Commit Graph

546 Commits

Author SHA1 Message Date
Michael Johnson
773fccb7c1 Add the Unbound DNS resolver service
This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.

Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
2021-03-18 17:12:35 +00:00
Michele Baldessari
97016b2012 Add FRR service
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249

We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.

Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>

Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
2021-03-13 18:25:42 +00:00
Grzegorz Grasza
e329ca915e Generate certificates using ansible role
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.

Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
2021-03-10 16:28:22 +01:00
Zuul
aa98408f28 Merge "Restore PreNetworkConfig resources" 2021-03-01 20:42:08 +00:00
Zuul
8d612ea015 Merge "Always set NetworkDeploymentActions to its default" 2021-02-16 08:01:43 +00:00
Zuul
a0ad81b0b6 Merge "Remove DefaultPasswords interface" 2021-02-16 08:00:59 +00:00
ramishra
92dcffc714 Always set NetworkDeploymentActions to its default
There are instances users use ``NetworkDeploymentActions`` to
do network configuration during update, but just drop the
parameter for subsequent updates. This sometimes results in
network configuration changes in existing nodes and disruptions.
Let's always set them to defaults unless overridden explicitly.

Change-Id: Ibe7925e4ee568d3d45e138d543b6d7064a8503a3
Related: https://bugzilla.redhat.com/1928055
2021-02-13 11:37:36 +05:30
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
Takashi Kajinami
e7894c0b23 Restore PreNetworkConfig resources
This change restores the PreNetworkConfig resources, so that we migrate
back ExtraCnfigPre and NodeExtraConfig from pre network configurations
to post network configurations, to be consistent with older version
depending on Heat software deployments instead of config download.

Depends-on: https://review.opendev.org/772303
Closes-Bug: #1907214
Change-Id: I96e7e4c570839cfba6011788464d8e93925b2f01
2021-02-01 05:56:59 +00:00
ramishra
cff1618e40 Make the default transport POLL_SERVER_HEAT
Change it to POLL_SERVER_HEAT (Attempt 2, Earlier attempt had
issues when changing this as simultaneously deleting a bunch
of SoftwareDeployment resources). This is required to remove
swift from undercloud.

Change-Id: I639f5626013cd0ef61c1f9066fab7a7b8806287f
2021-01-28 10:49:34 +05:30
Alan Bishop
2d60799c49 Define a new CinderVolumeEdge service
CinderVolumeEdge is an optional service (defaults to OS::Heat::None)
that can be enabled on DCN/Edge nodes for edge sites that support
persistent block storage (i.e. cinder). The dcn-hci.yaml environment
file enables the service.

The new service supports the following edge deployment models:
1. Edge site with no block storage
   - Deploy DistributedCompute nodes
   - Use dcn.yaml environment file (the CinderVolumeEdge service
     remains disabled)
2. Edge site with traditional HCI storage
   - Deploy DistributedComputeHCI nodes
   - Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
   - Use ceph-ansible.yaml env file to deploy ceph for the RBD backend
3. Edge site with quasi-hyperconverged storage
   - Deploy DistributedCompute nodes
   - Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
   - Use ceph-ansible-external.yaml env file so the RBD backend can
     access an external ceph cluster

This patch adds support for number 3, which is a new capability. Whereas
traditional HCI means ceph and cinder services run on compute nodes, the
new model is still quasi-hyperconverged because cinder (as well as
glance) runs on the compute nodes.

Change-Id: I56b5792c1d53bb8659e440f598006e471894ff2e
2020-12-08 06:17:02 -08:00
Oliver Walsh
629485dde5 Move cell_v2 discovery off compute hosts
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).

This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.

Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.

Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
2020-11-18 12:21:59 +00:00
Zuul
0519978254 Merge "Remove Sahara support" 2020-11-06 03:12:06 +00:00
Purandhar Sairam Mannidi
f65052db5a Rename NeutronMl2PluginBase TripleO service
Rename Tripleo Service for NeutronMl2PluginBase from
OS::TripleO::Docker::NeutronMl2PluginBase to match with other services
as OS::TripleO::Services::NeutronMl2PluginBase.

Change-Id: I38d2fb5e9f0daba4c519343e88cd51e07dd00300
2020-10-20 11:20:41 +10:00
Takashi Kajinami
4a7d56947a Remove Sahara support
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.

