The same physical network label cannot be used more than once with
Linuxbridge.
This patch standardises the label physnet1 for the flat public network
and instead uses physnet2 for the vlan project networks for
Linuxbridge.
Change-Id: Ie42b995c93e081d484fc177fb665802950335c50
Previously this was either 'vlan' or 'flat' depending on the external
network type, and there were also cases when the name and type were
mismatched - particularly when the flat network was untagged traffic
on a vlan bridge.
This patch removes that confusion and always names the external
network 'physnet1' to align with the upstream neutron examples.
Change-Id: I3cd8b93b42777b787552051bcdc9a90347f1e03d
At the moment there is no well defined way to supply list of extra Python
requirements for Ansible venv. However, some collections for their work might
require presence of extra libraries inside the execution environment.
While PIP_OPTS might be used right for that, it's usage is not transparent
or documented.
In order to handle such need, `user-ansible-venv-requirements.txt ` is being implemented
that reside inside OSA_CONFIG_DIR and contains list of required packages
for installation when running bootstrap-ansible.sh
Change-Id: Ic99f7eff200e2e672dcc3edd875b155af84232b7
As of today we do support very powerful set of overrides for roles,
collections and environment variables that are not widely used or known
by deployers.
This patch aims to add some example files to sample openstack_deploy
folder to raise awareness about existence of these files.
Change-Id: I3940f5277c7d5a26c2686382758507c19b0c815d
This should be br-lbaas not br-octavia. There is no coverage for
this in CI tests as the role tests run without containers.
Change-Id: I3ac3bfce67bc614c72dec0a6a57a7df7717e0e8e
This patch aims to reduce confusion caused by a variable
`container_address` that's applicable for bare metal hosts. With that
it renames `is_container_address` to `is_management_address`
to be aligned with the purpose of the variable, as `container` part
raised confusion.
Change-Id: I314224f3376cf91e05680b11d225fdaf81ec32ab
The main purpose of that patch is to allow creation of "virtual"
container_skel, that will not generate any containers in inventory,
but will contain all containers of corresponsive hosts. That might be
useful in usecases like AZs, or when deployer simply wants to create
custom groups and include all bare metal hosts along with all
containers on them to the same group. Such behaviour can be triggered
when empty belongs_to is provided for container_skel along with is_nest
property. Then container_skel item will contain host-containers and it's
children.
Change-Id: Ic5570bfe9f0f54d1ea1e067834c11e6c390a2686
This patch uses the certbot functionality to issue a certificate
from a locally installed ACME server on the AIO node, when the
string 'stepca' appears in the scenario.
This allows testing of the certbot code in the haproxy role and the
wider integration with Openstack-Ansible to be tested in CI jobs.
Change-Id: Ide769f54505898630aae67e25b238624ba4f4fdb
The deployment of etcd as a service on the control plane is no
longer needed as calico was the only user of this.
The etcd-server role remains in our requirements as it is used
internally as part of the Zun playbook.
Change-Id: I2a158fd2b85ec0e637071ed4ef7c123a6583ecc0
It seems that we have dropped unit testing of our dynamic_inventory
some time ago. This patch aims to setup zuul tests using tox
and restore test functionality to make it passing with current codebase
Change-Id: I8ccee779fd629e8696ec2e12397b148b52cd0c73
This validates that the ssh_keypairs role is able to correctly
set up the fernet key sharing rsync between multiple keystone
instances.
Change-Id: Ief28ee62ff76a48b126de8b70a7a1ef8f610f2e1
This patch updates the aio openstack_user_config template to
use the OVN/OVS style provider network definition for Trove
testing.
Change-Id: I864584e213d8a6a50e0f0b1003be34b0e392dd6e
Zookeper is being added as a coordination backend which is
required for some service features to work properly.
Change-Id: I2d464ae339f057ea4ba08bd343b6a51c029a74f3
With current "Ceph production example" the difference between ceph's
public and storage network is not clear.
We assign Storage Network to compute nodes, but it's not used there.
We also asign Storage Network to ceph monitors, but it's not used there
as well.
Same problems apply to AIO environment.
As Dmitriy suggested in [1], ceph should not use mgmt network for
storage traffic.
This change makes ceph use storage network for:
- OSD<>OSD communication
- client<>OSD communication
- client<>MON communication
I think it's the most common scenario where all ceph-related traffic
uses dedicated(storage) network and do not depend on mgmt network.
This change affects both "Ceph production example" docs and AIO
environments.
[1] https://review.opendev.org/c/openstack/openstack-ansible/+/856566
Change-Id: I74387a2e961e2b8355ea6a0c889b2f5674233ebf
We've switched all services to store logs to journald by default and
rsyslog roles are not used except really small amount of usecases that
also hardly valid as of today. With that we deprecate repos and remove
their usega to reduce maintenance load.
