478 Commits

Author SHA1 Message Date
ramishra
c9991c2e31 Use 'wallaby' heat_template_version
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
 e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.

Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
2021-03-31 17:35:12 +05:30
ramishra
b4203a30eb Change all *Debug parameter types to boolean
This changes all these parameters as heat would correctly
parse all values. Also, drops all yaql shenanigans
used for their handling and heat conditions.

Also fixes wrong usage of non-existent NeutronWrapperDebug
parameter in ovn-metadata-container-puppet.yaml.

We had converted all ``Debug`` parameters to boolean with
Ib6c3969d4dd75d5fb2cc274266c060acff8d5571.

Change-Id: Ia2bffffde34aa248a4cc60c3895464f1f9d1ded2
2021-03-30 08:29:10 +05:30
Zuul
a9361b28d4 Merge "Updating settings description" 2021-03-29 15:05:04 +00:00
Zuul
f29a9a0112 Merge "live_migration setting should be under libvirt namespace" 2021-03-24 10:30:34 +00:00
Zuul
d80d8ab57b Merge "Optimize conditions for TLS support" 2021-03-22 18:21:51 +00:00
David Vallee Delisle
d350da5a8e live_migration setting should be under libvirt namespace
They are currently not taken into account because they have the wrong
namespaces.

Change-Id: I845bc3c533e55dd5398d6a74ee48762cfd32b8a9
2021-03-22 12:32:33 -04:00
David Vallee Delisle
8bf1fb755a Updating settings description
Better wording for NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.

Change-Id: Ic0a8937b64f01271dba52d1e096df3697c3ff4d4
2021-03-22 10:30:14 -04:00
ramishra
cc5eb81771 Optimize conditions for TLS support
In 1ceb521805875b41ebfafb1ff7a862df4df6fd16 we added these and
can be simplified as they are are boolean parameters to get
rid of the redundant heat intrinsic functions.

Change-Id: I3851187c83965db5ecafcc945bff1fe3a5aa9ff4
2021-03-19 16:07:05 +05:30
Michele Baldessari
c0dc789401 Drop older install CentOS/RHEL 7 tasks
Let's remove these in master, they are not needed
now that we're fully Centos/Rhel 8-based on master.

Change-Id: I1192c263e08e98a7465d92d8565845ab191ea626
2021-03-18 17:17:16 +01:00
Zuul
b2d49f6e39 Merge "Add TLS support to services using memcached" 2021-03-18 05:15:23 +00:00
Zuul
814a7bb5af Merge "Remove obsoleted generate_service_certificates" 2021-03-17 13:31:16 +00:00
Zuul
7d28616578 Merge "Use single NovaLibvirtNetwork to configure instance console components" 2021-03-17 10:45:21 +00:00
Zuul
310844289a Merge "Add support for nova custom provider inventories" 2021-03-16 19:31:06 +00:00
Carlos Goncalves
6e7e0ab48e Remove obsoleted generate_service_certificates
Remove traces of generate_service_certificates. It was removed during
Pike release cycle [1].

[1] https://review.opendev.org/c/openstack/puppet-tripleo/+/444891

Change-Id: Ib203b52547433ff73141df66641528c389b50361
2021-03-16 19:50:14 +01:00
Grzegorz Grasza
1ceb521805 Add TLS support to services using memcached
This patch enables TLS connections to memcached in services which
support it. Specifically the settings are consumed by swift's internal
memcached client through puppet-swift; or oslo.cache, through
puppet-ceilometer, puppet-keystone, puppet-nova, puppet-heat
and puppet-oslo.

Depends-on: https://review.opendev.org/772685
Depends-on: https://review.opendev.org/761605
Depends-on: https://review.opendev.org/764764
Depends-on: https://review.opendev.org/764763
Depends-on: https://review.opendev.org/765100
Change-Id: Ic77ed56c32c7071ce126a1528030094b97894653
2021-03-16 15:28:49 +01:00
Zuul
04f9e4f73a Merge "Add parameter NovaSchedulerQueryPlacementForRoutedNetworkAggregates" 2021-03-15 21:13:20 +00:00
Martin Schuppert
dadf71fcae Use single NovaLibvirtNetwork to configure instance console components
Nova vnc configuration right now uses NovaVncProxyNetwork,
NovaLibvirtNetwork and NovaApiNetwork to configure the different
components (novnc proxy, nova-compute and libvirt) for vnc.
If one of the networks get changed from internal_api, the service
configuration between libvirt, nova-compute and novnc proxy gets
inconsistent and the console is broken.
This changed to just use NovaLibvirtNetwork for configuring the vnc
endpoints and removes NovaVncProxyNetwork completely.

