Computes should have virtual-host tuned profile set per default in
roles definition. HCI compute as recommended before keep
throughput-performance.
Fixes bug 1667524
Change-Id: I26426e1dd0a2e81ad7549c11fb984ef5470d0561
Implement a service that will deploy TripleO Validations package and
user by using Puppet like we did with instack-undercloud. This service
will be included on the undercloud but disabled by default. We'll keep
the same interface in undercloud.conf to enable it or not so no change
for the end user.
Change-Id: Ida09f92010e31d952edd82b42a7fc20451537d42
Presently the OVN dbs pacemaker service file doesn't include the update_tasks
section and it neither tags the docker image to be used with pcmklatest.
Because of which when a minor update is run, the latest docker image for
ovn-dbs-bundle is never pulled.
This patch addresses these issue. It does 3 things
1. It adds update_tasks section similar to other pacemaker bundle services.
It adds additional few steps in step 5 (which is not the case with other
pacemaker bundle services) to update the ovn bundle service to use the
image tagged with pcmklatest if it not yet using. These additional steps
are required for OVN deployments deployed before this patch and wants to
do a minor stack update.
2. It adds the required tasks in "upgrade_tasks" section similar to
other pacemaker bundle services.
3. Adds docker_config step to tag the image with pcmklatest tag.
Change-Id: Idbda3bedff57376b74269ab3470d2324b804ffd4
Closes-bug: #1775686
OpenDaylight creates multiple files the first time it boots, which we do
not mount to the host. After the first boot, it creates a cache which we
do mount to the host. This means that on a config change or
update/upgrade of ODL the cache will not be removed, but the files will
be. This causes ODL to fail to start.
The solution is to stop the container in update/upgrade and then remove
the cache before the update happens. This will trigger the new ODL to
rebuild the cache with the new ODL version. For config change, we also
need to remove the cache in the host_prep_tasks so that we do not end up
in a similar state.
Closes-Bug: 1775919
Change-Id: Ia457b90b765617822e9adbf07485c9ea1fe179e5
Signed-off-by: Tim Rozet <trozet@redhat.com>
There was a typo in the update_tasks for Manila which was causing
updates and upgrades to fail. This patch fixes the typo.
Closes-Bug: 1775667
Change-Id: I88dd16fa94111a4eb56aeaa32b560cf7d12b9f82
This patch adds the required parameters to the Compute role so the
agents are configured properly on upgrade.
Related-Bug: #1774199
Change-Id: Iab42ae0fb13e8e92cc9903432a95e04a94a5913c
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml
UpgradeImpact: NodeTLSData is not used anymore
Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
In OpenDaylight, a config parameter is available to enable DSCP
marking inheritance for packets egressing out of OVS through
VXLAN/GRE tunnels.
Add a flag in TripleO to enable this parameter via puppet-opendaylight.
Change-Id: I3b192c8fc1bc92c1124d3b27c60ad5c0c4dd42f9
TripleO creates that subnet during the Octavia deployment process.
Currently, it is created as a class C subnet with allocation_pools
that essentially limit the number of address in that subnet to 150.
This patch enhances the lb-mgmt-subnet to be class B so the global
amount of Octavia loadbalancers won't be constrained to a very low
number.
Related-Bug: #1770956
Change-Id: I3465dd9e2f95983a3f3a5dcd85f50781044fd6ec
This should merge multiple and different values for the same key
found in different services.
For example, assuming two services defining a key as follows:
config_settings:
mykey:
- val1
config_settings:
mykey:
- val2
- val3
the content of the key, as seen by ansible or puppet on the nodes,
will be:
mykey: ['val1','val2','val3']
Change-Id: I190374e36ad1a2b57611a3a9d0a52ceb1a049aff
This change adds the ability to pre-assign IP addresses
that will be used on the ctlplane network for each node.
The functionality is similar to the existing ips-from-pool
templates, but the IP will be passed to the Nova server
resource rather than a dedicated Neutron port (as happens
with the isolated networks templates). This allows for
compatibility with legacy installations for upgrades.
In testing, it also appears that the fixed IP can be
changed in a stack update, but more testing will have to
be done. Note that if an IP address is defined for
some nodes but not others, nodes without a fixed IP
will get an IP assigned automatically by Neutron.
Change-Id: I67513f54a60f5a50a2bc435099fbb2a643adc277
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.
This change removes the old templates necessary to
support deployment of Ceph via puppet-ceph.
Implements: blueprint remove-puppet-ceph
Change-Id: I17b94e8023873f3129a55e69efd751be0674dfcb
Time based constraints must prevail over size et al
constraints applied for logs of containerized services.
Time based constraints are needed in order to abide
GDPR requirements.
Depending on FS type, Linux may not allow system operators
to access files creation time attribute (see the Birth
attribute shown as '-' by the stat -c %w command).
This is work-arouned by alternative strict time-based rules
defined in the postrotate script, which purges files in
/var/log/containers and ensures GDPR compliant system
configuration, limited to the containerized services logs.
Extended management of life time of journald and /var/log
files residing on bare metal hosts, should be done in
follow up patches.
Partial-bug: #1771543
Change-Id: I6f2f98aba103f83a4f64a435077f4de33f9692c0
Depends-On: Id8e4717a5ecda53bc9cd39f1c2efaa80b56bd45e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This reverts commit 8e104b3c549118727b53c9825a438e799715b7f9.
https://review.openstack.org/#/c/559926/ introduced requiring CloudName.
This broke the documented deployment process. I also don't see how
CloudName can be required, but CloudDomain can not.
I don't see a technical reason why we can't keep the default as
localdomain. If necessary, we can instead add a parameter
validation instead of requiring the parameter.
Closes-Bug: #1771627
Depends-On: Ia86842b0b1f42512f25390d6bdb695e0f8133c6d
Change-Id: I2c5b511df50f29c63aa613899c2bebb506360bf4
The classic drivers like pxe_ipmitool are deprecated in Ironic and will
be removed this cycle. This change removes support for configuring them.
Change-Id: I27200f0d8cce50a1b3f0f650ae770fe8d584dad2
Allow NFS configuration of storage backend for Nova.
This way the instances files will be stored on a shared
NFS storage.
Implements: bp tripleo-nova-nfs
Depends-On: Id15aec6324814a871e87f19f24999b0e3b8a8f05
Change-Id: Ie4fe217bd119b638f42c682d21572547f02f17b2
By default collectd polling interval is set to 10 seconds for all plugins,
which is bringing down the entire cloud if the default Gnocchi deployment
(Swift on controllers) is used. We have to override the default higher value.
Closes-Bug: #1771083
Change-Id: I210c72028da35068ed8469b2d2deb75797a2b08f
The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.
Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
Since we're aligning the overcloud/undercloud and we've switched to
containerization it, we should reuse the same heat services rather than
duplicating the services with the Undercloud definition.
Depends-On: Ic7dba7e548f85574cce2db23e3fec5c8ea761bb7
Change-Id: I497597a47533375f34a22a56e2e9a145d9393358
Related-Blueprint: containerized-undercloud
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
This changes the default entries to use TLS as a default for
the public endpoints.
Change-Id: I2d211b51ddb2f9fde5902cfb8004392a66e15a5c
Depends-On: I3d3cad0eb1396e7bee146794b29badad302efdf3
Depends-On: I8b46ce3f9cd6e36d0b8f604b49e4113301461a4c
Depends-On: Ief352f9e54bee95d5e4035725ab6a63ef4be0269
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.
It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.
Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
