NeutronServicePlugins needs to include 'log' in order to support
the security-group logging functionality.
Also added log to deployment/neutron/neutron-base.yaml as part of
the default NeutronServicePlugins.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/768129
Change-Id: I08fedd65bb4c97bbd73bf966ae763e4cdedebab2
Related-Bug: #1914757
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
This change adds delegate_facts_hosts: false to the
existing ceph-ansible scenarios.
This was introduced due to the --limit option to avoid
gathering facts, but since we're running on standalone
and the same node is present in all groups, having that
variable set to True (which is the ceph-ansible default)
makes no sense.
Change-Id: I44433731f73882f62591e8067743beec4d423ef7
nova::api::default_floating_pool parameter was removed from
puppet-nova back in 2018 with
I2624b92871f4cba5a7361a5d006d985946493e83
It is now recommended to use
nova::network::neutron::default_floating_pool parameter to
define default floating IP pool.
Partial-Bug: #1916386
Change-Id: If419d53fc3a90cdd62271c00714fff79a3b4fd12
Add posibilities to configure ovn dbs monitor interval
in tht by OVNDBSPacemakerMonitorInterval (default 30s).
Under load, this can create extra stress and since the
timeout has already been bumped, it makes sense to bump
this interval to a higher value as a trade off
between detecting a failure and stressing the service.
Depends-On: https://review.opendev.org/#/c/710407/
Change-Id: Id836676826f6e7c97ef8e3d665ab3e467ad055ba
With the changes in https://review.opendev.org/771657
this cleanup task file no longer exists. The cleanup
is done within the role automatically via a block/rescue.
Related-Bug: #1908425
Related-Bug: rhbz#1904681
Related-Bug: rhbz#1916162
Needed-By: Ifc03f9eb1cb4ca3faec194569f4cb2dace93323f
Change-Id: I0c509370332797fe563804b0ddb8f1a5d4742994
When 'ipaclient_hostname' is not passed it's
default's to 'ansible_fqdn', which is not available
when setting ANSIBLE_INJECT_FACT_VARS=False[1], let's
pass it explicitly.
[1] https://review.opendev.org/c/openstack/python-tripleoclient/+/776558
Closes-Bug: #1917582
Change-Id: I5b3ab81d7d885b5373c9c75a2b3ca637efb87c1e
These environments will be used by the undercloud install to selectively
disable these services as needed.
Change-Id: I2c9cf50363579d4e18aaeaf783770ca7a4266622
Signed-off-by: James Slagle <jslagle@redhat.com>
Fixes an issue where map_merge was used incorrectly,
trying to merge dict with null and passing a list of
only one map.
This caused the map merge not to happen, and the
$RoleServiceChain output to carry the actual map_merge
in service_config_settings instead of the intended
merged map of rsyslog logging_sources.
Closes-Bug: #1917195
Change-Id: I529f91d5391d24bb5a6af37d3486f6ddf6cabac7
With I918b6c16db6ed70d9ad612aecd7af7d725520f7b we moved the ovn-dbs
creation out of the ephemeral ovn_dbs_init_bundle container and on to
the host.
We left the ovn_dbs_init_bundle container around and kept the tag
ovn_dbs_remove_old_cruft for it. This is because with that tag
we historically triggered the needed code to make sure to handle
the transition from a deployment where ovn-dbs used the internal_api
VIP to the (current) deployment where ovn-dbs uses its own VIP.
Since ovn-dbs has its own VIP starting with train, we can now safely
drop this container.
Change-Id: I5d5df3948964c28f53eda0ba5a966c824012bd4c
Since we merged the pcs-host patches we erroneously also removed
the sidecar container that does the tls stunneling for redis.
This is needed to allow the redis master stream the deplications to
its slaves via TLS.
