Commit Graph

54 Commits

Author SHA1 Message Date
Giulio Fidente
e1de2bcb72 Add CephNfs service on roles providing "external" network connectivity
With the recent changes meant to allow deployment of Ganesha on the
"external" network, the CephNfs service can be added to more roles
than just ControllerStorageNfs.

Change-Id: Ic9010307c2aab7041c8ae30c72cc1bf99fdd22f6
Closes-Bug: 1961578
2022-02-21 14:48:44 +01:00
Alex Schultz
0c167aedea Remove zaqar
Zaqar was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the
overcloud for some time.

Change-Id: I3bdcc72d6127ec96ff2307cafbf57f6178c3ef5c
2021-09-16 15:12:29 -06:00
Alex Schultz
cb630d03be Remove mistral
Mistral was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the overcloud for
some time.

Change-Id: I6963453f53cb554ca8fdb58706f04838bbd11ba0
2021-09-16 15:12:18 -06:00
Simon Dodsley
2d92ebf07e Add Pure Storage FlashBlade Manila driver
Depends-On: If204a13609ace655e03808a7eb5db0fcf1202360
Change-Id: Ia29beff08f4c1664c3582b31309c6ac35b230d0c
2021-07-26 16:00:18 -04:00
Takashi Kajinami
ef7254edd2 Cinder: Remove support for HPE Lefthand driver
The HEP Lefthand driver was removed from cinder during Ussuri release
and puppet-cinder also dropped support for the driver during Xena
cycle.

Closes-Bug: #1933709
Change-Id: If0e72c48212b867f0d9162f58e67099ac7350c4e
2021-06-27 13:05:42 +09:00
Keigo Noha
866645db1d Add OVNCMSOptions to Controller and Networker roles
OVN is a default networking service for Neutron.
The default configurations for OVN were implemented but OVNCMSOptions
was missing.
This change introduces OVNCMSOptions to Controller and Networker roles.

Closes-Bug: #1928901
Change-Id: I441f16f5e596dcbc6f5e567b07d3cd19a57c21e2
2021-05-19 14:05:49 +09:00
Zuul
82a95ab73d Merge "Add ReaR service to all roles" 2021-04-23 14:12:20 +00:00
Brent Eagles
56b8ec4e18 Designate: split bind instance into separate template
There isn't a 1:1 correlation between the designate worker and bind
instances nor is it always desirable to run them on the same host.

Depends-On: If97e16a125537c1b5d9f5cfac1de0ffae0edb99a
Change-Id: I624299476a2911f12b1f5ce01964e5d926c6b38e
2021-03-22 15:55:00 -02:30
Michael Johnson
773fccb7c1 Add the Unbound DNS resolver service
This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.

Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
2021-03-18 17:12:35 +00:00
Michele Baldessari
97016b2012 Add FRR service
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249

We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.

Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>

Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
2021-03-13 18:25:42 +00:00
Grzegorz Grasza
e329ca915e Generate certificates using ansible role
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.

Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
2021-03-10 16:28:22 +01:00
Francesco Pantano
79686663e8 Configure Ceph clients via tripleo-ceph-client (not ceph-ansible)
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.

Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.

Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.

Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
2021-01-04 15:16:11 +00:00
Takashi Kajinami
4a7d56947a Remove Sahara support
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.

[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
2020-10-19 09:39:36 +09:00
Takashi Kajinami
6ff238199d Add ReaR service to all roles
This patch adds ReaR service to some roles currently without it,
because this service is expected to be added to all roles when rear
service templates were introduced initially[1].

[1] 79bd7c447b

Note that this patch doesn't add ReaR service to Ceph roles because
generally we don't expect taking backup of Ceph nodes by ReaR.

Change-Id: I8222c39925a3ba3172fa03ae8931a6de3fb021a1
2020-08-14 14:55:05 +09:00
Emilien Macchi
c712355e4b Deprecate Keepalived service
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.

Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.

Keepalived is now deprecated and will be removed in the next cycle.

blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
2020-05-05 10:16:52 -04:00
Emilien Macchi
ac2711c72b Switch to Podman by default
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
  environment might be renamed at some point to, container-ha.yaml. But
  for backward compatibility we still use it now.
  Also switch EnablePaunch to false since we were waiting for the podman
  switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
  by default.

This patch will only work for centos8/rhel8 based deployments.

Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af
2020-03-18 09:27:36 -04:00
Alex Schultz
bac746b25b Remove skydive
We're dropping this as it has no testing and is not currentily available
for CentOS 8.

