This has been unused for a while, and even deprecation was scheduled
(although the patch never merged [1]). So, in order to stop folks
getting confused with this, it's being removed.
[1] https://review.openstack.org/#/c/543871/
Change-Id: Icc6b51044ccc826f5b629eb1abd3342813ed84c0
The output is a list of blacklisted server ip addresses on the ctlplane
network and will be used by the enable_ssh_admin workflow so that the
workflow does not operate on any blacklisted servers.
Change-Id: Ie96acf29a857e4801f5823f26a7de6bc989f39e2
Partial-Bug: #1785680
Use get_attr on the server resource to resolve attribute
value from the subnet(s) and pass it to the parameter
'ControlPlaneSubnetCidr' used in the THT/network/config/*
templates.
As the value is now resolved from resource attributes,
this changes the default for 'ControlPlaneSubnetCidr' to ''
as well as the comment that these value should be overriden
in parameters_defaults. It also removes the parameter from
network-environment templates.
A conditinal is used in puppet/role.role.j2.yaml so that
the parameter value is used whenever it is not '' (the
default) to provide backwards compatibility in case the user
set a different value (different from the one used in
undercloud.conf) for this parameter in
network-environment.yaml.
When deploying a routed control plane the network config
templates would previously need to be updated to carry
'ControlPlaneXSubnetCidr' parameter (in case the subnet
mask is not the same for all the routed network leafs).
With 8 Leafs in addition to the network local to the
undercloud that is 8 parameters less to place in the
configuration. By getting the value to pass from the
server resource this change reduces the required nic-config
template customisation (reduces the risk of user error).
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I92ee0f9a2107cdf1ca5903d3756a235a79c36c73
The AllNodesExtraMapData parameter is used to inject additional
hieradata into the all_nodes hierdata file on each node. The injected
data will be deeploy merged with the calculated all_nodes data for the
stack.
The parameter can be taken advantage of for split-controlplane use cases
where the hieradata from the control stack needs to be populated into
the separate compute stacks.
To easily get the hieradata out of the control stack, a new stack output
is added, AllNodesConfig.
Partially Implements: blueprint split-controlplane
Change-Id: I7b865bf82520006eef3ac2f36df34b1f3c34e642
In Pike and later, the name_lower field in network_data.yaml can be
re-defined to contain a custom network name. When this is done the
ServiceNetMap field must be overridden to reflect the new name in all
places. This changes adds a new optional field to network_data.yaml
that should be set to the original default name_lower value.
ServiceNetMap will then be automatically updated and will not need
to be overridden.
This also fixes the VipPort naming for the StorageManagement network
to not use a static value.
Change-Id: I8a238038122288899cef49faf38ea2c2ffc2176b
Enable any_errors_fatal and max_fail_percentage Ansible options
to be set per TripleO role. This change also provides a
structure by which future per-role Ansible options can readily
be added to group_vars.
Closes-Bug: 1760989
Change-Id: I47954717f42f14bae8d9fd2bd17cd8ea1fd787b3
There is a limit to how long input data can be for the heat script hook.
It turns out that data longer than 131072, will return an Argument list
to long error. To get around this, we need to pass this data in a
different way so that the heat script hook will work.
Change-Id: Ie3bd17ca9863e7687721e8c2628e485ea1849321
Closes-Bug: #1772071
This reverts commit 8e104b3c549118727b53c9825a438e799715b7f9.
https://review.openstack.org/#/c/559926/ introduced requiring CloudName.
This broke the documented deployment process. I also don't see how
CloudName can be required, but CloudDomain can not.
I don't see a technical reason why we can't keep the default as
localdomain. If necessary, we can instead add a parameter
validation instead of requiring the parameter.
Closes-Bug: #1771627
Depends-On: Ia86842b0b1f42512f25390d6bdb695e0f8133c6d
Change-Id: I2c5b511df50f29c63aa613899c2bebb506360bf4
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
Given that we have now moved all of the places where the keystone auth
URL is used to be versionless. We now make the KeystoneURL output to be
versionless as well.
