185 Commits

Author SHA1 Message Date
ramishra
c9991c2e31 Use 'wallaby' heat_template_version
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
 e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.

Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
2021-03-31 17:35:12 +05:30
Zuul
a9361b28d4 Merge "Updating settings description" 2021-03-29 15:05:04 +00:00
David Vallee Delisle
d350da5a8e live_migration setting should be under libvirt namespace
They are currently not taken into account because they have the wrong
namespaces.

Change-Id: I845bc3c533e55dd5398d6a74ee48762cfd32b8a9
2021-03-22 12:32:33 -04:00
David Vallee Delisle
8bf1fb755a Updating settings description
Better wording for NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.

Change-Id: Ic0a8937b64f01271dba52d1e096df3697c3ff4d4
2021-03-22 10:30:14 -04:00
Michele Baldessari
c0dc789401 Drop older install CentOS/RHEL 7 tasks
Let's remove these in master, they are not needed
now that we're fully Centos/Rhel 8-based on master.

Change-Id: I1192c263e08e98a7465d92d8565845ab191ea626
2021-03-18 17:17:16 +01:00
Zuul
7d28616578 Merge "Use single NovaLibvirtNetwork to configure instance console components" 2021-03-17 10:45:21 +00:00
Zuul
310844289a Merge "Add support for nova custom provider inventories" 2021-03-16 19:31:06 +00:00
Martin Schuppert
dadf71fcae Use single NovaLibvirtNetwork to configure instance console components
Nova vnc configuration right now uses NovaVncProxyNetwork,
NovaLibvirtNetwork and NovaApiNetwork to configure the different
components (novnc proxy, nova-compute and libvirt) for vnc.
If one of the networks get changed from internal_api, the service
configuration between libvirt, nova-compute and novnc proxy gets
inconsistent and the console is broken.
This changed to just use NovaLibvirtNetwork for configuring the vnc
endpoints and removes NovaVncProxyNetwork completely.

Change-Id: Icef2481b65b41b524ad44eeecfbee4451006e1d2
Closes-Bug: #1917719
2021-03-15 09:01:44 +01:00
Zuul
0885a661ea Merge "Fix issue with scale down and overcloud TLS" 2021-03-13 03:17:21 +00:00
Martin Schuppert
f55a08ad7b Add support for nova custom provider inventories
Nova supports to configure resource provider inventory and traits using a
standardized YAML file format starting victoria release [1]. This introduces
CustomProviderInventories role parameter to configure the custom provider yaml.

[1] https://docs.openstack.org/nova/latest/admin/managing-resource-providers.html

Depends-On: If12d7f5a8c331e051eb543f88187c31e676f3b62
Depends-On: I509eec3bf37368640ae8a3df8271b769d29f70c4
Change-Id: I25ea828397fcc968d07b0d5e87bdc9445ac690e2
2021-03-01 17:36:19 +01:00
Zuul
72b60678e0 Merge "Use ansible_facts instead" 2021-02-23 22:19:28 +00:00
Alex Schultz
8d1fc85744 Use ansible_facts instead
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.

Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
2021-02-22 17:57:17 +00:00
Zuul
b136a6808b Merge "Drop service facts usage" 2021-02-22 15:22:42 +00:00
Brendan
ed8d6c0e42 Fix issue with scale down and overcloud TLS
Adding RootStackName variable to the scale tasks so that
we can reference it instead of the existing environment
variables. This will ensure that the scale down uses the
environment variables from clouds.yaml and get the
OS_CACERT while trying to speak with the overcloud endpoints

Change-Id: Ia8868172fb16b294208ee3d6b03c09442fe39443
Closes: #1913275
2021-02-19 08:01:29 +10:00
Zuul
da432d357f Merge "Introducing parametrable storage configuration" 2021-02-17 18:21:43 +00:00
Alex Schultz
f9100964f9 Drop service facts usage
This change switches from using service facts to using systemctl
commands to do service checks. This is done to reduce the amount of
memory used as part of the deployment.

Change-Id: I0cd5b24933e50680baefd055d6e68e277ab09315
Related-Bug: #1915761
2021-02-16 07:48:53 -07:00
Zuul
a0ad81b0b6 Merge "Remove DefaultPasswords interface" 2021-02-16 08:00:59 +00:00
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
David Vallee Delisle
b3d3340991 Introducing parametrable storage configuration
Operators might be interested in configuring these settings.
Having them as parameters with clear description will help with their
environment optimization.

