This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of Ironic services have been removed.
Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
Allow tht parameter IronicInspectorSubnets to specify
per-instance ip range(s) using hostname as key for each
list of ip ranges. For HA deployments use disjoint
address pools to avoid potential address conflict.
Implements: blueprint ironic-inspector-overcloud
Depends-On: Ifae513265b8c35d98012f14f951bac33ae90b66c
Change-Id: Ifdebe9fcc817b4572f1eb461a3396af6b55f1e6b
The puppet openstack modules have switched the debug setting to a
logging class in the modules. They are starting to remove the base debug
option so we need to switch our usages to use the logging classes
Change-Id: I690448db2de341ec428181f19364c93a3273b565
Needed-By: https://review.openstack.org/#/c/619379/
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.
Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
Since the ironic-inspector service and the dnsmasq
service for ironic-inspector is running in different
containters, having the ironic-inspector service
start/stop the dnsmasq service is non-trivial.
Using `--pid="host"` and making the containers
priviligeied seems less than ideal.
This changes the ironic-inspector configuration so
that it will no longer purge the dhcp-hosts dir on
intialization. Purging the directory without also
restarting (or HUP) the dnsmasq service can cause
the configuration in the DHCP service to deviate
from what ironic-inspector intend it to be.
Related-Bug: #1780421
Depends-On: Icc532115891c567dde20a28110bf08f54187c49f
Change-Id: Id26b578b57c46f9993459f83b5f90393d7798a82
Modify both the inspector and dnsmasq containers for the inspector to be
able to modify dnsmasq configuration on the fly to filter the dhcp
traffic.
The upgrade_tasks moved to the puppet service in order to be shared
between both the containerised and regular deployment. The upgrade_tasks
were amended with steps to clean-up the iptables inspector chain&rules.
With inspector no longer managing iptables rules, create new rules to
allow DHCP traffic on IronicInspectorInterface.
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Change-Id: Ic7e32acb8559a7a12cd8767dc68c343872a6a4e3
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
* auth_uri was replaced by www_authenticate_uri
* conductor::api_url is redundant, can be fetched from keystone
* glance_api_servers is redundant, can be fetched from keystone
Change-Id: I654f312754e169c54f3e7072160006b8d3112265
Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.
In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.
This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).
Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
There are still some HOT templates pointing to ocata and
they should be pointing to pike.
This patch needs to be backported to stable/pike.
Change-Id: I42cc7e6d97e1f9d043d3cf82fc164448558d47bd
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.
Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).
Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2