Allow tht parameter IronicInspectorSubnets to specify
per-instance ip range(s) using hostname as key for each
list of ip ranges. For HA deployments use disjoint
address pools to avoid potential address conflict.
Implements: blueprint ironic-inspector-overcloud
Depends-On: Ifae513265b8c35d98012f14f951bac33ae90b66c
Change-Id: Ifdebe9fcc817b4572f1eb461a3396af6b55f1e6b
We use update_identifier ansible variable to check if we need to
re-run deployment tasks. Though there is no bug as we use
DeployIdentifier heat param for it, it's little confusing
(UpdateIdentifier was meant for package updates).
This also removes usage of UpdateIdentifier/update_identifier in
all_nodes_config.j2.yaml. We can deprecate/remove the heat param in a
subsequent patch.
Change-Id: I36ed62ae605a2d8f8f139b50646144b143d5e5f4
The container-registry role is idempotent in a way that the
restarting of the docker service will be done only if some
configuration value has changed.
During the upgrade, host_prep_tasks are being run and if the
new templates bring some configuration change then the Docker
service gets restarted. The issue is the point at which they
get restarted, which is after the upgrade_tasks have already
run and prior to the deploy_tasks. This is causing issues with
Pacemaker handled resources.
For that reason, we include the very same task running in host_prep_tasks
into upgrade_tasks for the docker and docker-registry services,
forcing the Docker service reconfiguration to happen during
upgrade_tasks instead of at a latter point.
Closes-Bug: #1807418
Change-Id: I5e6ca987c01ff72a3c7e8900f9572024521164de
When SELinuxMode is set to enforced in thedeployment, configure Docker
to enable SElinux.
It'll wire container_registry_selinux variable in ansible-role-container-registry
which enables --selinux-enabled if set to True.
Change-Id: Ic030ecbe8b6719ba45cb7c27c6cf44bab14fed88
Add TunedCustomProfile parameter which may contain a string in
INI format describing a custom tuned profile. Also provide a new
environment file for users of hypercoverged Ceph deployments
using the Ceph filestore storage backened. The tuned profile is
based on heavy I/O load testing. The provided environment file
creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf whose
content is the following and sets this tuned profile to be active.
[main]
summary=ceph-osd Filestore tuned profile
include=throughput-performance
[sysctl]
vm.dirty_ratio = 10
vm.dirty_background_ratio = 3
[sysfs]
/sys/kernel/mm/ksm/run=0
Depends-On: Iba17d86bbdd710623ba1ba44b1ea5d4c1b99c541
Change-Id: Iaa1c82cefac5c8f2959fd7aeb57bd6860fd9096a
Closes-Bug: #1800232
The puppet apache service uses the cidr map in ServiceData.
Services did not pass the ServiceData to the apache
service template. Because of this the property resolves to
an empty string which is not correct. The empty string
cause problems when yaql in common/services.yaml is merging
config_settings.
Closes-Bug: #1806718
Change-Id: Ia3af9535e3af1dad4ac833983ebe29b6002f0815
The puppet openstack modules have switched the debug setting to a
logging class in the modules. They are starting to remove the base debug
option so we need to switch our usages to use the logging classes
Change-Id: I690448db2de341ec428181f19364c93a3273b565
Needed-By: https://review.openstack.org/#/c/619379/
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.
Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
This patch enables collectd deleting /var/run/collect-socket on startup.
It is created for monitoring purposes and on some conditions is created
by health check script sooner than collectd starts, which results on collect
failing to create the socket and listening on it.
Change-Id: I9fed91255f6857ac39a68278fb2c036606d88468
Closes-Bug: #1807683
We create user data per instance, but two are global for all, and the
last one per role, so we can move it up the stack.
Change-Id: I1330e54744adef9be159edd8f01aefa3db85a480
This hiera key is useful for when scripts want to figure out what tool
to call. This way they only need to call hiera in order to figure that
out.
Change-Id: I63dfd339a68ee1730e84cdcc32856f2fb4590cf4
Add CinderNfsSnapshotSupport parameter that controls whether cinder's
NFS driver supports snapshots. The default value is True.
Depends-On: I4df8e3941eb074339e399e5a5c44fa411ff21560
Change-Id: I9a42f805fd28fd04bee771cac63bd0080b39c7c0
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of aodh services have been
removed.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I39645aff0365218d4b841ed0d9c964b3622f143a
Related-Blueprint: services-yaml-flattening
The NtpServer default set now includes multiple pool.ntp.org hosts to
ensure that the time can be properly synced during the deployment.
Having only a single timesource can lead to deployment failures if the
time source is unavailable during the deployment. It is recommended
that you either set multiple NtpServers or use the NtpPool
configuration to ensure that enough time sources are available for the
hosts. Note that the NtpPool configuration is only available when using
chrony.
Change-Id: I5b82d77cbf0f2e8c2a59645a72aa533d7d2c86b8
Closes-Bug: #1806521
When installing OpenShift by means of TripleO, after
the initial docker configuration, openshift-ansible
also adds several parameters there.
