Downstream we see that folks repeatedly forget to set this variable even
though they may generate a containers yaml file. This ultimately leads
to an undercloud installation failure due to lack of credentials. This
change updates the configuration item to be required=False for upstream
(because it's not) but includes additional comments around what this
file does. We can flip the configuration to required in environments
where we know we need authentication.
Change-Id: I8c26aa68ec2668fb9c94d0191914bd676e082ebe
When deploying on IPv6 stateful ironic must use the
neutron network interface driver. This because we need
to configure neutron service ports (provisioning, cleaning
etc.) with multiple ip addresses for certain UEFI firmware
and chainloading combinations (iPXE -> Ironic IPA) to work.
Closes-Bug: #1864491
Change-Id: I5a9890ccb95a21b95f488cd7a5b5fd1a6cdff38b
The generated certificates are located:
/etc/pki/tls/private/overcloud_endpoint.pem
Because in environments/ssl/enable-tls.yaml, we can find:
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
Update the doc, so there is no confusion.
Change-Id: I974167d0d2d04a94dc8a82a361a9ca1425364935
Disabling Paunch on the Undercloud has proven to be stable enough over
the last weeks, we can safely make it the default to move forward.
Depends-On: I707b2f66eb947d64ef6a21238dc26c81575be2c7
Change-Id: I8822b3515046a4263242d5e1249bb9bac8d80d91
This was rendering without proper spacing in between periods and new
sentences. This commit updates the spacing so the sample
undercloud.conf render with spacing between sentences.
Change-Id: I9b20cf1332eb6e832f637db5ed465b7261105c08
Set to True by default, Paunch remains enabled.
However it can be switched to False, then the Undercloud containers will
be deployed by tripleo-ansible.
Change-Id: I6f9498f2e8e54c6b670d616a3122263cd42c44e8
Add option ipv6_address_mode in undercloud.conf to control
the address mode, dhcpv6-steteful or dhcpv6-steteless, for
IPv6 provisioning network.
Related-Bug: #1847606
Change-Id: I7de5f5487065d20068229e0d34102be6119fbeef
This patch removes panko which has been deprecated in Train
Change-Id: I8849fda5c6a209913be79b668cbdb5e11dce1514
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
Add a new option ``dns_nameservers`` in the subnet sections
for the undercloud ctlplane network. By default the option
is not set, and in that case the ``undercloud_nameservers``
are used, maintaining the current behaviour.
This decouples the nameservers used on the undercloud and
the ones used for the overcloud nodes. In a DCN setting
different DNS server may be preferred per-site.
Related-Bug: #1834306
Change-Id: I0dc03eddf9ea00ff33cd3ae0cdc8f42a4961e89c
Add the ability to install an undercloud minion which is connected to an
original undercloud. This minion can have either heat-engine or
ironic-conductor deployed on it.
Adds two new openstack commands for the minion install and a new
minion.conf can be used to configure them.
openstack undercloud minion install
openstack undercloud minion upgrade
Depends-On: https://review.opendev.org/#/c/656984
Change-Id: I61832f5088be172eaf31b36a9cca8dc289580bb2
Related-Blueprint: undercloud-minion
This can be set to false for underclouds which only use
deployed-server.
Change-Id: Ia1eaec2ed12eb5eb366e8c78b174aff43b447051
Depends-On: https://review.opendev.org/#/c/664174/
Blueprint: nova-less-deploy
We've retired the tripleo-ui repository so we need to remove the ui
configurations for the undercloud.
Change-Id: I536b2cf361cc4b2e47332bb9842d85ffe0643a60
Related-Bug: #1831478
The host_routes option sample default was missing
the subnet prefix for the destination ip network.
Closes-Bug: #1830093
Change-Id: I9bb3160f1bb50b410ec9f9b6751463b847d8a920
Add a new parameter to undercloud.conf to disable the container
healthchecks.
The parameter is: container_healthcheck_disabled and it's False by
default, so the healthchecks are enabled by default.
Depends-On: Id8d7e21d58cf5ab155404db597d96665b94d7c2a
Change-Id: Icebfad41cc286a2e209511c147d74f1a933c66a2
Since the undercloud was containerized we set the dns servers
on the neutron ctlplane subnets when installing the undercloud.
(Previously this was a post install step ...) Since dnsservers
set as undercloud_nameservers are configured as nameserver on
the ctlplane subnet(s). The overcloud nodes will use the
dnsservers defined here (Atleast initially, before OsNetConfig).
With change I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd the
requirement to specify DnsServers in the overcloud environment
is removed. It uses get_attr to read the nameservers to use for
overcloud nodes from the ctlplane subnet.
Closes-Bug: #1824347
Change-Id: I6e330479fa78163252f9319b8f90d6d819ce881b
Add new option 'host_routes' to the subnet definitions
for the ctlplane network in undercloud.conf.
