This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.
Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249
We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.
Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>
Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
With this new switch we can opt-out enforcement of the subscription
check for some composed role. This is mainly useful for composed Ceph
which have different constraint than other Openstack roles.
Closes-Bug: #1912512
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/771671
Change-Id: I46529ccab6c197da4885950282eb6731e28573d6
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.
Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.
Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.
Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.
[1] f1d9b15c85fd1ed2250d40cea8184a18f458234f
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
Role names can be customized, yet in THT jinja2 we
have several places where conditions are based on
the role name. By using tag's such as 'storage',
'ceph' and 'ovsdpdk' we the role names become truly
customizable.
The depends-on change in TripleO common will
dynamically add tag's to role's based on role.name
for backward compatibility during deprecation
period.
Depends-On: https://review.opendev.org/758124
Change-Id: I5ab4e4a220294245f95d328391bfffec87781a09
OVN is used by default, which includes DVR and requires a Neutron
external network bridge on the Compute nodes. This change adds the
tag 'external_bridge' to the Controller roles and modifies the
overcloud-resource-registry-puppet.j2.yaml file to set the default
NIC configuration to net-config-bridge.yaml when this tag is set.
This will cause both Controller and Compute nodes to have an
external bridge by default if no specific NIC configuration files
are specified for both roles since the 'external_bridge' tag is set
in roles_data.yaml.
This change also stops using net-config-bridge.yaml when the role
includes the 'controller' tag, since the 'external_bridge' tag is
used instead. A release note explains the change.
Closes-bug: 1890337
Change-Id: I69c32d33a516c629303e87c8e9a0e4b8fe58c669
VxFlex OS driver is rebranded to PowerFlex.
This patch adds support for PowerFlex.
Will deprecate the VxFlexOS template in
a new patch.
Depends-On: https://review.opendev.org/#/c/743852/
Change-Id: I94310bf84a0af7a735bd6e1c0038686b0d0abfc8
It seems that netwokring-fujitsu is no longer maintained[1], and it's
not compatible with Python 3.6 which currently all OpenStack services
require.
[1] https://opendev.org/x/networking-fujitsu
Change-Id: Iae639864cce8e3add635944f157ecde074312e74
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.
Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.
Keepalived is now deprecated and will be removed in the next cycle.
blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
Updating the SC cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
CinderScBackendName supports a list of backend names
and a new CindeScMultiConfig parameter provides
a way to specify parameter values for each backend.
For example see file environments/cinder-dellemc-sc-config.yaml
Depends-On: https://review.opendev.org/#/c/722538/
Change-Id: I6e5f3753fe167c7fbc75c3d382c88c09c247c7b3
Updating the Xtremio cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
Depends-On: https://review.opendev.org/#/c/723020/
Change-Id: I2ba45aaa584c6fdcfb59cf6aed1b72dc8815f91f
PowerMax config options have changed since Newton.
Updating them to the latest and support both iSCSI
and FC drivers.
CinderPowermaxBackend is also enhanceded to support
multiple backends. CinderPowermaxBackendName supports a
list of backend names and a new CinderPowermaxMultiConfig
parameter provides a way to specify parameter values for
each backend. For example see file
environments/cinder-dellemc-powermax-config.yaml
Depends-On: https://review.opendev.org/#/c/712184
Change-Id: I4429ed2d45661ea82ae38a7050abb2b229953c9c
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
environment might be renamed at some point to, container-ha.yaml. But
for backward compatibility we still use it now.
Also switch EnablePaunch to false since we were waiting for the podman
switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
by default.
This patch will only work for centos8/rhel8 based deployments.
Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af
We're dropping this as it has no testing and is not currentily available
for CentOS 8.
Change-Id: I408490346840d5a2e3ae29f53cbc100edcf72ee7
Depends-On: https://review.opendev.org/#/c/712517/
The NovaAZConfig service is added to all the compute related roles
of the box so that the nodes are automatically in a new AZ when the
service is enabled.
By default, the service is mapped to OS::Heat::None so no change in
default behavior is made.
