This change removes the following parameters, which were used by
undercloud Nova.
- KeyName
- Overcloud{{role.name}}Flavor
- {{role.name}}SchedulerHints
- {{role.name}}Image
This also removes the NodeUserData resource because it depends on
cloud-init and nova metadata and is no longer used since Nova was
removed from baremetal node provisioning.
Finally, this change makes deployed server method used by default, and
removes remaining implementation to keep the resource compatible with
OS::Nova::Server.
Change-Id: I571b401ab2ca3c77352f4849eb2b99de20292032
When using `ManageNetworks: false` the gateway IPs are
empty string instead of `null` when not set. The YAQL
expression filters `null` values, but the empty string
value is included in the list. The ping gateway test end
up trying to run "ping $args $empty_string" which fails.
This change improves the yaql expression to also filter
strings with 0 lenght.
Closes-Bug: #1973866
Change-Id: I7d8712223d077ab8e25239b891bd03a1324e01a8
AdminPassword and KeystoneRegion need to be added as a stack outputs so
that they are saved in the working directory for stack outputs after
using ephemeral Heat to create the stack.
The code to create the rc params to create the overcloudrc file(s)
(tripleoclient.utils.get_rc_params) can then create the overcloudrc
using only the working directory. No reference to the stack object or a
running instance of Heat to query the stack would be required.
Change-Id: Idaef781163c6c8f5928d93d9bbc1aa7b0dee6fd6
Signed-off-by: James Slagle <jslagle@redhat.com>
This change ensures that firewall rules for haproxy endpoints are
enabled properly even when haproxy and api services are running in
different nodes.
With this change, firewall rule for ssl endpoints are removed from base
firewall rules because these ports are used by haproxy and not used by
api services.
Also, the adhoc implementation to run firewall configurations first is
refactored by the new host_firewall_tasks key. This allows us to
implement tasks to configure firewall in the corresponding resource
template.
Closes-Bug: #1961799
Depends-on: https://review.opendev.org/831547
Change-Id: I07ceab077f9a900f7e2e35af8acd3e7a337ed01a
We have used the dns_nameservers from the subnets for
a long time by default: https://review.opendev.org/579582
With network config being applied prior to creating the heat
stack we cannot use a THT parameter to feed the input for
node network configuration. In Wallaby and later the nameservers
must be defined in undercloud.conf using:
'DEFAULT/undercloud_nameservers'
or
'%SUBNET_SECTION%/dns_nameservers'
The latter allow defining nameservers per-ctlplane subnet.
Related: RHBZ#2068489
Change-Id: I436fa7f1e87a8e6924c9d93105b06f9ab39eeb8f
The networking-bigswitch plugin is no longer maintained. The repository
has not been updated for 2 years and no release has been made since
stable/train.
Ideally we should deprecate the functionality first. However current
TripleO follows its own independent release cycle and this makes it
difficult to implement deprecation consistent with the underlying
puppet-neutron. (We are deprecating support for the plugin during Yoga
and will remove it completely in Zed). Because of this situation and
the assumption that it's not likely any user will use the plugin with
recent versions of OpenStack, this change directly removes support
for the plugin from TripleO.
Change-Id: Idea125fa97c39e1f5e97d76f8d33b61fab695625
Closes-Bug: #1962579
AnyErrorsFatal is boolean, just like its neighbor
NetworkConfigUpdate param.
The string type ends up with group_vars, like:
any_errors_fatal: 'True'
network_config_update: false
Fix the type to correspond a bool in ansible.
Change-Id: Ice8d3ee63d11c531641b9defeb615ad7006f1671
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
PingTestGatewayIPsMap elements may contain list of lists, causing failures
on roles that iterate over them. See [1] and #1950528 for more info.
[1] https://review.opendev.org/c/openstack/tripleo-ansible/+/817500
Closes-bug: #1950528
Change-Id: Idb70c822f01f808871a53689edfa2edf52e59e54
Signed-off-by: Douglas Viroel <dviroel@redhat.com>
Add ping test for gateway IPs on all networks, to ensure
all gateways are reachable.
