Age | Commit message (Collapse) | Author | Files | Lines |
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a
/etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct
bind-address option.
In this change we make sure that the DB URIs will point to the added
file and to the specific section containing the necessary bind-address
option. We do introduce a new MySQLClient profile which will hold all
this more client-specific configuration so that this change can fit
better in the composable roles work. Also, in the future it might
contain the necessary configuration for SSL for example.
Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist
(because it is created via the mysqlclient profile), things keep on
working as usual and the bind-address option simply won't be set, which
has no impact on hosts where there are no VIPs.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12
Related-Bug: #1643487
Closes-Bug: #1663181
Closes-Bug: #1664524
Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
|
|
This is similar to the bootstrap for CentOS, except we don't set SELinux
to permissive on RHEL.
Change-Id: I52b8fa017ee2821d2fa91e5ec806a55fcb92566d
Partially-implements: blueprint split-stack-software-configuration
|
|
|
|
|
|
|
|
Add support to deploy Nova Placement API service in TripleO.
Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
|
|
Update pending templates to use the release name alias.
Change-Id: I39f9be212d3e9f3bec6f45d9757eca7a3b0ccc06
|
|
Glance registry is not required for the v2 of the API and there are
plans to deprecate it in the glance community.
Let's remove v1 support since it has been deprecated for a while in
Glance.
Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84
Co-Authored: Flavio Percoco <flaper87@gmail.com>
Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
|
|
The DeployedServerPortMap parameter actually joins the hostname and
network name with a dash, not an underscore. This commit just fixes the
template description for documentation purproses.
Change-Id: Iea874e090bc615fd56b07e327465d093bcb0df9c
|
|
Adds an environment file, template, and script that can be used to do
initial bootstrapping of deployed servers during NodeExtraConfig. It is
meant to install and configure the initial dependencies needed to apply
the rest of the OpenStack configuration via Heat.
Enabling yum repos and installing the initial python-heat-agent package
would still have to be manual steps when using this environment. But the
goal is to keep those manual steps to a minimum and automate as much as
possible in deployed-server-bootstrap.sh.
Along with setting EnablePackageInstall: True, this could eventually
replace bootstrap-overcloud-full.sh from tripleo-ci.
Partially-implements: blueprint split-stack-software-configuration
Change-Id: I6be94604a46382e6288df1b36b9de8fab58696cc
|
|
Custom role names need to be used in the deployed server role files,
otherwise the new customized roles are not generated by jinja since the
default roles are excluded from templating in j2_excludes.yaml.
This patch also removes the OS::TripleO::Services::Core service that was
recently removed from the default Controller role as well in
I48cd2b6a4593d673d5883b45feae088392e7e713
Partially-implements: blueprint split-stack-software-configuration
Change-Id: I60cb60382d472cd093f07e134245f666029f3b16
|
|
In Newton, the ctlplane port on deployed-server was called
<hostname>-ctlplane-port. When this code was refactored in
I29fbc720c3d582cbb94385e65e4b64b101f7eac9, the -port suffix was dropped
in favor of <hostname>-<network> convention, and the port resource was
created directly in deployed-server.yaml instead of in a nested stack.
Both of those changes were backwards incompatible -- making it
impossible to upgrade to the new version of deployed-server.yaml without
the ctlplane port getting deleted/recreated, which causes a change in IP
address. The IP address change causes services to be misconfigured on
upgrade attempts.
Change-Id: I45991b60a151abf3c5e4d05a3aa7246b2d25ac5a
|
|
When using get-occ-config.sh during overcloud upgrades, the script could
potentially be started before the stack has been upgraded. In that
scenario, the script will return null for the request metadata url for
the deployed-server resource since the stack has not yet been updated
and it's still using the previous Heat signaling.
This patch updates the script to just continue checking the resource
metadata if the request url is null. Eventually, once the resource has
been updated, the script will continue and properly populate the
os-collect-config configuration.
Change-Id: I9db54d8ad278715f42b768edf8f0fd21998b2098
|
|
The commands specified by UpgradeInitCommand need to be run before
InstanceIdDeployment in deployed-server.yaml, otherwise the upgrades
hang with the resource in progress. This is because the new
python-heat-agent-apply-config has not yet been installed on the
deployed server.
Adding the UpgradeInitCommand (and corresponding
SoftwareConfig/SoftwareDeployment to apply it) will cause the new repos
and python-heat-agent-* rpm's to be installed before
InstanceIdDeployment.
An open question is whether or not Heat should even be triggering the
InstanceIdDepoyment to IN_PROGRESS on upgrade when only the group is
changing from os-apply-config to apply-config. If that turns out to be a
Heat bug, then this patch wouldn't be necessary.
