This change exposes the `[compute]/max_disk_devices_to_attach`
in Nova config. The paramerer sets maximum number of disk devices
allowed to attach to a single server.
Depends-On: https://review.opendev.org/708666
Change-Id: I08c5769bfe5f38d2503ed232b3771f615c24d158
nova::glance_api_servers is deprecated because the corresponding nova
parameter is deprecated. There is a new nova::glance_endpoint_override,
but it should be set only in situations where the intent is to *not*
use ksa to discover glance's endpoint. For example, in a DCN/Edge
deployment, we override the endpoint to force nova to use the glance
service running at the edge site.
Change-Id: I42af3e39da76ae94ca7bbf2797f776c28a75f7e7
Depends-On: Ib7fac4f37ef02d8f577abc98e4cc78b750caba54
With the OS change to version 8, the qemu-kvm-common package
name changed to just qemu-kvm-common instead of qemu-kvm-common-ev
or qemu-kvm-common-rhev. This adds a condition for the major
OS version.
Change-Id: Idd69c687232a10fcb6db79a8b835a1576b7558dd
Closes-Bug: #1862921
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).
A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.
Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
To avoid empty volumes like:
{
(...)
"volumes": [
"/etc/puppet:/etc/puppet:ro",
(...)
"",
""
],
}
Replace '' by [], so heat won't create an item in the list.
It helps to have idempotent containers, since podman_container module
will compare the list of volumes that is given in parameters (containing
the empty entries) vs the list of volumes actually in podman inspect.
Replacing to [] clears out empty volumes and makes these containers
idempotent when podman_container module is used to deploy containers.
Change-Id: I228b01009e7d9980bee5480778dbc88b9e226297
The next iteration of fast-forward-upgrade will be
from queens through to train, so we update the names
accordingly.
Change-Id: Ia6d73c33774218b70c1ed7fa9eaad882fde2eefe
Deployment is failing with error [1] because the owner/group
of the TLS generated certificate and key were set to 'qemu'.
This user and group exist on compute nodes, but not on controller.
[1] Error: Could not find group qemu"
This patch adds 'qemu' user/group on controller node to
resolve the issue as this user is required to retrieve the cert,
used by the VNC proxy, the same way as on the compute nodes.
Change-Id: I3aa774c06d91a3b67726fad0d0ca409cda5b78b9
Closes-Bug: #1860971
auth_uri parameter in authtoken was already removed from puppet modules[1],
so remove it from hieradata.
Also, some service templates missed www_authenticate_uri, which was
introduced as a replacement of auth_uri, so add it to make sure that
we have a correct parameter confugured.
[1] I12b4049e4942911c8d1d8027c579eb4c0d1a53eb
Change-Id: I1e8378f58662377344194916e8bc336df02d0591
Currently during a node scale down using openstack overcloud
node delete, we assume the that nova-compute is enabled on the
node and is working as expected. However, the node scale down
fails in cases where the node being scaled is not correctly
behaving as a compute node (nova containers not running/reporting
to the overcloud). This patch includes a check to only disable
and stop nova services if they are running. We ran into this
scenario when we wanted to scale down a node that did not cleanly
deploy as a compute node due to failure in step 5 in a large scale
environment.
Change-Id: Ic8225af65c409b6a32d4bb2def370c7c802147fa
Co-Authored-By: Luke Short <ekultails@gmail.com>
Closes-Bug: #1860694
Signed-off-by: Sai Sindhur Malleni <smalleni@redhat.com>
Certain config containers might need to be replaced and re-run
regardless of whether configuration changes on update and upgrade.
Adding the DeployIdentifier to the env will ensure that they are.
Change-Id: I150212ebac3fed471ffb4e7ed7b6eb6c7af3fad9
Closes-Bug: #1860571
In nova, enable_numa_live_migration was deprecated in train release,
so remove the corresponding parameter, NovaEnableNUMALiveMigration,
in templates.
Change-Id: I9616b290bf4ee6fefee66efb6924a3fd6699ccae
Ansible has decided that roles with hypens in them are no longer supported
by not including support for them in collections. This change renames all
the roles we use to the new role name.
Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae
Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
While we can specify keystone region where all keystone resources
are created, currently we don't set the specified region correctly
in credential configurations used for authtoken middleware.
