This would not have worked before we enabled server side
env merging and also we don't set that parameter in that
environment.
Change-Id: Icd6d9a12b59cf8234edb671f0f55b4df4d342d7e
We have announced our plans to deprecate and eventually remove the iscsi
deploy interface [1]. To prepare for that, the iscsi deploy is no longer
enabled by default. The default value of IronicImageDownloadSource is changed
to 'http' to reduce the upgrade impact for clouds without swift (ironic
upstream is planning to make a similar change). Underclouds still use swift
for now to save disk space.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-September/016952.html
Change-Id: I1de6853eebc545d65ef6ce09276be3bbac2132bd
This adds a new tht parameter to set introspection
data storage backend.
As we plan to remove swift from undercloud, we change
this to database for it.
Change-Id: Icc8a9e2c80660b0dcc29a75183550917667d030c
Change it to POLL_SERVER_HEAT (Attempt 2, Earlier attempt had
issues when changing this as simultaneously deleting a bunch
of SoftwareDeployment resources). This is required to remove
swift from undercloud.
Change-Id: I639f5626013cd0ef61c1f9066fab7a7b8806287f
Already been disabled in undercloud and we don't intend
to support it on overcloud.
Also removes some zaqar specific parameters from undercloud.yaml
environment as it's already disabled.
Change-Id: I564f24e0760d09302cbc9a4be84e470bb31106be
Rename Tripleo Service for NeutronMl2PluginBase from
OS::TripleO::Docker::NeutronMl2PluginBase to match with other services
as OS::TripleO::Services::NeutronMl2PluginBase.
Change-Id: I38d2fb5e9f0daba4c519343e88cd51e07dd00300
This changes the parameter to non-role specific and by default
true. The dependant python-tripleoclient patch adds a check
to ensure that we only allow usage of old heat nic congigs with
'NetworkConfigWithAnsible: false'.
Change-Id: Ie37bdfe64eb1b33afe326161fc6f99601addb7b5
When nova was disabled by default, we forgot to disable placement api as
well, which isn't required anymore on the Undercloud, since Ironic
doesn't use Placement API to place hw resources.
Change-Id: I48938cabf218179078c9c2d76e2d67a7c435b502
This replaces net-config-noop.yaml mappings to OS::Heat::None.
Also removes all unnecessary setting of it in environments as
we map them in overcloud-resource-registry-puppet.j2.yaml.
Normally that should be enough but we override them in so many
places, so there will be some redundancy.
Depends-On: https://review.opendev.org/755275
Change-Id: Ib4d07c835568cb3072770f81a082b5a5e1c790ea
This maps undercloud and standalone NetworkConfig resources to
net-config-noop.yaml
Also changes the standalone to actually use ansible for config
generation which was missed in https://review.opendev.org/752368
with env generation.
Change-Id: Ia8e3bec4a64c8317e0b6996c1b7e587789311ad2
This patch changes undercloud and standalone roles to
generate network config with only ansible and
not depend on downloaded network config from
heat stack.
Depends-On: https://review.opendev.org/#/c/753958/
Change-Id: Ibcb0f0a65cfd04d677a4b861d9f647af13611b24
This uses the new ansible module for network configuration
on the nodes. Aso, converts the net-config-multinode.yaml to
use os-net-config.
Next patch in this series would change the NetworkConfig
resource type to OS::Heat::Value and drop run-os-net-config.sh.
Depends-On: https://review.opendev.org/748754
Change-Id: Ie48da5cfffe21eee6060a6d22045d09524283138
This sets the nova/glance services to OS::Heat::None in
default undercloud environment and adds environment file to
enable nova (if needed).
Once tripleoclient has been changed to flip the nova_enable
flag, we can drop undercloud-disable-nova.yaml
Partial-Bug : #1891242
Depends-On: https://review.opendev.org/#/c/749659/
Change-Id: I88aaa58f49eb8a2dc38232132d0397a83c76104e
A network used to allocate MAC addresses for OVN chassis.
Ports without and IP allocation will be created on this
network, the MAC addresses of the ports will by used to
configure the ovn-chassis-mac-mappings.
NOTE, we may want to change the 'base_mac' option of the
undercloud, so that we don't have collissions with the
overcloud 'base_mac'.
Related-Bug: #1881593
Change-Id: If495b5d5c1e6beff02b48507051cccfb70fd995c
RetryFilter was deprecated in Train and is now
removed[1] from nova, so let's cleanup it's usage.
[1] https://review.opendev.org/#/c/744800
Change-Id: I2e1b3b965c52495eb9c1315857ff30066c42c33e
Since the "optimization" [1] of host entries in Heat and it's YAQLization,
we need to increase the memory quota for YAQL queries or the resource
will fail to process at large scale (250 nodes).
[1] 3b8e6f78e1
Change-Id: I04cb72210fbd25a720158988698a300140f4e7db
Closes-Bug: #1886203
This option was used to configure firewall driver in the neutron
server's config.
