd not being able to
write to event or metrics endpoints, this can lead to accumulating
to large portions of memory. Limiting the memory usage via podman
memory will prevent the container to grow limitless. In case of
using more than 512 MB, podman will restart the container.
Change-Id: I0b65b2c7878fe5ebd0d7f1a6f2ba8df23f2f0b28
DefaultPasswords is supposed to have been removed[1] but there still
exist some leftovers. This change removes all of the remaining usage.
[1] 7f195ff9a81c97469cd3c74d441c28c3b07d34ba
Change-Id: I4cd0076378c3e6b99cec62b0794ce68787256a1b
This simplifies the ServiceNetMap/VipSubnetMap interfaces
to use parameter merge strategy and removes the *Defaults
interfaces.
Change-Id: Ic73628a596e9051b5c02435b712643f9ef7425e3
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
We do not need to add an if: internal_tls_enabled in a number of
ansible tasks. enabled_internal_tls is already defined as an ansible
fact in common/deploy-steps.j2:
enable_internal_tls: {get_param: EnableInternalTLS}
So when the service uses the enable_internal_tls condition and it points
to the EnableInternalTLS param, we can just use the ansible fact
directly. Note that if the enable_internal_tls condition points to
something else than the mere EnableInternalTLS we may not do this
cleanup.
Change-Id: Idb07cbc8fc3a4d73ff52c54d869310fd6c49b502
All heat params have been copied over, there are a bunch
that are used for conditionals.
The outputs and conditionals secions in *-puppet do a lot
of configuration, and provides lists of defaults for
puppet. These will be moved to ansible, role is at [1]
and in tripleo_ansible.
[1] https://github.com/infrawatch/collectd-config-ansible-role
[x] https://github.com/infrawatch/tripleo-collectd-ansible-role
Depends-On: Ib75702bf17a76cae3a811db503d3365e6aacf663
Change-Id: I9939a524795bb3fbc63e44f203f851dadeb7c30a
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
When import_role is used with a condition, the condition is
applied to all tasks in the role. This is inefficient. If we
use include_role instead, then the role inclusion task is
skipped and none of the tasks in the role are even evaluated.
Related-bug: rhbz#1922132
Change-Id: I1b4e26fd4a46599985a989441f493a3ed39237bb
Adding the ability to specifies the private key size
used when creating the certificate. We have defined the
default value the same as we have before 2048 bits.
Also, it'll be able to override the key_size value
per service.
Depends-on: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
Change-Id: Ic2edabb7f1bd0caf4a5550d03f60fab7c8354d65
puppet-qdr expects one of the string values 'yes'/'no' instead of boolean,
so currently listeners cannot be created with SSL enabled. This patch is fixing
this issue.
Change-Id: I2dbafdc417f31eb000fbb469ae2c082cda3a5523
This patch exposes configuration options for setting up collectd
sensubility to use AMQP1 transport. This is primarily for
compatability with the Service Telemetry Framework.
Change-Id: Id74eb494e022e88f0a1d5c1044d3a7a283b5178f
Depends-On: https://review.opendev.org/#/c/758482/
to limit the queue length and to ignore data added
earlier to the queue, when there is no remote to
connect to. This will limit the memory usage of
this plugin. By default, the memory may grow until
it runs out of memory.
Depends-On: https://review.opendev.org/756365
Change-Id: Ie2db4b7487f9a8eaa7152b1b7984c52016219ed5
This patch removes regression which was introduced by moving from systemd
health check framework to built-in podman health check support.
Change-Id: I1706e04b543e8c9ff3903a9575b7c2cd74b9a0b3
This patch contains following fixes to have rsyslog configured properly:
- Don't use default startmsg.regex for QDR
- Fixed log path for pacemaker service
Change-Id: I2220ba108296475a49eebdc3ceec27208d201b0d
The collectd-libpod-stats plugin requires additional libpod volumes to
be mounted into the collectd contianer in order to find and track running
containers. This mounts the only additional volume necessary
Change-Id: I0f3fb05d8295f8707ad041debb250f255d20626f
Signed-off-by: pleimer <pfbleimer@gmail.com>
Now that the FFU process relies on the upgrade_tasks and deployment
tasts there is no need to keep the old fast_forward_upgrade_tasks.
This patch removes all the fast_forward_upgrade_tasks section from
the services, as well as from the common structures.
Change-Id: I39b8a846145fdc2fb3d0f6853df541c773ee455e
There is no real value using /var/run instead of /run, especially since
/var/run is a symlink to /run.
This patch also removes duplicated mounts due to this very symlink.
Change-Id: Iaced2ba676a4e4f651c67da082797cc1c1ffccd1
Adding a new parameter, CollectdEnableMcelog (False by default) is set
to True, a new host prep task will include the new
"tripleo_provision_mcelog" role to configure the mcelog service on the
host where the collectd container is running.
Depends-On: https://review.opendev.org/730409
Change-Id: Ia2280092abb0d769a92994ad337ed2b583f54175
Some parameter values of the MetricsQdr service used "metrics-qdr"
and some "metrics-qdr". This patch unifies to the one with underscore.
Change-Id: I9767953383a82f8baa50289e88ba279798bbfe92
In [0] it was changed the type of some of the ports
used in the service. The template needs to be adapted
to be able to work correctly.
[0] - https://github.com/voxpupuli/puppet-collectd/commit/d7b79c
Change-Id: Ied613222a593566634c69fd63f891f0ac1497f86
Related-Bug: #1871086
Almost every single tripleo service creates a persistent directory. To
simplify the creation, a with_items structure was being used. In which
many times, the mode option was being set. However, that mode option
was not taken into account at the time of creating the file. As a
consequence, the directory was being created with its father directory
rights, instead of the ones being passed in the template.
Change-Id: I215db2bb79029c19ab8c62a7ae8d93cec50fb8dc
Closes-Bug: #1871231
Current puppet modules uses only absolute name to include classes,
so replace relative name by absolute name in template files so that
template description can be consistent with puppet implementation.
Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a