Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues in
nova.conf of the compute. Default 0 corresponds to not set meaning the
legacy limits based on the reported kernel major version will be used.
Conflicts:
deployment/nova/nova-compute-container-puppet.yaml
Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/772805
Change-Id: I353e8ca2676bbdceb056f8b2b084bc5102f52c1f
(cherry picked from commit 67a5a78897)
When a node has hugepages enabled, we can help with live migrations by
enabling NovaLiveMigrationPermitPostCopy and
NovaLiveMigrationPermitAutoConverge.
Related: https://bugzilla.redhat.com/1298201
Conflicts:
deployment/nova/nova-compute-container-puppet.yaml
Change-Id: I1133c210f35181d44f8ba56f09b52f00589e035c
(cherry picked from commit df207fd2e9)
Without this patch, files in /srv/node are relabeled on every start of
the account_auditor and/or account_reaper containers. If there are many
files (eg. when using Gnocchi) this will take a long time, sometimes
dozens of minutes per container start, and might result in breaking
upgrades/updates.
Relabeling already happens in step 3, this should be sufficient and
prevent additional delays when (re-) starting containers.
Closes-Bug: 1907070
Change-Id: I172ae8f35df34887aaf61b3e03d5aaab1d462a60
(cherry picked from commit 191d160903)
In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.
Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.
Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
(cherry picked from commit be6a844a79)
Added MemcachedMaxConnections to allow max connection override as
actually the limit is 8192 connections but in some cases the environment
will create more than 8192 connections to each memcached server.
Closes-Bug: #1911664
Change-Id: Iaef7c01127327f709577bef3d2e96db840ba2b80
(cherry picked from commit bbed1ef736)
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
(cherry picked from commit 629485dde5)
Currently, we can't set Nova [api]/max_limit
using a supplied Heat parameter. This change
adds a Heat parameter that will make it easier
for users to configure max_limit in nova.conf.
Change-Id: I4c28c6c90c52f22d4fa81d13e85842ce876ec2b9
closes-bug: 1904096
(cherry picked from commit 603530c711)
https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae657b2
introduced THT parameters to set libvirt/cpu_mode. The patch sets the
NovaLibvirtCPUMode wrong to 'none' string which results in puppet-nova
not to handle the default cases correct and sets libvirt/cpu_mode to
none which results in 'qemu64' CPU model, which is highly buggy and
undesirable for production usage. This changes the default to the
recommended CPU mode 'host-model', for various benefits documented
elsewhere.
Closes-Bug: #1905544
Change-Id: Iea8cccd77caac4b84764d84a213918ed57bd4e3e
(cherry picked from commit c290a5e3a1)
In case of cellv2 multicell environment nova-metadata is the only
httpd managed service on the cell controller role. In case of
tls-everywhere it is required that the cell controller host has
ther needed metadata to be able to request the HTTP certificates.
Otherwise the getcert request fails with "Insufficient 'add' privilege
to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
Change-Id: I57a49d1b7fc4c03b773f3a52b327584f537aca19
(cherry picked from commit 89d605103c)
When using RHSM Service (deployment/rhsm/rhsm-baremetal-ansible.yaml) based
registration of the overcloud nodes and enabling the KSM using
NovaComputeEnableKsm=True the overcloud deployment will fail because the
RHSM registration and the ksm task run as host_prep task. The handling
of enable/disable ksm is now handled in deploy step 1.
Closes-Bug: #1904184
Change-Id: I75a59f3d4b640f3146f2a865eff8be3f1383e078
(cherry picked from commit c329204dec)
Certificates get merged into the containers using kolla_config
mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd
gets disabled and enabled at a later point the containers running
the qemu process miss the required certificates and live migration
fails.
This change moves to use bind mount for the certificates and in
case of UseTLSTransportForNbd ans creates the required certificates even
if UseTLSTransportForNbd is set to False. With this UseTLSTransportForNbd
can be enabled/disabled as the required bind mounts/certificates
are already present.
