Merge "Align alerts and grafana dashboard with fluentd"
diff --git a/.kitchen.yml b/.kitchen.yml
index 6e38245..c3b24a2 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -8,7 +8,7 @@
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
- salt_version: latest
+ salt_version: <%=ENV['SALT_VERSION'] || 'latest'%>
require_chef: false
log_level: error
formula: heat
diff --git a/.travis.yml b/.travis.yml
index e13a3ff..31d2f50 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,6 +17,12 @@
- bundle install
env:
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=server-cluster
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=server-cluster
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=server-plugin-dirs
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=server-plugin-dirs
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=server-single
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=server-single
- PLATFORM=trevorj/salty-whales:trusty SUITE=server-cluster
- PLATFORM=trevorj/salty-whales:xenial SUITE=server-cluster
- PLATFORM=trevorj/salty-whales:trusty SUITE=server-plugin-dirs
diff --git a/README.rst b/README.rst
index 24582ca..414df49 100644
--- a/README.rst
+++ b/README.rst
@@ -119,23 +119,6 @@
revision: master
-Heat system definition of several stacks/systems
-
-.. code-block:: yaml
-
- heat:
- control:
- enabled: true
- system:
- web_production:
- format: hot
- template_file: /srv/heat/template/web_cluster.hot
- environment: /srv/heat/env/web_cluster/prd.env
- web_staging:
- format: hot
- template_file: /srv/heat/template/web_cluster.hot
- environment: /srv/heat/env/web_cluster/stg.env
-
Ceilometer notification
.. code-block:: yaml
@@ -178,45 +161,55 @@
virtual_host: '/openstack'
....
-Client-side RabbitMQ TLS configuration:
-|
-To enable TLS for oslo.messaging you need to provide the CA certificate.
+Configuring TLS communications
+-------------------------------
-By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
-.. code-block:: yaml
+ **Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
- ....
- message_queue:
- ssl:
- enabled: True
-Use `cacert_file` param to specify the CA-cert file location explicitly:
+ - **RabbitMQ TLS**
-.. code-block:: yaml
+ .. code-block:: yaml
- ....
- message_queue:
- ssl:
- enabled: True
- cacert_file: /etc/ssl/rabbitmq-ca.pem
+ heat:
+ server:
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
+ (optional) version: TLSv1_2
-To manage content of the `cacert_file` use the `cacert` param:
-.. code-block:: yaml
+ - **MySQL TLS**
- ....
- message_queue:
- ssl:
- enabled: True
- cacert: { file content here }
- cacert_file: /etc/openstack/rabbitmq-ca.pem
+ .. code-block:: yaml
-Notice:
- * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
- * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
+ heat:
+ server:
+ database:
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/mysql-ca.pem
+
+ - **Openstack HTTPS API**
+
+ .. code-block:: yaml
+
+ heat:
+ server:
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ clients:
+ keystone:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
Enhanced logging with logging.conf
----------------------------------
diff --git a/heat/control.sls b/heat/control.sls
deleted file mode 100644
index ecb16bf..0000000
--- a/heat/control.sls
+++ /dev/null
@@ -1,14 +0,0 @@
-{%- from "heat/map.jinja" import control with context %}
-{%- for system_name, system in control.system.iteritems() %}
-
-heat_stack_{{ system_name }}:
- heat.stack_present:
- - name: {{ system_name }}
- {%- if system.template_file is defined %}
- - template_file: {{ system.template_file }}
- {%- endif %}
- {%- if system.environment_file is defined %}
- - environment_file: {{ system.environment_file }}
- {%- endif %}
-
-{%- endfor %}
\ No newline at end of file
diff --git a/heat/files/ocata/heat.conf.Debian b/heat/files/ocata/heat.conf.Debian
index 58d1461..74f8fbf 100644
--- a/heat/files/ocata/heat.conf.Debian
+++ b/heat/files/ocata/heat.conf.Debian
@@ -848,38 +848,6 @@
#url =
