Commit Graph

15843 Commits

Author SHA1 Message Date
Ghanshyam Mann c2ff9b8f49 Retire Tripleo: remove repo content
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I7f1dc7801a025d9bb28110f74340846b99870b79
2024-02-24 11:43:13 -08:00
Zuul 1393d39be3 Merge "Update Neutron S-RBAC policies with what is in Neutron repo now" 2023-04-04 03:43:26 +00:00
Luigi Toscano 2589c5a9b0 Fix CinderNVMeOFTargetProtocol: restore the type
Without the type, the overcloud deployment fails with
Missing parameter type for parameter: CinderNVMeOFTargetProtocol

Change-Id: If9aba2758812d6f8b7370582953653fbfc590ba6
2023-03-30 19:01:09 +02:00
Zuul dd68096419 Merge "multi-rhel-container-image-prepare.py" 2023-03-25 12:39:02 +00:00
Zuul 45de542205 Merge "Remove external from KeystoneAuthMethods" 2023-03-23 09:11:53 +00:00
Zuul c658dd351d Merge "Cinder NVMe-oF fixes" 2023-03-22 20:08:20 +00:00
Zuul b4f2c55580 Merge "Designate mDNS: restrict access to internal network" 2023-03-22 15:09:20 +00:00
Gorka Eguileor b5dc00f8da Cinder NVMe-oF fixes
The Cinder NVMeoF deployment YAML has a couple of issues addressed in
this patch:

- Incorrect port is being used. According to the NVM Express specs: "TCP
  port 4420 has been assigned for use by NVMe over Fabrics". And that's
  the port default in Cinder as well.

- Instead of loading ``nvme-rdma`` we should load ``nvme-fabrics`` so it
  will automatically load the right module when connecting (``nvme-tcp``
  or ``nvme-rdma``).

- There is no need to load ``nvme`` module, since that's only used for
  local nvme volumes, and we care about remote modules.

- Controller nodes also connect to storage (for example for backups), so
  we need to load ``nvme-fabrics`` there as well.

- An iptables rule to allow port 4420 is needed, just like the one we
  have for iscsi (port 3260).

- Add a new CinderEnableNVMeOFBackend parameter, which triggers
  the configuration of the LVM volumes, mirroring the behavior
  of CinderEnableIscsiBackend.

Change-Id: I619914a37450dae3dcccbd28e898ca81009bb2bb
2023-03-20 17:16:55 +01:00
Juan Badia Payno 4e227fb898 multi-rhel-container-image-prepare.py
Change-Id: I795b2cd2059cd98c2ca74cd54e22ce078276a405
2023-03-17 16:36:19 +01:00
Slawek Kaplonski 3a2a314afc Update Neutron S-RBAC policies with what is in Neutron repo now
Recently Neutron made some fixes in RBAC policies, see [1], [2], [3] and
[4]. This patch updates custom policies deployed by Tripleo accordingly.

[1] https://review.opendev.org/c/openstack/neutron/+/872397
[2] https://review.opendev.org/c/openstack/neutron/+/872396
[3] https://review.opendev.org/c/openstack/neutron/+/872400
[4] https://review.opendev.org/c/openstack/neutron/+/872280

Closes-bz: #2176187
Change-Id: Ifb4dc278d8380fad6be2f56b9602d0c811dac721
2023-03-08 12:07:48 +01:00
Dave Wilde 67f47c0d79 Remove external from KeystoneAuthMethods
External is not compatable with federated authentication

Change-Id: If72ee0c1615efa7107a334e44ddd19d638178ce7
2023-03-03 16:07:28 +00:00
Zuul 1c7b14cadd Merge "Add Octavia amphora logs to tripleo_logging_sources" 2023-03-02 04:28:08 +00:00
Zuul c77724f266 Merge "Fix OctaviaApiLoggingSource default value" 2023-03-01 20:13:59 +00:00
Zuul 66c9416857 Merge "Fix octavia_rsyslog container startup" 2023-02-28 21:29:07 +00:00
Zuul 749e9d4359 Merge "Revert "Run virtqemud with umask 0027"" 2023-02-28 17:47:14 +00:00
Zuul 2e83a74fd1 Merge "HA: enable new container image name by default" 2023-02-23 20:02:06 +00:00
Bogdan Dobrelya 88ab470d82 Revert "Run virtqemud with umask 0027"
This reverts commit 7bba86fc58.