Related-Bug: #1900986
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1888951
Depends-On: I9538b7e579d4921b14f6ef5eec0300e7e50628d4
Change-Id: I7f583d18e558b95922a66eb539cc91de74409c96
(cherry picked from commit e07e571ba2)
The puppet and ansible tasks for deploying the Multipathd service have
been moved to a new tripleo_multipathd ansible role. THT uses that role
passing in parameter values via ansible variables.
Two new THT parameters are supported:
- MultipathdCustomConfigFile provides a way for the user to specify a
custom multipath.conf file. This makes it easier for the user to
manage custom settings that are unique to their deployment, such as
vendor specific hardware tuning.
- MultipathdSkipKpartx provides a means for overriding multipathd's
default behavior whereby it automatically creates disk partitions on
multipath devices. Partitions should be managed by VM servers accessing
the device, not by the overcloud host itself.
Depends-On: Icf9faff31d83f0ea77d00a59a53d6ad36b06da4f
Depends-On: I3478312b5117da5c2e819e47c99f574246e84838
Change-Id: I934a1ae5bc0d77fd39b25f5039635e5df6e9004f
Calls an ansible role to create an LVM2 filter.
Change-Id: Ia01d23e252bc48b7cc6c66cd39138e6844b90a69
Depends-On: I9781007559e074f2b102f6f90c1aed6def1b02be
Closes-Bug: 1855704
This changes the parameter to non-role specific and by default
true. The dependant python-tripleoclient patch adds a check
to ensure that we only allow usage of old heat nic congigs with
'NetworkConfigWithAnsible: false'.
Change-Id: Ie37bdfe64eb1b33afe326161fc6f99601addb7b5
Role names can be customized, yet in THT jinja2 we
have several places where conditions are based on
the role name. By using tag's such as 'storage',
'ceph' and 'ovsdpdk' we the role names become truly
customizable.
The depends-on change in TripleO common will
dynamically add tag's to role's based on role.name
for backward compatibility during deprecation
period.
Depends-On: https://review.opendev.org/758124
Change-Id: I5ab4e4a220294245f95d328391bfffec87781a09
This change adds new THT parameters `NovaLibvirtCPUMode`,
`NovaLibvirtCPUModels` and `NovaLibvirtCPUModelExtraFlags`
which allows to configure `libvirt/cpu_mode`, `libvirt/cpu_models`
and `libvirt/cpu_model_extra_flags` parameters respectively.
Change-Id: I8df21d5d171976cbb8670dc5aef744b5fae657b2
Mistral services aren't used anymore on the Undercloud and we never saw
users on the Overcloud.
For simplification purpose, let's deprecate it so we can reduce our
number of containers and services in TripleO.
Change-Id: I422766fbdfa5d8728477d2b0d2b1d46a90f631ae
Manila's API service has a configuration option to
control what NAS protocols are allowed for user
shared file systems. Storage backends in manila can
advertise a number of possible NAS protocols.
Deployers need to be able to limit the protocols
enabled on their deployments, or specify an
override when enabling custom backends.
Change-Id: I877063dd3ab9369b09c84136a58f5565aa3f7720
Closes-Bug: #1831767
Depends-On: I7b36e5c45b029f070976e58335d79678752a990c
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Co-Authored-By: Alan Bishop <abishop@redhat.com>
To handle sparse image upload, new config parameters
``rbd_thin_provisioning`` and ``filesystem_thin_provisioning``
have been added in glance for rbd and filesystem backends
respectively with enabling image_conversion plugin for both
types of backends.
To make the above parameters enable, adding 'GlanceSparseUploadEnabled'
parameter in THT.
Depends-On: Ic95fa45af0f1db92d8425862c6267f466764fbbe
Depends-On: I90c8ea98a96fa57f5bf3bf0c6b2b37ec95474baf
Partially Implements: blueprint handle-sparse-image
Change-Id: I5a339e9850be3825540873736b9734178994ce21
When operator needs to change any options described in sshd_config,
he/she should use the parameter named SshServerOptions to define
the updated configuration.
However the problem here is that he/she should define the whole content
instead of the actual lines to be overridden, otherwise some of the
lines defined in its default can be missing from configuration. This
makes it difficutlt to properly update the parameter during update or
upgrade, since operators always need to check whetehr any change has
been made about the default of SshServerOptions.