The releated Bugzilla reports an issue where some network
fabrics fail when using the current node ping test, which
pings the first node in each role. The fabric simply does
not forward traffic before the gateway has been pinged.
One can argue that the fabric in question is broken. However,
with the current implementation the first node in each role
actually ping tests only against it's own address? So adding
the test to ping the gateway addresses improves the validation
in general.
Related RHBZ#1875962
Depends-On: I93cded61ffb862e99fd8043dbf0def3d16079692
Change-Id: I3309f2a0e39ad115930ecd5c0e895816565819e9
In ansible, usage of true/false for boolean values, instead of yes/no,
is considered as a best practise and is enforced by ansible-lint with
the "truthy value should be one of false, true (truthy)" rule.
This change replaces usage of yes/no by true/false to follow that
practise.
Change-Id: I3313278f1ef6cbee0f906aca0a77bde1a3c53784
With Ephemeral Heat, we can no longer rely on the stack
action to perform tasks. Such as we did with
NetworkDeploymentActions. This change will add a new
parameter to replace this functionality.
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/805213
Change-Id: I7067c31f4fcc3f263ae2e3ab993c8bff7113d55b
With Train, net-config-bridge.j2.yaml was the default for roles tagged
with 'external_bridge'. The equivalent from the new
tripleo_network_config ansible role is templates/net_config_bridge.j2.
We should keep the default the same.
Signed-off-by: James Slagle <jslagle@redhat.com>
Change-Id: I0255181dcd21dc4a50647169a20265a83057c67e
This simply stores the data structure in the network_data
and roles_data YAML files provided with the -n and -r
options when deploying the overcloud.
This can be generally useful for troubleshooting.
Also the 'overcloud node extract provision' command rely
on the roles data source. Storing it in the stack means
we can get to the data in case the user missplaced the
file originally used, or in the case where we want to
automate the process for all deployed stacks.
NOTE: The idea is to backport this to the release intended
as the upgrade from release, so that the follow on change
Icc6a7a438e9d0f39d003d1cf8ed84d6fb1d5485a can use it during
upgrade.
Related: blueprint network-data-v2-ports
Change-Id: I1efecdcd7afa6af3e6b4b26f4435198836db535f
This change adds an extra ansible host var to the defaults which
will allow an operator to more easily define a mapping of options
to configure advanced ansible options within their deployment.
Change-Id: If4654470a77a67445a56fb8fed6963fed300aad4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Moving the network and port management for OVN
bridge MAC addresses to ansible.
Removes the heat resources, and adds an external
deploy task at step 0 in the ovn controller service
templates which uses the 'tripleo_ovn_mac_addresses'
ansible module to create/remove OVN mac address ports.
Adds parameter role_specific OVNStaticBridgeMacMappings,
parameter that can be used to set static bridge mac
mappings. When this is set no neutron resources will be
created by the tripleo_ovn_mac_addresses ansible module.
OVNStaticBridgeMacMappings must be used for standalone
deployments.
Implements: blueprint network-data-v2-port
Depends-On: https://review.opendev.org/782891
Depends-On: https://review.opendev.org/783137
Change-Id: I6ce29d2908e76044c55eb96d0d3779fe67ba9169
After a Overcloud deployment, /etc/hosts on the undercloud
will be populated with entries for each overcloud node. Since
we use the same tripleo_ansible roles for both the undercloud
and overcloud deployment, the /etc/hosts file on the Director
will be removed by undercloud install / upgrade operations.
This is outlined here:
https://bugzilla.redhat.com/show_bug.cgi?id=1933528
This change adds the RootStackName to the group_vars,
this is then used by the tripleo_host_entries role in
tripleo-ansible to write host entries per stack.
Closes-Bug: #1924751
RHBZ: 1933528
Change-Id: I9e53187f37d41d7180e66db1239b5f9c8846addd
With this change a Heat resource is no longer used to
create an undercloud neutron API port resource for the
redis and ovn_dbs service virtual IPs. Instead an
external deploy task at step 0 in the individual service
template uses the "tripleo_service_vip" ansible module
to mange a neutron API port resource for each service.
