Commit Graph

451 Commits

Author SHA1 Message Date
Jonathan Rosser 52e02439ca Fix physical network mapping for linuxbridge
The same physical network label cannot be used more than once with
Linuxbridge.

This patch standardises the label physnet1 for the flat public network
and instead uses physnet2 for the vlan project networks for
Linuxbridge.

Change-Id: Ie42b995c93e081d484fc177fb665802950335c50
2024-03-13 13:12:35 +00:00
Jonathan Rosser 563159f49c Always use physnet1 as external network name in AIO and examples
Previously this was either 'vlan' or 'flat' depending on the external
network type, and there were also cases when the name and type were
mismatched - particularly when the flat network was untagged traffic
on a vlan bridge.

This patch removes that confusion and always names the external
network 'physnet1' to align with the upstream neutron examples.

Change-Id: I3cd8b93b42777b787552051bcdc9a90347f1e03d
2024-02-20 17:26:00 +00:00
Dmitriy Rabotyagov 5b57f10eec Add support for extra Python packages inside Ansible runtime
At the moment there is no well defined way to supply list of extra Python
requirements for Ansible venv. However, some collections for their work might
require presence of extra libraries inside the execution environment.

While PIP_OPTS might be used right for that, it's usage is not transparent
or documented.

In order to handle such need, `user-ansible-venv-requirements.txt ` is being implemented
that reside inside OSA_CONFIG_DIR and contains list of required packages
for installation when running bootstrap-ansible.sh

Change-Id: Ic99f7eff200e2e672dcc3edd875b155af84232b7
2024-01-11 14:35:09 +00:00
Dmitriy Rabotyagov fd4e041608 [doc] Add examples of u-c-r, u-c-c and user.rc
As of today we do support very powerful set of overrides for roles,
collections and environment variables that are not widely used or known
by deployers.

This patch aims to add some example files to sample openstack_deploy
folder to raise awareness about existence of these files.

Change-Id: I3940f5277c7d5a26c2686382758507c19b0c815d
2023-12-07 18:38:44 +01:00
Jonathan Rosser 7a32e9a359 Fix container bridge name for octavia
This should be br-lbaas not br-octavia. There is no coverage for
this in CI tests as the role tests run without containers.

Change-Id: I3ac3bfce67bc614c72dec0a6a57a7df7717e0e8e
2023-09-05 17:48:19 +00:00
Dmitriy Rabotyagov 86d1bdff55 Rename container_address to management_address
This patch aims to reduce confusion caused by a variable
`container_address` that's applicable for bare metal hosts. With that
it renames  `is_container_address` to `is_management_address`
to be aligned with the purpose of the variable, as `container` part
raised confusion.

Change-Id: I314224f3376cf91e05680b11d225fdaf81ec32ab
2023-05-22 09:57:17 +02:00
Dmitriy Rabotyagov fb34651cc2 Add is_nest property for container_skel
The main purpose of that patch is to allow creation of "virtual"
container_skel, that will not generate any containers in inventory,
but will contain all containers of corresponsive hosts. That might be
useful in usecases like AZs, or when deployer simply wants to create
custom groups and include all bare metal hosts along with all
containers on them to the same group. Such behaviour can be triggered
when empty belongs_to is provided for container_skel along with is_nest
property. Then container_skel item will contain host-containers and it's
children.

Change-Id: Ic5570bfe9f0f54d1ea1e067834c11e6c390a2686
2023-03-27 17:33:18 +02:00
Jonathan Rosser b59b392813 Use certbot to generate SSL cert for the external VIP in 'stepca' scenario
This patch uses the certbot functionality to issue a certificate
from a locally installed ACME server on the AIO node, when the
string 'stepca' appears in the scenario.

This allows testing of the certbot code in the haproxy role and the
wider integration with Openstack-Ansible to be tested in CI jobs.

Change-Id: Ide769f54505898630aae67e25b238624ba4f4fdb
2023-03-15 23:16:48 +01:00
Jonathan Rosser dc1f76c823 Remove support for calico ml2 driver.
The deployment of etcd as a service on the control plane is no
longer needed as calico was the only user of this.

The etcd-server role remains in our requirements as it is used
internally as part of the Zun playbook.

