This commit updates the openshift templates to deploy openshift 3.9
instead of 3.7.
Update the default playbook path to the one expected by
openshift-ansible 3.9.
Update the default openshift-ansible variables and move them in the
template where they belong. They can be overridden individually via the
OpenShiftGlobalVariables heat parameter.
Disable unbound on the openshift nodes in CI as it is listening on port
53 and is preventing openshift to start its own DNS service.
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Depends-On: I6f123cd71a23fb15aaa2005f7397fc98fdaf187a
Depends-On: I27ad9d168af575da8c4f5094152c94e2fa03987c
Change-Id: Ifc3d25fa590cfba1fa64ed0266c76c9342a7aa4f
By setting the value of rule_name explicitly, we prevent backward
incompatibility issues because the default which ceph-ansible uses
might fit a particular version of Ceph, not all.
Change-Id: I275c1ca53ea79eea607cbbb58aa21cae6d6be80b
Closes-Bug: 1776252
Also remove OS::Heat::None mappings for resources that are not part of
the deployed roles.
Depends-On: I85c4390519ace0149895285225f5a4ece453f1f8
Change-Id: I55e8b25a4fb0b4839be5d741acdceec5dad903ad
This ensures the docker service on the openshift nodes is able to pull
from a local registry if configured this way.
Change-Id: Ifd48b2e6500b10d108985a4a9f1d73493d404134
Depends-On: I31494ff8524b90343e6e8c67bd08a354837ecc45
Add an OPNFV scenario environment that uses ODL for overcloud
networking and OVS for virthost networking.
Depends-On: I33602ac5521c4f059c1a0d08e3e828fb64d3c817
Depends-On: Ib7968c46a59f266c20628c36178d2235ad833915
Depends-On: I37405e41ec0f85249cef87c09c966cbe0f9baddf
Change-Id: If1f476bb933106456df3568978b4555dde190621
The keystone role needs to be on the same node as the mysql/haproxy node
due to a TLS requirement that the haproxy be on the 'primary' tagged
node. Since the keystone bootstrap stuff only runs on the primary node
as well, they need to be tied together.
Change-Id: Ifa7ed93993082466a2a6ddff56bee58b074be512
Closes-Bug: #1768142
The hook for os-net-config in multinode NIC config templates contains
a call to `ovs-vsctl del-br br-ex` to remove the bridge we got from
nodepool and initialize network config. We need to avoid executing
that again on upgrade, or the Ansible process running the upgrade gets
stuck.
Change-Id: Ie36342402426d74fd528e320d60adc951bf8c9ac
Closes-Bug: #1772040
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
It was missing tags which were necessary for the role to get the
appropriate certificate [1]. So, without these tags, the certificate
wasn't persisted in the node, and the job would fail if TLS would be
enabled. This was discovered as part of the "Public TLS by default"
work.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/role.role.j2.yaml#L565
Change-Id: I46ee2ef837da51be4db30a8c059b82cb1a8c3606
This change removes the NeutronExternalNetworkBridge parameter from
the CI environment files, since the default value is now the same
as the value in the environment files, and it will be removed
entirely as it is deprecated.
Change-Id: Ia1b879f33fcd8d6eae149feb4dc1d362aa341cce
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
Removes hardcoded references to the Ceph container image to use
in CI to rely (and test) the tripleoclient default.
Change-Id: I7f028e31eb5e993aa6af9b7f2c19f64ed45224dd
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
OVN configuration was not done when deployed with
scenario007 as default for NeutronMl2PluginBase was
used which is neutron-plugin-ml2.yaml. This patch
fixes this to use neutron-plugin-ml2-ovn.yaml which
correctly configures neutron for ovn metadata.
Change-Id: I7cadd0567951b85c1ba69d4b4843ee29b67e7a11
Closes-Bug: #1757134
The ceph-container project is moving to a new style of tags for
Ceph. Update scenario001/004 to pull Ceph container images using
the new tags.