-[clients_keystone]
-
-#
-# From heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for communication with
-# the OpenStack service. (string value)
-#endpoint_type = <None>
-
-# Optional CA cert file to use in SSL connections. (string value)
-#ca_file = <None>
-
-# Optional PEM-formatted certificate chain file. (string value)
-#cert_file = <None>
-
-# Optional PEM-formatted file that contains the private key. (string value)
-#key_file = <None>
-
-# If set, then the server's certificate will not be verified. (boolean value)
-#insecure = <None>
-{%- if server.clients.keystone is defined %}
-insecure = {{ server.clients.keystone.get('insecure', false) }}
-{%- endif %}
-
-# Unversioned keystone url in format like http://0.0.0.0:5000. (string value)
-#auth_uri =
-{%- if server.clients.keystone is defined %}
-auth_uri= {{ server.clients.keystone.protocol }}://{{ server.clients.keystone.host }}:{{ server.clients.keystone.port }}
-{%- endif %}
-
-
[clients_magnum]
#
@@ -1331,7 +1299,7 @@
#
# Authentication Endpoint URI. (string value)
-auth_uri=http://{{ server.identity.host }}:5000/v2.0
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000/v2.0
# Allow orchestration of multiple clouds. (boolean value)
#multi_cloud=false
@@ -1340,17 +1308,35 @@
# enabled. At least one endpoint needs to be specified. (list
# value)
#allowed_auth_uris=
-
-keystone_ec2_uri=http://{{ server.identity.host }}:5000/v2.0/ec2tokens
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+ca_file = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+keystone_ec2_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000/v2.0/ec2tokens
[clients]
endpoint_type = {{ server.identity.get('endpoint_type_default', 'publicURL') }}
+{%- if server.clients is defined %}
+{%- if server.clients.insecure is defined %}
+insecure = {{ server.clients.insecure }}
+{%- endif %}
+{%- if server.clients.get('protocol', 'http') == 'https' %}
+ca_file={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+{%- endif %}
[clients_heat]
endpoint_type = {{ server.identity.get('endpoint_type_heat',
server.identity.get('endpoint_type_default', 'publicURL')) }}
[clients_keystone]
-auth_uri=http://{{ server.identity.host }}:35357
+{%- if server.clients is defined %}
+{%- if server.clients.keystone is defined %}
+insecure = {{ server.clients.keystone.get('insecure', false) }}
+{%- endif %}
+{%- endif %}
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+ca_file={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if pillar.get('opencontrail', {}).get('client', {}).get('enabled', False) %}
@@ -1761,12 +1747,15 @@
# Config Section from which to load plugin specific options (string value)
#auth_section = <None>
auth_type = password
-auth_uri=http://{{ server.identity.host }}:5000/v2.0
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000/v2.0
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
#identity_uri=http://{{ server.identity.host }}:35357
#admin_user={{ server.identity.user }}
#admin_password={{ server.identity.password }}
#admin_tenant_name={{ server.identity.tenant }}
-auth_url=http://{{ server.identity.host }}:35357
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
username = {{ server.identity.user }}
password = {{ server.identity.password }}
project_name = {{ server.identity.tenant }}
@@ -2739,7 +2728,7 @@
# From heat.common.context
#
auth_plugin = password
-auth_url = http://{{ server.identity.host }}:35357
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
username = {{ server.identity.user }}
password = {{ server.identity.password }}
user_domain_name = default
diff --git a/heat/meta/sphinx.yml b/heat/meta/sphinx.yml
index d3dbbe2..3732e63 100644
--- a/heat/meta/sphinx.yml
+++ b/heat/meta/sphinx.yml
@@ -41,7 +41,7 @@
value: |
{%- for pkg in server.pkgs %}
{%- set pkg_version = "dpkg -l "+pkg+" | grep "+pkg+" | awk '{print $3}'" %}
- * {{ pkg }}: {{ salt['cmd.run'](pkg_version) }}
+ * {{ pkg }}: {{ salt['cmd.shell'](pkg_version) }}
{%- endfor %}
{%- endif %}
{%- if pillar.heat.client is defined %}