With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.
Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
The service is disabled by default but we need it in the registry so we
can enable it later in CI:
https://review.openstack.org/#/c/612526
Change-Id: I74466e6f9148d124734aeac9e06d85f4917abdba
Used by a new featureset[1] that uses the neutron ansible-networking driver
to configure the switch providing networking for overcloud ironic
nodes such that tenant networks are segregated via vlan.
This scenario also sets up ssh keys so that ansible inside the neutron
container can ssh to the controller to configure OVS.
The new scenario also includes a temporary workaround to upgrade
ansible in the neutron container, this can be removed once ansible
in the container is v2.5.8+
Also remove scenario011 as the patches that used it never merged and
now the tennant networks are working in the overcloud, we'll test
with this instead.
[1] - https://review.openstack.org/#/c/579601/
Change-Id: Ife83825216ccb96a5f24918f42a757d0c48b0e9d
This variable is used in the docker_image_availability check to
determine how to query the registries for image availability. Setting
this variable allows us to enable the docker_image_availability check
in the gate.
Change-Id: Ia1da542d342228bb28ad487371fad8d3ffc62d0b
Previously we were only deploying a master node. This commit adds the
worker and infra service to the deployed node and configures it as an
all-in-one node. In order to do so, we need to disable HAproxy when
deploying in all-in-one as the HAproxy instance Openshift deploys on
the infra node conflicts with the one we normally set up. They both
bind ports 80 and 443.
Also removes the useless ComputeServices parameter that only makes
sense in a multinode environment.
Change-Id: I6c7d1b3f2fa5c7b1d9cf695c9e021a4192e5d23a
Depends-On: Ibc98e699d34dc6ab9ff6dce0d41f275b6403d983
Depends-On: I0aa878db62e28340d019cd92769f477189886571
Remove scripts and templates which dealt with Pacemaker and its
resource restarts before we moved to containerized deployments. These
should all now be unused.
Many environments had this mapping:
OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
The ControllerPostPuppetRestart is only ever referenced from
ControllerPostConfig, so if ControllerPostConfig is OS::Heat::None, it
doesn't matter what ControllerPostPuppetRestart is mapped to.
Change-Id: Ibca72affb3d55cf62e5dfb52fe56b3b1c8b12ee0
Closes-Bug: #1794720
NeutronEnableDHCPAgent is no longer consumed anywhere in OpenStack so
this patch is removing all occurrences of it in the environment files.
Change-Id: I042944c3f24d22fa60d4ed13fd9a56c5b93f465f
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
It isn't useful for much of anything in a production deployment
and it conflicts with the local DNS server in CI.
Change-Id: Ied3ecdc71bfdf9bb6439e2c9464aa01346e69226
Closes-Bug: 1795043
Enabling Ceph on scenario010 allow us to test conversion of amphora
image format from QCOW2 to RAW in octavia-undercloud role in
tripleo-common.
This patch also removes NeutronServicePlugins from being set (in line
with I3da329db28701c7e9798083982953c5c9c861c50) and unchecks Octavia
from scenario003 in the service testing matrix set previously by
mistake.
Partial-Bug: #1778303
Related-Bug: #1722758
Change-Id: I717301dc0777ecd2118253a86cd1f8353539482f
This patch adds a new role called OpenShiftInfra which is required to
define infra nodes. We've been bundling infra nodes with compute and
master nodes and they ought to be independent.
With the new node label management introduced in openshift-ansible, it
sounds like this is a good time for us to unbundle these nodes.
Co-Authored-By: Martin André <m.andre@redhat.com>
Depends-On: I291b6ac65eaa1a015bca2ee2bc1be90b0ea0aadc
Change-Id: I4f8127a9e2d822057f3db8f0974ab1db0698985a
As there are several log path that are not set properly to be used by fluentd.
Fluentd needs to be enabled on the scenarios to be able to check the path properly.
This patch only enables fluentd on scenario002-multinode-containers.
Change-Id: If253da4f0f89221dc6ddacc280c984079c6a3c7f
There are scripts that need some customized parameters (infrared
uses freeipa_setup.sh for example). And sometimes it is convenient
to be able to disable dns verification for example.
Change-Id: Ie605aade96dc690e6b52f55bdf1526c8fd51de6c
This change includes the service
OS::TripleO::Services::ContainerImagePrepare by default in the overcloud
which will trigger a container image prepare in the same way as is
currently done for the containerized undercloud.
Along with the mistral action which populates the container image
parameters, this change makes blueprint container-prepare-workflow
functionally complete.
Change-Id: I8b0c5e630e63ef6a2e6f70f1eb00fd02f4cfd1c0
Blueprint: container-prepare-workflow
This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.
Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
This change adds a new {{network.name}}InterfaceRoutes
parameter to network config templates. It takes a list
of routes i.e:
[{'destination':'10.0.0.0/16', 'nexthop':'10.0.0.1'}]
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Partial: blueprint tripleo-routed-networks-templates
Depends-On: Ifc5aad7a154c33488a7613c8ee038c92ee6cb1a7
Change-Id: I90aea46d3addab9792c7c9d4feff5c5f61520b9b
The Cloudflare DNS we are using in the disable-unbound CI
environment for OpenShift works fine in CI, but my ISP seems to
block it. This makes reproducing that job locally difficult. I had
success with the secondary DNS from Cloudflare, so this patch just
adds that to the resolv.conf.
If we were going to keep this disable-unbound solution for a long
time it would probably be better to have this be a template and
allow user configuration. However, my understanding is that this
is a temporary solution, so investing in complicated patches to
wire in a configuration option that will go away seems like
wasted effort.
Change-Id: I7b93efcd76b651807dff3c18885b8d291feffd3e
Each OSD can only host maximum 200 PGs, in scenario004 we create 9
pools to enable MDS/Manila and RGW so we need to lower the PGs
count further, compared to scenario001.
Also lowers the values in low-memory-usage.yaml environment file.
Change-Id: If95a0e3fe5aeef61f9712d8006e0f49c11a0c90f
Closes-Bug: 1781910
Nameservers are configured on the ctlplane subnets by the
undercloud installer, the nameservers are used early during
the deployment, prior to running os-net-config.
Remove the default DnsServer's in THT, replacing it with
an empty list and use get_attr to get the values for
DnsServers for the overcloud from the ctlplane subnet(s).
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not [] (default)
to provide backwards compatibilityi and in case the user
want to use different DnsServers for the overcloud and
undercloud.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd
The route to metadata service is set up in host_routes
of ctlplane subnets by extraconf post deploy::
extraconfig/post_deploy/undercloud_ctlplane_network.py
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'EC2MetadatIp' used in the THT/network/config/* templates.
Changes the default for 'EC2MetadatIp' to ''.
Removes the comment that the value should be overriden in
parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the
user set a different value for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'EC2MetadatIpLeafX' parameters for each leaf. By getting
the value to pass from the server resource this change
reduces the required nic-config template customisation.
(Reduces the risk of user error.)
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I9c019ec840a44ca8c5f98be55daea365bc6554ec
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'ControlPlaneDefaultRoute' used in the THT/network/config/*
templates.
Changes the default for 'ControlPlaneDefaultRoute' to ''
as well as the comment that the value should be overriden
in parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the
user set a different value (different from the one used in
undercloud.conf) for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'ControlPlaneXDefaultRoute' parameters for each leaf. With
8 Leafs in addition to the network local to the undercloud
that is 8 parameters less to place in the configuration.
By getting the value to pass from the server resource this
change reduces the required nic-config template
customisation (reduces the risk of user error).
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5139249d55e9ac01761c270b8c0f31ef35595940
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'ControlPlaneSubnetCidr' used in the THT/network/config/*
templates.
As the value is now resolved from resource attributes,
this changes the default for 'ControlPlaneSubnetCidr' to ''
as well as the comment that these value should be overriden
in parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the user
set a different value (different from the one used in
undercloud.conf) for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'ControlPlaneXSubnetCidr' parameter (in case the subnet
mask is not the same for all the routed network leafs).
With 8 Leafs in addition to the network local to the
undercloud that is 8 parameters less to place in the
configuration. By getting the value to pass from the
server resource this change reduces the required nic-config
template customisation (reduces the risk of user error).
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I92ee0f9a2107cdf1ca5903d3756a235a79c36c73
After CI scenario deployment is finished the container ends in unhealthy
state because sensu-client is not successfully connected to RabbitMQ.
We will need to implement default connection to overcloud RabbitMQ instance
for the service to have this service deployed in CI job.
Change-Id: I1aec0c71a945c06a6d914638b45cae074288a90d
Closes-Bug: #1781108
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
This is necessary as the settings in this file are deployment
specific, so the defaults will never be correct. For simplicity,
the enablement environment includes the sample pools.yaml content
from the Designate docs. It can then be easily modified to match
the actual intended deployment environment.
Depends-On: https://review.openstack.org/580524
Change-Id: I84cc3b06ac77c723994be0f49960a93e0dbba0ad
This commit updates the openshift templates to deploy openshift 3.9
instead of 3.7.
Update the default playbook path to the one expected by
openshift-ansible 3.9.
Update the default openshift-ansible variables and move them in the
template where they belong. They can be overridden individually via the
OpenShiftGlobalVariables heat parameter.
Disable unbound on the openshift nodes in CI as it is listening on port
53 and is preventing openshift to start its own DNS service.
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Depends-On: I6f123cd71a23fb15aaa2005f7397fc98fdaf187a
Depends-On: I27ad9d168af575da8c4f5094152c94e2fa03987c
Change-Id: Ifc3d25fa590cfba1fa64ed0266c76c9342a7aa4f