Commit Graph

53 Commits (2f9215b2535a976e1d1568650aa78be3fe8b5606)

Author SHA1 Message Date
Zuul 265a39f6fb Merge "trivial: add spaces after punctuation in config help text" 3 years ago
Alex Schultz 24b87f1997 Improve container_images_file comments
Downstream we see that folks repeatedly forget to set this variable even
though they may generate a containers yaml file. This ultimately leads
to an undercloud installation failure due to lack of credentials. This
change updates the configuration item to be required=False for upstream
(because it's not) but includes additional comments around what this
file does. We can flip the configuration to required in environments
where we know we need authentication.

Change-Id: I8c26aa68ec2668fb9c94d0191914bd676e082ebe
3 years ago
Harald Jensås af4721b7fa Add option to control ironic network interfaces
When deploying on IPv6 stateful ironic must use the
neutron network interface driver. This because we need
to configure neutron service ports (provisioning, cleaning
etc.) with multiple ip addresses for certain UEFI firmware
and chainloading combinations (iPXE -> Ironic IPA) to work.

Closes-Bug: #1864491
Change-Id: I5a9890ccb95a21b95f488cd7a5b5fd1a6cdff38b
3 years ago
Emilien Macchi b5df6b265d Update undercloud.conf with correct SSL information
The generated certificates are located:

Because in environments/ssl/enable-tls.yaml, we can find:
DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem

Update the doc, so there is no confusion.

Change-Id: I974167d0d2d04a94dc8a82a361a9ca1425364935
3 years ago
Emilien Macchi dafacfcbf7 Disable Paunch by default on the Undercloud
Disabling Paunch on the Undercloud has proven to be stable enough over
the last weeks, we can safely make it the default to move forward.

Depends-On: I707b2f66eb947d64ef6a21238dc26c81575be2c7
Change-Id: I8822b3515046a4263242d5e1249bb9bac8d80d91
3 years ago
Lance Bragstad 6aaeaf00fa trivial: add spaces after punctuation in config help text
This was rendering without proper spacing in between periods and new
sentences. This commit updates the spacing so the sample
undercloud.conf render with spacing between sentences.

Change-Id: I9b20cf1332eb6e832f637db5ed465b7261105c08
3 years ago
Emilien Macchi e794286d47 undercloud: introduce undercloud_enable_paunch option
Set to True by default, Paunch remains enabled.
However it can be switched to False, then the Undercloud containers will
be deployed by tripleo-ansible.

Change-Id: I6f9498f2e8e54c6b670d616a3122263cd42c44e8
4 years ago
Harald Jensås d5e3726999 Add option to control IPv6 address mode
Add option ipv6_address_mode in undercloud.conf to control
the address mode, dhcpv6-steteful or dhcpv6-steteless, for
IPv6 provisioning network.

Related-Bug: #1847606
Change-Id: I7de5f5487065d20068229e0d34102be6119fbeef
4 years ago
Gael Chamoulaud 2241528f4f Remove panko
This patch removes panko which has been deprecated in Train

Change-Id: I8849fda5c6a209913be79b668cbdb5e11dce1514
Signed-off-by: Gael Chamoulaud <>
4 years ago
Harald Jensås ee16c09447 Allow per-subnet DNSNameServers for ctlplane network
Add a new option ``dns_nameservers`` in the subnet sections
for the undercloud ctlplane network. By default the option
is not set, and in that case the ``undercloud_nameservers``
are used, maintaining the current behaviour.

This decouples the nameservers used on the undercloud and
the ones used for the overcloud nodes. In a DCN setting
different DNS server may be preferred per-site.

Related-Bug: #1834306
Change-Id: I0dc03eddf9ea00ff33cd3ae0cdc8f42a4961e89c
4 years ago
Alex Schultz 8de77cbe70 Add minion installation
Add the ability to install an undercloud minion which is connected to an
original undercloud. This minion can have either heat-engine or
ironic-conductor deployed on it.