Change-Id: If1e4e149100dccfe76ccd807997a611d0fc8841f
- configures Neutron agents (dhcp,l3) to include multi interface configurations
- configures Neutron ML2 to bind normal ports
Depends-On: I79a9bf7c07ca7c60e982a30b23308576daffc017
Change-Id: I212c0f4ae639023bdb75ced6a82a3a4aacf9d0f9
Sensu client has been deprecated and it's functionality substituted
by collectd-sensubility. This patch removes sensu-client composable
service
Change-Id: I4be68eb7319b2c92cc7d0fc9df7a5c87dfb5106c
The Tacker service has been incomplete since Queens. They restructured
the services and TripleO has never implemented code to handle this new
structure. Since it's been disabled since Queens and there is currently
no plans to fix it, let's remove the service code.
Change-Id: I2856e894b58d50c2d3484ccd02bfb1d43625847f
Depends-On: https://review.opendev.org/#/c/682457/
Related-Bug: #1714270
This patch removes fluentd composable service in favor of rsyslog composable service
and modifies *LoggingSource configuration accordingly.
Change-Id: I1e12470b4eea86d8b7a971875d28a2a5e50d5e07
This patch adds rsyslogd composable service with the same behaviour
the fluentd composable service currently has.
Co-Authored-By: Juan Badia Payno <jbadiapa@redhat.com>
Change-Id: I18e349c450a42dc7e9867d200e777a324e2d12bc
This review introduces the CephDashboard service
to allow operators to deploy the new ceph dashboard
along with the other ceph components.
According to the spec we can add the environment
file to reference the template that contains all the
parameters needed to deploy the ceph-dashboard via
ceph-ansible related roles.
Implements: blueprint ceph-dashboard
Change-Id: I1d31cd99823686986cdbd3ac1df184e9457a361e
This is part 1 of a series of patches to properly deploy multipathd.
This patch makes Multipathd an optional TripleO service (defaults to
OS::Heat::None), and binds it to every role that might use the service.
This is essentially any role that accesses cinder volumes. Previously,
the service was not optional, but was not bound to any roles and so it
was never deployed.
Partial-Bug: #1834042
Change-Id: I3bc7d8557f758103c35533a59e06e36cd15f98b9
By introducing update_serial variable we parallelize update
execution on non-pacemaker enabled nodes. Custom role data users
need to update their role files. By default we do serial 1 making
sure nothing changes for users who didn't update their role data.
Resolves: rhbz#1652057
Closes-Bug: #1831617
Change-Id: I4ee0110a6c2b9466d81e37e5df27f5f81a6eceb5
For ovn compute nodes we need br-ex exactly like with
ComputeDVR role. Now we can do this in jinja templates
using new tag external_bridge
Change-Id: If44e9cbad714ce3954928407c42a8dc2473fed2e
Closes-Bug: #1822367
The project has been retired and there will be no Train release [1].
This patch removes Neutron LBaaS support in tripleo-heat-templates.
[1] https://review.opendev.org/#/c/658494/
Closes-Bug: #1831618
Change-Id: If13bbcdea82045d816485412f252c9b52bcf45a7
We need to ensure the openstack clients are installed on controllers for
the deployed server case. This should be handled by the overcloud images
themselves, however if the images are not used we should make sure the
clients get installed with our OpenstackClients service.
Change-Id: If7fad9f24c7294c2d749fc3838b1fb71182930fc
Related-Bug: #1829769
As of Rocky [1], the nova-consoleauth service has been deprecated and
cell databases are used for storing token authorizations. All new consoles
will be supported by the database backend and existing consoles will be
reset. Console proxies must be run per cell because the new console token
authorizations are stored in cell databases.
nova-consoleauth was deprecated in tripleo with:
I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f
This change now removes the NovaConsoleauth Service.
[1] https://docs.openstack.org/releasenotes/nova/rocky.html
Closes-Bug: #1828414
Change-Id: Icdfbf26b5e83cc07a560eb227a0cf822e4c5a1e3
This change introduces an optional extracted version of the Placement
service into TripleO. This extracted version will only be required once
the Placement service is fully removed from Nova during the T cycle
(previously S but delayed) at which point the corresponding
NovaPlacement service will also be removed from TripleO.
The majority of this change is code motion between the original
NovaPlacement service and the new PlacementAPI service.
Upgrades from the original NovaPlacement service to the extracted
PlacementAPI service are not currently supported by this change and will
be worked on independently during the Train cycle.
Co-authored-by: mschuppert@redhat.com
Depends-On: https://review.openstack.org/#/c/624335/
Change-Id: I9e3287bcbe9d317f32bf6b468c6ee17f04b6fff9
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.
Let's remove its support in TripleO, to reduce the codebase.
Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa