443 Commits

Author SHA1 Message Date
Brent Eagles
56b8ec4e18 Designate: split bind instance into separate template
There isn't a 1:1 correlation between the designate worker and bind
instances nor is it always desirable to run them on the same host.

Depends-On: If97e16a125537c1b5d9f5cfac1de0ffae0edb99a
Change-Id: I624299476a2911f12b1f5ce01964e5d926c6b38e
2021-03-22 15:55:00 -02:30
Michael Johnson
773fccb7c1 Add the Unbound DNS resolver service
This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.

Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
2021-03-18 17:12:35 +00:00
Michele Baldessari
97016b2012 Add FRR service
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249

We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.

Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>

Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
2021-03-13 18:25:42 +00:00
Grzegorz Grasza
e329ca915e Generate certificates using ansible role
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.

Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
2021-03-10 16:28:22 +01:00
Zuul
525d2278c3 Merge "Add a new role parameter rhsm_enforce." 2021-02-03 16:23:27 +00:00
Zuul
bc97f695a1 Merge "Use Ceph-NFS for Manila in scenario004" 2021-01-27 00:20:41 +00:00
Sofer Athlan-Guyot
f87652dfe0 Add a new role parameter rhsm_enforce.
With this new switch we can opt-out enforcement of the subscription
check for some composed role. This is mainly useful for composed Ceph
which have different constraint than other Openstack roles.

Closes-Bug: #1912512
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/771671

Change-Id: I46529ccab6c197da4885950282eb6731e28573d6
2021-01-22 14:03:53 +00:00
Zuul
1bfbc7169b Merge "Adding an optional startup delay to nova-compute" 2021-01-12 06:02:42 +00:00
Tom Barron
63c5a94f83 Use Ceph-NFS for Manila in scenario004
CephFS gatewayed by NFS is more generally suitable for multi-tenant
OpenStack deployments than native CephFS since the latter requires
that VMs belonging to regular members of Keystone projects be exposed
to the Ceph infrastructure and run client software with capabilities
that are not appropriate for untrusted cloud tenants.

Depends-on: https://review.opendev.org/c/openstack/puppet-tripleo/+/769906
Depends-on: https://review.opendev.org/c/openstack/tripleo-ci/+/770049

Change-Id: I269607d43f45f65efcbce33dd776e7eb4f475311
2021-01-11 16:00:08 +00:00
Francesco Pantano
79686663e8 Configure Ceph clients via tripleo-ceph-client (not ceph-ansible)
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.

Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.

Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.

Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
2021-01-04 15:16:11 +00:00
David Vallee Delisle
6eb72aa769 Adding an optional startup delay to nova-compute
We need an optional delay on nova-compute when it's waiting for ceph to
be healthy. This commit is adding a wrapper that will be deployed when
necessary.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1498621

Change-Id: Ie7ad2d835c1762dc4b9341e305e6a428cb087935
2020-12-18 08:52:47 -05:00
Alan Bishop
2d60799c49 Define a new CinderVolumeEdge service
CinderVolumeEdge is an optional service (defaults to OS::Heat::None)
that can be enabled on DCN/Edge nodes for edge sites that support
persistent block storage (i.e. cinder). The dcn-hci.yaml environment
file enables the service.

The new service supports the following edge deployment models:
1. Edge site with no block storage
   - Deploy DistributedCompute nodes
   - Use dcn.yaml environment file (the CinderVolumeEdge service
     remains disabled)
2. Edge site with traditional HCI storage
   - Deploy DistributedComputeHCI nodes
   - Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
   - Use ceph-ansible.yaml env file to deploy ceph for the RBD backend
3. Edge site with quasi-hyperconverged storage
   - Deploy DistributedCompute nodes
   - Use dcn-hci.yaml env file to enable the CinderVolumeEdge service
   - Use ceph-ansible-external.yaml env file so the RBD backend can
     access an external ceph cluster

This patch adds support for number 3, which is a new capability. Whereas
traditional HCI means ceph and cinder services run on compute nodes, the
new model is still quasi-hyperconverged because cinder (as well as
glance) runs on the compute nodes.

