This patch adopts the recommendation outlined in OSSN-0090 [1], in
which two instances of the glance-api service are deployed:
- A "user facing" glance-api service, accessible via the Public
keystone endpoint.
- An "internal facing only" service, accessible via the Admin and
Internal keystone endpoints.
The user facing instance is configured so it does not report any image
location information. This is achieved by configuring glance-api.conf
with the show_image_direct_url and show_multiple_locations set to False.
The internal service operates on a separate TCP port (defaults to 9293)
with its own glance-api.conf that configures show_image_direct_url and
show_multiple_locations set to True.
In order for cinder and nova to have access to the image location data,
both services are configured to access glance via the internal service.
[1] https://wiki.openstack.org/wiki/OSSN/OSSN-0090
Closes-Bug: #1822540
Depends-On: Ideb5a951d538d9e2c7cca11dfe0e8b99520de959
Depends-On: Ib6188505197d0a267dbd8c4d96f12f31f7b5c9f0
Change-Id: Id093613f9d410eb3fe5564a724c0f75275eeb4e8
VMAX was rebranded to PowerMax and the old driver was deprecated.
Because current TripleO supports the new PowerMax share driver and
the configurations for old VMAX driver is known to be broken, this
removes support for the VMAX share driver.
Change-Id: I8031f6c66dd1feae303e7b2c3eeddfb8b532c676
These services were deprecated during Xena cycle by [1]. Since we have
created the Zed release, now we can remove the features deprecated
before that.
[1] 18651160a9
Change-Id: Ib248ec4bec57a5d747a1cf35157084d2cb51b566
In ancient times, B&R used heat templates to deploy ReaR to the
controllers. Since a long time, this has been superseded by an ansible
playbook ran by openstack overcloud backup --setup-rear. Now, that
feature is duplicated, so we remove the possibility of installing
ReaR with heat.
A deprecation notice has been submitted to stable/train in patch #847148
Related-Bug: rhbz#2097611
Change-Id: Ic01c44ba35b6d28cb45879b1006633ac1fcf8d19
Support for CloudWatch API was removed during Queens cycle[1].
This change removes the remaining resource and cleanup resource because
these have been kept for multiple cycles.
[1] fa95169e0b
Change-Id: Ib7f6daf05cd35b7d87a745aff7a1035657aec744
The templates were added in [1]; but the service wasn't added
to the overcloud resource registry. Also add it in standard
roles and CI environments for consistency. Since [1] was backported
to stable/train, this commit is appropriate for backport as well.
[1] https://review.opendev.org/c/openstack/tripleo-heat-templates/+/818105
Closes-Bug: #1951131
Change-Id: I1d4e50632bae7dc9f5ccb5acaf3345ab78e2b767
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
With the recent changes meant to allow deployment of Ganesha on the
"external" network, the CephNfs service can be added to more roles
than just ControllerStorageNfs.
Change-Id: Ic9010307c2aab7041c8ae30c72cc1bf99fdd22f6
Closes-Bug: 1961578
Zaqar was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the
overcloud for some time.
Change-Id: I3bdcc72d6127ec96ff2307cafbf57f6178c3ef5c
Mistral was deprecated in Wallaby and is no longer in use on the
undercloud and it hasn't been officially supported in the overcloud for
some time.
Change-Id: I6963453f53cb554ca8fdb58706f04838bbd11ba0
The HEP Lefthand driver was removed from cinder during Ussuri release
and puppet-cinder also dropped support for the driver during Xena
cycle.
Closes-Bug: #1933709
Change-Id: If0e72c48212b867f0d9162f58e67099ac7350c4e
OVN is a default networking service for Neutron.
The default configurations for OVN were implemented but OVNCMSOptions
was missing.
This change introduces OVNCMSOptions to Controller and Networker roles.
Closes-Bug: #1928901
Change-Id: I441f16f5e596dcbc6f5e567b07d3cd19a57c21e2
There isn't a 1:1 correlation between the designate worker and bind
instances nor is it always desirable to run them on the same host.
Depends-On: If97e16a125537c1b5d9f5cfac1de0ffae0edb99a
Change-Id: I624299476a2911f12b1f5ce01964e5d926c6b38e
This patch addes TripleO support for the Unbound DNS resolver service.
This service will initially be used by the Designate service.
Change-Id: I8135ce4f344aeb7c0cf7521e0ba42335c4c7bbc8
This adds support for BGP via the OS::TripleO::Services::Frr service.
Spec: https://review.opendev.org/c/openstack/tripleo-specs/+/758249
We create the frr configuration via the corresponding tripleo_frr
ansible role at step0. We start the FRR container at deployment step
1 before pacemaker gets configured as the routing to all the other nodes
needs to be functional before setting up the cluster.
Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com>
Change-Id: I7cef73c57e7b69f4d031e220c954803afd5e0b8c
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.
Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.
Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.
Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.
[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
This patch adds ReaR service to some roles currently without it,
because this service is expected to be added to all roles when rear
service templates were introduced initially[1].
[1] 79bd7c447b
Note that this patch doesn't add ReaR service to Ceph roles because
generally we don't expect taking backup of Ceph nodes by ReaR.
