This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.
Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249
We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.
Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>
Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
There are instances users use ``NetworkDeploymentActions`` to
do network configuration during update, but just drop the
parameter for subsequent updates. This sometimes results in
network configuration changes in existing nodes and disruptions.
Let's always set them to defaults unless overridden explicitly.
Change-Id: Ibe7925e4ee568d3d45e138d543b6d7064a8503a3
Related: https://bugzilla.redhat.com/1928055
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
This change restores the PreNetworkConfig resources, so that we migrate
back ExtraCnfigPre and NodeExtraConfig from pre network configurations
to post network configurations, to be consistent with older version
depending on Heat software deployments instead of config download.
Depends-on: https://review.opendev.org/772303
Closes-Bug: #1907214
Change-Id: I96e7e4c570839cfba6011788464d8e93925b2f01
Change it to POLL_SERVER_HEAT (Attempt 2, Earlier attempt had
issues when changing this as simultaneously deleting a bunch
of SoftwareDeployment resources). This is required to remove
swift from undercloud.
Change-Id: I639f5626013cd0ef61c1f9066fab7a7b8806287f
CinderVolumeEdge is an optional service (defaults to OS::Heat::None)
that can be enabled on DCN/Edge nodes for edge sites that support
persistent block storage (i.e. cinder). The dcn-hci.yaml environment
file enables the service.
The new service supports the following edge deployment models:
1. Edge site with no block storage
- Deploy DistributedCompute nodes
- Use dcn.yaml environment file (the CinderVolumeEdge service
remains disabled)
2. Edge site with traditional HCI storage
- Deploy DistributedComputeHCI nodes
- Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
- Use ceph-ansible.yaml env file to deploy ceph for the RBD backend
3. Edge site with quasi-hyperconverged storage
- Deploy DistributedCompute nodes
- Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
- Use ceph-ansible-external.yaml env file so the RBD backend can
access an external ceph cluster
This patch adds support for number 3, which is a new capability. Whereas
traditional HCI means ceph and cinder services run on compute nodes, the
new model is still quasi-hyperconverged because cinder (as well as
glance) runs on the compute nodes.
Change-Id: I56b5792c1d53bb8659e440f598006e471894ff2e
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
Rename Tripleo Service for NeutronMl2PluginBase from
OS::TripleO::Docker::NeutronMl2PluginBase to match with other services
as OS::TripleO::Services::NeutronMl2PluginBase.
Change-Id: I38d2fb5e9f0daba4c519343e88cd51e07dd00300
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.
[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
This replaces net-config-noop.yaml mappings to OS::Heat::None.
Also removes all unnecessary setting of it in environments as
we map them in overcloud-resource-registry-puppet.j2.yaml.
Normally that should be enough but we override them in so many
places, so there will be some redundancy.
Depends-On: https://review.opendev.org/755275
Change-Id: Ib4d07c835568cb3072770f81a082b5a5e1c790ea
The old all nodes validation used a bash script to run some basic ping
tests after the network setup. It used to be a software config but
eventually got baked into the deployment framework. This patch switches
to the ansible role implementation and cleans up the old references to
the old heat resource.
Change-Id: Ia7f055d2c636f950c3fe6d8611834c4ab290f31a
Depends-On: https://review.opendev.org/#/c/747466/
A network used to allocate MAC addresses for OVN chassis.
Ports without and IP allocation will be created on this
network, the MAC addresses of the ports will by used to
configure the ovn-chassis-mac-mappings.
NOTE, we may want to change the 'base_mac' option of the
undercloud, so that we don't have collissions with the
overcloud 'base_mac'.
Related-Bug: #1881593
Change-Id: If495b5d5c1e6beff02b48507051cccfb70fd995c
OVN is used by default, which includes DVR and requires a Neutron
external network bridge on the Compute nodes. This change adds the
tag 'external_bridge' to the Controller roles and modifies the
overcloud-resource-registry-puppet.j2.yaml file to set the default
NIC configuration to net-config-bridge.yaml when this tag is set.
This will cause both Controller and Compute nodes to have an
external bridge by default if no specific NIC configuration files
are specified for both roles since the 'external_bridge' tag is set
in roles_data.yaml.
This change also stops using net-config-bridge.yaml when the role
includes the 'controller' tag, since the 'external_bridge' tag is
used instead. A release note explains the change.
Closes-bug: 1890337
Change-Id: I69c32d33a516c629303e87c8e9a0e4b8fe58c669
This change updates the baremetal host sshd management to use ansible
instead of puppet. It should still be noted that the nova-migration
container still uses puppet to manage sshd.
Change-Id: Iedd149c123d807dee229160f8e9f1b17bf379368
Depends-On: https://review.opendev.org/#/c/742970/
VxFlex OS driver is rebranded to PowerFlex.
This patch adds support for PowerFlex.
Will deprecate the VxFlexOS template in
a new patch.
Depends-On: https://review.opendev.org/#/c/743852/
Change-Id: I94310bf84a0af7a735bd6e1c0038686b0d0abfc8
A new BarbicanClient tripleo service provides a means of configuring
the barbican Key Manager settings for cinder, glance and nova services
running at an edge site. This is necessary because the BarbicanApi
tripleo service is only capable of configuring the Key Manager settings
for services running in the control plane.
