This change (with its dependent reviews) creates a separate VIP for the OVN DBS
service. A more detailed explanation can be found in https://bugs.launchpad.net/tripleo/+bug/1841811.
The short explanation is that the OVN DBS HA service puts some additional constraints on the VIP it
uses and that is problematic when that VIP is used by other services (e.g. a change in OVN DBS master
will move the VIP and will also reset all mysql connections. It also prevents us splitting OVN DBS from
where haproxy runs).
Tested as follows:
A) Deployed a mster environment with this review and all its dependencies and correctly obtained
an OVN DBS service with its own Vip and the OVN services
(controller/metadata) pointing to this separate Vip
B) Deployed a master environment as is and then applied this review +
dependencies and observed that a redeploy correctly created a new VIP,
reconfigured the services to point to the new VIP and that the old
obsolete constraints created around the per-network VIP were removed
Closes-Bug: #1841811
Depends-On: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
Change-Id: I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
This patch enables port_forwarding service plugin and L3 agent's
extension in case of ML2/OVS environment.
It don't enable it in ML2/OVN cases as networking-ovn don't support
port_forwarding yet.
This patch also adds NeutronL3AgentExtensions config option for
Neutron L3 agent.
This new option is used to enable "port_forwarding" extension on L3
agent.
Change-Id: I2417f9f6a436ae7a3820e16fdf6210099807b651
Use $NETWORK_uri for ironic::pxe::tftp_bind_host so that
the wrapped ip address is picked up from hieradata when
IPv6 is used.
Closes-Bug: #1844713
Change-Id: I874d5eb401113fb9a1664be0b3cd29e76756d970
This patch adds three new parameters:
1. OctaviaConnectionMaxRetries
2. OctaviaBuildActiveRetries
3. OctaviaPortDetachTimeout
The default values are same as in octavia and puppet-octavia master
branches as of now.
Depends-On: https://review.opendev.org/#/c/682636/
Change-Id: Id5f7bb2160215170561f39015ddfdb93cba904b5
CinderPureBackendName is enhanced to support a list of backend names,
and a new CinderPureMultiConfig parameter provides a way to specify
parameter values for each backend. For example:
parameter_defaults:
CinderEnableIscsiBackend: false
CinderEnablePureBackend: true
CinderPureBackendName:
- tripleo_pure_1
- tripleo_pure_2
# These will be the default parameter values for each backend.
CinderPureStorageProtocol: 'iSCSI'
CinderPureUseChap: false
CinderPureMultipathXfer: true
CinderPureImageCache: true
# Use CinderPureMultiConfig to override values in specific backends.
CinderPureMultiConfig:
tripleo_pure_1:
CinderPureSanIp: '10.0.0.1'
CinderPureAPIToken: 'secret'
tripleo_pure_2:
CinderPureSanIp: '10.0.0.2'
CinderPureAPIToken: 'anothersecret'
# This will take precedence over the default value.
CinderPureUseChap: true
Co-Authored-By: Alan Bishop <abishop@redhat.com>
Depends-On: Ia7cc82f5eb4e228a43e47624d87e319ac5340268
Change-Id: I1083ef9893dede234b4cafd9888c898fa0e31077
With this commit we enable deep_compare by default, allowing stonith
resources to be updated via stack update.
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Depends-on: https://review.opendev.org/#/c/681778/
Depends-on: https://review.opendev.org/#/c/679407/
Change-Id: I330698f41cc092bdeb741c0b9c729264cf2cb28c
We revert I0d9eb663405d1113ea84e3c12651a3f0dbdfc75d and we instead
export ovn_dbs_vip on all nodes so it can be used in cells. Reason for this
is that we want a separate VIP for OVN because a) composable roles and b)
we do not want to impose the extra promote master constraints on the internal_api
VIP which ends up being used by OVN.
In the same vein as I7ca94dff4acf0816708110b9fe6f78d19dcc7b4d
(Move redis_vip to all_nodes.j2) we will have the ovn_dbs_vip moved
to all nodes (via I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce).
Depends-On: I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce
Change-Id: I4e4bf0a91751fb4f9e4c7233242cdc5649c421f8
Related-Bug: #1841811
Named debug ansible tasks have been added to the plays that get
generated in deploy_steps_playbook.yaml (from common/deploy-steps.j2).
The explicitly named tasks allow for using ansible-playbook's
--start-at-task option to resume a deployment from the start of a given
play.
For example, this could be used to resume a deployment with:
ansible-playbook ... --start-at-task "Overcloud common deploy step tasks 3" ...
Previously this was not possible since many of the tasks that got
generated in common_deploy_steps_tasks.yaml used an ansible variable in
the name, which is not resolved until runtime, so --start-at-task is
ignored.
Change-Id: If40a5ecaacf8c74c98775eb6bde05d967694f640
CinderRbdFlattenVolumeFromSnapshot controls whether cinder RBD volumes
created from a snapshot should be flattened in order remove a dependency
on the snapshot.
Depends-On: I430a2d1793ffcd0964d268a1930e3fb85e32a995
Change-Id: I4fb97b275c6288e81072d71d43f75f5b7aee1d6b
LibvrtLogOutputs to define how log outputs are sent,
like file, syslog, and so on.
In default, it is configured so that libvirt directly records
its log into /var/log/containers/libvirt/libvirtd.log .