Tested this and we now correctly get the working container and cluster
state:
[root@controller-0 ~]# podman ps -a |grep redis
4182a78811a2 undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 /bin/bash /usr/lo... 3 minutes ago Up 3 minutes ago redis-bundle-podman-0
604a086bb53c undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 kolla_start 8 minutes ago Up 8 minutes ago redis_tls_proxy
[root@controller-0 ~]# pcs status |grep redis
* GuestOnline: [ galera-bundle-0@database-1 galera-bundle-1@database-2 galera-bundle-2@database-0 ovn-dbs-bundle-0@controller-0 ovn-dbs-bundle-1@controller-1 ovn-dbs-bundle-2@controller-2 rabbitmq-bundle-0@messaging-0 rabbitmq-bundle-1@messaging-1 rabbitmq-bundle-2@messaging-2 redis-bundle-0@controller-0 redis-bundle-1@controller-1 redis-bundle-2@controller-2 ]
* Container bundle set: redis-bundle [cluster.common.tag/openstack-redis:pcmklatest]:
* redis-bundle-0 (ocf:💓redis): Master controller-0
* redis-bundle-1 (ocf:💓redis): Slave controller-1
* redis-bundle-2 (ocf:💓redis): Slave controller-2
We also move the redis_tls_proxy from step_2/start_order: 3 to step_1
since it actually makes sense to have it run before we start the
redis pcmk bundle at step 2 (i.e. so the slave replica can work right
away from the start).
Closes-Bug: #1916873
Change-Id: I44df0ee32e5c35b87f74bdb75dcb384496dfb6ab
New CinderRpcResponseTimeout and CinderApiWsgiTimeout parameters
support configuring cinder's corresponding RPC response and WSGI
connection timeouts. The default values (60s each) match the existing
defaults.
Change-Id: I66b472d37041f67907691f55c153ff880093e4bc
These are default roles and we don't need to create them for
ceph. Also swift user does not need admin role.
Closes-Bug: 1916756
Resolves: rhbz#1932208
Change-Id: I4d4c01d4ace8c51ae9f47f4dafd76bb3b5ed674f
Set tags tripleo_vip_net=ctlplane and tripleo_stack_name=$STACK_NAME
on the ControlVirtualIP port.
Related: blueprint network-data-v2-ports
Change-Id: I098f24423716688fe8ff61a894516f3e860b2a4c
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
Import tasks causes the tasks always to be pulled in and just skipped at
run time. This is terribly slow with more roles even when not running
against those hosts. A similar effort was applied to the update process
I2eab008ca27546acbd2b1275f07bcca0b84b858c which should also be used
here.
Change-Id: Ibd9bb9f8a4c6a7ce3c6ebd11ce5cf444dde57c33
Related-Bug: #1915761
If you run ansible with -v, the data in the set_fact task may be logged.
We don't want that for these tasks.
Change-Id: Ic6e4477c2218cf7586e70df8de7c47b798e79656
As part of [1] - optimize the zuul layout so that content-provider
doesn't run if openstack-tox-pep8 and openstack-tox-tht are not
green.
These jobs are voting so they block us anyway, may as well
save running anything else if these small jobs aren't complete
[1] https://review.opendev.org/q/topic:tripleo-ci-reduce
Change-Id: I5fca006e529809ace8d348735f1e10c57ef90e6b
With this change, it is possible to configure Barbican to connect
to multiple nShield HSMs in HA mode.
Change-Id: Id086b5e661e01991913c20c0b354800a9b6e2674
This change switches from using service facts to using systemctl
commands to do service checks. This is done to reduce the amount of
memory used as part of the deployment.
Change-Id: I0cd5b24933e50680baefd055d6e68e277ab09315
Related-Bug: #1915761
When a tripleo major upgrade or FFU causes an update or mariadb
to a new major version (e.g. 10.1 -> 10.3), some internal DB
tables must be upgraded (myisam tables), and sometimes the
existing user tables may be migrated to new mariadb defaults.
Move the db-specific upgrade steps into a dedicated script and
make sure that it is called at the right time while upgrading
the undercloud and/or the overcloud.
Closes-Bug: #1913438
Change-Id: I92353622994b28c895d95bdcbe348a73b6c6bb99