[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
2020-10-19 09:39:36 +09:00
Rabi Mishra
ebef16836e Use ansible for default simple ovs bridge config
Change-Id: I28892e638f30321b271ceaf54b60020a43ceebb6
2020-10-06 13:08:54 +05:30
Rabi Mishra
6f0c7a1090 Use OS::Heat::None in place of net-config-noop.yaml
This replaces net-config-noop.yaml mappings to OS::Heat::None.

Also removes all unnecessary setting of it in environments as
we map them in overcloud-resource-registry-puppet.j2.yaml.
Normally that should be enough but we override them in so many
places, so there will be some redundancy.

Depends-On: https://review.opendev.org/755275
Change-Id: Ib4d07c835568cb3072770f81a082b5a5e1c790ea
2020-10-02 12:41:23 +05:30
Zuul
5540877689 Merge "Deprecate novajoin" 2020-10-01 18:14:49 +00:00
Ade Lee
bf910512c3 Deprecate novajoin
Deprecate the services related to novajoin.

Depends-On: https://review.opendev.org/#/c/753856/
Change-Id: I7803cccc4b4bf8c7cc201372ec91f9254cef7eb3
2020-09-30 01:23:38 -04:00
Zuul
a2fdcc6e76 Merge "Use ansible for nodes validation" 2020-09-21 06:53:49 +00:00
Zuul
ff3945a7cc Merge "Create OVNMacAddrNet network on Undercloud" 2020-09-21 05:27:18 +00:00
Zuul
d08d828290 Merge "Create external bridge on Compute nodes by default for OVN with DVR" 2020-09-05 06:29:12 +00:00
Alex Schultz
78ca1fe143 Use ansible for nodes validation
The old all nodes validation used a bash script to run some basic ping
tests after the network setup. It used to be a software config but
eventually got baked into the deployment framework. This patch switches
to the ansible role implementation and cleans up the old references to
the old heat resource.

Change-Id: Ia7f055d2c636f950c3fe6d8611834c4ab290f31a
Depends-On: https://review.opendev.org/#/c/747466/
2020-09-04 15:28:16 -06:00
Harald Jensås
2082099332 Create OVNMacAddrNet network on Undercloud
A network used to allocate MAC addresses for OVN chassis.
Ports without and IP allocation will be created on this
network, the MAC addresses of the ports will by used to
configure the ovn-chassis-mac-mappings.

NOTE, we may want to change the 'base_mac' option of the
undercloud, so that we don't have collissions with the
overcloud 'base_mac'.

Related-Bug: #1881593
Change-Id: If495b5d5c1e6beff02b48507051cccfb70fd995c
2020-08-28 18:23:54 +02:00
Dan Sneddon
bc5b6133f1 Create external bridge on Compute nodes by default for OVN with DVR
OVN is used by default, which includes DVR and requires a Neutron
external network bridge on the Compute nodes. This change adds the
tag 'external_bridge' to the Controller roles and modifies the
overcloud-resource-registry-puppet.j2.yaml file to set the default
NIC configuration to net-config-bridge.yaml when this tag is set.
This will cause both Controller and Compute nodes to have an
external bridge by default if no specific NIC configuration files
are specified for both roles since the 'external_bridge' tag is set
in roles_data.yaml.

This change also stops using net-config-bridge.yaml when the role
includes the 'controller' tag, since the 'external_bridge' tag is
used instead. A release note explains the change.

Closes-bug: 1890337
Change-Id: I69c32d33a516c629303e87c8e9a0e4b8fe58c669
2020-08-19 17:07:20 -07:00
Zuul
a4ce7bae04 Merge "Support for PowerFlex Cinder Backend" 2020-08-11 23:23:52 +00:00
Alex Schultz
b5dad0cf10 Switch host sshd configuration to ansible
This change updates the baremetal host sshd management to use ansible
instead of puppet. It should still be noted that the nova-migration
container still uses puppet to manage sshd.

Change-Id: Iedd149c123d807dee229160f8e9f1b17bf379368
Depends-On: https://review.opendev.org/#/c/742970/
2020-08-10 12:41:57 +00:00
rajinir
08415cb54d Support for PowerFlex Cinder Backend
VxFlex OS driver is rebranded to PowerFlex.
This patch adds support for PowerFlex.
Will deprecate the VxFlexOS template in
a new patch.

Depends-On: https://review.opendev.org/#/c/743852/
Change-Id: I94310bf84a0af7a735bd6e1c0038686b0d0abfc8
2020-07-31 15:57:10 -05:00
rajinir
56e2702f4a Support for PowerStore Cinder Backend
Adding support for PowerStore Volume Backend Driver

Depends-On: https://review.opendev.org/#/c/743627/
Change-Id: Idc36f3241b3ebed71722c6a89459c230beea4542
2020-07-29 16:52:08 -05:00
Zuul
c29e286a9e Merge "Add BarbicanClient service for configuring edge sites" 2020-07-21 04:50:49 +00:00
Alan Bishop
5080e45fd2 Add BarbicanClient service for configuring edge sites
A new BarbicanClient tripleo service provides a means of configuring
the barbican Key Manager settings for cinder, glance and nova services
running at an edge site. This is necessary because the BarbicanApi
tripleo service is only capable of configuring the Key Manager settings
for services running in the control plane.

For cinder, the BarbicanClient ensures the KeyManager settings are
available to the cinder-volume and cinder-backup services. This is
necessary because the Key Manager setttings are traditionally associated
with the cinder-api service, but cinder-api is not deployed at the edge.

Closes-Bug: #1886070
Change-Id: I17d6c3a3af5b192b77d264ff3e94e64ef6064c77
2020-07-10 06:35:11 -07:00
Alan Bishop
bff0c6cfa1 Fix default BlockStorageCinderVolume template
The BlockStorageCinderVolume tripleo service (used by the BlockStorage
and DistributedComputeHCI roles) is meant to deploy the cinder-volume
service without pacemaker. Unfortunately, [1] inadvertently switched
it to the pcmk version of the template, and this patch moves it back.

[1] I0f61016df6a9f07971c5eab51cc9674a1458c66f

Closes-Bug: #1886095
Change-Id: I182f8c5a8ce283b675aa18712e84fcd692200eb1
2020-07-02 13:36:01 -07:00
Zuul
9f5bee1bff Merge "Remove support for Neutron FUJITSU plugin" 2020-06-18 10:28:56 +00:00
Zuul
6ddde97184 Merge "Add composible service for tls enrollment" 2020-06-11 00:48:37 +00:00
Zuul
3316c09992 Merge "Support for Dell EMC VXFlexOS Backend" 2020-06-10 16:50:44 +00:00
Dave Wilde (d34dh0r53)
0e99ceda4b Add composible service for tls enrollment
This commit attempts to build out a composible service that enrolls the
undercloud as a FreeIPA host using an OTP. This is similar to what we've
done in the past for tls-everywhere except we're not using novajoin.

Change-Id: I770227b2f4f1ea447cf0138f57a6ed66c034d225
2020-06-09 15:49:50 -05:00
Emilien Macchi
4f198c32cb Remove some deprecated services
- Docker isn't supported anymore.
- Clients are now installed by Ansible, not Puppet
- Neutron SRIOV host isn't supported and operators should deploy with
  sriov_pf network object in nic configs.
- firewall is now managed by Ansible, not Puppet

Change-Id: I2b6068a719563a53bc255dcce72a92465e7df468
2020-06-04 09:16:04 -04:00
rajinir
57652b8efe Support for Dell EMC VXFlexOS Backend
Adding support for VXFlexOS Volume Backend

Change-Id: I9e8e3b4395c25a0458d28b15666768152736c752
Closes-Bug: 1875176
2020-05-29 10:50:31 -05:00
Zuul
b328baf72b Merge "Support for Xtremio Cinder Backend" 2020-05-13 04:32:36 +00:00
Takashi Kajinami
8213618f33 Remove support for Neutron FUJITSU plugin
It seems that netwokring-fujitsu is no longer maintained[1], and it's
not compatible with Python 3.6 which currently all OpenStack services
require.

[1] https://opendev.org/x/networking-fujitsu

Change-Id: Iae639864cce8e3add635944f157ecde074312e74
2020-05-08 00:09:58 +00:00
rajinir
ddd2385e00 Support for SC Cinder Backend
Updating the SC cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
CinderScBackendName supports a list of backend names
and a new CindeScMultiConfig parameter provides
a way to specify parameter values for each backend.
For example see file environments/cinder-dellemc-sc-config.yaml

Depends-On: https://review.opendev.org/#/c/722538/
Change-Id: I6e5f3753fe167c7fbc75c3d382c88c09c247c7b3
2020-05-01 10:33:32 -05:00
rajinir
c53e9568e1 Support for Xtremio Cinder Backend
Updating the Xtremio cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.

Depends-On: https://review.opendev.org/#/c/723020/
Change-Id: I2ba45aaa584c6fdcfb59cf6aed1b72dc8815f91f
2020-05-01 10:22:12 -05:00
Zuul
d801b0e002 Merge "Support for PowerMax Cinder Backend" 2020-04-18 04:48:28 +00:00
Takashi Kajinami
e32a8261c8 Disable Redis by default again
This patch partially reverts change by [1], and disables Redis by
default because Telemetry services, which requires Redis, are now
disabled by default.

