Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch adds the support to containerize OVN services for the
base profile.
OVN db servers do not support active-active mode yet. It does support
master-slave mode supported through pacemaker, which will be supported
in a later patch.
Presently the tripleo container framework doesn't allow to start a
container in only controller 0 (or bootstrap node). OVN db servers and
ovn-northd are started on all the controllers, but only the OVN db
servers running in the boot strap controller are configured to listen
on the tcp ports 6641 and 6642. OVN neutron mechanism driver
and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers.
Haproxy configures all the controllers as back ends, but only OVN db
servers running on controller 0 respond since only they are configured
properly.
The OVN containers running on other controller nodes do not interact
any way, but are wasteful resources.
This patch also adds the scenario007-multinode-containers CI template.
Partial-bug: #1699085
Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a
(cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
|
|
|
|
Bind mounts the necessary certs and keys to enable live migrations
using TLS.
bp tls-via-certmonger-containers
Depends-On: I26a7748b37059ea37f460d8c70ef684cc41b16d3
Change-Id: I81efa85d916823f740bf320c88a248403743a45b
|
|
|
|
This is required for t-h-t to generate the appropriate hieradata.
Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1712328
|
|
|
|
|
|
|
|
|
|
This is working, so we add it to the list.
bp tls-via-certmonger-containers
Change-Id: Ib545d4e6c130b73b4921eb9b6325d2e8d6ff1e2c
|
|
bind mount the certificates needed for TLS.
bp tls-via-certmonger-containers
Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
|
|
|
|
Add a docker service template to provide containerized services
logs rotation with a crond job.
Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers
and to all environments among with generic services like Ntp or Kernel.
Set it to OS::Heat::None for non containerized environments and
only enable it to the environments/docker.yaml.
Closes-bug: #1700912
Change-Id: Ic94373f0a0758e9959e1f896481780674437147d
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
ceph-ansible will take care of setting up client keys both
in ceph and on client side. It will also create filesystem
for manila. To assure that manila manifest can work in future
both with puppet and with ceph-ansible, creation of filesystem
is moved to ceph-mds manifest and creation of manila key on ceph
side is moved to ceph-base (so manila key is always created),
manila key is added to ceph-external for external ceph deployments.
Key creation is removed from manila.pp in patch
I2b5567a39ac8737e80758b705818cc1807dc8bf1
Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68
Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
|
|
|
|
Bind mounts and adds the appropriate permissions for the cert and
key that's used for TLS.
bp tls-via-certmonger-containers
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
|
|
|
|
|
|
|
|
|
|
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from
eventlet, however we need to continue running the eventlet service as
it is required for the nova metadata api.
However this should be tied to the OS::TripleO::Services::NovaMetadata
service, so duplicate the required config in nova-metadata.yaml.
Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd
Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727
Closes-bug: #1711425
|
|
|
|
|
|
Previously what we've been doing with setup_docker_host.sh can now be
achieved with host_prep_tasks, and we can free up the NodeUserData
interface for other use cases.
Closes-Bug: #1711387
Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
|
|
Creating a sample environment generator configuration to generate basic
environment files for the following architectures:
* Monolithic HA (3 Controller, 3 Compute, 1 Ceph)
* Monolithic Non-HA (1 Controller, 1 Compute, 1 Ceph)
* Standalone (3 Controller, 3 Database, 3 Messaging, 2 Networker,
1 Compute, 1 Ceph)
Change-Id: Id0b967d3b2356f38a51e1028b2dccc122d59888c
Related-Blueprint: example-custom-role-environments
|
|
This change adds a new define for cinder::backend::dellemc_unity.
Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80
Implements: blueprint dellemc-unity-cinder
|
|
Most nova services are working with TLS everywhere, so they can be
added to the environment.
The compute and libvirt services are still pending.
bp tls-via-certmonger-containers
Change-Id: I80745fff5fbd9a6ccd701c1d154b38ad41b0cc3c
|
|
Since nova-compute is not containerized with TLS yet, using containerized
iscsid causes errors when trying to spawn a VM with a volume. Since
the path is different in this case.
I will re-add iscsid to this environment once nova-compute is
containerized with TLS.
bp tls-via-certmonger-containers
Change-Id: Ida87b187e56ae852c5a4ef6f78cc04a0870fe3f4
|
|
|
|
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role
will already be in the Ansible inventory but this change provides
a way pass their parameters to ceph-ansible.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
|
|
|
|
|
|
This file is generated and needs to be manually maintained. It
would be better for users who want to deploy latest directly from
docker hub to generate it locally by running:
openstack overcloud container image prepare \
--namespace tripleoupstream \
--tag latest \
--env-file docker-centos-tripleoupstream.yaml
The documentation and CI are being updated to use prepare.
Change-Id: I86503f1076459ae9d84a34e649a6097cba10fa3c
Closes-Bug: #1696598
|
|
|
|
Bind mounts and adds the appropriate permissions for the cert and
key that's used for TLS.
bp tls-via-certmonger-containers
Change-Id: I7fae4083604c7dc89ca04141080a228ebfc44ac9
|
|
This bind mounts the certificates if TLS is enabled in the internal
network. It also disables the CRL usage since we can't restart haproxy
at the rate that the CRL is updated. This will be addressed later and
is a known limitation of using containerized haproxy (there's the same
issue in the HA scenario). To address the different UID that the certs
and keys will have, I added an extra step that changes the ownership
of these files; though this only gets included if TLS in the internal
network is enabled.
bp tls-via-certmonger-containers
Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
|
|
After 483293 commit is merged, major-upgrade-composable-steps.yaml file
is pointing to the wrong location deployment, which is now under
common/ folder.
Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
|
|
In commit I77650be5f04775a72e2bdf694f93988825a84b72
neutron ovs mechanism driver can bind direct port
with ovs SR-IOV hardware offload feature. currently both
feature can't co-exist together. To allow ovs and
sriovnicswitch to still work together, sriovnicswitch
should be before openvswitch.
Change-Id: Id19d65715d40d64f041bfe219afff98876fd7766
|
|
|
|
|
|
|
|
If we consolidate these we can focus on one implementation (the new ansible
based one used for docker-steps)
Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546
Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
|
|
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
|
|
The non-containerized version will run over httpd [1], and for the
containerized TLS work, it is needed in the container version as well.
[1] Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
bp tls-via-certmonger-containers
Depends-On: I1c5f13039414f17312f91a5e0fd02019aa08e00e
Change-Id: I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7
|
|
|
|
|
|
|
|
In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2
templating to render the networks. This change aims at doing so for the
IPv6 network isolation environment.
Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21
|