diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..e9a948a0d --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @stackhpc/kayobe diff --git a/.github/workflows/tag-and-release.yml b/.github/workflows/tag-and-release.yml new file mode 100644 index 000000000..7180b59e7 --- /dev/null +++ b/.github/workflows/tag-and-release.yml @@ -0,0 +1,11 @@ +--- +name: Tag & Release +'on': + push: + branches: + - stackhpc/xena +permissions: + contents: write +jobs: + tag-and-release: + uses: stackhpc/.github/.github/workflows/tag-and-release.yml@main diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml new file mode 100644 index 000000000..8713f0e02 --- /dev/null +++ b/.github/workflows/tox.yml @@ -0,0 +1,7 @@ +--- +name: Tox Continuous Integration +'on': + pull_request: +jobs: + tox: + uses: stackhpc/.github/.github/workflows/tox.yml@main diff --git a/ansible/compute-libvirt-host.yml b/ansible/compute-libvirt-host.yml new file mode 100644 index 000000000..9b3900c22 --- /dev/null +++ b/ansible/compute-libvirt-host.yml @@ -0,0 +1,59 @@ +--- +- name: Ensure the libvirt daemon is configured + hosts: compute + tags: + - libvirt-host + tasks: + - name: Ensure Ceph package repository is available + package: + name: "centos-release-ceph-{{ compute_libvirt_ceph_repo_release }}" + state: present + when: + - compute_libvirt_enabled | bool + - ansible_facts.distribution in ['CentOS', 'Rocky'] + - compute_libvirt_ceph_repo_install | bool + become: true + + - name: Include stackhpc.libvirt-host role + include_role: + name: stackhpc.libvirt-host + vars: + libvirt_host_libvirtd_conf: "{{ compute_libvirt_conf }}" + libvirt_host_qemu_conf: "{{ compute_qemu_conf }}" + libvirt_host_enable_sasl_support: "{{ compute_libvirt_enable_sasl | bool }}" + libvirt_host_sasl_authname: nova + libvirt_host_sasl_password: "{{ compute_libvirt_sasl_password }}" + libvirt_host_tcp_listen: "{{ not compute_libvirt_enable_tls | bool }}" + libvirt_host_tcp_listen_address: "{{ internal_net_name | net_ip }}:16509" + libvirt_host_tls_listen: "{{ compute_libvirt_enable_tls | bool }}" + libvirt_host_tls_listen_address: "{{ internal_net_name | net_ip }}:16514" + # TLS server and client certificates. + libvirt_host_tls_server_cert: >- + {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['servercert.pem']}))) + if libvirt_host_tls_listen | default(False) | bool else '' }} + libvirt_host_tls_server_key: >- + {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['serverkey.pem']}))) + if libvirt_host_tls_listen | default(False) | bool else '' }} + libvirt_host_tls_client_cert: >- + {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientcert.pem']}))) + if libvirt_host_tls_listen | default(False) | bool else '' }} + libvirt_host_tls_client_key: >- + {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientkey.pem']}))) + if libvirt_host_tls_listen | default(False) | bool else '' }} + libvirt_host_tls_cacert: >- + {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['cacert.pem']}))) + if libvirt_host_tls_listen | default(False) | bool else '' }} + lookup_params: + paths: "{{ libvirt_tls_cert_paths }}" + skip: true + # Support loading libvirt TLS certificates & keys from per-host and + # global locations. + libvirt_tls_cert_paths: >- + {{ (libvirt_tls_cert_dirs | unique | product([inventory_hostname]) | map('path_join') | list + + libvirt_tls_cert_dirs | unique | list) | list }} + libvirt_tls_cert_dirs: + - "{{ kayobe_env_config_path }}/certificates/libvirt" + - "{{ kayobe_config_path }}/certificates/libvirt" + libvirt_host_enable_efi_support: true + when: + - compute_libvirt_enabled | bool diff --git a/ansible/group_vars/all/bifrost b/ansible/group_vars/all/bifrost index 735fbb733..c24ca67d3 100644 --- a/ansible/group_vars/all/bifrost +++ b/ansible/group_vars/all/bifrost @@ -65,6 +65,12 @@ kolla_bifrost_dib_packages: [] # Name of disk image file to deploy. Default is "deployment_image.qcow2". kolla_bifrost_deploy_image_filename: "deployment_image.qcow2" +# UUID of the root filesystem contained within the deployment image. +# See below URL for instructions on how to extract it: +# https://docs.openstack.org/ironic/latest/admin/raid.html#image-requirements +# Default is none. +kolla_bifrost_deploy_image_rootfs: + ############################################################################### # Ironic configuration. diff --git a/ansible/group_vars/all/compute b/ansible/group_vars/all/compute index dba12a943..d07d6d211 100644 --- a/ansible/group_vars/all/compute +++ b/ansible/group_vars/all/compute @@ -161,3 +161,61 @@ compute_firewalld_default_zone: # - permanent: true # - state: enabled compute_firewalld_rules: [] + +############################################################################### +# Compute node host libvirt configuration. + +# Whether to enable a host libvirt daemon. Default is true if kolla_enable_nova +# is true and kolla_enable_nova_libvirt_container is false. +compute_libvirt_enabled: "{{ kolla_enable_nova | bool and not kolla_enable_nova_libvirt_container | bool }}" + +# A dict of default configuration options to write to +# /etc/libvirt/libvirtd.conf. +compute_libvirt_conf_default: + auth_tcp: "{{ 'sasl' if compute_libvirt_enable_sasl | bool else 'none' }}" + auth_tls: "{{ 'sasl' if compute_libvirt_enable_sasl | bool else 'none' }}" + log_level: "{{ compute_libvirtd_log_level }}" + +# A dict of additional configuration options to write to +# /etc/libvirt/libvirtd.conf. +compute_libvirt_conf_extra: {} + +# A dict of configuration options to write to /etc/libvirt/libvirtd.conf. +# Default is a combination of compute_libvirt_conf_default and +# compute_libvirt_conf_extra. +compute_libvirt_conf: "{{ compute_libvirt_conf_default | combine(compute_libvirt_conf_extra) }}" + +# Numerical log level for libvirtd. Default is 3. +compute_libvirtd_log_level: 3 + +# A dict of default configuration options to write to +# /etc/libvirt/qemu.conf. +compute_qemu_conf_default: + max_files: 32768 + max_processes: 131072 + +# A dict of additional configuration options to write to +# /etc/libvirt/qemu.conf. +compute_qemu_conf_extra: {} + +# A dict of configuration options to write to /etc/libvirt/qemu.conf. +# Default is a combination of compute_qemu_conf_default and +# compute_qemu_conf_extra. +compute_qemu_conf: "{{ compute_qemu_conf_default | combine(compute_qemu_conf_extra) }}" + +# Whether to enable libvirt SASL authentication. Default is true. +compute_libvirt_enable_sasl: true + +# libvirt SASL password. Default is unset. +compute_libvirt_sasl_password: + +# Whether to enable a libvirt TLS listener. Default is false. +compute_libvirt_enable_tls: false + +# Whether to install a Ceph package repository on CentOS and Rocky hosts. +# Default is true. +compute_libvirt_ceph_repo_install: true + +# Ceph package repository release to install on CentOS and Rocky hosts when +# compute_libvirt_ceph_repo_install is true. Default is 'pacific'. +compute_libvirt_ceph_repo_release: pacific diff --git a/ansible/group_vars/all/ipa b/ansible/group_vars/all/ipa index 0d88e4dfe..5969c28f2 100644 --- a/ansible/group_vars/all/ipa +++ b/ansible/group_vars/all/ipa @@ -19,6 +19,9 @@ ipa_builder_source_url: "https://opendev.org/openstack/ironic-python-agent-build # Version of IPA builder source repository. Default is {{ openstack_branch }}. ipa_builder_source_version: "{{ openstack_branch }}" +# List of additional build host packages to install. +ipa_build_dib_host_packages_extra: [] + # List of default Diskimage Builder (DIB) elements to use when building IPA # images. Default is ["centos", "enable-serial-console", # "ironic-python-agent-ramdisk"]. diff --git a/ansible/group_vars/all/kolla b/ansible/group_vars/all/kolla index af29b7fb4..710b8c4ca 100644 --- a/ansible/group_vars/all/kolla +++ b/ansible/group_vars/all/kolla @@ -558,6 +558,7 @@ kolla_enable_murano: "no" kolla_enable_neutron_mlnx: "no" kolla_enable_neutron_provider_networks: "no" kolla_enable_neutron_sriov: "no" +kolla_enable_nova_libvirt_container: "yes" kolla_enable_octavia: "no" kolla_enable_openvswitch: "{{ kolla_enable_neutron | bool }}" kolla_enable_ovn: "no" @@ -585,9 +586,9 @@ kolla_enable_zun: "no" ############################################################################### # Passwords and credentials. -# Dictionary containing default custom passwords to add or override in the +# Dictionary containing base custom passwords to add or override in the # Kolla passwords file. -kolla_ansible_default_custom_passwords: +kolla_ansible_base_custom_passwords: # SSH key authorized in hosts deployed by Bifrost. bifrost_ssh_key: private_key: "{{ lookup('file', ssh_private_key_path) }}" @@ -598,6 +599,19 @@ kolla_ansible_default_custom_passwords: public_key: "{{ lookup('file', ssh_public_key_path) }}" docker_registry_password: "{{ kolla_docker_registry_password }}" +# Dictionary containing libvirt custom passwords to add or override in the +# Kolla passwords file. +kolla_ansible_libvirt_custom_passwords: + libvirt_sasl_password: "{{ compute_libvirt_sasl_password }}" + +# Dictionary containing default custom passwords to add or override in the +# Kolla passwords file. +kolla_ansible_default_custom_passwords: >- + {{ kolla_ansible_base_custom_passwords | + combine(kolla_ansible_libvirt_custom_passwords + if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool + else {}) }} + # Dictionary containing custom passwords to add or override in the Kolla # passwords file. kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}" @@ -653,3 +667,18 @@ kolla_internal_tls_cert: # in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's # default. kolla_internal_fqdn_cacert: + +############################################################################### +# Proxy configuration + +# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by +# Kolla. Default value is "{{ http_proxy }}". +kolla_http_proxy: "{{ http_proxy }}" + +# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by +# Kolla. Default value is "{{ https_proxy }}". +kolla_https_proxy: "{{ https_proxy }}" + +# List of domains, hostnames, IP addresses and networks for which no proxy is +# used. Default value is "{{ no_proxy }}". +kolla_no_proxy: "{{ no_proxy }}" diff --git a/ansible/group_vars/all/overcloud-dib b/ansible/group_vars/all/overcloud-dib new file mode 100644 index 000000000..6b0408eba --- /dev/null +++ b/ansible/group_vars/all/overcloud-dib @@ -0,0 +1,95 @@ +--- +# Overcloud host disk image configuration. + +############################################################################### +# Diskimage-builder configuration for overcloud host disk images. + +# Whether to build host disk images with DIB directly instead of through +# Bifrost. Setting it to true disables Bifrost image build and allows images to +# be built with the `kayobe overcloud host image build` command. Default value +# is {{ os_distribution == 'rocky' }}. This will change in a future release. +overcloud_dib_build_host_images: "{{ os_distribution == 'rocky' }}" + +# List of additional build host packages to install. +overcloud_dib_host_packages_extra: [] + +# List of overcloud host disk images to build. Each element is a dict defining +# an image in a format accepted by the stackhpc.os-images role. Default is to +# build an image named "deployment_image" configured with the overcloud_dib_* +# variables defined below: {"name": "deployment_image", "elements": "{{ +# overcloud_dib_elements }}", "env": "{{ overcloud_dib_env_vars }}", +# "packages": "{{ overcloud_dib_packages }}"}. +overcloud_dib_host_images: + - name: "deployment_image" + elements: "{{ overcloud_dib_elements }}" + env: "{{ overcloud_dib_env_vars }}" + packages: "{{ overcloud_dib_packages }}" + +# DIB base OS element. Default is {{ 'rocky-container' if os_distribution == +# 'rocky' else os_distribution }}. +overcloud_dib_os_element: "{{ 