openstack/tripleo-heat-templates
Code Issues Proposed changes
bf906d75a9
tripleo-heat-templates/puppet/services/rabbitmq.yaml
John Eckersberg ef582bfc6a Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 seconds 
This should be greater than the default value of
corosync_token_timeout, which is 10 seconds.  That way, if an entire
cluster node is unavailable, appropriate fencing measures can occur.

With the current settings, it is possible for brief network
interruptions, greater than 5 seconds, but less than 10 seconds, to
occur.  This can cause the RabbitMQ cluster to fail in subtle ways,
but no corrective action taken by pacemaker.

Change-Id: I735d43616c5c623c4398d924713012f595b2e5f9
2017-07-19 11:28:39 -04:00

167 lines
6.0 KiB
YAML
Raw Blame History

heat_template_version: pike
description: >
RabbitMQ service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitFDLimit:
default: 65536
description: Configures RabbitMQ FD limit
type: string
RabbitIPv6:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
RabbitCookie:
type: string
default: ''
hidden: true
RabbitHAQueues:
description:
The number of HA queues to be configured in rabbit. The default is -1 which
translates to "ha-mode all". The special value 0 will be automatically
overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
default: -1
type: number
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
type: string
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the RabbitMQ role.
value:
service_name: rabbitmq
monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
config_settings:
map_merge:
-
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
rabbitmq::default_pass: {get_param: RabbitPassword}
rabbit_ipv6: {get_param: RabbitIPv6}
tripleo.rabbitmq.firewall_rules:
'109 rabbitmq':
dport:
- 4369
- 5672
- 25672
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: '5672'
rabbitmq::package_provider: yum
rabbitmq::package_source: undef
rabbitmq::repos_ensure: false
rabbitmq::tcp_keepalive: true
rabbitmq_environment:
NODE_PORT: ''
NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"'
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
rabbitmq_kernel_variables:
inet_dist_listen_min: '25672'
inet_dist_listen_max: '25672'
rabbitmq_config_variables:
cluster_partition_handling: 'pause_minority'
queue_master_locator: '<<"min-masters">>'
loopback_users: '[]'
rabbitmq::erlang_cookie:
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: '5672'
rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
rabbitmq::ssl_interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
# TODO(jaosorior): Remove this once we set a proper default in
# puppet-tripleo
tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS}
-
if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::profile::base::rabbitmq::certificate_specs:
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
service_key: '/etc/pki/tls/private/rabbitmq.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
principal:
str_replace:
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
- {}
step_config: |
include ::tripleo::profile::base::rabbitmq
upgrade_tasks:
- name: Stop rabbitmq service
tags: step2
service: name=rabbitmq-server state=stopped
- name: Start rabbitmq service
tags: step4
service: name=rabbitmq-server state=started
metadata_settings:
if:
- internal_tls_enabled
-
- service: rabbitmq
network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
type: node
- null
View Git Blame Copy Permalink