For cinder, the BarbicanClient ensures the KeyManager settings are
available to the cinder-volume and cinder-backup services. This is
necessary because the Key Manager setttings are traditionally associated
with the cinder-api service, but cinder-api is not deployed at the edge.
Closes-Bug: #1886070
Change-Id: I17d6c3a3af5b192b77d264ff3e94e64ef6064c77
The BlockStorageCinderVolume tripleo service (used by the BlockStorage
and DistributedComputeHCI roles) is meant to deploy the cinder-volume
service without pacemaker. Unfortunately, [1] inadvertently switched
it to the pcmk version of the template, and this patch moves it back.
[1] I0f61016df6a9f07971c5eab51cc9674a1458c66f
Closes-Bug: #1886095
Change-Id: I182f8c5a8ce283b675aa18712e84fcd692200eb1
This commit attempts to build out a composible service that enrolls the
undercloud as a FreeIPA host using an OTP. This is similar to what we've
done in the past for tls-everywhere except we're not using novajoin.
Change-Id: I770227b2f4f1ea447cf0138f57a6ed66c034d225
- Docker isn't supported anymore.
- Clients are now installed by Ansible, not Puppet
- Neutron SRIOV host isn't supported and operators should deploy with
sriov_pf network object in nic configs.
- firewall is now managed by Ansible, not Puppet
Change-Id: I2b6068a719563a53bc255dcce72a92465e7df468
It seems that netwokring-fujitsu is no longer maintained[1], and it's
not compatible with Python 3.6 which currently all OpenStack services
require.
[1] https://opendev.org/x/networking-fujitsu
Change-Id: Iae639864cce8e3add635944f157ecde074312e74
Updating the SC cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
CinderScBackendName supports a list of backend names
and a new CindeScMultiConfig parameter provides
a way to specify parameter values for each backend.
For example see file environments/cinder-dellemc-sc-config.yaml
Depends-On: https://review.opendev.org/#/c/722538/
Change-Id: I6e5f3753fe167c7fbc75c3d382c88c09c247c7b3
Updating the Xtremio cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
Depends-On: https://review.opendev.org/#/c/723020/
Change-Id: I2ba45aaa584c6fdcfb59cf6aed1b72dc8815f91f
This patch partially reverts change by [1], and disables Redis by
default because Telemetry services, which requires Redis, are now
disabled by default.
[1] b0e7008196
Change-Id: I4a294a047e3067f7850ec37652b6229e3dbb3335
With the HA NG work having landed, the impact of pacemaker
is reduced and only very few core services are being managed
by pacemaker. Since the HA deployments work just fine
with a single node, it makes little sense to use the non-ha
deployment as default any longer (Also because downstream
we do the default to the HA deployment by default and this
keeps confusing users).
This patch does the following :
* Remove Keepalived services from all CI scenarios running it.
* Make sure all HA services deployed in CI run with Pacemaker.
* Remove non HA containers so Pacemaker can
bootstrap the new containers safely.
* Before removing mysql container, create the clustercheck user and
grant correct permissions to avoid bootstrap issues later when galera
is spawned.
* Disable HA on the minor update job, it seems to not working fine if
only one controller is deployed.
Depends-On: https://review.opendev.org/#/c/718759
Change-Id: I0f61016df6a9f07971c5eab51cc9674a1458c66f
PowerMax config options have changed since Newton.
Updating them to the latest and support both iSCSI
and FC drivers.
CinderPowermaxBackend is also enhanceded to support
multiple backends. CinderPowermaxBackendName supports a
list of backend names and a new CinderPowermaxMultiConfig
parameter provides a way to specify parameter values for
each backend. For example see file
environments/cinder-dellemc-powermax-config.yaml
Depends-On: https://review.opendev.org/#/c/712184
Change-Id: I4429ed2d45661ea82ae38a7050abb2b229953c9c
This switch seems to be creating issues with upgrades, where a number of
software deployments are deleted concurrently while updating the config
transport for the server. Switching the config transport does not work
with convergence heat and should be fixed in heat. We can revert this
now, as we still use swift for other stuff in the undercloud. Can be
changed once the issue is fixed in heat.
It also reverts the following dependant commit.
Revert "Cleanup SoftwareConfigTransport"
This reverts commit (1821c01846 and
3ea9dd4040)
Closes-Bug: #1869335
Change-Id: I835c8be3eecce91f8a370d036bf1085bc445e01d
Hosts entries are used to be configured via tripleo_ansible's
tripleo_hosts_entries.
Ifd4bc4ce5618587c341ecbf37f82777ae6fc2f4a removed the use
of WRITE_HOSTS, which currently makes hosts-config.yaml "headless" and
taking no real data for the hosts-config.sh template that generates
outputs for OS::TripleO::Hosts::SoftwareConfig.
Also I606e0f27f9f9ae9d85bc0fc653f8985eb734d004 removed the use of
HOST_ENTRY, which makes the hosts-config.sh taking an empty value for
it.
Probably that all makes it safe now to remove any use of
hosts-config.sh and hosts-config.yaml and corresponding
OS::TripleO::Hosts::SoftwareConfig completely.
Change-Id: Id04767ae0c32caf62271cf564608350974fefd1b
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
environment might be renamed at some point to, container-ha.yaml. But
for backward compatibility we still use it now.
Also switch EnablePaunch to false since we were waiting for the podman
switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
by default.
This patch will only work for centos8/rhel8 based deployments.
Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af