- removes duplicate keys from yaml files by assuming that the last
one was the desired one (matches current loader behavior)
- prevent regressions by activating yaml lint rule that detects them
(yaml skip was silencing all yaml checks, so the long list seen
is in fact shorter than just 'yaml')
- includes sorting of some of the keys, was needed in order to spot
the duplicates.
Change-Id: Idf5c0041a0c6d3ed7d5d49fb68be856719916663
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
This is a continuation of change id I27ac0a536624f5461809df771a58a6e57fec0661
The port_forwarding service should be included as part of the default
NeutronServicePlugins value.
Closes-Bug: #1877447
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Change-Id: Ib35fdae76f16f7e0f993587056b7759aeceff061
NeutronServicePlugins needs to include 'log' in order to support
the security-group logging functionality.
Also added log to deployment/neutron/neutron-base.yaml as part of
the default NeutronServicePlugins.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/768129
Change-Id: I08fedd65bb4c97bbd73bf966ae763e4cdedebab2
Related-Bug: #1914757
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
If the port cleanup takes too long, the neutron agents might begin
operations on the ovs bridges while cleanup is still ongoing. This can
cause undefined behavior and errors in the agent.
Change-Id: Ia0e31c9469033c50a8b65af7fee1adf03b22d4c2
Closes-Bug: #1913623
This reverts commit b3ec034649.
Reason for revert: The patch was introduced as a workaround
to fix the leapp issue reproduced in v0.10.0 which throws
exception when the interface is not found. But with the
recent version of the leapp package, the issue is not
reproducible. The leapp upgrade completes succesfully
even with VFs present. Though the actual leapp commit which
fixed the issue not traced, the issue is no more present.
This workaround can be removed from TripleO, so that
nic paritioning FFU can be supported.
This revert is required for nic paritioning FFU, because
resetting the VFs will hang, when one of the VF is bound
to the vfio-pci (DPDK) driver.
Change-Id: I5ab1d2925989fc3da62e6045e56a7bd017c8ec4c
For some reason, after queens to train FFU, when drive pci
whitelist is executed, the hiera output is shown with the
default output format 'ruby' (with => instead of :). This
results in json parsing error. Force the output to be json
which will work for regular and the ffu cases.
Change-Id: I065ec0e7ae14530f6bf4f6fe356e885ba2b30d7f
Convert the NotificationDriver to a comma_delimited_list.
This will still not break existing templates because passing
a string is still completely valid. This is done so that the hiera keys
will be passed down as lists.
The oslo::messaging::notifications::driver expects a list anyway so this
won't break things and will allow us to actually specify multiple
notification drivers correctly. The change that allowed
oslo::notifications to use both strings and lists is
If65946412b42e0919456ed92fdd8e3788ad67872 (Messaging notifications
should be set as a list)
Related-Bug: #1851629
Change-Id: I24c860cd3121e5c307233864818ca86967ff6d72
Adding the ability to specifies the private key size
used when creating the certificate. We have defined the
default value the same as we have before 2048 bits.
Also, it'll be able to override the key_size value
per service.
Depends-on: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
Change-Id: Ic2edabb7f1bd0caf4a5550d03f60fab7c8354d65
With an existing BZ #1898664 on dracut does not create ramfs with
vfio_iommu_type1 module, because which loading vfio-pci during the initramfs
fails to load this module. Because of this dpdk ports are added in ERROR
state. It requires a restart ovs to bring to normal state after ffu is
complete. As a workaround, the module-load file vfio-pci.conf is removed
before upgrade, which will ensure that vfio-pci is not loaded during initramfs
and it will be loaded when driverctl configures the vfio-pci driver to the
interface.
Closes-Bug: #1905533
Change-Id: I752a764a53e90fcb17e414d4900bb186fa689f45
Since 20.09, OVN supports VXLAN type for inter-chassis communication.
This patch also gets rid of no longer needed override for
NeutronNetworkType for OVN, moving the constraints into generic ML2
definition list. The constraints list is extended to include vxlan.
