During the overcloud deployment phase, some operations should still be
performed on the provisioned Ceph cluster.
When Ceph is TripleO deployed, cephadm doesn't provide any firewall
configuration (–-skip-firewalld is provided), as well as any HA
configuration for the Ceph Dashboard.
This change introduces a new cephadm/ branch containing all the services
that should be configured in the TripleO context.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Co-Authored-By: John Fulton <fulton@redhat.com>
Depends-On: I35e57abddc64310a6422174fe191bd328588d7cd
Change-Id: Ie9537471924d1d60f7642699e58e734511b91a2b
The conditions should have used map_merge, this simplifies
them a lot, by passing a list to dport key.
Change-Id: I15cb1f3bbc9e1be90265feab5bfed7f28c1cb1f3
Closes-Bug: #1918891
Co-authored-By: yatinkarel <ykarel@redhat.com>
In case when vlan_transparent in Neutron is enabled,
other_config:vlan-limit should be set to value "0" in the openvswitch on
all nodes.
Related-Bug: #1918418
Depends-On: https://review.opendev.org/c/openstack/puppet-vswitch/+/779796
Change-Id: Id6fc08bce5673a41fd9fa5cb27f41c9786f560da
In stack updates adding TLS to Swift would not work because
swift_proxy_tls_proxy is started when the pre-existing
swift_proxy container is still up and listening on the TCP port
which should instead be used by swift_proxy_tls_proxy
This change ensures swift_proxy_tls_proxy and glance_api_tls_proxy
containers are started after the actual swift_proxy and glance_api
containers are started.
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Change-Id: I980dfc54b799c6b1d648489a727a590dd26fa502
Closes-Bug: 1918642
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
Rename listen_addr to listen; drop notls_listen_addr and
notls_listen_port from version 5.0.0, as they never made it
in into puppet-memcached-6.0.0.
Change-Id: I18bda6b9219ab42543f83c46be7763f98e4dfd0e
Signed-off-by: Moiss Guimares de Medeiros <moguimar@redhat.com>
Co-authored-By: Moiss Guimares de Medeiros <moguimar@redhat.com>
Add a new deployed_vip_port template which will replace
the current neutron port templates when vip ports are
managed outside of the heat stack.
Change-Id: Ia1f7e344ccebb2291f1574fdb69c05f00f4c3dc9
Partial-Implements: blueprint network-data-v2-ports
The Ceph OSDs migration from filestore to bluestore should only be
attempted if the cluster is in HEALTH_OK state because during the
process OSDs will be destroyed and recreated.
This change adds a check to poll for the cluster status before the
playbook is triggered.
Change-Id: Ib9c90c4c2e838bed461ac63139b161ab689d28cf
Depends-On: https://review.opendev.org/775669
Closes-Bug: 1915700
When specific roles are deployed with custom images, for example CephStorage with
overcloud-minimal, then the LeappCommandOptions and/or the list of packages to
be removed/installed is not the same across all roles.
This change makes four parameters to be customized on a per-role basis:
UpgradeInitCommand
UpgradeLeappToRemove
UpgradeLeappToInstall
UpgradeLeappCommandOptions
Related-Bug: 1915067
Closes-Bug: rhbz#1936419
Change-Id: Ifd373f7aba6d98baa843b141de8a2266eaa71a0b
This patch exposes the net_cidr_map variable so that tasks can
access the list of CIDRs that are valid for a network as opposed
to attempting to build the CIDRs from the network definitions.
In spine-leaf or edge use cases the networks may have multiple
subnets assigned to a given network.
The new Unbound service will use these maps to build lists of
CIDRs allowed to make queries.
Change-Id: I6004519e8b2317d19356c4a2b8bea416b4d94c22
This is a continuation of change id I27ac0a536624f5461809df771a58a6e57fec0661
The port_forwarding service should be included as part of the default
NeutronServicePlugins value.
Closes-Bug: #1877447
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Change-Id: Ib35fdae76f16f7e0f993587056b7759aeceff061
NeutronServicePlugins needs to include 'log' in order to support
the security-group logging functionality.
Also added log to deployment/neutron/neutron-base.yaml as part of
the default NeutronServicePlugins.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/768129
Change-Id: I08fedd65bb4c97bbd73bf966ae763e4cdedebab2
Related-Bug: #1914757
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
This change adds delegate_facts_hosts: false to the
existing ceph-ansible scenarios.
This was introduced due to the --limit option to avoid
gathering facts, but since we're running on standalone
and the same node is present in all groups, having that
variable set to True (which is the ceph-ansible default)
makes no sense.