Change-Id: I56b5792c1d53bb8659e440f598006e471894ff2e
2020-12-08 06:17:02 -08:00
Zuul
af888d3997 Merge "Adding Ceph Dashboard to the Edge roles" 2020-12-03 11:58:26 +00:00
Oliver Walsh
629485dde5 Move cell_v2 discovery off compute hosts
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).

This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.

Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.

Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
2020-11-18 12:21:59 +00:00
Francesco Pantano
0b41751786
Adding Ceph Dashboard to the Edge roles
This change adds the CephGrafana Service for the
Edge roles.
Also, a new DistributedComputeHCIDashboard is
introduced: the purpose of this role is to support
the StorageDashboard network on the edge site when
that network is defined and used in central site.

Change-Id: I973e1364e5f3d0e03658acdd37e316a59504825e
2020-11-12 13:55:39 +01:00
Zuul
0519978254 Merge "Remove Sahara support" 2020-11-06 03:12:06 +00:00
Takashi Kajinami
4a7d56947a Remove Sahara support
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.

[1] f1d9b15c85fd1ed2250d40cea8184a18f458234f
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
2020-10-19 09:39:36 +09:00
Harald Jensås
ff4d1fbb66 Use tags instead of role names
Role names can be customized, yet in THT jinja2 we
have several places where conditions are based on
the role name. By using tag's such as 'storage',
'ceph' and 'ovsdpdk' we the role names become truly
customizable.

The depends-on change in TripleO common will
dynamically add tag's to role's based on role.name
for backward compatibility during deprecation
period.

Depends-On: https://review.opendev.org/758124
Change-Id: I5ab4e4a220294245f95d328391bfffec87781a09
2020-10-15 12:57:40 +05:30
Harald Jensås
34fae762aa Concatenate host_routes and default route in overcloud.yaml
Previoously the default route was concatenated with the
host_routes in the NetworkConfig. This change moves that
concatenation to overcloud.yaml.

GroupVars {{network.name_lower}}_host_routes and
ctlplane_host_routes will have the default route appended
based on role.default_route_networks setting.

For heat base NetworkConfig the parameters
ControlPlaneStaticRoutes and {{network.name}}InterfaceRoutes
will have the default route appropriately appended.

Doing the concatenation in overcloud.yaml enable simplified
user-facing NetworkConfig templates.

For standalone and undercloud define the default_route_networks
with an empty list. Cannot leave it undefined as this will
default the default route to the ctlplane's gateway. Undercloud
and Standalone uses the management interface as the gateway by
default, so we should not set a default gateway for these roles.

Change-Id: I3a35c4b46536fa2916d9fa387278077884adaf68
2020-10-04 12:28:22 +02:00
Zuul
6ec975c113 Merge "Add ability to manage irqbalance on compute per role" 2020-10-02 05:38:55 +00:00
Zuul
5540877689 Merge "Deprecate novajoin" 2020-10-01 18:14:49 +00:00
Rajesh Tailor
932aecf33c Add ability to manage irqbalance on compute per role
Adds functionality whether to enable/disable irqbalance on compute
nodes.
Based on tuning recommendation for compute realtime nodes irqbalance
should be stopped and disabled. And tuned will be responsible for
managing IRQ balancing instead of irqbalance.

Change-Id: Ibefb8e472c68901a74d76769b5314bef81fd5b15
2020-09-30 18:32:42 +05:30
Ade Lee
bf910512c3 Deprecate novajoin
Deprecate the services related to novajoin.

Depends-On: https://review.opendev.org/#/c/753856/
Change-Id: I7803cccc4b4bf8c7cc201372ec91f9254cef7eb3
2020-09-30 01:23:38 -04:00
Emilien Macchi
518bb26730 Implement a Minimal role
Add a new role, called "Minimal", which has the strict minimum services
that need to run on a host.
This can be used as a reference when creating custom roles with custom
services (e.g. third party).