Then, if we want to remove a single node, then a stack
update is performed, which returns the configuration
to its original state. In other words, it removes all
parameters added by openshift-ansible, which breaks OpenShift.
This commit adds the ability to disable reconfiguration of
docker at the time of stack update for all roles associated
with OpenShift.
Closes-Bug: #1804790
Depends-On: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Change-Id: If202be5d27d81672e39cbe21867459d277220e23
Unprivileged docker-puppet-$service containers don't have access
to devices and can't get facter 'uuid' variable. Therefore per node
hiera customizations don't work. We can work around this by using
/sys/class/dmi/id/product_uuid instead.
dmidecode>=3.1 returns system-id in lower case, so it's better to
use lowe case for compatibility.
This would also require changes to the docs as ironic node
introspection data may show it in both cases.
Change-Id: I899de7732c5b29ed70d4d487fdbc363117ac327f
Closes-Bug: #1806011
OpenDaylight's Infrautils project has a new, recommended method for
checking when ODL is up and ready. Use this new diagstatus ODL NB REST
API endpoint vs the old netvirt:1 endpoint.
ODL Jira that tracked adding diagstatus REST API:
https://jira.opendaylight.org/browse/INFRAUTILS-33
RH BZ tracking moving to diagstatus:
https://bugzilla.redhat.com/show_bug.cgi?id=1642270
Change-Id: I44dc5ba7680a9c5db2d6070e813d9b0e31d6e811
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
By default, Compute role template set's the deprecated_param_ips
parameter in roles data. This forces the use of the deprecated
names in paramer_defaults when using predictable IPs for the
ctlplane network.
To allow the user to either use the deprecated role name, or the
non deprecated role name in parameters defaults extend the
ctlplane_fixed_ip_set contition to use or logic to test for data
in either the deprecated name parameter or the new parameter.
In the server resource use yaql to pick the first element that
is not empty. The non-deprecated parameter name is prioritiezed.
Change-Id: Iedc65064c5efaa618c3d54df10bf09296829efd2
Closes-Bug: #1805482
There was also a special flag for FFU that triggered repo setup only
on the bootstrap node, so switch this to use the per-service bootstrap
name instead.
Change-Id: I32f963a002399af4911acbf507312f378aac3599
Partial-Bug: #1792613
This can be used to replace the per-role bootstrap_nodeid_ip,
and the redis-base template is updated to use the new hiera
key.
The old bootstrap_nodeid_ip appears to only be used for redis,
so the old key is removed, with an upgrade release note added
should any out-of-tree services reference this value.
Partial-Bug: #1792613
Change-Id: I830d5b9bae3e9d65c2c393e3dcdf70bffdb1ac7b
For the isolated networks we use the subnets host_routes
to set and get the routes for overcloud node interfaces.
This change add's this to the ctlplane interface.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: Id4cf0cc17bc331ae27f8d0ef8f285050330b7be0
We have some scripts that we deploy via tripleo that use inline python.
For this we need to be able to find an available python on the system in
order for it to work. This change adds a lookup function to the scripts
to find a working version of python as /usr/bin/python may not exist.
Change-Id: Ida7a7cbd064ebdb923f38c9102eb4b0771f9b273
Related-Blueprint: python3-support
In RDO CI we're seeing this undefined, but haproxy_short_bootstrap_node_name
is defined, which proves https://review.openstack.org/#/c/605046/ is included
and working.
The root cause is that the haproxy_public_tls_inject_service is actually
created via the haproxy template as a nested stack, so we need to use
haproxy_short_bootstrap_node_name instead
Change-Id: I870825140b8947a1845307b5bec1bcff387c15c0
Closes-Bug: #1804433
Setting this parameter to False not only breaks the deployment, but also
disables important storage services on storage nodes, not only
Controllers.
The parameter has been marked deprecated for quite awhile, thus changing
it to be non-effective (before removing it totally).
Closes-Bug: 1804479
Change-Id: I30bdc60853b6057f4f7c8c28dc88e6b151056422
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute container
is shut down. Therefore we need a customized libvirt-guests unit file
which:
1) removes the dependency to libvirt (non container) that it don't
get started as a dependency and make the nova_libvirt container
to fail.
2) adds a dependency to docker related services that a shutdown of
nova_compute container is possible on system reboot.
3) stops nova_compute container
4) shutdown VMs
This is a missing part of Bug 1778216.
Change-Id: Ic4b7b427827114fcec0f4973a200461e811ee53a
Related-bug: 1778216
For network isolation, we specifcy available networks for role.
Therefore, there is no point in creating noop network resources for
networks that are not available/connected. This results in redundant
host entries for not available networks on overcloud nodes.
If a network is not available for a role we don't need to create
those extra noop resources.
For Undercloud/Standalone role we keep all networks in roles data
as the default ServiceNetMap specifies non ctlplane networks though
they map to ctlplane.
Change-Id: I07822ec0cba7eed352c0010eb893b5e5a522e95c
Closes-Bug: #1800811