Neutron OVS DVR requires a L3 agent container with a special
configuration on the compute node.
Change-Id: Iab06c11de90b8ebc7dc6bd946367e5693a4a0f71
Closes-Bug: #1717316
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.
It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.
Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
Instead, rely on local_interface parameter from undercloud.conf like it
was with instack-undercloud.
Depends-On: I94de786a4e2d6bfbc66e08f32ea65c217ea35268
Change-Id: Id46256b66aa43c38a6a6501d2f26dfb85009b1ef
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.
Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
As we discovered bug #1768586 we'll need to make sure that every
parameter tweak in plan is followed by a stack update.
So far the Ceph upgrade command did set param -> stack update -> unset
param (only in plan). However this means the last CephAnsiblePlaybook
setting (back to normal deploy playbook) was discarded.
Let's reuse normal converge commands to converge CephAnsiblePlaybook
too, and we can remove the (now unused) ceph-upgrade-converge.yaml. We
won't do more stack updates than necessary, and at the same time the
user workflow stays somewhat consistent between envs that do and don't
have Ceph.
An alternative would be to run the as part of the Ceph command, but
that either means we'd have to run one more stack update then
necessary, or skip the last converge in envs with Ceph, and
essentially diverge further from the non-Ceph workflow.
Change-Id: If596531cbb1e750ed67e66391743f4c1833e4337
Depends-On: I025eac40f8bda5f23c789e7fef1a9e9b49947f66
Partial-Bug: #1768586
- Enable heat convergence for containerized undercloud
- Set max_json_body_size=4194304 for containerized undercloud.
- Introduce HeatMaxNestedStackDepth parameter.
- Introduce HeatReauthenticationAuthMethod parameter and configure it to
'trusts' for the undercloud.
Change-Id: I044bf29e7ae320a478e0ba0eb12870f47735d4f1
Instead of serving images via slow and somewhat unreliable iSCSI protocol,
this deploy method makes IPA download them from the undercloud Swift.
Change-Id: Ic569358b781337ec6ba8ba802ada1f940917bd61
Implements: blueprint ironic-direct-deploy
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl
parameters that we use in the same environment generate but since the
script did not fail, it made it past CI. This change fixes the
RabbitClientUseSsl parameter in the environment to match the new
RpcUseSsl flag and updates the check script to fail if this happens
again.
Change-Id: I47c63875c6934bca2903883787467fc1804ba5da
Closes-Bug: #1768358
For deploying with hw offloading in containers, we should use the
ovs-hw-offload.yaml file with neutron, opendaylight and ovn.
In case of "ovn" deployment we need also:
"environments/services-docker/neutron-ovn.yaml"
and in case of "opendaylight" we need:
"environments/services-docker/neutron-opendaylight.yaml"
Change-Id: Ic844466954cde3b7206ab6a209ded6abb1acbbf6
Purpose is to ensure that any mapping previously used to enable
config-download is reset to perform a regular Heat stack update on
ceph-upgrade. We may need to do "update/upgrade/ffwd -> ceph ->
converge" instead of the previously assumed "update/upgrade/ffwd ->
converge -> ceph".
This also removes the no-op of DeploymentSteps -- we need them enabled
during Ceph upgrade as we need firewall rules applied.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Closes-Bug: #1767318
Related-Bug: #1767317
Change-Id: I52312ffcd438c354872ab3c74138b47ae71aab4b
Mark regular non-containerized services with FIXME
to be switched, once it is containerized
Do not mark yet an external/backend/plugin/host-config
related puppet services templates with that FIXME
Mark puppet/services/ceph- related templates as TODO
switch it to containerized ceph-ansible eventually, maybe.
Change-Id: Ib9fbad05eeb57dc641499fbf411cb5870da7a8e9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Updates overcloud-resource-registry.j2.yaml to include the mappings from
enviornments/config-download-environment.yaml. This enables
config-download by default. The environment to explicitly enable
config-download is deprecated.
An environment at environments/disable-config-download.yaml is added
which can be used to disable config-download but is marked as
deprecated.
Change-Id: I8389a0c48e1aa610fdc6a8580516889340883034
implements: blueprint config-download-default
This patch will fix few issues with deploying baremetal services:
1. Fix NeutronCorePlugin path.
2. Add Cinder service.
Change-Id: Ia60518837e7c6c9549f6637c3236140361fbc790
These will disable OS::TripleO::DeploymentSteps on prepare, to allow
for a Heat stack update without triggering a puppet apply and then
restore the Heat resource and the Ceph ansible playbook on converge.
Change-Id: Ie765b429c4cb36d9dd616584cc1d4f45184fa1b8
This commit will also provide third party vendors an option
to pass all the puppet tags that will configure the files needed
to enable their plugin.
Change-Id: I60feb19bf65aef82cfa56822e8ef79f13f70913d
This change adds a configuration script that sets up Swift temporary
URL key, if it is not set up otherwise. This key is required for both
ironic "direct" and "ansible" deploy interfaces.
The "direct" deploy interface is then enabled for the undercloud.
Implements: blueprint ironic-direct-deploy
Change-Id: I3cbc51831fc3e185f907b44da654f71aa0f4c420