Configure region parameter for authtoken according to the parameter
KeystoneRegion so that we're consistent about the region where
we expect to have service users created.
Change-Id: Icc0ee9a859c2c67cae92339c6b4102946150269f
This one's a little tricky, so improve the documentation around it to
help avoid later confusion.
Change-Id: Idfa9887cb2a3b5f3d5a594f0e7c69c79c817c950
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
When we scale down a compute in an additional cell, disabling the compute
service fails in scale down tasks as the workflow of scale down a compute
from an additional cell is [1]:
- migrate off instances from the compute or delete them
- remove the compute from the cell (nova-manage command)
- scale down the cell stack
Until we have fully automated scale down of a compute from an additional
cell, don't run disable of compute service as we have already removed it from
cell in pre steps.
[1] https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/deploy_cellv2_manage_cell.html#delete-a-compute-from-a-cell
Change-Id: Ie699d7d3367652f4a4dfcb5bf7e52b81c4325aae
Closes-Bug: #1859825
Previously, novajoin was relying on hiera data to populate endpoints in
keystone, but that recently changed for the rest of the OpenStack
services. This commit updates novajoin to use the same approach with
EndpointMap. Otherwise, deploying the undercloud fails with an error
message similar to the following:
Cannot create an endpoint with an invalid URL: http://%{hiera('ctlplane')}:9090/v1/.
Change-Id: I0e177a5e21ed9fb5eacba7a766c153ba99af34ae
Make sure we depends on a systemd service by having the .service in the
service name that we depend on.
Otherwise it leads to errors in /var/log/messages:
Failed to add dependency on openvswitch, ignoring: Invalid argument
Change-Id: I35230c6dfd8bc7ea2c45f7d2e1e5b5f4316a9375
Previously nova-compute would launch libguestfs using the default
``qemu:///session`` backend that would attempt and fail to launch an
instance of libvirtd locally within the container. This change forces
libguestfs to use the same ``qemu://system`` as nova-compute itself uses
when launching instances on the host.
Change-Id: Ib55936ea562dfa965be0764647e2b8e3fa309fd6
Like we did for paunch-container-shutdown.service, we need to have the
dependency on the new service tripleo-container-shutdown.service managed
by TripleO Ansible which will replace Paunch by default soon.
Change-Id: Idd005b3b8a4fc2a8438798a5c376f6d9dd64ce5f
Provide option to set reserved_huge_pages in puppet-nova.
Ex. NovaReservedHugePages: ["node:0,size:2048,count:64","node:1,size:1GB,count:1"]
will reserve on NUMA node 0 64 pages of 2MiB and on NUMA node 1 1 page of 1GiB
When NovaReservedHugePages is set, "reserved_huge_pages" is set to the value of
NovaReservedHugePages. If NovaReservedHugePages is unset and OvsDpdkSocketMemory is
set, reserved_huge_pages value is calcuated from KernelArgs and OvsDpdkSocketMemory.
KernelArgs helps determine the default huge page size used, the default is set to
2048kb and OvsDpdkSocketMemory helps determine the number of hugepages to reserve.
when both NovaReservedHugePages and OvsDpdkSocketMemory are unset, then
NovaReservedHugePages set to default value [].
Change-Id: I8c7a8cb6ebf46130f5d102d281f9b736029b5390
Closes-Bug: #1852385
libguestfs expects to find /boot/vmlinuz-* for the running version of
the kernel. This check is duplicated in nova-compute when libguestfs has
failed to launch, providing a useful bread crumb for operators [1].
Obviously when this is called from within the nova-compute container in
the context of a TripleO deployment this can easily fail after a minor
update that has pulled in a newer container containing a newer kernel.
This check could also fail in the opposite case if the host kernel is
updated past the version present in the container.
This change works around this by simply passing /boot as read-only
through to the nova-compute container ensure libguestfs is able to
always find the correct version of vmlinuz.
This should also allow us to eventually drop the kernel RPM from the
nova-compute container that has been a constant source of maintenance
overhead in terms of CVEs etc.
