The DeployedServer parameter was already deprecated[1]. This adds
the VipPortMap parameter, which is now used to define vips, into
ansible group vars. Currently this is required so that standalone
deployment process can loop up the additional ip passed by
the --public-virtual-ip option.
[1] 26be317990
Change-Id: I29b7ed036d0775d6cb98c6dc40cfde407c46fbbe
This is the prep-work to drop the deployed-server-environment.yaml and
makes sure the deployed server is used by default.
Note that this change also makes the ControlPlanePort resource type
default to the deployed neutron port, because the port should be
pre-provisioned as part of baremetal node deployment process.
Change-Id: I03500eb2b4a6302f35aa71ae2f81bfd0c0bf064f
This change removes the following parameters, which were used by
undercloud Nova.
- KeyName
- Overcloud{{role.name}}Flavor
- {{role.name}}SchedulerHints
- {{role.name}}Image
This also removes the NodeUserData resource because it depends on
cloud-init and nova metadata and is no longer used since Nova was
removed from baremetal node provisioning.
Finally, this change makes deployed server method used by default, and
removes remaining implementation to keep the resource compatible with
OS::Nova::Server.
Change-Id: I571b401ab2ca3c77352f4849eb2b99de20292032
When using `ManageNetworks: false` the gateway IPs are
empty string instead of `null` when not set. The YAQL
expression filters `null` values, but the empty string
value is included in the list. The ping gateway test end
up trying to run "ping $args $empty_string" which fails.
This change improves the yaql expression to also filter
strings with 0 lenght.
Closes-Bug: #1973866
Change-Id: I7d8712223d077ab8e25239b891bd03a1324e01a8
AdminPassword and KeystoneRegion need to be added as a stack outputs so
that they are saved in the working directory for stack outputs after
using ephemeral Heat to create the stack.
The code to create the rc params to create the overcloudrc file(s)
(tripleoclient.utils.get_rc_params) can then create the overcloudrc
using only the working directory. No reference to the stack object or a
running instance of Heat to query the stack would be required.
Change-Id: Idaef781163c6c8f5928d93d9bbc1aa7b0dee6fd6
Signed-off-by: James Slagle <jslagle@redhat.com>
This change ensures that firewall rules for haproxy endpoints are
enabled properly even when haproxy and api services are running in
different nodes.
With this change, firewall rule for ssl endpoints are removed from base
firewall rules because these ports are used by haproxy and not used by
api services.
Also, the adhoc implementation to run firewall configurations first is
refactored by the new host_firewall_tasks key. This allows us to
implement tasks to configure firewall in the corresponding resource
template.
Closes-Bug: #1961799
Depends-on: https://review.opendev.org/831547
Change-Id: I07ceab077f9a900f7e2e35af8acd3e7a337ed01a
We have used the dns_nameservers from the subnets for
a long time by default: https://review.opendev.org/579582
With network config being applied prior to creating the heat
stack we cannot use a THT parameter to feed the input for
node network configuration. In Wallaby and later the nameservers
must be defined in undercloud.conf using:
'DEFAULT/undercloud_nameservers'
or
'%SUBNET_SECTION%/dns_nameservers'
The latter allow defining nameservers per-ctlplane subnet.
Related: RHBZ#2068489
Change-Id: I436fa7f1e87a8e6924c9d93105b06f9ab39eeb8f
The networking-bigswitch plugin is no longer maintained. The repository
has not been updated for 2 years and no release has been made since
stable/train.
Ideally we should deprecate the functionality first. However current
TripleO follows its own independent release cycle and this makes it
difficult to implement deprecation consistent with the underlying
puppet-neutron. (We are deprecating support for the plugin during Yoga
and will remove it completely in Zed). Because of this situation and
the assumption that it's not likely any user will use the plugin with
recent versions of OpenStack, this change directly removes support
for the plugin from TripleO.
Change-Id: Idea125fa97c39e1f5e97d76f8d33b61fab695625
Closes-Bug: #1962579
AnyErrorsFatal is boolean, just like its neighbor
NetworkConfigUpdate param.
