We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.
Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.
Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910
Similarly to undercloud, Swift is using only a single replica on AIO
(all-in-one standalone). Therefore recovering from a corrupted or lost object
is not possible, and running replicators and auditors only wastes resources.
And may create some trouble. For example, the DB replicators and auditors will
lock the DB, and new objects won't be stored during that time.
Related-Bug: #1797167
Change-Id: I839393bf6cbb2303a0359f8aed32b2fc67d46f6a
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This is no longer handled as the TLS handling tasks were converted
to ansible, and in the context of this series we need to remove it
because it references bootstrap_nodeid
Partial-Bug: #1792613
Change-Id: Ib32177b116f148f007574847320566e32240cf96
It was using a wrong name, which came by accident since it was
introduced to the sample environment generator.
Change-Id: I154af6d0b7ebf5cd339d5d06eaaf9b1ab66814b0
Related-Bug: #1796022
Because the designate parameters will always need to be edited for
a deployment, a copy of the environment must be made. However,
because there were resource_registry entries in the previous
enable-designate environments those relative paths would become
invalid if the file was moved. Splitting the resource_registry
entries from the user-configured parameters should eliminate this
problem.
Change-Id: I8817a36e20e7a75b340a0d6cb0abf09e57b1fd63
The pool configuration for an ha deployment of designate looks quite
a bit different from the nonha one, so it's useful to provide a
separate example environment for it.
Change-Id: I69b3c44b368bab3fff885e67fa6523fbb1c80347
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22
uses RPCUseSSL only and misses the NotifyUseSSL variable.
The reason this is a problem is that commands/services that will kick
off a notification are likely to hang due to this. Imagine the
following scenario:
1. TLS configured everywhere
2. keystone-manage bootstrap actually hangs
The reason for this is that the messaging string in the keystone container will look like the following:
[oslo_messaging_notifications]
transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0
By gdb-ing on to the keystone-manage process (thanks Damien, for the
idea) we can see that we are stuck in oslo calls connecting to rabbit
without tls
Closes-Bug: #1795462
Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8
It isn't useful for much of anything in a production deployment
and it conflicts with the local DNS server in CI.
Change-Id: Ied3ecdc71bfdf9bb6439e2c9464aa01346e69226
Closes-Bug: 1795043
The standalone role can be used either with the tripleo deploy command
to deploy locally, or it can be used with an undercloud to deploy an
all-in-one node. This change provides a sample set of environment files
for both deployment mechanisms.
Change-Id: Ibc735ac4326a9217469e368c074de8b0df7689bd
Related-Blueprint: all-in-one
Openshift Routers are located on the infra node and need to be highly
available on ports 80 and 443.
Depends-On: I5de14152904d06c49e9d5b2df6e3f09a35f23d92
Change-Id: Iee088e1279bff2cdb7a3601288804f626bff29a3
Nameservers are configured on the ctlplane subnets by the
undercloud installer, the nameservers are used early during
the deployment, prior to running os-net-config.
Remove the default DnsServer's in THT, replacing it with
an empty list and use get_attr to get the values for
DnsServers for the overcloud from the ctlplane subnet(s).
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not [] (default)
to provide backwards compatibilityi and in case the user
want to use different DnsServers for the overcloud and
undercloud.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5f33e06ca3f4b13cc355e02156edd9d8a1f773cd
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
This is necessary as the settings in this file are deployment
specific, so the defaults will never be correct. For simplicity,
the enablement environment includes the sample pools.yaml content
from the Designate docs. It can then be easily modified to match
the actual intended deployment environment.
Depends-On: https://review.openstack.org/580524
Change-Id: I84cc3b06ac77c723994be0f49960a93e0dbba0ad
For security, it is best to split authoritative and recursive
nameservers. This way a security vulnerability that only affects
one type of server won't provide an exploit for the other too.
For Designate, the managed BIND server is the authoritative one.
We can use Neutron's internal DNS server as the recursive server, or
users can point at their DNS server of choice. To make sure our
defaults work out of the box, this change enables the Neutron
internal DNS by default and users can change that if they choose.
Since that means we no longer need recursion in BIND, we should shut
it off, which this also does.
Change-Id: I4193436fdfd05bfd641fc32b58cc9bff24310a80
Remove the misleading comment from the cinder-netapp-config.yaml file in
the environments directory that claimed the file is deprecated in favor
of the 'sample-env-generator' file in the environments/storage directory.
The sample-env-generator has not been widely adopted, and the Netapp
file in the environments directory is still being maintained.
Update the sample-env-generator files so they specify the
OS::TripleO::Services::CinderBackendNetApp composable service.
Closes-Bug: 1779397
Change-Id: If0343e96700bf13c0d49c3ae3c311ada1c26a0c0
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml
UpgradeImpact: NodeTLSData is not used anymore
Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
In the case of an HA setup (ie with 3 controller nodes) if image
import method is 'glance-direct', it would require a shared
consistent staging location on the controller nodes otherwise it
might happen that the image is uploaded to one node and triggering
the import is executed on a different node - where the image does not
exist.
Hence when import method 'glance-direct' is needed, operators need to
enable it explicitly with enabling NFS across the controller nodes
to share the staging.
Change-Id: I9a5bff5e5d0c3e109b73d691cc9088904a0401ac
Closes-Bug: #1765439
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.
This change removes the old templates necessary to
support deployment of Ceph via puppet-ceph.
Implements: blueprint remove-puppet-ceph
Change-Id: I17b94e8023873f3129a55e69efd751be0674dfcb
Allow NFS configuration of storage backend for Nova.
This way the instances files will be stored on a shared
NFS storage.
Implements: bp tripleo-nova-nfs
Depends-On: Id15aec6324814a871e87f19f24999b0e3b8a8f05
Change-Id: Ie4fe217bd119b638f42c682d21572547f02f17b2
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl
parameters that we use in the same environment generate but since the
script did not fail, it made it past CI. This change fixes the
RabbitClientUseSsl parameter in the environment to match the new
RpcUseSsl flag and updates the check script to fail if this happens
again.
Change-Id: I47c63875c6934bca2903883787467fc1804ba5da
Closes-Bug: #1768358
Mark regular non-containerized services with FIXME
to be switched, once it is containerized
Do not mark yet an external/backend/plugin/host-config
related puppet services templates with that FIXME
Mark puppet/services/ceph- related templates as TODO
switch it to containerized ceph-ansible eventually, maybe.
Change-Id: Ib9fbad05eeb57dc641499fbf411cb5870da7a8e9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
This service isn't ready for production in TripleO yet, so we
should make sure that's clear in the enablement environment.
Change-Id: I4a5a5f347dcb4f43f7f802648624165c80023e0d
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
This change adds all the required netapp environment configuartion
for glance in heat template.
Change-Id: Ib44796f77cbc50c3b3c37dcdd37a59f48a7baa1a
Closes-Bug: #1740456