Commit Graph

316 Commits

Author SHA1 Message Date
Zuul
c33f8cb117 Merge "Remove NovaConsoleauth Service" 2019-05-17 16:21:03 +00:00
Zuul
f5ba43ea21 Merge "Add DPDK support for OVN" 2019-05-10 21:03:53 +00:00
Martin Schuppert
20dbe32060 Remove NovaConsoleauth Service
As of Rocky [1], the nova-consoleauth service has been deprecated and
cell databases are used for storing token authorizations. All new consoles
will be supported by the database backend and existing consoles will be
reset. Console proxies must be run per cell because the new console token
authorizations are stored in cell databases.

nova-consoleauth was deprecated in tripleo with:
I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

This change now removes the NovaConsoleauth Service.

[1] https://docs.openstack.org/releasenotes/nova/rocky.html

Closes-Bug: #1828414

Change-Id: Icdfbf26b5e83cc07a560eb227a0cf822e4c5a1e3
2019-05-09 15:24:13 +02:00
Zuul
62ffd0683d Merge "Revert "Switch off nova metadata api on the undercloud"" 2019-05-08 05:44:08 +00:00
Alex Schultz
6ce5b5e12d Revert "Switch off nova metadata api on the undercloud"
This reverts commit 28a675dea5.

Change-Id: I7bfd1fc7b7fa873d249a158604c2f5fe57a86a25
Closes-Bug: #1828065
2019-05-07 15:15:30 +00:00
Zuul
c6a8010dcf Merge "Use timesync service" 2019-05-06 23:29:12 +00:00
Vadim Khitrin
894481fafe Enable Podman Service For Lacking Roles
ComputeOvsDpdkSriov, ComputeOvsDpdkSriovRT and CellController roles do
not include OS::TripleO::Services::Podman which may cause Overcloud deployments to
fail.

Adding Podman service to these roles in order to be aligned with the rest of the roles.

Change-Id: If9b9ffa4651133b966ea0c28069dd1a81f3b2df5
2019-05-04 17:17:50 +03:00
Alex Schultz
90562b6f5d Use timesync service
The Ntp service should no longer defined on the roles as we should be
using the meta Timesync service to ensure the correct service is defined
for the sync service.

Change-Id: Ic2fb3291de78891d05ef12e3778263fe74fbff8c
Related-Blueprint: tripleo-chrony
Closes-Bug: #1827676
2019-05-03 14:41:27 -06:00
Steve Baker
28a675dea5 Switch off nova metadata api on the undercloud
All known consumers of boot data (os-collect-config, etc) have a
preference for using config-drive as the data source.

The last known consumer was novajoin, but that switched to preferring
config-drive early in the Stein development cycle[1] so it should now
be safe to switch off the nova metadata API service.

[1] https://review.opendev.org/#/c/607492/
Blueprint: nova-less-deploy

Change-Id: If35aec24f446769fca7897c2126fb6657454f073
2019-04-30 14:10:32 -06:00
Zuul
bc2d60cb74 Merge "Remove puppet selinux management" 2019-04-25 16:05:45 +00:00
Lee Yarwood
555178160b placement: Introduce an extracted PlacementAPI service
This change introduces an optional extracted version of the Placement
service into TripleO. This extracted version will only be required once
the Placement service is fully removed from Nova during the T cycle
(previously S but delayed) at which point the corresponding
NovaPlacement service will also be removed from TripleO.

The majority of this change is code motion between the original
NovaPlacement service and the new PlacementAPI service.

Upgrades from the original NovaPlacement service to the extracted
PlacementAPI service are not currently supported by this change and will
be worked on independently during the Train cycle.

Co-authored-by: mschuppert@redhat.com

Depends-On: https://review.openstack.org/#/c/624335/
Change-Id: I9e3287bcbe9d317f32bf6b468c6ee17f04b6fff9
2019-04-18 17:34:06 +02:00
Alex Schultz
e7dee7bd2e Remove puppet selinux management
We've switched the selinux mode management to ansible as part of the
deploy-steps and it's always included now so the service is not
necessary.

Change-Id: I562053ba6767bd9ab7af3cf06b93906568bec5cd
2019-04-18 08:25:32 -06:00
James Slagle
00f35055da Add Etcd to DistributedCompute roles
The Etcd service is needed for A/A management of the CinderVolume
service on these roles so it should be added to the roles by default.

Change-Id: I9d3d17fec857014f399b8339ce7c68f844d230a9
implements: blueprint split-controlplane-templates
2019-04-15 17:46:22 -04:00
Saravanan KR
fca0945708 Add DPDK support for OVN
Add a service to enable DPDK on the compute nodes,
along with OVN.

Change-Id: I4473f1dfef9eebb886823fb2f436d14dd5b6d5ad
2019-04-12 13:26:25 +05:30
Martin Schuppert
ffa6810e49 Add novnc proxy to cellsv2 multicell controller
With cellsv2 multicell in each cell there needs to be a novnc proxy as the
console token is stored in the cell conductor database. This change adds
the NovaVncProxy service to the CellController role and configures the
endpoint to the local public address of the cell.