Change-Id: Iac3d3e9d95c281433cf189c7d277f0a833736ffa
The support to set config paramter NovaLiveMigrationWaitForVIFPlug
was added in I0048d1f57eeb3418b52f225f87810ea1a7250a0f which
default to true but has a condition as well, because of which
live-migration fails with timeout.
This changes removes the condition and uses the default value.
Also change Ib9fe6e1bfea1d5f62b2f2b6fdb12d16878108c3f fixes
the issue in networking-ovn project.
Change-Id: Iba2b7a94c23ff3bcc311e92b63d6c05d9cb6d065
We believe this change induced a regression[1] that is further breaking TripleO TLS-Everywhere deployments. Submitting a revert patch while we investigate and work on a more robust solution.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1743485
This reverts commit fc914e96116532985fef5b7e02e1dbbc8842f81e.
Change-Id: I5dc334d5b5232b7e0097d0a0e735abc911060917
This change adds three new role parameters `NovaCPUAllocationRatio`,
`NovaRAMAllocationRatio` and `NovaDiskAllocationRatio` for
configuring cpu_allocation_ratio, ram_allocation_ratio and
disk_allocation_ratio.
The default values for CPU and Disk allocation ratio are taken
as 0.0 as it will be updated by update_available_resource method
as mentioned in [1].
[1] https://specs.openstack.org/openstack/nova-specs/specs/stein/implemented/initial-allocation-ratios.html
Change-Id: Ia3c62668b0c1469e31aa8cd2c984b460eb06d970
The DeployedServerEnvironment output has been removed from the stack
as they are no longer needed when using config-download with
pre-provisioned nodes.
Change-Id: If94997621ebd1096326ba77a167564a728102b54
Added new parameter naemd ExtraKernelPackages that can be used to
install specific packages prior to the kmod execution.
Change-Id: I505edc7f0391c67371881ce9e2d944f8608a091c
Depends-On: https://review.opendev.org/#/c/676503/
Closes-Bug: #1840180
LibvirtLogFilters to select a different logging level for a given
category log outputs, as specified in https://libvirt.org/logging.html .
Default:
'1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'
Depends-On: Ic48afe856ae60654d6cebf627b12509881933c59
Change-Id: I85b09ddeb61b2f3563f81eb423e8f05b18fe984a
Closes-Bug: 1840140
Indicates that the nova-metadata API service has been deployed
per-cell, so that we can have better performance and data isolation
in a multi-cell deployment. Users should consider the use of this
configuration depending on how neutron is setup. If networks span
cells, you might need to run nova-metadata API service globally.
If your networks are segmented along cell boundaries, then you can
run nova-metadata API service per cell.
Introduces a new endpoint_map entry NovaMetadataInternal.
If NovaLocalMetadataPerCell is true, NovaMetadataCellInternal points
to the local cell endpoint.
If NovaLocalMetadataPerCell is false, NovaMetadataCellInternal points
to the central control plane nova metadata endpoint.
The NovaMetadataCellInternal endpoint is then used to configure the
nova-metadata api endpoint the ovn metadata agent points to.
Also removes setting the deprecated [DEFAULT]/nova_metadata_ip
hiera key and only uses [DEFAULT]/nova_metadata_host for the ovn
metadata agent.
Depends-On: https://review.opendev.org/675070
Depends-On: https://review.opendev.org/650943
Change-Id: I78f6d30676ee166f84d8aca1609b376bb73e5f2c
Closes-Bug: #1823760
Change-Id: I1e05230e4105a3706f0662b0c203137d05ebf3d8
Deprecating the parameter NeutronSriovNumVFs and the service
neutron-sriov-host-config. The numvfs shall be configured
using the sriov_pf type in nic configs.
Depends-On: I2923e046727c901219be693f248b7c0078331b83
Change-Id: I977a69add983cfe59f2dd82f05ebf7e11a85c25e
OpenShift deployed by TripleO support has been removed in a downstream
version of Stein which make the upstream support difficult to maintain.
OpenShift can be deployed using OpenShift-Ansible and
users who desire to deploy OpenShift 3.11 onto bare metal nodes can
still do so using openshift-ansible directly. The provisioning of
the Operating System on baremetal can be done with OpenStack Ironic on
the Overcloud or also can be done with deployed-servers, achieving the
same result.
Change-Id: I6a73f7f22dda69bef324ffdaecdcd6be693c1257
In case the freeipa CA is a sub CA of an external CA the
InternalTLSVncCAFile requrested does not have the full CA
chain and only have the free IPA CA. As a result qemu
which can not verify the vnc certificate sent by the
vnc-proxy. The issue is in certmonger[1] as it does not return the
full CA chain.
As a workaround, until certmonger is fixed, this change points the
InternalTLSVncCAFile to /etc/ipa/ca.crt which has the full CA chain.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1710632
Change-Id: I750c5572505ff58b8164906754f1bcaf4fd256e0
Allow to configure Apache MPM module for the containerized API/WSGI'ish
services running Apache as a backend. Change the default from 'prefork'
to 'event', which is a low level change and should provide no sensible
upgrade impact. This alleviates the related heartbeats threading issue
arising with the monkey-patched eventlet.
Merge the missing ApacheServiceBase config settings for Octavia API,
Horizon and Ironix PXE. This is needed to apply the base Apache
service hiera settings, including MPM module switches, for those
as well.
Related-bug: #1829062
Change-Id: Ia65af7a9d6ae106a61ec52912bebba72830d5f28
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>