That isn't really used in Neutron since around Newton release as
since Newton agents are reporting to the server what firewall driver
they are using and that is used in neutron ML2 plugin.
Firewall driver can be configured on the agent's side using
``NeutronOVSFirewallDriver`` option which is still here.
Neutron removes usage of this option on the server side with patch
https://review.opendev.org/#/c/726351/
Change-Id: Ifd1527503926b9f86ed567d9396e696d86457715
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.
Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.
Keepalived is now deprecated and will be removed in the next cycle.
blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
Now puppet-tripleo is responsible to set memcache for caching, we can
remove uselsess hieradata overriding in the undercloud environment
file.
Depends-on: https://review.opendev.org/#/c/715582/
Change-Id: I20ebe407a362e939fbda7a511de287cbe46a0ef9
KeepalivedRestart is deprecated and has no effect. The workaround isn't
needed anymore since we now deploy keepalived-2.0.10-4.
This version has support for 'dynamic_interfaces' which is required when
the network config was changed and os-net-config restarts the network
interface.
Related-Bug: #1791238
Change-Id: I14c51106ad1ee40a6edfa520d330d1ea0a52edee
Neutron's dns_assignments field includes a nice pice of
structured data. This is a prerequirement for Designate
usage. (No plan's to use that, but being a bit ready
does'nt hurt.)
{"hostname": "my-vm",
"ip_address": "192.0.2.16",
"fqdn": "my-vm.example.org."}
Enable for the undercloud:
- dns_domain_ports ml2 extension driver
Change-Id: I46eb9a24dd66821b27524fe4d1fdab617b6fa948
Because we don't support clustered undercloud, we need only one dhcp
agent per network.
Unset NeutronDhcpAgentsPerNetwork parameter to unset the corresponding
parameter in neutron, which should result that neutron use the default
value, 1.
Change-Id: I26ed1c99a60d1c6bdaec9fc5e289bd8b5e4aba0c
This switch seems to be creating issues with upgrades, where a number of
software deployments are deleted concurrently while updating the config
transport for the server. Switching the config transport does not work
with convergence heat and should be fixed in heat. We can revert this
now, as we still use swift for other stuff in the undercloud. Can be
changed once the issue is fixed in heat.
It also reverts the following dependant commit.
Revert "Cleanup SoftwareConfigTransport"
This reverts commit (1821c01846 and
3ea9dd4040)
Closes-Bug: #1869335
Change-Id: I835c8be3eecce91f8a370d036bf1085bc445e01d
We currently don't support congress and tacker in TripleO, so we can
remove the hieradata for these services.
Also, we don't expect to have Barbican, Horizon, Manila and Sahara
in undercloud, so can remove hieradata for these services from
undercloud hieradata.
Change-Id: I3ec65ad41d6b37bd0f01ac62d4158248556c84af
ceilometer::keystone::authtoken module is never loaded, so remove
hieradata related to the module.
Change-Id: I4f89235b15a71435797b070fd664dda1eff0ebfc
This change deprecates the puppet process to install the openstack
service clients and transitions to the ansible role for installing
client packages.
Story: 2005984
Task: 34437
Change-Id: I3ba4eb6e3352e117450fc0130de3e547df93fe84
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Create a new Rsyslog service that is deployed on the host (not in a
container) and with Ansible.
Make it so it's deployed by default on Undercloud & Standalone setups.
Also move the tasks that configure rsyslogd for HAproxy & Swift to be
executed after the host prep tasks (using deploy step tasks).
Change-Id: I027c64aefcc4715da17836a5cf0141152cf146aa
Closes-Bug: #1850562
The default policy compute_service_user[1] limits novajoin calls to
the nova user. This prevents novajoin being called from a mistral
workflow, which is required for a nova-less undercloud.
This change overrides this policy so that any user with the admin role
can call novajoin. Service users including the nova user have the
admin role, so this should not affect the existing nova based novajoin
calls.
[1] https://opendev.org/x/novajoin/src/branch/master/novajoin/policy.py#L39
Depends-On: https://review.opendev.org/#/c/684435/
Change-Id: I9034c1bce9c296ff183f0d7f2e22df187699fa04
Blueprint: nova-less-deploy
This change (with its dependent reviews) creates a separate VIP for the OVN DBS
service. A more detailed explanation can be found in https://bugs.launchpad.net/tripleo/+bug/1841811.
The short explanation is that the OVN DBS HA service puts some additional constraints on the VIP it
uses and that is problematic when that VIP is used by other services (e.g. a change in OVN DBS master
will move the VIP and will also reset all mysql connections. It also prevents us splitting OVN DBS from
where haproxy runs).
Tested as follows:
A) Deployed a mster environment with this review and all its dependencies and correctly obtained
an OVN DBS service with its own Vip and the OVN services
(controller/metadata) pointing to this separate Vip
B) Deployed a master environment as is and then applied this review +
dependencies and observed that a redeploy correctly created a new VIP,
reconfigured the services to point to the new VIP and that the old
obsolete constraints created around the per-network VIP were removed
Closes-Bug: #1841811
Depends-On: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
Change-Id: I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
We don't use heat-api-cfn service on the undercloud. In
pre config-download times it was used for default deployment
signaling.
Change-Id: I34dcc5d5c918c9ae3df14f8434225e4a0835fc27
Since this is nwo set to POLL_SERVER_HEAT by default in the
overcloud-resource-registry-puppet.j2.yaml, we no longer need to
override it for the undercloud/standalone use case.
See https://review.opendev.org/#/c/671980/
Change-Id: I3e2cfd856bf46fb82998e8f14c64b11299862238
Since https://review.opendev.org/656581 is merged (and the revert,
reverting the revert ...) there is no metadata service running.
This change removes all things related to setting up routes
to the metadata service, i.e the EC2MetadataIp. As well as NAT
firewall redirect rule used only on the undercloud but disabled
by default.
Blueprint: nova-less-deploy
Change-Id: Ic4ea74b45c566048e32dde82d2bf00498f932af6
'fernet' is the token provider since octata. As we've memcached
in the undercloud, we should enable caching by setting
cache_backend to 'dogpile.cache.memcached'.
Change-Id: I4b040d25b2cb83f40cbd8e8caf6890feba586b60
Closes-Bug: #1832437
I5e60d52ad571e1cdb3b82cd1d9947e33fa682bf8 changed the default value that
was being used to honor the TenantNetPhysnetMtu if the
NeutronGlobalPhysnetMtu is set to 0 (the default). For the undercloud
we want this value to be 0 so we can define overcloud networks with
>1500 MTU even if the undercloud is set to 1500.
Change-Id: Ida2011b2ad0858d479b2c7d7988e1b5b908f4b3e
Closes-Bug: #1826729
This reverts commit 374fafd66a.
The root cause of the timeout has been addressed by:
Id22b1465d6d2424d90781983b970aba4545feb8a
We don't need that horrible hack.
Related-Bug: #1826281
Change-Id: I5f1c89e7fad7624c2edbf557ec39f5777b089d55
All known consumers of boot data (os-collect-config, etc) have a
preference for using config-drive as the data source.
The last known consumer was novajoin, but that switched to preferring
config-drive early in the Stein development cycle[1] so it should now
be safe to switch off the nova metadata API service.
[1] https://review.opendev.org/#/c/607492/
Blueprint: nova-less-deploy
Change-Id: If35aec24f446769fca7897c2126fb6657454f073
We've switched the selinux mode management to ansible as part of the
deploy-steps and it's always included now so the service is not
necessary.
Change-Id: I562053ba6767bd9ab7af3cf06b93906568bec5cd
If the plan-environment.yaml includes docker-ha.yaml by default, the
pacemaker version of some services get enabled for the undercloud. Let
us be more explicit about these services in the undercloud environment
file to ensure we get the right version configured always.
Change-Id: I806f95e3b4988b0f3c427a652cdd6ea39154798a
Closes-Bug: #1824030
This patch configures and increases the defaults heartbeat parameters in
Mistral so we don't hit timeouts when an action in a workflow takes
times to reply back in Mistral, when deploying an Overcloud.
Parameters added:
MistralMaxMissedHeartbeats:
type: number
default: 15
description: >
The maximum amount of missed heartbeats to be allowed.
If set to 0 then this feature is disabled. See check_interval for more
details.
constraints:
- range: { min: 0 }
MistralCheckInterval:
type: number
default: 20
description: >
How often (in seconds) action executions are checked.
For example when check_interval is 10, check action
executions every 10 seconds. When the checker runs it will
transit all running action executions to error if the last
heartbeat received is older than 10 * max_missed_heartbeats
seconds. If set to 0 then this feature is disabled.
constraints:
- range: { min: 0 }
MistralFirstHeartbeatTimeout:
type: number
default: 3600
description: >
The first heartbeat is handled differently, to provide a
grace period in case there is no available executor to handle
the action execution. For example when
first_heartbeat_timeout = 3600, wait 3600 seconds before
closing the action executions that never received a heartbeat.
constraints:
- range: { min: 0 }
Configuration applied to Undercloud:
Maximum missed heartbeats: 30 seconds
Time between interval checks: 40 seconds
First Heartbeat timeout after 7200 seconds
Depends-On: I7a2313bed58485e077ae210d222902f4f997f0f0
Change-Id: Id8663e76b61c9e09547c228da226b706383a3e20
Closes-Bug: #1821611
ramishra
Dmitry Tantsur
Purandhar Sairam Mannidi
Emilien Macchi
Harald Jensås
yatinkarel
Slawek Kaplonski
Takashi Kajinami
Kevin Carter
Telles Nobrega
Martin Schuppert
Steve Baker
Michele Baldessari
Ryan McCabe
Alex Schultz
Dan Prince