Age | Commit message (Collapse) | Author | Files | Lines |
|
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug: 1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
(cherry picked from commit 61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
|
|
To enable per-node override of bind IPs via the per-role
ExtraConfig paramaters, we need to enable hiera interpolation
that references the keys defined in NetIpMap, so we add them
to the hieradata. To minimise the risk of any conflicts in
keynames it's added near the bottom of the hierarchy, but
I'm not aware of any conflicting names in our templates/modules.
This will allow per-node hieradata override of bind IPs e.g:
parameter_defaults:
ComputeRack1ExtraConfig:
nova::vncproxy::host: "%{hiera('rack1_internal_api')}"
ComputeRack2ExtraConfig:
nova::vncproxy::host: "%{hiera('rack2_internal_api')}"
Closes-Bug: #1726884
Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad
(cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
|
|
In case of an OSP upgrade, some of the roles may require
the reconfiguration of network via os-net-config, especially
with roles having DPDK nics. In order to facilitate this
configuration per role, the THT parameter
'NetworkDeploymentActions' is made role specific.
Change-Id: I17a1812cf9e1c60fb893bf36dc99ab3ec5fc7250
(cherry picked from commit 88711c3b800257f6b333157eb3dfc8f4e7003a46)
|
|
The changes in puppet/role.role.j2.yaml should have been made
to overcloud.j2.yaml, because we don't want the hard-coded reference
to the deprecated name in the parent template. Note we need to
pass this value from the parent template so the %index% substitution
works, which is required for predictable placement via *SchedulerHints
Partial-Bug: #1711656
Change-Id: Ided1802daac48d737f53caa7093df814ba101dd0
(cherry picked from commit c6207379db07544240b699ba000537b58d9fb68f)
|
|
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
|
|
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.
Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
|
|
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
|
|
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.
Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug: 1700664
|
|
This is currently included in the controller-role template, so we need
to add it to the generic role.role.j2.yaml in order to convert the
controller-role template to be rendered via j2
Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd
Partially-Implements: blueprint composable-networks
|
|
To enable backwards compatibility with rendering the controler-role
template add this deprecated parameter for all roles - we should
remove this in a future release after the tripleoclient warnings re
deprecated parameters are available.
Change-Id: Icce93a4109191609848ca216c946a32663753b93
|
|
|
|
There is a Heat patch posted (via Depends-On) that resolves the issue
that caused this to be reverted. This reverts the revert and we need to
make sure all the upgrades jobs pass before we merge this patch.
This reverts commit 69936229f4def703cd44ab164d8d1989c9fa37cb.
Closes-Bug: #1699463
implements blueprint disable-deployments
Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
|
|
Add a new output, DeployedServerEnvionmentOutput, that can be used as
the contents of an environment file to input into a services only stack
when using split-stack. The parameter simplifies the manual steps needed
to deploy split-stack.
By default, the resource that generates the output is mapped to
OS::Heat::None.
implements blueprint split-stack-default
Change-Id: I6004cd3f56778f078a69a20e93a0eba0c574b3db
|
|
Render all per-network resources and interfaces via j2 to enable
future support for custom networks via network_data.yaml
Note this doesn't enable custom networks for the built-in roles
as we skip j2 rendering for them, this will be resolved by converting
them to use the generic role template instead of the hard-coded
ones listed in the j2_excludes.yaml.
Depends-On: I18fa3829ff38ac200550d8e36bbe334c0005da22
Change-Id: I49565f9389f3ec9aef4861e23a3bed64a85501e6
Partially-Implements: blueprint composable-networks
|
|
Currently we only consume the name with a special-case
for the disable constraints boolean, but it will be more
flexible if we consume the whole roles_data mapping for
each role, so that e.g composable networks and other
per-role customizations can be expressed in these
templates
Partially-Implements: blueprint composable-networks
Depends-On: Id1249b78b3dd87e91d572ffa31b7a541f3cde2c7
Change-Id: I355534ec456479944f66106e957404a660d8f2d2
|
|
I471037de35e7f349d900462ec3ffb16fe2d6ebd9 accidentally removed the
default from the RoleParameters parameter. This change just puts
it back.
