Commit Graph

2864 Commits

Author SHA1 Message Date
Zuul
098df978cf Merge "Make clustercheck service accessible over socat" 2021-05-23 02:30:39 +00:00
Zuul
e4e1f3f880 Merge "Move ceph_admin_extra_vars logic to tripleo-ansible" 2021-05-22 19:27:01 +00:00
Zuul
f7c88f625a Merge "Cleanup optional flag for conf.modules.d" 2021-05-22 15:52:58 +00:00
Zuul
2a74d26ea7 Merge "Simplify pacemaker service templates" 2021-05-22 15:52:17 +00:00
Zuul
35377d7c6f Merge "Added the posibility of skipping the NFS ping test on the rear installation" 2021-05-22 04:09:45 +00:00
Zuul
3141aab255 Merge "Simplify openvswitch and ovn service templtes" 2021-05-22 04:09:20 +00:00
Zuul
fbd67550ea Merge "Simplify octavia service templates" 2021-05-22 04:09:12 +00:00
Zuul
ff5c2c91d3 Merge "Use server side env merging for ServiceNetMap/VipSubnetMap" 2021-05-21 05:48:23 +00:00
Zuul
1606d81855 Merge "Simplify nova service templates" 2021-05-21 05:00:02 +00:00
Alex Schultz
2aa1f6364b Cleanup optional flag for conf.modules.d
This was for a bug that has since been cleaned up via a promotion.

Change-Id: I1332dd82c60113cfa2e19878da66eb4170fbb4f7
Related-Bug: #1884115
2021-05-20 13:38:47 +00:00
Damien Ciabrini
ad95ac04e2 Make clustercheck service accessible over socat
Allow clustercheck to be started on-demand by socat in addition
to xinetd. Make socat the new default as xinetd will get deprecated
eventually.

Depends-On: Ie7ede82a755e729d66e077f97e87b3d6c816ed3c
Change-Id: I7d87b5861a576cf4849a25cd1d3f5e77568de1e4
Closes-Bug: #1928693
2021-05-19 18:54:11 +02:00
Zuul
e5fd6c0aec Merge "Introduce CephHciOsdCount and CephHciOsdType" 2021-05-19 14:26:19 +00:00
ramishra
b253d564f7 Use server side env merging for ServiceNetMap/VipSubnetMap
This simplifies the ServiceNetMap/VipSubnetMap interfaces
to use parameter merge strategy and removes the *Defaults
interfaces.

Change-Id: Ic73628a596e9051b5c02435b712643f9ef7425e3
2021-05-19 10:16:58 +05:30
ramishra
f606968dda Simplify pacemaker service templates
Change-Id: Ic6bae9aa0ce400d2e3de714b40490ad6e1906ba3
2021-05-18 08:07:15 +05:30
ramishra
e172a7ff4e Simplify openvswitch and ovn service templtes
Change-Id: I1856bbad6654b35b2f82b44dd39e3883a436a7a4
2021-05-18 08:07:15 +05:30
ramishra
094918d859 Simplify octavia service templates
Change-Id: I96266bd25093a77d3ce26921e6aaed70cfbb4fb8
2021-05-18 08:07:13 +05:30
ramishra
0a4904aff9 Simplify nova service templates
Simplifies conditions and verbosity.

Change-Id: If38a9ebc91741ca7201d053195033413a13480b5
2021-05-18 07:56:06 +05:30
John Fulton
9fb6b36f14 Move ceph_admin_extra_vars logic to tripleo-ansible
Instead of creating ceph_admin_extra_vars with
distribute_private_key always set to true, set
that variable to true only when appropriate based
on logic in the depends-on patch.

Also, it is not necessary to override the values of
tripleo_admin_generate_key or ssh_servers to create
the ceph-admin user for cephadm.

Related-Bug: #1928717
Depends-On: I8343c419c140670f01bdc94b4c8130004bac64e1
Change-Id: I2bacf82f85e5c78f5ae603460919cf3ff7130e9c
2021-05-17 20:20:44 +00:00
Zuul
9817101b42 Merge "Do not log amphora ssh keys" 2021-05-17 19:19:55 +00:00
Zuul
60cbf5eafc Merge "Disable tunneled mode when use_tls_for_live_migration" 2021-05-17 17:09:06 +00:00
Martin Schuppert
3a472cbbe8 Disable tunneled mode when use_tls_for_live_migration
With recent version of libvirt, nova-compute don't come up
correct when tls-everywhere (use_tls_for_live_migration)
is set. The enable_live_migration_tunnelled condition
did not consider tls-livemigration and got disabled.
Nova-compute fails to start with:

2021-05-12 12:49:09.278 7 ERROR oslo_service.service nova.exception.Invalid: Setting both 'live_migration_tunnelled' and 'live_migration_with_native_tls' at the same time is invalid. If you have the relevant libvirt and QEMU versions, and TLS configured in your environment, pick 'live_migration_with_native_tls'._

This change enhance the enable_live_migration_tunnelled
condition to not configure tunnelled mode when
use_tls_for_live_migration is true.

