Since Rocky neutron has support to enable routed networks on
existing an network and subnet if certain conditions are met.
The tripleo undercloud does meet these conditions.
This change updates the extraconfig post script that creates
the neutron ctlplane networks. Any non routed network is
updated to a routed network if 'enable_routed_networks' = True
in the configuration.
Closes-Bug: #1790877
Change-Id: Idf2dd4c158d29b147d48153d3626cf403059d660
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute container
is shut down. Therefore we need a customized libvirt-guests unit file
which:
1) removes the dependency to libvirt (non container) that it don't
get started as a dependency and make the nova_libvirt container
to fail.
2) adds a dependency to docker related services that a shutdown of
nova_compute container is possible on system reboot.
3) stops nova_compute container
4) shutdown VMs
This is a missing part of Bug 1778216.
Change-Id: Ic4b7b427827114fcec0f4973a200461e811ee53a
Related-bug: 1778216
Enabling glance image cache by setting up value of 'flavor' to
'keystone+cachemanagement' in glance-api.conf from THT.
Change-Id: I9a87d8edcb2e98ae45e98439b44b659916e44d89
blueprint: split-controlplane-glance-cache
Nova metadata api is running via http wsgi in its own service.
Therefore we can cleanup the ports definition being opened by
nova api service.
Change-Id: I3066806f8810e30742516c3ca14afc12a1c95bbc
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.
Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
Don't always masquerade these defaults, masquerading
should only happen to the ctlplane subnets defined
in undercloud.conf if masquerading is true.
Closes-Bug: #1794729
Depends-On: I11b325458517334f97fc5f4754b4b39efff3a3f3
Change-Id: I4b956e8be92f1b7a71579d04c7e41c20da7ffdfa
Add ContainerCli parameter, default to docker. Possible values:
podman/docker (default).
Deprecate DockerAdditionalSockets so it does nothing for podman.
Nested podman CLI replaces docker sockets. Only bind mount
/var/lib/openstack for the neutron/ovn agents for docker.
Support debug messages for Neutron/OVN wrappers controled via
NeutronWrapperDebug and OWNWrapperDebug (defaults to False). Or
globally controlled by Debug.
Make the wrapper containers managed by its parent processes and
not exited/removed forcibly, when the parent container restarts.
Background for podman CLI replacing the docker socket:
We'll use 'nsenter -m -n -p -t 1 podman' in wrappers
to execute podman in the same namespaces as on the host
and to NOT bind-mount world for that, like:
- /sys/fs/cgroup:/sys/fs/cgroup
- /run/libpod:/run/libpod
- /run/containers:/run/containers
- /run/runc:/run/runc
- /run/runc-ctrs:/run/runc-ctrs
- /var/lib/containers:/var/lib/containers
- /etc/containers:/etc/containers:ro
- /usr/bin/podman:/usr/bin/podman:ro
- /usr/bin/runc:/usr/bin/runc:ro
- /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro
- /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro
...
We cannot use chroot /host instead as there is more bind-mounts to use
outside of the /host chroot. Maybe varlink is a good replacement for
all of that, but it's not there yet.
Change-Id: I055fb7a5fd20932c5bee665bb96678f3ae92bffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Added a new parameter CinderDellScMultipathXfer to
support cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer
to the Dell EMC SC Cinder iSCSI volume driver template.
Depends-On: https://review.openstack.org/#/c/611126/
Change-Id: I04f42ce0cd117f7dcc7a817274ea7664d9995864
With containerized undercloud, the Octavia playbook shipping with
tripleo-common can no longer install the octavia-amphora-image RPM
available in RHOSP-based environments as the yum repository list is
empty. Thus, the amphora QCOW2 file needs to be made available by the
undercloud base OS via a volume mount. This will also help in
uniformizing default placement of amphora images across different
OpenStack distributions.
Change Icae47e76f71b739cf0e1f5633b15432fd531e645 will close the loop.
Partial-Bug: #1800916
Change-Id: I84943a5e6e2b08baaf8e61a1cd9f2fe92286ad9a
Default resource registry points to containerized services too, we
shouldn't use docker.yaml anymore.
Change-Id: I6106e223d9c1e399d396d745ad28274107074b06
This change switches the default timesync service from NTP to Chrony.
With this switch, NTP is officially deprecated.
Depends-On: https://review.openstack.org/#/c/614876/
Change-Id: Iff7981ae7144c59cbc03b35ee0b1dcda5af2f6a4
Implements-Blueprint: tripleo-chrony
In some cases, it may be desireable to override $SSH_OPTIONS as used by
the deployed-server get-occ-config.sh script. Particularly in
environments that wish to remove -tt.
This patches makes it so that the value can be overridden via the shell.
Change-Id: I14ab6765b3e55f602bb8ae56a313fce9812e3f59
Closes-Bug: #1800834
We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.
Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
Directory /var/lib/gnocchi/tmp is created by gnocchi-upgrade
with root ownership. This patch ensures the directory is created
first with proper ownership.
Closes-Bug: #1799522
Change-Id: Iaf8e13490adffaf4a606730f4758d064af69b2aa
If not set, it would use the default os_workers fact instead of 'auto'
and limit the number of worker processes.
Change-Id: I69f51bb38f1307cf4b750e5ffb394eb215df1d9e
Add CinderStorageAvailabilityZone parameter that configures
cinder's DEFAULT/storage_availability_zone. The default value
of 'nova' matches cinder's own default value.
Add several CinderXXXAvailabilityZone parameters, where XXX is
any of the cinder volume service's storage backends. The
parameters are optional, and when set they override the
"backend_availability_zone" for the corresponding backend.
Implements: blueprint split-controlplane-cinder-volume-az
Depends-On: Ic407b747474b567858ad36beabc8a7d8c5022343
Change-Id: Idb035bf112cbab41547bd89935df4c175bf665f4
Mounting empty /var/lib/config-data/puppet-generated/
opendaylight/opt/opendaylight/etc/opendaylight/karaf
from host to /opt/opendaylight/etc/opendaylight/karaf
on container empties the folder on container itself.
Hence on restart/redeploy, ODL can't find files inside
that folder and can't start leading to deployment failure.
So delete the empty karaf folder on host so that the contents
of karaf folder inside the container is intact durin redeploy.
Change-Id: I75aabaa2abc0fc9ba789c53f27fc37cfb7769a8b
Closes-Bug: #1799395
Adds support for libvirt volume_use_multipath the ability to
use multipath connection of the iSCSI or FC volume.
Volumes can be connected in the LibVirt as multipath devices.
Adds new parameter NovaLibvirtVolumeUseMultipath.
Change-Id: I18a030a445de652fbc492029afec6558a9661857
This removes the zaqar websocket service on upgrade from
non-containerized environment, in particular the undercloud.
Change-Id: If2151c27bfdf4e1f1a22704221c1a2c75aa9cf0a
Closes-Bug: #1798546
Some services were not disabled after upgrading to a containerized
undercloud. This patch fixes this.
Closes-Bug: 1798366
Change-Id: Ifa8a135426c60e0f9fb3c4b2b6e63fde02f23bfb
In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.
Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910