'rocky-container' if os_distribution == 'rocky' else os_distribution }}" + +# DIB image OS release. Default is {{ os_release }}. +overcloud_dib_os_release: "{{ os_release }}" + +# List of default DIB elements. Default is ["centos", "cloud-init-datasources", +# "disable-selinux", "enable-serial-console", "vm"] when +# overcloud_dib_os_element is "centos", or ["rocky-container", +# "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"] +# when overcloud_dib_os_element is "rocky" or +# ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"] +# when overcloud_dib_os_element is "ubuntu". +overcloud_dib_elements_default: + - "{{ overcloud_dib_os_element }}" + - "cloud-init-datasources" + - "{% if overcloud_dib_os_element in ['centos', 'rocky'] %}disable-selinux{% endif %}" + - "enable-serial-console" + - "vm" + +# List of additional DIB elements. Default is none. +overcloud_dib_elements_extra: [] + +# List of DIB elements. Default is a combination of +# overcloud_dib_elements_default and overcloud_dib_elements_extra. +overcloud_dib_elements: "{{ overcloud_dib_elements_default | select | list + overcloud_dib_elements_extra }}" + +# DIB default environment variables. Default is +# {"DIB_BOOTLOADER_DEFAULT_CMDLINE": "nofb nomodeset gfxpayload=text +# net.ifnames=1", "DIB_CLOUD_INIT_DATASOURCES": "ConfigDrive", +# "DIB_CONTAINERFILE_RUNTIME": "docker", "DIB_CONTAINERFILE_NETWORK_DRIVER": +# "host", "DIB_RELEASE": "{{ overcloud_dib_os_release }}"}. +overcloud_dib_env_vars_default: + DIB_BOOTLOADER_DEFAULT_CMDLINE: "nofb nomodeset gfxpayload=text net.ifnames=1" + DIB_CLOUD_INIT_DATASOURCES: "ConfigDrive" + DIB_CONTAINERFILE_RUNTIME: "docker" + DIB_CONTAINERFILE_NETWORK_DRIVER: "host" + DIB_RELEASE: "{{ overcloud_dib_os_release }}" + +# DIB additional environment variables. Default is none. +overcloud_dib_env_vars_extra: {} + +# DIB environment variables. Default is combination of +# overcloud_dib_env_vars_default and overcloud_dib_env_vars_extra. +overcloud_dib_env_vars: "{{ overcloud_dib_env_vars_default | combine(overcloud_dib_env_vars_extra) }}" + +# List of DIB packages to install. Default is to install no extra packages. +overcloud_dib_packages: [] + +# List of default git repositories containing Diskimage Builder (DIB) elements. +# See stackhpc.os-images role for usage. Default is empty. +overcloud_dib_git_elements_default: [] + +# List of additional git repositories containing Diskimage Builder (DIB) +# elements. See stackhpc.os-images role for usage. Default is empty. +overcloud_dib_git_elements_extra: [] + +# List of git repositories containing Diskimage Builder (DIB) elements. See +# stackhpc.os-images role for usage. Default is a combination of +# overcloud_dib_git_elements_default and overcloud_dib_git_elements_extra. +overcloud_dib_git_elements: >- + {{ overcloud_dib_git_elements_default + overcloud_dib_git_elements_extra }} + +# Upper constraints file for installing packages in the virtual environment +# used for building overcloud host disk images. Default is {{ +# pip_upper_constraints_file }}. +overcloud_dib_upper_constraints_file: "{{ pip_upper_constraints_file }}" diff --git a/ansible/group_vars/all/proxy b/ansible/group_vars/all/proxy new file mode 100644 index 000000000..eb791bbef --- /dev/null +++ b/ansible/group_vars/all/proxy @@ -0,0 +1,21 @@ +--- +############################################################################### +# Configuration of HTTP(S) proxies. + +# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By +# default no proxy is used. +http_proxy: "" + +# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By +# default no proxy is used. +https_proxy: "" + +# List of domains, hostnames, IP addresses and networks for which no proxy is +# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~ +# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or +# ["127.0.0.1", "localhost"] otherwise. This is configured only if either +# http_proxy or https_proxy is set. +no_proxy: + - "127.0.0.1" + - "localhost" + - "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}" diff --git a/ansible/kolla-ansible.yml b/ansible/kolla-ansible.yml index f2ccc3432..a469e474d 100644 --- a/ansible/kolla-ansible.yml +++ b/ansible/kolla-ansible.yml @@ -103,6 +103,7 @@ kolla_inspector_netmask: "{{ inspection_net_name | net_mask }}" kolla_inspector_default_gateway: "{{ inspection_net_name | net_inspection_gateway or inspection_net_name | net_gateway }}" kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}" + kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}" kolla_enable_host_ntp: false docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}" kolla_globals_paths_extra: diff --git a/ansible/kolla-bifrost-hostvars.yml b/ansible/kolla-bifrost-hostvars.yml index 3926f8f93..e43bcd7e6 100644 --- a/ansible/kolla-bifrost-hostvars.yml +++ b/ansible/kolla-bifrost-hostvars.yml @@ -15,6 +15,7 @@ bifrost_hostvars: addressing_mode: static deploy_image_filename: "{{ kolla_bifrost_deploy_image_filename }}" + deploy_image_rootfs: "{{ kolla_bifrost_deploy_image_rootfs | default(omit, true) }}" ipv4_interface_mac: "{% raw %}{{ extra.pxe_interface_mac | default }}{% endraw %}" ipv4_address: "{{ admin_oc_net_name | net_ip }}" ipv4_subnet_mask: "{{ admin_oc_net_name | net_mask }}" diff --git a/ansible/kolla-openstack.yml b/ansible/kolla-openstack.yml index 36cf4daa1..6941067ee 100644 --- a/ansible/kolla-openstack.yml +++ b/ansible/kolla-openstack.yml @@ -249,3 +249,5 @@ kolla_extra_sahara: "{{ kolla_extra_config.sahara | default }}" kolla_extra_zookeeper: "{{ kolla_extra_config.zookeeper | default }}" kolla_extra_config_path: "{{ kayobe_env_config_path }}/kolla/config" + kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}" + kolla_nova_libvirt_certificates_src: "{{ kayobe_env_config_path }}/certificates/libvirt" diff --git a/ansible/overcloud-host-image-build.yml b/ansible/overcloud-host-image-build.yml new file mode 100644 index 