This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.
Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
The Cloudflare DNS we are using in the disable-unbound CI
environment for OpenShift works fine in CI, but my ISP seems to
block it. This makes reproducing that job locally difficult. I had
success with the secondary DNS from Cloudflare, so this patch just
adds that to the resolv.conf.
If we were going to keep this disable-unbound solution for a long
time it would probably be better to have this be a template and
allow user configuration. However, my understanding is that this
is a temporary solution, so investing in complicated patches to
wire in a configuration option that will go away seems like
wasted effort.
Change-Id: I7b93efcd76b651807dff3c18885b8d291feffd3e
Each OSD can only host maximum 200 PGs, in scenario004 we create 9
pools to enable MDS/Manila and RGW so we need to lower the PGs
count further, compared to scenario001.
Also lowers the values in low-memory-usage.yaml environment file.
Change-Id: If95a0e3fe5aeef61f9712d8006e0f49c11a0c90f
Closes-Bug: 1781910
Nameservers are configured on the ctlplane subnets by the
undercloud installer, the nameservers are used early during
the deployment, prior to running os-net-config.
Remove the default DnsServer's in THT, replacing it with
an empty list and use get_attr to get the values for
DnsServers for the overcloud from the ctlplane subnet(s).
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not [] (default)
to provide backwards compatibilityi and in case the user
want to use different DnsServers for the overcloud and
undercloud.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd
The route to metadata service is set up in host_routes
of ctlplane subnets by extraconf post deploy::
extraconfig/post_deploy/undercloud_ctlplane_network.py
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'EC2MetadatIp' used in the THT/network/config/* templates.
Changes the default for 'EC2MetadatIp' to ''.
Removes the comment that the value should be overriden in
parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the
user set a different value for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'EC2MetadatIpLeafX' parameters for each leaf. By getting
the value to pass from the server resource this change
reduces the required nic-config template customisation.
(Reduces the risk of user error.)
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I9c019ec840a44ca8c5f98be55daea365bc6554ec
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'ControlPlaneDefaultRoute' used in the THT/network/config/*
templates.
Changes the default for 'ControlPlaneDefaultRoute' to ''
as well as the comment that the value should be overriden
in parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the
user set a different value (different from the one used in
undercloud.conf) for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'ControlPlaneXDefaultRoute' parameters for each leaf. With
8 Leafs in addition to the network local to the undercloud
that is 8 parameters less to place in the configuration.
By getting the value to pass from the server resource this
change reduces the required nic-config template
customisation (reduces the risk of user error).
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5139249d55e9ac01761c270b8c0f31ef35595940
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'ControlPlaneSubnetCidr' used in the THT/network/config/*
templates.
As the value is now resolved from resource attributes,
this changes the default for 'ControlPlaneSubnetCidr' to ''
as well as the comment that these value should be overriden
in parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the user
set a different value (different from the one used in
undercloud.conf) for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'ControlPlaneXSubnetCidr' parameter (in case the subnet
mask is not the same for all the routed network leafs).
With 8 Leafs in addition to the network local to the
undercloud that is 8 parameters less to place in the
configuration. By getting the value to pass from the
server resource this change reduces the required nic-config
template customisation (reduces the risk of user error).
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I92ee0f9a2107cdf1ca5903d3756a235a79c36c73
After CI scenario deployment is finished the container ends in unhealthy
state because sensu-client is not successfully connected to RabbitMQ.
We will need to implement default connection to overcloud RabbitMQ instance
for the service to have this service deployed in CI job.
Change-Id: I1aec0c71a945c06a6d914638b45cae074288a90d
Closes-Bug: #1781108
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
This commit updates the openshift templates to deploy openshift 3.9
instead of 3.7.
Update the default playbook path to the one expected by
openshift-ansible 3.9.
Update the default openshift-ansible variables and move them in the
template where they belong. They can be overridden individually via the
OpenShiftGlobalVariables heat parameter.
Disable unbound on the openshift nodes in CI as it is listening on port
53 and is preventing openshift to start its own DNS service.