Change-Id: Icef2481b65b41b524ad44eeecfbee4451006e1d2
Closes-Bug: #1917719
2021-03-15 09:01:44 +01:00
Zuul
0885a661ea Merge "Fix issue with scale down and overcloud TLS" 2021-03-13 03:17:21 +00:00
Zuul
861e162110 Merge "Generate certificates using ansible role" 2021-03-12 19:18:54 +00:00
Grzegorz Grasza
e329ca915e Generate certificates using ansible role
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.

Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
2021-03-10 16:28:22 +01:00
Alexey Stupnikov
a6c1aff5c5 Fix NovaDefaultFloatingPool parameter
nova::api::default_floating_pool parameter was removed from
puppet-nova back in 2018 with
I2624b92871f4cba5a7361a5d006d985946493e83

It is now recommended to use
nova::network::neutron::default_floating_pool parameter to
define default floating IP pool.

Partial-Bug: #1916386
Change-Id: If419d53fc3a90cdd62271c00714fff79a3b4fd12
2021-03-03 20:47:56 +01:00
Martin Schuppert
f55a08ad7b Add support for nova custom provider inventories
Nova supports to configure resource provider inventory and traits using a
standardized YAML file format starting victoria release [1]. This introduces
CustomProviderInventories role parameter to configure the custom provider yaml.

[1] https://docs.openstack.org/nova/latest/admin/managing-resource-providers.html

Depends-On: If12d7f5a8c331e051eb543f88187c31e676f3b62
Depends-On: I509eec3bf37368640ae8a3df8271b769d29f70c4
Change-Id: I25ea828397fcc968d07b0d5e87bdc9445ac690e2
2021-03-01 17:36:19 +01:00
Zuul
72b60678e0 Merge "Use ansible_facts instead" 2021-02-23 22:19:28 +00:00
Alex Schultz
8d1fc85744 Use ansible_facts instead
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.

Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
2021-02-22 17:57:17 +00:00
Zuul
b136a6808b Merge "Drop service facts usage" 2021-02-22 15:22:42 +00:00
Rajesh Tailor
8d66001fc5 Add parameter NovaSchedulerQueryPlacementForRoutedNetworkAggregates
Add parameter NovaSchedulerQueryPlacementForRoutedNetworkAggregates
that allows the scheduler to look at the nova aggregates related
to requested routed network segments.

Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/776922
Change-Id: I7a2f8154f1f02ce8f57d370ff1baecf79f5300b2
2021-02-22 17:13:33 +05:30
Brendan
ed8d6c0e42 Fix issue with scale down and overcloud TLS
Adding RootStackName variable to the scale tasks so that
we can reference it instead of the existing environment
variables. This will ensure that the scale down uses the
environment variables from clouds.yaml and get the
OS_CACERT while trying to speak with the overcloud endpoints

Change-Id: Ia8868172fb16b294208ee3d6b03c09442fe39443
Closes: #1913275
2021-02-19 08:01:29 +10:00
Zuul
da432d357f Merge "Introducing parametrable storage configuration" 2021-02-17 18:21:43 +00:00
Alex Schultz
f9100964f9 Drop service facts usage
This change switches from using service facts to using systemctl
commands to do service checks. This is done to reduce the amount of
memory used as part of the deployment.

Change-Id: I0cd5b24933e50680baefd055d6e68e277ab09315
Related-Bug: #1915761
2021-02-16 07:48:53 -07:00
Zuul
a0ad81b0b6 Merge "Remove DefaultPasswords interface" 2021-02-16 08:00:59 +00:00
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
Zuul
4f214d81fe Merge "Stop ironic services in unupgraded controllers" 2021-02-12 01:30:29 +00:00
David Vallee Delisle
b3d3340991 Introducing parametrable storage configuration
Operators might be interested in configuring these settings.
Having them as parameters with clear description will help with their
environment optimization.

Related: https://bugzilla.redhat.com/1923216

Depends-on: https://review.opendev.org/#/c/757079/
Depends-on: https://review.opendev.org/#/c/757871/

Change-Id: Ib14252e1cb48f9b2017537eaa0ceac029e509979
2021-02-09 12:14:08 -05:00
Takashi Kajinami
099badda3c Stop ironic services in unupgraded controllers
This change makes ironic services on unupgrade controller nodes get
stopped, because all services in the unupgraded controllers should be
stopped before we start the upgraded controller[1].

[1] 8529ce60da84d2aa1e1c9e6994303678261b09da

Change-Id: Iedddb02c4a27195d0f89bc4b9dfb12ffba054ae5
2021-02-08 20:22:31 +09:00
Martin Schuppert
91837d4fa7 Add new parameters to configure nova-compute direct rbd image download
If rbd is used for glance, but compute is using local ephemeral storage,
nova-compute can direct download the images in this scenario from the
glance ceph pool via rbd, instead going through glance api.

