If not set, it would use the default os_workers fact instead of 'auto'
and limit the number of worker processes.
Change-Id: I69f51bb38f1307cf4b750e5ffb394eb215df1d9e
Add CinderStorageAvailabilityZone parameter that configures
cinder's DEFAULT/storage_availability_zone. The default value
of 'nova' matches cinder's own default value.
Add several CinderXXXAvailabilityZone parameters, where XXX is
any of the cinder volume service's storage backends. The
parameters are optional, and when set they override the
"backend_availability_zone" for the corresponding backend.
Implements: blueprint split-controlplane-cinder-volume-az
Depends-On: Ic407b747474b567858ad36beabc8a7d8c5022343
Change-Id: Idb035bf112cbab41547bd89935df4c175bf665f4
Adds support for libvirt volume_use_multipath the ability to
use multipath connection of the iSCSI or FC volume.
Volumes can be connected in the LibVirt as multipath devices.
Adds new parameter NovaLibvirtVolumeUseMultipath.
Change-Id: I18a030a445de652fbc492029afec6558a9661857
This reverts commit 52c1641e2c3ad5caeb70fc8a09f29eba6fe5b53d due to the related bug below
Change-Id: I3f6d8adae1918d1d55fdecc09fed5e4b45ee46b9
Related-Bug: 1798525
Add all the keystone log files to fluentd, so
fluentd is aware of all the keystone log files
Added the new parameters to the exclusion ones
Depends-On: Ifd5fbf6509addf4a564ff83c4551525c9a139ff4
Depends-On: Id1d58637967ffb0e9bd0a83c3cbca699432f5378
Change-Id: I48c957496f7fb36d2128c545d5bcd1499e9e9bf6
According to
https://docs.openstack.org/newton/config-reference/config-format.html we
can have a list of notification drivers like:
driver = messaging
driver = log
Let's not impose extra limitation in THT as folks might want special
notifications setups.
Change-Id: I873574944af237e1ff998f0e9b9b261c53c46f54
Closes-Bug: #1795026
This change makes the default ContainerImagePrepareLogFile be
/var/log/tripleo-container-image-prepare.log for both undercloud and
overcloud deploy.
Previously, undercloud prepare logged to $HOME/install-undercloud.log
and overcloud prepare logged to
$(pwd)/tripleo-container-image-prepare.log.
With this change, both will be logged to
/var/log/tripleo-container-image-prepare.log
Depends-On: Id4b776de808ea329a299430078c6f3efdb604e02
Change-Id: Icd3c5d612a9c42d1d3d8e374f10eb56d5737d516
Closes-Bug: #1789871
Internal TLS works fine if one deploys the API services in the
controller. Once one moves the service away from the controller, the
appropriate service principals won't be created.
Closes-Bug: #1795923
Change-Id: I6e8555fbc90fa0369aae37a7ad19eafc7b4a198a
The current approach has several disadvantages:
- Requires shelling out to the hiera CLI, and is coupled to the puppet hieradata
- The bootstrap_nodeid is only unique per Role, not per service, so if you
deploy a service spanning more than one role it will evaluate true for
every role, not only once.
Instead lets use the per-service short_bootstrap_node_name, which is
available directly via the ansible inventory now ref
https://review.openstack.org/#/c/605046/
This is the first part of a cleanup for inconsistent handling of
bootstrap node evaluation, triggered by bug #1792613
Change-Id: Iefe4a37e8ced6f4e9018ae0da00e2349390d4927
Partial-Bug: #1792613
Depends-On: Idcee177b21e85cff9e0bf10f4c43c71eff9364ec
This is no longer handled as the TLS handling tasks were converted
to ansible, and in the context of this series we need to remove it
because it references bootstrap_nodeid
Partial-Bug: #1792613
Change-Id: Ib32177b116f148f007574847320566e32240cf96
Neutron integration requires the versioned endpoint. The Keystone
catalog value still needs to be unversioned though or Tempest
explodes.
Change-Id: I705208e3ef8a9e2e86b82b721bc87a45b6f4e36d
With OOO we configure a separate DB for placement for the undercloud and
overcloud since the beginning.
But the placement_database config options were reverted with
https://review.openstack.org/#/c/442762/1 , which means so far even if
the config option was set, it was not used. With rocky the options were
introduced again which is not a problem on a fresh installed env, but on
upgrades from queens to rocky.
We should use the same DB for both fresh deployments on and upgrades to
rocky before we switch to the new DB as part of the extraction of placement.