Closes-Bug: #1928554
Related-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1959808

Change-Id: I1a6f5d3a98d185415b772fa6a94d6f4329dc59a0
2021-05-16 10:10:36 +02:00
Michele Baldessari
96a2c3742c Remove unused cvol_active_active_tls_enabled condition
It is not being used in this file. So let's remove it from here.
The only place it is used is the cinder-common-container-puppet.yaml
file:
$ grep -ir cvol_active_active
deployment/cinder/cinder-common-container-puppet.yaml:  cvol_active_active_tls_enabled:
deployment/cinder/cinder-common-container-puppet.yaml:            - cvol_active_active_tls_enabled

Change-Id: Id344f7f06eca903351b46bc5961bd9a749672bd7
2021-05-15 10:10:59 +02:00
Juan Badia Payno
86daa77b37 Added the posibility of skipping the NFS ping test on the rear installation
Also changed the CI to skip this test.

Depends-On: Ibbf7ba3435da8dc9218403df76f0eb86df4374db
Change-Id: Ib6000467f830037c3d9721a3b6ebf06523225f98
2021-05-13 08:59:37 +02:00
Zuul
8b3aa7ff66 Merge "Fix hiera variable used to set cinder's backend_host" 2021-05-13 04:44:55 +00:00
Zuul
4ef66a7386 Merge "Fix container security_opts type" 2021-05-13 02:30:12 +00:00
John Fulton
f14bfb14c7 Introduce CephHciOsdCount and CephHciOsdType
CephHciOsdCount is the number of expected Ceph OSDs per HCI node.
CephHciOsdType is the type of data_device (not db_device) used for
each OSD and must be one of hdd, ssd, or nvme. These are used by
the Ansible module tripleo_derive_hci_parameters. Since CephOsdSpec,
as used by cephadm, might only specify a description of devices to
be used as OSDs (e.g. all devices), and not a list of devices like
CephAnsibleDisksConfig, setting the count directly is necessary in
order to know how much CPU/RAM to reserve. Similarly, because a
device path is not hard coded, we cannot look up that device in
Ironic to determine its type.

Closes-Bug: #1920954
Depends-On: Ia6bbdf023e2a0961cd91d3e9f40a8a5a26253ba3
Change-Id: Iccf97ca676ee6096e47474c571bd4f53381ce1c9
2021-05-12 20:47:02 +00:00
Brent Eagles
c65058889e Do not log amphora ssh keys
This patch adds a no_log clause to external_deploy tasks that might
result in an SSH key getting logged.

Change-Id: I2a38a48aabdc167134aee757cd5270af4c498c8d
Related-Bug: #1918138
2021-05-12 15:48:08 -02:30
Zuul
825d28d20c Merge "Fix RoleParameters in tuned-baremetal-ansible.yaml" 2021-05-12 17:21:30 +00:00
Alex Schultz
89f5960125 Fix container security_opts type
The podman container module expects security_opts to be a list but
ansible is magically handling this. Rather than rely on the ansible
behavior, let's explicitly specify it as a list.

Change-Id: Ib88ed7d17547209f383cdf2f0449c02d06e41e2d
2021-05-12 13:32:17 +00:00
Alex Schultz
742dc894f6 Stop handler flush
With https://review.opendev.org/c/openstack/ansible-role-chrony/+/647947
this is no longer necessary as we are not using handlers. Additionally
using handlers is no longer recommended with tripleo_free.

Change-Id: I8d52b0bbacc9af4a101793323e02191b18243cba
2021-05-10 08:00:36 -06:00
ramishra
6e236a4e1f Fix RoleParameters in tuned-baremetal-ansible.yaml
Though we've role specific parameters we don't seem
to honor them.

