Role names can be customized, yet in THT jinja2 we
have several places where conditions are based on
the role name. By using tag's such as 'storage',
'ceph' and 'ovsdpdk' we the role names become truly
customizable.
The depends-on change in TripleO common will
dynamically add tag's to role's based on role.name
for backward compatibility during deprecation
period.
Depends-On: https://review.opendev.org/758124
Change-Id: I5ab4e4a220294245f95d328391bfffec87781a09
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
environment might be renamed at some point to, container-ha.yaml. But
for backward compatibility we still use it now.
Also switch EnablePaunch to false since we were waiting for the podman
switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
by default.
This patch will only work for centos8/rhel8 based deployments.
Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af
We're dropping this as it has no testing and is not currentily available
for CentOS 8.
Change-Id: I408490346840d5a2e3ae29f53cbc100edcf72ee7
Depends-On: https://review.opendev.org/#/c/712517/
The NovaAZConfig service is added to all the compute related roles
of the box so that the nodes are automatically in a new AZ when the
service is enabled.
By default, the service is mapped to OS::Heat::None so no change in
default behavior is made.
Change-Id: If1e4e149100dccfe76ccd807997a611d0fc8841f
Sensu client has been deprecated and it's functionality substituted
by collectd-sensubility. This patch removes sensu-client composable
service
Change-Id: I4be68eb7319b2c92cc7d0fc9df7a5c87dfb5106c
This patch removes fluentd composable service in favor of rsyslog composable service
and modifies *LoggingSource configuration accordingly.
Change-Id: I1e12470b4eea86d8b7a971875d28a2a5e50d5e07
This patch adds rsyslogd composable service with the same behaviour
the fluentd composable service currently has.
Co-Authored-By: Juan Badia Payno <jbadiapa@redhat.com>
Change-Id: I18e349c450a42dc7e9867d200e777a324e2d12bc
This is part 1 of a series of patches to properly deploy multipathd.
This patch makes Multipathd an optional TripleO service (defaults to
OS::Heat::None), and binds it to every role that might use the service.
This is essentially any role that accesses cinder volumes. Previously,
the service was not optional, but was not bound to any roles and so it
was never deployed.
Partial-Bug: #1834042
Change-Id: I3bc7d8557f758103c35533a59e06e36cd15f98b9
By introducing update_serial variable we parallelize update
execution on non-pacemaker enabled nodes. Custom role data users
need to update their role files. By default we do serial 1 making
sure nothing changes for users who didn't update their role data.
Resolves: rhbz#1652057
Closes-Bug: #1831617
Change-Id: I4ee0110a6c2b9466d81e37e5df27f5f81a6eceb5
For ovn compute nodes we need br-ex exactly like with
ComputeDVR role. Now we can do this in jinja templates
using new tag external_bridge
Change-Id: If44e9cbad714ce3954928407c42a8dc2473fed2e
Closes-Bug: #1822367
This addresses a possible bug when using FreeIPA to do TLS
everywhere.
It is possible that the IPA server is not on the ctlplane.
In this case, when the nodes start up, the registration of the node
with IPA will fail, resulting in failed certificate issuance requests
later on.
We introduce a composable service to run in host_prep_tasks.
This will always run once the networks have been set up. If the
instance has already been enrolled (by cloud-init or in an update),
then the script executed by the service will just exit.
In this iteration, we simply execute the code that the cloud-init
would have done. In later releases, we will execute all the code
performed by novajoin-server here in ansible - and deprecate the
novajoin server.
Change-Id: I31f64c3cbd1d151e3c2a436cc3e2ec5316535087
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Resolves: rhbz#1661635
Closes-Bug: #1815924
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.
a) For the Vip's:
Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
b) For overcloud node ports:
Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:
- name: <role_name>
networks:
<network_name>
subnet: <subnet_name>
For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.
When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.
Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.
Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.
For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.
Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
In order to support switching between multiple timesync backends, let's
simplify the service configurations for the roles so that there is a
single timesync service. This timesync service should point to the
expected backend (ntp/ptp/chrony).
Change-Id: I986d39398b6143f6c11be29200a4ce364575e402
Related-Blueprint: tripleo-chrony
DVR doesn't imply the "External" networks, simply some type of
connection that is being used for floating IP traffic. This patch
removes the External network from the DVR role and "left overs" from
environment files. It also corrects the multiple-nics version of the
templates so that the ComputeDVR role is attached to the external
bridge with no IP.
Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: Ia599e01dbefe4e4c752b7d4c1c7e5682963101f7
This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.
Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
NovaResumeGuestsStateOnHostBoot (true/false) parameter which
configures whether or not to start again instances which were running at
the time of a compute reboot.
This will set the resume_guests_state_on_host_boot parameter in nova.conf
and configures and enables libvirt-guests with a dependency to the
docker service to shutdown instances before the libvirt container gets
stopped.
NovaResumeGuestsShutdownTimeout specifies the number in seconds for an
instance to allow to shutdown.
Change-Id: I946600ebbc3afd88385ca89015e8f6a6c46f46ef
Closes-Bug: 1778216
Depends-On: I2766cdd66ff17756daaf1a75ad516a7af6eebddc
Depends-On: Id1cc2e75af316b864cebf601395f1111b7fb049a
Computes should have virtual-host tuned profile set per default in
roles definition. HCI compute as recommended before keep
throughput-performance.
Fixes bug 1667524
Change-Id: I26426e1dd0a2e81ad7549c11fb984ef5470d0561
Neutron OVS DVR requires a L3 agent container with a special
configuration on the compute node.
Change-Id: Iab06c11de90b8ebc7dc6bd946367e5693a4a0f71
Closes-Bug: #1717316