This change updates the baremetal host sshd management to use ansible
instead of puppet. It should still be noted that the nova-migration
container still uses puppet to manage sshd.
Change-Id: Iedd149c123d807dee229160f8e9f1b17bf379368
Depends-On: https://review.opendev.org/#/c/742970/
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.
Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.
Keepalived is now deprecated and will be removed in the next cycle.
blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
With the HA NG work having landed, the impact of pacemaker
is reduced and only very few core services are being managed
by pacemaker. Since the HA deployments work just fine
with a single node, it makes little sense to use the non-ha
deployment as default any longer (Also because downstream
we do the default to the HA deployment by default and this
keeps confusing users).
This patch does the following :
* Remove Keepalived services from all CI scenarios running it.
* Make sure all HA services deployed in CI run with Pacemaker.
* Remove non HA containers so Pacemaker can
bootstrap the new containers safely.
* Before removing mysql container, create the clustercheck user and
grant correct permissions to avoid bootstrap issues later when galera
is spawned.
* Disable HA on the minor update job, it seems to not working fine if
only one controller is deployed.
Depends-On: https://review.opendev.org/#/c/718759
Change-Id: I0f61016df6a9f07971c5eab51cc9674a1458c66f
This new role is used to register nodes as ipa-clients and
configure the services required in IPA using ansible, rather
than using novajoin. This is required on the standalone
environment, where there is no novajoin. It will also be the
implementation used when nova is removed from the undercloud
and for pre-provisioned nodes. The existing IpaClient
composable service will be removed in a future release.
This code replaces the server ipaclient-baremetal-ansible by using
a role from freeipa-ansible to register the nodes (controllers,
computes) as ipa-clients.
In external_tasks, the host entry is created and an otp is stored
as a host variable. In deploy_step_tasks, this otp is used to
register the node. The IPA configuration tasks are delegated to
http://opendev.org/x/tripleo-ipa roles.
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Change-Id: I7dcd4608d3998596c2e4da19a8eca0d48e1fa841
This switch seems to be creating issues with upgrades, where a number of
software deployments are deleted concurrently while updating the config
transport for the server. Switching the config transport does not work
with convergence heat and should be fixed in heat. We can revert this
now, as we still use swift for other stuff in the undercloud. Can be
changed once the issue is fixed in heat.
It also reverts the following dependant commit.
Revert "Cleanup SoftwareConfigTransport"
This reverts commit (1821c01846 and
3ea9dd4040)
Closes-Bug: #1869335
Change-Id: I835c8be3eecce91f8a370d036bf1085bc445e01d
They were deprecated in Train and aren't used anywhere.
This also remove scenario006 which wasn't working anyway, and was
deploying the kubernetes service.
Change-Id: Id2ea4944c688039e28c4d16635bb4f2b0ed23154
This change deprecates the puppet process to install the openstack
service clients and transitions to the ansible role for installing
client packages.
Story: 2005984
Task: 34437
Change-Id: I3ba4eb6e3352e117450fc0130de3e547df93fe84
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Replace the python script that was run on post-config, by an Ansible
task running on the host where Keystone is running.
It'll be useful later when using OpenStackSDK to have access to the
credentials during the deployment and not having to wait the far end.
It's also reducing the Heat resources.
Depends-On: https://review.opendev.org/#/c/700015
Change-Id: I585abc3e6a3b9b8ae9183e0b5170df2e39301e17
Create a new Rsyslog service that is deployed on the host (not in a
container) and with Ansible.
Make it so it's deployed by default on Undercloud & Standalone setups.
Also move the tasks that configure rsyslogd for HAproxy & Swift to be
executed after the host prep tasks (using deploy step tasks).
Change-Id: I027c64aefcc4715da17836a5cf0141152cf146aa
Closes-Bug: #1850562
This change (with its dependent reviews) creates a separate VIP for the OVN DBS
service. A more detailed explanation can be found in https://bugs.launchpad.net/tripleo/+bug/1841811.
The short explanation is that the OVN DBS HA service puts some additional constraints on the VIP it
uses and that is problematic when that VIP is used by other services (e.g. a change in OVN DBS master
will move the VIP and will also reset all mysql connections. It also prevents us splitting OVN DBS from
where haproxy runs).
Tested as follows:
A) Deployed a mster environment with this review and all its dependencies and correctly obtained
an OVN DBS service with its own Vip and the OVN services
(controller/metadata) pointing to this separate Vip
B) Deployed a master environment as is and then applied this review +
dependencies and observed that a redeploy correctly created a new VIP,
reconfigured the services to point to the new VIP and that the old
obsolete constraints created around the per-network VIP were removed
Closes-Bug: #1841811
Depends-On: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
Change-Id: I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
The Tacker service has been incomplete since Queens. They restructured
the services and TripleO has never implemented code to handle this new
structure. Since it's been disabled since Queens and there is currently
no plans to fix it, let's remove the service code.
Change-Id: I2856e894b58d50c2d3484ccd02bfb1d43625847f
Depends-On: https://review.opendev.org/#/c/682457/
Related-Bug: #1714270
Since this is nwo set to POLL_SERVER_HEAT by default in the
overcloud-resource-registry-puppet.j2.yaml, we no longer need to
override it for the undercloud/standalone use case.
