With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
Let's remove these in master, they are not needed
now that we're fully Centos/Rhel 8-based on master.
Change-Id: I1192c263e08e98a7465d92d8565845ab191ea626
Nova vnc configuration right now uses NovaVncProxyNetwork,
NovaLibvirtNetwork and NovaApiNetwork to configure the different
components (novnc proxy, nova-compute and libvirt) for vnc.
If one of the networks get changed from internal_api, the service
configuration between libvirt, nova-compute and novnc proxy gets
inconsistent and the console is broken.
This changed to just use NovaLibvirtNetwork for configuring the vnc
endpoints and removes NovaVncProxyNetwork completely.
Change-Id: Icef2481b65b41b524ad44eeecfbee4451006e1d2
Closes-Bug: #1917719
Nova supports to configure resource provider inventory and traits using a
standardized YAML file format starting victoria release [1]. This introduces
CustomProviderInventories role parameter to configure the custom provider yaml.
[1] https://docs.openstack.org/nova/latest/admin/managing-resource-providers.html
Depends-On: If12d7f5a8c331e051eb543f88187c31e676f3b62
Depends-On: I509eec3bf37368640ae8a3df8271b769d29f70c4
Change-Id: I25ea828397fcc968d07b0d5e87bdc9445ac690e2
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
Adding RootStackName variable to the scale tasks so that
we can reference it instead of the existing environment
variables. This will ensure that the scale down uses the
environment variables from clouds.yaml and get the
OS_CACERT while trying to speak with the overcloud endpoints
Change-Id: Ia8868172fb16b294208ee3d6b03c09442fe39443
Closes: #1913275
This change switches from using service facts to using systemctl
commands to do service checks. This is done to reduce the amount of
memory used as part of the deployment.
Change-Id: I0cd5b24933e50680baefd055d6e68e277ab09315
Related-Bug: #1915761
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
If rbd is used for glance, but compute is using local ephemeral storage,
nova-compute can direct download the images in this scenario from the
glance ceph pool via rbd, instead going through glance api.
This change introduce new compute role based parameters to enable direct
download of glance images via rbd. If NovaGlanceEnableRbdDownload is set,
per default the global RBD glance parameters are used, CephClientUserName
GlanceRbdPoolName and CephClusterName for the used ceph.conf.
Glance also support multi storage backends which can be configured using
GlanceMultistoreConfig. If additional RBD glance backends are configured,
the NovaGlanceRbdDownloadMultistoreID can be used to pointing to the
hash key (backend ID) of GlanceMultistoreConfig to use.
Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/772168
Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/770687
Change-Id: I020da468d909bd98819f1e3618bf905260791d9b
Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues in
nova.conf of the compute. Default 0 corresponds to not set meaning the
legacy limits based on the reported kernel major version will be used.
Depends-On: Ieaa29b51257f5ea3a5e4d6c678140fd9ae052d88
Change-Id: I353e8ca2676bbdceb056f8b2b084bc5102f52c1f
When a node has hugepages enabled, we can help with live migrations by
enabling NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.
Related: https://bugzilla.redhat.com/1298201
Change-Id: I1133c210f35181d44f8ba56f09b52f00589e035c
After change [1] nova-compute launch libguestfs using the default
``qemu:///system``, but when ``inject_password` is set to true and
user tries to create vm, the vm creation is successful and we could
see libguestfs error in nova-compute logs.
This change forces libvirt to use ``direct`` when launching instances
on host.
[1] Ib55936ea562dfa965be0764647e2b8e3fa309fd6
Change-Id: I195358742c19d6ea0a3d32979896c0268e3b55a6
Closes-bug: #1912141
libvirt-daemon is part of the default overcloud image but it's also
possible that it's not installed or simply removed by operators. In this
case, tripleo_nova_libvirt_guests will fail.
Related: https://bugzilla.redhat.com/1810319
Change-Id: I0814bd8794ab82792837b27d0128e15c34b90adc
Add support for the [compute]/image_type_exclude_list parameter to
prevent image types being reported as supported by a compute node.
Depends-On: I389d4b586468720d73ac69b025a3c34df54fe73e
Change-Id: I326cb9facf33693fdf8f361f9bc58aa28b3c20af
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.
Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.
Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.
Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
We need an optional delay on nova-compute when it's waiting for ceph to
be healthy. This commit is adding a wrapper that will be deployed when
necessary.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1498621
Change-Id: Ie7ad2d835c1762dc4b9341e305e6a428cb087935
This change introduces a new CephConfigPath parameter that can be used
by all the OpenStack clients when looking for Ceph client related info
(ceph.conf and keyrings).
By overriding this parameter we can make the containers able to pull
data from different path than /etc/ceph wich was hardcoded.
On top of this change, a new bool is added to prevent the ceph-ansible
client role being executed.
When this boolean is true, the 'ceph_client' tag is added to the list
of tags that should be skipped in ceph-ansible.
By doing this, ceph-ansible won't run the client role [1] and the new,
tripleo_ceph_client role is imported and executed.