Story: #2001897
Change-Id: I8c9fbfc77fe47e3ed2e58eac27119f86a045483c
The BacklistedHostnames stack output will be used as input into the
config-download-deploy workflow so that the hostnames can be excluded
from the Ansible deployment with config-download.
Change-Id: I4705be446756869ba3d04fc59daffa4d4748e12c
Add support for the SshKnownHostsDeployment resources to
config-download. Since the deployment resources relied on Heat outputs,
they were not supported with the default handling from tripleo-common
that relies on the group_vars mechanism.
Instead, this patch refactors the templates to add the known hosts
entries as global_vars to deploy_steps_playbook.yaml, and then includes
the new tripleo-ssh-known-hosts role from tripleo-common to apply the
same configuration that the Heat deployment did.
Since these deployments no longer need to be triggered when including
config-download-environment.yaml, a mapping is added that can be
overridden to OS::Heat::None to disable the deployment resources when
using config-download.
The default behavior when not using config-download remains unchanged.
Closes-Bug: #1746336
Change-Id: Ia334fe6adc9a8ab228f75cb1d0c441c1344e2bd9
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.
Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.
Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
Due to an incompatible change in yaql, it's hard to use the aggregration
of groupBy as the behavior is completely different depending on the
version. Let's try to not rely on it.
Change-Id: I2887011f6baf4867d422579b116b5e143acf5679
Related-Bug: #1750032
YAQL introduced a backward incompatible change in one of its minor
versions:
3fb9178401 (diff-f36776b660e5fe4f88e3295e5b751396R215)
It changes the expected behavior of groupBy() aggregator, so we need to
update our queries otherwise it fails with a "list index out of range"
error.
Change-Id: I2ca2ebb2c8d22aeedbcb6920072db5b6dba3311b
Closes-Bug: #1750032
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
The subnet property is added to puppet/role.role.j2.yaml as
`{{role}}ControlPlaneSubnet`. Roles with a different subnet specified
can be used to deploy a routed network architecture by using one
role per routed network.
When enabling the neutron segments plug-in to support routed-networks
the neutron IPAM code will defer ipallocation unless the port create
request contain enough details. (Ref: LP Bug: #1695740) By adding the
subnet to port create request this change enables tripleo deployment
on an undercloud with Neutron segments plug-in and routed networks.
This depends on a Heat change that improves network logic in server
resource to not replace the current port if new props match what is
on the current interface. Without this adding the subnet property on
update/upgrades would cause a port replacement, which in turn would
cause IPAM info in undercloud neutron to miss-match the deployed
overcloud nodes.
Depends-On: Iab75ec49b962617943017dcaf1b04b89f91a982e
Change-Id: I33804bfd105a13c25d6057e8414e09957939e8af
Implements: blueprint tripleo-routed-networks-deployment
This allows specific roles, e.g ComputeRealTime to specify defaults
where the services are the same as some existing roles but a different
image and/or configuration are needed.
Inspired by discussion of this requirement in:
https://review.openstack.org/#/c/531739/
RoleParametersDefaults is merged with the user provided parameters
with precendence to user parameters, as this is a special parameter,
which contains a map of the actual parameters to be applied to a
role.
Partially Implements: blueprint tripleo-realtime
Change-Id: I6497144340d3b9276e6ed141d3bc655bfbbeb53c
Workflows may need access to the list of blacklisted hostnames so they
can filter on that value. This change adds that input to the workflow
execution environment.
Change-Id: I41de32b324a406633699d17933ae05417b28c57b
Partial-Bug: #1743046
Workflows triggered from deploy-steps.j2 were not honoring the
blacklist, particularly ceph-ansible. This patch starts to address that
issue by passing in a list of blacklisted ip addresses to the workflow
execution environment that the workflow can make use of to filter
against ctlplane_service_ips.
Change-Id: Ic158171c629e82892e480f1e6903a67457f86064
Partial-Bug: #1743046
This allows overriding the calculated EndpointMap, which is useful
in some cases such as deploying compute-only stacks which reference
some existing endpoints from a controlplane stack.