Change-Id: I408490346840d5a2e3ae29f53cbc100edcf72ee7
Depends-On: https://review.opendev.org/#/c/712517/
2020-03-12 14:02:52 -06:00
Saravanan KR
9c3638b8a1 Remove OpenDaylight templates and environments
OpenDaylight deployment has been deprecated in Stein. In Train,
the tempaltes are removed.

Change-Id: I9711ef977d045f1dbcdc631fe2655294109031b8
2019-10-18 11:39:41 +05:30
Zuul
adae981b14 Merge "Remove sensu-client service" 2019-10-10 22:59:46 +00:00
Zuul
3544453049 Merge "Remove Tacker service" 2019-10-10 22:59:38 +00:00
Carlos Goncalves
3fca17839c Fix placement of Octavia services in roles
Octavia health manager, worker and housekeeping services belong to
networker nodes.

Change-Id: I014a3a5ac2b0b5f32866fa9d5c09ac7e79475e79
2019-10-02 12:06:59 +02:00
Martin Magr
b3ffd695fd Remove sensu-client service
Sensu client has been deprecated and it's functionality substituted
by collectd-sensubility. This patch removes sensu-client composable
service

Change-Id: I4be68eb7319b2c92cc7d0fc9df7a5c87dfb5106c
2019-10-01 12:07:46 +02:00
Alex Schultz
b44a079578 Remove Tacker service
The Tacker service has been incomplete since Queens. They restructured
the services and TripleO has never implemented code to handle this new
structure. Since it's been disabled since Queens and there is currently
no plans to fix it, let's remove the service code.

Change-Id: I2856e894b58d50c2d3484ccd02bfb1d43625847f
Depends-On: https://review.opendev.org/#/c/682457/
Related-Bug: #1714270
2019-09-19 15:21:13 +00:00
Ryan McCabe
112f485c7f Remove panko
Remove panko, which has been deprecated.

Change-Id: I590c889f838482d00cae596fcba2796f99d1e5b5
Signed-off-by: Ryan McCabe <rmccabe@redhat.com>
2019-09-05 15:15:43 -04:00
Martin Magr
5ccf8951e5 Remove fluentd composable service
This patch removes fluentd composable service in favor of rsyslog composable service
and modifies *LoggingSource configuration accordingly.

Change-Id: I1e12470b4eea86d8b7a971875d28a2a5e50d5e07
2019-08-29 13:52:55 +01:00
Martin Magr
8727ef050c Rsyslog composable service
This patch adds rsyslogd composable service with the same behaviour
the fluentd composable service currently has.

Co-Authored-By: Juan Badia Payno <jbadiapa@redhat.com>
Change-Id: I18e349c450a42dc7e9867d200e777a324e2d12bc
2019-07-18 15:41:28 +00:00
Alan Bishop
b172661995 Make Multipathd an optional service
This is part 1 of a series of patches to properly deploy multipathd.

This patch makes Multipathd an optional TripleO service (defaults to
OS::Heat::None), and binds it to every role that might use the service.
This is essentially any role that accesses cinder volumes. Previously,
the service was not optional, but was not bound to any roles and so it
was never deployed.

Partial-Bug: #1834042
Change-Id: I3bc7d8557f758103c35533a59e06e36cd15f98b9
2019-06-24 07:15:37 -07:00
Mathieu Bultel
a59a188a6b Force ansible serial to 1 for the Controller
By introducing update_serial variable we parallelize update
execution on non-pacemaker enabled nodes. Custom role data users
need to update their role files. By default we do serial 1 making
sure nothing changes for users who didn't update their role data.

Resolves: rhbz#1652057
Closes-Bug: #1831617

Change-Id: I4ee0110a6c2b9466d81e37e5df27f5f81a6eceb5
2019-06-07 14:25:54 +02:00
Carlos Goncalves
14436f915b Remove Neutron LBaaS
The project has been retired and there will be no Train release [1].
This patch removes Neutron LBaaS support in tripleo-heat-templates.

[1] https://review.opendev.org/#/c/658494/

Closes-Bug: #1831618
Change-Id: If13bbcdea82045d816485412f252c9b52bcf45a7
2019-06-04 15:12:38 +02:00
Alex Schultz
885715855b Ensure openstack clients are installed
We need to ensure the openstack clients are installed on controllers for
the deployed server case. This should be handled by the overcloud images
themselves, however if the images are not used we should make sure the
clients get installed with our OpenstackClients service.

Change-Id: If7fad9f24c7294c2d749fc3838b1fb71182930fc
Related-Bug: #1829769
2019-05-20 10:01:51 -06:00
Emilien Macchi
f3b85e4ba5 Remove Congress
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.

Let's remove its support in TripleO, to reduce the codebase.

Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
2019-02-28 16:29:03 -05:00
Ade Lee
2a83856585 Move ipa enrollment to host_prep_tasks
This addresses a possible bug when using FreeIPA to do TLS
everywhere.

It is possible that the IPA server is not on the ctlplane.
In this case, when the nodes start up, the registration of the node
with IPA will fail, resulting in failed certificate issuance requests
later on.

We introduce a composable service to run in host_prep_tasks.
This will always run once the networks have been set up.  If the
instance has already been enrolled (by cloud-init or in an update),
then the script executed by the service will just exit.

In this iteration, we simply execute the code that the cloud-init
would have done.  In later releases, we will execute all the code
performed by novajoin-server here in ansible - and deprecate the
novajoin server.

Change-Id: I31f64c3cbd1d151e3c2a436cc3e2ec5316535087
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Resolves: rhbz#1661635
Closes-Bug: #1815924
2019-02-14 16:07:17 +00:00
Pranali Deore
2dcd56041c Remove all glance-registry related changes
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.

Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
2019-01-22 15:07:29 -07:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Harald Jensås
2f2d8183e6 L3 routed networks - subnet fixed_ips (3/3)
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.

a) For the Vip's:

Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:

parameter_defaults:
  VipSubnetMap:
    ctlplane: ctlplane-leaf1
    InternalApi: internal_api_leaf1
    Storage: storage_leaf1
    redis: internal_api_leaf1

b) For overcloud node ports:

Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:

- name: <role_name>
  networks:
    <network_name>
      subnet: <subnet_name>

For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.

When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.

Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
2019-01-03 19:07:20 +01:00
karthik s
512c032a0b Add bootparams service for all roles
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.

Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
2018-11-19 05:02:07 -05:00
Emilien Macchi
7bebdefda8 Introduce OS::TripleO::Services::Podman
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.

For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.

Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.

Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
2018-10-02 01:47:46 +00:00
Alex Schultz
f7f9053963 Create a Timesync service declaration
In order to support switching between multiple timesync backends, let's
simplify the service configurations for the roles so that there is a
single timesync service.  This timesync service should point to the
expected backend (ntp/ptp/chrony).

Change-Id: I986d39398b6143f6c11be29200a4ce364575e402
Related-Blueprint: tripleo-chrony
2018-09-04 21:00:56 +00:00
Martin Mágr
b76d7623ac QDR for metrics collection purposes
This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.

Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
2018-07-31 21:55:45 +00:00
Alex Schultz
f8d0edac5f Drop old ceilometer services
These were needed for FFU to Queens so we should remove them for Rocky.

Change-Id: I0e24d19cd17d35644fa02e989fa9ef592195b9f1
2018-05-29 20:51:07 +00:00
Zuul
30dbc58252 Merge "Add IronicInspector to the Controller roles" 2018-05-28 13:58:18 +00:00
Derek Higgins
c2a555f77f Add IronicInspector to the Controller roles
By default its stubbed out with OS::Heat::None, so the
default Controler wont include it.

Change-Id: I3bb104538a836a8f2e20e04dea58edfa0e568c2d
2018-04-18 11:21:56 +01:00
Carlos Goncalves
9526cef547 Containerize Neutron LBaaS service plugin
Change-Id: I68e5ca5a78a2bd08082a494b636c6e2debb6bbae
2018-04-18 10:53:48 +02:00
Ben Nemec
c45d027c43 Designate Integration
Change-Id: I1ddefb7b6a6e1c7b0b76589b9f8f1b99776d39e8
Depends-On: I115090679bd2577cdc3998ab3cc97f9581e5e18a
bp designate-support
2018-03-27 15:45:39 +00:00
Zuul
97664cb9fe Merge "FFU: Fix glance tasks" 2018-03-19 08:23:35 +00:00
Lukas Bezdicka
9765f8d225 FFU: Fix glance tasks
We need to register fact instead of reruning checks and we can't
hijack glance-api service with glance-registry removal. For the
removal of glance-registry we reintroduce the disabled service
to Controller role.

Change-Id: I38ab5a91b541e7e070f188ee73ef4c7dd7f65eaa
2018-03-14 17:54:35 +00:00
marios
fa66d68c08 Adds fast_forward_upgrade_tasks for Heat services
Adds ffu tasks for the heat services -api, -api-cfn,
-api-cloudwatch and -engine under systemd are stopped
and also disabled (e.g. to be containerized, migrated httpd etc).
Services stopped step 1, package update step 6, dbsync step8.

Change-Id: Ida0b4cb7f6f0a9d966e2a79dd05460565d98aaf9
2018-03-07 17:41:27 +01:00
Zuul
9727a0d813 Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
Dan Sneddon
1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00