When a user creates a HA load balancer in Octavia, Octavia creates
server groups as part of the load balancer resources. However because
the default quotas related to server group are very low and we have all
load balancer resources in the common service project, users can create
very limited number of HA load balancers by default.
This patch disables the quota limits of the server-group-members and
server-groups of the service project, so that HA load balancer creation
is not blocked by these quotas.
Closes-Bug: #1914018
Change-Id: I0048fec8c1e19bd20b1edcd23f2490456fe1cd12
This change adds an internal alias for port to dport. This is done to
allow legacy config to operate as expected should a user have overrides
with the puppet legacy option. Should the action plugin encounter a
rule with the deprecated option a notice will be printed on screen
containing the rule and and information on how to convert it so that
functionality isn't lost on a future release.
Change-Id: I0643345a144a4b4c94c11465e9f8a82f13da146d
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This allow the master playbook used for update to set
tripleo_redhat_enforce to false on a per role basis on Red Hat
environment.
The default in defaults/main.yml is now "true" so that it keeps its
behavior of being run by default if nothing is changed in the role
definition.
We then avoid running it on other plateform than Red Hat by adding an
explicit test in that tasks/main.yml file.
Overall the behavior is as follows:
| Red Hat Env | tripleo_enforced | Test run |
|-------------+----------------------+----------|
| True | Unset | Yes |
| True | Set to true in role | Yes |
| True | Set to false in role | No |
| False | Doesn't matter | No |
Change-Id: I6268a01d16f8288bf862003d19184fc93b88282a
Partial-Bug: #1912512
Writes to an output env file that can then be used
for stack update.
Also removes the unused var persist_params_in_plan
Change-Id: Idc15cf94bd100efc8ab81dcd69787113746d9aee
[DEPRECATION WARNING]: evaluating 'environment_directories' as a bare
variable, this behaviour will go away and you might need to add |bool to
the expression in the future. Also see CONDITIONAL_BARE_VARS
configuration toggle. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
Change-Id: I16ed9e104d9daaa56ecf691f90dee492c6d06348
If the NFS server firewalld does not open the ports, ReaR cannot correctly mount the NFS server
while performing the backup and/or restore, and subsequently the action fails and the
openstack-ansible playbook stops running.
This change checks whether the server chosen to be NFS server has firewalld running, and implies that
if it is running, the operator must declare the firewalld zone where the ports must be opened.
Closes-Bug: #1912366
Change-Id: Ic6816fa647653baf8297dc62cdd99ee522b86535
Do not assume we will always have hostvars[<node>]['storage_ip'].
Instead use the service_net_map, found in global_vars.yaml of
config-download. Within this directory, if ceph_mon on the list
tripleo_enabled_services, then there will be a service_net_map
containing the ceph_mon_network. As per tripleo_common/inventory.py,
this network name, whatever it is composed to, will have an '_ip'
appended to it which will map to the correct IP address. Without
network isolation ceph_mon_network will default to ctlplane. With
network isolation it will default to storage, but it could also
be composed to anything, so we can use this method to pick up
whatever it is.
Closes-Bug: #1912218
Change-Id: I7c1052b1c27ea91c5f97f59ec80c906d60d5f13e
Given how config-download runs in the main branch it's no longer
necessary to use become when creating the work directories for
ceph-ansible to be executed or when running the tripleo_ceph_client
role. Using become introduces the bug this change resolves. Also,
as we are not using become we won't set the owner of the directory.
Instead we will use the default owner of whoever created the directory.
Change-Id: I65cd66ed5c94b548b775b9b4829717c202837d7e
Closes-Bug: #1912103
When priviledge mode is set, don't add any capabilities as they
are included.
Use 1.6.4 podman because 2.0.5 rootless doesn't work with
systemd [1]
Disable Selinux on host.
[1] https://github.com/containers/podman/issues/8965
Closes-Bug: #1910970
Change-Id: I73ac1c405e8a3539937a5578bb003cba0b935d94
If linting fails, content provider still builds.
Whis is suboptimal, since standalone/multinode jobs will be skipped and
nothing will use those builds.
Put cprovider into dependency on the linting jobs as well.
Change-Id: I18101f47245f92412cab6ff2289618605e1baa26
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
We currently forcefully install pacemaker + pcs in a number of upgrade
tasks. This is suboptimal because on certain nodes pcs/pacemaker repos
are not enabled. Let's let puppet pull in those packages normally.
Tested this during a queen -> train FFU successfully on a composable
roles environment.
Closes-Bug: #1911684
Change-Id: I70d8bebf0d6cbaeff3f108c5da10b6bfbdff8ccf
In order to launch the container and connect via networking, we need
selinux disabled for a rootless container to still work. Let's move the
selinux disabling to first rather than later.
Change-Id: I345e8b8547b81e5791656d0fca6e90b1de48fdac
This change modifies the plan creation playbook to ensure its
functional with a swiftless environment.
A new playbook has been added which will create the stacks
directory and set the permissions. This playbook will be used
within tripleo-client to ensure that the local artifact store
is setup early in the deployment process.
Change-Id: Ibe9b2ffe94cdf493fc84366979d1d78b8528ea1b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Add boolean option to distribute the private key which is
created by the cli-enable-ssh-admin.yaml playbook and update
the tripleo_create_admin role to distribute the private key
when it is true.
This option defaults to false as we normally don't want to
do this. However, cephadm needs a private key on all nodes
with the OS::TripleO::Services::CephMgr service in order to
manage a Ceph cluster. This option will likely only be used
for the ceph-admin user which is similar to but not the same
as the tripleo-admin user.
Also, remove old reference to Mistral in task name.
Implements: blueprint tripleo-ceph
Change-Id: I69c74c1869aa0f54c1695fd53098df7e78f64247
This change will make the tripleo_cloud_name variable optional.
This will allow us to use this playbook more broadly.
Change-Id: Idff1a14c5ce785a6d0aa9d71e1e91e859f966634
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Add DCN map variable which can override Ceph Mon IPs, FSID, Name
and keys list. This variable may used to populate the fetch dir
with more than one set of keys and conf files per Ceph cluster
before the keys/conf file are synchronized. The user may then
iterate through a list of such maps and then inclue the role
for each of those maps.
Co-Authored-By: Francesco Pantano <fpantano@redhat.com>
Implements: blueprint tripleo-ceph-client
Change-Id: I938ab604859fda88f3491399444841a3a373d162
As was proposed in patch 767756 let's run docs job on all plugins
changes in tripleo-ansible to be sure we don't break it.
Change-Id: Ic185c0941b691392c0d92f4a7429eeba04b3e686
The tripleo_ceph_client role is supposed to replace the ceph-ansible
client and work for both cephadm and ceph-ansible based deployments.
The purpose of this role is to work with both internal and external
ceph, processing the input provided, generating the Ceph clients
(Nova, Cinder, Glance, Manila) configuration (keys and ceph.conf)
and push the generated files to the 'clients' group provided by the
TripleO inventory.
Implements: blueprint tripleo-ceph-client
Change-Id: Ia60bc6d5d1a04bd560f2fcb05a4b64078015ae9d
Srinivas Atmakuri
Zuul
Kevin Carter
Sofer Athlan-Guyot
ramishra
Alex Schultz
Juan
John Fulton
Sagi Shnaidman
Bogdan Dobrelya
Michele Baldessari
Carlos Goncalves
Francesco Pantano