Change-Id: I2a158fd2b85ec0e637071ed4ef7c123a6583ecc0
2023-02-23 12:13:55 +01:00
Dmitriy Rabotyagov bb3a58604b Restore dynamic_inventory unit testing
It seems that we have dropped unit testing of our dynamic_inventory
some time ago. This patch aims to setup zuul tests using tox
and restore test functionality to make it passing with current codebase

Change-Id: I8ccee779fd629e8696ec2e12397b148b52cd0c73
2023-01-11 10:14:43 +00:00
Jonathan Rosser f37c822023 Deploy 3 keystone containers for infra CI jobs
This validates that the ssh_keypairs role is able to correctly
set up the fernet key sharing rsync between multiple keystone
instances.

Change-Id: Ief28ee62ff76a48b126de8b70a7a1ef8f610f2e1
2023-01-10 12:40:04 +00:00
Dmitriy Rabotyagov 7b9d543ab5 Update AIO to use OVN-style provider network for Trove
This patch updates the aio openstack_user_config template to
use the OVN/OVS style provider network definition for Trove
testing.

Change-Id: I864584e213d8a6a50e0f0b1003be34b0e392dd6e
2022-12-12 16:56:44 +01:00
James Denton d35e3e0dae Update AIO to use OVN-style provider network for Octavia
This patch updates the aio openstack_user_config template to
use the OVN/OVS style provider network definition for Octavia
testing.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/867087
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/867113
Change-Id: I4bcd4a9b74f41cdf57cb9e8ea76d03a3720833a4
2022-12-09 14:17:05 +00:00
Dmitriy Rabotyagov 9813045788 [doc] Document better requirement for keepalived vip_cidr
Closes-Bug: #1998109
Change-Id: I5149b81f66775d0212d44e277e1e1cf794b1003d
2022-12-06 17:19:27 +00:00
James Denton 79fc2a604d Implement OVN inventory changes and deploy by default
This patch updates the OSA inventory to include a new group,
network-gateway_hosts, which operators can define to dictate which
nodes can be considered OVN gateway nodes. In addition, the default
mechanism driver is no longer ML2/LXB and must be specified by the
operator.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865961
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/866249
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/866159
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865973/4
Change-Id: I7be6520b338b5578b04631cfa04a9122c735959c
2022-12-05 16:11:25 +00:00
Dmitriy Rabotyagov 65ce2753fa Add zookeeper deployment
Zookeper is being added as a coordination backend which is
required for some service features to work properly.

Change-Id: I2d464ae339f057ea4ba08bd343b6a51c029a74f3
2022-11-25 09:13:22 +00:00
Damian Dabrowski bb1287555c Make ceph use storage network
With current "Ceph production example" the difference between ceph's
public and storage network is not clear.

We assign Storage Network to compute nodes, but it's not used there.
We also asign Storage Network to ceph monitors, but it's not used there
as well.

Same problems apply to AIO environment.

As Dmitriy suggested in [1], ceph should not use mgmt network for
storage traffic.

This change makes ceph use storage network for:
- OSD<>OSD communication
- client<>OSD communication
- client<>MON communication

I think it's the most common scenario where all ceph-related traffic
uses dedicated(storage) network and do not depend on mgmt network.

This change affects both "Ceph production example" docs and AIO
environments.

[1] https://review.opendev.org/c/openstack/openstack-ansible/+/856566

Change-Id: I74387a2e961e2b8355ea6a0c889b2f5674233ebf
2022-11-11 10:45:51 +01:00
Dmitriy Rabotyagov bc5428b21d Remove usage of rsyslog roles
We've switched all services to store logs to journald by default and
rsyslog roles are not used except really small amount of usecases that
also hardly valid as of today. With that we deprecate repos and remove
their usega to reduce maintenance load.

Change-Id: Iefd4143f83f4df44b917180000a1aa57161b2811
2022-10-19 15:10:59 +02:00
Dmitriy Rabotyagov 091ae6369d Fix cinder-volume AIO ceph scenario
At the moment we don't configure cinder-volume properly to deal with
ceph scenario - LVM backend is always hardcoded even for ceph scenario.
We fix this by moving cinder_backends definition from conf.d to aio
templates. With that proper tempest test has been added to verify
cinder-volume functionality.

Change-Id: I545f4098e899ab80045c9dba03101873b80f9a6c
2022-09-27 09:03:15 +00:00
James Denton 80e8fe02ad Switch keepalived vrrp version from 2 to 3
This patch updates the keepalived vrrp_version from
2 to 3 and removes vrrp authentication.

Change-Id: Ia1b906de69be7bf623460a88758deed3ce8e22c3
2022-09-13 14:43:14 -05:00
Zuul 1736491007 Merge "Attach bmaas network to ironic_api containers" 2022-08-23 18:26:19 +00:00
Jonathan Rosser fa8150e202 Attach bmaas network to ironic_api containers
In an LXC deployment the ironic_api container runs the tftp and ipxe
service which is needed for transferring the Ironic Python Agent
to baremetal nodes as they are provisioned. It is necessary that
the ironic_api container is connected to the bmaas network for this
to work.