Reason for revert: Fix regression for virtqemud is started with umask of 0027 which then gets in the way libvirt sets up hugepages. In this particular case, libvirtd/virtqemud creates $hugetlbfs/libvirt/qemu/ (/dev/hugepages/libvirt/qemu/ in this case) which is meant as top level directory, a base where individual, per-guest directories are then created. Now, the top level directory is owned by root:root (so that nobody else can modify its perms) but we also want it to be accessible by other processes (mind you, we don't need to list the directory (o+r), we need to be able to access subdirs (o+x)).

Setting such restrictive umask for a process that is supposed to prepare environment for other users (QEMU runs under qemu:qemu) was a bad choice because of that, hence this revert

Change-Id: I75897fbaf7d9415178bc267c848b83775a384814
Related: rhbz#2166979
2023-02-21 13:35:53 +00:00
Zuul f6e5cae688 Merge "Set ovn-monitor-all before ovn-controller update." 2023-02-15 18:32:24 +00:00
Zuul 032bcc4837 Merge "Set external_ids:ovn-ofctrl-wait-before-clear" 2023-02-15 18:32:20 +00:00
Zuul 64a52f3150 Merge "Rectify service_name in ceph monitor's hieradata" 2023-02-14 21:36:10 +00:00
Zuul 619df39699 Merge "set ceph rgw_max_attr_size default to 1024" 2023-02-14 20:06:19 +00:00
Zuul 13b559bc2d Merge "Ansible package changed name to ansible-core, update exclude value" 2023-02-14 12:37:42 +00:00
Zuul 8549a94dbb Merge "Bind /run/udev into the multipathd container" 2023-02-13 21:17:37 +00:00
mciecier fbeb23e8a5 Ansible package changed name to ansible-core, update exclude value
Ansible package changed name to ansible-core. Exclude must stay due to
bz https://bugs.launchpad.net/tripleo/+bug/1998501, only update exclude
field to exclude ansible-core instead of ansible.

Related-Bug: #1998501

Change-Id: I2c83d7f494267d4c4bf9e7663a7ece048658a406
2023-02-13 08:32:50 +00:00
Zuul 338c3a3318 Merge "Fix mlnx sdn template config_settings map_merge" 2023-02-12 11:30:06 +00:00
katarimanoj 22139d3293 set ceph rgw_max_attr_size default to 1024
Currently rgw_max_attr_size defaults to 256 (a swift default) which
creates problems for openshift on OSP while uploading bigger images.

This patch will update the default value to 1024.

Alternatively, we can enfore a new value to this parameter
using a env file during deployment.

parameters_default:
    CephConfigOverrides:
       rgw_max_attr_size: <new value>

Change-Id: I9b056e60622a9f2755da6312b89d80577ca596f4
Resolves: rhbz#2167161
2023-02-09 19:57:20 +05:30
Alan Bishop e66c06eb0b Bind /run/udev into the multipathd container
The multipathd daemon relies on udev to manage multipath devices,
which in turn requires the daemon have access to /run/udev on the
host. See Ia6a8d27fd2ae6310544bc3767cf7f1fb246939c3 to understand
why we cannot bind all of /run into the container.

Resolves: rhbz#2165494
Change-Id: I46e804676757068e41ebb1e63ba0136d038c0247
2023-02-08 09:40:12 -08:00
Jiri Podivin 8d17681d3d Capping ansible-lint version
Closes-Bug: #2004633

Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: I0b1a4a8d534ca985f7430255c8add86211e5ddab
2023-02-06 13:41:21 +01:00
Zuul 1d32ada441 Merge "[Pure Storage] Add new FlashArray Cinder driver parameter" 2023-02-01 05:00:31 +00:00
Sofer Athlan-Guyot 119ff63739 Set ovn-monitor-all before ovn-controller update.
This parameter is missing during ovn-controller update and can cause
cut in data plane in certain cases.

We refactor this section of the external_update_tasks to manage all
parameters that have to be set during update for ovn-controller. If
others are needed we just add them to that section.

Change-Id: I30f083a906e457fd5b92d96a6fda8e6451c11fbb
2023-01-31 16:53:38 +01:00
David Hill 3512eae017 Set external_ids:ovn-ofctrl-wait-before-clear
In order to avoid flow update while updating, we need to set
external_ids:ovn-ofctrl-wait-before-clear to some value that will
be used to wait before clearing all flows.

There is code for taking this parameter into account during
deployment, this is the part that takes it into account during update.

Change-Id: I8af36a960156e5203c97293442fbfe1a1ff47dd5
Co-Authored-By: David Hill <davidchill@hotmail.com>
2023-01-31 16:52:55 +01:00
Zuul eceb0177b4 Merge "Role-spec NovaComputeStartupDelay" 2023-01-27 17:48:05 +00:00
Zuul e1575273c6 Merge "Fix wrong tcp port for heat-cfn endpoint with ssl" 2023-01-27 07:03:43 +00:00
Takashi Kajinami e98f23fd15 Fix wrong tcp port for heat-cfn endpoint with ssl
The heat-cfn api uses tcp/13005 for its public endpoint when ssl is
enabled. This corrects the wrong port in iptables rule.

Closes-Bug: #2003929
Change-Id: Ibb8037fad70c628ab26a6cf0dd4401bb6b23cc7c
2023-01-26 13:18:43 +09:00
Bogdan Dobrelya 768b8f3964 Role-spec NovaComputeStartupDelay
Make it role-specific for other compute roles, like HCI,
to work with it

Follow-up Ie7ad2d835c1762dc4b9341e305e6a428cb087935

Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I7d5c01d21af34df5e9fa8842f46aa435975a2ace
2023-01-24 14:11:57 +01:00
Gregory Thiemonge 3c38d8a1a6 Add Octavia amphora logs to tripleo_logging_sources
When enabling the rsyslog forwarder in tripleo, the amphora logs are not
added to the rsyslog config. Add the 2 files if log offloading is
enabled, and also ensure that the files exist in the directory, rsyslog
skips the settings if they are missing, and they were created only when
a load balancer was spawned by Octavia

wallaby-backport-potential

Change-Id: I04c48371183c84d1c0f4295536c7c3e59483daad
2023-01-24 11:57:49 +01:00
Gregory Thiemonge 88de441153 Fix OctaviaApiLoggingSource default value
The default file for OctaviaApiLoggingSource was api.log, but it should
be octavia.log [0]

[0] https://opendev.org/openstack/puppet-octavia/src/branch/master/manifests/logging.pp\#L115

wallaby-backport-potential

Change-Id: If5383028f7f92cf5dcd3ca40390ea37e59cbf9ae
2023-01-24 11:57:49 +01:00
Gregory Thiemonge bd6f0ddcbb Fix octavia_rsyslog container startup
The octavia_rsyslog container fails to start because of a privilige
issue ("could not transfer the specified internal posix capabilities
settings to the kernel, capng_apply=-5"). It appears that the tripleo
rsyslog service is created with "privileged: true", apply the same
parameter to the octavia container.

wallaby-backport-potential

Change-Id: I1e5107c7e2a42e47cb3e14cf6db02482f7b0b331
Closes-Bug: #2003777
2023-01-24 11:57:49 +01:00
Sandeep Yadav 9962b52a0a Replace qdrouterd backend with rabbitmq in Sc03
qdrouterd for RPC is not a supported backend in RHOSP,
updating sc03 to test rabbitmq which is a supported
backend for RPC communication.