Change-Id: I9d87f995744415b110a7d0bca8d2309d7167148c
|
|
Removed redundant 'the'
Change-Id: I4cfeb93738979e95ff00ee6760689be3410b373d
|
|
Adds a custom roles data file for use when using the deployed-server
templates. The file takes care of setting disable_constraints: True, so
that deployers don't have to do things like create fake images in
glance.
Also adds a comment to roles_data.yaml documenting disable_constraints.
Partially-implements: blueprint split-stack-software-configuration
Change-Id: I7c26c0c2851e0d6bcea42d7af7f4295a1944ec9f
|
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
|
|
|
|
|
|
This patch swaps out the noop ctlplane port for a more
proper fake neutron port stack. This stack is a swap
in for the OS::Neutron::Port heat resource and can be
controlled via the DeployedServerPortMap parameter.
By relying on <hostname>-<network> naming conventions in the
map we can map IPs to specific servers without using the
Neutron API. This will allow us to inject IP information
into the Heat stack within the new t-h-t undercloud installer
which currently does not run a Neutron service.
Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
|
|
|
|
This patch updates the deployed-server interface to use a
simple hostname -s. The previous hostnamectl --transient
can pick up extra domain name configuration in some cases
that can cause very odd hostname generation if used
with the tripleo-heat-template host file generation.
This would actually break the new undercloud t-h-t installer
in that some of the /etc/hosts entries would be invalid
(no IP address) due to substring replacements failing in
a variety of odd hostname situations. Simplifying the
hostname of deployed servers to just the short version seems
the most sensable way to avoid all this.
Change-Id: Ia7e636d021f948ea5234475cef02f666d8ce6999
|
|
The new DeployedServer resource in Heat will provide a native resource
for Server resources that are not orchestrated via Nova. This will allow
associating SoftwareDeployment's with servers that have not been
launched with Nova with Heat directly.
With the new resource, all of the SoftwareConfigTransport methods are
available, including POLL_TEMP_URL. This patch also updates the
get-occ-config.sh script to configure the requests collector in
os-collect-config.conf on the deployed servers.
Change-Id: I4b80421088acca709fe3f92741c5c052be483131
Partially-implements: blueprint split-stack-software-configuration
Depends-On: I07b9a053ecd3ef4411b602bbc6ef985224834cf8
|
|
|
|
Updates the get-occ-config.sh script used with the deployed-server
environment to support custom roles. Any custom role name, and a
corresponding set of hosts (ip addresses or hostnames) can now be passed
to the script and it will query for the proper nested stack uuid's and
configure os-collect-config appropriately on the respective nodes.
Change-Id: I8fc39e6d18cd70ff881e2a284234b26261018d67
|
|
The name output returned by this template is expected to be the short
name rather than a FQDN. Generally 'hostnamectl --static' returns a
FQDN and --transient will be the short name.
This change switches to using --transient and also simplifies the
script by dropping the unused outputs.
Change-Id: I19eaf9f66668f7e68765bad4018c0c60314f3f8f
|
|
This patch switches the deployed-server.yaml template to use
apply-config instead of os-apply-config. The 'apply-config' hook
is now installed via a package (no longer requires elements for
installation) and supports more signalling options.
This is required to support the undercloud installer which doesn't work
with os-collect-config heat metadata.
Change-Id: I7963fe4f38e8f04c9871fe651d39efec1aa17c41
|
|
The modern openstack equivalent heat commands require no awk and will
be slightly more efficient.
The roles variable is optionally populated by OVERCLOUD_ROLES so that
a subset of roles can be specified.
Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
|
|
This patch makes it possible to set
OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None
in your resource_registry and thereby avoid the creation of
a neutron port for the deployed server. This is useful if
you are bootstrapping things in an environment without
Neutron.
Also, includes a new deployed-server-noop-ctlplane.yaml
environment file.
Change-Id: I2990dc816698e0f6e3193a8fc7c9c6767c6e50e5
|
|
This script will sometimes fail with "you must have a tty to run sudo"
depending on how it was executed. Add -tt to the $SSH_OPTIONS to always
force a tty.
Change-Id: Ic1144b9ba90d4af35db826a78e637da965569841
Closes-Bug: #1606544
|
|
This patch provides a set of templates that enables
tripleo-heat-templates to be used with a set of already deployed,
installed, and running servers. In this method, Nova and Ironic are not
used to deploy any servers.
This approach is attractive for POC deployments where dedicated
provisioning networks are not available, or other server install methods
are dictated for various reasons.
There are also assumptions that currently have to be made about the software
installed on the already deployed servers. Effectively, they must match the
standard TripleO overcloud-full image.
Co-Authored-By: Steve Hardy <shardy@redhat.com>
Change-Id: I4ab1531f69c73457653f1cca3fe30cc32a04c129
|