[DEPRECATION WARNING]: evaluating 'environment_directories' as a bare
variable, this behaviour will go away and you might need to add |bool to
the expression in the future. Also see CONDITIONAL_BARE_VARS
configuration toggle. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
Change-Id: I16ed9e104d9daaa56ecf691f90dee492c6d06348
Do not assume we will always have hostvars[<node>]['storage_ip'].
Instead use the service_net_map, found in global_vars.yaml of
config-download. Within this directory, if ceph_mon on the list
tripleo_enabled_services, then there will be a service_net_map
containing the ceph_mon_network. As per tripleo_common/inventory.py,
this network name, whatever it is composed to, will have an '_ip'
appended to it which will map to the correct IP address. Without
network isolation ceph_mon_network will default to ctlplane. With
network isolation it will default to storage, but it could also
be composed to anything, so we can use this method to pick up
whatever it is.
Closes-Bug: #1912218
Change-Id: I7c1052b1c27ea91c5f97f59ec80c906d60d5f13e
Given how config-download runs in the main branch it's no longer
necessary to use become when creating the work directories for
ceph-ansible to be executed or when running the tripleo_ceph_client
role. Using become introduces the bug this change resolves. Also,
as we are not using become we won't set the owner of the directory.
Instead we will use the default owner of whoever created the directory.
Change-Id: I65cd66ed5c94b548b775b9b4829717c202837d7e
Closes-Bug: #1912103
When priviledge mode is set, don't add any capabilities as they
are included.
Use 1.6.4 podman because 2.0.5 rootless doesn't work with
systemd [1]
Disable Selinux on host.
[1] https://github.com/containers/podman/issues/8965
Closes-Bug: #1910970
Change-Id: I73ac1c405e8a3539937a5578bb003cba0b935d94
If linting fails, content provider still builds.
Whis is suboptimal, since standalone/multinode jobs will be skipped and
nothing will use those builds.
Put cprovider into dependency on the linting jobs as well.
Change-Id: I18101f47245f92412cab6ff2289618605e1baa26
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
We currently forcefully install pacemaker + pcs in a number of upgrade
tasks. This is suboptimal because on certain nodes pcs/pacemaker repos
are not enabled. Let's let puppet pull in those packages normally.
Tested this during a queen -> train FFU successfully on a composable
roles environment.
Closes-Bug: #1911684
Change-Id: I70d8bebf0d6cbaeff3f108c5da10b6bfbdff8ccf
In order to launch the container and connect via networking, we need
selinux disabled for a rootless container to still work. Let's move the
selinux disabling to first rather than later.
Change-Id: I345e8b8547b81e5791656d0fca6e90b1de48fdac
This change modifies the plan creation playbook to ensure its
functional with a swiftless environment.
A new playbook has been added which will create the stacks
directory and set the permissions. This playbook will be used
within tripleo-client to ensure that the local artifact store
is setup early in the deployment process.
Change-Id: Ibe9b2ffe94cdf493fc84366979d1d78b8528ea1b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Add boolean option to distribute the private key which is
created by the cli-enable-ssh-admin.yaml playbook and update
the tripleo_create_admin role to distribute the private key
when it is true.
This option defaults to false as we normally don't want to
do this. However, cephadm needs a private key on all nodes
with the OS::TripleO::Services::CephMgr service in order to
manage a Ceph cluster. This option will likely only be used
for the ceph-admin user which is similar to but not the same
as the tripleo-admin user.
Also, remove old reference to Mistral in task name.
Implements: blueprint tripleo-ceph
Change-Id: I69c74c1869aa0f54c1695fd53098df7e78f64247
This change will make the tripleo_cloud_name variable optional.
This will allow us to use this playbook more broadly.
Change-Id: Idff1a14c5ce785a6d0aa9d71e1e91e859f966634
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Add DCN map variable which can override Ceph Mon IPs, FSID, Name
and keys list. This variable may used to populate the fetch dir
with more than one set of keys and conf files per Ceph cluster
before the keys/conf file are synchronized. The user may then
iterate through a list of such maps and then inclue the role
for each of those maps.
