This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
OVN configuration was not done when deployed with
scenario007 as default for NeutronMl2PluginBase was
used which is neutron-plugin-ml2.yaml. This patch
fixes this to use neutron-plugin-ml2-ovn.yaml which
correctly configures neutron for ovn metadata.
A very basic deployment to be used with free-ipa, and upgrade ci.
There may be other valuable uses for this deployment as well.
Co-Authored-By: Jiri Stransky <email@example.com>
These relative paths were incorrect given where these environment files
live in the templates directory tree.
These environment files aren't actually used by ci as their equivalent
network-isolation-absolute.yaml versions are preferred. However, if we
fix these paths we could consider switching ci over to use these as it's
arguable more preferrable instead of the hardcoded packaged path.
In mixed version test scenario, we can have a ping test triggered
after the overcloud installation just to make sure that it works.
If we fix the version to queen then this scenario cannot work.
This file has been used for the containerized undercloud so we can
deploy a simple bridge with os-net-config.
We're moving the environments used for CI into THT, so we can branch
them. This is part of this effort.
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.
Implements: blueprint custom-ceph-cluster-name
Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3
to secure SNMP on a specific network but until then we need to stop
opening the services so cloud providers won't report any security issue
for TripleO jobs.
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.
The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).
Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.
The initial fluentd client implementation predates the introduction of
service_config_settings, and necessitated some invasive changes to
what is now common/serivces.yaml. This commit modifies existing
services to use the service_config_settings based configuration
mechanism supported by more recent versions of the fluentd support in
This change adds a StorageNFS network. It's required by
https://review.openstack.org/#/c/471245 which implements
NFS Ganesha backend for Manila service.
To define and enable the StorageNFS network, deploy using
network_data_ganesha.yaml instead of network_data.yaml.
Besides the former adding the StorageNFS network, these
are otherwise identical.
If enabled it's also necessary to add StorageNFSIpSubnet and
StorageNFSNetworkVlanID heat parameters into network templates.
Co-Authored-By: Dan Sneddon <firstname.lastname@example.org>
Partially-Implements: blueprint nfs-ganesha
te-broker can set up an OVB stack to deploy the overcloud
with public bond network isolation but the heat templates
used in the overcloud deployment were missing.
This review adds these templates from openstack-virtual-baremetal
so that public bond network isolation can be tested in CI.
We installed docker our traditional way when deploying with Kubespray
and disabled Kubespray's management of Docker, because Kubespray
installs non-CentOS Docker binaries.
However, openshift-ansible installs Docker from CentOS, we don't need
to install it using the Docker composable service too. That way
openshift-ansible will be the authority on Docker configuration when
This patch adds support for networking-ovn-metadata-agent.
It will deploy the agent on compute nodes and disable Nova
The following two patches have been squashed into this one:
The reason behind the squash is that we had interdepenencies
and this patch alone wouldn't be testing the code properly
without the two other ones since scenario007 job in baremetal
has been removed for this cycle.
Signed-off-by: Daniel Alvarez <email@example.com>
This patch will force the 3nodes job to be containerized, like all jobs
should be in Queens.
Another patch in tripleo-quickstart will update the featureset.
Also moving Clustercheck service where MariaDB & Pacemaker run.
Also remove Heat since we'll run Tempest.
The ipv4 nic-config templates in tripleo-heat-templates were never
updated to use "group: script" and were still using the deprecated
This commit updates the templates. Doing so means they will also work
with the config-download deploy mechanism which only supports the
"group: script" method. This update allows us to move forward with
converting ci jobs that use these templates (such as ovb-ha) to use
The path to run-os-net-config.sh in these nic config templates for ci
should be relative, not absolute. The absolute path does not honor a
different directory specified via --templates, and it also fails the
overcloud deploy entirely b/c the absolute path does not exist in the
plan in swift.
Ceph containers are started with `docker run --memory`
and `docker run --cpus` to limit their memory and CPU
resources. The defaults for OSD and MDS containers were
recently increased  to values better for production
but this change keeps them at lower values just for
docker-puppet.py uses the DockerPuppetDebug boolean to trigger debug
logging. It is disabled by default which makes it hard to understand
what is happening in CI. Let's enable it for CI.
To decrease the time test_telemetry_integration takes, we do the
* Enable ManagePolling so ceilometer agents will poll every
ceilometer::agent::polling::polling_interval interval (already set to
* We change the publishers list to set an archive policy to use for
Gnocchi. We use high so one 1 points will be keep every 60s.
Note that the tempest telemetry.alarm_granularity configuration must be
kept in sync with the archive policy. This is done here:
The test should takes 2 minutes instead of 10 after this change.
This parameter must have been missed (or was adder later) when these
were templates were copied from tripleo-ci in
The job timeouts too much, some services are already covered by
scenarios, no need to duplicate testing.
Add CephAnsibleEnvironmentVariables which allows a user to
override any Ansible environment variable.
Set NetworkPluginIpv6Enabled if IPv6 networks
have been enabled. Currently this parameter and
NetworkPluginIPv4Enabled are mutually exclusive so
set the latter false as well. Default is IPv4
Add external_deploy_tasks for OpenShift installation. This makes
OpenShift installation work with the config download mechanism.
Co-Authored-By: Jiri Stransky <firstname.lastname@example.org>