This patch switches the default mechanism driver for neutron from
openvswitch to OVN.
It will also flip scenario007 job to run with ML2/OVS.
Depends-On: I74ffb6b7f912e1fce6ce428cd23a7283c91b8b96
Depends-On: I99ba2fd6a85b4895b577719a7541b7cbf1fdb85c
Depends-On: Ib60de9b0df451273d1d81ba049b46b5214e09080
Depends-On: Iaed7304adf40a87a0f14b7a95339f8416140e947
Change-Id: Iab52cdf5d0f7a392c4f17c884493b5c5beb1d89f
Co-Authored-By: Kamil Sambor <ksambor@redhat.com>
manila-api can be deployed in two ways:
- Using the service-provided eventlet based server
- Behind any popular web server as a wsgi process
[1] adds support to the kolla image to install necessary
packages and write configuration files to enable deploying
manila-api with Apache/mod-wsgi/
[2] and [3] add support to puppet-{manila,tripleo} to
honor httpd options like other API services.
So, switch the manila-api docker/service to running
httpd, and add necessary configuration options.
Honor the "EnableInternalTLS" option to allow running
manila-api with TLS.
[1] https://review.openstack.org/#/c/590061/
[2] https://review.openstack.org/#/c/591869/
[3] https://review.openstack.org/#/c/592188/
Depends-On: https://review.openstack.org/#/c/592188/
Change-Id: Ic88a2f08e013a49e3da45a2bfc82c62ba284526a
Adds a new GlobalConfigExtraMapData parameter that can be used to inject
global_config_settings hieradata into the deployment. Any values generated
in the stack will override those passed in by the parameter value.
This will be used for the distributed compute node when deploying with separate
stacks and data from the control plane stack needs to be injected into the
compute stack.
Change-Id: Id3e52e272bae67ee4036c81b3d7640255e0349ae
The NodeDataLookup parameter should be valid JSON and we should
help the user by adding type checking for this early in the
deployment so that the user doesn't experience the related bug.
Change-Id: Id9d2208f1cbaba9234d7657420cd7efcad3507a0
Related-Bug: #1784967
Related-Bug: #1814070
'overcloud update abort' command had been dropped since few
releases. However, users can still use heat commands to cancel
an update which is not recommended.
Undercloud now uses heat convergence architecture and stack check
has not been migrated to convergence yet.
let's add heat policy to disable both on undercloud.
Change-Id: Ib5e2dab1e94810ac02e5d64859d2e84f749f3994
The resulting user home directory is mounted into the mistral-executor
container. A later change in tripleo-common will populate
.ssh/authorized_users with the generated private key so that
mistral-executor can manage the undercloud host via ansible localhost ssh.
Change-Id: I4c8ee04534636622581eb386c01790d6610e7f58
Partial-Bug: #1813832
Depends-On: Id89cc920e165c2103707609fd37639c3032cc8ea
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of haproxy services has been removed.
Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639
Related-Blueprint: services-yaml-flattening
When support for routed provider networks and Ironic was
added in tripleo the mechanism driver was only enabled
for the undercloud.
Override the NeutronMechanismDrivers parameter to add
'baremetal' mech driver in the Ironic service environment.
Closes-Bug: #1812936
Change-Id: I555684541846f325c02c0fd8cb9c82ac4b8ede5b
Update THT to align with puppet-tripleo changes made in [1]
- Add new CinderNetappPoolNameSearchPattern parameter
- Deprecate CinderNetappStoragePools parameter
- Remove previously deprecated CinderNetappEseriesHostType parameter
[1] https://review.openstack.org/570406
Fix relative path in file the sample-env-generator uses to generate
environments/storage/cinder-netapp-config.yaml.
Change-Id: I813ca60eb5ce9e008e1b72e88d83709d3125676f
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.
Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
e0e885b8ca3332e0815c537a32c564cac81f7f7e moved the cellv2 discovery from
control plane to compute services. In case the computes won't have access
to the external API the service check will fail. This switch the service
check to use the internal endpoint.
Change-Id: I234db0866fb6f1adefdcf7a2b2a82412e443b7c9
Closes-bug: 1812632
The NBD protocol previously runs in clear text, offering no security
protection for the data transferred, unless it is tunnelled over some
external transport like SSH. Such tunnelling is inefficient and
inconvenient to manage. Support for TLS to the NBD clients & servers
provided by QEMU was added. In tls-everywhere use case we want to
take advantage of this feature to create the certificates and configure
qemu to use nbd tls.
Closes-Bug: 1793093
Depends-On: Ifa5cf08d5104a62c9c094e3585de33e19e265110
Depends-On: I1db1b60be4907511f0ec0f5aa0f0a45e1c5d9b45
Depends-On: I347881cf4822583179c0c042c42fa1e33dbcedd2
Change-Id: I7d9df304d75bdbe36ecdfe50e5ce6b42a53063cc
The ones in environments/ssl/ are preferred instead. These have been
available since pike.
Change-Id: I84a7b354ede46d6ec88964e5dcbd5678d89c8c0f
Depends-On: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80
We have yet Nova for SSH keys management, when deploying a standalone
cloud. Allow Octavia deployments for such a case as well.
Jinja2 rendering of the octavia service template provides that
functionality by relying on a new role tag 'standalone'.
Change-Id: I69f3623646ec5b65109e0a4f0c16139018da9282
Closes-bug: #1806113
Co-Authored-By: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Added support for setting the Barbican option
always_set_cka_sensitive. The option defaults to true as
needed by Safenet HSMs. It is set to false in the ATOS
and Thales HSM environments.
Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of sahara services has been removed.
Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
The merge-new-params-nic-config-script.py previosly had the
'Controller' role as the default for --role-name. It is not
obvious that this parameter must be changed when merging
nic config templates.
Remove the default and make the argument required. Improves
UX since user error is less likely.
Making the mistake of using a Role with too many networks
is'nt as forgiving since we now only pass parameters for
the role.networks.
Related-Bug: #1800811
Change-Id: Iff9e364db66ad09a30ac10a7814a3c01d50caf58
This is a new service required for sharding containers.
It is disabled by default and can be enabled by setting the
SwiftContainerSharderEnabled to true.
Change-Id: I73119496ca6dd99b2f42f97529ad91273735c848
Overlay tunnel endpoints are supported only on
IPv4 address. Now that OVS and Neutron support
having v6 endpoints, edit network enviroment
files in TripleO to allow this.
Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04
Closes-Bug: #1793239
Adding GlanceInjectMetadataProperties & GlanceIgnoreUserRoles to
inject metadata properties to the image with specific user roles
to be ignored for injecting metadata properties in the image.
Depends-on: I02482dff7b1412d6254ce82d80257ce26c23430d
Change-Id: Ie6504f73fd5f7492389d6c55a89c66b8ca568ef7
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5