[1] aa096fd183/nova/virt/disk/vfs/guestfs.py (L75-L97)
Change-Id: Iadef8f3300bb1b5b995052c1a35a1becbfd5730c
- Force fact gathering so that we're ensured to have the proper FQDN
- Update start squence so that our scale down process is not starting
from irrelevant steps
- correct list evaluation. The compute service argument should have one
item in the list. Prior to this change it was expecting zero items,
which was causing the removal tasks to skip.
Co-Authored-By: "Cedric Jeanneret (Tengu) <cjeanner@redhat.com>"
Co-Authored-By: "Emilien Macchi <emilien@redhat.com>"
Co-Authored-By: "Kevin Carter (cloudnull) <kecarter@redhat.com>"
Change-Id: I7c1615685718924e872a2f9173b15c63bba8c482
Closes-Bug: #1856062
Introduces two new parameters to configure the archive deleted
instances cron job.
1) NovaCronArchiveDeleteAllCells
To make sure deleted instances get archived also from the cell0
in a single cell deployment and also in additional cell databases
in case of a multi cell deployment.
2) NovaCronArchiveDeleteRowsAge
--before is required to prevent the orphaning of libvirt guests
if/when nova-compute is down when a db archive cron job fires.
This change also modifies
1) the default from 100 to 1000 for NovaCronArchiveDeleteRowsMaxRows
to match the default from the nova-manage command instead the default
of 100 from the puppet-nova parameter.
2) changes the default for NovaCronPurgeShadowTablesAllCells from
false to true also the nova-manage db purge command needs to run
for all cells instead of only the default cell.
Depends-On: https://review.opendev.org/696900
Depends-On: https://review.opendev.org/697299
Change-Id: I91cb1e16f65b23117235d4eac76f03748b47e926
When podman parses such volume map it removes the slash
automatically and shows in inspection volumes w/o slash.
When comparing configurations it turns to be a difference and
it breaks idempotency of containers, causing them to be recreated.
Change-Id: Ifdebecc8c7975b6f5cfefb14b0133be247b7abf0
This patch is fixing following issues, which makes rsyslog service
to fail to start successfully:
- Changes LoggingSource configuration key 'path' to 'file' for various services
- Fixes LoggingSource configuration key 'startmsg.regex' for pacemaker
- Removes nonexistent log files from LoggingSource of keystone
Change-Id: I7fe6456a1d2a3ba4300a82c57b76774152422250
Nova services are now running in the containers but we have still
a lot of libvirt packages installed on Overcloud systems.
To delete unnecessary packages on host systems I'm removing following
dependencies:
* modifying NovaLibvirtGuests service to run in containers and generate
config files for libvirt-guests
* removeing hard dependencies for libvirt-guests service to
virt-guest-shutdown.target.
packages.
Change-Id: I2d0557127f88a492b283897767e57ea126adfe83
Closes-Bug: 1842932
This change updates our scale down process to ensure that we're
searching for and matching only the one host that intended to
be remove during the task execution. The process will now use
the `ansible_fqdn` fact as the search criteria and ensure we're
only ever interacting with one known host.
* If the search criteria returns more than one value the task
will fail indicating why it failed and return data on the
failure.
* If the search criteria returns no values, it will be assumed
that the compute service is already disabled and has been
removed.
Resolves: rhbz#1495489
Closes-bug: 1853644
Change-Id: I2f684191b146e0f6a28b98d7c0080e6eab14f2d9
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change sets healthcheck command for nova-virtlogd container,
which is added in tripleo-common repo in change [1].
[1] I9c76855169448a125541c94d480a4afd49ff6d0e
Depends-On: https://review.opendev.org/#/c/693674/
Change-Id: I787edced7c14d04b2fe2342c4b3c830a329dbaf9
This change converts our filewall deployment practice to use
the tripleo-ansible firewall role. This change creates a new
"firewall_rules" object which is queried using YAQL from the
"FirewallRules" resource.
A new parameter has been added allowing users to input
additional firewall rules as needed. The new parameter is
`ExtraFirewallRules` and will be merged on top of the YAQL
interface.
Depends-On: Ie5d0f51d7efccd112847d3f1edf5fd9cdb1edeed
Change-Id: I1be209a04f599d1d018e730c92f1fc8dd9bf884b
Signed-off-by: Kevin Carter <kecarter@redhat.com>