octavia-api's cli app doesn't behave well with haproxy so let's run
under apache and save ourselves some grief. Also adds cleanup for the
octavia-api tls proxy in update and upgrade tasks if it was previously
deployed.
Also updates zuul layout for multinode job to track changes to new
flattened octavia service files.
Closes-Bug: #1815811
Change-Id: Ied7cb31fbf1222694250e4769573bcbb82ba5bea
As of Rocky [1], the nova-consoleauth service has been deprecated and
cell databases are used for storing token authorizations. All new consoles
will be supported by the database backend and existing consoles will be
reset. Console proxies must be run per cell because the new console token
authorizations are stored in cell databases.
Lets deprecate it also in tripleo that it can be removed in a later
release.
[1] https://docs.openstack.org/releasenotes/nova/rocky.html
Change-Id: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f
With cellsv2 multicell in each cell there needs to be a novnc proxy as the
console token is stored in the cell conductor database. This change adds
the NovaVncProxy service to the CellController role and configures the
endpoint to the local public address of the cell.
Closes-Bug: #1822607
Depends-On: https://review.openstack.org/649265
Change-Id: Ia3a36d369fdc18685f4c965a9e371ca3143967bf
By adding parameter `OctaviaAmphoraImageFormat`, it adds flexibility to
select amphora image format without forcing to use the use of
`NovaEnableRbdBackend` parameter.
Change-Id: I61ae421058fa9a944b2bbbbeeccef6b738c22a7e
Closes-Bug: #1817777
This patch disables EMC by setting emc-insert-inv-prob to 0.
Depends-On: https://review.openstack.org/647955
Change-Id: I36bc91064df224cfdaf01fb38e74ee8a9e4bf407
This patch configures and increases the defaults heartbeat parameters in
Mistral so we don't hit timeouts when an action in a workflow takes
times to reply back in Mistral, when deploying an Overcloud.
Parameters added:
MistralMaxMissedHeartbeats:
type: number
default: 15
description: >
The maximum amount of missed heartbeats to be allowed.
If set to 0 then this feature is disabled. See check_interval for more
details.
constraints:
- range: { min: 0 }
MistralCheckInterval:
type: number
default: 20
description: >
How often (in seconds) action executions are checked.
For example when check_interval is 10, check action
executions every 10 seconds. When the checker runs it will
transit all running action executions to error if the last
heartbeat received is older than 10 * max_missed_heartbeats
seconds. If set to 0 then this feature is disabled.
constraints:
- range: { min: 0 }
MistralFirstHeartbeatTimeout:
type: number
default: 3600
description: >
The first heartbeat is handled differently, to provide a
grace period in case there is no available executor to handle
the action execution. For example when
first_heartbeat_timeout = 3600, wait 3600 seconds before
closing the action executions that never received a heartbeat.
constraints:
- range: { min: 0 }
Configuration applied to Undercloud:
Maximum missed heartbeats: 30 seconds
Time between interval checks: 40 seconds
First Heartbeat timeout after 7200 seconds
Depends-On: I7a2313bed58485e077ae210d222902f4f997f0f0
Change-Id: Id8663e76b61c9e09547c228da226b706383a3e20
Closes-Bug: #1821611
Adds the external_resource_vip_id property, which can be used to set an
external_id for the port resource for the network VIP.
Since the same template resource, port.network.j2.yaml is used for both
VIP and normal ports on a network, we can't simply add jinja to that
template that conditionally adds the external_id attribute because we
don't know during the jinja2 phase if the template is for a VIP or not.
Instead, we need to map the VIP resources to an entirely new template
resource (external_resource_port.network.j2.yaml) so that we can set the
external_id attribute just for the VIP ports.
Change-Id: I27d3eeb11277004b00aa4d6a66014d5c71081c26
implements: blueprint split-controlplane-templates
For networks in role.default_route_networks use get_attr
to fetch the gateway_ip of the port's subnet and pass
it to the nic-config template.
Changes the default in nic-config templates to ''.
Closes-Bug: #1821046
Change-Id: Ic07a3166fafba3aa307a9e1953b3e3be2594a6f5
UpgradeRemoveUnusedPackages is not used anymore. All packages are
supposed to be removed on undercloud upgrade to 14.
