instack-undercloud is no longer in use by the TripleO project. Removing
the code to avoid confusion. Stable branches will continue to be
maintained for their life however no new features should be added.
Change-Id: I63a813c7c1ffd30ca30017133d31a497b77a9a4d
Blueprint: remove-instack-undercloud
If an operator wanted to configure something currently not available via
hieradata, they would only be able to do so for nova as it includes
::nova::config. This change addes the config classes for aodh, gnocchi,
keystone, neutron, swift, heat, ironic, mistral, and zaqar.
Change-Id: I3946e23cc5955d7c1a4dc4771d2708a6c8c2974b
Closes-Bug: #1793361
Included nova::config in undercloud puppet-stack-config
puppet manifest so that nova configuration parameters can
be overriden using hiera overrides.
Change-Id: I71bc5ed35cc41139481ceb51216183e6c703cf01
Use the new sync_power_state_interval parameter from puppet-nova to
avoid any breakage in the future, like Puppet resource duplication
error.
Depends-On: Ie82d88f16b42d4405853153460e20f38ba42714a
Change-Id: Ia2cff1c5f4bee28ff1d2b513f2d0b061ab0bbe83
Sometimes an undercloud could fail to install with the following error:
2018-05-29 12:53:17,588 INFO: May 29 12:53:08 foo.int.bar systemd[1]: Starting RabbitMQ broker...
2018-05-29 12:53:17,588 INFO: May 29 12:53:11 foo.int.bar rabbitmq-server[14327]: ERROR: epmd error for host foo: address (cannot connect to host/port)
2018-05-29 12:53:17,588 INFO: May 29 12:53:11 foo.int.bar systemd[1]: rabbitmq-server.service: main process exited, code=exited, status=1/FAILURE
1) The hostname of the box is
foo.int.bar foo
and in the hosts file we have the following entry: 192.168.248.2
192.168.248.2 foo.int.bar foo
Note: 192.168.248.2 is a VIP managed by keepalived because we configured this
undercloud to be an SSL one so we have:
undercloud_public_host = 192.168.248.2
2) At this stage we see rabbitmq-server being started:
Jan 27 06:46:31 foo.int.bar systemd[1]: Starting Flexible Branding Service...
Jan 27 06:46:31 foo.int.bar systemd[1]: epmd@0.0.0.0.socket failed to listen on sockets: Address already in use
Jan 27 06:46:31 foo.int.bar systemd[1]: Failed to listen on Erlang Port Mapper Daemon Activation Socket.
Jan 27 06:46:31 foo.int.bar systemd[1]: Unit epmd@0.0.0.0.socket entered failed state.
Jan 27 06:46:31 foo.int.bar systemd[1]: Starting Erlang Port Mapper Daemon Activation Socket.
Jan 27 06:46:31 foo.int.bar systemd[1]: Starting RabbitMQ broker...
Jan 27 06:46:34 foo.int.bar rabbitmq-server[14532]: ERROR: epmd error for host foo: address (cannot connect to host/port)
Now epmd might have already been up (and normally the failed message is
not particularly concerning). But the real problem is that we are trying
to connect to foo which maps to a VIP, but the VIP gets started only
later by keepalived:
3)
Jan 27 07:02:30 foo.int.bar Keepalived_vrrp[914]: VRRP_Instance(42) Sending/queueing gratuitous ARPs on br-ctlplane for 192.168.248.2
Jan 27 07:02:30 foo.int.bar Keepalived_vrrp[914]: Sending gratuitous ARP on br-ctlplane for 192.168.248.2
Let's make sure keepalived is up and running before rabbitmq in order to
fix this.
Change-Id: I010102b01e41610838c836a743a07be1965944d6
Closes-Bug: #1782814
This is required for mistral actions to perform image prepare
operations (pull, build, push)
Change-Id: I301ea04e4dbb3809ce247c0c620b0f087dedb5f9
Blueprint: container-prepare-workflow
We need to ensure that ironic-conductor starts before nova-compute.
This is to workaround an issue where nova-compute tries and fails to
call plug_vifs, this in turn report a vm_state error which, in this
case is a false positive. See lp#1777608 for more.
We ensure ordering by forcing puppet to restart nova-compute after
ironic-conductor in the case of undercloud upgrade/update.
Change-Id: Ifbada53f088258a397777a6fa18dd7c1b37c09d3
Closes-Bug: #1777475
rabbit param removed from puppet-neutron in [1],
Required transport_url is taken care by puppet-stack-config.yaml.
This patch removes the usage of removed rabbit_hosts param.
[1] https://review.openstack.org/#/c/570307/
Closes-Bug: #1777616
Change-Id: I9d561aa2e2f71b8892580950e9664d62f956773d
Show a deprecation message in the Puppet catalog so people know we
deprecate underclouds deployed by instack-undercloud in Rocky.
Also add a release note for deprecation.
Change-Id: I4ca1478ea22060ada7f35bf74575fa08c8471d73
No matter how many NTP servers we have in undercloud.conf, we need NTP
service running correctly, so the undercloud is always on time.
The default configuration already provide sane defaults
(X.centos.pool.ntp.org) so let's configure the service all the time.
Change-Id: I946f055b119ea878c893bd333ebb5f2c9d68ea6d
The slo and dlo middlewares are required to enable support for large
objects (> 5GB). Also enabling the copy & versioned_writes middleware,
which enables object copying and versionining.
Change-Id: Iff73833f1d470750862873f70a4a9aaba50bd164
This makes sure we always include the certmonger_user profile, which
installs the local CA (if that's the one we're using). This is necessary
for when we deploy TLS by default in the overcloud.
