With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
leapp is looking for errors in /etc/default/grub and
fixes it during upgrade. It does not recognize entries
starting other than "GRUB", as tripleo sets the entry
starting with TRIPLEO_ instead of GRUB, append the
entry with GRUB_ so that leapp upgrades correctly.
Closes-Bug: #1890080
Change-Id: I9238cd35a1114b1649a38ab4f24225865bcecf19
Along the same lines as https://review.opendev.org/#/c/580460/.
Currently, the Erlang Port Mapper Daemon requires that the loopback
interface supports IPv6 in order to initialize properly.
Without that, rabbitmq-server cannot start and deployment fails at step 2.
Until the startup behaviour of epmd is amended, do not disable inet6 support
on loopback device to workaround the problem.
Change-Id: Ia747103aca99f3f45d7705248c6c1ef19aa93d71
Exclude ports from the ephemeral pool ranges that can be shared by
the following services:
* Keystone - 35357
* Qpidd/matahari - 49000
* Clustercheck - 49000-49001 (xinetd)
* Swift Proxy and Ironic PXE that rely on xinetd - 49001
Closes-Bug: #1820576
Change-Id: I71308a65bea5f59d755b766165dabf5d3e646ee1
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Ansible has decided that roles with hypens in them are no longer supported
by not including support for them in collections. This change renames all
the roles we use to the new role name.
Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae
Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Using static import_role, make the vars defined under the
import_role task to be available for the whole PLAY itself,
which is causing the role-specific parameter to be available
in other roles. Move to dynamic include_role, which will
define these variables only for the included ansible role.
Closes-Bug: #1859129
Change-Id: I402db858526def9dfd33f954f1ecd885c01f4367
Ealier, KernelArgs had been configured using ansible
tasks part of THT repo. Thoese ansiblet asks has been
moved to tripleo-kernel role of tripleo-ansible. This
role will be invoked from the boot-params-service.
boot-params-service has been moved from pre network to
the deployment/kernel directory.
OvS-DPDK configuration was done using puppet-vswitch
module by invoking puppet in PreNetworkConfig's
ExtraConfig script. A new ansible role tripleo-ovs-dpdk
has been created to apply the DPDK configurations via
ansible instead of puppet. This role will be common
for both ml2-ovs and ml2-ovn. Common parameter merging
has been enhanced to provide common deploy steps.
ODL is not validated as it has been deprecated and
currently no active usage or development.
Depends-On: https://review.opendev.org/#/c/688864/
Change-Id: I4b6f7d73cf76954e93760c59d522d485187157cf
Although the kernel default is 1, some distros override the defaults
via sysctl.conf. Loading br_netfilter manually will show values of
1, but then doing a 'sysctl network restart' will set the values to
0--so go ahead and override these values.
Co-Author: Luke Short <ekultails@gmail.com>
Depends-On: Ia28f2fdef34e739801c51828c99e9e6598dd2efb
Change-Id: I53dec308d359b27e62ed44e91a8eaae38d945a4f
Closes-Bug: #1843259
This change re-adds the local_address IPv6 condition to the kernel
template. This will ensure that the local address is always set using
our expected conditions.
Depends-On: I20e69315bacdded4bc2d5b47e18609f130f8abc5
Change-Id: I01d0f20f6f78d235f99f51f75bcefe675dc0dee5
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This change deprecates the kernel-baremetal-puppet deployment process
and replaces it with an ansible based deployment using the new
tripleo-kernel role.
Story: 2005998
Task: 34507
Depends-On: https://review.opendev.org/#/c/676506/
Change-Id: I30270943aa66a8a982657af3d7d59b8425534b0d
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Added new parameter naemd ExtraKernelPackages that can be used to
install specific packages prior to the kmod execution.
Change-Id: I505edc7f0391c67371881ce9e2d944f8608a091c
Depends-On: https://review.opendev.org/#/c/676503/
Closes-Bug: #1840180
Bind to 127.0.0.1 in case ipv6 is disabled. Set a hiera value
localhost_address, so that it can be used in tls_proxy.pp to
unambiguously connect to those services.
Change-Id: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
A previous change [1] enabled ndisc_notify, which is the IPv6 equivalent
for IPv4's arp_notify. Enable the latter to keep them consistent with
each other.
Change-Id: I15e8348585a9c0ee824a4c123677992010980b9e
Related-Bug: #1827927
On RHEL/CentOS systems, ndisc_notify is disabled by default. When
OVS restarts or an internal port flaps, the MAC address may change.
Without ndisc_notify, neighbor hosts on the same network will not
know about the MAC change, and will lose connectivity until the MAC
timer expires.
This change sets net.ipv6.conf.all.ndisc_notify to 1, which will
cause a gratuitous neighbor discovery packet which will update MAC
address tables on neighboring hosts.
Change-Id: I89062275541d7c6bb6fb725f5283ba59feb38a94
Closes-bug: 1827927
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.
With recent changes in kmod puppet module, we've started seeing failures
loading the nf_conntrack_proto_sctp module while deploying OpenShift via
TripleO.
Commit [1] makes kmod puppet module load the kernel modules via systemd
when it is available, so systemd-modules-load.services fails with
"Failed to find module 'nf_conntrack_proto_sctp'".
[1] f46b527b43
Closes-Bug: #1821438
Change-Id: I4adab88cbfd11f8809876c660d151238b266a259
This patch switches the default mechanism driver for neutron from
openvswitch to OVN.
It will also flip scenario007 job to run with ML2/OVS.
Depends-On: I74ffb6b7f912e1fce6ce428cd23a7283c91b8b96
Depends-On: I99ba2fd6a85b4895b577719a7541b7cbf1fdb85c
Depends-On: Ib60de9b0df451273d1d81ba049b46b5214e09080
Depends-On: Iaed7304adf40a87a0f14b7a95339f8416140e947
Change-Id: Iab52cdf5d0f7a392c4f17c884493b5c5beb1d89f
Co-Authored-By: Kamil Sambor <ksambor@redhat.com>