000000000..d895c5016 --- /dev/null +++ b/ansible/overcloud-host-image-build.yml @@ -0,0 +1,45 @@ +--- +# Build and install overcloud host disk images for the seed host's ironic +# service. + +- name: Ensure overcloud host disk images are built and installed + hosts: seed + tags: + - overcloud-host-image-build + vars: + overcloud_host_image_force_rebuild: False + tasks: + - block: + - name: Validate overcloud host disk image configuration + assert: + that: + - overcloud_dib_host_images is sequence + - overcloud_dib_host_images | selectattr('name', 'undefined') | list | length == 0 + - overcloud_dib_host_images | selectattr('elements', 'undefined') | list | length == 0 + msg: "overcloud_dib_host_images set to invalid value" + + - name: Ensure overcloud host disk images are built + include_role: + name: stackhpc.os-images + vars: + os_images_package_dependencies_extra: "{{ overcloud_dib_host_packages_extra | select | list }}" + os_images_venv: "{{ virtualenv_path }}/overcloud-host-image-dib" + os_images_package_state: latest + os_images_upper_constraints_file: "{{ overcloud_dib_upper_constraints_file }}" + os_images_cache: "{{ image_cache_path }}" + os_images_common: "" + os_images_list: "{{ overcloud_dib_host_images }}" + os_images_git_elements: "{{ overcloud_dib_git_elements }}" + os_images_upload: False + os_images_force_rebuild: "{{ overcloud_host_image_force_rebuild }}" + + - name: Copy overcloud host disk images into /httpboot + copy: + src: "{{ image_cache_path }}/{{ image.name }}/{{ image.name }}.{{ image.type | default('qcow2') }}" + dest: "/var/lib/docker/volumes/bifrost_httpboot/_data/{{ image.name }}.{{ image.type | default('qcow2') }}" + remote_src: True + with_items: "{{ overcloud_dib_host_images }}" + loop_control: + loop_var: image + become: True + when: overcloud_dib_build_host_images | bool diff --git a/ansible/overcloud-ipa-build.yml b/ansible/overcloud-ipa-build.yml index bc8e9f68a..4198c3572 100644 --- a/ansible/overcloud-ipa-build.yml +++ b/ansible/overcloud-ipa-build.yml @@ -36,6 +36,7 @@ include_role: name: stackhpc.os-images vars: + os_images_package_dependencies_extra: "{{ ipa_build_dib_host_packages_extra | select | list }}" os_images_venv: "{{ virtualenv_path }}/ipa-build-dib" os_images_package_state: latest os_images_upper_constraints_file: "{{ ipa_build_upper_constraints_file }}" diff --git a/ansible/physical-network.yml b/ansible/physical-network.yml index f9137856d..06a4a4ef0 100644 --- a/ansible/physical-network.yml +++ b/ansible/physical-network.yml @@ -27,6 +27,7 @@ - arista - dellos6 - dellos9 + - dellos10 - dell-powerconnect - junos - mellanox @@ -111,7 +112,7 @@ arista_switch_interface_config: "{{ switch_interface_config }}" - name: Ensure DellOS physical switches are configured - hosts: switches_of_type_dellos6:switches_of_type_dellos9:&switches_in_display_mode_False + hosts: switches_of_type_dellos6:switches_of_type_dellos9:switches_of_type_dellos10:&switches_in_display_mode_False gather_facts: no roles: - role: ssh-known-host diff --git a/ansible/proxy.yml b/ansible/proxy.yml new file mode 100644 index 000000000..e618b9c0d --- /dev/null +++ b/ansible/proxy.yml @@ -0,0 +1,41 @@ +- name: Configure HTTP(S) proxy settings + hosts: seed-hypervisor:seed:overcloud:infra-vms + vars: + ansible_python_interpreter: /usr/bin/python3 + tags: + - proxy + tasks: + - name: Add HTTP proxy configuration to /etc/environment + lineinfile: + path: "/etc/environment" + create: yes + mode: 0644 + state: present + regexp: "^http_proxy=.*" + line: "http_proxy={{ http_proxy }}" + become: True + when: http_proxy | length > 0 + + - name: Add HTTPS proxy configuration to /etc/environment + lineinfile: + path: "/etc/environment" + create: yes + mode: 0644 + state: present + regexp: "^https_proxy=.*" + line: "https_proxy={{ https_proxy }}" + become: True + when: https_proxy | length > 0 + + - name: Add no_proxy configuration to /etc/environment + lineinfile: + path: "/etc/environment" + create: yes + mode: 0644 + state: present + regexp: "^no_proxy=.*" + line: "no_proxy={{ no_proxy | select | join(',') }}" + become: True + when: + - no_proxy | length > 0 + - http_proxy | length > 0 or https_proxy | length > 0 diff --git a/ansible/roles/dell-switch/README.md b/ansible/roles/dell-switch/README.md index dc763d40c..b98d9d7d2 100644 --- a/ansible/roles/dell-switch/README.md +++ b/ansible/roles/dell-switch/README.md @@ -1,10 +1,10 @@ Dell Switch =========== -This role configures Dell switches using the `dellos6` or `dellos9` Ansible -modules. It provides a fairly minimal abstraction of the configuration -interface provided by the `dellos` modules, allowing for application of -arbitrary switch configuration options. +This role configures Dell switches using the `dellos6`, `dellos9`, or +`dellos10` Ansible modules. It provides a fairly minimal abstraction of the +configuration interface provided by the `dellos` modules, allowing for +application of arbitrary switch configuration options. Requirements ------------ @@ -14,7 +14,8 @@ The switches should be configured to allow SSH access. Role Variables -------------- -`dell_switch_type` is the type of Dell switch. One of `dellos6`, `dellos9`. +`dell_switch_type` is the type of Dell switch. One of `dellos6`, `dellos9`, or +`dellos10`. `dell_switch_provider` is authentication provider information passed as the `provider` argument to the `dellos` modules. diff --git a/ansible/roles/dell-switch/defaults/main.yml b/ansible/roles/dell-switch/defaults/main.yml index 07bec1a39..f642dd325 100644 --- a/ansible/roles/dell-switch/defaults/main.yml +++ b/ansible/roles/dell-switch/defaults/main.yml @@ -1,5 +1,5 @@ --- -# Type of Dell switch. One of dellos6, dellos9. +# Type of Dell switch. One of dellos6, dellos9, or dellos10. dell_switch_type: # Authentication provider information. diff --git a/ansible/roles/dell-switch/tasks/main.yml b/ansible/roles/dell-switch/tasks/main.yml index 