Change-Id: Iefd4143f83f4df44b917180000a1aa57161b2811
At the moment we don't configure cinder-volume properly to deal with
ceph scenario - LVM backend is always hardcoded even for ceph scenario.
We fix this by moving cinder_backends definition from conf.d to aio
templates. With that proper tempest test has been added to verify
cinder-volume functionality.
Change-Id: I545f4098e899ab80045c9dba03101873b80f9a6c
In an LXC deployment the ironic_api container runs the tftp and ipxe
service which is needed for transferring the Ironic Python Agent
to baremetal nodes as they are provisioned. It is necessary that
the ironic_api container is connected to the bmaas network for this
to work.
Change-Id: Iabd73778fbe62b9dc3ba57e73be289d416781100
We should reflect changes introduced in dependant patch for CI
to test new variable properly.
Until this patch gets merged dependant patch runs compatability
mode check (testing old glance_nfs_client). All futher checks would run
with new glance_remote_client variable defined.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/837550
Change-Id: I381752ac0bcd7faf5bbdc2d929ce2a9a0a3f1488
This patch makes the os_keystone role test create 3 keystone containers
to validate the ssh-keyspairs setup and sync of the fernet keys.
Change-Id: If51c2796a22b654c302b2a7d0941bc7bfc45760d
Add in several places in doc mentions that lb_vip_address can also be
an FQDN, not necessarily an IP
Closes-Bug: #1971175
Change-Id: I812674728990fcbfb234db403c8ea5d4eefb6354
RBD seems to be reserved name in cinder. Once it's used as
volume type, cinder fails with [1]
We rename backend name in doc and AIO to workaround the issue
[1] https://paste.opendev.org/show/bAJR9YEYA1hRjCuMc6kU/
Closes-Bug: #1877421
Change-Id: If48096a7309c7140cd9c182d5d3175e8d827cbd6
The container affinity was not set for the repo server ansible group
so only one was created, rather than 3.
To test repo server synchronisation we need 3 repo servers.
Change-Id: I3fdb94f707c9972b5ddb6d9f6fba4af92f3c4e3b
ceph-mon containers require access to the storage network for proper
operation. ceph-osds seem to run on bare metal anyway, hence the
container config is unneeded
Change-Id: I843a951a59307b193e056478c097b56c1fb9d4e1
This patchset sets the foundation for Ironic and Inspector AIO testing
by setting up respective bridges and IPs.
Change-Id: Ic92d520b86e958c2c257895af0d26db40a00503b
New manila images require more then 300Mb of RAM. Otherwise
instance fail to boot with kernel panic.
Based on that we increase flavor for manila and trying to save
RAM in other places. While this works nicely for Ubuntu, CentOS
is still unhappy and needs more work.
But to unblock manila role, CentOS issue will be solved with
follow-up patch only.
Change-Id: I3a3bb59bb6ab8c5cb161e78accbbb45482e595a0
Since upstream Panko project has retired, we deprecating role for it.
Since we might want to get some patches in for stable branches, we're
deprecating role instead of retiring it.
Change-Id: Iac98b8e09d1ee3f49c74800968e65a33547c6699
It is very common usecase when neutron-api is intended to run on
infra hosts (inside lxc containers), while neutron-agents are to run on
independent network nodes.
That was not possible by default, so env.d overrides has to be placed
to fix this behaviour. This patch brings option to do this natively
without extra override.
In the meanwhile it shouldn't break any existing depoyments as leaves
previous groups naming as is.
Change-Id: Ie9fa464561c81b503d6946a7afe4870b92790cee
If external connectivity fails, it is important that internal
services can still access an HAProxy instance. The current
defaults can cause a situation where all keepalived instances
enter the fault state despite internal connectivity being
available.
This patch splits the ping checks to allow deployments to define
a separate ping check for internal and external connectivity to
ensure that when one instance fails the other VIP remains in
operation.
Change-Id: Ideb34c43d1b1a30499cc88f28406cfa0368713ea
Integrate the required bits to make Cloudkitty deploy without having
to hand-pick files from the os_cloudkitty repo
Change-Id: Id191e07eab2bef84dad30e55f59fd914b0358bfe
In octavia role default cidr is set to 172.29.232.0/22
along with all docs. So we'd better change our example
and aio build template rather then octavia role defaults.
This also affects trove, but trove role uses quite another
network in defaults then supposed to.
We also add dbaas network inside trove containers where
they should present.
Change-Id: I7ee01f50532596f27039eae6c112bb86b20c383d
This patch is part of a set that implements integrated tests for metal and
lxc deployments on Ubuntu and CentOS.
Change-Id: Ie2a2c0942e32ab33043e302c76cbdea5a1416c32