Commit Graph

140 Commits

Author SHA1 Message Date
Ghanshyam Mann 8325044e7a Retire Tripleo: remove repo content
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: Ib988f3b567e31c2b9402f41e5dd222b7fc006756
2024-02-24 11:41:49 -08:00
Harald Jensås 31896d86b8 Set bmc_other_ports port_security_enabled: false
We are seeing error in BMC console on some clouds:
  Error, some other host (<% MAC_ADDR %>) already uses
  address <% IP ADDR %>.

Set port_security_enabled: false on BMC other ports.

Closes-Bug: #1997561

Change-Id: I178bd5c642ac8c54c94cd854452f9bcebf697fba
2022-11-23 19:40:37 +00:00
Harald Jensås ad0b75e870 Fix indentation error chrony.conf dhcpv6-relay.yaml
The CloudConfig write_files entry fro chrony.conf is
a nested list, instead of an entry. The file does not
get written.

Change-Id: I5ff6b81c6aaf454fad93e7c2fe2ff5ac68b91261
2022-01-24 11:13:45 +01:00
Zuul 564b18f3d5 Merge "fix typos" 2021-09-24 11:21:54 +00:00
Hervé Beraud 85b8b79236 fix typos
Change-Id: Ibe68633ae840764afaf010b521f3ecbe5e189101
2021-07-06 14:39:15 +02:00
ramishra 575a83645a Fix the config_drive property in virtual_baremetal_server.yaml
An error in the last patch:/

[1] https://review.opendev.org/c/openstack/openstack-virtual-baremetal/+/793261

Change-Id: Ib08ba08fe8b7c9bec7e98f7bd0cc51653480d8ee
2021-05-28 09:09:17 +05:30
ramishra d6452234c0 Add baremetal_config_drive parameter for baremetal instances
This also sets OS::OVB::BMC to OS::Heat::None for the extra
nodes roles.

Change-Id: Ib7ac727d29012427a11ddb4dd6e51a3534d8aece
2021-05-27 20:59:36 +05:30
Harald Jensås 306ec29aec Add support to use config-drive
Add support to explicitly request config-drive
for BMC and Undercloud type instances.

NOTE: config-drive is always disabled for the
virtual barmetal intances. This is already hard
coded in virtual-baremetal-servers.yaml and
virtual-baremetal-servers-volume.yaml.

Related-Bug: #1929384
Closes-Bug: #1929419
Change-Id: I1f6454363b5d8a5c325afe194ed1484ff618f729
2021-05-24 17:14:34 +02:00
Zuul 677467cd27 Merge "Enable net.ipv6.conf.all.forwarding on dhcpv6-relay" 2020-10-15 16:56:44 +00:00
Harald Jensås f51430d1ce Enable net.ipv6.conf.all.forwarding on dhcpv6-relay
The dhcpv6-relay acts as both DHCPv6 relay and router
with radvd. Introspection and provisionin baremetal
nodes in the OVB environment fail's with connection
timeout unless net.ipv6.conf.all.forwarding is enabled.

Change-Id: Ida15d7e5c573ea09f8e6929d70901408330dc8e8
2020-10-09 22:04:36 +02:00
Harald Jensås 4dedbd95c4 Add --id support for routed network resources
Append the 'id' to router resources, and also the server
name for the dhcpv6-ralay

Change-Id: Ic72bb921f5f23acf49eb2f967e242031ae87fa94
2020-09-24 02:08:17 +02:00
yatinkarel ff4d8fa4e2 Fix type of public_net_allocation_pools
https://review.opendev.org/#/c/733598/ added support
of allocation_pools, but set type of public_net_allocation_pools
to comma_delimited_list which causes below issue because for
comma_delimited_list, list items are converted to string:-

Property error: : resources.public_subnet.properties.allocation_pools[0]:
"{'end': '10.0.0.199', 'start': '10.0.0.128'}" is not a map

We need to use type: json to get it work, this patch fixes it.

