289 Commits

Author SHA1 Message Date
lkuchlan
a2d0899f9c Add ContainerImagePrepare service to ControllerStorageNfs role
While using ControllerStorageNfs role images are not pushed to local registry,
since ContainerImagePrepare service is missing in ControllerStorageNfs role.

Closes-Bug: #1814057

Change-Id: Iafe7bf37d7d04eed32a32b8881fab48fdc9f9dd6
2019-02-04 14:10:53 +00:00
Zuul
52d887eae8 Merge "Remove networks from Undercloud and Standalone roles" 2019-01-25 21:40:44 +00:00
Zuul
63a657d2f4 Merge "Remove all glance-registry related changes" 2019-01-24 00:00:44 +00:00
Simon Dodsley
f77d8e7909 Add missing entries for Pure Storage Cinder Backend and fix typos
Closes-bug: 1807195
Change-Id: Ibaaaab9d4169829c0f71cf7acea25971b4526695
2019-01-23 09:34:13 -05:00
Pranali Deore
2dcd56041c Remove all glance-registry related changes
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.

Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
2019-01-22 15:07:29 -07:00
Harald Jensås
e8a53f56f2 Remove networks from Undercloud and Standalone roles
Change https://review.openstack.org/614457 added these
networks because of the defaults in ServiceNetMap. With
changes related to LP Bug #1809313 these are no longer
required, as the ServiceNetMap fall's back to ctlplane
when networks are not defined or disabled in networks
data.

Related-Bug: #1809313
Depends-On: I102912851a3b9952daaf7c4d5a34a919f527f805
Change-Id: Ic4f22692f93db4ce0db0f4fbc83eca6b492b28e7
2019-01-21 19:36:13 +01:00
Bogdan Dobrelya
2a5baa5979 Allow Octavia deployments for Standalone
We have yet Nova for SSH keys management, when deploying a standalone
cloud. Allow Octavia deployments for such a case as well.
Jinja2 rendering of the octavia service template provides that
functionality by relying on a new role tag 'standalone'.

Change-Id: I69f3623646ec5b65109e0a4f0c16139018da9282
Closes-bug: #1806113
Co-Authored-By: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-18 10:36:06 +01:00
Zuul
0ec13316a5 Merge "Add Distributed Compute roles" 2019-01-10 15:48:51 +00:00
Zuul
5dc292d198 Merge "Configure undercloud timezone" 2019-01-09 11:49:48 +00:00
Alex Schultz
3f69b76531 Configure undercloud timezone
Add timezone service to the undercloud role so that it is properly
configured when we install the undercloud.

Change-Id: I4814cfb52f57d8260cda61adb6ac20609f435846
Depends-On: https://review.openstack.org/#/c/628015/
Closes-Bug: #1784068
2019-01-07 15:42:43 -07:00
James Slagle
f555e4b422 Add Distributed Compute roles
Adds new roles for DistributedCompute and DistributedComputeHCI. These
roles closely match the existing Compute roles but also include the
CinderVolume service.

implements split-controlplane

Change-Id: Ia7f5ba93a9fc31b4653e6cbd9b3e5d8f00d26a27
2019-01-07 16:07:43 -05:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Zuul
950640ad52 Merge "Use templating for nova cell database_connection" 2019-01-07 14:02:29 +00:00
Zuul
0e68a0e30f Merge "L3 routed networks - subnet fixed_ips (3/3)" 2019-01-04 20:38:01 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Zuul
e286e2175e Merge "Exclude redundant letters" 2019-01-04 02:42:42 +00:00
Harald Jensås
2f2d8183e6 L3 routed networks - subnet fixed_ips (3/3)
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.

a) For the Vip's:

Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:

parameter_defaults:
  VipSubnetMap:
    ctlplane: ctlplane-leaf1
    InternalApi: internal_api_leaf1
    Storage: storage_leaf1
    redis: internal_api_leaf1

b) For overcloud node ports:

Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:

- name: <role_name>
  networks:
    <network_name>
      subnet: <subnet_name>

For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.

When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.

Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
2019-01-03 19:07:20 +01:00
Zuul
1654d371d3 Merge "Add deprecated_server_resource_name for ObjectStorage role" 2019-01-03 08:10:43 +00:00
Oliver Walsh
7288062676 Use templating for nova cell database_connection
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.

This patch addresses the templated DB urls as part 1.

Nova support added here:
https://review.openstack.org/#/c/578163/

Related-Bug: 1808134

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: If30b4647bca210663a22fd653e752d4d57345bdd
2018-12-20 16:30:00 +01:00
Zuul
ca0fb1986e Merge "Add comments clarifying use of deprecated_params for roles" 2018-12-20 01:51:13 +00:00
Quique Llorente
62b54268af Run local registry and prep cont at standalone
The standalone job were not running yum update on the containers, to do
so we need to specify the updater paremters in the
container-prepare-parameters [1] and also we have to activate the docker
local registry, call the conatiner prepare service and activate registry at
podman.

