1247 Commits

Author SHA1 Message Date
Zuul
c2d4816840 Merge "Give the OVN DBS service a separate Vip" 2019-09-29 18:48:25 +00:00
Zuul
50f02ff9b9 Merge "Ironic: disallow deployment and cleaning in maintenance mode" 2019-09-28 03:18:02 +00:00
Zuul
25b544f3cc Merge "Use _uri which is wrapped if IPv6 for ironic tftp" 2019-09-23 19:22:09 +00:00
Dmitry Tantsur
036946bc7d Ironic: disallow deployment and cleaning in maintenance mode
This is a common source of confusion for users since ironic essentially
gets stuck in "wait call-back" or "clean wait" state. See e.g.
https://bugzilla.redhat.com/show_bug.cgi?id=1712561

Depends-On: https://review.opendev.org/#/c/683970/
Change-Id: I3b3f6037970e741f93549878e4e36d36297be9c3
2019-09-23 16:15:14 +02:00
Michele Baldessari
176b30649b Give the OVN DBS service a separate Vip
This change (with its dependent reviews) creates a separate VIP for the OVN DBS
service. A more detailed explanation can be found in https://bugs.launchpad.net/tripleo/+bug/1841811.
The short explanation is that the OVN DBS HA service puts some additional constraints on the VIP it
uses and that is problematic when that VIP is used by other services (e.g. a change in OVN DBS master
will move the VIP and will also reset all mysql connections. It also prevents us splitting OVN DBS from
where haproxy runs).

Tested as follows:
A) Deployed a mster environment with this review and all its dependencies and correctly obtained
an OVN DBS service with its own Vip and the OVN services
(controller/metadata) pointing to this separate Vip

B) Deployed a master environment as is and then applied this review +
dependencies and observed that a redeploy correctly created a new VIP,
reconfigured the services to point to the new VIP and that the old
obsolete constraints created around the per-network VIP were removed

Closes-Bug: #1841811

Depends-On: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
Change-Id: I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
2019-09-23 13:05:39 +00:00
Zuul
41dcc097ba Merge "Support deploying multiple Cinder Pure Storage backends" 2019-09-23 10:21:57 +00:00
Zuul
6d687626c9 Merge "Enable "port_forwarding" feature in neutron ML2 ovs environment" 2019-09-21 20:59:10 +00:00
Zuul
1f08348e56 Merge "Add new parameter options to Octavia service" 2019-09-20 15:47:19 +00:00
Slawek Kaplonski
95f889720c Enable "port_forwarding" feature in neutron ML2 ovs environment
This patch enables port_forwarding service plugin and L3 agent's
extension in case of ML2/OVS environment.
It don't enable it in ML2/OVN cases as networking-ovn don't support
port_forwarding yet.

This patch also adds NeutronL3AgentExtensions config option for
Neutron L3 agent.
This new option is used to enable "port_forwarding" extension on L3
agent.

Change-Id: I2417f9f6a436ae7a3820e16fdf6210099807b651
2019-09-20 14:59:37 +00:00
Harald Jensås
d2b607c976 Use _uri which is wrapped if IPv6 for ironic tftp
Use $NETWORK_uri for ironic::pxe::tftp_bind_host so that
the wrapped ip address is picked up from hieradata when
IPv6 is used.

Closes-Bug: #1844713
Change-Id: I874d5eb401113fb9a1664be0b3cd29e76756d970
2019-09-19 22:01:30 +02:00
Zuul
56cc922ca9 Merge "Misspelling of words" 2019-09-19 05:15:52 +00:00
Carlos Goncalves
f924a35d70 Add new parameter options to Octavia service
This patch adds three new parameters:

1. OctaviaConnectionMaxRetries
2. OctaviaBuildActiveRetries
3. OctaviaPortDetachTimeout

The default values are same as in octavia and puppet-octavia master
branches as of now.

Depends-On: https://review.opendev.org/#/c/682636/
Change-Id: Id5f7bb2160215170561f39015ddfdb93cba904b5
2019-09-17 18:03:05 +02:00
Zuul
9fde6321e0 Merge "Revert Add OvnDbInternal to EndpointMap and use it for ovn_db_host" 2019-09-16 16:18:51 +00:00
Emilien Macchi
91e8ed328a Support deploying multiple Cinder Pure Storage backends
CinderPureBackendName is enhanced to support a list of backend names,
and a new CinderPureMultiConfig parameter provides a way to specify
parameter values for each backend. For example:

parameter_defaults:
  CinderEnableIscsiBackend: false
  CinderEnablePureBackend: true
  CinderPureBackendName:
    - tripleo_pure_1
    - tripleo_pure_2
  # These will be the default parameter values for each backend.
  CinderPureStorageProtocol: 'iSCSI'
  CinderPureUseChap: false
  CinderPureMultipathXfer: true
  CinderPureImageCache: true
  # Use CinderPureMultiConfig to override values in specific backends.
  CinderPureMultiConfig:
    tripleo_pure_1:
      CinderPureSanIp: '10.0.0.1'
      CinderPureAPIToken: 'secret'
    tripleo_pure_2:
      CinderPureSanIp: '10.0.0.2'
      CinderPureAPIToken: 'anothersecret'
      # This will take precedence over the default value.
      CinderPureUseChap: true