[1] b0e7008196

Change-Id: I4a294a047e3067f7850ec37652b6229e3dbb3335
2020-04-13 12:53:27 +09:00
Michele Baldessari
b0e7008196 standalone/overcloud: enable the HA deployment by default
With the HA NG work having landed, the impact of pacemaker
is reduced and only very few core services are being managed
by pacemaker. Since the HA deployments work just fine
with a single node, it makes little sense to use the non-ha
deployment as default any longer (Also because downstream
we do the default to the HA deployment by default and this
keeps confusing users).

This patch does the following :

* Remove Keepalived services from all CI scenarios running it.
* Make sure all HA services deployed in CI run with Pacemaker.
* Remove non HA containers so Pacemaker can
  bootstrap the new containers safely.
* Before removing mysql container, create the clustercheck user and
  grant correct permissions to avoid bootstrap issues later when galera
  is spawned.
* Disable HA on the minor update job, it seems to not working fine if
  only one controller is deployed.

Depends-On: https://review.opendev.org/#/c/718759
Change-Id: I0f61016df6a9f07971c5eab51cc9674a1458c66f
2020-04-09 21:27:02 +00:00
rajinir
6c234a73ba Support for PowerMax Cinder Backend
PowerMax config options have changed since Newton.
Updating them to the latest and support both iSCSI
and FC drivers.

CinderPowermaxBackend is also enhanceded to support
multiple backends. CinderPowermaxBackendName supports a
list of backend names and a new CinderPowermaxMultiConfig
parameter provides a way to specify parameter values for
each backend. For example see file
environments/cinder-dellemc-powermax-config.yaml

Depends-On: https://review.opendev.org/#/c/712184
Change-Id: I4429ed2d45661ea82ae38a7050abb2b229953c9c
2020-04-08 16:17:41 -05:00
Takashi Kajinami
336e9d39a9 Remove Dell EMC PS Series Driver support
... because it it not supported in anymore, and puppet-cinder
implementation was already removed in [1]

[1] 7083e88a699233930b0de413394ae95cab649462

Depends-on: https://review.opendev.org/#/c/716027/
Depends-on: https://review.opendev.org/#/c/717144/
Change-Id: I8b7af40a4dfba297821a7aae6edf5938c43034a1
2020-04-04 09:24:37 +09:00
Rabi Mishra
6ff119ddac Revert "Stop using swift temp url for config transport"
This switch seems to be creating issues with upgrades, where a number of
software deployments are deleted concurrently while updating the config
transport for the server. Switching the config transport does not work
with convergence heat and should be fixed in heat. We can revert this
now, as we still use swift for other stuff in the undercloud. Can be
changed once the issue is fixed in heat.

It also reverts the following dependant commit.

Revert "Cleanup SoftwareConfigTransport"

This reverts commit (1821c01846 and
3ea9dd4040)

Closes-Bug: #1869335
Change-Id: I835c8be3eecce91f8a370d036bf1085bc445e01d
2020-03-30 03:05:59 +00:00
Bogdan Dobrelya
341ec7b9cc Drop unused remnants of the hosts-config bits
Hosts entries are used to be configured via tripleo_ansible's
tripleo_hosts_entries.

Ifd4bc4ce5618587c341ecbf37f82777ae6fc2f4a removed the use
of WRITE_HOSTS, which currently makes hosts-config.yaml "headless" and
taking no real data for the hosts-config.sh template that generates
outputs for OS::TripleO::Hosts::SoftwareConfig.

Also I606e0f27f9f9ae9d85bc0fc653f8985eb734d004 removed the use of
HOST_ENTRY, which makes the hosts-config.sh taking an empty value for
it.

Probably that all makes it safe now to remove any use of
hosts-config.sh and hosts-config.yaml and corresponding
OS::TripleO::Hosts::SoftwareConfig completely.

Change-Id: Id04767ae0c32caf62271cf564608350974fefd1b
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2020-03-24 10:41:35 +01:00
Emilien Macchi
ac2711c72b Switch to Podman by default
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
  environment might be renamed at some point to, container-ha.yaml. But
  for backward compatibility we still use it now.
  Also switch EnablePaunch to false since we were waiting for the podman
  switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
  by default.

This patch will only work for centos8/rhel8 based deployments.

Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af
2020-03-18 09:27:36 -04:00