With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
Neutron's dns_assignments field includes a nice pice of
structured data. This is a prerequirement for Designate
usage. (No plan's to use that, but being a bit ready
does'nt hurt.)
{"hostname": "my-vm",
"ip_address": "192.0.2.16",
"fqdn": "my-vm.example.org."}
Enable for the undercloud:
- dns_domain_ports ml2 extension driver
Change-Id: I46eb9a24dd66821b27524fe4d1fdab617b6fa948
Replace the python script that was run on post-config, by an Ansible
task running on the host where Keystone is running.
It'll be useful later when using OpenStackSDK to have access to the
credentials during the deployment and not having to wait the far end.
It's also reducing the Heat resources.
Depends-On: https://review.opendev.org/#/c/700015
Change-Id: I585abc3e6a3b9b8ae9183e0b5170df2e39301e17
Use the parameter UndercloudCtlplaneIPv6AddressMode
to control ipv6 address mode for the provisioning
network instead of hard-codeing to dhcpv6-stateless.
Change-Id: I549f930853539a7cd665a00d7ec3fd1705f819fb
Closes-Bug: #1847606
Depends-On: I7de5f5487065d20068229e0d34102be6119fbeef
Moving undercloud deployment to container means that during execution
of undercloud backup mistral-executor does not have required connections
and data available and so creates empty tarball currently. This patch is
one of many, which are supposed to fix this. On THT side we need to:
- Include DB host IP address in tripleo.undercloud-config env
- we need to have this information about undercloud IP available
as we cannot connect to local socket anymore and using 'localhost'
does not work.
- Mount directories which are meant to be backed up
- currently directories backing up directories local to mistral_executor
are useless for undercloud backup
Change-Id: Ia1fd60a13570a42f5243beb5bb0487c743e31d27
Partial-Bug: #1812960
Those are hidden resource types in heat. Changing these types
would not result in replacement of the resources.
Change-Id: I22d23a8f187263bd36e364f0cd3301c830f3220b
Use the DNS nameservers for each ctlplane subnet,
instead of using the same DNSServers for all subnets.
Related-Bug: #1834306
Depends-On: I0dc03eddf9ea00ff33cd3ae0cdc8f42a4961e89c
Change-Id: I4c102d8f728a90cf9eb90f6129738377a8d2503c
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.
This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.
Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
We need to include also the Undercloud DB in a Mistral
environment to be able to create the DB backup from the CLI.
Now, we do this using python and THT but we didn't include it.
Change-Id: If503e733b103a34ae5639eb56dfae05f9783d59a
Closes-Bug: 1812839
Add the cloud to clouds.yaml for the undercloud so
that it is available for post deploy script's.
The clouds.yaml is created both in the stack users
home directory ~/.config/openstack/clouds.yaml and
globally for the system in /etc/openstack/clouds.yaml.
Update standalone post configuration to use the same
code to create and update clouds.yaml on standalone.
clouds.yaml is used when setting up client's in other
post scripts instead of passing all the options to
each script.
Partial-Bug: #1801927
Change-Id: I6402fa561745bacf184b1ad2ada44bf8f7c75324
Configuring Nova (quota, flavors) and Mistral (workbooks,
workflows, etc.) is a lot faster if we do it in python.
Initial undercloud install - 3.5x faster
----------------------------------------
Run deployment UndercloudPostDeployment ---- 130.50s < Shell
Run deployment UndercloudPostDeployment ---- 37.39s < Python
Re-Running undercloud install - 10x faster
------------------------------------------
Run deployment UndercloudPostDeployment ---- 405.01s < Shell
Run deployment UndercloudPostDeployment ---- 39.95s < Python
Change-Id: If7b3ad701e434ed0d606356b9bbab2716d53c5bb
_run_command() returns the output of the command executed.
If the Neutron API is disabled it would return the string
'false' which is in fact True as far as python is concerned.
We also need a depends_on to ensure the link to hiera.yaml
created in extraconfig/post_deploy/undercloud_post.sh is
already in place.
Change-Id: Iec958a92433d3f671862422ac85bc78d7babc01d
With the move from instack-undercloud to containerized undercloud, the
hiera key to check for whether the tripleo-validations are enabled
changed from `enable_validations` to `tripleo_validations_enabled`. This
commit updated the check in undercloud_post.sh to use the right key. It
also removed the useless EnableValidation heat param.
Change-Id: I338e139fa770ebb7bdcc1c0afb79eec062fada8b
The get_param call wasn't properly formatted
and the script was being rendered with the
following enabled_validations content:
enable_validations=[{u'get_params': u'EnableValidations'}]
Closes-Bug: #1786953
Change-Id: I6c1de0295cb1da4e72b447b78847e1b586b40e4a
If there is nothing set for the CA, discard the value. This way we can
ignore this value when using trusted certificates.
Change-Id: Ia0085c43fe9468cd1827f6e4ae39f48ce0e398b6
Related-Bug: #1785059
Nameservers are configured on the ctlplane subnets by the
undercloud installer, the nameservers are used early during
the deployment, prior to running os-net-config.
Remove the default DnsServer's in THT, replacing it with
an empty list and use get_attr to get the values for
DnsServers for the overcloud from the ctlplane subnet(s).
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not [] (default)
to provide backwards compatibilityi and in case the user
want to use different DnsServers for the overcloud and
undercloud.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd
This fixes TLS errors when anything using python-requests is run
from a virtualenv.
Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f
Closes-Bug: #1771565
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.
Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
- Replicate what has been done in _post_config_mistral
(instack-undercloud)
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.
Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.
Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
Add a parameter to control the homedir of the
Undercloud user. Useful if you don't want stackrc
and ssh creds in /root/
Change-Id: I2ad703689b600280b2c1ab1752654f2d334cb6db
Co-Authored-By: Ian Main <imain@redhat.com>
Commit 5a400f8011c482abd9c0b550f566bb452159a383 broke the stackrc for
the containerized undercloud, making all the openstack commands fail
with:
Cannot use v2 authentication with domain scope
This replaces the OS_TENANT_NAME variable with OS_PROJECT_NAME to and
switch to versionless auth_url to use keystone v3 instead.
Change-Id: I869adb75294b38c61e508870a69e1637bb410a94
Closes-Bug: #1719796
Add a new roles data YAML file and environment to help
create the undercloud via t-h-t.
Partially-implements: blueprint heat-undercloud
Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861