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Depends-On: I6f123cd71a23fb15aaa2005f7397fc98fdaf187a
Depends-On: I27ad9d168af575da8c4f5094152c94e2fa03987c
Change-Id: Ifc3d25fa590cfba1fa64ed0266c76c9342a7aa4f
By setting the value of rule_name explicitly, we prevent backward
incompatibility issues because the default which ceph-ansible uses
might fit a particular version of Ceph, not all.
Change-Id: I275c1ca53ea79eea607cbbb58aa21cae6d6be80b
Closes-Bug: 1776252
Also remove OS::Heat::None mappings for resources that are not part of
the deployed roles.
Depends-On: I85c4390519ace0149895285225f5a4ece453f1f8
Change-Id: I55e8b25a4fb0b4839be5d741acdceec5dad903ad
This ensures the docker service on the openshift nodes is able to pull
from a local registry if configured this way.
Change-Id: Ifd48b2e6500b10d108985a4a9f1d73493d404134
Depends-On: I31494ff8524b90343e6e8c67bd08a354837ecc45
Add an OPNFV scenario environment that uses ODL for overcloud
networking and OVS for virthost networking.
Depends-On: I33602ac5521c4f059c1a0d08e3e828fb64d3c817
Depends-On: Ib7968c46a59f266c20628c36178d2235ad833915
Depends-On: I37405e41ec0f85249cef87c09c966cbe0f9baddf
Change-Id: If1f476bb933106456df3568978b4555dde190621
The keystone role needs to be on the same node as the mysql/haproxy node
due to a TLS requirement that the haproxy be on the 'primary' tagged
node. Since the keystone bootstrap stuff only runs on the primary node
as well, they need to be tied together.
Change-Id: Ifa7ed93993082466a2a6ddff56bee58b074be512
Closes-Bug: #1768142
The hook for os-net-config in multinode NIC config templates contains
a call to `ovs-vsctl del-br br-ex` to remove the bridge we got from
nodepool and initialize network config. We need to avoid executing
that again on upgrade, or the Ansible process running the upgrade gets
stuck.
Change-Id: Ie36342402426d74fd528e320d60adc951bf8c9ac
Closes-Bug: #1772040
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
It was missing tags which were necessary for the role to get the
appropriate certificate [1]. So, without these tags, the certificate
wasn't persisted in the node, and the job would fail if TLS would be
enabled. This was discovered as part of the "Public TLS by default"
work.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/role.role.j2.yaml#L565
Change-Id: I46ee2ef837da51be4db30a8c059b82cb1a8c3606
This change removes the NeutronExternalNetworkBridge parameter from
the CI environment files, since the default value is now the same
as the value in the environment files, and it will be removed
entirely as it is deprecated.
Change-Id: Ia1b879f33fcd8d6eae149feb4dc1d362aa341cce
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
Removes hardcoded references to the Ceph container image to use
in CI to rely (and test) the tripleoclient default.
Change-Id: I7f028e31eb5e993aa6af9b7f2c19f64ed45224dd
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
OVN configuration was not done when deployed with
scenario007 as default for NeutronMl2PluginBase was
used which is neutron-plugin-ml2.yaml. This patch
fixes this to use neutron-plugin-ml2-ovn.yaml which
correctly configures neutron for ovn metadata.
Change-Id: I7cadd0567951b85c1ba69d4b4843ee29b67e7a11
Closes-Bug: #1757134
The ceph-container project is moving to a new style of tags for
Ceph. Update scenario001/004 to pull Ceph container images using
the new tags.
Change-Id: I2a6a7c5fb5148e951f85850c09be7cbb59fce0f8
A very basic deployment to be used with free-ipa, and upgrade ci.
There may be other valuable uses for this deployment as well.
Tested-With: https://review.openstack.org/#/c/540114/
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I433297dcd597e49a2ffccc2e61118bbba69f883c
These relative paths were incorrect given where these environment files
live in the templates directory tree.
These environment files aren't actually used by ci as their equivalent
network-isolation-absolute.yaml versions are preferred. However, if we
fix these paths we could consider switching ci over to use these as it's
arguable more preferrable instead of the hardcoded packaged path.
Change-Id: Ib0e4779c4883776e25bf7eb5aee60a91ce28a73d