Related-Bug: #1874418
Change-Id: Iaebb297e5018ce8db6dd1f67a308e7707117fe03
2020-09-23 15:49:12 +05:30
Zuul b82dc6dfc9 Merge "Add IPv6 radvd and dhcpv6 relay support" 2020-09-14 16:24:36 +00:00
Zuul b3a214a501 Merge "Add allocation-pool support for the public_net" 2020-07-14 15:21:01 +00:00
Zuul f4008540c6 Merge "Add prefix --id support for the radvd and dhcrelay" 2020-07-12 21:51:23 +00:00
Harald Jensås ccec11f9c8 Add allocation-pool support for the public_net
TripleO CI uses 10.0.0.1 statically for the undercloud's
public interface. When using extra node in some job's
there is sometime a conflict, because the extra node get's
the 10.0.0.1 address allocated.

Adding support to define the allocation pools on the
public_net allows TripleO CI to define a pool with the
10.0.0.1 address eliminated.

A good practice would be to set up OVB to use
[{start: 10.0.0.128, end: 10.0.0.253}], and then configure
the undercloud/overcloud deployed on the OVB infrastructure
to use addresses in the range 10.0.0.1-10.0.0.127.

The parameter public_net_allocation_pools controls the
allocation pool setting, by default all addresses of the
subnet is in the pool.

Related-Bug: #1874418
Change-Id: Ieca4864e069148abb49eb709bf7f48a14ef04e77
2020-07-10 20:13:50 +00:00
Harald Jensås 6b3d7f1aaa Add prefix --id support for the radvd and dhcrelay
Add prefix support for radvd and dhcrelay instances.
Also adds missing parameters for these instances in
the sample env generator environment.

Change-Id: I86bd6b014b62c3a382458f68443cfb02ed2e7031
2020-07-08 09:45:36 +00:00
Harald Jensås dad3208384 Add undercloud public IP to quintupleo output
Add the public IP of the undercloud to the stack output
so that it's easily available to configure the public
interface on the undercloud with the correct IP statically.

Change-Id: I90ad37cc683f1640464eb7b2ccfb3ba5d107f259
Related-Bug: #1874418
2020-05-26 12:21:04 +02:00
Harald Jensås 135786a9ca Add IPv6 radvd and dhcpv6 relay support
Add a new templates to configure radvd and dhcpv6 relay.

For IPv6 routed network the radvd daemon and the dhcpv6
relay is hosted on the same instance.

Since we do not want the networks in the OVB infra to
provide any DHCP or auto configuration we cannot use
neutron routers for provisioning network routing. The
instance running dhcpv6 relay and radvd will also be
the router for the provisioning networks.

Bump template version in undercloud-networks-routed.yaml
to version 2015-10-15. Need this version to avoid error:
  'Items to join must be strings not
   {u'str_split': [u'/', u'fd12:3456:789a:3::/64', 1]}'

Change-Id: Ib95f7d7cfd3d2318ac4f4f44f22955b0c18c465e
2020-05-12 13:40:44 +02:00
Harald Jensås 7000097d2e ipv6-radvd - resolve mtu from provisioning network
Currently the advertized MTU is hardcoded to 1450.
1450 is to high in case of geneve tunnels on a net
with mtu of 1500 in the underlay.

Automatically get the mtu from the network via the
port on the provisioning network.

Change-Id: I0725b6357bda6219ca49127184f6121167f4f319
2020-05-05 19:09:10 +02:00
Harald Jensås 7576e5f16b radvd as timesever
Run chronyd as timeserver for clients on the provsioning
network. The cloud hosting OVB might not have external
IPv6 connectivity so we need a local timeserver for
OVB baremetal instances with IPv6 only.

Change-Id: I52eb326fa98c2089f6118ba4a4a575872abab2dc
2020-04-23 18:58:14 +02:00
Harald Jensås 24e7a37b7e Add radvd helper instance for ipv6 provisioning
Deploy an instance running radvd providing router
advertisement for the provisioning network.

