When OVN DBs pacemaker bundle is started on the controller nodes,
all the ovsdb-servers are configured to listen on the virtual ip
(on ports 6641/6642). But only master node is configured with virtual ip.
On the other nodes, we see the below error messages
ovsdb_jsonrpc_server|ERR|ptcp:6641:172.17.1.18: listen failed: Cannot assign
requested address.
The commit [1] addressed this issue in puppet-tripleo by setting the
sysctl value 'net.ipv4.ip_nonlocal_bind' to 1 using puppet's sysctl::value.
But the ovn-dbs.yaml service file is missing this puppet tag when the
container 'ovn_dbs_init_bundle' is started.
We can fix the issue by defining this tag, but this also requires setting
'privileged=true' when starting the docker container.
Instead, this patch makes use of the t-h-t param 'KernelIpNonLocalBind'
which was introduced in this commit [2].
[1] - I6f762534350a3f96696c87ccd2d14545dccc8a0b
[2] - Idd3d432b8f7eb573d94cd56be8e05614510ebddf
Change-Id: I5ae8cd368bcd58810b18e172ee685fdbf0e48d98
Closes-bug: #1781585
This patch adds an environment file to enable sriov agent with OVN. It is expected to
include the environment file - environments/services/neutron-ovn-sriov.yaml
after including the main OVN environment file. The main OVN environment files
(neutron-ovn-ha.yaml, neutron-ovn-dvr-ha.yaml) disables all the neutron agent
services.
ovn-controller service responds to the DHCP requests from the VMs.
But in the case of SRIOV VMs, ovn-controller won't be able to capture the traffic sent
via SRIOV directly to the switch. So neutron-ovn-sriov.yaml enables dhcp agent.
Change-Id: Id6a0ce90fdc7348f47e239ec929bf88ca35c5fab
Closes-bug: #1779106
ODL is configured to log to console and then access the logs
via docker logs. Older logs are being deleted too fast. So
moving back to logging to file which is default setting in ODL
THT.
https://github.com/openstack/tripleo-heat-templates/blob/
master/puppet/services/opendaylight-api.yaml#L60
Change-Id: I29724cfb23e13c8293d1b7b4341cbd409ae1b7a6
Closes-Bug: 1779629
In a 3 node controller deployment OVN db servers are started only on one node
and if that node goes down, we hit the down time for ovsdb-servers and neutron-server.
So it is highly recommended to deploy OVN db servers as a pacemaker HA resource.
Change-Id: Ia2f50d539bf6afbeb67610a925f9f4ea0849d735
Closes-bug: #1779123
When using the DVR OVN environments, Neutron metadata and L3 agents could
be left running on the overcloud compute nodes. This patch explicitly
nullifies the DVR versions of those Heat resources to ensure they are
disabled.
Change-Id: I575c0d438a65ce24ee6cb75fec1b95a418e875b1
networking-ovn optionally expects list of dns server to be defined in the
config -'ovn/dns_servers'. These will be included in the 'dns_server' DHCP
option field when the VMs send DHCP request if the subnet's dns_nameservers field
is not defined by the user.
This patch sets the hieradata - 'neutron::plugins::ml2::ovn::dns_servers' to the
defined OVNDnsServers t-h-t param.
Change-Id: I80574f7badfcc618254266051c8d6661c08e2be0
Closes-bug: #1774052
There are now duplicate places where environment files for deployments
are kept. Those include environments/ and environments/services. The
files in environments/ are incorrect and should be removed to leave only
a single place (environments/services) to store docker services.
environments/services-baremetal house the legacy bm services.
This patch also adds a missing docker service for SFC so that we can
also include an ODL SFC docker env file.
Change-Id: If70818db9577b7d80c4acd0d0577d9432b5c8bef
Signed-off-by: Tim Rozet <trozet@redhat.com>
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.
This change removes the old templates necessary to
support deployment of Ceph via puppet-ceph.
Implements: blueprint remove-puppet-ceph
Change-Id: I17b94e8023873f3129a55e69efd751be0674dfcb
Since we're aligning the overcloud/undercloud and we've switched to
containerization it, we should reuse the same heat services rather than
duplicating the services with the Undercloud definition.
Depends-On: Ic7dba7e548f85574cce2db23e3fec5c8ea761bb7
Change-Id: I497597a47533375f34a22a56e2e9a145d9393358
Related-Blueprint: containerized-undercloud
Neutron OVS DVR requires a L3 agent container with a special
configuration on the compute node.
Change-Id: Iab06c11de90b8ebc7dc6bd946367e5693a4a0f71
Closes-Bug: #1717316
Mark regular non-containerized services with FIXME
to be switched, once it is containerized
Do not mark yet an external/backend/plugin/host-config
related puppet services templates with that FIXME
Mark puppet/services/ceph- related templates as TODO
switch it to containerized ceph-ansible eventually, maybe.
Change-Id: Ib9fbad05eeb57dc641499fbf411cb5870da7a8e9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Move new files, which made it into environments/services-docker.