Change-Id: I6484d97d0f044de153404516bce0ea7fc2a5f0e1
2020-09-24 16:25:24 -04:00
Zuul
d08d828290 Merge "Create external bridge on Compute nodes by default for OVN with DVR" 2020-09-05 06:29:12 +00:00
Zuul
8781e771ec Merge "Remove Etcd from DCN roles that don't need it" 2020-09-01 14:58:45 +00:00
Alan Bishop
500ba04798 Remove Etcd from DCN roles that don't need it
Remove the Etcd service from DCN roles that do not need it. Etcd is
only required by the cinder-volume service in order to run in active/
active mode. Roles that do not host the cinder-volume service do not
need Etcd.

Change-Id: Ia24eed019ba973aad0e8f5b7fc0d53c1ee4149e8
2020-08-31 07:17:20 -07:00
Zuul
dbed8e47cb Merge "Remove remaining Skydive references" 2020-08-28 17:35:34 +00:00
Dan Sneddon
bc5b6133f1 Create external bridge on Compute nodes by default for OVN with DVR
OVN is used by default, which includes DVR and requires a Neutron
external network bridge on the Compute nodes. This change adds the
tag 'external_bridge' to the Controller roles and modifies the
overcloud-resource-registry-puppet.j2.yaml file to set the default
NIC configuration to net-config-bridge.yaml when this tag is set.
This will cause both Controller and Compute nodes to have an
external bridge by default if no specific NIC configuration files
are specified for both roles since the 'external_bridge' tag is set
in roles_data.yaml.

This change also stops using net-config-bridge.yaml when the role
includes the 'controller' tag, since the 'external_bridge' tag is
used instead. A release note explains the change.

Closes-bug: 1890337
Change-Id: I69c32d33a516c629303e87c8e9a0e4b8fe58c669
2020-08-19 17:07:20 -07:00
Lewis Denny
2e76336c41 Remove remaining Skydive references
Support has been dropped for skyzone but these two
files remained. I think these were missed from
https://review.opendev.org/#/c/712783/

Change-Id: Idcd6485f24e70c965ebd60569a2d6cc06a1037d9
2020-08-07 23:03:10 +10:00
rajinir
08415cb54d Support for PowerFlex Cinder Backend
VxFlex OS driver is rebranded to PowerFlex.
This patch adds support for PowerFlex.
Will deprecate the VxFlexOS template in
a new patch.

Depends-On: https://review.opendev.org/#/c/743852/
Change-Id: I94310bf84a0af7a735bd6e1c0038686b0d0abfc8
2020-07-31 15:57:10 -05:00
rajinir
56e2702f4a Support for PowerStore Cinder Backend
Adding support for PowerStore Volume Backend Driver

Depends-On: https://review.opendev.org/#/c/743627/
Change-Id: Idc36f3241b3ebed71722c6a89459c230beea4542
2020-07-29 16:52:08 -05:00
Alan Bishop
5080e45fd2 Add BarbicanClient service for configuring edge sites
A new BarbicanClient tripleo service provides a means of configuring
the barbican Key Manager settings for cinder, glance and nova services
running at an edge site. This is necessary because the BarbicanApi
tripleo service is only capable of configuring the Key Manager settings
for services running in the control plane.

For cinder, the BarbicanClient ensures the KeyManager settings are
available to the cinder-volume and cinder-backup services. This is
necessary because the Key Manager setttings are traditionally associated
with the cinder-api service, but cinder-api is not deployed at the edge.

Closes-Bug: #1886070
Change-Id: I17d6c3a3af5b192b77d264ff3e94e64ef6064c77
2020-07-10 06:35:11 -07:00
Zuul
9f5bee1bff Merge "Remove support for Neutron FUJITSU plugin" 2020-06-18 10:28:56 +00:00
Zuul
6ddde97184 Merge "Add composible service for tls enrollment" 2020-06-11 00:48:37 +00:00
Zuul
3316c09992 Merge "Support for Dell EMC VXFlexOS Backend" 2020-06-10 16:50:44 +00:00
Dave Wilde (d34dh0r53)
0e99ceda4b Add composible service for tls enrollment
This commit attempts to build out a composible service that enrolls the
undercloud as a FreeIPA host using an OTP. This is similar to what we've
done in the past for tls-everywhere except we're not using novajoin.

