When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.
a) For the Vip's:
Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
b) For overcloud node ports:
Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:
- name: <role_name>
networks:
<network_name>
subnet: <subnet_name>
For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.
When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.
Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
When installing OpenShift by means of TripleO, after
the initial docker configuration, openshift-ansible
also adds several parameters there.
Then, if we want to remove a single node, then a stack
update is performed, which returns the configuration
to its original state. In other words, it removes all
parameters added by openshift-ansible, which breaks OpenShift.
This commit adds the ability to disable reconfiguration of
docker at the time of stack update for all roles associated
with OpenShift.
Closes-Bug: #1804790
Depends-On: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Change-Id: If202be5d27d81672e39cbe21867459d277220e23
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.
Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
The StorageMgmt and Tenant networks are not used in an OpenShift
context and should hence be removed from the OpenShift roles.
Change-Id: I06951742cd4e1e203e95d49ffe1b7404f75fca70
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.
Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.
Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
The OpenShift roles should include the OS::TripleO::Services::Rhsm
service for Red Hat Subscription Management so that the provisioned
nodes can register with a Satellite or CDN.
Add the Podman service to OpenShifAllInOne to be more consistent with
other roles.
Change-Id: I08862635c68eddbb0940863c43867ece1b289ee5
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.
For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.
Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
Introduce an openshift_node template that serves as base for all
openshift services. This reworks the inventory files so that hosts are
defined once and made part of the appropriate groups.
The master node can now be split from the infra node, or bundled
together with the Worker in the all-in-one role.
Provide environment files to enable the Master, Worker, Infra or
all-in-one role individually.
Change-Id: I9ad86185b01c88b609d320e2384c5644bd99bdae
In order to support switching between multiple timesync backends, let's
simplify the service configurations for the roles so that there is a
single timesync service. This timesync service should point to the
expected backend (ntp/ptp/chrony).
Change-Id: I986d39398b6143f6c11be29200a4ce364575e402
Related-Blueprint: tripleo-chrony
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f