The values can be generated like:
openstack stack output show controlplane EndpointMap
Or with https://review.openstack.org/#/c/521969/ applied to heatclient:
openstack stack output show controlplane EndpointMap --format yaml \
| grep -A 1000 output_value | sed "s/^/ /" \
| sed "1s/^/parameter_defaults:\n EndpointMapOverride:\n/" | sed "/output_value/d"
Change-Id: Ie1185b99db1b0db93acaf0deae05bd7b707b442f
This allows passing hosts entries from an external stack, or
that references other external nodes. This is useful in the
case where you want to split e.g controlplane nodes from compute
or similar.
As an example you could do something like this to generate an
environment file:
openstack stack output show controlplane HostsEntry | grep controller\
| sed "s/|//g" | sed "s/^ */ - /" \
| sed "1s/^/parameter_defaults:\n ExtraHostFileEntries:\n/"
Change-Id: If26f87e3384e242ae637650adce7c5dba1611cdf
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug: 1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
This will enable easier consumption of the tags e.g via
the dynamic ansible inventory or workflows that run ansible
Change-Id: I8810240d012ff369991e5e6098e36aa3713e2615
Currently when a network in network_data is disabled it no port
definitions for that network will be created per role. This results in
no fallback to the ctlplane IP because overriding a type in
network-isolation to noop.yaml does nothing when the port does not exist
for the role.
This patch changes the IPs when a network is disabled to be the same IPs
as ctlplane and fixes the issue, along with removing the need to use
noop.yaml override for ports (non-vip).
Closes-Bug: 1721542
Change-Id: I301370fbf47a71291614dd60e4c64adc7b5ebb42
Signed-off-by: Tim Rozet <trozet@redhat.com>
These were missed in the previous refactor in role.role.j2.yaml,
we shouldn't reference these via hard-coded values or they become
mandatory in the roles_data.yaml
Change-Id: I014e7d6679c5733b17243d647eaad228c276585a
Closes-Bug: #1711656
fluentd hiera elements were being set in all_nodes.json, but then were
overwritten by values in <role>.json (e.g., controller.json). This
commit removes the values from all-nodes.json and ensures that they
are set correctly in <role>.json.
Closes-Bug: #1713240
Change-Id: I2b4c74c2a807f8e2fed57112f06b3791701bbe95
The changes in puppet/role.role.j2.yaml should have been made
to overcloud.j2.yaml, because we don't want the hard-coded reference
to the deprecated name in the parent template. Note we need to
pass this value from the parent template so the %index% substitution
works, which is required for predictable placement via *SchedulerHints
Partial-Bug: #1711656
Change-Id: Ided1802daac48d737f53caa7093df814ba101dd0
This exposes the deploy workflow for all roles from deploy-steps
via overcloud.j2.yaml - which means we can write it via the new
openstack overcloud config download command and/or run the workflow
outside of heat via mistral
With https://review.openstack.org/#/c/485732/ applied to
tripleoclient it becomes possible to do:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-EvEZk0-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml
This runs the deploy steps, exactly the same as normally run via heat
via ansible-playbook for all overcloud nodes (--limit can be used to restrict
to specific nodes/roles).
Change-Id: I96ec09bc788836584c4b39dcce5bf9b80e914c71
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
This change modifies the templates to dynamically define the VIPs
based on network_data.yaml. If a network is defined and marked
with "vip: true" in network_data.yaml, it will be included in the
overcloud.yaml which defines the deployment-level resources.
This should make it possible to create custom networks and
use them for services which use high-availability through VIPs.
Also, extraconfig/nova_metadata/krb-service-pricipals.yaml
was modified to dynamically produce the FQDN map for VIPs on
isolated networks, to match overcloud.j2.yaml.
Depends-On: If074f87494a46305c990a0ea332c7b576d3c6ed8
Depends-On: Iab8aca2f1fcaba0c8f109717a4b3068f629c9aab
Partially-implements: blueprint composable-networks
Closes-bug: 1667104
Change-Id: I71339a6ac41133e95dbc3f93abb7a9fdeb0f2da0
These are mostly the low hanging fruit that only required a few
minor changes to fix. There are more that require a lot of changes
or might be more controversial that will be done later.
Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664