[1] https://github.com/ceph/ceph-ansible/blob/master/site-container.yml.sample#L269
Depends-On: Iaabb66cd26f0246defe391a4e34f4eab3c3c5fee
Depends-On: Ia60bc6d5d1a04bd560f2fcb05a4b64078015ae9d
Change-Id: I36673367411cc8d68ffb9ec4a2fbff64ebf12f29
https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae657b2
introduced THT parameters to set libvirt/cpu_mode. The patch sets the
NovaLibvirtCPUMode wrong to 'none' string which results in puppet-nova
not to handle the default cases correct and sets libvirt/cpu_mode to
none which results in 'qemu64' CPU model, which is highly buggy and
undesirable for production usage. This changes the default to the
recommended CPU mode 'host-model', for various benefits documented
elsewhere.
Closes-Bug: #1905544
Change-Id: Iea8cccd77caac4b84764d84a213918ed57bd4e3e
It is best to avoid placing db creds on the compute nodes to limit the
exposure if an attacker succeeds in gaining access to the hypervisor
host.
Related patches in puppet-nova remove the credentials from nova.conf
however the current scope of db credential hieradata is all nova tripleo
services - so it will but written to the hieradata keys on compute
nodes.
This patch refactors the nova hieradata structure, splitting the
nova-api/nova database hieradata out into individual templates and
selectively including only where necessary, ensuring we have no db
creds on a compute node (unless it is an all-in-one api+compute node).
Depends-On: I07caa3185427b48e6e7d60965fa3e6157457018c
Change-Id: Ia4a29bdd2cd8e894bcc7c0078cf0f0ab0f97de0a
Closes-bug: #1871482
When using RHSM Service (deployment/rhsm/rhsm-baremetal-ansible.yaml) based
registration of the overcloud nodes and enabling the KSM using
NovaComputeEnableKsm=True the overcloud deployment will fail because the
RHSM registration and the ksm task run as host_prep task. The handling
of enable/disable ksm is now handled in deploy step 1.
Closes-Bug: #1904184
Change-Id: I75a59f3d4b640f3146f2a865eff8be3f1383e078
Trilio currently mounts an NFS export in /var/lib/nova to make it accessible
from within the nova_compute and nova_libvirt containers.
This can result in considerable delays when walking the directory tree to
ensure the ownership is correct.
This patch adds the ability to skip paths when recursively setting the
ownership and selinux context in /var/lib/nova. The list of paths to skip
can be set via te NovaStatedirOwnershipSkip heat parameter. This default to
the Trilio dir.
Change-Id: Ic6f053d56194613046ae0a4a908206ebb453fcf4
This exposes the nova workaround to disable downloading images from glance to
rbd (vs a cheap COW clone) when nova-compute and glance are not backed by the
same ceph cluster.
Related nova change: I069b6b1d28eaf1eee5c7fb8d0fdef9c0c229a1bf
Depends-On: I8329810d6c047c0d94e7b123e7cdc1263a7856cd
Change-Id: Ib5478e53eb1f216bf6924ff30ea8502cb8529d00
Since multiple types of computes can be deployed, we should allow the
customization of these containers to be role specific.
Change-Id: Ie91633c2bcc8011cc62b46452ea5b444cf12029f
This change adds new THT parameters `NovaLibvirtCPUMode`,
`NovaLibvirtCPUModels` and `NovaLibvirtCPUModelExtraFlags`
which allows to configure `libvirt/cpu_mode`, `libvirt/cpu_models`
and `libvirt/cpu_model_extra_flags` parameters respectively.
Change-Id: I8df21d5d171976cbb8670dc5aef744b5fae657b2
This change enforces the usage of internal api for token verification,
so that internal requests to keystone uses internal endpoint instead
of admin endpoint which is deployed on provisioning network by default.
Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63
Closes-Bug: #1899266
Adds functionality whether to enable/disable irqbalance on compute
nodes.
Based on tuning recommendation for compute realtime nodes irqbalance
should be stopped and disabled. And tuned will be responsible for
managing IRQ balancing instead of irqbalance.
Change-Id: Ibefb8e472c68901a74d76769b5314bef81fd5b15
Add a single new parameter, NovaEnableVTPM, which will configure vTPM
support by setting nova's '[libvirt] swtpm_enabled' config option. We do
not yet expose nova's '[libvirt] swtpm_user' and '[libvirt] swtpm_group'
options since the Fedora RPM specfile, upon which CentOS' and RHEL's
specfiles are based, uses the standard user and group [1].
[1] https://src.fedoraproject.org/rpms/swtpm/blob/master/f/swtpm.spec
Change-Id: If90979c4b1bda279eca6dba46e3f53ab402b04c3
Depends-On: https://review.opendev.org/752904
Depends-On: https://review.opendev.org/753586
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change I95cd5017fdbbec257d274b805be4509ec32f9019
added `NovaComputeOptVolumes` and `NovaComputeOptEnvVars`
but the description was not complete.
This change complete the description for the above parameters.
Change-Id: If91014ebca60dac43516d760d87171831816aca0
To support multiple vgpu types configuration, add new
parameter `NovaVGPUTypesDeviceAddressesMapping` where vgpu-type
is key and list of device_addresses are value.
Depends-On: https://review.opendev.org/#/c/750148/
Change-Id: Ifc30bbef66717cafb5ec2262be8fe07af1e60772