Co-Authored-By: Alan Bishop <abishop@redhat.com>
Depends-On: Ia7cc82f5eb4e228a43e47624d87e319ac5340268
Change-Id: I1083ef9893dede234b4cafd9888c898fa0e31077
2019-09-13 07:36:42 -07:00
Luca Miccini
9f2ab2b88b Enable deep_compare by default for stonith resources
With this commit we enable deep_compare by default, allowing stonith
resources to be updated via stack update.

Co-Authored-By: Michele Baldessari <michele@acksyn.org>

Depends-on: https://review.opendev.org/#/c/681778/
Depends-on: https://review.opendev.org/#/c/679407/
Change-Id: I330698f41cc092bdeb741c0b9c729264cf2cb28c
2019-09-13 10:09:12 +00:00
Michele Baldessari
e3b528af4f Revert Add OvnDbInternal to EndpointMap and use it for ovn_db_host
We revert I0d9eb663405d1113ea84e3c12651a3f0dbdfc75d and we instead
export ovn_dbs_vip on all nodes so it can be used in cells. Reason for this
is that we want a separate VIP for OVN because a) composable roles and b)
we do not want to impose the extra promote master constraints on the internal_api
VIP which ends up being used by OVN.

In the same vein as I7ca94dff4acf0816708110b9fe6f78d19dcc7b4d
(Move redis_vip to all_nodes.j2) we will have the ovn_dbs_vip moved
to all nodes (via I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce).

Depends-On: I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce

Change-Id: I4e4bf0a91751fb4f9e4c7233242cdc5649c421f8
Related-Bug: #1841811
2019-09-12 11:55:59 +00:00
jiasirui
b4f46122b4 Misspelling of words
Change-Id: I4c343de44b92fa6923f322b1235c35258f3de02a
2019-09-12 18:40:55 +08:00
Zuul
fd051e610e Merge "Add named debug tasks to each play" 2019-09-10 00:37:00 +00:00
Zuul
6c3759a46a Merge "Add CinderRbdFlattenVolumeFromSnapshot parameter" 2019-09-07 19:02:48 +00:00
James Slagle
7859700354 Add named debug tasks to each play
Named debug ansible tasks have been added to the plays that get
generated in deploy_steps_playbook.yaml (from common/deploy-steps.j2).
The explicitly named tasks allow for using ansible-playbook's
--start-at-task option to resume a deployment from the start of a given
play.

For example, this could be used to resume a deployment with:
ansible-playbook ... --start-at-task "Overcloud common deploy step tasks 3" ...

Previously this was not possible since many of the tasks that got
generated in common_deploy_steps_tasks.yaml used an ansible variable in
the name, which is not resolved until runtime, so --start-at-task is
ignored.

Change-Id: If40a5ecaacf8c74c98775eb6bde05d967694f640
2019-09-05 17:34:54 -04:00
Alan Bishop
9e5c7cdb0a Add CinderRbdFlattenVolumeFromSnapshot parameter
CinderRbdFlattenVolumeFromSnapshot controls whether cinder RBD volumes
created from a snapshot should be flattened in order remove a dependency
on the snapshot.

Depends-On: I430a2d1793ffcd0964d268a1930e3fb85e32a995
Change-Id: I4fb97b275c6288e81072d71d43f75f5b7aee1d6b
2019-08-30 13:13:27 -07:00
Zuul
367349fc0b Merge "Adds LibvirtLogOutputs to define how log outputs are sent" 2019-08-30 07:01:51 +00:00
Zuul
fa6d20fd9a Merge "Remove deployed-server related stack output" 2019-08-29 15:44:52 +00:00
Zuul
759df5a6be Merge "Add NeutronPermittedEthertypes on OVS agent" 2019-08-28 03:26:42 +00:00
Takashi Kajinami
5fd7b487fd Adds LibvirtLogOutputs to define how log outputs are sent
LibvrtLogOutputs to define how log outputs are sent,
like file, syslog, and so on.
In default, it is configured so that libvirt directly records
its log into /var/log/containers/libvirt/libvirtd.log .