Change-Id: I44433731f73882f62591e8067743beec4d423ef7
nova::api::default_floating_pool parameter was removed from
puppet-nova back in 2018 with
I2624b92871f4cba5a7361a5d006d985946493e83
It is now recommended to use
nova::network::neutron::default_floating_pool parameter to
define default floating IP pool.
Partial-Bug: #1916386
Change-Id: If419d53fc3a90cdd62271c00714fff79a3b4fd12
Add posibilities to configure ovn dbs monitor interval
in tht by OVNDBSPacemakerMonitorInterval (default 30s).
Under load, this can create extra stress and since the
timeout has already been bumped, it makes sense to bump
this interval to a higher value as a trade off
between detecting a failure and stressing the service.
Depends-On: https://review.opendev.org/#/c/710407/
Change-Id: Id836676826f6e7c97ef8e3d665ab3e467ad055ba
With the changes in https://review.opendev.org/771657
this cleanup task file no longer exists. The cleanup
is done within the role automatically via a block/rescue.
Related-Bug: #1908425
Related-Bug: rhbz#1904681
Related-Bug: rhbz#1916162
Needed-By: Ifc03f9eb1cb4ca3faec194569f4cb2dace93323f
Change-Id: I0c509370332797fe563804b0ddb8f1a5d4742994
Since tempest container is no longer tested in CI and is
replaced with os_tempest ansible-role.
An user can use and install tempest from rpm which is
supported as earlier.
Depends-On: https://review.opendev.org/c/openstack/python-tripleoclient/+/776654
Related-Bug: #1916875
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: Ifefebdffe0c27b8e1e88a41a6deeb3792c3194f0
When 'ipaclient_hostname' is not passed it's
default's to 'ansible_fqdn', which is not available
when setting ANSIBLE_INJECT_FACT_VARS=False[1], let's
pass it explicitly.
[1] https://review.opendev.org/c/openstack/python-tripleoclient/+/776558
Closes-Bug: #1917582
Change-Id: I5b3ab81d7d885b5373c9c75a2b3ca637efb87c1e
These environments will be used by the undercloud install to selectively
disable these services as needed.
Change-Id: I2c9cf50363579d4e18aaeaf783770ca7a4266622
Signed-off-by: James Slagle <jslagle@redhat.com>
Nova supports to configure resource provider inventory and traits using a
standardized YAML file format starting victoria release [1]. This introduces
CustomProviderInventories role parameter to configure the custom provider yaml.
[1] https://docs.openstack.org/nova/latest/admin/managing-resource-providers.html
Depends-On: If12d7f5a8c331e051eb543f88187c31e676f3b62
Depends-On: I509eec3bf37368640ae8a3df8271b769d29f70c4
Change-Id: I25ea828397fcc968d07b0d5e87bdc9445ac690e2
Fixes an issue where map_merge was used incorrectly,
trying to merge dict with null and passing a list of
only one map.
This caused the map merge not to happen, and the
$RoleServiceChain output to carry the actual map_merge
in service_config_settings instead of the intended
merged map of rsyslog logging_sources.
Closes-Bug: #1917195
Change-Id: I529f91d5391d24bb5a6af37d3486f6ddf6cabac7
There are no config files generated whatsoever. The folder is created
and empty and since it has no manifests there is little point in running it at all.
Let's just remove it.
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/776589
Change-Id: I5e1519c8f441213b264008fda62a1a442cf9d243
With I918b6c16db6ed70d9ad612aecd7af7d725520f7b we moved the ovn-dbs
creation out of the ephemeral ovn_dbs_init_bundle container and on to
the host.
We left the ovn_dbs_init_bundle container around and kept the tag
ovn_dbs_remove_old_cruft for it. This is because with that tag
we historically triggered the needed code to make sure to handle
the transition from a deployment where ovn-dbs used the internal_api
VIP to the (current) deployment where ovn-dbs uses its own VIP.
Since ovn-dbs has its own VIP starting with train, we can now safely
drop this container.
Change-Id: I5d5df3948964c28f53eda0ba5a966c824012bd4c
Francesco Pantano
Zuul
Grzegorz Grasza
Slawek Kaplonski
Giulio Fidente
John Fulton
Harald Jensås
Michael Johnson
Flavio Fernandes
ramishra
Alexey Stupnikov
Kamil Sambor
Jesse Pretorius (odyssey4me)
Chandan Kumar (raukadah)
yatinkarel
James Slagle
Martin Schuppert
Michele Baldessari