Change-Id: I29b472897e07229715fc2fea3b55e90473eb0069
|
|
|
|
|
|
|
|
|
|
This change uses the NeutronPhysicalBridge parameter on all roles,
rather than hard-coding the "br-ex" name. Previously, there were
different parameters for controller and compute roles, but since
we use a unified bridge name with OVS, this is unnecessary.
Change-Id: I6d9189404fae67bcc33ddc2ba3ce1b0385dd989d
Closes-bug: 1669130
|
|
|
|
DPDK has to be enabled on openvswitch on the boot before
configuring the network as when the network uses DPDK ports
OvS should be ready to handle DPDK. Enabled DPDK via
PreNetworkConfig by checking if ServiceNames contains
DPDK service.
Implements: blueprint ovs-2-6-dpdk
Closes-Bug: #1654975
Depends-On: I83a540336c01a696780621fb2b39486a6abf0917
Change-Id: I7af4534d91e67c94ba559b78b9ac6a001e639db3
|
|
|
|
This reverts commit d6c0979eb3de79b8c3a79ea5798498f0241eb32d.
This seems to be causing issues in Heat in upgrades.
Change-Id: I379fb2133358ba9c3c989c98a2dd399ad064f706
Related-Bug: #1699463
|
|
Change-Id: I4d6a8b53bf07892ba4ae2579f192dc21297ad110
Closes-Bug: #1699026
|
|
|
|
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for
blacklisting servers from triggered Heat deployments.
This commit adds that functionality to the remaining Deployments in
tripleo-heat-templates for the ExtraConfig interfaces.
Since we can not (should not) change the interface to ExtraConfig, Heat
conditions are used on the actual <role>ExtraConfigPre and
NodeExtraConfig resources instead of using the actions approach on
Deployments.
Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
|
|
The DeploymentSwiftDataMap parameter is used to set the
deployment_swift_data property on the Server resoures. The parameter is
a map of role names and node indexes to Swift container and object names
to be used for storing deployment data.
The parameter allows for using predefined Swift objects for storing
deployment data instead of container/object names with generated uuid's
from Heat.
implements blueprint split-stack-default
Depends-On: Ia07e9374a4b95bd0e74fc47fb9df4bf6ad096715
Change-Id: I471037de35e7f349d900462ec3ffb16fe2d6ebd9
|
|
Adds a new output, ServerOsCollectConfigData, which is the
os-collect-config configuration associated with each server resource.
This can be used to [pre]configure the os-collect-config agents on
deployed-server's.
Having the data available as a stack output is more user friendly than
having to query several nested levels of stack resources, and then
inspect resource metadata.
implements blueprint split-stack-default
Change-Id: Iaf062f1a72e2a9e4d97f84c67f72408a6b5cebfc
Depends-On: I8acfd67cd8138d587cc362184c84a08134bf3157
|
|
First, this parameter must match what is configured on the
undercloud, so strengthen that language.
There is also now an undercloud.conf parameter that can be used to
set the requisite options on the undercloud services, so just point
users at that rather than trying to explain how to configure the
services manually (which is error-prone and doesn't survive
undercloud updates).
Change-Id: I002cce176e3430473a29e79efde3464bddb24cc7
|
|
|
|
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for
external, internal_api, storage, storage_mgmt, tenant, management, and
ctrlplane. When this was moved into THT, we accidently dropped external
which leads to deployment failures if a service is moved to the external
network and the configuration consumes the fqdn_external hiera key.
Specifically this is reproduced if the MysqlNetwork is switch to to
exernal, then the deployment fails because the bind address which is set
to use fqdn_external is blank.
Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1
Closes-Bug: #1697722
|
|
Existing host_config_and_reboot.role.j2.yaml is done in ocata to
configure kernel args. This can be enhanced with use of role-specific
parameters, which is done in the current patch. The earlier method is
deprecated and will be removed in Q releae.
Implements: blueprint ovs-2-6-dpdk
Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
|
|
|
|
Instead of using the Heat condition directly on the Deployment
resources, use it to set the action list to an empty list when the
server is blacklisted.
This has a couple advantages over the previous approach in that the
actual resources are not deleted and recreated when servers are added
and removed from the blacklist.
Recreating the resources can be problematic, as it would then force the
Deployments to re-run when a server is removed from the blacklist. That
is likely not always desirable, especially in the case of
NetworkDeloyment.
Additionally, you will still see the resources for a blacklisted server
in the stack, just with an empty set of actions. This has the benefit of
preserving the history of the previous time the Deployment was
triggered.
implements blueprint disable-deployments
Change-Id: I3d0263a6319ae4871b1ae11383ae838bd2540d36
|
|
Replace the multiple SoftwareDeployment resources with a common
playbook that runs on all roles, consuming the configuration data
written via the HostPrepAnsible tasks.
This hopefully simplifies things, and will enable re-running the
deploy steps for minor updates (we'll need some way to detect
a container should be replaced, but that will be done via a
follow-up patch).
Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
|
|
Adds the ability to blacklist servers from all SoftwareDeployment
resources. The servers are specified in a new list parameter,
DeploymentServerBlacklist by the Heat assigned name
(overcloud-compute-0, etc).
implements blueprint disable-deployments
Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
|
|
Master is now the development branch for pike
changing the release alias name.
Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
|
|
|
|
At scale, having the os-collect-config instances all check in at the
same time can cause performance problems. This change enables splay and
sets it to a default maximum random sleep of 30 seconds prior to the
os-collect-config polling.
Change-Id: Iab8b51f4e5fb4727b8aa7e081f5cbfcbf11f7fcb
Depends-On: I88f623c9e8db9ed4a186918206a63faec8f7f673
Closes-Bug: #1677314
|
|
|
|
|
|
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
verification is vulnerable to a MITM attack.
Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
|
|
The server resource type, OS::TripleO::Server can now be mapped per role
instead of globally. This allows users to mix baremetal
(OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server
resources in the same deployment.
blueprint pluggable-server-type-per-role
Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
|
|
Adds some missing name properties on deployment resources where they
were lacking. It's convention in TripleO that all the deployment
resources have the name property set.
Change-Id: I6464b099e725f8469163c887676d56d769e2f9b1
|
|
Prior to https://review.openstack.org/#/c/271450/ os-net-config was
applied via os-refresh-config directly, which meant that even though
UpdateDeployment and NetworkDeployment can be created concurrently,
we'd always do the os-net-config step first.
However now that we apply both steps via scripts (which are both handled
via the same heat-config hook) we should add an explicit dependency to
ensure the network is always fully configured before attempting to run
any update. This should avoid the risk of e.g running an update on
initial deployment before the network connectivity to access yum repos
is in place.
Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7
Related-Bug: #1666227
|
|
This adds the UpgradeInitCommonCommand for newton..ocata common
UpgradeInit commands. This comes before the ansible upgrade steps
so we need to do things like remove the old newton hieradata and
install the ansible-pacemaker module and ansible heat-agent plugin
This defaults to '' and is set in the major-upgrade-composable-steps
and unset in the major-upgrade-converge environment files.
Change-Id: I0c7a32194c0069b63a501a913c17907b47c9cc16
|
|
Found this today when rebasing the undercloud installer.
The puppet/role.role.j2.yaml Yaml has an invalid get_resource reference
that causes a cryptic heat stack failures.
Change-Id: Icfb7d73a1c4d02213b23a427605f2b0d5eaa984f
|
|
|