Change-Id: I770227b2f4f1ea447cf0138f57a6ed66c034d225
2020-06-09 15:49:50 -05:00
Emilien Macchi
4f198c32cb Remove some deprecated services
- Docker isn't supported anymore.
- Clients are now installed by Ansible, not Puppet
- Neutron SRIOV host isn't supported and operators should deploy with
  sriov_pf network object in nic configs.
- firewall is now managed by Ansible, not Puppet

Change-Id: I2b6068a719563a53bc255dcce72a92465e7df468
2020-06-04 09:16:04 -04:00
rajinir
57652b8efe Support for Dell EMC VXFlexOS Backend
Adding support for VXFlexOS Volume Backend

Change-Id: I9e8e3b4395c25a0458d28b15666768152736c752
Closes-Bug: 1875176
2020-05-29 10:50:31 -05:00
Zuul
b328baf72b Merge "Support for Xtremio Cinder Backend" 2020-05-13 04:32:36 +00:00
Zuul
a44b659bcf Merge "Deprecate Keepalived service" 2020-05-08 03:46:43 +00:00
Takashi Kajinami
8213618f33 Remove support for Neutron FUJITSU plugin
It seems that netwokring-fujitsu is no longer maintained[1], and it's
not compatible with Python 3.6 which currently all OpenStack services
require.

[1] https://opendev.org/x/networking-fujitsu

Change-Id: Iae639864cce8e3add635944f157ecde074312e74
2020-05-08 00:09:58 +00:00
Emilien Macchi
c712355e4b Deprecate Keepalived service
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.

Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.

Keepalived is now deprecated and will be removed in the next cycle.

blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
2020-05-05 10:16:52 -04:00
rajinir
ddd2385e00 Support for SC Cinder Backend
Updating the SC cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.
CinderScBackendName supports a list of backend names
and a new CindeScMultiConfig parameter provides
a way to specify parameter values for each backend.
For example see file environments/cinder-dellemc-sc-config.yaml

Depends-On: https://review.opendev.org/#/c/722538/
Change-Id: I6e5f3753fe167c7fbc75c3d382c88c09c247c7b3
2020-05-01 10:33:32 -05:00
rajinir
c53e9568e1 Support for Xtremio Cinder Backend
Updating the Xtremio cinder backend to support both iSCSI
and FC drivers. It is also enhanceded to support
multiple backends.

Depends-On: https://review.opendev.org/#/c/723020/
Change-Id: I2ba45aaa584c6fdcfb59cf6aed1b72dc8815f91f
2020-05-01 10:22:12 -05:00
Zuul
d801b0e002 Merge "Support for PowerMax Cinder Backend" 2020-04-18 04:48:28 +00:00
Zuul
1359df37a0 Merge "Remove Dell EMC PS Series Driver support" 2020-04-09 15:11:16 +00:00
rajinir
6c234a73ba Support for PowerMax Cinder Backend
PowerMax config options have changed since Newton.
Updating them to the latest and support both iSCSI
and FC drivers.

CinderPowermaxBackend is also enhanceded to support
multiple backends. CinderPowermaxBackendName supports a
list of backend names and a new CinderPowermaxMultiConfig
parameter provides a way to specify parameter values for
each backend. For example see file
environments/cinder-dellemc-powermax-config.yaml

Depends-On: https://review.opendev.org/#/c/712184
Change-Id: I4429ed2d45661ea82ae38a7050abb2b229953c9c
2020-04-08 16:17:41 -05:00
Zuul
66ad34d5d6 Merge "[OVN] SRIOV with native OVN DHCP server" 2020-04-08 19:30:00 +00:00
Takashi Kajinami
336e9d39a9 Remove Dell EMC PS Series Driver support
... because it it not supported in anymore, and puppet-cinder
implementation was already removed in [1]

[1] 7083e88a699233930b0de413394ae95cab649462

Depends-on: https://review.opendev.org/#/c/716027/
Depends-on: https://review.opendev.org/#/c/717144/
Change-Id: I8b7af40a4dfba297821a7aae6edf5938c43034a1
2020-04-04 09:24:37 +09:00