Adds two new openstack commands for the minion install and a new
minion.conf can be used to configure them.

openstack undercloud minion install
openstack undercloud minion upgrade

Change-Id: I61832f5088be172eaf31b36a9cca8dc289580bb2
Related-Blueprint: undercloud-minion
4 years ago
Steve Baker 8d84884f3e Add undercloud.conf enable_nova option
This can be set to false for underclouds which only use

Change-Id: Ia1eaec2ed12eb5eb366e8c78b174aff43b447051
Blueprint: nova-less-deploy
4 years ago
Alex Schultz 75defc10fa Remove tripleo-ui items from the undercloud install
We've retired the tripleo-ui repository so we need to remove the ui
configurations for the undercloud.

Change-Id: I536b2cf361cc4b2e47332bb9842d85ffe0643a60
Related-Bug: #1831478
4 years ago
Harald Jensås cc6ddee223 Fix sample_default for host_routes option
The host_routes option sample default was missing
the subnet prefix for the destination ip network.

Closes-Bug: #1830093
Change-Id: I9bb3160f1bb50b410ec9f9b6751463b847d8a920
4 years ago
Emilien Macchi cefb2df8c3 undercloud: wire ContainerHealthcheckDisabled
Add a new parameter to undercloud.conf to disable the container

The parameter is: container_healthcheck_disabled and it's False by
default, so the healthchecks are enabled by default.

Depends-On: Id8d7e21d58cf5ab155404db597d96665b94d7c2a
Change-Id: Icebfad41cc286a2e209511c147d74f1a933c66a2
4 years ago
Harald Jensås f0310b3439 Update undercloud_nameserver help text
Since the undercloud was containerized we set the dns servers
on the neutron ctlplane subnets when installing the undercloud.
(Previously this was a post install step ...) Since dnsservers
set as undercloud_nameservers are configured as nameserver on
the ctlplane subnet(s). The overcloud nodes will use the
dnsservers defined here (Atleast initially, before OsNetConfig).

With change I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd the
requirement to specify DnsServers in the overcloud environment
is removed. It uses get_attr to read the nameservers to use for
overcloud nodes from the ctlplane subnet.

Closes-Bug: #1824347
Change-Id: I6e330479fa78163252f9319b8f90d6d819ce881b
4 years ago
Zuul b8a8941278 Merge "Undercloud - support ctlplane subnet host routes" 4 years ago
Harald Jensås 034778b6a8 Undercloud - support ctlplane subnet host routes
Add new option 'host_routes' to the subnet definitions
for the ctlplane network in undercloud.conf.

Routes defined for the local subnet will be appended
to the THT parameter 'ControlPlaneStaticRoutes'. The
net-config template for the undercloud will ensure
these routes are configured on the undercloud.

Routes are also added to UndercloudCtlplaneSubnets
parameter used by the undercloud to create the
ctlplane network and subnets. In THT change:
I46b7c7175f542ad4d375a20f133c05064e7b7222 this new
data is used so that the host routes are configured
for the neutron ctlplane subnets.

Related-Bug: #1819464
Change-Id: I692fcc4a494b2cda1911814a53a0c6ec2f99f807
4 years ago
Alex Schultz 7574f752ff Mark enable_ui as deprecated
The TripleO UI is deprecated and will be removed in Train.

Change-Id: I6eb0686b58bd3bca0c8be128583c0f07c04ce31a
4 years ago
Alex Schultz 96c9a5e7b8 Deprecate docker config options
The docker_bip, docker_insecure_registries and docker_registry_mirror
have been deprecated. docker_bip will be removed in later versions.
docker_insecure_registries has been renamed to
container_insecure_regiestries. docker_registry_mirror has been renamed
to container_registry_mirror.

Change-Id: Ic39e665b241aed74347be5eaf24fb291035d5658
Related-Blueprint: podman-support
4 years ago
Emilien Macchi 32b3c4506d undercloud: configure ContainerImagePrepareDebug based on undercloud_debug
Instead of creating a new undercloud.conf parameter to enable the debug
on Container Image Prepare task, let's recycle undercloud_debug.

Depends-On: I7d0b4035de748bf2453321d3ab09d09fd45abf8d

Change-Id: I15d910a53a34d4ac09b2728317506ee0edf981f2
4 years ago
Harald Jensås 51ad17ba18 Add support for networks data in Standalone
Standalone does not use any of the composable networks by
default. Deploy Standaloen using /dev/null as network data
so that these resources are not included when creating the

Undercloud uses only the External network for the external
VIP. Deploy the undercloud using the Undercloud specific
network_data_undercloud.yaml, ensures external_from_pool.yaml
is in the plan.

Related-Bug: #1809313
Depends-On: Ib11a134df93e59947168b40bc71fb1da9172d4ac
Change-Id: I102912851a3b9952daaf7c4d5a34a919f527f805
4 years ago
Zuul 01f40202c2 Merge "Expose timezone configuration" 4 years ago
Zuul 9dd860ee65 Merge "spelling fixes doc string and help strings" 4 years ago
Alex Schultz cca24538d4 Expose timezone configuration
This change adds an undercloud_timezone configuration that can be used
to configure the timezone when we install the undercloud.

Change-Id: I5dcf3250a181c3614189618b9bae62e466b00275
Related-Bug: #1784068
4 years ago
Zuul 7fe40c3265 Merge "Calculate undercloud ctlplane DHCP allocation pools" 5 years ago
Emilien Macchi 9c3ffb7c28 Switch standalone & undercloud to Podman by default
Unless an operator overrides it, the default undercloud & standalone
deployment will be on Podman and not on Docker anymore.

blueprint podman-support
Change-Id: Ided7b88fa984ca49f487fd0573e0c5e78c5480e8
5 years ago
Harald Jensås 8355e76ca4 Calculate undercloud ctlplane DHCP allocation pools
* Make dhcp_start and dhcp_end optional for subnet definitions
  in undercloud.conf.
* Allow non-contiguous allocation pools for ctlplane subnets

Calcualte the allocation pools by removing the local_ip,
gateway, admin_host, public_host and ``inspection_iprange``,
from the subnets full ip range. Allocation_pools for all
remaining ranges will be configured. A new per-subnet option
``dhcp_exclude`` is added, a list of IP addresses or IP
ranges that will be excluded from the allocation pool. For

  dhcp_exclude =,
                   ^ ip addr         ^ ip range

If dhcp_start is defined and dhcp_end is not defined (or vice
versa) any addresses prior to (or after) this address is
removed from the allocation pools.

Make dhcp_start and dhcp_end options ListOpts to enable non-
contigous allocation pools. For example, to create allocation
pools: [{'start': '', 'end': ''},
        {'start': '', 'end': ''}]
the following configuration can be used in undercloud.conf:

  dhcp_start =,
  dhcp_end =,

A new method is added for remote_subnet_opts, same options as
for the local_subnet_opts but without the defaults.

To allow optional dhcp_start and dhcp_end for the local_subnet
which have defaults defined, a condition is used to ignore
dhcp_start and dhcp_end in case they are the default values
and the cidr is NOT the default.

Related-Bug: #1806512
Related-Bug: #1807707
Change-Id: I4ba148f465b4c452bd5b2c31009ac8a2897bcd5f
5 years ago
Alex Schultz a57fc1f9af Specify multiple NtpServers by default
Chrony needs to have multiple servers for the initial sync as it won't
retry a dns lookup when we run waitsync.