[1] https://review.openstack.org/#/c/621517/

Change-Id: I74e817bc9b9dd522db3da7753c91a3884d99f8c8
Related-Bug: #1805968
2018-12-11 17:46:16 +01:00
Zuul
a0cf19837b Merge "Allow to skip docker reconfiguration during stack update" 2018-12-11 10:38:51 +00:00
Zuul
769f18f0f5 Merge "Check for available networks for a role" 2018-12-05 19:01:14 +00:00
Bob Fournier
08071d0ba2 Add comments clarifying use of deprecated_params for roles
Add comments to address issues found during test.

Change-Id: I568579c37c2578cefe8924cba9c0a9c071afd693
2018-12-03 16:04:01 -05:00
Mike Fedosin
0101b46387 Allow to skip docker reconfiguration during stack update
When installing OpenShift by means of TripleO, after
the initial docker configuration, openshift-ansible
also adds several parameters there.

Then, if we want to remove a single node, then a stack
update is performed, which returns the configuration
to its original state. In other words, it removes all
parameters added by openshift-ansible, which breaks OpenShift.

This commit adds the ability to disable reconfiguration of
docker at the time of stack update for all roles associated
with OpenShift.

Closes-Bug: #1804790

Depends-On: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Change-Id: If202be5d27d81672e39cbe21867459d277220e23
2018-12-03 13:20:38 +01:00
gaobin
5787e1784c Exclude redundant letters
Change-Id: I2518fd45307788a65dbdbc10e748b23f68be7f71
2018-11-28 18:33:15 +08:00
Harald Jensås
eaa8f8c2e9 Add Storage network to IronicConductor role
When Ironic uses the 'direct' deploy interface it requires
access to swift. To access swift it needs the storage
network.

Change-Id: Ie49b961bb276dff0e5afbf82b450caa57d17f6ff
2018-11-27 07:27:09 +00:00
karthik s
512c032a0b Add bootparams service for all roles
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.

Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
2018-11-19 05:02:07 -05:00
Rabi Mishra
5d275fb922 Check for available networks for a role
For network isolation, we specifcy available networks for role.
Therefore, there is no point in creating noop network resources for
networks that are not available/connected. This results in redundant
host entries for not available networks on overcloud nodes.

If a network is not available for a role we don't need to create
those extra noop resources.

For Undercloud/Standalone role we keep all networks in roles data
as the default ServiceNetMap specifies non ctlplane networks though
they map to ctlplane.

Change-Id: I07822ec0cba7eed352c0010eb893b5e5a522e95c
Closes-Bug: #1800811
2018-11-19 10:14:34 +05:30
Martin André
7cf777eac3 Remove unused networks from OpenShift roles
The StorageMgmt and Tenant networks are not used in an OpenShift
context and should hence be removed from the OpenShift roles.

Change-Id: I06951742cd4e1e203e95d49ffe1b7404f75fca70
2018-11-05 09:47:26 +01:00
Alex Schultz
653649ebbc Add OpenStack clients service
We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.

Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
2018-10-26 16:25:35 -06:00
Zuul
440fd70277 Merge "Allow standalone to manage selinux" 2018-10-22 21:31:07 +00:00
Zuul
92f4b9afff Merge "Let openshift-ansible configure the firewall" 2018-10-22 20:49:20 +00:00
Zuul
635068aad4 Merge "Use Timesync service instead of Ntp" 2018-10-22 10:44:27 +00:00
Zuul
c54caa569d Merge "Add OS::TripleO::Services::Rhsm to OpenShift roles" 2018-10-22 10:31:21 +00:00
Emilien Macchi
0c5ba2fbe4 Add OS::TripleO::Services::ContainerImagePrepare to ControllerOpenStack
This service was in Controller but not in ControllerOpenStack.
Prepare service which causes overcloud deployment fail due to missing
images.

Change-Id: I7e1ffd3a50714c825f4091d7c0aee2d895ad72a1
Closes-Bug: #1798670
2018-10-18 16:06:25 -04:00
Alex Schultz
7451fc44de Allow standalone to manage selinux
In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.

Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910
2018-10-17 08:43:49 +00:00
Martin André
26c108b174 Let openshift-ansible configure the firewall
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.

Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.

Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
2018-10-12 16:36:20 +02:00
Martin André
e2f7392c4a Use Timesync service instead of Ntp
At the moment the 'OS::TripleO::Services::Timesync' service is
synonymous to 'OS::TripleO::Services::Ntp'. Let's use the more generic
Timesync service to pick up the new default in the event the value for
'OS::TripleO::Services::Timesync' changes.