Change-Id: Iabd73778fbe62b9dc3ba57e73be289d416781100
2022-08-04 18:28:06 +00:00
Jonathan Rosser 8530ed089a Remove ironic_server from env.d
Nothing references this group, and it is empty in a deployment
running the ironic service

Change-Id: I66b0bd17ec8fb8404ddeef66c4f9b0f54b832b36
2022-08-04 16:03:14 +00:00
Zuul 411b701681 Merge "Add ability to define bridge type for containers" 2022-06-13 10:09:40 +00:00
Zuul a4dad524a8 Merge "Replace glance_nfs_client" 2022-06-13 10:09:37 +00:00
Dmitriy Rabotyagov 21dd4e6c5d Add ability to define bridge type for containers
This change allows to define `container_bridge_type` among provider_networks to
provide type of bridge being used (ie ovs).

Documentaion on usage will be provided in following patch.

Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/837734
Change-Id: I4f65c13a7dd16a66b2b14ae545516533f5ec69e1
2022-06-08 08:10:36 +00:00
Dmitriy Rabotyagov f40abfa2f4 Replace glance_nfs_client
We should reflect changes introduced in dependant patch for CI
to test new variable properly.

Until this patch gets merged dependant patch runs compatability
mode check (testing old glance_nfs_client). All futher checks would run
with new glance_remote_client variable defined.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/837550
Change-Id: I381752ac0bcd7faf5bbdc2d929ce2a9a0a3f1488
2022-06-08 07:56:22 +00:00
Jonathan Rosser 236b060742 Create three keystone containers when the test scenario includes 'keystone'
This patch makes the os_keystone role test create 3 keystone containers
to validate the ssh-keyspairs setup and sync of the fernet keys.

Change-Id: If51c2796a22b654c302b2a7d0941bc7bfc45760d
2022-05-28 09:01:43 +01:00
Dmitriy Rabotyagov 9bce86e4a3 [doc] Be even more explicit about lb_vip_address
Add in several places in doc mentions that lb_vip_address can also be
an FQDN, not necessarily an IP

Closes-Bug: #1971175
Change-Id: I812674728990fcbfb234db403c8ea5d4eefb6354
2022-05-17 16:51:35 +02:00
Dmitriy Rabotyagov 302c8226e6 Add galera monitoring user to secrets
Generate a password for galera_monitoring_user_password by default.

Change-Id: I07b8bb99d32d5d20dd39039a5cb43bc9bd17837c
2022-03-24 12:03:46 +01:00
Dmitriy Rabotyagov e51d4bc8c8 Rename RBD cinder backend
RBD seems to be reserved name in cinder. Once it's used as
volume type, cinder fails with [1]

We rename backend name in doc and AIO to workaround the issue

[1] https://paste.opendev.org/show/bAJR9YEYA1hRjCuMc6kU/

Closes-Bug: #1877421
Change-Id: If48096a7309c7140cd9c182d5d3175e8d827cbd6
2022-02-09 09:11:23 +02:00
Jonathan Rosser 560376396d Fix infra scenario repo server cluster
The container affinity was not set for the repo server ansible group
so only one was created, rather than 3.

To test repo server synchronisation we need 3 repo servers.

Change-Id: I3fdb94f707c9972b5ddb6d9f6fba4af92f3c4e3b
2022-01-26 16:26:38 +00:00
Jakob Englisch 58fa77fd1c Fix ceph example
ceph-mon containers require access to the storage network for proper
operation. ceph-osds seem to run on bare metal anyway, hence the
container config is unneeded

Change-Id: I843a951a59307b193e056478c097b56c1fb9d4e1
2022-01-13 12:38:12 +00:00
James Denton ebf871f65f Add Ironic-related bridges to AIO
This patchset sets the foundation for Ironic and Inspector AIO testing
by setting up respective bridges and IPs.

Change-Id: Ic92d520b86e958c2c257895af0d26db40a00503b
2022-01-11 08:59:46 -06:00
Dmitriy Rabotyagov 3c76df5f72 Reduce manila CI check memory consumption
New manila images require more then 300Mb of RAM. Otherwise
instance fail to boot with kernel panic.

Based on that we increase flavor for manila and trying to save
RAM in other places. While this works nicely for Ubuntu, CentOS
is still unhappy and needs more work.
But to unblock manila role, CentOS issue will be solved with
follow-up patch only.