The string type ends up with group_vars, like:
any_errors_fatal: 'True'
network_config_update: false
Fix the type to correspond a bool in ansible.
Change-Id: Ice8d3ee63d11c531641b9defeb615ad7006f1671
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
PingTestGatewayIPsMap elements may contain list of lists, causing failures
on roles that iterate over them. See [1] and #1950528 for more info.
[1] https://review.opendev.org/c/openstack/tripleo-ansible/+/817500
Closes-bug: #1950528
Change-Id: Idb70c822f01f808871a53689edfa2edf52e59e54
Signed-off-by: Douglas Viroel <dviroel@redhat.com>
Add ping test for gateway IPs on all networks, to ensure
all gateways are reachable.
The releated Bugzilla reports an issue where some network
fabrics fail when using the current node ping test, which
pings the first node in each role. The fabric simply does
not forward traffic before the gateway has been pinged.
One can argue that the fabric in question is broken. However,
with the current implementation the first node in each role
actually ping tests only against it's own address? So adding
the test to ping the gateway addresses improves the validation
in general.
Related RHBZ#1875962
Depends-On: I93cded61ffb862e99fd8043dbf0def3d16079692
Change-Id: I3309f2a0e39ad115930ecd5c0e895816565819e9
In ansible, usage of true/false for boolean values, instead of yes/no,
is considered as a best practise and is enforced by ansible-lint with
the "truthy value should be one of false, true (truthy)" rule.
This change replaces usage of yes/no by true/false to follow that
practise.
Change-Id: I3313278f1ef6cbee0f906aca0a77bde1a3c53784
With Ephemeral Heat, we can no longer rely on the stack
action to perform tasks. Such as we did with
NetworkDeploymentActions. This change will add a new
parameter to replace this functionality.
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/805213
Change-Id: I7067c31f4fcc3f263ae2e3ab993c8bff7113d55b
With Train, net-config-bridge.j2.yaml was the default for roles tagged
with 'external_bridge'. The equivalent from the new
tripleo_network_config ansible role is templates/net_config_bridge.j2.
We should keep the default the same.
Signed-off-by: James Slagle <jslagle@redhat.com>
Change-Id: I0255181dcd21dc4a50647169a20265a83057c67e
This simply stores the data structure in the network_data
and roles_data YAML files provided with the -n and -r
options when deploying the overcloud.
This can be generally useful for troubleshooting.
Also the 'overcloud node extract provision' command rely
on the roles data source. Storing it in the stack means
we can get to the data in case the user missplaced the
file originally used, or in the case where we want to
automate the process for all deployed stacks.
NOTE: The idea is to backport this to the release intended
as the upgrade from release, so that the follow on change
Icc6a7a438e9d0f39d003d1cf8ed84d6fb1d5485a can use it during
upgrade.
Related: blueprint network-data-v2-ports
Change-Id: I1efecdcd7afa6af3e6b4b26f4435198836db535f
This change adds an extra ansible host var to the defaults which
will allow an operator to more easily define a mapping of options
to configure advanced ansible options within their deployment.
Change-Id: If4654470a77a67445a56fb8fed6963fed300aad4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Moving the network and port management for OVN
bridge MAC addresses to ansible.
Removes the heat resources, and adds an external
deploy task at step 0 in the ovn controller service
templates which uses the 'tripleo_ovn_mac_addresses'
ansible module to create/remove OVN mac address ports.
Adds parameter role_specific OVNStaticBridgeMacMappings,
parameter that can be used to set static bridge mac
mappings. When this is set no neutron resources will be
created by the tripleo_ovn_mac_addresses ansible module.
OVNStaticBridgeMacMappings must be used for standalone
deployments.
Implements: blueprint network-data-v2-port
Depends-On: https://review.opendev.org/782891
Depends-On: https://review.opendev.org/783137
Change-Id: I6ce29d2908e76044c55eb96d0d3779fe67ba9169
After a Overcloud deployment, /etc/hosts on the undercloud
will be populated with entries for each overcloud node. Since
we use the same tripleo_ansible roles for both the undercloud
and overcloud deployment, the /etc/hosts file on the Director
will be removed by undercloud install / upgrade operations.