4166ed714..07fd3d923 100644 --- a/ansible/roles/dell-switch/tasks/main.yml +++ b/ansible/roles/dell-switch/tasks/main.yml @@ -12,3 +12,10 @@ provider: "{{ dell_switch_provider }}" src: dellos9-config.j2 when: dell_switch_type == 'dellos9' + +- name: Ensure DellOS10 switches are configured + local_action: + module: dellos10_config + provider: "{{ dell_switch_provider }}" + src: "{{ lookup('template', 'dellos10-config.j2') }}" + when: dell_switch_type == 'dellos10' diff --git a/ansible/roles/dell-switch/templates/dellos10-config.j2 b/ansible/roles/dell-switch/templates/dellos10-config.j2 new file mode 100644 index 000000000..94c9dc068 --- /dev/null +++ b/ansible/roles/dell-switch/templates/dellos10-config.j2 @@ -0,0 +1,16 @@ +#jinja2: trim_blocks: True,lstrip_blocks: True + +{% for line in dell_switch_config %} +{{ line }} +{% endfor %} + +{% for interface, config in dell_switch_interface_config.items() %} +interface {{ interface }} +{% if config.description is defined %} +description {{ config.description }} +{% endif %} +{% for line in config.config %} +{{ line }} +{% endfor %} +exit +{% endfor %} diff --git a/ansible/roles/dnf/tasks/custom-repo.yml b/ansible/roles/dnf/tasks/custom-repo.yml index cabcb8f9b..244537bb9 100644 --- a/ansible/roles/dnf/tasks/custom-repo.yml +++ b/ansible/roles/dnf/tasks/custom-repo.yml @@ -9,7 +9,9 @@ gpgcheck: "{{ item.value.gpgcheck | default(omit)}}" cost: "{{ item.value.cost | default(omit)}}" enabled: "{{ item.value.enabled | default(omit)}}" + exclude: "{{ item.value.exclude | default(omit)}}" gpgcakey: "{{ item.value.gpgcakey | default(omit)}}" + includepkgs: "{{ item.value.includepkgs | default(omit)}}" metadata_expire: "{{ item.value.metadata_expire | default(omit)}}" metalink: "{{ item.value.metalink | default(omit)}}" mirrorlist: "{{ item.value.mirrorlist | default(omit)}}" diff --git a/ansible/roles/kolla-ansible/defaults/main.yml b/ansible/roles/kolla-ansible/defaults/main.yml index 0ef793f5b..ad6658a4a 100644 --- a/ansible/roles/kolla-ansible/defaults/main.yml +++ b/ansible/roles/kolla-ansible/defaults/main.yml @@ -21,6 +21,11 @@ kolla_ansible_venv_python: python3 # Extra requirements to install inside the kolla-ansible virtualenv. kolla_ansible_venv_extra_requirements: [] +# Pip requirement specifier for the ansible package. NOTE: This limits the +# version of ansible used by kolla-ansible to avoid new releases from breaking +# tested code. Changes to this limit should be tested. +kolla_ansible_venv_ansible: 'ansible>=4,<6.0' + # Virtualenv directory where Kolla-ansible's ansible modules will execute # remotely on the target nodes. If None, no virtualenv will be used. kolla_ansible_target_venv: @@ -137,7 +142,6 @@ kolla_external_vip_address: # kolla_external_vip_address. kolla_external_fqdn: - #################### # Networking options #################### @@ -234,6 +238,10 @@ kolla_openstack_logging_debug: # controllers. kolla_nova_compute_ironic_host: +kolla_libvirt_tls: + +kolla_libvirt_enable_sasl: + ############################################################################### # Extra free-form configuraton. @@ -306,3 +314,16 @@ docker_daemon_mtu: 1500 # Enable live-restore on docker daemon docker_daemon_live_restore: false + +############################################################################### +# Proxy configuration + +# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). +kolla_http_proxy: + +# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). +kolla_https_proxy: + +# List of domains, hostnames, IP addresses and networks for which no proxy is +# used. +kolla_no_proxy: diff --git a/ansible/roles/kolla-ansible/tasks/install.yml b/ansible/roles/kolla-ansible/tasks/install.yml index 95bea4da8..90a4655d3 100644 --- a/ansible/roles/kolla-ansible/tasks/install.yml +++ b/ansible/roles/kolla-ansible/tasks/install.yml @@ -95,10 +95,7 @@ {% else %} kolla-ansible=={{ kolla_openstack_release }} {% endif %} - # Limit the version of ansible used by kolla-ansible to avoid new - # releases from breaking tested code. Changes to this limit should be - # tested. - - ansible>=2.10.0,<5.0 + - "{{ kolla_ansible_venv_ansible }}" - selinux pip: name: "{{ (kolla_ansible_packages + kolla_ansible_venv_extra_requirements) | select | list }}" diff --git a/ansible/roles/kolla-ansible/templates/kolla/globals.yml b/ansible/roles/kolla-ansible/templates/kolla/globals.yml index f5c201ab8..03390722c 100644 --- a/ansible/roles/kolla-ansible/templates/kolla/globals.yml +++ b/ansible/roles/kolla-ansible/templates/kolla/globals.yml @@ -50,6 +50,17 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}" kolla_external_fqdn: "{{ kolla_external_fqdn }}" {% endif %} +# Proxy settings for containers such as magnum that need Internet access +{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %} +container_http_proxy: "{{ kolla_http_proxy }}" +{% endif %} +{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %} +container_https_proxy: "{{ kolla_https_proxy }}" +{% endif %} +{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %} +container_no_proxy: "{{ kolla_no_proxy | select | join(',') }}" +{% endif %} + ################ # Docker options ################ @@ -69,6 +80,16 @@ docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) } docker_registry_insecure: "yes" {% endif %} +{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %} +docker_http_proxy: "{{ kolla_http_proxy }}" +{% endif %} +{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %} +docker_https_proxy: "{{ kolla_https_proxy }}" +{% endif %} +{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %} +docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}" +{% endif %} + #docker_configure_for_zun: "no" ################### @@ -372,6 +393,13 @@ enable_{{ feature_flag }}: {{ hostvars[inventory_hostname]['kolla_enable_' ~ fea # Valid options are [ none, novnc, spice, rdp ] #nova_console: "novnc" +{% if kolla_libvirt_tls is not none %} +libvirt_tls: {{ kolla_libvirt_tls | bool }} +{% endif %} + +{% if kolla_libvirt_enable_sasl is not none %} +libvirt_enable_sasl: {{ kolla_libvirt_enable_sasl | bool }} +{% endif %} ################# # Hyper-V options ################# diff --git a/ansible/roles/kolla-ansible/vars/main.yml b/ansible/roles/kolla-ansible/vars/main.yml index 43d7c83f4..5d8af24f9 100644 --- a/ansible/roles/kolla-ansible/vars/main.yml +++ b/ansible/roles/kolla-ansible/vars/main.yml @@ -184,6 +184,7 @@ kolla_feature_flags: - nova - nova_fake - nova_horizon_policy_file + - nova_libvirt_container - nova_serialconsole_proxy - nova_ssh - octavia diff --git a/ansible/roles/kolla-bifrost/templates/kolla/config/bifrost/dib.yml b/ansible/roles/kolla-bifrost/templates/kolla/config/bifrost/dib.yml index e3456414f..a4fe0522b 100644 --- a/ansible/roles/kolla-bifrost/templates/kolla/config/bifrost/dib.yml +++ b/ansible/roles/kolla-bifrost/templates/kolla/config/bifrost/dib.yml @@ -1,4 +1,5 @@ --- +{% if not overcloud_dib_build_host_images | bool %} # Diskimage-builder element for base OS. dib_os_element: "{{ kolla_bifrost_dib_os_element }}" @@ -13,3 +14,9 @@ dib_elements: "{{ (kolla_bifrost_dib_elements + [kolla_bifrost_dib_init_element] # List of DIB image packages. dib_packages: "{{ kolla_bifrost_dib_packages | join(',') }}" +{% else %} +# Stop building overcloud host image using Bifrost. This needs to be defined +# here to override the default true value set in kolla-ansible in +# ansible/roles/bifrost/templates/dib.yml.j2. +create_image_via_dib: False +{% endif %} diff --git a/ansible/roles/kolla-openstack/defaults/main.yml b/ansible/roles/kolla-openstack/defaults/main.yml index ae32392a7..6d2ad45de 100644 --- a/ansible/roles/kolla-openstack/defaults/main.yml +++ b/ansible/roles/kolla-openstack/defaults/main.yml @@ -447,9 +447,19 @@ kolla_extra_neutron_ml2: # Whether to enable Nova. kolla_enable_nova: +# Whether to enable Nova libvirt container. +kolla_enable_nova_libvirt_container: + # Free form extra configuration to append to nova.conf. kolla_extra_nova: +# Whether libvirt TLS is enabled. +kolla_libvirt_tls: + +# Directory containing libvirt certificates for nova-compute when running +# libvirt on the host. +kolla_nova_libvirt_certificates_src: + ############################################################################### # Octavia configuration. diff --git a/ansible/roles/kolla-openstack/molecule/enable-everything/molecule.yml b/ansible/roles/kolla-openstack/molecule/enable-everything/molecule.yml index 14b0bbc86..634455c19 100644 --- a/ansible/roles/kolla-openstack/molecule/enable-everything/molecule.yml +++ b/ansible/roles/kolla-openstack/molecule/enable-everything/molecule.yml @@ -15,7 +15,7 @@ provisioner: inventory: group_vars: all: - kolla_extra_config_path: + kolla_extra_config_path: ${MOLECULE_TEMP_PATH:-/tmp}/molecule/kolla/config kolla_enable_aodh: true kolla_extra_aodh: | [extra-aodh.conf] @@ -116,9 +116,12 @@ provisioner: [extra-ml2_conf.ini] foo=bar kolla_enable_nova: true + kolla_enable_nova_libvirt_container: false kolla_extra_nova: | [extra-nova.conf] foo=bar + kolla_libvirt_tls: true + kolla_nova_libvirt_certificates_src: ${MOLECULE_TEMP_PATH:-/tmp}/molecule/nova-libvirt/certificates kolla_enable_octavia: true kolla_extra_octavia: | [extra-octavia.conf] diff --git a/ansible/roles/kolla-openstack/molecule/enable-everything/prepare.yml b/ansible/roles/kolla-openstack/molecule/enable-everything/prepare.yml index d78cc6940..8514e90f3 100644 --- a/ansible/roles/kolla-openstack/molecule/enable-everything/prepare.yml +++ b/ansible/roles/kolla-openstack/molecule/enable-everything/prepare.yml @@ -25,3 +25,23 @@ with_items: - "{{ kolla_inspector_ipa_kernel_path }}" - "{{ kolla_inspector_ipa_ramdisk_path }}" + + - name: Ensure nova libvirt certificates directory exists + local_action: + module: file + path: "{{ kolla_nova_libvirt_certificates_src }}" + state: directory + + # NOTE(mgoddard): Previously we were creating empty files for the kernel + # and ramdisk, but this was found to cause ansible to hang on recent + # versions of docker. Using non-empty files seems to resolve the issue. + # See https://github.com/ansible/ansible/issues/36725. + - name: Ensure nova libvirt certificates exist + local_action: + module: copy + content: fake cert + dest: "{{ kolla_nova_libvirt_certificates_src }}/{{ item }}" + with_items: + - "cacert.pem" + - "clientcert.pem" + - "clientkey.pem" diff --git a/ansible/roles/kolla-openstack/molecule/enable-everything/tests/test_default.py b/ansible/roles/kolla-openstack/molecule/enable-everything/tests/test_default.py index 6d5f67fe5..0badbfefd 100644 --- a/ansible/roles/kolla-openstack/molecule/enable-everything/tests/test_default.py +++ b/ansible/roles/kolla-openstack/molecule/enable-everything/tests/test_default.py @@ -50,6 +50,7 @@ 'murano', 'neutron', 'nova', + 'nova/nova-libvirt', 'octavia', 'placement', 'prometheus', @@ -100,7 +101,10 @@ def test_service_ini_file(host, path): @pytest.mark.parametrize( 'path', ['ironic/ironic-agent.initramfs', - 'ironic/ironic-agent.kernel']) + 'ironic/ironic-agent.kernel', + 'nova/nova-libvirt/cacert.pem', + 'nova/nova-libvirt/clientcert.pem', + 'nova/nova-libvirt/clientkey.pem']) def test_service_non_ini_file(host, path): # TODO(mgoddard): Check config file contents. path = os.path.join('/etc/kolla/config', path) diff --git a/ansible/roles/kolla-openstack/tasks/config.yml b/ansible/roles/kolla-openstack/tasks/config.yml index 958568ef5..734b5a88b 100644 --- a/ansible/roles/kolla-openstack/tasks/config.yml +++ b/ansible/roles/kolla-openstack/tasks/config.yml @@ -80,6 +80,7 @@ recurse: true with_items: "{{ kolla_openstack_custom_config }}" register: find_src_result + delegate_to: localhost - name: Find previously generated extra configuration files find: @@ -114,6 +115,7 @@ - item.0.item.enabled | bool - item.1.path | basename not in item.0.item.ignore | default([]) - item.1.path | basename not in item.0.item.untemplated | default([]) + - (item.1.path | dirname | relpath(item.0.item.src)).split("/")[0] not in item.0.item.untemplated_dirs | default([]) - name: Ensure untemplated extra configuration files exist copy: @@ -127,7 +129,8 @@ when: - item.0.item.enabled | bool - item.1.path | basename not in item.0.item.ignore | default([]) - - item.1.path | basename in item.0.item.untemplated | default([]) + - (item.1.path | basename in item.0.item.untemplated | default([])) or + ((item.1.path | dirname | relpath(item.0.item.src)).split("/")[0] in item.0.item.untemplated_dirs | default([])) - name: Ensure unnecessary extra configuration files are absent file: diff --git a/ansible/roles/kolla-openstack/vars/main.yml b/ansible/roles/kolla-openstack/vars/main.yml index 5a53c844f..8033b354f 100644 --- a/ansible/roles/kolla-openstack/vars/main.yml +++ b/ansible/roles/kolla-openstack/vars/main.yml @@ -98,6 +98,9 @@ kolla_openstack_custom_config: dest: "{{ kolla_node_custom_config_path }}/horizon" patterns: "*" enabled: "{{ kolla_enable_horizon }}" + untemplated_dirs: + # Do not attempt to template themes directory. + - "themes" # InfluxDB. - src: "{{ kolla_extra_config_path }}/" dest: "{{ kolla_node_custom_config_path }}/" @@ -175,6 +178,27 @@ kolla_openstack_custom_config: dest: "{{ kolla_node_custom_config_path }}/nova" patterns: "*" enabled: "{{ kolla_enable_nova }}" + # Nova. + - src: "{{ kolla_nova_libvirt_certificates_src }}" + dest: "{{ kolla_node_custom_config_path }}/nova/nova-libvirt" + patterns: + - clientcert.pem + - clientkey.pem + - cacert.pem + enabled: "{{ kolla_enable_nova | bool and kolla_libvirt_tls | bool }}" + untemplated: + - clientcert.pem + - clientkey.pem + - cacert.pem + - src: "{{ kolla_nova_libvirt_certificates_src }}" + dest: "{{ kolla_node_custom_config_path }}/nova/nova-libvirt" + patterns: + - servercert.pem + - serverkey.pem + enabled: "{{ kolla_enable_nova | bool and kolla_enable_nova_libvirt_container | bool and kolla_libvirt_tls | bool }}" + untemplated: + - servercert.pem + - serverkey.pem # Octavia. - src: "{{ kolla_extra_config_path }}/octavia" dest: "{{ kolla_node_custom_config_path }}/octavia" diff --git a/ansible/roles/snat/tasks/main.yml b/ansible/roles/snat/tasks/main.yml index 6fc64aa5c..2909ece4d 100644 --- a/ansible/roles/snat/tasks/main.yml +++ b/ansible/roles/snat/tasks/main.yml @@ -15,5 +15,10 @@ out_interface: "{{ item.interface }}" jump: SNAT to_source: "{{ item.source_ip }}" + destination: "{{ item.destination | default(omit) }}" + destination_port: "{{ item.destination_port | default(omit) }}" + destination_ports: "{{ item.destination_ports | default(omit) }}" + source: "{{ item.source | default(omit) }}" + source_port: "{{ item.source_port | default(omit) }}" with_items: "{{ snat_rules }}" become: True diff --git a/ansible/seed-ipa-build.yml b/ansible/seed-ipa-build.yml index 05297f332..fb26f7d05 100644 --- a/ansible/seed-ipa-build.yml +++ b/ansible/seed-ipa-build.yml @@ -26,6 +26,7 @@ include_role: name: stackhpc.os-images vars: + os_images_package_dependencies_extra: "{{ ipa_build_dib_host_packages_extra | select | list }}" os_images_venv: "{{ virtualenv_path }}/ipa-build-dib" os_images_package_state: latest os_images_upper_constraints_file: "{{ ipa_build_upper_constraints_file }}" @@ -53,8 +54,8 @@ - name: Copy Ironic Python Agent images into /httpboot command: > docker exec bifrost_deploy - bash -c 'export OS_CLOUD=bifrost && - ansible -vvvv target -i /bifrost/playbooks/inventory/target + bash -c 'ansible -vvvv target + -i /bifrost/playbooks/inventory/target -m copy -a "src=/etc/bifrost/{{ item }} dest=/httpboot/{{ item }}" -e "ansible_python_interpreter=/var/lib/kolla/venv/bin/python"' diff --git a/dev/functions b/dev/functions index dc0db5e34..436d33e57 100644 --- a/dev/functions +++ b/dev/functions @@ -10,12 +10,8 @@ set -o pipefail function config_defaults { # Set default values for kayobe development configuration. - # Try to detect if we are running in a vagrant VM. - if [[ -e /vagrant ]]; then - KAYOBE_SOURCE_PATH_DEFAULT=/vagrant - else - KAYOBE_SOURCE_PATH_DEFAULT="$(pwd)" - fi + PARENT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + KAYOBE_SOURCE_PATH_DEFAULT="$(dirname ${PARENT})" # Path to the kayobe source code repository. Typically this will be the # Vagrant shared directory. @@ -219,6 +215,11 @@ function is_ironic_enabled { [[ $ironic_enabled =~ ^true$ ]] } +function is_overcloud_host_image_built_by_dib { + overcloud_dib_build_host_images=$(kayobe configuration dump --host controllers[0] --var-name overcloud_dib_build_host_images) + [[ $overcloud_dib_build_host_images =~ ^true$ ]] +} + function environment_setup { # NOTE: Virtualenv's activate script references an unbound variable. set +u @@ -316,6 +317,13 @@ function seed_deploy { else echo "Not building seed deployment images" fi + + if is_overcloud_host_image_built_by_dib; then + echo "Building overcloud host images" + run_kayobe overcloud host image build + else + echo "Not building overcloud host images" + fi } function seed_upgrade { @@ -380,18 +388,26 @@ function overcloud_deploy { control_host_bootstrap - echo "Configuring the controller host" - run_kayobe overcloud host configure - - # FIXME(mgoddard): Perform host upgrade workarounds to ensure hostname - # resolves to IP address of API interface for RabbitMQ. This seems to be - # required since https://review.openstack.org/#/c/584427 was merged. - echo "Workaround: upgrading the controller host" - run_kayobe overcloud host upgrade - if [[ ${KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES} = 1 ]]; then echo "Generate TLS certificates" - run_kayobe kolla ansible run certificates --kolla-extra kolla_certificates_dir=${KAYOBE_CONFIG_PATH}/kolla/certificates + run_kayobe playbook run $KAYOBE_SOURCE_PATH/ansible/kolla-ansible.yml -t config + # NOTE(mgoddard): There is a chicken and egg when generating