Zaqar was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the
overcloud for some time.
Change-Id: I3bdcc72d6127ec96ff2307cafbf57f6178c3ef5c
Mistral was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the overcloud for
some time.
Change-Id: I6963453f53cb554ca8fdb58706f04838bbd11ba0
The Ceph Dashboard uses by default the Grafana network to bind the
overcloud backends to the specified port.
However, the CephDashboardNetwork parameter is used to define the
haproxy frontend and the related vip, used to reach the Ceph backends.
The purpose of this patch is to make sure the right defaults are
used for TripleO deployed Ceph clusters.
Depends-On: I716f94b4e9eae4f26b9ab11c4f412aebcb0b58c2
Change-Id: I1dd5581317462f638185c918c85c86f953ddf28f
Following the deprcation[1] during the Wallaby cycle, this change
removes support for Cavium LiquidIO, which is unlikely to be used
nowadays.
[1] 5a3f55ed95
Change-Id: I020c8d9d98b8ea19fc2137611d4132ff05a57767
In Icef2481b65b41b524ad44eeecfbee4451006e1d2 we moved to use
NovaLibvirtNetwork as the single network to configure instance console
components.
Due to how hieradata is being rendered via tripleo-hieradata, the
removed NovaVncProxyNetwork resulted in no-vnc-proxy service to
fall back to the control plane network because NovaVncProxyNetwork
was removed.
NovaVncProxyNetwork was then reintroduced with
I595294956a4a7a0e2280c685ac1d2543edbc32f2 but as a side effect
again introduced the inconsistency on the console configuration.
This patch removes the NovaVncProxyNetwork from ServiceNetMap
but set it as part of service_net_map.j2.yaml and keep it in
sync with NovaLibvirtNetwork.
Change-Id: I08fa1ee947574e6fac24885b17706a22054fcba9
Closes-Bug: #1917719
Rather than using a new service, we can use the existing HeatEphemeral
service we added to ensure the undercloud is prepared for the overcloud
deployment usage of the ephemeral heat version. Additionally this will
properly tear down the previous containered heat services once the data
has been extracted from the existing databases.
Change-Id: I13270a4866f9b339cb31ebba223121978e52b499
The HEP Lefthand driver was removed from cinder during Ussuri release
and puppet-cinder also dropped support for the driver during Xena
cycle.
Closes-Bug: #1933709
Change-Id: If0e72c48212b867f0d9162f58e67099ac7350c4e
Adds a ephemeral heat service that ensures the containers are fetched on
the system and tagged specially for usage later with the overcloud
deployment process. After the service deploys, the following container
images should be available on the local system.
localhost/tripleo/openstack-heat-all:ephemeral
localhost/tripleo/openstack-heat-engine:ephemeral
localhost/tripleo/openstack-heat-api:ephemeral
Depends-On: https://review.opendev.org/c/openstack/tripleo-common/+/796614
Partial-Bug: #1931995
Change-Id: I923856c83c14eb54073684ace93e9e1e85f53329
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Signed-off-by: Alex Schultz <aschultz@redhat.com>
This would allow role specific parameters to be defined
in multiple environment files and would be merged. It
would throw an error if the merge strategy is not defined
in an environment file.
Closes-Bug: #1913701
Change-Id: Ifdb1dec4e9149c7e3e3df72020adad8a7a5f6032
A new service, OS::TripleO::Services::UndercloudUpgradeEphemeralHeat is
added to the Undercloud role. The service is mapped to OS::Heat::None by
default, but when environments/lifecycle/undercloud-upgrade-prepare.yaml
is included, the service will be enabled and will migrate any already
deployed stacks in the undercloud's Heat instance to be able to be used
with the ephemeral Heat deployment option from tripleoclient.
Signed-off-by: James Slagle <jslagle@redhat.com>
Change-Id: If11e2fc07a1ff773f6eaf209d8b48493f0b60e85
As we use PATCH update if we remove these resources
from default resource registry the existing mappings
would still be there in the stack environment. Map
them to OS::Heat::None instead.
Depends-On: https://review.opendev.org/c/openstack/python-tripleoclient/+/793909
Change-Id: I526dff594543df025215c6af476be46e948c9fe5
This simplifies the ServiceNetMap/VipSubnetMap interfaces
to use parameter merge strategy and removes the *Defaults
interfaces.
Change-Id: Ic73628a596e9051b5c02435b712643f9ef7425e3
Moving the network and port management for OVN
bridge MAC addresses to ansible.