It also makes the setting of the certificate specification to be
optional and to depend on the generate_service_certificate flag.
Change-Id: I8b46ce3f9cd6e36d0b8f604b49e4113301461a4c
With the introduction of rotued networks there can be
a situation where baremetal nodes on remote segments
are unintentionally introspected. Using the dnsmasq
based PXE filtering driver in ironic inspector fixes
the issue.
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Closes-Bug: #1756075
Change-Id: I53d6c5718c7f9112d578ec6f73830830d2c71737
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
Currently there is no consumer for the versioned notification queue, which
results in the queue growing infinitely large. Until we have a consumer set
the notification format to 'unversioned' only.
Change-Id: I972dd8513c6706d03c328c961bd77eea2672bba2
Resolves-Bug: #1734185
A user uses a guest image for the undercloud, cloud-init may be
installed which can also cause other services like os-collect-config to
be running. We should ensure that cloud-init is removed and that the
os-collect-config service is disable to prevent it from interfering with
overcloud deployments.
Change-Id: I58f6fc4b299c8f1f561205ac9a2de75c46467ba8
Closes-Bug: #1754426
Ironic use binding:vnic_type baremetal for flat interfaces.
The baremetal mechanism driver is required to bind this
vnic_type correctly.
The L2 agent populates segmenthostmapping data in neutron
which is a requirement for routed-networks.
Implements: blueprint tripleo-routed-networks-deployment
Change-Id: I8e192df9068c3f5d6657f5ea92e7e2f44646c290
Docker will switch the FORWARD filter to DROP if it sets the ip_forward
to 1. Previously we were doing this in a post configuration element
rather than in the puppet run itself. This change moves the ip_forward=1
to puppet so it runs prior to docker being installed. Additionally we
are ensuring that the full set of network rules are being added to the
FORWARD filter because previously we were only setting half of them.
This would allow us to actually not have to use ACCEPT as the default
for the FORWARD filter but this would require additional testing.
Previously we had tried switching the default policy back to ACCEPT,
however given that docker is not configuring the iptables rule until
it's installed and started, the puppet rules do not actually apply on
the installation of the undercloud. The puppet management of the
defaults for the FORWARD chain only gets updated on a subsequent run of
the installer which will not work.
Change-Id: Ieae6a74f7269bd64606fd80a2a08b2058c24d2c5
Closes-Bug: #1750194
Closes-Bug: #1750874
Other OpenStack services clients are being installed as dependencies of
Heat. Octavia support in Heat was included during Queens development
cycle [1]. TripleO deployments will include python-octaviaclient as
requirement of Heat. This means the Octavia client will be installed in
the undercloud and overcloud regardless.
This reverts commit fef5be332e.
[1] https://review.openstack.org/#/q/topic:bug/1737567+(status:open+OR+status:merged)
Change-Id: I727503b6c1acf1953a0ad864ae6288021a745193
Allow installation of the Octavia client in the Undercloud by setting
new option enable_octavia=True in the undercloud.conf. Default is not to
enable.
Change-Id: I2b27dac2f30a126e6519d19cc135ea6eea59e8a9
... so we can have a duplicate resource in puppet-tripleo, and move
these resources to puppet-tripleo only at some point.
Right now, we can't move the resource to puppet-tripleo otherwise we
would have a duplicate resource issue.
Change-Id: I212da7757eceb8445578f2793d55c3d2bf265746
Reducing the frequency of the Mistral cron trigger subsystem greatly reduces
the load that is has on the system. Previously it would query the
database every second, now it will only do this every 10 minutes.
Closes-Bug: #1747386
Depends-On: I6445ff1b6691a098f15e8402ae9d971e751f5552
Depends-On: I9060253bc416be28af4ef81f3edf694059d92066
Change-Id: I18ae5bc0b2192a393959186ba756d1e6a6c62d83
This manifest enables additional configuration of the ansible deploy,
and also ensures that required packages are installed.
Implements: blueprint ansible-deploy
Change-Id: I3a9d81cbae70a115c02b5bff8a62c30b38abd38a
* As in tripleo deployment, we use python-tempestconf to generate
tempest.conf. on setting enable_tempest to true it will auto
install openstack-tempest so removing reference of puppet-tempest
from it.
Change-Id: I65856cfbc8363394f5b01444fbb12f7e541aac1e
We need to escape % for cron to run correctly. Without
this the cron task fails with syntax error.
Change-Id: I8eac2d978380ccc1c6998929c8aa6a440ed4bcce
This will get rid of the unnecessary notifications that were being
produced and help with the undercloud's memory consumption.
Change-Id: If4d97e5069ca678edbcd2270a75f6faf67364420
Closes-Bug: #1729293
Increasing the heat db-sync from 5 to 15 minutes.
During an undercloud upgrade, the database can be very big and the
dbsync needs at least 10 minutes to run. So we override the Puppet
default value of 5 minutes to have a timeout of 15 minutes for
production deployments.
Change-Id: I7720bd68a3d6044287ccdebf77086a86c51ddd8f
Closes-Bug: #1726959
Ceilometer API is deprecated and disabled in pike. Lets remove
this starting queens as its not supported anymore.
Change-Id: I738e8743a315cc2865ba6d1e64c23498e911a283
Collector was moved to legacy mode in pike and
not supported anymore. Lets drop collector
starting queens.
Change-Id: I952103e39f63d278988a73035d7194b9e351ad31
This includes the expirer module to enable the service, otherwise swift
objects are never cleaned up in the undercloud.
Change-Id: I65b906aaa7ea4f79e2c041009cf7055d2d1fe403
Closes-Bug: #1722279