Routes defined for the local subnet will be appended
to the THT parameter 'ControlPlaneStaticRoutes'. The
net-config template for the undercloud will ensure
these routes are configured on the undercloud.
Routes are also added to UndercloudCtlplaneSubnets
parameter used by the undercloud to create the
ctlplane network and subnets. In THT change:
I46b7c7175f542ad4d375a20f133c05064e7b7222 this new
data is used so that the host routes are configured
for the neutron ctlplane subnets.
Related-Bug: #1819464
Change-Id: I692fcc4a494b2cda1911814a53a0c6ec2f99f807
The TripleO UI is deprecated and will be removed in Train.
Depends-On: https://review.openstack.org/#/c/641743/
Change-Id: I6eb0686b58bd3bca0c8be128583c0f07c04ce31a
The docker_bip, docker_insecure_registries and docker_registry_mirror
have been deprecated. docker_bip will be removed in later versions.
docker_insecure_registries has been renamed to
container_insecure_regiestries. docker_registry_mirror has been renamed
to container_registry_mirror.
Change-Id: Ic39e665b241aed74347be5eaf24fb291035d5658
Related-Blueprint: podman-support
Instead of creating a new undercloud.conf parameter to enable the debug
on Container Image Prepare task, let's recycle undercloud_debug.
Depends-On: I7d0b4035de748bf2453321d3ab09d09fd45abf8d
Change-Id: I15d910a53a34d4ac09b2728317506ee0edf981f2
Standalone does not use any of the composable networks by
default. Deploy Standaloen using /dev/null as network data
so that these resources are not included when creating the
plan.
Undercloud uses only the External network for the external
VIP. Deploy the undercloud using the Undercloud specific
network_data_undercloud.yaml, ensures external_from_pool.yaml
is in the plan.
Related-Bug: #1809313
Depends-On: Ib11a134df93e59947168b40bc71fb1da9172d4ac
Change-Id: I102912851a3b9952daaf7c4d5a34a919f527f805
This change adds an undercloud_timezone configuration that can be used
to configure the timezone when we install the undercloud.
Change-Id: I5dcf3250a181c3614189618b9bae62e466b00275
Related-Bug: #1784068
Unless an operator overrides it, the default undercloud & standalone
deployment will be on Podman and not on Docker anymore.
blueprint podman-support
Change-Id: Ided7b88fa984ca49f487fd0573e0c5e78c5480e8
* Make dhcp_start and dhcp_end optional for subnet definitions
in undercloud.conf.
* Allow non-contiguous allocation pools for ctlplane subnets
Calcualte the allocation pools by removing the local_ip,
gateway, admin_host, public_host and ``inspection_iprange``,
from the subnets full ip range. Allocation_pools for all
remaining ranges will be configured. A new per-subnet option
``dhcp_exclude`` is added, a list of IP addresses or IP
ranges that will be excluded from the allocation pool. For
example:
dhcp_exclude = 172.20.0.101,172.20.0.210-172.20.0.219
^ ip addr ^ ip range
If dhcp_start is defined and dhcp_end is not defined (or vice
versa) any addresses prior to (or after) this address is
removed from the allocation pools.
Make dhcp_start and dhcp_end options ListOpts to enable non-
contigous allocation pools. For example, to create allocation
pools: [{'start': '172.20.0.100', 'end': '172.20.0.150'},
{'start': '172.20.0.200', 'end': '172.20.0.250'}]
the following configuration can be used in undercloud.conf:
dhcp_start = 172.20.0.100,172.20.0.200
dhcp_end = 172.20.0.150,172.20.0.250
A new method is added for remote_subnet_opts, same options as
for the local_subnet_opts but without the defaults.
To allow optional dhcp_start and dhcp_end for the local_subnet
which have defaults defined, a condition is used to ignore
dhcp_start and dhcp_end in case they are the default values
and the cidr is NOT the default.
Related-Bug: #1806512
Related-Bug: #1807707
Change-Id: I4ba148f465b4c452bd5b2c31009ac8a2897bcd5f
Chrony needs to have multiple servers for the initial sync as it won't
retry a dns lookup when we run waitsync.
Change-Id: Id0418f5c17402b5c4fdfad350204907b3f39034c
Closes-Bug: #1806521
Add docker_bip option to the undercloud.conf in order
to easily override the value of: DockerNetworkOptions
through the undercloud.conf
Change-Id: Ibbf7c6101539bdf575c23295c1b9fa4bfc84cff7
The way heat-native was implemented, we couldn't disable it.
And when disabled, it was not working.
- operators can now pass: --heat-native=False or configure
heat_native=False in undercloud.conf, then heat native will actually be
disabled.
- 'latest' tag doesn't exist for centos-binary-heat-all so we default
to current-tripleo with is a safe default for us.
- when the heat_all container is done, it returns 137 (kill -9) which is
good but we don't want to fail on that.