Removes the heat resources, and adds an external
deploy task at step 0 in the ovn controller service
templates which uses the 'tripleo_ovn_mac_addresses'
ansible module to create/remove OVN mac address ports.
Adds parameter role_specific OVNStaticBridgeMacMappings,
parameter that can be used to set static bridge mac
mappings. When this is set no neutron resources will be
created by the tripleo_ovn_mac_addresses ansible module.
OVNStaticBridgeMacMappings must be used for standalone
deployments.
Implements: blueprint network-data-v2-port
Depends-On: https://review.opendev.org/782891
Depends-On: https://review.opendev.org/783137
Change-Id: I6ce29d2908e76044c55eb96d0d3779fe67ba9169
The Keepalived service was deprecated during the Ussuri cycle[1], so
can be removed now.
[1] c712355e4b
Related-Bug: #1926314
Depends-on: https://review.opendev.org/788200
Change-Id: I02a2612c7e08576c7c5df85e73702a5678a18b99
The Veritas HyperScale driver has been removed from cinder[1], thus
we should remove its support from TripleO as well.
[1] 9aca21f5cec8f03a3bb410acb21399955144fe0f
Because the implementation was removed a while ago, this change doesn't
deprecate the feature but directly remove it.
Change-Id: I5dd448ac0a7c9a786b9239290d1690d51f50f71c
Resource OS::TripleO::Services::CinderBackendDellEMCXTREMIOIscsi
is deprecated and should have been removed in Victoria release.
Depends-On: https://review.opendev.org/#/c/786018
Change-Id: I6e79c3ed1f097cf4363f70adb911cf062975c9bf
With this change a Heat resource is no longer used to
create an undercloud neutron API port resource for the
redis and ovn_dbs service virtual IPs. Instead an
external deploy task at step 0 in the individual service
template uses the "tripleo_service_vip" ansible module
to mange a neutron API port resource for each service.
The interfaces to control the IP address and service
network (RedisVirtualFixedIPs, OVNDBsVirtualFixedIPs
and ServiceNetMap) remains the same.
It is also possible to include the 'use_neutron' boolean
in the FixedIPs parameter to instruct the ansible module
not to create a neutron API resource, and simply "echo"
the ip_address given in the FixedIPs parameter. For
example:
RedisVirtualFixedIPs:
- ip_address: 1.0.0.5
use_neutron: false
Alternatively the fixed-ips can be set using the
'ServiceVips' parameter, like this:
ServiceVips:
redis: 1.0.0.5
ovs_dbs: 1.0.0.6
NOTE: If the neutron service is not available the
tripleo_service_vip ansible module will "echo"
the IP provided in %service%VirtualFixedIPs.
Related: blueprint network-data-v2-ports
Depends-On: https://review.opendev.org/777307
Depends-On: https://review.opendev.org/779883
Change-Id: I4794418546363888e7a555a16b45b7a4417f1ef8
There isn't a 1:1 correlation between the designate worker and bind
instances nor is it always desirable to run them on the same host.
Depends-On: If97e16a125537c1b5d9f5cfac1de0ffae0edb99a
Change-Id: I624299476a2911f12b1f5ce01964e5d926c6b38e
This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.
Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249
We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.
Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>
Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
There are instances users use ``NetworkDeploymentActions`` to
do network configuration during update, but just drop the
parameter for subsequent updates. This sometimes results in
network configuration changes in existing nodes and disruptions.
Let's always set them to defaults unless overridden explicitly.
Change-Id: Ibe7925e4ee568d3d45e138d543b6d7064a8503a3
Related: https://bugzilla.redhat.com/1928055
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
This change restores the PreNetworkConfig resources, so that we migrate
back ExtraCnfigPre and NodeExtraConfig from pre network configurations
to post network configurations, to be consistent with older version
depending on Heat software deployments instead of config download.
Depends-on: https://review.opendev.org/772303
Closes-Bug: #1907214
Change-Id: I96e7e4c570839cfba6011788464d8e93925b2f01
timemaster service provides HA between different
time service i.e chrony, PTP. When timemaster service runs,
it spwans instances/child processes of chronyd, ptp4l and
phy2sys. Look at below output.
