From 91f77b7df07d6ca85f6a32707368d25ac39d7f13 Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Tue, 14 Apr 2015 09:29:14 -0400 Subject: [PATCH 1/5] Changing who is affected by the sysctl tunning Only the swift-nodes need to be tuned according to https://bugs.launchpad.net/swift/+bug/1075606. And enlarge the local port range on the controller can overlap with the listening services. Changing the local range port We must don't overlap the local range port and the listening ports. Listening port on swift nodes are around 6800. With a bad ordering or a restart we can face a already used port problem. Co-Authored-By: Emilien Macchi Change-Id: I5e875403946a22ec8c5848af259d3afa84db4e35 (cherry picked from commit 9267538fc81b73ffa574cf873b9e5fc96b629bc1) --- manifests/object.pp | 2 -- manifests/object/storage.pp | 2 ++ manifests/object/tweaking.pp | 2 +- spec/classes/cloud_object_storage_spec.rb | 4 ++++ 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/manifests/object.pp b/manifests/object.pp index 0ad00e70..d7d9e917 100644 --- a/manifests/object.pp +++ b/manifests/object.pp @@ -30,6 +30,4 @@ swift_hash_suffix => $swift_hash_suffix, } - class {'cloud::object::tweaking': } - } diff --git a/manifests/object/storage.pp b/manifests/object/storage.pp index 5d755943..ae19ef7a 100644 --- a/manifests/object/storage.pp +++ b/manifests/object/storage.pp @@ -75,6 +75,8 @@ include 'cloud::object' + include 'cloud::object::tweaking' + class { 'swift::storage': storage_local_net_ip => $storage_eth, } diff --git a/manifests/object/tweaking.pp b/manifests/object/tweaking.pp index 17f54f42..ff5e552b 100644 --- a/manifests/object/tweaking.pp +++ b/manifests/object/tweaking.pp @@ -22,7 +22,7 @@ 'net.ipv4.tcp_tw_recycle' => { value => 1 }, 'net.ipv4.tcp_tw_reuse' => { value => 1 }, 'net.ipv4.tcp_syncookies' => { value => 0 }, - 'net.ipv4.ip_local_port_range' => { value => "1024\t65000" }, + 'net.ipv4.ip_local_port_range' => { value => "10000\t65000" }, 'net.core.netdev_max_backlog' => { value => 300000 }, 'net.ipv4.tcp_sack' => { value => 0 }, } diff --git a/spec/classes/cloud_object_storage_spec.rb b/spec/classes/cloud_object_storage_spec.rb index 766e2121..f62605ac 100644 --- a/spec/classes/cloud_object_storage_spec.rb +++ b/spec/classes/cloud_object_storage_spec.rb @@ -39,6 +39,10 @@ 'storage_local_net_ip' => '127.0.0.1', }) + is_expected.to contain_sysctl('net.ipv4.ip_local_port_range').with( + :val => "10000\t65000", + ) + is_expected.to contain_swift__storage__server('6000').with({ 'type' => 'object', 'config_file_path' => 'object-server.conf', From 736587a8781f5b286548cdfbf4a399423f1a1e71 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Sat, 25 Apr 2015 13:39:14 -0400 Subject: [PATCH 2/5] Fix errors in puppet-syntax-future puppet-syntax-future job is failing because of a syntax error in the manifests. This patch aims to fix it. Change-Id: Ib471e862bb7a9f735c5c6f045f4c627723dd6c3a (cherry picked from commit 5e07f511b4dbe979745751ac30b4347209467d2d) --- manifests/database/sql/mysql.pp | 2 +- manifests/network.pp | 2 +- manifests/network/controller.pp | 2 +- manifests/network/vswitch.pp | 2 +- spec/classes/cloud_network_vswitch_spec.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 7ec08364..0c1d67e6 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -417,7 +417,7 @@ } } # Debian default: { - err "${::osfamily} not supported yet" + fail("${::osfamily} not supported yet") } } diff --git a/manifests/network.pp b/manifests/network.pp index 0b16f7bc..b4873ab7 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -89,7 +89,7 @@ $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp index 5e138999..cb79f6c7 100644 --- a/manifests/network/controller.pp +++ b/manifests/network/controller.pp @@ -259,7 +259,7 @@ } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp index 10d663d6..0a00ce6c 100644 --- a/manifests/network/vswitch.pp +++ b/manifests/network/vswitch.pp @@ -215,7 +215,7 @@ } default: { - err "${driver} driver is not supported." + fail("${driver} driver is not supported.") } } diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb index 6078ad50..d101b76e 100644 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ b/spec/classes/cloud_network_vswitch_spec.rb @@ -133,7 +133,7 @@ before :each do params.merge!