Related: https://bugzilla.redhat.com/1923216

Depends-on: https://review.opendev.org/#/c/757079/
Depends-on: https://review.opendev.org/#/c/757871/

Change-Id: Ib14252e1cb48f9b2017537eaa0ceac029e509979
2021-02-09 12:14:08 -05:00
Martin Schuppert
91837d4fa7 Add new parameters to configure nova-compute direct rbd image download
If rbd is used for glance, but compute is using local ephemeral storage,
nova-compute can direct download the images in this scenario from the
glance ceph pool via rbd, instead going through glance api.

This change introduce new compute role based parameters to enable direct
download of glance images via rbd. If NovaGlanceEnableRbdDownload is set,
per default the global RBD glance parameters are used, CephClientUserName
GlanceRbdPoolName and CephClusterName for the used ceph.conf.

Glance also support multi storage backends which can be configured using
GlanceMultistoreConfig. If additional RBD glance backends are configured,
the NovaGlanceRbdDownloadMultistoreID can be used to pointing to the
hash key (backend ID) of GlanceMultistoreConfig to use.

Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/772168
Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/770687
Change-Id: I020da468d909bd98819f1e3618bf905260791d9b
2021-02-04 13:24:57 +01:00
Zuul
fd89a8e0af Merge "Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues" 2021-01-31 04:10:01 +00:00
Zuul
03d9203ba6 Merge "nova: Use LIBGUESTFS_BACKEND=direct" 2021-01-29 10:22:08 +00:00
Martin Schuppert
67a5a78897 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues in
nova.conf of the compute. Default 0 corresponds to not set meaning the
legacy limits based on the reported kernel major version will be used.

Depends-On: Ieaa29b51257f5ea3a5e4d6c678140fd9ae052d88
Change-Id: I353e8ca2676bbdceb056f8b2b084bc5102f52c1f
2021-01-27 15:33:23 +01:00
Zuul
c488d97b55 Merge "Live migration optimization with HP" 2021-01-27 00:40:49 +00:00
David Vallee Delisle
df207fd2e9 Live migration optimization with HP
When a node has hugepages enabled, we can help with live migrations by
enabling NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.

Related: https://bugzilla.redhat.com/1298201

Change-Id: I1133c210f35181d44f8ba56f09b52f00589e035c
2021-01-25 16:02:08 -05:00
Zuul
5e74ce583b Merge "Making sure virt-guest-shutdown.target exists" 2021-01-21 10:42:18 +00:00
Rajesh Tailor
67917bf650 nova: Use LIBGUESTFS_BACKEND=direct
After change [1] nova-compute launch libguestfs using the default
``qemu:///system``, but when ``inject_password` is set to true and
user tries to create vm, the vm creation is successful and we could
see libguestfs error in nova-compute logs.

This change forces libvirt to use ``direct`` when launching instances
on host.

[1] Ib55936ea562dfa965be0764647e2b8e3fa309fd6

Change-Id: I195358742c19d6ea0a3d32979896c0268e3b55a6
Closes-bug: #1912141
2021-01-18 11:54:31 +05:30
Zuul
c51bf22d9d Merge "Add NovaImageTypeExcludeList parameter" 2021-01-14 05:55:21 +00:00
David Hill
93b5c3a20e Making sure virt-guest-shutdown.target exists
libvirt-daemon is part of the default overcloud image but it's also
possible that it's not installed or simply removed by operators. In this
case, tripleo_nova_libvirt_guests will fail.

Related: https://bugzilla.redhat.com/1810319
Change-Id: I0814bd8794ab82792837b27d0128e15c34b90adc
2021-01-13 06:32:21 +00:00
Oliver Walsh
ae1f4c1fbc Add NovaImageTypeExcludeList parameter
Add support for the [compute]/image_type_exclude_list parameter to
prevent image types being reported as supported by a compute node.

Depends-On: I389d4b586468720d73ac69b025a3c34df54fe73e
Change-Id: I326cb9facf33693fdf8f361f9bc58aa28b3c20af
2021-01-12 11:38:53 +00:00
Zuul
1bfbc7169b Merge "Adding an optional startup delay to nova-compute" 2021-01-12 06:02:42 +00:00
Francesco Pantano
79686663e8 Configure Ceph clients via tripleo-ceph-client (not ceph-ansible)
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.

Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.

Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.

Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
2021-01-04 15:16:11 +00:00
David Vallee Delisle
6eb72aa769 Adding an optional startup delay to nova-compute
We need an optional delay on nova-compute when it's waiting for ceph to
be healthy. This commit is adding a wrapper that will be deployed when
necessary.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1498621

Change-Id: Ie7ad2d835c1762dc4b9341e305e6a428cb087935
2020-12-18 08:52:47 -05:00
Francesco Pantano
3663790bc0
Remove /etc/ceph dependency and add tripleo_ceph_client role
This change introduces a new CephConfigPath parameter that can be used
by all the OpenStack clients when looking for Ceph client related info
(ceph.conf and keyrings).
By overriding this parameter we can make the containers able to pull
data from different path than /etc/ceph wich was hardcoded.
On top of this change, a new bool is added to prevent the ceph-ansible
client role being executed.
When this boolean is true, the 'ceph_client' tag is added to the list
of tags that should be skipped in ceph-ansible.
By doing this, ceph-ansible won't run the client role [1] and the new,
tripleo_ceph_client role is imported and executed.

[1] https://github.com/ceph/ceph-ansible/blob/master/site-container.yml.sample#L269

Depends-On: Iaabb66cd26f0246defe391a4e34f4eab3c3c5fee
Depends-On: Ia60bc6d5d1a04bd560f2fcb05a4b64078015ae9d

Change-Id: I36673367411cc8d68ffb9ec4a2fbff64ebf12f29
2020-12-04 18:19:14 +01:00
Martin Schuppert
c290a5e3a1 Set correct default NovaLibvirtCPUMode
https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae657b2
introduced THT parameters to set libvirt/cpu_mode. The patch sets the
NovaLibvirtCPUMode wrong to 'none' string which results in puppet-nova
not to handle the default cases correct and sets libvirt/cpu_mode to
none which results in 'qemu64' CPU model, which is highly buggy and
undesirable for production usage.  This changes the default to the
recommended CPU mode 'host-model', for various benefits documented
elsewhere.

Closes-Bug: #1905544

Change-Id: Iea8cccd77caac4b84764d84a213918ed57bd4e3e
2020-11-25 15:16:15 +01:00
Oliver Walsh
9d82364de8 Refactor nova db config
It is best to avoid placing db creds on the compute nodes to limit the
exposure if an attacker succeeds in gaining access to the hypervisor
host.

Related patches in puppet-nova remove the credentials from nova.conf
however the current scope of db credential hieradata is all nova tripleo
services - so it will but written to the hieradata keys on compute
nodes.

This patch refactors the nova hieradata structure, splitting the
nova-api/nova database hieradata out into individual templates and
selectively including only where necessary, ensuring we have no db
creds on a compute node (unless it is an all-in-one api+compute node).

Depends-On: I07caa3185427b48e6e7d60965fa3e6157457018c
Change-Id: Ia4a29bdd2cd8e894bcc7c0078cf0f0ab0f97de0a
Closes-bug: #1871482
2020-11-18 12:22:48 +00:00
Martin Schuppert
c329204dec Move enable ksm on compute node to deploy step 1
When using RHSM Service (deployment/rhsm/rhsm-baremetal-ansible.yaml) based
registration of the overcloud nodes and enabling the KSM using
NovaComputeEnableKsm=True the overcloud deployment will fail because the
RHSM registration and the ksm task run as host_prep task. The handling
of enable/disable ksm is now handled in deploy step 1.

Closes-Bug: #1904184

Change-Id: I75a59f3d4b640f3146f2a865eff8be3f1383e078
2020-11-13 12:14:33 +01:00
Oliver Walsh
c156534010 Skip Trilio dirs when setting ownership in /var/lib/nova
Trilio currently mounts an NFS export in /var/lib/nova to make it accessible
from within the nova_compute and nova_libvirt containers.
This can result in considerable delays when walking the directory tree to
ensure the ownership is correct.

This patch adds the ability to skip paths when recursively setting the
ownership and selinux context in /var/lib/nova. The list of paths to skip
can be set via te NovaStatedirOwnershipSkip heat parameter. This default to
the Trilio dir.

Change-Id: Ic6f053d56194613046ae0a4a908206ebb453fcf4
2020-10-23 16:55:13 +00:00
Oliver Walsh
b756944d45 Add NovaDisableImageDownloadToRbd parameter
This exposes the nova workaround to disable downloading images from glance to
rbd (vs a cheap COW clone) when nova-compute and glance are not backed by the
same ceph cluster.