Co-Authored-By: Francesco Pantano <fpantano@redhat.com>
Implements: blueprint tripleo-ceph-client
Change-Id: I938ab604859fda88f3491399444841a3a373d162
As was proposed in patch 767756 let's run docs job on all plugins
changes in tripleo-ansible to be sure we don't break it.
Change-Id: Ic185c0941b691392c0d92f4a7429eeba04b3e686
The tripleo_ceph_client role is supposed to replace the ceph-ansible
client and work for both cephadm and ceph-ansible based deployments.
The purpose of this role is to work with both internal and external
ceph, processing the input provided, generating the Ceph clients
(Nova, Cinder, Glance, Manila) configuration (keys and ceph.conf)
and push the generated files to the 'clients' group provided by the
TripleO inventory.
Implements: blueprint tripleo-ceph-client
Change-Id: Ia60bc6d5d1a04bd560f2fcb05a4b64078015ae9d
Adds boolean option 'managed' to the YAML defining
baremetal deployments. When an instance is defined with
'managed: false' it indicates that the server is already
deployed.
Also adds option 'management_ip' to the YAML defining
baremetal deployments. Any instnace with 'managed: false'
must either have a 'fixed_ip' defining the IP address
of the already provisioned server. Or it must have a
'management_ip' set.
Adds module: tripleo_unmanaged_populate_environment
which merges the 'managed: false' instance to the
baremetal environment.
Adding the support for 'managed' in the YAML used to
define a baremetal deployment provides a unified UX for
pre-provisioned and ironic/metalsmith provisioned
instances. It also keeps the interface to manage neutron
ports for composable networks identical for for
pre-provisioned and ironic/metalsmith instances.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I19c1028664ee30ee1162c02e6efc723ca8816b14
Expand roles is extended to return a hostname
to role mapping for all instanced. this map is
used to set the 'triple_role=$ROLE_NAME' tag
on ports.
The intent is to use these this tag in
conjunction with the pre-existing tags and
neutron network port information to set up the
in the tripleo-common code utilized by
tripleo-ansible-inventory.
Change-Id: I992d7a3cd946e42039ca0819c51f104b1231171b
A mapping of roles to associated networks.
The mapping will be used to write resource registry
overrides in the populate network ports environment
module.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I7bc7f2986cd7574b6c7252dc20f196f59d1f9df6
Add ansible module which creates/adds instnace network
ports information to a triple heat environment file.
The NodePortMap is added to 'parameter_defaults' and
resource registry overrides for overcloud port resouces
to use the network/ports/deployed_{{network.name}}.yaml
templates.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I87d66050f04bd467583990fc97ffa12d457b7d15
Introduce the 'networks' key in be baremetal YAML
definition. Networks can be defined as VIF (ironic
attached nic) or as a non-attached "virtual nic"
via the 'vif' boolean.
The default_network 'ctlplane' is updated to have
'vif': True.
Role default networks are merged with instance
networks.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: Ib7931cae079f923a66b412dc5664d1b119580182
Ansible module to manage network ports for overcloud
nodes. The main module option 'instances' takes a list
of instances similar to the one created by the
tripleo_baremetal_expand_roles module.
Additionally the 'stack_name' must be specified. Tags
will be added to each port resource created, one
with a stack_name hint and the other with the hostname
and a third with the ironic node uuid. Tags are also added
to metalsmith managed vif ports.
The tags is used to filter for already existing instance
ports on re-run, i.e idempotency. The tags will also be
used by tripleo-ansible-inventory to create an ansible
inventory prior to having a stack created.
On re-run existing ports will be updated, if the definition
changed.
The parameter 'concurrency' controls the maximum threads
to use for parallell processing.
Depends-On: https://review.opendev.org/761845
Depends-On: https://review.opendev.org/760536
Partial-Implements: blueprint network-data-v2-ports
Change-Id: Ie2874190c869abb8f9372acb6a45e93557090b2c
Alex Schultz