Trying to run with qdrouterd backend in downstream fails
because python-pyngus is not added as dependency downstream[1]
python-pyngus available since RHOSP13 but is not added as dep
for oslo-messaging rpm with reasoning[2].

~~~
 ModuleNotFoundError: No module named 'pyngus'
~~~

Sc03 provides desginate testing coverage, This change will
allow us to run standalone sc03 in downstream pipelines keeping
sc03 env files in sync in upstream and downstream.

This patch will be backported to wallaby.

[1] https://github.com/rdo-packages/oslo-messaging-distgit/blob/wallaby-rdo/python-oslo-messaging.spec#L89-L91
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1791364#c13

Change-Id: Ib49223709e20931abcec4d16301db9882c64c06f
2023-01-20 12:36:17 +05:30
Zuul a4cc72390f Merge "Ensure cinder-volume pcs task has correct become" 2023-01-19 10:27:25 +00:00
Yadnesh Kulkarni a7d94bb971 Rectify service_name in ceph monitor's hieradata
"ceph-mon.yaml" should populate collectd hieradata for "ceph_mon"
instead of "ceph_osd".

Add example mons and osds daemons for collectd to monitor in
CI environment files.

Depends-On: https://review.opendev.org/866817
Depends-On: https://review.opendev.org/866688

This change is wallaby-backport-potential.

Resolves: rhbz#2116340
Change-Id: I5d6626774de7aeac9bbc5d70d856eeaba987714b
2023-01-19 05:40:10 +00:00
Lukas Bezdicka e7621f2b63 Ensure cinder-volume pcs task has correct become
In post_upgrade we run PCS commands while not using become.

Change-Id: I62ccd382adc6b4af739ab4bba680ac777855de30
2023-01-18 16:15:40 +00:00
Lukas Bezdicka d4afd7eb40 FFWD3: Bump container-rools to latest
On EL8 based systems we should use latest container-tools as the
support for running UBI9 is only available there.

Change-Id: I8d777de2778cc595878619552831a1d60086ccef
2023-01-18 16:15:16 +00:00
Zuul 297ac79ed4 Merge "Add ceph cluster's fsid to collectd hieradata" 2023-01-18 12:36:23 +00:00
Zuul 73c89b369f Merge "Ceilometer: Enable oslo.cache backend" 2023-01-16 20:08:08 +00:00
Zuul c8607e3ae2 Merge "[Octavia] Set octavia *_log_targets params with tripleo-ansible" 2023-01-13 13:46:17 +00:00
Yadnesh Kulkarni 88e36f6796 Add ceph cluster's fsid to collectd hieradata
Ceph plugin in "puppet-collectd" requires Ceph cluster's
fsid[1] to generate the plugin configuration with new socket
paths.

This change comes after the socket path of services were
changed from "/var/run/ceph/" to "/var/run/ceph/<fsid>/".

This change is wallaby-backport-potential.

[1] https://github.com/voxpupuli/puppet-collectd/pull/1007

Signed-off-by: Yadnesh Kulkarni <ykulkarn@redhat.com>
Change-Id: Ic67f68ec51e176040ef982a3721cd7afce68877e
2023-01-12 04:52:59 +00:00
Simon Dodsley 93de3c656e [Pure Storage] Add new FlashArray Cinder driver parameter
Depends-On: I6a3d2626be0f59500fa164b05d96a8b637c51b86
Change-Id: Id223b8b4d32d5da2b5bf1b44efebb9a2997cbd8a
2023-01-11 17:19:10 -05:00
Zuul 2e053e0dec Merge "Add a tag for package setup" 2023-01-11 15:27:06 +00:00
Zuul 92be142b21 Merge "Switch to 2023.1 Python3 unit tests and generic template name" 2023-01-11 11:55:03 +00:00