UIConfig endpoints were introduced for TripleO UI[1], but TripleO UI
has been removed thus these endpoints are no longer used.
[1] https://review.opendev.org/#/c/528679/
Change-Id: I74f5ede7bff9064889a4b7aaa978127ab456d88f
We open port: `` 3000 #SSL for websocket`` in the
zaqar service defenition:
deployment/zaqar/zaqar-container-puppet.yaml:L130
But SSL environment files use port 9000 for the public
endpoint.
Using 9000 also for SSL can cause issues in haproxy.
We may want to revert or relax the check in
https://review.opendev.org/664224 as duplicate IP's
is'nt the actual problem.
Related-Bug: #1832168
Related-RHBZ: #1868910
Change-Id: I05f31885ade46d47ff5d384dabbd5561f4df9278
In order to meet the tls cert request requirements, this
change adds the tht config and metadata settings when
the ceph dashboard is enabled.
Change-Id: I888bb421eaa6b82ebac57a5420fc60fc4744840a
Previously, novajoin was relying on hiera data to populate endpoints in
keystone, but that recently changed for the rest of the OpenStack
services. This commit updates novajoin to use the same approach with
EndpointMap. Otherwise, deploying the undercloud fails with an error
message similar to the following:
Cannot create an endpoint with an invalid URL: http://%{hiera('ctlplane')}:9090/v1/.
Change-Id: I0e177a5e21ed9fb5eacba7a766c153ba99af34ae
This patch adds public endpoint for MetricsQdr and makes the service to listen
on it when deployed on controller nodes (when enabled interior mode on controllers)
Change-Id: I0e4bb210064cc8a27dd3e041cb363c4add99662c
The Tacker service has been incomplete since Queens. They restructured
the services and TripleO has never implemented code to handle this new
structure. Since it's been disabled since Queens and there is currently
no plans to fix it, let's remove the service code.
Change-Id: I2856e894b58d50c2d3484ccd02bfb1d43625847f
Depends-On: https://review.opendev.org/#/c/682457/
Related-Bug: #1714270
We revert I0d9eb663405d1113ea84e3c12651a3f0dbdfc75d and we instead
export ovn_dbs_vip on all nodes so it can be used in cells. Reason for this
is that we want a separate VIP for OVN because a) composable roles and b)
we do not want to impose the extra promote master constraints on the internal_api
VIP which ends up being used by OVN.
In the same vein as I7ca94dff4acf0816708110b9fe6f78d19dcc7b4d
(Move redis_vip to all_nodes.j2) we will have the ovn_dbs_vip moved
to all nodes (via I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce).
Depends-On: I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce
Change-Id: I4e4bf0a91751fb4f9e4c7233242cdc5649c421f8
Related-Bug: #1841811
This change adds a StorageDashboard network, required to
run the ceph dashboard service in a separated network.
To define and enable the StorageDashboard network, deploy
using network_data_dashboard.yaml instead of network_data.yaml.
Change-Id: I9d592e459ee917eba839d11cd9712a6b85a6542b
Indicates that the nova-metadata API service has been deployed
per-cell, so that we can have better performance and data isolation
in a multi-cell deployment. Users should consider the use of this
configuration depending on how neutron is setup. If networks span
cells, you might need to run nova-metadata API service globally.
If your networks are segmented along cell boundaries, then you can
run nova-metadata API service per cell.
Introduces a new endpoint_map entry NovaMetadataInternal.
If NovaLocalMetadataPerCell is true, NovaMetadataCellInternal points
to the local cell endpoint.
If NovaLocalMetadataPerCell is false, NovaMetadataCellInternal points
to the central control plane nova metadata endpoint.
The NovaMetadataCellInternal endpoint is then used to configure the
nova-metadata api endpoint the ovn metadata agent points to.
Also removes setting the deprecated [DEFAULT]/nova_metadata_ip
hiera key and only uses [DEFAULT]/nova_metadata_host for the ovn
metadata agent.
Depends-On: https://review.opendev.org/675070
Depends-On: https://review.opendev.org/650943
Change-Id: I78f6d30676ee166f84d8aca1609b376bb73e5f2c
Closes-Bug: #1823760
Change-Id: I1e05230e4105a3706f0662b0c203137d05ebf3d8
OpenShift deployed by TripleO support has been removed in a downstream
version of Stein which make the upstream support difficult to maintain.