This better aligns with the rest of the roles.

Change-Id: I44f706ce7dd1909ffd3805337fc6d9a5ce6de80f
2018-10-12 16:36:20 +02:00
Martin André
a9f3874217 Add OS::TripleO::Services::Rhsm to OpenShift roles
The OpenShift roles should include the OS::TripleO::Services::Rhsm
service for Red Hat Subscription Management so that the provisioned
nodes can register with a Satellite or CDN.

Add the Podman service to OpenShifAllInOne to be more consistent with
other roles.

Change-Id: I08862635c68eddbb0940863c43867ece1b289ee5
2018-10-12 16:36:20 +02:00
Martin André
39df80b332 Use glusterfs for registry when deploying with CNS
The OCP documentation [1] recommends to use a dedicated GlusterFS
cluster for the image registry. Let it be the default when deploying
with CNS.

[1] https://docs.openshift.com/container-platform/3.10/install_config/persistent_storage/persistent_storage_glusterfs.html#install-advanced-installer

Change-Id: Ife73d7c50c304cff7cd05e08f74855cb107f3c46
2018-10-11 11:53:20 +02:00
Martin André
81ca843ee7 Deploy openshift all in one in scenario009
Previously we were only deploying a master node. This commit adds the
worker and infra service to the deployed node and configures it as an
all-in-one node. In order to do so, we need to disable HAproxy when
deploying in all-in-one as the HAproxy instance Openshift deploys on
the infra node conflicts with the one we normally set up. They both
bind ports 80 and 443.

Also removes the useless ComputeServices parameter that only makes
sense in a multinode environment.

Change-Id: I6c7d1b3f2fa5c7b1d9cf695c9e021a4192e5d23a
Depends-On: Ibc98e699d34dc6ab9ff6dce0d41f275b6403d983
Depends-On: I0aa878db62e28340d019cd92769f477189886571
2018-10-11 11:53:20 +02:00
Zuul
8fd90c2d45 Merge "Set virt queue size as 1024 for all OVS-DPDK roles" 2018-10-08 12:25:41 +00:00
Zuul
925c5ded54 Merge "Add role definition for ComputeOvsDpdkSriov role" 2018-10-08 12:18:25 +00:00
Michele Baldessari
c2139a7db2 Fix TLS when using a containerized undercloud
Since we moved to containerized UC, TLS Everywhere deployments are broken.
Namely we miss two things:

A. The NAT iptables rule for the nova metadata service to be reachable
B. The setting 'service_metadata_proxy=false' needs to be set for nova
   metadata otherwise the curl calls to setup ipa will fail with the
   following:
[root@overcloud-controller-0 log]# curl http://169.254.169.254/openstack/2016-10-06
<html>
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
  X-Instance-ID header is missing from request.<br /><br />
 </body>
</html>

A. Is fixed by adding a conditional iptables rule that is only triggered
   when deploying an undercloud (where we set MetadataNATRule to true)

B. Is fixed by setting NeutronMetadataProxySharedSecret to '' on the
   undercloud and then setting the corresponding hiera keys only when
   the parameter != ''. We tried alternative simpler approaches like
   setting NeutronMetadataProxySharedSecret to null but that will break
   heat as the parameter is required and setting it to null breaks heat
   validation (we also tried to make the parameter optional with a
   default: '', but that broke as well)

While we're at it we also remove the neutron metadata service from the
undercloud as it is not needed.

Tested by deploying an undercloud with this change and observing:
A.
Chain PREROUTING (policy ACCEPT 106 packets, 6698 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REDIRECT   tcp  --  br-ctlplane *       0.0.0.0/0            169.254.169.254      multiport dports 80 state NEW /* 999 undercloud nat ipv4 */ redir ports 8775

B.
grep -ir ^service_metadata_proxy /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf
service_metadata_proxy=False

Also a deployment of a TLS overcloud was successful.

Change-Id: Id48df6db012fb433f9a0e618d0269196f4cfc2c6
Co-Authored-By: Martin Schuppert <mschuppe@redhat.com>
Closes-Bug: #1795722
2018-10-06 13:25:18 +00:00
Zuul
5d2b9a420e Merge "Configure haproxy for openshift infra" 2018-10-06 12:46:01 +00:00
Zuul
b600b860c0 Merge "Update standalone role" 2018-10-02 18:52:00 +00:00
Zuul
714680051e Merge "Introduce OS::TripleO::Services::Podman" 2018-10-02 11:45:36 +00:00
Zuul
453f3dae50 Merge "Add networks to IronicConductor role." 2018-10-02 03:07:30 +00:00
Emilien Macchi
7bebdefda8 Introduce OS::TripleO::Services::Podman
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.

For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.

Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.

Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
2018-10-02 01:47:46 +00:00