Change-Id: Id0418f5c17402b5c4fdfad350204907b3f39034c
Closes-Bug: #1806521
5 years ago
Mathieu Bultel a22bb05190 Add docker bridge ip option to the undercloud.conf
Add docker_bip option to the undercloud.conf in order
to easily override the value of: DockerNetworkOptions
through the undercloud.conf

Change-Id: Ibbf7c6101539bdf575c23295c1b9fa4bfc84cff7
5 years ago
Jon Schlueter 2b4627d710 spelling fixes doc string and help strings
trivial gramatical spelling fixes

Change-Id: Id066d8ce738196ec25439cbb84361fab19715413
5 years ago
Emilien Macchi e5a960e88e Allow to actually disable heat-native
The way heat-native was implemented, we couldn't disable it.
And when disabled, it was not working.

- operators can now pass: --heat-native=False or configure
  heat_native=False in undercloud.conf, then heat native will actually be
- 'latest' tag doesn't exist for centos-binary-heat-all so we default
  to current-tripleo with is a safe default for us.
- when the heat_all container is done, it returns 137 (kill -9) which is
  good but we don't want to fail on that.

Change-Id: I092b6dea5a77fc2691c7af5517a76172f8866bd7
Closes-Bug: #1795000
5 years ago
Alex Schultz 2f02c6503f Update default value for ntp servers
As we've switched to containerized undercloud, the ntp settings are more
important (and required).  If this is unset, we're actually falling back
to the defauls in the ntp configuration in THT so this patch just
exposes the default correctly in the configuration file.

Change-Id: I98c4d0c3cee2a745e0e5326e209ad91db22ebff1
Closes-Bug: #1793500
5 years ago
Emilien Macchi 6b0f54c07a Introduce container_cli parameter for undercloud.conf
This parameter, default to 'docker' for now, can be changed to 'podman'
if we want to deploy an Undercloud with Podman instead of Docker.

blueprint podman-support

Change-Id: I8e83a3903f6c67087d4e18734a61661dbd597185
5 years ago
Bogdan Dobrelya 8f1caf7abf Align roles file to become a normalized path
Extend the tripleo client Command class to fetch heat roles data
from a role file. That new class method is shared by many derived
classes afterwards and used for containers images preparations,
containerized overcloud, undercloud and standalone deployments.

Apply normalization to the roles_file in plan management and
preflight checks as well.

Change-Id: I7b35e117b9d12f1e5a51e2ee0465244692d33e33
Signed-off-by: Bogdan Dobrelya <>
5 years ago
Tony Breeds a93e3399b7 Add support for configuring additional architectures for heat-based installs
In this case an additional architecture is any architecture that is NOT
the same as the one running the install.

Blueprint: multiarch-support

Change-Id: Idbf9d52515bddf598792bf4db71c56084c36075c
5 years ago
Zuul a26dfc0c9f Merge "Fix net_config_override" 5 years ago
Zuul 6b43b5a274 Merge "Update config docs" 5 years ago
Bogdan Dobrelya 8e74cd78d3 Fix net_config_override
Make rel paths evaluted in the USER_HOME, like
it is done for the hiera overrides file.

Fix j2 context mappings for config opts failing back
to the heat params.

Rework j2 imports.

Closes-bug: #1779916

Change-Id: Ic339456c05e91942439d70958000b67f182193c9
Signed-off-by: Bogdan Dobrelya <>
5 years ago
Zuul 92ce6dd6c0 Merge "Drop example in config file comments" 5 years ago
Alex Schultz 3c69e33cf8 Update config docs
We moved custom_env_files to last in
I1902f91a56822c4219c38aafe5f2baf6b61a0a05 so this updates the
documentation around these configuration options.

Change-Id: Ibf9f56c7c5a9d63b80d96f77fa74c43782f3c16a
5 years ago
Harald Jensås c4701f8b68 Drop example in config file comments
There have been some reports of users misinterpreting
where to place configuration for the provisining subnets
in undercloud.conf. The example text for the subnets leads
to users adding the subnets section directly after the
subnets option. I.e in the middle of the DEFAULT section
of the ini file.

