The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: Ib25279ec008373245eacb3478d6edb74a5cf9063
There are some features in nova-compute which validate policy rules.
For example when connecting an instance to an external network,
nova-compute checks ``network:attach_external_network`` to determine
whether the operation is permitted.
This change makes sure that the nova policy file in compute nodes are
also managed by puppet-tripleo.
Partial-Bug: #1955786
Change-Id: I490cc558238719d4c9585e2a57497d1b1787a9ed
The keymgr_* parameters are deprecated and these parameters will be
completely migrated to nova::key_manager. This change ensures the new
classes are included.
Depends-on: https://review.opendev.org/772142
Change-Id: Idcb75f91b4abbb7fa66bf199026611304a4f4467
... because the cinder_catalog_info parameter, which is used by api
and compute, have been migrated from nova to nova::cinder[1].
[1] 72103db985d00b3289b8b936956166f20ef8f3d0
Change-Id: Ic90e3eb0898d9c8317fb994db4275be2db0bc679
... because some parameters of this class are supposed to be used in
both nova-api and nova-compute.
Depends-on: https://review.opendev.org/770684
Change-Id: I0c5700cb5123f81e88da9cbaeafca40525cfd6d8
This change refactors current implementation to determine key manager
backend for cinder and nova, based on the following two points.
- keymgr_api_class was deprecated a while ago. We can remove this
parameter now.
- We don't have to redefine the parameter in puppet-tripleo layer but
we can use the parameter implemented in puppet-nova or puppet-cinder
directly.
Change-Id: I265ac3762823ea8930cc43150dc7b317f337f709
include extracted glance configuration introduced in Change-Id
I94d110f0dfe89afb6bbd066d9abc3b72ebc10e52. Right now nova::glance is
included in base nova class, but planned to be removed. Lets include
it now.
Depends-On: https://review.opendev.org/c/openstack/puppet-nova/+/770684
Change-Id: Ie2f7478e2115bac5051f3424c4bd2b97efa6f733
I5da1e67684f8317eec8c499c3534977e00a63098 include nova::metadata on computes
however this includes nova::db which we must not do on computes.
Push the fix up to puppet-nova and nova.
Depends-On: If6a26527a737a7184ebddd5b4bc346d64827e9e3
Depends-On: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
Change-Id: I07caa3185427b48e6e7d60965fa3e6157457018c
Related-bug: #1871482
Related-bug: #1903908
Related-bug: #1832537
The parameters for image cache feature in the nova::compute::libvirt
class has been deprecated and will be replaced by the new class,
nova::compute::image_cache.
This patch makes sure that the new class is included before the
automatical class inclusion will be removed in puppet-nova.
Depends-on: https://review.opendev.org/#/c/757079/
Change-Id: I0a8927e1ae292e4c89f85b5b394f69ea2ee593e8
The nova::vendordata is not automatically loaded now, so we should
explicitly include the class in the manifest for nova-compute to
configure vendordata parameters in nova-compute.
Depends-on: https://review.opendev.org/#/c/730424/
Change-Id: I0843d38bd9fe0cc9bf92f533a7dbe83a0b4f297d
Allow NFS configuration of storage backend for Nova.
This way the instances files will be stored on a shared
NFS storage.
Implements: bp tripleo-nova-nfs
Change-Id: Id15aec6324814a871e87f19f24999b0e3b8a8f05
This commit Iccf86f42448d2e7e682728cb82808f91b6d8124e in
puppet-nova change the way we configure the pci whitlist.
It is now require to include the nova::compute::pci class
to apply the pci whitelist configration on the compute node.
Change-Id: Ie29dcd8a9ac10f61c623149670094fa8b108d50d
Deprecate the keymgr_api_class input parameter and replace with new
keymgr_backend option. This mimics an equivalent set of changes in
puppet-cinder and puppet-nova, which were driven by a similar change
in Castellan's key manager options.
The deprecated value is still supported for backward compatibility.
Closes-Bug: #1732998
Change-Id: I5036c8de9a429f22e1828b4e37735f4aa47bd858
Recent changes in Nova [0] and Cinder [1] result in Barbican being selected
as the default encryption key manager, even when TripleO is not deploying
Barbican.
This change ensures the legacy key manager is enabled when no key manager
(such as Barbican) has been specified. This restores the previous behavior,
where the legacy key manager was enabled by default.
[0] https://review.openstack.org/484501
[1] https://review.openstack.org/485322
Closes-Bug: #1706389
Change-Id: Idc92f7a77cde757538eaac51c4ad8dc397f9c3d3
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I91f1ce7625c351745dbadd84b565d55598ea5b59
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
We need to run nova-cell_v2-discover_hosts at the very end of the
deployment because nova database needs to be aware of all registred
compute hosts.
1. Move keystone resources management at step 3.
2. Move nova-compute service at step 4.
3. Move nova-placement-api at step 3.
5. Run nova-cell_v2-discover_hosts at step 5 on one nova-api node.
6. Run neutron-ovs-agent at step 5 to avoid racy deployments where
it starts before neutron-server when doing HA deployments.
With that change, we expect Nova aware of all compute services deployed
in TripleO during an initial deployment.
Depends-On: If943157b2b4afeb640919e77ef0214518e13ee15
Change-Id: I6f2df2a83a248fb5dc21c2bd56029eb45b66ceae
Related-Bug: #1663273
Related-Bug: #1663458
1. Move keystone resources management at step 4.
2. Move nova-compute startup at step 5.
That way, we make sure nova-compute will start when all Keystone
resources are ready.
Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d
Closes-Bug: #1663273
When nova-compute and nova-conductor are collocated, we need to make
sure nova-conductor starts before nova-compute otherwise nova-compute
will just fail to start.
Change-Id: Icc3ed768af2a08e2db78d9c9278d309a62d26850
Deploy bits when running nova-compute + libvirt.
Note: some work will be done in puppet-nova to decouple nova-compute
from libvirt in nova::compute::libvirt class.
Change-Id: I754bfa89ba78a70b4b866598fb1163f4e14807c9
Implements: blueprint refactor-puppet-manifests