Change-Id: I2a6a7c5fb5148e951f85850c09be7cbb59fce0f8
A very basic deployment to be used with free-ipa, and upgrade ci.
There may be other valuable uses for this deployment as well.
Tested-With: https://review.openstack.org/#/c/540114/
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I433297dcd597e49a2ffccc2e61118bbba69f883c
These relative paths were incorrect given where these environment files
live in the templates directory tree.
These environment files aren't actually used by ci as their equivalent
network-isolation-absolute.yaml versions are preferred. However, if we
fix these paths we could consider switching ci over to use these as it's
arguable more preferrable instead of the hardcoded packaged path.
Change-Id: Ib0e4779c4883776e25bf7eb5aee60a91ce28a73d
In mixed version test scenario, we can have a ping test triggered
after the overcloud installation just to make sure that it works.
If we fix the version to queen then this scenario cannot work.
Change-Id: Ifdc0531cdba03af63231d3c3b16f59e4e22ec837
This file has been used for the containerized undercloud so we can
deploy a simple bridge with os-net-config.
We're moving the environments used for CI into THT, so we can branch
them. This is part of this effort.
Change-Id: I4255120e12123568a388c75956e6e8d32dec66aa
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.
Depends-On: I8d5293eaaf104b6374dfa13992a67ddc37397f10
Implements: blueprint custom-ceph-cluster-name
Change-Id: I1b4d51ca6a2d08fa7a68eea680eb104eff732057
Now SNMP is secured, we can re-enable it in CI.
This reverts commit cb90c8ce484d8e0328a0f2a8250e1c0fa81dd6cb.
Change-Id: I4ec805015ab8975d8922279ea64546799f5ce92a
Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3
to secure SNMP on a specific network but until then we need to stop
opening the services so cloud providers won't report any security issue
for TripleO jobs.
Change-Id: Icd8a6ddda6152186d6be4a227f6449232fecba5e
Related-Bug: #1749324
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.
The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.
The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).
Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.
Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
The initial fluentd client implementation predates the introduction of
service_config_settings, and necessitated some invasive changes to
what is now common/serivces.yaml. This commit modifies existing
services to use the service_config_settings based configuration
mechanism supported by more recent versions of the fluentd support in
puppet-tripleo.
Partial-bug: #1715187
Depends-On: I3149902401d68d6fd236073a73a20f982d4b952a
Depends-On: I2b057190ec0e4e75ee4ee47ebe0164c2644e5ab7
Depends-On: Ie7df4b8b94cb0ae38096ab95800f211ef1cd8455
Change-Id: I28028ffa00df2da8e0478a551d3de89c3ee46e1f
This change adds a StorageNFS network. It's required by
https://review.openstack.org/#/c/471245 which implements
NFS Ganesha backend for Manila service.
To define and enable the StorageNFS network, deploy using
network_data_ganesha.yaml instead of network_data.yaml.
Besides the former adding the StorageNFS network, these
are otherwise identical.
If enabled it's also necessary to add StorageNFSIpSubnet and
StorageNFSNetworkVlanID heat parameters into network templates.
Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: If31722d669efe91082c93ecb815e6c41676480c8
Partially-Implements: blueprint nfs-ganesha
te-broker can set up an OVB stack to deploy the overcloud
with public bond network isolation but the heat templates
used in the overcloud deployment were missing.
This review adds these templates from openstack-virtual-baremetal
so that public bond network isolation can be tested in CI.
Change-Id: Ied543e70491ff85d6fab4371812bca802c6b1032
We installed docker our traditional way when deploying with Kubespray
and disabled Kubespray's management of Docker, because Kubespray
installs non-CentOS Docker binaries.
However, openshift-ansible installs Docker from CentOS, we don't need
to install it using the Docker composable service too. That way
openshift-ansible will be the authority on Docker configuration when
deploying OpenShift.
Change-Id: I1352d4050e2f38300068d858b19e0b4a31cf50a7
Related-Bug: #1741224