Related nova change: I069b6b1d28eaf1eee5c7fb8d0fdef9c0c229a1bf
Depends-On: I8329810d6c047c0d94e7b123e7cdc1263a7856cd

Change-Id: Ib5478e53eb1f216bf6924ff30ea8502cb8529d00
2020-10-23 17:52:58 +01:00
Alex Schultz
1471976c6e Make NovaComputeOptVolumes and NovaComputeOptEnvVars role aware
Since multiple types of computes can be deployed, we should allow the
customization of these containers to be role specific.

Change-Id: Ie91633c2bcc8011cc62b46452ea5b444cf12029f
2020-10-19 07:59:58 -06:00
Rajesh Tailor
772b7398a7 Expose new THT params for cpu model flags
This change adds new THT parameters `NovaLibvirtCPUMode`,
`NovaLibvirtCPUModels` and `NovaLibvirtCPUModelExtraFlags`
which allows to configure `libvirt/cpu_mode`, `libvirt/cpu_models`
and `libvirt/cpu_model_extra_flags` parameters respectively.

Change-Id: I8df21d5d171976cbb8670dc5aef744b5fae657b2
2020-10-14 10:45:30 +05:30
Takashi Kajinami
37548ddb40 Enforce internal api for token verification
This change enforces the usage of internal api for token verification,
so that internal requests to keystone uses internal endpoint instead
of admin endpoint which is deployed on provisioning network by default.

Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63
Closes-Bug: #1899266
2020-10-11 15:46:08 +09:00
Zuul
4a8acbdd34 Merge "Add parameters for vTPM feature" 2020-10-02 16:16:12 +00:00
Zuul
6ec975c113 Merge "Add ability to manage irqbalance on compute per role" 2020-10-02 05:38:55 +00:00
Rajesh Tailor
932aecf33c Add ability to manage irqbalance on compute per role
Adds functionality whether to enable/disable irqbalance on compute
nodes.
Based on tuning recommendation for compute realtime nodes irqbalance
should be stopped and disabled. And tuned will be responsible for
managing IRQ balancing instead of irqbalance.

Change-Id: Ibefb8e472c68901a74d76769b5314bef81fd5b15
2020-09-30 18:32:42 +05:30
Takashi Kajinami
b2d7b3e5ef Replace deprecated libvirt_* options
Depends-on: https://review.opendev.org/#/c/748666/
Change-Id: I27d6ae7c92f5630c4e8be27c4efc7b95939d7594
2020-09-24 18:58:29 +09:00
Zuul
890eeeafdb Merge "Complete missing description" 2020-09-23 20:38:30 +00:00
Stephen Finucane
7ea7c259c4 Add parameters for vTPM feature
Add a single new parameter, NovaEnableVTPM, which will configure vTPM
support by setting nova's '[libvirt] swtpm_enabled' config option. We do
not yet expose nova's '[libvirt] swtpm_user' and '[libvirt] swtpm_group'
options since the Fedora RPM specfile, upon which CentOS' and RHEL's
specfiles are based, uses the standard user and group [1].

[1] https://src.fedoraproject.org/rpms/swtpm/blob/master/f/swtpm.spec

Change-Id: If90979c4b1bda279eca6dba46e3f53ab402b04c3
Depends-On: https://review.opendev.org/752904
Depends-On: https://review.opendev.org/753586
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2020-09-23 14:39:51 +01:00
Rajesh Tailor
bd31b2c8c3 Complete missing description
Change I95cd5017fdbbec257d274b805be4509ec32f9019
added `NovaComputeOptVolumes` and `NovaComputeOptEnvVars`
but the description was not complete.

This change complete the description for the above parameters.

Change-Id: If91014ebca60dac43516d760d87171831816aca0
2020-09-11 15:15:21 +05:30
Rajesh Tailor
3fd84c2436 Expose new parameter NovaVGPUTypesDeviceAddressesMapping
To support multiple vgpu types configuration, add new
parameter `NovaVGPUTypesDeviceAddressesMapping` where vgpu-type
is key and list of device_addresses are value.

Depends-On: https://review.opendev.org/#/c/750148/
Change-Id: Ifc30bbef66717cafb5ec2262be8fe07af1e60772
2020-09-10 14:14:05 +05:30