This change introduce new compute role based parameters to enable direct
download of glance images via rbd. If NovaGlanceEnableRbdDownload is set,
per default the global RBD glance parameters are used, CephClientUserName
GlanceRbdPoolName and CephClusterName for the used ceph.conf.

Glance also support multi storage backends which can be configured using
GlanceMultistoreConfig. If additional RBD glance backends are configured,
the NovaGlanceRbdDownloadMultistoreID can be used to pointing to the
hash key (backend ID) of GlanceMultistoreConfig to use.

Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/772168
Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/770687
Change-Id: I020da468d909bd98819f1e3618bf905260791d9b
2021-02-04 13:24:57 +01:00
Zuul
fd89a8e0af Merge "Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues" 2021-01-31 04:10:01 +00:00
Zuul
5fdb9e2959 Merge "Deleting nova-consoleauth services in post-upgrade" 2021-01-30 12:30:15 +00:00
Zuul
03d9203ba6 Merge "nova: Use LIBGUESTFS_BACKEND=direct" 2021-01-29 10:22:08 +00:00
Martin Schuppert
67a5a78897 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues in
nova.conf of the compute. Default 0 corresponds to not set meaning the
legacy limits based on the reported kernel major version will be used.

Depends-On: Ieaa29b51257f5ea3a5e4d6c678140fd9ae052d88
Change-Id: I353e8ca2676bbdceb056f8b2b084bc5102f52c1f
2021-01-27 15:33:23 +01:00
Zuul
c488d97b55 Merge "Live migration optimization with HP" 2021-01-27 00:40:49 +00:00
David Vallee Delisle
df207fd2e9 Live migration optimization with HP
When a node has hugepages enabled, we can help with live migrations by
enabling NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.

Related: https://bugzilla.redhat.com/1298201

Change-Id: I1133c210f35181d44f8ba56f09b52f00589e035c
2021-01-25 16:02:08 -05:00
Zuul
5e74ce583b Merge "Making sure virt-guest-shutdown.target exists" 2021-01-21 10:42:18 +00:00
Rajesh Tailor
67917bf650 nova: Use LIBGUESTFS_BACKEND=direct
After change [1] nova-compute launch libguestfs using the default
``qemu:///system``, but when ``inject_password` is set to true and
user tries to create vm, the vm creation is successful and we could
see libguestfs error in nova-compute logs.

This change forces libvirt to use ``direct`` when launching instances
on host.

[1] Ib55936ea562dfa965be0764647e2b8e3fa309fd6

Change-Id: I195358742c19d6ea0a3d32979896c0268e3b55a6
Closes-bug: #1912141
2021-01-18 11:54:31 +05:30
Zuul
c51bf22d9d Merge "Add NovaImageTypeExcludeList parameter" 2021-01-14 05:55:21 +00:00
David Hill
93b5c3a20e Making sure virt-guest-shutdown.target exists
libvirt-daemon is part of the default overcloud image but it's also
possible that it's not installed or simply removed by operators. In this
case, tripleo_nova_libvirt_guests will fail.

Related: https://bugzilla.redhat.com/1810319
Change-Id: I0814bd8794ab82792837b27d0128e15c34b90adc
2021-01-13 06:32:21 +00:00
Oliver Walsh
ae1f4c1fbc Add NovaImageTypeExcludeList parameter
Add support for the [compute]/image_type_exclude_list parameter to
prevent image types being reported as supported by a compute node.

Depends-On: I389d4b586468720d73ac69b025a3c34df54fe73e
Change-Id: I326cb9facf33693fdf8f361f9bc58aa28b3c20af
2021-01-12 11:38:53 +00:00
Zuul
1bfbc7169b Merge "Adding an optional startup delay to nova-compute" 2021-01-12 06:02:42 +00:00
David Vallee Delisle
04405abdd4 Deleting nova-consoleauth services in post-upgrade
nova-consoleauth was removed in Stein. We need to delete the compute
services during major upgrades.

Related: https://bugzilla.redhat.com/1825849
Change-Id: I74465f5ae77a0666540d3465e2ad29b03f9bd3c3
2021-01-11 21:32:47 -05:00
Zuul
9fd709019f Merge "Configure Ceph clients via tripleo-ceph-client (not ceph-ansible)" 2021-01-07 23:52:52 +00:00
Zuul
b159f8c822 Merge "Adding key_size option on the certificate creation" 2021-01-06 10:22:15 +00:00