This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of zaqar service has been removed.
Change-Id: I8947d2fc5e5672e701d2802cd14a3fa176877a7d
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of Ironic services have been removed.
Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.
Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
On Octavia-enabled composable role deployments where the Octavia health
manager service doesn't run co-located with the API service, the
firewall rule to allow messages in to the o-hm0 interface was not being
created. As a result of that, the load balancers were not going ONLINE.
Closes-Bug: #1808190
Depends-On: https://review.openstack.org/#/c/624403/
Change-Id: Icc568a551b902e6d9f003250226468ed38a776fc
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.
Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.
Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.
This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.
Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
Allow tht parameter IronicInspectorSubnets to specify
per-instance ip range(s) using hostname as key for each
list of ip ranges. For HA deployments use disjoint
address pools to avoid potential address conflict.
Implements: blueprint ironic-inspector-overcloud
Depends-On: Ifae513265b8c35d98012f14f951bac33ae90b66c
Change-Id: Ifdebe9fcc817b4572f1eb461a3396af6b55f1e6b
Add TunedCustomProfile parameter which may contain a string in
INI format describing a custom tuned profile. Also provide a new
environment file for users of hypercoverged Ceph deployments
using the Ceph filestore storage backened. The tuned profile is
based on heavy I/O load testing. The provided environment file
creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf whose
content is the following and sets this tuned profile to be active.
[main]
summary=ceph-osd Filestore tuned profile
include=throughput-performance
[sysctl]
vm.dirty_ratio = 10
vm.dirty_background_ratio = 3
[sysfs]
/sys/kernel/mm/ksm/run=0
Depends-On: Iba17d86bbdd710623ba1ba44b1ea5d4c1b99c541
Change-Id: Iaa1c82cefac5c8f2959fd7aeb57bd6860fd9096a
Closes-Bug: #1800232
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.
Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
For deploying with hw offloading, we should use the
"environments/ovs-hw-offload.yaml" file beside neutron, opendaylight
or ovn environments files
Change-Id: I6702b4cce3776676b2da5a4d2af89ff9b171ce74
HostPrepConfig was using the old way (Heat) to run Ansible. We don't
need it anymore thanks to config-download.
It removes some technical debt and reduce our number of interfaces to
configure software.
Change-Id: I2041e6892de76b0ed04d7497e3f9064bfaf58270
Add CinderNfsSnapshotSupport parameter that controls whether cinder's
NFS driver supports snapshots. The default value is True.
Depends-On: I4df8e3941eb074339e399e5a5c44fa411ff21560
Change-Id: I9a42f805fd28fd04bee771cac63bd0080b39c7c0
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of aodh services have been
removed.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I39645aff0365218d4b841ed0d9c964b3622f143a
Related-Blueprint: services-yaml-flattening
"data" folder mounted on host sometimes makes ODL
believe that it has boot features installed. So ODL
doesnot generate required files.
So don't mount that folder so that ODL can boot
properly on restart.
Closes-Bug: #1805859
Change-Id: Icb415f6ac379e757edfe6dd73f80484a6697d152
Add release notes for migration from old OpenDaylight netvirt:1
healthcheck REST API to new diagstatus API.
Code change was merged here, but I didn't know to add relnotes.
https://review.openstack.org/#/c/621052
Change-Id: Iacdcf3f962c61890dc47f523911698b5f4696381
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
The NtpServer default set now includes multiple pool.ntp.org hosts to
ensure that the time can be properly synced during the deployment.
Having only a single timesource can lead to deployment failures if the
time source is unavailable during the deployment. It is recommended
that you either set multiple NtpServers or use the NtpPool
configuration to ensure that enough time sources are available for the
hosts. Note that the NtpPool configuration is only available when using
chrony.
Change-Id: I5b82d77cbf0f2e8c2a59645a72aa533d7d2c86b8
Closes-Bug: #1806521
With tls-everywhere enabled connecting to keystone endpoint fails
to retrieve the URL for the placement endpoint as the certificate
can not be verified. While verification is disabled to check the
placement endpoint later, it is not to communicate with keystone.
