This patch removes hardcoded type for 'baremetal' Neutron network.
Update ironic conductor config with new config option:
* enabled_network_interfaces - list of enabled network interfaces on
Ironic conductor
* cleaning_network_name - name of Neutron network to be used
during node cleaning
* provisioning_network_name - name of Neutron network to be used
during node provisioning
Add openrc generation task for nodes with ironic role, needed as it is
required for translation from name to uuid.
Change-Id: I63da8332cade0e76bdd687f0522bbc4c3006a68f
Related-Bug: #1588380
As we have pre-defined tags inside fuel we should ensure
that all of tags are able to be deployed properly.
ssl-dns-setup task was skipped for all non-controller tags which
leads to not configured dns server on these nodes (and as result -
failed upload_cirros task).
Change-Id: I045bb7e709d6e18e2beb934b42094cbb4bc61f00
Closes-bug: 1665353
VMware not supported since Fuel 10. So this commit removes
vmware-related manifests.
Implements: blueprint remove-vmware
Change-Id: If5f0c837fe843f9cfd30648fe6e115267467982b
Most of tasks had timeout equal to 3600 seconds whereas actual duration
is no more than 1 minute.
Minimal timeout is 60 seconds even if task is complete in a few seconds.
New timeout ~ duration * 2.5
Change-Id: Iea9ee8f5038f5fcfd9dcdfc2d9ba964eab035549
Closes-bug: #1558505
As new serializer was introduced in nailgun and it is allow to run
a task on custom condition - move some tasks to use those conditions
to better handle redeployment cases.
This patch includes fixes for
* most of common tasks
* most of controller tasks
* compute tasks
Closes-Bug: #1567424
Change-Id: I3401e3127efc3e0c9ebc1be30f5f097575ca5890
DocImpact
Nailgun implements new serializer for tasks which discarding other ones.
It leads us to reimplement previously hardcoded tasks from nailgun in
library.
* Add generators for upload_configuration and upload_nodes_info.
Previously, those tasks have got data from nailgun. Now special
hash 'data' in task can have a 'yaql_exp' parameter that recieve
a yaql [0] expression. root ('$') value in this expression is a
mostly one-to-one settings representation yaml hash, values of which
can be accessed via '.'. Typical values is 'configs' and 'nodes' which
are according to openstack config and 'nodes.yaml' file data we
will have on nodes
* Change role regex from '*' to ['/.*/'] for all tasks which needed
this. Current implementation of new serializer needs this explicitly
and (I believe) thiat will be fixed later. Also, explicit declaration
can show that it is a _regexp_, not just a globe
* generate_vms task not ran by nailgun implicitly by searching in
astute.yaml config. This behavior moved to task itself.
* Conditions changes. Main changes done for 'additional_components'
section, so now it move from
"settings:additional_components.ceilometer.value == true"
to
"settings:ceilometer.enabled == true"
Also there is 'common' section remove, so
"settings:common.use_vcenter.value == true"
now must be written as
"settings:use_vcenter == true"
Also there is no need to point any '.value' suffix in condition, so,
for example,
"settings:public_ssl.horizon.value == true"
became a
"settings:public_ssl.horizon == true"
* New major tasks version added - 2.1.0. Now if serializer fabric found any
task with 2.1.0 version or higher, new LCM serializer is used. If
there are no such tasks, old serializer are used for backward
compatibility
[0] https://yaql.readthedocs.org/en/latest/
Change-Id: I387e9fbfad8ca20f643ee43cbe830196d597c415
Related-Blueprint: computable-task-fields-yaql
Depends-On: Ie95a58c8cf86eac1a5c3dbd956fafc401e40fed6
- public.fuel.local should be added to hosts file
before all openstack services
Closes-bug: #1541054
Change-Id: I768edb86f9356128c5db00af45cb2e786e9fa9f6
According to task-based deployment specification
the validator in nailgun checks all tasks version
New deployment engine can be turned on only if all
tasks have version >= 2.0.0
By this commit we confirm that all core tasks have
all dependencies including cross-node and are
ready to work with task-based deployment engine
Closes-Bug:#1528335
Change-Id: I57e52eb8a27bff5a6843c3297a7c97922b49774f
Add second-level hash for TLS support. If user mixing this hash into his
astute.yaml, values from it will be taken to TLS-related tasks instead
of ones from UI.
Hash to use looks like:
use_ssl:
horizon: true
horizon_public: true
horizon_public_hostname: horizon.fuel.local
horizon_public_usercert: true
horizon_public_certdata: KeyPairStoredHere
keystone: true
keystone_public: true
keystone_public_ip: <ip of external keystone>
...
keystone_internal: true
...
keystone_admin: true
...
glance: true
glance_public: true
...
Co-Authored-By: Stanislaw Bogatkin <sbogatkin@mirantis.com>
Related to blueprint selective-ssl
Change-Id: Ic3034b3fea27a370b1f7cbd4e088f361fce96142
To distribute keys amongst nodes other than controller and
compute, add those nodes roles to SSL tasks.yaml file.
Change-Id: Ia8389d2c4bffd5b30de8dcbe678c25ca3e9b8d38
Closes-Bug: #1490513
Setup dependence for public ssl record addition in hosts file
to avoid using of uninitialized hostname.
Change-Id: Ib41efb84de39b4ac26995c6a461015123e6380e9
Closes-bug: #1484963
Add ability to terminate SSL on HAProxy public IPs and
add ability to use SSL on keystone endpoints list.
Services that added to haproxy SSL termination and keystone
publicURL endpoints:
* keystone public port (5000)
* nova-api public ports (8773,8774)
* cinder-api public port (8776)
* glance-api public port (9292)
* neutron public port (9696)
* swift public port (8080). Swift S3 also added to SSL endpoint list
* heat-api public ports (8000,8003,8004)
* nova-novncproxy public port (6080)
* ceph radosgw public port (8080)
* ceilometer public port (8777)
* sahara public port (8386)
* murano public port (8082). BTW, murano rabbitMQ port not wrapped
by SSL, cause SSL scope include only keystone endpoints, not
HAProxy's. It can be easily done in future
Implements: blueprint ssl-endpoints
Depends-On: Ie6be3d2ed4e1864e5898d1c7d12ec761af01a041
Change-Id: If37173f75da51625631f630d6404abb006282ae5
Keys are generated in astute prehook and saved in master
node for further use. In current implementation only
one key for haproxy is generated and then it will be used
for all public OpenStack URLs.
If self-signed certificates are created then new astute
prehook task added will copy those certificates to
apropriate nodes.
Also this change adds new ssl modular task that checks
if user uploaded certificate exists and saves it from
yaml to local node filesystem.
Implements: blueprint ssl-endpoints
Depends-On: I2261dcfb55743b0fb31f4cbe42e7793176c8e1c0
Change-Id: Ifcd9194b51129ea262363196a9963a96cc5760bb
Andreas Jaeger