The interfaces to control the IP address and service
network (RedisVirtualFixedIPs, OVNDBsVirtualFixedIPs
and ServiceNetMap) remains the same.
It is also possible to include the 'use_neutron' boolean
in the FixedIPs parameter to instruct the ansible module
not to create a neutron API resource, and simply "echo"
the ip_address given in the FixedIPs parameter. For
example:
RedisVirtualFixedIPs:
- ip_address: 1.0.0.5
use_neutron: false
Alternatively the fixed-ips can be set using the
'ServiceVips' parameter, like this:
ServiceVips:
redis: 1.0.0.5
ovs_dbs: 1.0.0.6
NOTE: If the neutron service is not available the
tripleo_service_vip ansible module will "echo"
the IP provided in %service%VirtualFixedIPs.
Related: blueprint network-data-v2-ports
Depends-On: https://review.opendev.org/777307
Depends-On: https://review.opendev.org/779883
Change-Id: I4794418546363888e7a555a16b45b7a4417f1ef8
Set up tag hints on all OS::Neutron::Port resources.
The network-data-v2 work uses tags on neutron resources
to find existing resources so that we update instead
of create. Also for generating environment files info
in the neutron tag field is utilized.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I3d43ae22cc45e5528ecfb1a6b2cb8602faa162a0
The role ResourceGroup (puppet/role.role.j2.yaml template) tries to
create a port on the OVNMacAddressNetwork, as such we need a dependency
in the top level stack, otherwise the network may not exist before Heat
attempts to create the port.
Change-Id: Ie453fcdbb8eb42bbf718506b0b9b443ccd84543a
Signed-off-by: James Slagle <jslagle@redhat.com>
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
All heat params have been copied over, there are a bunch
that are used for conditionals.
The outputs and conditionals secions in *-puppet do a lot
of configuration, and provides lists of defaults for
puppet. These will be moved to ansible, role is at [1]
and in tripleo_ansible.
[1] https://github.com/infrawatch/collectd-config-ansible-role
[x] https://github.com/infrawatch/tripleo-collectd-ansible-role
Depends-On: Ib75702bf17a76cae3a811db503d3365e6aacf663
Change-Id: I9939a524795bb3fbc63e44f203f851dadeb7c30a
This patch exposes the net_cidr_map variable so that tasks can
access the list of CIDRs that are valid for a network as opposed
to attempting to build the CIDRs from the network definitions.
In spine-leaf or edge use cases the networks may have multiple
subnets assigned to a given network.
The new Unbound service will use these maps to build lists of
CIDRs allowed to make queries.
Change-Id: I6004519e8b2317d19356c4a2b8bea416b4d94c22
Set tags tripleo_vip_net=ctlplane and tripleo_stack_name=$STACK_NAME
on the ControlVirtualIP port.
Related: blueprint network-data-v2-ports
Change-Id: I098f24423716688fe8ff61a894516f3e860b2a4c
This is added for backward compatibility for passing
json config directly for undercloud network configuration.
Partial-Bug: #1915585
Change-Id: I58c34766e8250f4de45172e0372329dd7a09af9d
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
We shouldn't be double quoting the hieradata files in overcloud.j2.yaml.
Related: https://bugzilla.redhat.com/1924862
Change-Id: I042c26ac5a488bbd9f9d3802cfe6ea95c7ab0380
In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.
Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.
Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
Add a group_var carrying all enabled overcloud
networks. The multi-nic templates should iterate
over all the networks in the order they apper in
network_data.yaml to allow maintaining the
network to nicX contract that existed in the Heat
mulit-nic config templates.
Change-Id: I69fa208d160f1ae2cb2cc252d9b7852ada9e96f0
Related-Bug: #1904894
For DVR the external bridge is needed also on compute nodes
where there is no 'External' network associated witht the
role. Compute nodes running DVR need the MTU to properly
configured.