This disables certificate verification for communication with
keystone.
Related-Bug: 1784155
Change-Id: I317dd62f3a555f375d540a63c21a6fb38d37ca96
This can be used to replace the per-role bootstrap_nodeid_ip,
and the redis-base template is updated to use the new hiera
key.
The old bootstrap_nodeid_ip appears to only be used for redis,
so the old key is removed, with an upgrade release note added
should any out-of-tree services reference this value.
Partial-Bug: #1792613
Change-Id: I830d5b9bae3e9d65c2c393e3dcdf70bffdb1ac7b
Since Rocky neutron has support to enable routed networks on
existing an network and subnet if certain conditions are met.
The tripleo undercloud does meet these conditions.
This change updates the extraconfig post script that creates
the neutron ctlplane networks. Any non routed network is
updated to a routed network if 'enable_routed_networks' = True
in the configuration.
Closes-Bug: #1790877
Change-Id: Idf2dd4c158d29b147d48153d3626cf403059d660
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute container
is shut down. Therefore we need a customized libvirt-guests unit file
which:
1) removes the dependency to libvirt (non container) that it don't
get started as a dependency and make the nova_libvirt container
to fail.
2) adds a dependency to docker related services that a shutdown of
nova_compute container is possible on system reboot.
3) stops nova_compute container
4) shutdown VMs
This is a missing part of Bug 1778216.
Change-Id: Ic4b7b427827114fcec0f4973a200461e811ee53a
Related-bug: 1778216
Enabling glance image cache by setting up value of 'flavor' to
'keystone+cachemanagement' in glance-api.conf from THT.
Change-Id: I9a87d8edcb2e98ae45e98439b44b659916e44d89
blueprint: split-controlplane-glance-cache
Nova metadata api is running via http wsgi in its own service.
Therefore we can cleanup the ports definition being opened by
nova api service.
Change-Id: I3066806f8810e30742516c3ca14afc12a1c95bbc
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.
Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
Don't always masquerade these defaults, masquerading
should only happen to the ctlplane subnets defined
in undercloud.conf if masquerading is true.
Closes-Bug: #1794729
Depends-On: I11b325458517334f97fc5f4754b4b39efff3a3f3
Change-Id: I4b956e8be92f1b7a71579d04c7e41c20da7ffdfa
Add ContainerCli parameter, default to docker. Possible values:
podman/docker (default).
Deprecate DockerAdditionalSockets so it does nothing for podman.
Nested podman CLI replaces docker sockets. Only bind mount
/var/lib/openstack for the neutron/ovn agents for docker.
Support debug messages for Neutron/OVN wrappers controled via
NeutronWrapperDebug and OWNWrapperDebug (defaults to False). Or
globally controlled by Debug.
Make the wrapper containers managed by its parent processes and
not exited/removed forcibly, when the parent container restarts.
Background for podman CLI replacing the docker socket:
We'll use 'nsenter -m -n -p -t 1 podman' in wrappers
to execute podman in the same namespaces as on the host
and to NOT bind-mount world for that, like:
- /sys/fs/cgroup:/sys/fs/cgroup
- /run/libpod:/run/libpod
- /run/containers:/run/containers
- /run/runc:/run/runc
- /run/runc-ctrs:/run/runc-ctrs
- /var/lib/containers:/var/lib/containers
- /etc/containers:/etc/containers:ro
- /usr/bin/podman:/usr/bin/podman:ro
- /usr/bin/runc:/usr/bin/runc:ro
- /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro
- /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro
...
We cannot use chroot /host instead as there is more bind-mounts to use
outside of the /host chroot. Maybe varlink is a good replacement for
all of that, but it's not there yet.
Change-Id: I055fb7a5fd20932c5bee665bb96678f3ae92bffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Added a new parameter CinderDellScMultipathXfer to
support cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer
to the Dell EMC SC Cinder iSCSI volume driver template.
Depends-On: https://review.openstack.org/#/c/611126/
Change-Id: I04f42ce0cd117f7dcc7a817274ea7664d9995864