[root@hareshcomputesriov-0 heat-admin]# systemctl status timemaster
● timemaster.service - Synchronize system clock to NTP and PTP time
sources
Loaded: loaded (/usr/lib/systemd/system/timemaster.service; disabled;
vendor preset: disabled)
Active: active (running) since Tue 2020-08-11 17:24:45 UTC; 3s ago
Main PID: 544428 (timemaster)
Tasks: 4 (limit: 357097)
Memory: 2.4M
CGroup: /system.slice/timemaster.service
├─544428 /usr/sbin/timemaster -f /etc/timemaster.conf
├─544429 /usr/sbin/chronyd -n
-f /var/run/timemaster/chrony.conf
├─544430 /usr/sbin/ptp4l -l 5
-f /var/run/timemaster/ptp4l.0.conf
-H -i eno1
└─544431 /usr/sbin/phc2sys -l 5 -a -r -R 1.00
-z /var/run/timemaster/ptp4l.0.socket
-t [0:eno1] -n 0 -E ntpshm -M 0
Timemaster service uses /etc/chrony.conf and /etc/ptp4l.conf to create
runtime instance for these 2 timeservices. These 2 time services sync to
their respective time source. Timemaster provides HA between chrony
and PTP (between different PTP domains as well which is not part of
this patch).Timemaster compares all time sources and use the best
sources to synchronize the system clock. if chronyd commuication breaks
then timemaster will set system time with PTP grand master's provided
time and vice a versa.
2 new parameters added by this patch in order to make above work.
In order to use timemaster service, we need to remove Timesync and
add TimeMaster in roles_data.yaml for the role we desire to have
Timemaster service.
- OS::TripleO::Services::TimeMaster
Change-Id: I32e9d17132d188aaddc5f5be578643a5f25ea375
Closes-Bug: #1893025
Depends-On: https://review.opendev.org/#/c/748431/
Depends-On: https://review.opendev.org/#/c/749093/
Change it to POLL_SERVER_HEAT (Attempt 2, Earlier attempt had
issues when changing this as simultaneously deleting a bunch
of SoftwareDeployment resources). This is required to remove
swift from undercloud.
Change-Id: I639f5626013cd0ef61c1f9066fab7a7b8806287f
CinderVolumeEdge is an optional service (defaults to OS::Heat::None)
that can be enabled on DCN/Edge nodes for edge sites that support
persistent block storage (i.e. cinder). The dcn-hci.yaml environment
file enables the service.
The new service supports the following edge deployment models:
1. Edge site with no block storage
- Deploy DistributedCompute nodes
- Use dcn.yaml environment file (the CinderVolumeEdge service
remains disabled)
2. Edge site with traditional HCI storage
- Deploy DistributedComputeHCI nodes
- Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
- Use ceph-ansible.yaml env file to deploy ceph for the RBD backend
3. Edge site with quasi-hyperconverged storage
- Deploy DistributedCompute nodes
- Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
- Use ceph-ansible-external.yaml env file so the RBD backend can
access an external ceph cluster
This patch adds support for number 3, which is a new capability. Whereas
traditional HCI means ceph and cinder services run on compute nodes, the
new model is still quasi-hyperconverged because cinder (as well as
glance) runs on the compute nodes.
Change-Id: I56b5792c1d53bb8659e440f598006e471894ff2e
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
Rename Tripleo Service for NeutronMl2PluginBase from
OS::TripleO::Docker::NeutronMl2PluginBase to match with other services
as OS::TripleO::Services::NeutronMl2PluginBase.
Change-Id: I38d2fb5e9f0daba4c519343e88cd51e07dd00300
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.
[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
This replaces net-config-noop.yaml mappings to OS::Heat::None.
Also removes all unnecessary setting of it in environments as
we map them in overcloud-resource-registry-puppet.j2.yaml.
Normally that should be enough but we override them in so many
places, so there will be some redundancy.
Depends-On: https://review.opendev.org/755275
Change-Id: Ib4d07c835568cb3072770f81a082b5a5e1c790ea
The old all nodes validation used a bash script to run some basic ping
tests after the network setup. It used to be a software config but
eventually got baked into the deployment framework. This patch switches
to the ansible role implementation and cleans up the old references to
the old heat resource.
Change-Id: Ia7f055d2c636f950c3fe6d8611834c4ab290f31a
Depends-On: https://review.opendev.org/#/c/747466/
A network used to allocate MAC addresses for OVN chassis.
Ports without and IP allocation will be created on this
network, the MAC addresses of the ports will by used to
configure the ovn-chassis-mac-mappings.
NOTE, we may want to change the 'base_mac' option of the
undercloud, so that we don't have collissions with the
overcloud 'base_mac'.
