When support for routed provider networks and Ironic was
added in tripleo the mechanism driver was only enabled
for the undercloud.
Override the NeutronMechanismDrivers parameter to add
'baremetal' mech driver in the Ironic service environment.
Closes-Bug: #1812936
Change-Id: I555684541846f325c02c0fd8cb9c82ac4b8ede5b
Update THT to align with puppet-tripleo changes made in [1]
- Add new CinderNetappPoolNameSearchPattern parameter
- Deprecate CinderNetappStoragePools parameter
- Remove previously deprecated CinderNetappEseriesHostType parameter
[1] https://review.openstack.org/570406
Fix relative path in file the sample-env-generator uses to generate
environments/storage/cinder-netapp-config.yaml.
Change-Id: I813ca60eb5ce9e008e1b72e88d83709d3125676f
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.
Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
e0e885b8ca3332e0815c537a32c564cac81f7f7e moved the cellv2 discovery from
control plane to compute services. In case the computes won't have access
to the external API the service check will fail. This switch the service
check to use the internal endpoint.
Change-Id: I234db0866fb6f1adefdcf7a2b2a82412e443b7c9
Closes-bug: 1812632
The NBD protocol previously runs in clear text, offering no security
protection for the data transferred, unless it is tunnelled over some
external transport like SSH. Such tunnelling is inefficient and
inconvenient to manage. Support for TLS to the NBD clients & servers
provided by QEMU was added. In tls-everywhere use case we want to
take advantage of this feature to create the certificates and configure
qemu to use nbd tls.
Closes-Bug: 1793093
Depends-On: Ifa5cf08d5104a62c9c094e3585de33e19e265110
Depends-On: I1db1b60be4907511f0ec0f5aa0f0a45e1c5d9b45
Depends-On: I347881cf4822583179c0c042c42fa1e33dbcedd2
Change-Id: I7d9df304d75bdbe36ecdfe50e5ce6b42a53063cc
The ones in environments/ssl/ are preferred instead. These have been
available since pike.
Change-Id: I84a7b354ede46d6ec88964e5dcbd5678d89c8c0f
Depends-On: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80
We have yet Nova for SSH keys management, when deploying a standalone
cloud. Allow Octavia deployments for such a case as well.
Jinja2 rendering of the octavia service template provides that
functionality by relying on a new role tag 'standalone'.
Change-Id: I69f3623646ec5b65109e0a4f0c16139018da9282
Closes-bug: #1806113
Co-Authored-By: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Added support for setting the Barbican option
always_set_cka_sensitive. The option defaults to true as
needed by Safenet HSMs. It is set to false in the ATOS
and Thales HSM environments.
Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of sahara services has been removed.
Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
The merge-new-params-nic-config-script.py previosly had the
'Controller' role as the default for --role-name. It is not
obvious that this parameter must be changed when merging
nic config templates.
Remove the default and make the argument required. Improves
UX since user error is less likely.
Making the mistake of using a Role with too many networks
is'nt as forgiving since we now only pass parameters for
the role.networks.
Related-Bug: #1800811
Change-Id: Iff9e364db66ad09a30ac10a7814a3c01d50caf58
This is a new service required for sharding containers.
It is disabled by default and can be enabled by setting the
SwiftContainerSharderEnabled to true.
Change-Id: I73119496ca6dd99b2f42f97529ad91273735c848
Overlay tunnel endpoints are supported only on
IPv4 address. Now that OVS and Neutron support
having v6 endpoints, edit network enviroment
files in TripleO to allow this.
Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04
Closes-Bug: #1793239
Adding GlanceInjectMetadataProperties & GlanceIgnoreUserRoles to
inject metadata properties to the image with specific user roles
to be ignored for injecting metadata properties in the image.
Depends-on: I02482dff7b1412d6254ce82d80257ce26c23430d
Change-Id: Ie6504f73fd5f7492389d6c55a89c66b8ca568ef7
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
Since change: I07822ec0cba7eed352c0010eb893b5e5a522e95c
resources are no longer created for networks that are not
defined in roles data. While this is an improvement we
need to communicate this change.
There is tribal knowledge and documentation that failed
reflect the requirement to add networks to roles data
since the introduction of composable networks in Pike.
Prior to Pike adding a network to a role was achived by
overriding the resource_registry entry to not use the
noop.yaml fake port (fall back to ctlplane) template.
i.e to add External network to compute role the
following was commonly added to network-environment.yaml
OS::TripleO::Compute::Ports::ExternalPort:
../network/ports/external.yaml
NOTE: Current OVN-DVR and ODL doc's downstream uses the
resource_registry override, whitout also adding
the network to roles data.
Related-Bug: #1800811
Change-Id: I6c03c7a2bd6f369bf35a9e479a97302c9a455197
Adds new roles for DistributedCompute and DistributedComputeHCI. These
roles closely match the existing Compute roles but also include the
CinderVolume service.
implements split-controlplane
Change-Id: Ia7f5ba93a9fc31b4653e6cbd9b3e5d8f00d26a27
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.
This patch addresses the templated transport_url urls as part 2.
Nova support added here:
https://review.openstack.org/#/c/578163/
Change-Id: I889dcf632b3306ce7e56ac5394884c7c72481833
Related-Bug: 1808134
neutron-ovs-dpdk.yaml and neutron-sriov.yaml files have duplicates,
deprecate one of them, so that it can be removed in next release.
Change-Id: I0dd3bd0f355755433e8092ef2e23e8f3d1657b18
Prior to routed networks we only had one subnet per network.
With routed networks each network can have multiple subnets.
The NetCidrMapValue should contain a list storing the cidr
of each subnet for each network.
Ceph:
list_join is used to make a comma separated list of
cidrs for public_network, monitor_address_block,
cluster_network and radosgw_address_block.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: Ia8e219b30d4f8b199b882e95fe2834252a92c15a
Depends-On: I1ace0a02e6aa2610559fee0d8576e6f1bc98d699
Change-Id: I68e064d23ec5d43f59146d974cae604d2c5fdb52
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.
Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.
a) For the Vip's:
Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
b) For overcloud node ports:
Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:
- name: <role_name>
networks:
<network_name>
subnet: <subnet_name>
For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.
When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.
Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