(:driver => 'Something') end - it { should compile.and_raise_error(/Something plugin is not supported./) } + it_raises 'a Puppet::Error', /Something driver is not supported./ end context 'with default firewall enabled' do From d7bd36ae0bc67fd19873341cea83186051bee934 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 5 May 2015 12:20:56 -0400 Subject: [PATCH 3/5] logging: enable HTTP CORS for fluentd ES instance Elasticsearch package has been upgrade to 1.4.x in J.1.1.0 and J.1.2.0 (1.0.3 in J.1.0.0) but kibana web interface is not compatible with elasticsearch 1.4.x or higher if you don't change the configuration on the service. Change-Id: I19c1a0b08aa63ca0fad6b1a2c390e13775efa443 Closes-bug: #1451828 (cherry picked from commit e22400fb45f04fff4756fc1e2dd056e28701279e) --- manifests/logging/server.pp | 7 ++++++- spec/classes/cloud_logging_server_spec.rb | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/manifests/logging/server.pp b/manifests/logging/server.pp index b7bb7c89..bca3a9ad 100644 --- a/manifests/logging/server.pp +++ b/manifests/logging/server.pp @@ -40,7 +40,12 @@ include ::kibana3 include cloud::database::nosql::elasticsearch include cloud::logging::agent - elasticsearch::instance {'fluentd' : } + + # Elasticsearch 1.4 ships with a security setting that prevents Kibana from connecting. + # We need to allow http cors in fluentd instance. + elasticsearch::instance {'fluentd' : + config => { 'http' => { 'cors.enabled' => true } } + } @@haproxy::balancermember{"${::fqdn}-kibana": listening_service => 'kibana', diff --git a/spec/classes/cloud_logging_server_spec.rb b/spec/classes/cloud_logging_server_spec.rb index c00485e4..f66e7036 100644 --- a/spec/classes/cloud_logging_server_spec.rb +++ b/spec/classes/cloud_logging_server_spec.rb @@ -39,7 +39,9 @@ end it 'configure an elasticsearch instance' do - is_expected.to contain_elasticsearch__instance('fluentd') + is_expected.to contain_elasticsearch__instance('fluentd').with( + :config => { 'http' => { 'cors.enabled' => true } } + ) end context 'with default firewall enabled' do From 5eec4311548c726c31be9c8585b36346780a2146 Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Thu, 23 Apr 2015 08:36:57 -0400 Subject: [PATCH 4/5] Fix ceph keyring permissions When ceph osd are not on same nodes than cinder a keyring permissions problem appear. With this ordering the problem doesn't appear anymore and all node get the right permissions for the ceph keyring file. Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa (cherry picked from commit a29ff731533b45ca65d6a82b90d90f376fa468af) --- manifests/compute/hypervisor.pp | 22 +++++++++---------- manifests/volume/backend/rbd.pp | 14 +++++------- spec/classes/cloud_compute_hypervisor_spec.rb | 5 +++++ spec/classes/cloud_volume_storage_spec.rb | 5 +++++ 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 241375a7..fe6fc088 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -359,18 +359,16 @@ # Configure Ceph keyring Ceph::Key <<| title == $cinder_rbd_user |>> - if defined(Ceph::Key[$cinder_rbd_user]) { - ensure_resource( - 'file', - "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$cinder_rbd_user], - notify => Service['nova-compute'], - } - ) - } + ensure_resource( + 'file', + "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$cinder_rbd_user], + notify => Service['nova-compute'], + } + ) Concat::Fragment <<| title == 'ceph-client-os' |>> } else { diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp index cf33d08b..c6115003 100644 --- a/manifests/volume/backend/rbd.pp +++ b/manifests/volume/backend/rbd.pp @@ -84,14 +84,12 @@ # Configure Ceph keyring Ceph::Key <<| title == $rbd_user |>> - if defined(Ceph::Key[$rbd_user]) { - ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$rbd_user], - }) - } + ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$rbd_user], + }) Concat::Fragment <<| title == 'ceph-client-os' |>> diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index da537049..9a43aa9e 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -384,6 +384,11 @@ class { 'cloud::network': :command => 'usermod -a -G cephkeyring nova', :unless => 'groups nova | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end it 'configure libvirt driver' do diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb index fcea91db..c7b5f012 100644 --- a/spec/classes/cloud_volume_storage_spec.rb +++ b/spec/classes/cloud_volume_storage_spec.rb @@ -157,6 +157,11 @@ :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], :unless => 'groups cinder | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end end From eeecc725cd617694a5eb3dd189f18a43d5661ced Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Thu, 25 Jun 2015 15:43:44 +0200 Subject: [PATCH 5/5] Gemfile: Pin puppet-lint-paramdoc 1.1.0 New version of puppet-lint-paramdoc fails if defines parameters are not documented. In order not to block backport we stick to 1.1.0. Change-Id: I17aaeb3c65b0cb68ffe83cd40d823fe9f8833ce0 (cherry picked from commit c8da335df3f04eeca177973181d1e7680aad9a05) --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 6ffa3b35..11c670ac 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' group :development, :test do gem 'puppetlabs_spec_helper' - gem 'puppet-lint-param-docs' + gem 'puppet-lint-param-docs', '1.1.0' gem 'metadata-json-lint' gem 'json' gem 'webmock'