Related-Bug: #1881593
Change-Id: If495b5d5c1e6beff02b48507051cccfb70fd995c
OVN is used by default, which includes DVR and requires a Neutron
external network bridge on the Compute nodes. This change adds the
tag 'external_bridge' to the Controller roles and modifies the
overcloud-resource-registry-puppet.j2.yaml file to set the default
NIC configuration to net-config-bridge.yaml when this tag is set.
This will cause both Controller and Compute nodes to have an
external bridge by default if no specific NIC configuration files
are specified for both roles since the 'external_bridge' tag is set
in roles_data.yaml.
This change also stops using net-config-bridge.yaml when the role
includes the 'controller' tag, since the 'external_bridge' tag is
used instead. A release note explains the change.
Closes-bug: 1890337
Change-Id: I69c32d33a516c629303e87c8e9a0e4b8fe58c669
This change updates the baremetal host sshd management to use ansible
instead of puppet. It should still be noted that the nova-migration
container still uses puppet to manage sshd.
Change-Id: Iedd149c123d807dee229160f8e9f1b17bf379368
Depends-On: https://review.opendev.org/#/c/742970/
VxFlex OS driver is rebranded to PowerFlex.
This patch adds support for PowerFlex.
Will deprecate the VxFlexOS template in
a new patch.
Depends-On: https://review.opendev.org/#/c/743852/
Change-Id: I94310bf84a0af7a735bd6e1c0038686b0d0abfc8
A new BarbicanClient tripleo service provides a means of configuring
the barbican Key Manager settings for cinder, glance and nova services
running at an edge site. This is necessary because the BarbicanApi
tripleo service is only capable of configuring the Key Manager settings
for services running in the control plane.
For cinder, the BarbicanClient ensures the KeyManager settings are
available to the cinder-volume and cinder-backup services. This is
necessary because the Key Manager setttings are traditionally associated
with the cinder-api service, but cinder-api is not deployed at the edge.
Closes-Bug: #1886070
Change-Id: I17d6c3a3af5b192b77d264ff3e94e64ef6064c77
The BlockStorageCinderVolume tripleo service (used by the BlockStorage
and DistributedComputeHCI roles) is meant to deploy the cinder-volume
service without pacemaker. Unfortunately, [1] inadvertently switched
it to the pcmk version of the template, and this patch moves it back.
[1] I0f61016df6a9f07971c5eab51cc9674a1458c66f
Closes-Bug: #1886095
Change-Id: I182f8c5a8ce283b675aa18712e84fcd692200eb1
This commit attempts to build out a composible service that enrolls the
undercloud as a FreeIPA host using an OTP. This is similar to what we've
done in the past for tls-everywhere except we're not using novajoin.
Change-Id: I770227b2f4f1ea447cf0138f57a6ed66c034d225
- Docker isn't supported anymore.
- Clients are now installed by Ansible, not Puppet
- Neutron SRIOV host isn't supported and operators should deploy with
sriov_pf network object in nic configs.
- firewall is now managed by Ansible, not Puppet
Change-Id: I2b6068a719563a53bc255dcce72a92465e7df468
It seems that netwokring-fujitsu is no longer maintained[1], and it's
not compatible with Python 3.6 which currently all OpenStack services
require.
[1] https://opendev.org/x/networking-fujitsu
Change-Id: Iae639864cce8e3add635944f157ecde074312e74
Updating the SC cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
CinderScBackendName supports a list of backend names
and a new CindeScMultiConfig parameter provides
a way to specify parameter values for each backend.
For example see file environments/cinder-dellemc-sc-config.yaml
Depends-On: https://review.opendev.org/#/c/722538/
Change-Id: I6e5f3753fe167c7fbc75c3d382c88c09c247c7b3
Updating the Xtremio cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
Depends-On: https://review.opendev.org/#/c/723020/
Change-Id: I2ba45aaa584c6fdcfb59cf6aed1b72dc8815f91f
Alex Schultz
Francesco Pantano
Tom Barron
Simon Dodsley
Takashi Kajinami
Martin Schuppert
Bogdan Dobrelya
ramishra
James Slagle
Harald Jensås
Ivan Pchelintsev
Brent Eagles
Michael Johnson
Michele Baldessari
Grzegorz Grasza
Haresh Khandelwal
Alan Bishop
Oliver Walsh
Purandhar Sairam Mannidi
Ade Lee
Dan Sneddon
rajinir
Dave Wilde (d34dh0r53)
Emilien Macchi