This change drops the example. The ctlplane-subnet section
is there as an example already.

Related-Bug: rhbz1585497
Related-Bug: #1778779
Change-Id: Ia34f6da6006b1fc9b8075865ec4a666e86a32095
5 years ago
Alex Schultz 4aa679e960 Add undercloud_enable_selinux
Expose selinux configuration via the undercloud.conf

Change-Id: I6973fec9bcc55373f89e5c873ff6ae7050fff432
Depends-On: I2109bf62e307df92b6bdb57600c58dd61482f46d
Partial-Bug: #1779005
5 years ago
Bogdan Dobrelya 5531e8bbbc Leverage log_file option to capture more UC logs
Undercloud deployment starts logging into its log file
too late, omitting log records from undercloud_config,
preflight checks. This is a problem as we want to log
at least the commands used for undercloud install/upgrade.
Ideally, messages in stdout/stderr should not miss the
log file.

Fix this via the added custom undercloud_log_file config
(use --log-file for standalone CLI). Use those to
configure logging to a file.

Fix missing formatting, like timestamps and source, for
undercloud config and preflight checks.

Write preflight/install/upgrade logs into the same

Move the load oslo config method into shared utilities.
Add the configure logging shared utility for the classless
modules (w/o oslo_log supported). Such modules can
mimic oslo_log behavior defined for the main deployment
modules derived from openstack client classes, which
support logging to files natively and are not affected
by the subject issue. With an exception made for those
classless modules allowing them to log INFO+ be default.
So operators will have the pre-flight check
notes logged, for example.

Change-Id: I340be11bc9471df22f038629679634c3542d34d6
Signed-off-by: Bogdan Dobrelya <>
5 years ago
Zuul bf94a662b9 Merge "Remove unused option enable_container_images_build" 5 years ago
Emilien Macchi 328b0f53f1 Mark upgrade_cleanup option as experimental
The feature doesn't work now, the upgrade_tasks that take care of the
cleanup are being refactored by the Upgrade team. The current status of
this feature is that the upgrade will fail in some of the tasks, and
also the tasks aren't idempotent (for the ones which worked).

Until we stabilize it, let's mark it as experimental.

Related-Bug: #1774219
Change-Id: I38c411cae75c419af18a654c741a014502ecd292
5 years ago
Steve Baker daf94b006f Remove unused option enable_container_images_build
This option was added in change
I5cf5798cd084d99a3c892daab6db444d1e608beb but was never actually wired
in to do anything.

Since we now have such comprehensive image build pipelines, I think it
is better to removed this unused option rather than wire it in.

Change-Id: I20f67d8b1bbeb8b768777a41b5d33c819192ea2d
5 years ago
Alex Schultz b22c218ace Move undercloud.conf to the undercloud config namespace
To match the generation for standalone.conf, this change moves the
config generation out to the undercloud config namespace instead of
including it in the undercloud_config namespace from the actions.
Eventually we'll want to handle the configuration parsing elsewhere so
we need to move this logic out so it can be shared and consumed via the
tripleo_deploy action.

Change-Id: I6d8bd04d2547a513dfe46d5144283e45366efeb3
Related-Blueprint: all-in-one
5 years ago
Alex Schultz c0f566cc2e Start standalone.conf
This is the start of a standalone.conf for use with the all in one

Change-Id: I656f4c1f7094b9a5981c1f15ff1c119693cd17c8
Related-Blueprint: all-in-one
5 years ago
Emilien Macchi 4b35d34651 Add "upgrade_cleanup" option to undercloud.conf
When upgrading a non-containerized undercloud to a containerized
undercloud, operators might want to purge old packages/config that were
deployed in Queens. It can be done by setting upgrade_cleanup to
True. The default is false so the cleanup won't happen in default

Change-Id: Ie770f72a8bf9f13ce7258a22ba9f96e5c70a35c1
5 years ago