20 Commits

Author SHA1 Message Date
ramishra
c9991c2e31 Use 'wallaby' heat_template_version
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
 e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.

Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
2021-03-31 17:35:12 +05:30
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
Saravanan KR
f217eccc77 Align kernel args for system upgrade using leapp
leapp is looking for errors in /etc/default/grub and
fixes it during upgrade. It does not recognize entries
starting other than "GRUB", as tripleo sets the entry
starting with TRIPLEO_ instead of GRUB, append the
entry with GRUB_ so that leapp upgrades correctly.
Closes-Bug: #1890080
Change-Id: I9238cd35a1114b1649a38ab4f24225865bcecf19
2020-08-04 20:23:52 +05:30
Zuul
6ce9fd4eb9 Merge "Ensure net.ipv6.conf.lo.disable_ipv6=0" 2020-06-04 10:19:06 +00:00
Luca Miccini
7bf8d77207 Ensure net.ipv6.conf.lo.disable_ipv6=0
Along the same lines as https://review.opendev.org/#/c/580460/.

Currently, the Erlang Port Mapper Daemon requires that the loopback
interface supports IPv6 in order to initialize properly.
Without that, rabbitmq-server cannot start and deployment fails at step 2.

Until the startup behaviour of epmd is amended, do not disable inet6 support
on loopback device to workaround the problem.

Change-Id: Ia747103aca99f3f45d7705248c6c1ef19aa93d71
2020-06-03 08:20:56 +00:00
Bogdan Dobrelya
ffd31df7d3 Add reserved ports for some services
Exclude ports from the ephemeral pool ranges that can be shared by
the following services:
* Keystone - 35357
* Qpidd/matahari - 49000
* Clustercheck  - 49000-49001 (xinetd)
* Swift Proxy and Ironic PXE that rely on xinetd - 49001

Closes-Bug: #1820576

Change-Id: I71308a65bea5f59d755b766165dabf5d3e646ee1
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2020-06-01 18:06:26 +02:00
Kevin Carter
9a2a36437d
Update all roles to use the new role name
Ansible has decided that roles with hypens in them are no longer supported
by not including support for them in collections. This change renames all
the roles we use to the new role name.

Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae
Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-01-20 10:32:23 -06:00
Saravanan KR
8d6edac637 Modify import_role to include_role for boot params service
Using static import_role, make the vars defined under the
import_role task to be available for the whole PLAY itself,
which is causing the role-specific parameter to be available
in other roles. Move to dynamic include_role, which will
define these variables only for the included ansible role.
Closes-Bug: #1859129

Change-Id: I402db858526def9dfd33f954f1ecd885c01f4367
2020-01-10 11:58:38 +05:30
Rajesh Tailor
cbf5395e7d Fix typo in parameter name
Fixed typo in parameter name from InotifyIntancesMax
to InotifyInstancesMax.

Change-Id: Ib70796f74579642ebc1946a39c3478084d8be44e
2019-11-20 14:21:12 +05:30
Saravanan KR
16679d0ec4 Move KernelArgs and OvS-DPDK deployment to ansible role
Ealier, KernelArgs had been configured using ansible
tasks part of THT repo. Thoese ansiblet asks has been
moved to tripleo-kernel role of tripleo-ansible. This
role will be invoked from the boot-params-service.
boot-params-service has been moved from pre network to
the deployment/kernel directory.

OvS-DPDK configuration was done using puppet-vswitch
module by invoking puppet in PreNetworkConfig's
ExtraConfig script. A new ansible role tripleo-ovs-dpdk
has been created to apply the DPDK configurations via
ansible instead of puppet. This role will be common
for both ml2-ovs and ml2-ovn. Common parameter merging
has been enhanced to provide common deploy steps.

ODL is not validated as it has been deprecated and
currently no active usage or development.

Depends-On: https://review.opendev.org/#/c/688864/
Change-Id: I4b6f7d73cf76954e93760c59d522d485187157cf
2019-10-23 10:12:42 +05:30
Terry Wilson
3d722dbc81 Set bridge-nf-call-* values to 1
Although the kernel default is 1, some distros override the defaults
via sysctl.conf. Loading br_netfilter manually will show values of
1, but then doing a 'sysctl network restart' will set the values to
0--so go ahead and override these values.