Closes-Bug: #1822607
Depends-On: https://review.openstack.org/649265

Change-Id: Ia3a36d369fdc18685f4c965a9e371ca3143967bf
2019-04-02 11:52:35 +02:00
James Slagle
c023784d5e Add storage_mgmt network to DistributedComputeHCI role
As the DistributedComputeHCI role contains Ceph, it also needs the
storage_mgmt network.

Change-Id: I7d587c333e98b0546f29bbd5c4f4906221658502
2019-03-25 10:48:40 -04:00
Zuul
6d8e7f4058 Merge "Install and configure tmpwatch for log cleanup" 2019-03-12 13:46:17 +00:00
Zuul
61de5331a5 Merge "Remove Congress" 2019-03-12 01:05:56 +00:00
Cédric Jeanneret
836705161c Install and configure tmpwatch for log cleanup
Installing and configuring tmpwatch allows to get rid of some
ugly things in logrotate configuration. As the container has no
network access anymore, we have to install the tool on the host
directly - this isn't that bad.

In order to avoid issues with logrotate manage logs, we explicitely
exclude patterns manage in the specific logorate configuration.

Also, always in order to avoid issues and ensure logrotate does its
own cleanup, we clean files one day later.

Change-Id: Ic666388d9ba7556e7b68ab2fc1082957a9e26552
2019-03-11 16:33:22 +01:00
Emilien Macchi
f3b85e4ba5 Remove Congress
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.

Let's remove its support in TripleO, to reduce the codebase.

Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
2019-02-28 16:29:03 -05:00
Mauro S. Oddi
37ea330370 Add SSHD composable service to Networker role definition
The composable service OS::TripleO::Services::Sshd is
enabled by default in the overcloud but it is not included
in the default Networker.yaml role definition.

Change-Id: I20d35affba9da511ed4a9566013868146d3fbf4c
2019-02-23 17:53:12 +01:00
Zuul
9ded745e65 Merge "Deprecate xinetd service management" 2019-02-21 18:55:15 +00:00
Zuul
ea60b78f84 Merge "Move ipa enrollment to host_prep_tasks" 2019-02-18 21:10:42 +00:00
Oliver Walsh
dc9a76aa23 cell_v2 multi-cell
- uses split-control-plane
- adds a new CellController role
  - nova-conductor, message rpc (not notifications) and db
- move nova dbsync from nova-api to nova-conductor
  - nova db is more tightly coupled to conductor/computes
  - we don't have a nova-api services on a CellController
  - super-conductor on Controller will sync cell0 db
- new 'magic' MysqlCellInternal endpoint
  - always refers the to local MysqlInternal endpoint
  - identical to MysqlInternal for regular deployment
  - but doesn't get overridden when inheriting EndpointMap from parent
    control-plane stack
- duplicate service node name hiera for transport_urls on cell stack
  - nova -> cell oslo messaging rpc nodes
  - neutron agent -> global messaging rpc nodes
- run cell host discovery only on default cell, for additional cells
the cell needs to be created first

bp tripleo-multicell-basic

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: Ife9bf12d3a6011906fa8d9f97f7524b51aef906a
Depends-On: I79c1080605611c5c7748a28d2afcc9c7275a2e5d
2019-02-15 12:16:48 +01:00
Alex Schultz
78f1901da4 Deprecate xinetd service management
We stopped managing this service with the switch containers. This change
starts the removal and deprecated the TripleO management of the service.

Change-Id: Idc35bdfad126f21280444ebffaa5017e73ba8368
2019-02-14 12:46:41 -07:00
Ade Lee
2a83856585 Move ipa enrollment to host_prep_tasks
This addresses a possible bug when using FreeIPA to do TLS
everywhere.

It is possible that the IPA server is not on the ctlplane.
In this case, when the nodes start up, the registration of the node
with IPA will fail, resulting in failed certificate issuance requests
later on.

We introduce a composable service to run in host_prep_tasks.
This will always run once the networks have been set up.  If the
instance has already been enrolled (by cloud-init or in an update),
then the script executed by the service will just exit.

In this iteration, we simply execute the code that the cloud-init
would have done.  In later releases, we will execute all the code
performed by novajoin-server here in ansible - and deprecate the
novajoin server.

Change-Id: I31f64c3cbd1d151e3c2a436cc3e2ec5316535087
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Resolves: rhbz#1661635
Closes-Bug: #1815924
2019-02-14 16:07:17 +00:00
Dan Prince
6e1ee41683 Drop Docker service from Undercloud roles
Change-Id: I64d7802069a069babe395280207cd64cbf2d7880
2019-02-12 16:39:42 -05:00
lkuchlan
a2d0899f9c Add ContainerImagePrepare service to ControllerStorageNfs role
While using ControllerStorageNfs role images are not pushed to local registry,
since ContainerImagePrepare service is missing in ControllerStorageNfs role.