Change-Id: Ie6b739390ec0ae0c5773a5a6c63b49422195623a
New parameter ``NovaNfsVersion`` allow configuring the NFS version
used for nova storage (when NovaNfsEnabled is true). Since NFSv3
does not support full locking a NFSv4 version need to be used. To
not break current installations the default is the previous hard
coded version 4.
Change-Id: I810478ed82ee6dc056d9652be91dc45b123e78cf
The defaults in environments/undercloud.yaml will be
merged with what the was defined in undercloud.conf.
If the 'ctlplane-subnet' is not used in undercloud.conf
the default is merged, and we end up with an additional
subnet that was not requested by the undercloud installed.
This change set the default to {} in:
environments/undercloud.yaml
Also add's a comment to hightlight that there should be
a empty dict default.
Closes-Bug: #1820330
Change-Id: Idc17154b2e1e143ba4e84b9b96f5355fc9230172
If nova-manage command was triggered on a host for the first time as root
(usually manual runs) the nova-manage.log gets created as root user. On
overcloud deploy runs the nova-manage command is run as nova user. In such
situation the overcloud deploy fails as the nova user can not write to the
nova-manage.log. With this change we run the chown of the logs files on
every overcloud deploy to fix the nova-manage.log file permissions.
Closes-Bug: #1820590
Change-Id: Iaa8db09712da6c0d9553fab39d7d5b50fa7cf287
Switch to use ansible's timezone module for timezone management of the
overcloud and undercloud systems. This change deprecates using puppet to
manage the timezone configuration.
Change-Id: Ie1a92ca5677833f302daa71cba42c5091302b2aa
The plan is:
- Docker is deprecated in Stein
- Podman is the default in Stein
- Docker will be removed in Train
Change-Id: I8f00d3e539abc4a169d6b48b8ce697e54aa2eae9
Change: I692fcc4a494b2cda1911814a53a0c6ec2f99f807 in
python-tripleoclient added support to define host routes
for the subnets in undercloud.conf.
Update the undercloud ctlplane network post script so
that it add's these routes to the host_routes property
of the undercloud ctlplane subnets.
THT already uses the data in the subnets host_routes, it
is passed as ControlPlaneStaticRoutes to NetworkConfig
unless ControlPlaneStaticRoutes was statically overriden
in the environment.
Closes-Bug: #1819464
Depends-On: I692fcc4a494b2cda1911814a53a0c6ec2f99f807
Change-Id: I46b7c7175f542ad4d375a20f133c05064e7b7222
Add the ability to rewrap keks when the master key is updated
by simply doing an update. Also, provide some needed ordering
in the steps involving MKEK and HMAC creation, sync and update.
Change-Id: I5e5a099173e82c04f4e0157049df08c8c7c47045
Add the ability to run the cinder-volume service in an active-active
configuration via a new CinderVolumeCluster parameter. The cinder-volume
service runs A/A only when configured with a cluster name.
Change-Id: Ic76742d3835d93bf16f5d9c13a2786fd7a373423
Depends-On: I615af64086d46356f322094d9f3b4e29557ed899
The /var/lib/docker-puppet is deprecated and can now be found under
/var/lib/container-puppet. We don't have Docker anymore so we try to avoid
confusion in the directories. The directory still exists but a readme
file points to the right directory.
Change-Id: Ie3d05d18e2471d25c0c4ddaba4feece840b34196
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of database service Redis
has been removed.
Change-Id: I530ee8196e1d4b81ae4886b234e1a530cf34becf
Related-Blueprint: services-yaml-flattening
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.
Let's remove its support in TripleO, to reduce the codebase.
Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of database service MySQL Server
has been removed.
Change-Id: I407bd8d8fe9bde53609e4316b12eb0b7151552ca
Related-Blueprint: services-yaml-flattening
Allow Neutron DHCP agent to use broadcast in DHCP replies by
enabling this parameter NeutronDhcpServerBroadcastReply
Change-Id: I09859ea39e7fc348b7ff6626d24eb9d058d642d2
Closes-Bug: 1818035
manila now [1] supports configuring an octal value for the
rwx permissions mode of the cephfs volumes and snapshots
and groups of these that back manila shares, snapshots,
and groups.
Expose this parameter in the backend manifests for manila
with cephfs.
[1] https://review.openstack.org/#/c/614332
Depends-on: https://review.openstack.org/638773
Change-Id: I0e3f841523dc0cc213100296bc352ac88eb1ff74