Co-Author: Luke Short <ekultails@gmail.com>
Depends-On: Ia28f2fdef34e739801c51828c99e9e6598dd2efb
Change-Id: I53dec308d359b27e62ed44e91a8eaae38d945a4f
Closes-Bug: #1843259
2019-10-16 09:29:43 -05:00
Kevin Carter
ba0ad3a65c Add IPv6 condition to set to the local_address
This change re-adds the local_address IPv6 condition to the kernel
template. This will ensure that the local address is always set using
our expected conditions.

Depends-On: I20e69315bacdded4bc2d5b47e18609f130f8abc5
Change-Id: I01d0f20f6f78d235f99f51f75bcefe675dc0dee5
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
2019-09-16 12:42:16 +00:00
Kevin Carter
182c056fe9 Convert kernel-baremetal-puppet to ansible
This change deprecates the kernel-baremetal-puppet deployment process
and replaces it with an ansible based deployment using the new
tripleo-kernel role.

Story: 2005998
Task: 34507
Depends-On: https://review.opendev.org/#/c/676506/
Change-Id: I30270943aa66a8a982657af3d7d59b8425534b0d
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-14 14:05:57 -06:00
Alex Schultz
85bb97423c Add ExtraKernelPackages
Added new parameter naemd ExtraKernelPackages that can be used to
install specific packages prior to the kmod execution.

Change-Id: I505edc7f0391c67371881ce9e2d944f8608a091c
Depends-On: https://review.opendev.org/#/c/676503/
Closes-Bug: #1840180
2019-08-14 13:30:43 -06:00
Grzegorz Grasza
d48d1bdb37 Support TLS deployments with KernelDisableIPv6 enabled
Bind to 127.0.0.1 in case ipv6 is disabled. Set a hiera value
localhost_address, so that it can be used in tls_proxy.pp to
unambiguously connect to those services.

Change-Id: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
2019-07-09 16:14:43 +00:00
Nate Johnston
f3df90f2c0 Set arp_notify to match ndisc_notify
A previous change [1] enabled ndisc_notify, which is the IPv6 equivalent
for IPv4's arp_notify.  Enable the latter to keep them consistent with
each other.

Change-Id: I15e8348585a9c0ee824a4c123677992010980b9e
Related-Bug: #1827927
2019-05-07 16:51:04 -04:00
Dan Sneddon
4b113a7a12 Enable ndisc_notify sysctl setting to notify of MAC changes
On RHEL/CentOS systems, ndisc_notify is disabled by default. When
OVS restarts or an internal port flaps, the MAC address may change.
Without ndisc_notify, neighbor hosts on the same network will not
know about the MAC change, and will lose connectivity until the MAC
timer expires.

This change sets net.ipv6.conf.all.ndisc_notify to 1, which will
cause a gratuitous neighbor discovery packet which will update MAC
address tables on neighboring hosts.

Change-Id: I89062275541d7c6bb6fb725f5283ba59feb38a94
Closes-bug: 1827927
2019-05-06 11:45:17 -07:00
Martin André
0129487017 Stop loading nf_conntrack_proto_sctp module
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.

With recent changes in kmod puppet module, we've started seeing failures
loading the nf_conntrack_proto_sctp module while deploying OpenShift via
TripleO.

Commit [1] makes kmod puppet module load the kernel modules via systemd
when it is available, so systemd-modules-load.services fails with
"Failed to find module 'nf_conntrack_proto_sctp'".

[1] f46b527b43

Closes-Bug: #1821438
Change-Id: I4adab88cbfd11f8809876c660d151238b266a259
2019-03-23 08:38:04 +01:00
Daniel Alvarez
6053eb1964 Switch default neutron ML2 mechanism driver to OVN
This patch switches the default mechanism driver for neutron from
openvswitch to OVN.

It will also flip scenario007 job to run with ML2/OVS.

Depends-On: I74ffb6b7f912e1fce6ce428cd23a7283c91b8b96
Depends-On: I99ba2fd6a85b4895b577719a7541b7cbf1fdb85c
Depends-On: Ib60de9b0df451273d1d81ba049b46b5214e09080
Depends-On: Iaed7304adf40a87a0f14b7a95339f8416140e947
Change-Id: Iab52cdf5d0f7a392c4f17c884493b5c5beb1d89f
Co-Authored-By: Kamil Sambor <ksambor@redhat.com>
2019-02-14 15:58:27 +01:00
Alex Schultz
7fea2d0751 Move kernel config to deployment directory
Change-Id: I1655f780b6ff46fd18ec7b38c94789b3294b678b
Related-Blueprint: services-yaml-flattening
2019-01-22 13:43:42 -07:00