See https://review.opendev.org/#/c/671980/
Change-Id: I3e2cfd856bf46fb82998e8f14c64b11299862238
Podman is the default in standalone generated environments
(e.g. environments/standalone/standalone-tripleo.yaml), however since we
haven't made it the default in overcloud-resource-registry-puppet.j2.yaml
until we get CentOS8, docker was still being deployed because the
roles/Standalone.yaml used to contain the Docker service.
This patch aims to make sure we disable Docker.
Note: for scenario004 & 012, we need to enable Docker as Pacemaker is
enabled and the job runs on CentOS7.
Closes-Bug: #1835411
Change-Id: Ib34ba24c84f34a1533a90189d5154825c6dfa868
Migrate the generation of the all_nodes hieradata from Heat to using the
tripleo-hieradata role instead.
Change-Id: I9a37d1faec73a81a28d8f89d86375fb15ee765c7
Depends-On: I6e1e1c28dc09c9e04119db910068d62409a5afc8
Chrony has replaced the usage of ntp and is not supported beyond Stein.
Change-Id: Iab476205f29e0ca9e4053c0c9fb2d051b72b13f0
Related-Blueprint: tripleo-chrony
We've switched the selinux mode management to ansible as part of the
deploy-steps and it's always included now so the service is not
necessary.
Change-Id: I562053ba6767bd9ab7af3cf06b93906568bec5cd
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the ovn services.
Related-Blueprint: services-yaml-flattening
Change-Id: I6261863c15f594fed8207ff258f1d9c809a9a864
Installing and configuring tmpwatch allows to get rid of some
ugly things in logrotate configuration. As the container has no
network access anymore, we have to install the tool on the host
directly - this isn't that bad.
In order to avoid issues with logrotate manage logs, we explicitely
exclude patterns manage in the specific logorate configuration.
Also, always in order to avoid issues and ensure logrotate does its
own cleanup, we clean files one day later.
Change-Id: Ic666388d9ba7556e7b68ab2fc1082957a9e26552
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.
Let's remove its support in TripleO, to reduce the codebase.
Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
Moving the service that installs all the openstack clients to the
deployment directory.
Change-Id: I5cfecf0217232380319a68e3689a7fe7d945b15a
Related-Blueprint: services-yaml-flattening
This patch switches the default mechanism driver for neutron from
openvswitch to OVN.
It will also flip scenario007 job to run with ML2/OVS.
Depends-On: I74ffb6b7f912e1fce6ce428cd23a7283c91b8b96
Depends-On: I99ba2fd6a85b4895b577719a7541b7cbf1fdb85c
Depends-On: Ib60de9b0df451273d1d81ba049b46b5214e09080
Depends-On: Iaed7304adf40a87a0f14b7a95339f8416140e947
Change-Id: Iab52cdf5d0f7a392c4f17c884493b5c5beb1d89f
Co-Authored-By: Kamil Sambor <ksambor@redhat.com>
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all swift services.
With this patch the baremetal version of each swift service has been removed
except for swift-dispersion which only exists in baremetal form.
Related-Blueprint: services-yaml-flattening
Change-Id: I7986efed381a2149bdff42526048ae72e0bf36c0
I89cff59947dda3f51482486c41a3d67c4aa36a3e broke SSH access on the
Undercloud, we shouldn't be that restrictive by default for the
undercloud and standalone (as deployed via tripleo deploy).
This change adds a new parameter called SshFirewallAllowAll that can be
used to include an allow all for ssh. By default it is disabled when
deploying the overcloud but is used by the undercloud and standalone to
allow access after installation.
Change-Id: Ie548f7216610e15af24c96f65a58cc8de603235c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
This changes moves docker services from puppet to deployment directory.
Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: If051277041d23641c92a1f370f08a521a4bb7a12
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
Change-Id: I6a9123627d754a153ab6cb68a33778a57846aeb7
Related-Blueprint: services-yaml-flattening
This changes moves podman service from puppet to deployment directory.
Change-Id: I31b8299b43158347f4f1f61f1e1fdf38b0a2102f
Related-Blueprint: services-yaml-flattening
The standalone job were not running yum update on the containers, to do
so we need to specify the updater paremters in the
container-prepare-parameters [1] and also we have to activate the docker
local registry, call the conatiner prepare service and activate registry at
podman.
[1] https://review.openstack.org/#/c/621517/
Change-Id: I74e817bc9b9dd522db3da7753c91a3884d99f8c8
Related-Bug: #1805968
We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.
Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.
Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910
Similarly to undercloud, Swift is using only a single replica on AIO
(all-in-one standalone). Therefore recovering from a corrupted or lost object
is not possible, and running replicators and auditors only wastes resources.
And may create some trouble. For example, the DB replicators and auditors will
lock the DB, and new objects won't be stored during that time.
Related-Bug: #1797167
Change-Id: I839393bf6cbb2303a0359f8aed32b2fc67d46f6a
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
The standalone role can be used either with the tripleo deploy command
to deploy locally, or it can be used with an undercloud to deploy an
all-in-one node. This change provides a sample set of environment files
for both deployment mechanisms.
Change-Id: Ibc735ac4326a9217469e368c074de8b0df7689bd
Related-Blueprint: all-in-one
Rajesh Tailor