Related: https://bugzilla.redhat.com/1958418
Change-Id: I0946b3f4f48688dd3dc747ae31f48c9676687cbc
2021-05-10 13:57:34 +05:30
Zuul
2732d826c8 Merge "Enable configuration of omamqp1 plugin" 2021-05-07 00:39:33 +00:00
Zuul
f6efe31ce9 Merge "Do not ask for cephdashboard certificates when it is disabled" 2021-05-05 16:12:14 +00:00
Zuul
0b30e7428a Merge "Introduce nova virtlogd wrapper" 2021-05-05 12:27:51 +00:00
Zuul
eded47e014 Merge "Simplify neutron service templates" 2021-05-05 09:06:14 +00:00
Zuul
40528d4a86 Merge "Refactor OVN bridge MAC addresses" 2021-05-05 06:17:21 +00:00
Zuul
b974735469 Merge "Remove heat::heat_keystone_clients_url definition" 2021-05-05 00:56:00 +00:00
Zuul
c737ed6655 Merge "Simplify metrics and messaging service templates" 2021-05-04 23:06:38 +00:00
Michele Baldessari
92f722a05c Do not ask for cephdashboard certificates when it is disabled
When deploying with TLS-E and cephadm, I disabled the ceph dashboard:
(undercloud) [stack@undercloud-0 ~]$ openstack stack environment show
overcloud -f yaml |grep -i cephenabledashboard

  CephEnableDashboard: false

Yet it still tries to request a cert for it (and fails due to
https://bugs.launchpad.net/tripleo/+bug/1926746):
2021-05-03 14:02:54.876228 | 5254004b-fe7a-614d-c9eb-00000000e323 |
FATAL | Ensure certificate requests | ctrl-3-0 | item={'ca': 'ipa',
'dns': 'ctrl-3-0.mainnetwork.bgp.ftw', 'key_size': '2048', 'name':
'ceph_dashboard', 'principal':
'ceph_dashboard/ctrl-3-0.mainnetwork.bgp.ftw@BGP.FTW', 'run_after': '#
Get mgr systemd unit\nmgr_unit=$(systemctl list-units | awk \'/ceph-mgr/
{print $1}\')\n# Restart the mgr systemd unit\nif [ -n "$mgr_unit" ];
then\n systemctl restart "$mgr_unit"\nfi\n'} |
error={"ansible_loop_var": "item", "changed": false, "cmd":
"/bin/getcert request -N CN=ctrl-3-0.mainnetwork.bgp.ftw -c IPA -w -k
/etc/pki/tls/private/ceph_dashboard.key -f
/etc/pki/tls/certs/ceph_dashboard.crt -D ctrl-3-0.mainnetwork.bgp.ftw -D
'' -A '' -E '' -r -g 2048 -K '' -K '' -u digitalSignature -u
keyEncipherment -U 1.3.6.1.5.5.7.3.1 -U 1.3.6.1.5.5.7.3.2 -U '' -B '' -C
/etc/certmonger/post-scripts/ceph_dashboard-838da8a.sh", "item": {"ca":
"ipa", "dns": "ctrl-3-0.mainnetwork.bgp.ftw", "key_size": "2048",
"name": "ceph_dashboard", "principal":
"ceph_dashboard/ctrl-3-0.mainnetwork.bgp.ftw@BGP.FTW", "run_after": "#
Get mgr systemd unit\nmgr_unit=$(systemctl list-units | awk '/ceph-mgr/
{print $1}')\n# Restart the mgr systemd unit\nif [ -n \"$mgr_unit\" ];
then\n systemctl restart \"$mgr_unit\"\nfi\n"}, "msg": "", "rc": 2,
"stderr": "", "stderr_lines": [], "stdout": "New signing request
\"20210503140253\" added.\n", "stdout_lines": ["New signing request
\"20210503140253\" added."]}

With this patch applied I correctly get passed this point and am able to
reach later steps:
2021-05-04 12:40:44.300445 | 5254004b-fe7a-5ccf-c0b9-0000000000df | TASK | External deployment step 2

The problem is that the 'enable_internal_tls' is global and only checks
for internal TLS being enabled so it will still be triggered when
CephEnabledDashboard is set to false. Let's switch it to the internal
condition internal_tls_enabled which takes the dashboard into account.

Change-Id: I73a58b00f31bfeffb724e12515d8c5cb0625ca7f
Closes-Bug: #1927093
2021-05-04 14:41:48 +02:00
Harald Jensås
a120ada72e Refactor OVN bridge MAC addresses
Moving the network and port management for OVN
bridge MAC addresses to ansible.

Removes the heat resources, and adds an external
deploy task at step 0 in the ovn controller service
templates which uses the 'tripleo_ovn_mac_addresses'
ansible module to create/remove OVN mac address ports.