Closes-Bug: #1814057

Change-Id: Iafe7bf37d7d04eed32a32b8881fab48fdc9f9dd6
2019-02-04 14:10:53 +00:00
Zuul
52d887eae8 Merge "Remove networks from Undercloud and Standalone roles" 2019-01-25 21:40:44 +00:00
Zuul
63a657d2f4 Merge "Remove all glance-registry related changes" 2019-01-24 00:00:44 +00:00
Simon Dodsley
f77d8e7909 Add missing entries for Pure Storage Cinder Backend and fix typos
Closes-bug: 1807195
Change-Id: Ibaaaab9d4169829c0f71cf7acea25971b4526695
2019-01-23 09:34:13 -05:00
Pranali Deore
2dcd56041c Remove all glance-registry related changes
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.

Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
2019-01-22 15:07:29 -07:00
Harald Jensås
e8a53f56f2 Remove networks from Undercloud and Standalone roles
Change https://review.openstack.org/614457 added these
networks because of the defaults in ServiceNetMap. With
changes related to LP Bug #1809313 these are no longer
required, as the ServiceNetMap fall's back to ctlplane
when networks are not defined or disabled in networks
data.

Related-Bug: #1809313
Depends-On: I102912851a3b9952daaf7c4d5a34a919f527f805
Change-Id: Ic4f22692f93db4ce0db0f4fbc83eca6b492b28e7
2019-01-21 19:36:13 +01:00
Bogdan Dobrelya
2a5baa5979 Allow Octavia deployments for Standalone
We have yet Nova for SSH keys management, when deploying a standalone
cloud. Allow Octavia deployments for such a case as well.
Jinja2 rendering of the octavia service template provides that
functionality by relying on a new role tag 'standalone'.

Change-Id: I69f3623646ec5b65109e0a4f0c16139018da9282
Closes-bug: #1806113
Co-Authored-By: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-18 10:36:06 +01:00
Zuul
0ec13316a5 Merge "Add Distributed Compute roles" 2019-01-10 15:48:51 +00:00
Zuul
5dc292d198 Merge "Configure undercloud timezone" 2019-01-09 11:49:48 +00:00
Alex Schultz
3f69b76531 Configure undercloud timezone
Add timezone service to the undercloud role so that it is properly
configured when we install the undercloud.

Change-Id: I4814cfb52f57d8260cda61adb6ac20609f435846
Depends-On: https://review.openstack.org/#/c/628015/
Closes-Bug: #1784068
2019-01-07 15:42:43 -07:00
James Slagle
f555e4b422 Add Distributed Compute roles
Adds new roles for DistributedCompute and DistributedComputeHCI. These
roles closely match the existing Compute roles but also include the
CinderVolume service.

implements split-controlplane

Change-Id: Ia7f5ba93a9fc31b4653e6cbd9b3e5d8f00d26a27
2019-01-07 16:07:43 -05:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Zuul
950640ad52 Merge "Use templating for nova cell database_connection" 2019-01-07 14:02:29 +00:00
Zuul
0e68a0e30f Merge "L3 routed networks - subnet fixed_ips (3/3)" 2019-01-04 20:38:01 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Zuul
e286e2175e Merge "Exclude redundant letters" 2019-01-04 02:42:42 +00:00
Harald Jensås
2f2d8183e6 L3 routed networks - subnet fixed_ips (3/3)
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.

a) For the Vip's:

Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:

parameter_defaults:
  VipSubnetMap:
    ctlplane: ctlplane-leaf1
    InternalApi: internal_api_leaf1
    Storage: storage_leaf1
    redis: internal_api_leaf1

b) For overcloud node ports:

Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:

- name: <role_name>
  networks:
    <network_name>
      subnet: <subnet_name>

For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.

When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.

Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
2019-01-03 19:07:20 +01:00
Zuul
1654d371d3 Merge "Add deprecated_server_resource_name for ObjectStorage role" 2019-01-03 08:10:43 +00:00
Oliver Walsh
7288062676 Use templating for nova cell database_connection
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.

This patch addresses the templated DB urls as part 1.

Nova support added here:
https://review.openstack.org/#/c/578163/

Related-Bug: 1808134

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: If30b4647bca210663a22fd653e752d4d57345bdd
2018-12-20 16:30:00 +01:00
Zuul
ca0fb1986e Merge "Add comments clarifying use of deprecated_params for roles" 2018-12-20 01:51:13 +00:00
Quique Llorente
62b54268af Run local registry and prep cont at standalone
The standalone job were not running yum update on the containers, to do
so we need to specify the updater paremters in the
container-prepare-parameters [1] and also we have to activate the docker
local registry, call the conatiner prepare service and activate registry at
podman.

[1] https://review.openstack.org/#/c/621517/

Change-Id: I74e817bc9b9dd522db3da7753c91a3884d99f8c8
Related-Bug: #1805968
2018-12-11 17:46:16 +01:00
Zuul
a0cf19837b Merge "Allow to skip docker reconfiguration during stack update" 2018-12-11 10:38:51 +00:00
Zuul
769f18f0f5 Merge "Check for available networks for a role" 2018-12-05 19:01:14 +00:00