Change-Id: I8222c39925a3ba3172fa03ae8931a6de3fb021a1
We don't deploy Keepalived in multi-node as our HA story is done with
Pacemaker. Therefore, we don't use VRRP protocol that Keepalived
provides to maintain the VIPs alive, so we don't really need this
service.
Instead, we can configure the VIPs on the br-ctlplane interface which
already handled the local_ip. Now it also handles the configuration of
public ip and admin ip.
Keepalived is now deprecated and will be removed in the next cycle.
blueprint replace-keepalived-undercloud
Change-Id: I3192be07cb6c19d5e26cb4cddbe68213e7e48937
- Remove Docker service from all the roles; not needed anymore
- Switch ContainerCli to podman for docker-ha environment. Note; this
environment might be renamed at some point to, container-ha.yaml. But
for backward compatibility we still use it now.
Also switch EnablePaunch to false since we were waiting for the podman
switch to do it.
- In the overcloud registry, disable Docker by default and enable Podman
by default.
This patch will only work for centos8/rhel8 based deployments.
Change-Id: I561c52ce09c66a7f79763c59cd25f15949c054af
We're dropping this as it has no testing and is not currentily available
for CentOS 8.
Change-Id: I408490346840d5a2e3ae29f53cbc100edcf72ee7
Depends-On: https://review.opendev.org/#/c/712517/
Sensu client has been deprecated and it's functionality substituted
by collectd-sensubility. This patch removes sensu-client composable
service
Change-Id: I4be68eb7319b2c92cc7d0fc9df7a5c87dfb5106c
The Tacker service has been incomplete since Queens. They restructured
the services and TripleO has never implemented code to handle this new
structure. Since it's been disabled since Queens and there is currently
no plans to fix it, let's remove the service code.
Change-Id: I2856e894b58d50c2d3484ccd02bfb1d43625847f
Depends-On: https://review.opendev.org/#/c/682457/
Related-Bug: #1714270
This patch removes fluentd composable service in favor of rsyslog composable service
and modifies *LoggingSource configuration accordingly.
Change-Id: I1e12470b4eea86d8b7a971875d28a2a5e50d5e07
This patch adds rsyslogd composable service with the same behaviour
the fluentd composable service currently has.
Co-Authored-By: Juan Badia Payno <jbadiapa@redhat.com>
Change-Id: I18e349c450a42dc7e9867d200e777a324e2d12bc
This is part 1 of a series of patches to properly deploy multipathd.
This patch makes Multipathd an optional TripleO service (defaults to
OS::Heat::None), and binds it to every role that might use the service.
This is essentially any role that accesses cinder volumes. Previously,
the service was not optional, but was not bound to any roles and so it
was never deployed.
Partial-Bug: #1834042
Change-Id: I3bc7d8557f758103c35533a59e06e36cd15f98b9
By introducing update_serial variable we parallelize update
execution on non-pacemaker enabled nodes. Custom role data users
need to update their role files. By default we do serial 1 making
sure nothing changes for users who didn't update their role data.
Resolves: rhbz#1652057
Closes-Bug: #1831617
Change-Id: I4ee0110a6c2b9466d81e37e5df27f5f81a6eceb5
The project has been retired and there will be no Train release [1].
This patch removes Neutron LBaaS support in tripleo-heat-templates.
[1] https://review.opendev.org/#/c/658494/
Closes-Bug: #1831618
Change-Id: If13bbcdea82045d816485412f252c9b52bcf45a7
We need to ensure the openstack clients are installed on controllers for
the deployed server case. This should be handled by the overcloud images
themselves, however if the images are not used we should make sure the
clients get installed with our OpenstackClients service.
Change-Id: If7fad9f24c7294c2d749fc3838b1fb71182930fc
Related-Bug: #1829769
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.
Let's remove its support in TripleO, to reduce the codebase.
Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
This addresses a possible bug when using FreeIPA to do TLS
everywhere.
It is possible that the IPA server is not on the ctlplane.
In this case, when the nodes start up, the registration of the node
with IPA will fail, resulting in failed certificate issuance requests
later on.
We introduce a composable service to run in host_prep_tasks.
This will always run once the networks have been set up. If the
instance has already been enrolled (by cloud-init or in an update),
then the script executed by the service will just exit.
In this iteration, we simply execute the code that the cloud-init
would have done. In later releases, we will execute all the code
performed by novajoin-server here in ansible - and deprecate the
novajoin server.
Change-Id: I31f64c3cbd1d151e3c2a436cc3e2ec5316535087
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Resolves: rhbz#1661635
Closes-Bug: #1815924
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.
Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.
Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.
a) For the Vip's:
Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
b) For overcloud node ports:
Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:
- name: <role_name>
networks:
<network_name>
subnet: <subnet_name>
For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.
When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.
Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.
Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.
For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.
Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
In order to support switching between multiple timesync backends, let's
simplify the service configurations for the roles so that there is a
single timesync service. This timesync service should point to the
expected backend (ntp/ptp/chrony).
Change-Id: I986d39398b6143f6c11be29200a4ce364575e402
Related-Blueprint: tripleo-chrony
This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.
Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
Ghanshyam Mann