This change introduces a new parameter, SshServerOptionsOverride, which
can be used to override specific line in SshServerOptions. Note that
SshServerOptions should still be used if any of the lines in
SshServerOptions needs to be removed.
Change-Id: I8a018c8c7435a753c8ed5b5fa211d91d053f8d67
Currently we disable Telemetry services like Ceilometer by defaut,
which means that we don't have any consumers for notification messages.
So NotificationDriver should be set as noop by default so that we don't
have unconsumed messages in notification queues.
Change-Id: I1d05749c94bd58ad4badafa7d9755009cb4b64af
Closes-Bug: #1869355
Remove cinder's "volume" (API v1) service from the keystone catalog.
This fixes a post-FFU bug that causes keystone endpoint validation to
fail. Cinder stopped supporting its v1 API in queens, but tripleo
retained the "volume" service (with API v3 endpoints) to work around
a bug in the version of tempest used in queens (see [1] for details).
The endpoint validation fails because the "volume" and "volume3" servces
share the same v3 endpoints.
[1] https://review.opendev.org/#/q/If1ef8b1ad60151c0dfd0a7804ba7e697fc4ede28
The patch was tested locally:
- Confirm a fresh deployment (with patch) succeeds
- Manually create "volume" service with "cinderv3" endpoints. This
replicates the post-FFU scenario
- Perform a stack update (succeeds), and confirm the "volume" service
has been deleted
Final note: The ansible task that removes the "volume" service is a
deployment (not upgrade) task. This ensures the service is removed from
overcloud deployments that already performed the FFU.
Closes-Bug: #1897761
Change-Id: Ic0eb72f78e2a19e2f40ab12631a872d828bab46a
In preparation for trainsition from composable networks
managed by heat, to composable networks managed with other
tooling.
The upgrade prepare step need to set this to 'retain', so
that networks are not deleted when running converge.
Change-Id: Ib65d74a2005fbc13cbc7916e646da65d99410adb
This parameter is used quite often but is not currently exposed in THT.
Close that gap. This is used by the API so it is that container that's
modified.
Change-Id: Idb56d7e2fd741b3d0dfaa8fd376ebe6d6ae8b867
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Add HorizonSessionTimeout parameter for configuring the session timeout
of horizon in seconds.
Closes-Bug: #1897197
Change-Id: I1bfd645ed9e1823a626d6972ab00893ca49bba83
This patch corrects the Octavia setting OctaviaTenantLogFacility to
have the same default value as the project uses by changing it to 0.
Change-Id: I89056ad69def9d8f45907bac0fdc9af54bb28dff
Add a single new parameter, NovaEnableVTPM, which will configure vTPM
support by setting nova's '[libvirt] swtpm_enabled' config option. We do
not yet expose nova's '[libvirt] swtpm_user' and '[libvirt] swtpm_group'
options since the Fedora RPM specfile, upon which CentOS' and RHEL's
specfiles are based, uses the standard user and group [1].
[1] https://src.fedoraproject.org/rpms/swtpm/blob/master/f/swtpm.spec
Change-Id: If90979c4b1bda279eca6dba46e3f53ab402b04c3
Depends-On: https://review.opendev.org/752904
Depends-On: https://review.opendev.org/753586
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Since GroupVars moved to overcloud.j2.yaml in
https://review.opendev.org/677218 the CIDR set in
'{{network.name_lower}}_cidr' in groupvars is limited
to one of the subnets on the network.
When a network have multiple subnets with different
subnet prefixes, this becomes a problem as nodes are
configured with the from subnet mask.
This change moves them to AnsibleHostVars.
Closes-Bug: #1895899
Change-Id: I4e4e5b1195d17f59c825a3f7df73920921e1f86e
To support multiple vgpu types configuration, add new
parameter `NovaVGPUTypesDeviceAddressesMapping` where vgpu-type
is key and list of device_addresses are value.
Depends-On: https://review.opendev.org/#/c/750148/
Change-Id: Ifc30bbef66717cafb5ec2262be8fe07af1e60772
Martin Schuppert