This is outlined here:
https://bugzilla.redhat.com/show_bug.cgi?id=1933528
This change adds the RootStackName to the group_vars,
this is then used by the tripleo_host_entries role in
tripleo-ansible to write host entries per stack.
Closes-Bug: #1924751
RHBZ: 1933528
Change-Id: I9e53187f37d41d7180e66db1239b5f9c8846addd
With this change a Heat resource is no longer used to
create an undercloud neutron API port resource for the
redis and ovn_dbs service virtual IPs. Instead an
external deploy task at step 0 in the individual service
template uses the "tripleo_service_vip" ansible module
to mange a neutron API port resource for each service.
The interfaces to control the IP address and service
network (RedisVirtualFixedIPs, OVNDBsVirtualFixedIPs
and ServiceNetMap) remains the same.
It is also possible to include the 'use_neutron' boolean
in the FixedIPs parameter to instruct the ansible module
not to create a neutron API resource, and simply "echo"
the ip_address given in the FixedIPs parameter. For
example:
RedisVirtualFixedIPs:
- ip_address: 1.0.0.5
use_neutron: false
Alternatively the fixed-ips can be set using the
'ServiceVips' parameter, like this:
ServiceVips:
redis: 1.0.0.5
ovs_dbs: 1.0.0.6
NOTE: If the neutron service is not available the
tripleo_service_vip ansible module will "echo"
the IP provided in %service%VirtualFixedIPs.
Related: blueprint network-data-v2-ports
Depends-On: https://review.opendev.org/777307
Depends-On: https://review.opendev.org/779883
Change-Id: I4794418546363888e7a555a16b45b7a4417f1ef8
Set up tag hints on all OS::Neutron::Port resources.
The network-data-v2 work uses tags on neutron resources
to find existing resources so that we update instead
of create. Also for generating environment files info
in the neutron tag field is utilized.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I3d43ae22cc45e5528ecfb1a6b2cb8602faa162a0
The role ResourceGroup (puppet/role.role.j2.yaml template) tries to
create a port on the OVNMacAddressNetwork, as such we need a dependency
in the top level stack, otherwise the network may not exist before Heat
attempts to create the port.
Change-Id: Ie453fcdbb8eb42bbf718506b0b9b443ccd84543a
Signed-off-by: James Slagle <jslagle@redhat.com>
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
All heat params have been copied over, there are a bunch
that are used for conditionals.
The outputs and conditionals secions in *-puppet do a lot
of configuration, and provides lists of defaults for
puppet. These will be moved to ansible, role is at [1]
and in tripleo_ansible.
[1] https://github.com/infrawatch/collectd-config-ansible-role
[x] https://github.com/infrawatch/tripleo-collectd-ansible-role
Depends-On: Ib75702bf17a76cae3a811db503d3365e6aacf663
Change-Id: I9939a524795bb3fbc63e44f203f851dadeb7c30a
This patch exposes the net_cidr_map variable so that tasks can
access the list of CIDRs that are valid for a network as opposed
to attempting to build the CIDRs from the network definitions.
In spine-leaf or edge use cases the networks may have multiple
subnets assigned to a given network.
The new Unbound service will use these maps to build lists of
CIDRs allowed to make queries.
Change-Id: I6004519e8b2317d19356c4a2b8bea416b4d94c22
Set tags tripleo_vip_net=ctlplane and tripleo_stack_name=$STACK_NAME
on the ControlVirtualIP port.
Related: blueprint network-data-v2-ports
Change-Id: I098f24423716688fe8ff61a894516f3e860b2a4c
This is added for backward compatibility for passing
json config directly for undercloud network configuration.
Partial-Bug: #1915585
Change-Id: I58c34766e8250f4de45172e0372329dd7a09af9d
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
We shouldn't be double quoting the hieradata files in overcloud.j2.yaml.
Related: https://bugzilla.redhat.com/1924862
Change-Id: I042c26ac5a488bbd9f9d3802cfe6ea95c7ab0380
In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.
Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.
Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450