Ensure YAML validate will not pass for environments/services-docker
any more.
Change-Id: If16cf6bdafa8e10480134d356a7d7787f1c0bd72
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This option must be enabled in a controller to be selected for hosting
a gateway router. But it is missing in DVR environment files. So when
these files are used for the deployment, vms were not able to reach
external network. So adding this option for DVR files.
Change-Id: Ibfc9baf3aca55b49cc197758cbf5a0df9daa8b9b
Closes-Bug: 1766183
Use the existing nova-compute cellv2 discovery logic for nova-ironic too, now
that we have the --by-service flag.
The nova_api_discover_hosts.sh script will now wait (up to 10 minutes) for all
nova-compute and nova-ironic services to register, then run host discovery
with --by-service to create host mappings for all services. We no longer need
ironic nodes to be deployed on the nova-ironic services for discovery to work.
We also no longer need to enable the priodic job.
Related nova change Ie9f064cb9caf6dcba2414acb24d12b825df45fab
Related-Bug: #1755602
Change-Id: I723237ae7285f3babd6eceb1ce7da4e2734d1e4f
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.
It should also be enabled on undercloud.
Also enables ``baremetal`` ML2 mechanism driver on undercloud.
Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
Current environment files for DVR setups using OVN as a backend are
missing Metadata service. This patch is adding it for both HA and non
HA configurations.
Change-Id: I9bf016e838f193918dc74278b1aaaaa8e7919421
Closes-Bug: 1763044
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
The services-docker env files now all reside in
services and became defaults. We need to delete those
copies to not allow desync of contents.
Depends-On: I48dd13dd574147950a8f20f39b8f5c84ca7d2c6c
Depends-On: I1e264a03b10c1a5244e9a604c45c608c19037827
Change-Id: I0c343e3dd01ad864bad8c7632261c9db4b28b5df
Update the defaults in environments/services/masquerade-networks.yaml
so it'll configure correct IPtables rules to allow overcloud nodes in
OVB jobs to reach external network (via 10.0.0.0/24).
Change-Id: I58c846ebe22b7bfd9115963250305be95f2503cb
Zaqar was using mongodb by default but we haven't supported mongodb
since pike. This change switches Zaqar to use redis by default.
Change-Id: If6ed9fddf4a4fcff3bb9105b04df777ec8a8990e
Closes-Bug: #1761239
To port what has been done in instack-undercloud, we need a new service
to manage IPtables rules when we need to redirect network through the
undercloud via masquerading.
It was done in instack-undercloud via bash, it'll now be done in THT via
a service, disabled by default and that will be activated in CI when
deploying with a containerized undercloud.
Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: Ic9a2626e73d132c3be7ff14a1f4cdba0c16c5b53
Change-Id: I93ff9a3bebcec1bc7ee188f9ec00feafca2c5117
This updates the relevant environment/services templates so that
they also default to docker. Without this change users of these
services could end up with mismatched (unsupported) deployments.
Additionally, this picks environment/services-docker as the
source of truth when resolving collisions for moving those over
environment/services. So environment/services now contain all of
the containerized services' env files used to be located in
environment/services-docker. The latter will be deleted later to
prevent future desync of contents.
Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I923731f46ea26582160a11d2dfe85792ab74110b
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
Using this, users can assign already available parameters
such as ovs_use_veth in lbaas_agent.ini and
ovs_integration_bridge in neutron.conf
Depends-On: I023e0476e574d5a4c13d66da390aa13016566058
Change-Id: I899fe9217cccbbf80113c74a77cc70961fe40f42
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5
Precision Time Protocol (PTP) is a protocol used to
synchronize clocks throughout a network. When used
in conjunction with hardware support, PTP is capable
of sub-microsecond accuracy which is far better than
is normally obtainable with NTP.
Change-Id: I98a1833db28944cfd5a89e4f28c192bb9af8ebbb
Depends-On: Idc78df3a90b73be504480bc9d33a3f0041d2d84f
In 6d55417f80384ead56e176beec9e2fc4eb162d61 cloudwatch api
has been removed from heat. This has been deprecated/disabled
in Pike by default. So good to remove it's support Queens.
Change-Id: I704631456eb1f791c6f2290d8feb7b82cae92579
Previously these environment files were pointing to a version of
the services implemented using puppet-ceph, now they are migrated
to using ceph-ansible.
Change-Id: I159e2e9408dc5749ec0c287ef06aa0b1421b7d88
Closes-Bug: 1744714
The parameter PublicSSLCertificateAutogenerated was added in
resource_registry section in environment file in change
I299e6052e6a872c3907184b635d218a806d906e0, moving it to
parameter_defaults section.
Change-Id: Ib454a080c910e2cd2dae22a11d04794824dcb9ad
Closes-Bug: 1731480
Ceilometer API, Collector and Expirer are removed from upstream,
so lets clean these deprecated services.
Change-Id: Ifd28a3029cd39644833ab0e9fc66efb7b5b67c9d