Change-Id: Iac3d3e9d95c281433cf189c7d277f0a833736ffa
2019-08-28 08:56:11 +09:00
Zuul
f91ba8ca9d Merge "Add new role parameters for cpu/ram/disk allocation ratio" 2019-08-27 02:47:17 +00:00
Zuul
44403bf65a Merge "Add LibvirtTLSPriority to set libvirtd tls_priority" 2019-08-27 02:47:08 +00:00
Zuul
9272675c92 Merge "Adds LibvirtLogFilters to define a libvirtd filter" 2019-08-27 02:47:06 +00:00
Zuul
8eba98bc85 Merge "Deprecate NeutronSriovNumVFs and neutron-sriov-host-config" 2019-08-24 03:08:58 +00:00
Zuul
ce4b5afeef Merge "Use default value for NovaLiveMigrationWaitForVIFPlug" 2019-08-23 23:44:05 +00:00
Zuul
b3510328ba Merge "Add ExtraKernelPackages" 2019-08-21 21:16:35 +00:00
Rajesh Tailor
8230470198 Use default value for NovaLiveMigrationWaitForVIFPlug
The support to set config paramter NovaLiveMigrationWaitForVIFPlug
was added in I0048d1f57eeb3418b52f225f87810ea1a7250a0f which
default to true but has a condition as well, because of which
live-migration fails with timeout.

This changes removes the condition and uses the default value.

Also change Ib9fe6e1bfea1d5f62b2f2b6fdb12d16878108c3f fixes
the issue in networking-ovn project.

Change-Id: Iba2b7a94c23ff3bcc311e92b63d6c05d9cb6d065
2019-08-21 17:28:05 +05:30
Zuul
0461c97776 Merge "Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"" 2019-08-21 01:03:20 +00:00
Harry Rybacki
1a5e97c08b Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"
We believe this change induced a regression[1] that is further breaking TripleO TLS-Everywhere deployments. Submitting a revert patch while we investigate and work on a more robust solution.

[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1743485

This reverts commit fc914e96116532985fef5b7e02e1dbbc8842f81e.

Change-Id: I5dc334d5b5232b7e0097d0a0e735abc911060917
2019-08-20 18:56:09 +00:00
Rajesh Tailor
5066737451 Add new role parameters for cpu/ram/disk allocation ratio
This change adds three new role parameters `NovaCPUAllocationRatio`,
`NovaRAMAllocationRatio` and `NovaDiskAllocationRatio` for
configuring cpu_allocation_ratio, ram_allocation_ratio and
disk_allocation_ratio.
The default values for CPU and Disk allocation ratio are taken
as 0.0 as it will be updated by update_available_resource method
as mentioned in [1].
[1] https://specs.openstack.org/openstack/nova-specs/specs/stein/implemented/initial-allocation-ratios.html

Change-Id: Ia3c62668b0c1469e31aa8cd2c984b460eb06d970
2019-08-19 17:29:20 +05:30
Zuul
6ce0d65798 Merge "Configure Max Delay for purge job about shadow tables in nova" 2019-08-16 18:03:20 +00:00
James Slagle
c4a0224ed5 Remove deployed-server related stack output
The DeployedServerEnvironment output has been removed from the stack
as they are no longer needed when using config-download with
pre-provisioned nodes.

Change-Id: If94997621ebd1096326ba77a167564a728102b54
2019-08-16 17:58:04 +00:00
Martin Schuppert
56ccd717d4 Add LibvirtTLSPriority to set libvirtd tls_priority
Adds LibvirtTLSPriority parameter to override the compile time
default TLS priority string.
Default: 'NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2'

Change-Id: Id05c5e88be2d9f90642ed5159cb2db03c997f83a
Closes-Bug: #1840447
2019-08-16 15:52:20 +02:00
Alex Schultz
85bb97423c Add ExtraKernelPackages
Added new parameter naemd ExtraKernelPackages that can be used to
install specific packages prior to the kmod execution.

Change-Id: I505edc7f0391c67371881ce9e2d944f8608a091c
Depends-On: https://review.opendev.org/#/c/676503/
Closes-Bug: #1840180
2019-08-14 13:30:43 -06:00
Martin Schuppert
71516f2816 Adds LibvirtLogFilters to define a libvirtd filter
LibvirtLogFilters to select a different logging level for a given
category log outputs, as specified in https://libvirt.org/logging.html .
Default:

'1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util'

Depends-On: Ic48afe856ae60654d6cebf627b12509881933c59
Change-Id: I85b09ddeb61b2f3563f81eb423e8f05b18fe984a
Closes-Bug: 1840140
2019-08-14 14:59:11 +02:00
Martin Schuppert
2cd9e44e66 Add NovaLocalMetadataPerCell cell support
Indicates that the nova-metadata API service has been deployed
per-cell, so that we can have better performance and data isolation
in a multi-cell deployment. Users should consider the use of this
configuration depending on how neutron is setup. If networks span
cells, you might need to run nova-metadata API service globally.
If your networks are segmented along cell boundaries, then you can
run nova-metadata API service per cell.