Also create a 'network_lower' group_var mapping all
'network.name' to 'network.name_lower'.
NOTE: A follow up can deprecate 'role_networks_lower' once
all Ansible templates are updated to use the 'network_lower'
map.
Related-Bug: #1904809
Change-Id: I5e106874b7809b3b0b8265615863a9b9d35d7c44
The ansible network configs does a check if network
is in networks_skip_config. When networks_skip_config is
not defined in the role data it get's defined as 'null'
in the Ansible inventory.
Default it to an empty list when creating the GroupVars
so that it's always of type: List in the inventory.
Change-Id: I0c09118b947aeee9b011e7d0ec23ab99af3680af
Closes-Bug: #1904808
Set tag's with the stack name and the hostname
on composable network node ports. The tags will
be used by network-data-v2 with port management
handled outside of heat.
Change-Id: I23c600c1754d463028259a7dc2c6e5538c512ca4
This changes the parameter to non-role specific and by default
true. The dependant python-tripleoclient patch adds a check
to ensure that we only allow usage of old heat nic congigs with
'NetworkConfigWithAnsible: false'.
Change-Id: Ie37bdfe64eb1b33afe326161fc6f99601addb7b5
They'll be used in tripleo-ansible for the bonding nic configs:
I807f2e49482693735469f737a2459d3a559b2025
Change-Id: I9ca00a4d3d4bff2e12779201ff77263c44550857
Previoously the default route was concatenated with the
host_routes in the NetworkConfig. This change moves that
concatenation to overcloud.yaml.
GroupVars {{network.name_lower}}_host_routes and
ctlplane_host_routes will have the default route appended
based on role.default_route_networks setting.
For heat base NetworkConfig the parameters
ControlPlaneStaticRoutes and {{network.name}}InterfaceRoutes
will have the default route appropriately appended.
Doing the concatenation in overcloud.yaml enable simplified
user-facing NetworkConfig templates.
For standalone and undercloud define the default_route_networks
with an empty list. Cannot leave it undefined as this will
default the default route to the ctlplane's gateway. Undercloud
and Standalone uses the management interface as the gateway by
default, so we should not set a default gateway for these roles.
Change-Id: I3a35c4b46536fa2916d9fa387278077884adaf68
Since the key includes colons, we need to quote it so yaml stops trying
to interpret it as an element.
Change-Id: I04c24936bbff9f9ceea72f71e6e7798b4a2a39aa
Closes-Bug: #1898113
* Clean up port resoures outputs that is no longer
required since we get it of the network attributes
map instead. The removed outputs are mtu, host_routes,
gateway_ip, cidr
* Drop usage of parameter ``ControlPlaneSubnetCidr`` in
overcloud.yaml, get it from net_attributes_map instead,
* Remove old notes regarding parameters we don't need to
set in network-environment files.
* Remove DnsServers from network-environment files.
Nameservers should be defined in undercloud.conf, either
globally with undercloud_nameservers, or per-control plane
subnet using the dns_nameservers option in the subnet group.
(I don't think we can deprecate the param entirely, cause
standalone ...)
Change-Id: I31154448603ccbba692282c44511d963ca9b6d0e
For each role create a network config resource
{role.name}}NetworkConfig. Remove per node
NetworkConfig resource from puppet/role.role.j2.yaml.
NOTE: CI nic config templates was updated with using
tools/merge-new-params-nic-config-script.py
Depends-On: https://review.opendev.org/753930
Change-Id: Iff4bf742947a5a8170938372a8075519850b6f63
Read the VLAN id of the subnet tag's and populate the
{{network.name_lower}}_vlan_id group var.
The VLAN id is added to subnet tags in the depends-on
change.
Depends-On: https://review.opendev.org/750666
Change-Id: I09233e84e022433220f2fa7b6758368191880566
This patch changes undercloud and standalone roles to
generate network config with only ansible and
not depend on downloaded network config from
heat stack.
Depends-On: https://review.opendev.org/#/c/753958/
Change-Id: Ibcb0f0a65cfd04d677a4b861d9f647af13611b24