OpenShift can be deployed using OpenShift-Ansible and
users who desire to deploy OpenShift 3.11 onto bare metal nodes can
still do so using openshift-ansible directly. The provisioning of
the Operating System on baremetal can be done with OpenStack Ironic on
the Overcloud or also can be done with deployed-servers, achieving the
same result.
Change-Id: I6a73f7f22dda69bef324ffdaecdcd6be693c1257
This change introduces an optional extracted version of the Placement
service into TripleO. This extracted version will only be required once
the Placement service is fully removed from Nova during the T cycle
(previously S but delayed) at which point the corresponding
NovaPlacement service will also be removed from TripleO.
The majority of this change is code motion between the original
NovaPlacement service and the new PlacementAPI service.
Upgrades from the original NovaPlacement service to the extracted
PlacementAPI service are not currently supported by this change and will
be worked on independently during the Train cycle.
Co-authored-by: mschuppert@redhat.com
Depends-On: https://review.openstack.org/#/c/624335/
Change-Id: I9e3287bcbe9d317f32bf6b468c6ee17f04b6fff9
The entries in the tls-everywhere-endpoints-dns.yaml was wrong for
octavia; pointing to IPs instead of DNS. This made the TLS everywhere
deployment fail, since it assigns certificates for DNS subjectAltNames.
Change-Id: Ic6f0f26c03c443edf1715927a4542245e08567f4
Closes-Bug: #1822035
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.
Let's remove its support in TripleO, to reduce the codebase.
Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
OVN controller/metadata use ovn_dbs_vip hiera key to configure
the central ovn DB. This key is not available on split control
plane or multi cell setup and therefore installation fails.
With this change a new entry gets created in the EndpointMap
named OvnDbInternal. This can then be exported for an overcloud
stack and can be used as an input for the cell stack.
The information from the EndpointMap is used for ovn-metadata
and ovn-controller as the ovn_db_host information in puppet-tripleo
Change-Id: I0d9eb663405d1113ea84e3c12651a3f0dbdfc75d
Closes-Bug: #1817524
Openshift Routers are located on the infra node and need to be highly
available on ports 80 and 443.
Depends-On: I5de14152904d06c49e9d5b2df6e3f09a35f23d92
Change-Id: Iee088e1279bff2cdb7a3601288804f626bff29a3
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
This VIP is needed in ceph-ansible to tell ganesha service
to listen on this IP only.
This parameter is passed through the endpoint map, it could be
done also by passing allNodesConfig to ceph-ansible (addressed
in patch https://review.openstack.org/#/c/509146/) and then getting
this value from allNodesConfig in tripleo-common ceph-ansible workbook.
Disadvantage of this alternative approach is that any parameter
change would require also change in tripleo-common.
Depends-On: If31722d669efe91082c93ecb815e6c41676480c8
Change-Id: I3c0da46dd0f0252158c6065b7c122b8567c88bc0
Partially-Implements: blueprint nfs-ganesha
Add ODL endpoint and use it to get ODL port. Public access to
ODL is not allowed and hence the public endpoint is missing.
Internal endpoint is used for all internal communication and
TLS is enabled for that.
Change-Id: I66af960c6732f5d2efa8ea2db28cad122e321999
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts
Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
Starts converting storage-related sample environments to the tool,
and adds a few new ones for demonstration purposes.
This has required the addition of a new category of parameter
overrides in the tool. There are some parameters that are part of
the public API of roles that should not normally be included in a
sample environment for that role. Examples are EndpointMap and
ServiceNetMap. Those are both passed into most (all?) roles, but
their template defaults are not useful (both default to {}).
Unless we are explicitly creating a sample environment that
overrides those defaults we don't want them included.
Parameters such as RoleName and RoleParameters are similar. We
can't change them because they are part of the composable roles
interface and that would break any existing custom roles, but we
don't really want them included normally either. It's possible
these could be made completely private, but there have been some
very preliminary discussions about generating role samples that
might actually want to set them.
In order to avoid issues with editing the unit test file in editors
that strip trailing whitespace, the minor formatting bug where
params like EndpointMap had a trailing space after the name has
also been fixed.
Change-Id: If11f30c734bfbc17d463a9890c736d7477186fb9
We're not going to want to list every single sample environment in
a single file, so let's also take a directory and just read every
yaml file in it. This commit adds support for that as well as
some initial environments to demonstrate its use.
Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c