Introduces a new endpoint_map entry NovaMetadataInternal.

If NovaLocalMetadataPerCell is true, NovaMetadataCellInternal points
to the local cell endpoint.

If NovaLocalMetadataPerCell is false, NovaMetadataCellInternal points
to the central control plane nova metadata endpoint.

The NovaMetadataCellInternal endpoint is then used to configure the
nova-metadata api endpoint the ovn metadata agent points to.

Also removes setting the deprecated [DEFAULT]/nova_metadata_ip
hiera key and only uses [DEFAULT]/nova_metadata_host for the ovn
metadata agent.

Depends-On: https://review.opendev.org/675070
Depends-On: https://review.opendev.org/650943
Change-Id: I78f6d30676ee166f84d8aca1609b376bb73e5f2c
Closes-Bug: #1823760

Change-Id: I1e05230e4105a3706f0662b0c203137d05ebf3d8
2019-08-12 17:42:51 +02:00
Karthik S
ddd486fb63 Deprecate NeutronSriovNumVFs and neutron-sriov-host-config
Deprecating the parameter NeutronSriovNumVFs and the service
neutron-sriov-host-config. The numvfs shall be configured
using the sriov_pf type in nic configs.

Depends-On: I2923e046727c901219be693f248b7c0078331b83
Change-Id: I977a69add983cfe59f2dd82f05ebf7e11a85c25e
2019-08-08 08:58:30 +00:00
Emilien Macchi
c845595ba3 Removal of OpenShift deployed by TripleO support
OpenShift deployed by TripleO support has been removed in a downstream
version of Stein which make the upstream support difficult to maintain.
OpenShift can be deployed using OpenShift-Ansible and
users who desire to deploy OpenShift 3.11 onto bare metal nodes can
still do so using openshift-ansible directly. The provisioning of
the Operating System on baremetal can be done with OpenStack Ironic on
the Overcloud or also can be done with deployed-servers, achieving the
same result.

Change-Id: I6a73f7f22dda69bef324ffdaecdcd6be693c1257
2019-08-06 17:22:24 -04:00
Zuul
1fa2b378d7 Merge "Revert "Wire-in Apache MPM module parameters and switch it"" 2019-08-05 10:36:10 +00:00
Chandan Kumar (raukadah)
c1269a6475 Revert "Wire-in Apache MPM module parameters and switch it"
This reverts commit 09cfcc1464dce0eb7c05caf42375290bbaae4199.

Change-Id: Ife71b124fa404050fcbcb2e041590a295076d6d9
2019-08-02 10:34:07 +00:00
Martin Schuppert
fc914e9611 Point InternalTLSVncCAFile to /etc/ipa/ca.crt
In case the freeipa CA is a sub CA of an external CA the
InternalTLSVncCAFile requrested does not have the full CA
chain and only have the free IPA CA. As a result qemu
which can not verify the vnc certificate sent by the
vnc-proxy. The issue is in certmonger[1] as it does not return the
full CA chain.

As a workaround, until certmonger is fixed, this change points the
InternalTLSVncCAFile to /etc/ipa/ca.crt which has the full CA chain.

[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1710632

Change-Id: I750c5572505ff58b8164906754f1bcaf4fd256e0
2019-08-01 20:27:57 +00:00
Zuul
94777977e9 Merge "Wire-in Apache MPM module parameters and switch it" 2019-07-31 18:38:15 +00:00
Bogdan Dobrelya
09cfcc1464 Wire-in Apache MPM module parameters and switch it
Allow to configure Apache MPM module for the containerized API/WSGI'ish
services running Apache as a backend. Change the default from 'prefork'
to 'event', which is a low level change and should provide no sensible
upgrade impact. This alleviates the related heartbeats threading issue
arising with the monkey-patched eventlet.

Merge the missing ApacheServiceBase config settings for Octavia API,
Horizon and Ironix PXE. This is needed to apply the base Apache
service hiera settings, including MPM module switches, for those
as well.

Related-bug: #1829062

Change-Id: Ia65af7a9d6ae106a61ec52912bebba72830d5f28
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-07-31 10:18:46 +02:00
Zuul
fb420a32d3 Merge "Remove DeploymentSwiftDataMap parameter" 2019-07-30 21:08:49 +00:00
Zuul
bb0f7510af Merge "Enable VFIO module on boot for SR-IOV deployments" 2019-07-30 18:44:47 +00:00