Depends-On: https://review.rdoproject.org/r/25787
Change-Id: Ife0cbedb69001d8473141c93c1d5163694f855a5
2020-03-10 22:57:33 +00:00
Harald Jensås 6f24206102 Support ipv6 for provisioning and overcloud subnets
Add parameters to set the ip_version for the subnets.
By default ip_version for all networks are 4.

Change-Id: I1c5a001fe2ec5c4194030fdf373c0a4318cba10c
2019-07-04 14:27:41 +02:00
Ben Nemec 6210189b04 Make BMC optional
When using pre-deployed servers, you may want all of the networking
setup of OVB but don't actually need to control the instances via
IPMI. While this could already be done, it left a useless BMC
instance lying around. This change allows the BMC to be disabled
completely to clean up such environments.

Change-Id: Icd6936977684d178277ebb721a7fbb3ffad51d9a
2019-03-21 12:56:31 -05:00
Ben Nemec 0c22b330f7 Allow overriding baremetal instance names
It turns out that the instance name isn't really important for
build-nodes-json, so we can allow overriding this without breaking
anything.

Change-Id: I83e318ee710e2c815bd8a4cfa065ccb4c7253291
2019-03-21 11:46:09 -05:00
Ben Nemec 7e863598d2 Update baremetal-ports-extra-node-all
This was missed when the changes for routed-networks were made, and
it means the template doesn't work properly.

Change-Id: I7357883133c7a37687b8b13f274ff54c34abddf1
2019-02-12 16:57:57 -06:00
Ben Nemec f68d52abab Add undercloud-networks-existing template
This file was missed in the original commit to add undercloud
network configuration templates. It's essentially a noop for adding
a second undercloud-like vm to the existing networks.
2018-12-14 17:08:14 +00:00
Ben Nemec a36b6b722f Signal after bmc configuration
Instead of having Heat fire-and-forget the bmc deployment, have the
bmc explicitly signal back to Heat. This way bmc failures can be
caught at env deployment time instead of the first time the
undercloud tries to make an IPMI call.
2018-12-14 17:08:14 +00:00
Ben Nemec 247c2d02d2 Remove non-port-security templates
OVB 2.0 won't support clouds that lack the port-security extension,
so these are no longer needed.
2018-12-12 22:31:13 +00:00
Ben Nemec 4fd992b155 Remove old example env file
This hasn't been recommended as a deployment method for a while and
it won't work in OVB 2.0.
2018-12-12 21:08:08 +00:00
Harald Jensås 96a7582143 Fixed ip's for dhcp-relay provision interfaces
The IP addresses for the dhcp-relay service on the
provision networks need to be fixed. If we end up
using an address on the dhcp-relay instance that
overlaps the address range in the Undercloud's
provisioning networks we end up with conflicts.
2018-10-26 03:40:43 +02:00
Harald Jensås 6f5481816f Add external interface to routed networks provision router
When deploying TripleO overcloud nodes using the ctlplane
network as the default gateway need to reach the internet
(ntp servers etc.). Previously this was done using the
undercloud as a masquerading router, doing so when nodes
are not on the same L2 network as the undercloud is not as
straight forward. (I.e we would have to set up routes on
the provision router in ovb with a default route via the
ip-address of the undercloud.)

Hooking up the router for the provision networks to the
external_net and let the ovb infra router do the NAT'ing
makes more sense.
2018-10-24 19:18:23 +02:00
Harald Jensås caee7aeaf4 Add router on the public network to provide external access
TripleO CI currently configures an interface on the
undercloud connected to the public network and uses the
undercloud as the router for the public network. This
deviates from what a non CI deployment would.

This change adds an optional undercloud-network-public-router
template with a router on the public_net which can provide
NAT'ed external access for overcloud nodes that use External
network interface as the default route.

The undercloud-networks-routed template have the public-router
added as well.