Change-Id: I3a3bb59bb6ab8c5cb161e78accbbb45482e595a0
2021-12-04 19:10:39 +00:00
Dmitriy Rabotyagov 834cd874c7 [doc] Fix netplan sample
Closes-Bug: #1941012
Change-Id: I1e93c13a6f8e90c6f4b0b81622656d3b4f863cc9
2021-10-19 13:26:43 +00:00
Dmitriy Rabotyagov 3088fe2043 Deprecate os-panko role
Since upstream Panko project has retired, we deprecating role for it.

Since we might want to get some patches in for stable branches, we're
deprecating role instead of retiring it.

Change-Id: Iac98b8e09d1ee3f49c74800968e65a33547c6699
2021-07-22 20:09:51 +03:00
Dmitriy Rabotyagov 82d7c034a0 Split neutron server and neutron agent hosts
It is very common usecase when neutron-api is intended to run on
infra hosts (inside lxc containers), while neutron-agents are to run on
independent network nodes.

That was not possible by default, so env.d overrides has to be placed
to fix this behaviour. This patch brings option to do this natively
without extra override.

In the meanwhile it shouldn't break any existing depoyments as leaves
previous groups naming as is.

Change-Id: Ie9fa464561c81b503d6946a7afe4870b92790cee
2021-06-24 20:58:50 +03:00
Andrew Bonney e435ec6919 Split keepalived liveness checks for internal/external networks
If external connectivity fails, it is important that internal
services can still access an HAProxy instance. The current
defaults can cause a situation where all keepalived instances
enter the fault state despite internal connectivity being
available.

This patch splits the ping checks to allow deployments to define
a separate ping check for internal and external connectivity to
ensure that when one instance fails the other VIP remains in
operation.

Change-Id: Ideb34c43d1b1a30499cc88f28406cfa0368713ea
2021-05-06 20:36:37 +03:00
Zuul beff242ad9 Merge "Integrate cloudkitty" 2021-04-22 17:15:50 +00:00
Jonathan Herlin 77068780b2 Integrate cloudkitty
Integrate the required bits to make Cloudkitty deploy without having
to hand-pick files from the os_cloudkitty repo

Change-Id: Id191e07eab2bef84dad30e55f59fd914b0358bfe
2021-04-22 08:40:21 +02:00
Jonathan Rosser 24b8ea0ba6 Remove support for nspawn containers.
Support for nspawn was previously deprecated, and is now removed.

Change-Id: I37811d66eedf7aa781d4365024b7181ba44081bc
2021-04-20 16:59:13 +03:00
Zuul fae7f04b94 Merge "Map dbaas and lbaas with role defaults" 2021-04-19 11:45:26 +00:00
Dmitriy Rabotyagov 0637c998d7 Map dbaas and lbaas with role defaults
In octavia role default cidr is set to 172.29.232.0/22
along with all docs. So we'd better change our example
and aio build template rather then octavia role defaults.

This also affects trove, but trove role uses quite another
network in defaults then supposed to.

We also add dbaas network inside trove containers where
they should present.

Change-Id: I7ee01f50532596f27039eae6c112bb86b20c383d
2021-04-13 11:07:08 +00:00
Zuul 7d148e364d Merge "Add trove instance key into secrets" 2021-04-07 21:08:08 +00:00
Dmitriy Rabotyagov 6fce274275 Add trove instance key into secrets
Change-Id: Idb5b9f396c766ce485efed97175e0f05596c82e0
2021-04-02 15:41:49 +03:00
Jonathan Rosser 3abb80ec09 Use ansible_facts[] instead of fact variables in AIO config
See https://github.com/ansible/ansible/issues/73654

Change-Id: I155cec1e687f46800880af48276ba8709bfe59b3
2021-03-27 11:47:44 +00:00
James Denton a4c68d11a1 Add Neutron Role Testing Overrides
This patch is part of a set that implements integrated tests for metal and
lxc deployments on Ubuntu and CentOS.

Change-Id: Ie2a2c0942e32ab33043e302c76cbdea5a1416c32
2021-03-09 12:46:45 +00:00
Dmitriy Rabotyagov 973a65494b Add designate pool uuid to secrets
That UUID is supposed to be generated per deployment
instead of being hardcoded in role defaults

Change-Id: I452d23c650104b8dfe53f3477a3c3ef9c2c62b56
2021-01-21 19:18:52 +02:00
Zuul a48a52aaef Merge "Added Openstack Adjutant role deployment" 2020-12-01 00:58:11 +00:00