Depends-On: I81c016ba9c91282d1bebb40a282077e14ce4bd6b
Change-Id: I447458c344a8817f3cfacba06f3410d500ed1f59
Rename Tripleo Service for NeutronMl2PluginBase from
OS::TripleO::Docker::NeutronMl2PluginBase to match with other services
as OS::TripleO::Services::NeutronMl2PluginBase.
Change-Id: I38d2fb5e9f0daba4c519343e88cd51e07dd00300
This change enforces the usage of internal api for token verification,
so that internal requests to keystone uses internal endpoint instead
of admin endpoint which is deployed on provisioning network by default.
Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63
Closes-Bug: #1899266
Currently we disable Telemetry services like Ceilometer by defaut,
which means that we don't have any consumers for notification messages.
So NotificationDriver should be set as noop by default so that we don't
have unconsumed messages in notification queues.
Change-Id: I1d05749c94bd58ad4badafa7d9755009cb4b64af
Closes-Bug: #1869355
Fix the tasks that remove the temporary namespace when running in check
mode.
Checking that the rc variable is actually defined.
Change-Id: I1f0512532f564d58343440bd0a6594da9609b65d
Currently initialization of db is implemented as an independent task
in tripleo-heat-templates and not triggered by puppet.
In puppet, all of sync db jobs are implemented by exec resources but
"exec" is not included in puppet_tags enabled, so these implementations
in puppet are never triggered.
This patch removes sync_db parameters from templates because they are
ineffective and misleading.
Change-Id: Id231c612d8ef0ebc27bf87e0b2acbb76d89c9801
We no longer run on 8.0 so we should be good reverting that workaround.
This reverts commit b1d82e6acb.
Change-Id: Icb5e88fa55a76207130599a5caa8592e96ee5f09
Leapp's actor persistentnetnamesconfig will try
to apply the nic names based on the mac address.
Whlie collecting the data, leapp will also add the
VFs details to RHEL7 catalog (leapp.db). But when
RHEL8 ramfs boots, it will not find the VF interfaces.
VFs will be configured using sriov_config service
on boot (not applied during upgrade). Remove VFs
before leapp upgrade as a workaround.
Closes-Bug: #1890769
Change-Id: I5054d5970e6c88cf3cdcd9c3850ef926040bc827
Now that the FFU process relies on the upgrade_tasks and deployment
tasts there is no need to keep the old fast_forward_upgrade_tasks.
This patch removes all the fast_forward_upgrade_tasks section from
the services, as well as from the common structures.
Change-Id: I39b8a846145fdc2fb3d0f6853df541c773ee455e
Earlier, the derived pci passthrough whitelist includes the address,
vendor and product details only. This is not sufficient for nova to
allocate the VFs to the guests. Now, all the fields of the user_config
shall be used in the derived passthrough_whitelist. Only either of 'address'
or 'devname' shall be provided in passthrough_whitelist, and since the
'address' fields are must have to specify the induvidual VF's, the
'devname' is removed if present.
Change-Id: I5a337a67893241e1443ca2c3721f4c9dd78b95c8
When running Ansible in check mode (aka dry run), some tasks need some
changes, specially around variables and make sure they are actually
defined.
Change-Id: I337aa287f1c88a0e2707b441fc6b19b997d52385
There is no real value using /var/run instead of /run, especially since
/var/run is a symlink to /run.
This patch also removes duplicated mounts due to this very symlink.
Change-Id: Iaced2ba676a4e4f651c67da082797cc1c1ffccd1
These tasks are really should be managed a single time against the host
rather than at deployment time.
Change-Id: I535d8360493267d50196aebb6365124b67e9ba78
Related-Bug: #1883609
For containers which run httpd, make sure conf.modules.d is also synced
into the container; so apache doesn't fail with:
AH00534: httpd: Configuration error: More than one MPM loaded.
This is now required since:
6425cc46a8
Change-Id: Ib315d10dbdbbad1628f536a74cd1fca371f018f5
Closes-Bug: #1884115
Sorin Sbarnea