Closes-Bug: #1797119
Change-Id: I6eb8cb62d337fa4f6e6542391de251519e246923
Rocky added nova-scheduler worker support so we need to be able to
configure (and tune it) as necessary.
Change-Id: Idd702e01b67a2f25eb621d1251e8457ea376f51b
Closes-Bug: #1796933
Modified heat templates to add support for containerization for
Liquidio compute service. Fixed a issue in the ProviderMappings
in Liquidio heat templates.
Depends-On: Ice2baafae2fb1011e16d83c83b5c85f721f6d679
Change-Id: Id4c754f402091e17a974972408919332aa06cd11
This has been unused for a while, and even deprecation was scheduled
(although the patch never merged [1]). So, in order to stop folks
getting confused with this, it's being removed.
[1] https://review.openstack.org/#/c/543871/
Change-Id: Iada64874432146ef311682f26af5990469790ed2
Java options like heap size configuration needs
tweaking for large scale deployments. Allow
customizing those values from TripleO.
puppet-opendaylight will configure these values
in ODL. Corresponding puppet-opendaylight patch is
https://git.opendaylight.org/gerrit/#/c/68491
Change-Id: I99e08314dedfcc71a776423ac3c6c282237cc0c2
Closes-Bug: #1794073
Since we moved to containerized UC, TLS Everywhere deployments are broken.
Namely we miss two things:
A. The NAT iptables rule for the nova metadata service to be reachable
B. The setting 'service_metadata_proxy=false' needs to be set for nova
metadata otherwise the curl calls to setup ipa will fail with the
following:
[root@overcloud-controller-0 log]# curl http://169.254.169.254/openstack/2016-10-06
<html>
<head>
<title>400 Bad Request</title>
</head>
<body>
<h1>400 Bad Request</h1>
X-Instance-ID header is missing from request.<br /><br />
</body>
</html>
A. Is fixed by adding a conditional iptables rule that is only triggered
when deploying an undercloud (where we set MetadataNATRule to true)
B. Is fixed by setting NeutronMetadataProxySharedSecret to '' on the
undercloud and then setting the corresponding hiera keys only when
the parameter != ''. We tried alternative simpler approaches like
setting NeutronMetadataProxySharedSecret to null but that will break
heat as the parameter is required and setting it to null breaks heat
validation (we also tried to make the parameter optional with a
default: '', but that broke as well)
While we're at it we also remove the neutron metadata service from the
undercloud as it is not needed.
Tested by deploying an undercloud with this change and observing:
A.
Chain PREROUTING (policy ACCEPT 106 packets, 6698 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- br-ctlplane * 0.0.0.0/0 169.254.169.254 multiport dports 80 state NEW /* 999 undercloud nat ipv4 */ redir ports 8775
B.
grep -ir ^service_metadata_proxy /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf
service_metadata_proxy=False
Also a deployment of a TLS overcloud was successful.
Change-Id: Id48df6db012fb433f9a0e618d0269196f4cfc2c6
Co-Authored-By: Martin Schuppert <mschuppe@redhat.com>
Closes-Bug: #1795722
We were using a deprecated interfce to set this value. This uses the
correct one.
Closes-Bug: #1793665
Change-Id: Ib7717911aba3267f855ac6682b0144bfe92034fb
Updates/upgrades workflow must not run during `upgrade prepare` or
`upgrade run`, but during `upgrade run` we need to have the images
available. So the intention is to run `external-upgrade run --tags
container_image_prepare` between `upgrade prepare` and `upgrade run`.
The situation is analogical for `update` and `external-update`
commands.
Change-Id: I49de9a41c62204ab7cd835fec6dab8d59b054948
Closes-Bug: #1795881
These tasks had an empty name field, which breaks ansible's
--start-at-task functionality with a traceback, as it's not valid to
have unnamed tasks.
Change-Id: I2386da62a87bfc290070fce13c2d35290565478a
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.
For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.
Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
Currently it is not possible to do per-node customization inside
docker-puppet.py because it overrides the fact 'uuid'.
This change adds a dedicated docker_puppet entry in hiera.yaml so that
docker-puppet.py needs to do nothing special for
/etc/puppet/hieradata/docker_puppet.json to be included in the hiera
merge.
Change-Id: Icf37dcd63e0152ee15e9f0079b45e31a4f8d9fbb
Depends-On: https://review.openstack.org/#/c/605478/
Closes-Bug: #1761624