This removes the need for undercloud to provide masqueraded
routing for the external network when these templates are
used.
2018-10-24 19:18:23 +02:00
Harald Jensås a16f379e1b Use 192.168.x.x addressing instead of 192.0.x.x addressing
192.0.x.x is non-private addresses. Since we now in some
cases care about the address ranges used in the environment
switch to use addresses in the private space 192.168.x.x.

Also minor update to doc, router addresses are no longer
dynamically allocated.
2018-10-18 11:46:16 +02:00
Harald Jensås 0bbb4f2302 Use fixed-ips for router addresses
Drop the use of allocation pools, and instead use fixed
ip's for the router addresses.

Using an allocation pool forced the use of large CIDR's
to avoid overlapping addresses.
2018-10-18 10:49:47 +02:00
Harald Jensås f4975e90ea Fix typo in Allocation pool description 2018-10-17 13:29:51 +02:00
Harald Jensås 5152b59e3a Remove unused OS::Heat::Value resource 2018-10-17 13:28:05 +02:00
Harald Jensås 2b9ee46a29 Fix dhcp_ips - param for dhcp-relay
Remove some remnants of experiments ...
2018-10-10 04:39:24 +02:00
Harald Jensås 99b51eabd7 Fix outout provision3_router
The provision3_router was getting provision2_router's address
in stack output.
2018-10-10 01:22:17 +02:00
Harald Jensås ece2b44df3 routed networks - output network environment data
Prior to routed networks the OVB workloads could use any
IP addressing, since it did not rely on any infrastructure
networking. With routed networks the workloads must use
IP addressing in the subnets in the OVB infrastructure to
enable use of the routers and dhcp_relay.

* Use allocation pool's to control the OVB infrastructure
  use of addresses in IP subnets.
* Add stack output to templates containing iformation
  about the infrastructure provisioned. I.e the addresses
  of routers in the different subnets.

Also make the dhcp_servers to which the dhcp_relay instance
will relay dhcp request to configurable.
2018-10-10 01:12:28 +02:00
Harald Jensås c1364026fa Fix a key error in _process_role() + pep8 and py27 tests
The role does not always override the network information.
Update the networks in role_env, get the network from
parameter_defaults, fallback to parameters if not set and
finally if the netwok is not in parameters set default.

Also make default for networks: in templates json instead
of literal string.
2018-10-10 01:02:09 +02:00
Ben Nemec 0818602c8e Add dhcp-relay resource
This is an instance that handles dhcp across multiple routed networks.

Co-Authored-By: Harald Jensas <hjensas@redhat.com>
2018-10-05 16:42:46 +00:00
Ben Nemec de90c9e5f5 Add routed baremetal networks template 2018-10-05 16:42:45 +00:00
Ben Nemec 1577f4c2ce Add template for routed undercloud networks 2018-10-05 16:42:45 +00:00
Ben Nemec 0ee82cd296 Abstract undercloud network creation
Doing this make it possible to override the network configuration
and deploy more/different networks.
2018-10-05 16:42:45 +00:00
Ben Nemec e8d820ae81 Add extra node template that disables port security on all ports
This allows for use of arbitrary services on the extra node, but
does require the instance to be responsible for its own firewalling.
2018-09-13 18:06:53 -05:00
Ben Nemec f0e22b7292 Add security group to extra node port security template
Without this it will be inaccessible.
2018-09-13 17:59:44 -05:00
Ben Nemec 6fd59a05d4 Revert "Remove security group from extra node port template"
This doesn't do what I thought it did, and it prevents all access
to the extra node.

This reverts commit 9f93f422c3.
2018-09-13 17:57:21 -05:00
Ben Nemec 9f93f422c3 Remove security group from extra node port template
These extra nodes are likely to need to run arbitrary services, so
it's not ideal to have a security group that only allows port 22.
Also, the floating ip version of this template doesn't have a
security group and that one actually exposes the port on an external
network, so there's no need to lock down this one that only exposes
it to the private network.
2018-09-13 16:43:24 -05:00
Sagi Shnaidman ed1f5f9196 Add security group for extra node
Allow ICMP and SSh for extra node security group.
2018-03-02 11:37:16 +00:00