Change-Id: I092b6dea5a77fc2691c7af5517a76172f8866bd7
Closes-Bug: #1795000
As we've switched to containerized undercloud, the ntp settings are more
important (and required). If this is unset, we're actually falling back
to the defauls in the ntp configuration in THT so this patch just
exposes the default correctly in the configuration file.
Change-Id: I98c4d0c3cee2a745e0e5326e209ad91db22ebff1
Closes-Bug: #1793500
This parameter, default to 'docker' for now, can be changed to 'podman'
if we want to deploy an Undercloud with Podman instead of Docker.
blueprint podman-support
Change-Id: I8e83a3903f6c67087d4e18734a61661dbd597185
Extend the tripleo client Command class to fetch heat roles data
from a role file. That new class method is shared by many derived
classes afterwards and used for containers images preparations,
containerized overcloud, undercloud and standalone deployments.
Apply normalization to the roles_file in plan management and
preflight checks as well.
Change-Id: I7b35e117b9d12f1e5a51e2ee0465244692d33e33
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
In this case an additional architecture is any architecture that is NOT
the same as the one running the install.
Blueprint: multiarch-support
Change-Id: Idbf9d52515bddf598792bf4db71c56084c36075c
Make rel paths evaluted in the USER_HOME, like
it is done for the hiera overrides file.
Fix j2 context mappings for config opts failing back
to the heat params.
Rework j2 imports.
Closes-bug: #1779916
Change-Id: Ic339456c05e91942439d70958000b67f182193c9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
We moved custom_env_files to last in
I1902f91a56822c4219c38aafe5f2baf6b61a0a05 so this updates the
documentation around these configuration options.
Change-Id: Ibf9f56c7c5a9d63b80d96f77fa74c43782f3c16a
There have been some reports of users misinterpreting
where to place configuration for the provisining subnets
in undercloud.conf. The example text for the subnets leads
to users adding the subnets section directly after the
subnets option. I.e in the middle of the DEFAULT section
of the ini file.
This change drops the example. The ctlplane-subnet section
is there as an example already.
Related-Bug: rhbz1585497
Related-Bug: #1778779
Change-Id: Ia34f6da6006b1fc9b8075865ec4a666e86a32095
Undercloud deployment starts logging into its log file
too late, omitting log records from undercloud_config,
preflight checks. This is a problem as we want to log
at least the commands used for undercloud install/upgrade.
Ideally, messages in stdout/stderr should not miss the
log file.
Fix this via the added custom undercloud_log_file config
(use --log-file for standalone CLI). Use those to
configure logging to a file.
Fix missing formatting, like timestamps and source, for
undercloud config and preflight checks.
Write preflight/install/upgrade logs into the same
logfile.
Move the load oslo config method into shared utilities.
Add the configure logging shared utility for the classless
modules (w/o oslo_log supported). Such modules can
mimic oslo_log behavior defined for the main deployment
modules derived from openstack client classes, which
support logging to files natively and are not affected
by the subject issue. With an exception made for those
classless modules allowing them to log INFO+ be default.
So operators will have the pre-flight check
notes logged, for example.
Change-Id: I340be11bc9471df22f038629679634c3542d34d6
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
The feature doesn't work now, the upgrade_tasks that take care of the
cleanup are being refactored by the Upgrade team. The current status of
this feature is that the upgrade will fail in some of the tasks, and
also the tasks aren't idempotent (for the ones which worked).
Until we stabilize it, let's mark it as experimental.
Related-Bug: #1774219
Change-Id: I38c411cae75c419af18a654c741a014502ecd292
This option was added in change
I5cf5798cd084d99a3c892daab6db444d1e608beb but was never actually wired
in to do anything.
Since we now have such comprehensive image build pipelines, I think it
is better to removed this unused option rather than wire it in.
Change-Id: I20f67d8b1bbeb8b768777a41b5d33c819192ea2d
To match the generation for standalone.conf, this change moves the
config generation out to the undercloud config namespace instead of
including it in the undercloud_config namespace from the actions.
Eventually we'll want to handle the configuration parsing elsewhere so
we need to move this logic out so it can be shared and consumed via the
tripleo_deploy action.
Change-Id: I6d8bd04d2547a513dfe46d5144283e45366efeb3
Related-Blueprint: all-in-one
This is the start of a standalone.conf for use with the all in one
installer.
Change-Id: I656f4c1f7094b9a5981c1f15ff1c119693cd17c8
Related-Blueprint: all-in-one
When upgrading a non-containerized undercloud to a containerized
undercloud, operators might want to purge old packages/config that were
deployed in Queens. It can be done by setting upgrade_cleanup to
True. The default is false so the cleanup won't happen in default
upgrades.
Change-Id: Ie770f72a8bf9f13ce7258a22ba9f96e5c70a35c1
Zuul