Adds parameter role_specific OVNStaticBridgeMacMappings,
parameter that can be used to set static bridge mac
mappings. When this is set no neutron resources will be
created by the tripleo_ovn_mac_addresses ansible module.
OVNStaticBridgeMacMappings must be used for standalone
deployments.

Implements: blueprint network-data-v2-port
Depends-On: https://review.opendev.org/782891
Depends-On: https://review.opendev.org/783137
Change-Id: I6ce29d2908e76044c55eb96d0d3779fe67ba9169
2021-05-04 11:49:50 +05:30
Alan Bishop
a8f527d8dc Fix hiera variable used to set cinder's backend_host
Use cinder::backends::backend_host to override the value when the
cinder-volume service runs active/passive under pcmk. This puppet
parameter was added several cycles ago, and the original
cinder::backend_host variable is being deprecated.

Change-Id: Ic0b0f1bd703e46b9ed0d86381b4fbed4ed6f9699
2021-05-03 08:02:58 -07:00
ramishra
dad101720c Simplify neutron service templates
Change-Id: I107f2e4f8c02b9f57ee33f326ec972d58965eb9b
2021-05-03 16:08:13 +05:30
Zuul
5fd7b3c9f6 Merge "nova: Default to the unversioned q35 machine type on x86_64" 2021-04-30 16:35:49 +00:00
Zuul
877b3acd88 Merge "Default CephClientConfigVars within --working-dir" 2021-04-30 01:53:45 +00:00
Zuul
5583bfb3e4 Merge "Add OVNEncapType option to the ovn controller template" 2021-04-29 22:45:42 +00:00
Lee Yarwood
4efd15e15a nova: Default to the unversioned q35 machine type on x86_64
This change updates the NovaHWMachineType parameter to now default to the
unversioned q35 machine type for x86_64 instances within a deployment.

A simple environment file is also included to pin NovaHWMachineType to
the previous versioned defaults during an upgrade to this release. Once
upgraded operators can then use the following flow to record the machine
type of existing instances allowing the default to eventually be
changed:

https://docs.openstack.org/nova/latest/admin/hw-machine-type.html

This change depends on Ieb21fd8f3e895ea7611882f1e92f398efe2e77fa to
ensure that the standalone role picks up this new default in CI.

It also depends on Ia3f839a3c5e4e4b59898c11561fe7ef7126bba5f to ensure
that all jobs use cirros 0.5.2 that includes the achi module now
required when using q35 based instances.

Depends-On: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/785575

Finally, it also depends on I0e068043d8267ab91535413d950a3e154c2234f7
from Nova that is attempting to workaround a known QEMU issue that
appears more prevalent when using this newer machine type.

Depends-On: https://review.opendev.org/c/openstack/nova/+/785682

Change-Id: I9f60a73577ae7cd712e2a8285abc0c0788906112
2021-04-29 15:09:13 +00:00
Zuul
1150081e83 Merge "Fix etcd/tls-e deployments" 2021-04-29 11:20:05 +00:00
Zuul
d4fd50abae Merge "Define the GaneshaNetwork parameter used by cephadm" 2021-04-29 11:19:31 +00:00
Martin Schuppert
49415d04b2 Introduce nova virtlogd wrapper
When nova_virtlogd container gets restarted the instance console auth files
will not be reopened again by virtlogd. As a result either instances need
to be restarted or live migrated to a different compute node to get new
console logs messages logged again.
Usually on receipt of SIGUSR1, virtlogd will re-exec() its binary, while
maintaining all current logs and clients. This allows for live upgrades of
the virtlogd service on non containerized environments where updates just
by doing an RPM update.
To reduce the likelihood in a containerized environment virtlogd should
only be restarted on manual request, or on compute node reboot. It should
not be restarted on a minor update without migration off instances.
This introduces a nova_virtlogd_wrapper container and virtlogd wrapper
script, to only restart virtlogd on either manual or compute node restart.

With NovaEnableVirtlogdContainerWrapper the virtlogd wrapper can be
disabled.

Co-Authored-By: Rajesh Tailor <ratailor@redhat.com>

Closes-Bug: #1838272
Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/787771

Change-Id: Ib1fd2fb89899b40b3ce2574af067006f566ef2ea
2021-04-29 10:10:51 +02:00
Zuul
18ee787f73 Merge "Simplify manila, memcached and logging services" 2021-04-28 23:28:22 +00:00