libvirt + # TLS certificates using the kolla-ansible certificates command, and + # host libvirt. The certificates command needs to be able to gather + # facts for all hosts, but since the host configure step hasn't been + # run, we don't have SSH or the kolla user configured yet. However, we + # can't run host configure without the libvirt TLS certificates. + # Workaround: add the host to SSH known hosts and SSH as $USER. + run_kayobe playbook run $KAYOBE_SOURCE_PATH/ansible/ssh-known-host.yml -l overcloud + + # Avoid populating the fact cache with this weird setup. + export ANSIBLE_CACHE_PLUGIN=memory + run_kayobe kolla ansible run certificates \ + --kolla-extra kolla_certificates_dir=${KAYOBE_CONFIG_PATH}/kolla/certificates \ + --kolla-extra ansible_user=$USER \ + --kolla-extra ansible_python_interpreter=/usr/bin/python3 + unset ANSIBLE_CACHE_PLUGIN + # Add CA cert to trust store. ca_cert=${KAYOBE_CONFIG_PATH}/kolla/certificates/ca/root.crt if [[ -e /etc/debian_version ]]; then @@ -405,6 +421,15 @@ function overcloud_deploy { fi fi + echo "Configuring the controller host" + run_kayobe overcloud host configure + + # FIXME(mgoddard): Perform host upgrade workarounds to ensure hostname + # resolves to IP address of API interface for RabbitMQ. This seems to be + # required since https://review.openstack.org/#/c/584427 was merged. + echo "Workaround: upgrading the controller host" + run_kayobe overcloud host upgrade + # Note: This must currently be before host configure, because host # configure runs kolla-ansible.yml, which validates the presence of the # built deploy images. diff --git a/dev/tenks-deploy-config-compute-libvirt-on-host.yml b/dev/tenks-deploy-config-compute-libvirt-on-host.yml new file mode 100644 index 000000000..d8cd1a14f --- /dev/null +++ b/dev/tenks-deploy-config-compute-libvirt-on-host.yml @@ -0,0 +1,56 @@ +--- +# This file holds the config given to Tenks when running `tenks-deploy.sh`. It +# assumes the existence of the bridge `breth1`. + +node_types: + type0: + memory_mb: 1024 + vcpus: 1 + volumes: + # There is a minimum disk space capacity requirement of 4GiB when using Ironic Python Agent: + # https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/utils.py#L290 + - capacity: 4GiB + physical_networks: + - physnet1 + console_log_enabled: true + # We seem to hit issues with missing cpu features in CI as a result of using host-model, e.g: + # https://zuul.opendev.org/t/openstack/build/02c33ab51664419a88a5a54ad22852a9/log/primary/system_logs/libvirt/qemu/tk0.txt.gz#38 + cpu_mode: + +specs: + - type: type0 + count: 2 + ironic_config: + resource_class: test-rc + network_interface: flat + +nova_flavors: + - resource_class: test-rc + node_type: type0 + +physnet_mappings: + physnet1: breth1 + +deploy_kernel: ipa.kernel +deploy_ramdisk: ipa.initramfs + +default_boot_mode: "bios" + +# Use the libvirt daemon deployed by Kayobe. Tenks will install libvirt client +# packages. +libvirt_host_install_daemon: false + +# Configure AppArmor for the pool on Ubuntu. +libvirt_host_configure_apparmor: true + +# Nested virtualisation is not working well in CI currently. Force the use of +# QEMU. +libvirt_vm_engine: "qemu" + +# QEMU may not be installed on the host, so set the path and avoid +# autodetection. +libvirt_vm_emulator: "{% if ansible_facts.os_family == 'RedHat' %}/usr/libexec/qemu-kvm{% else %}/usr/bin/qemu-system-x86_64{% endif %}" + +# Specify a log path in the kolla_logs Docker volume. It is accessible on the +# host at the same path. +libvirt_vm_default_console_log_dir: "/var/log/kolla/tenks" diff --git a/doc/source/configuration/reference/bifrost.rst b/doc/source/configuration/reference/bifrost.rst index 7816cffc7..8e5667dfd 100644 --- a/doc/source/configuration/reference/bifrost.rst +++ b/doc/source/configuration/reference/bifrost.rst @@ -39,6 +39,11 @@ For example, to install Bifrost from a custom git repository: Overcloud root disk image configuration ======================================= +.. note:: + + This configuration only applies when ``overcloud_dib_build_host_images`` + (set in ``${KAYOBE_CONFIG_PATH}/overcloud-dib.yml``) is not changed to true. + Bifrost uses Diskimage builder (DIB) to build a root disk image that is deployed to overcloud hosts when they are provisioned. The following options configure how this image is built. Consult the @@ -180,6 +185,8 @@ Rather than needing to write a custom DIB element, we can use the kolla_bifrost_dib_packages: - "biosdevname" +.. _configuration-bifrost-image-deployment-config: + Disk image deployment configuration =================================== @@ -190,11 +197,10 @@ The name of the root disk image to deploy can be configured via the Kayobe inventory. This can be used to provision different images across the overcloud. -.. note:: - - Support for building multiple disk images is not yet available. Images can - be manually renamed before changing the Kayobe configuration to build a - different image. +While only a single disk image can be built with Bifrost, starting from the +Yoga 12.0.0 release, Kayobe supports building multiple disk images directly +through Diskimage builder. Consult the :ref:`overcloud host disk image build +documentation ` for more details. Ironic configuration ==================== diff --git a/doc/source/configuration/reference/hosts.rst b/doc/source/configuration/reference/hosts.rst index 5bb834cb7..6567dcf80 100644 --- a/doc/source/configuration/reference/hosts.rst +++ b/doc/source/configuration/reference/hosts.rst @@ -1038,3 +1038,178 @@ Ansible's containers do), but may be necessary when building images. Docker's live restore feature can be configured via ``docker_daemon_live_restore``, although it is disabled by default due to issues observed. + +Compute libvirt daemon +====================== +*tags:* + | ``libvirt-host`` + +.. note:: + + This section is about the libvirt daemon on compute nodes, as opposed to the + seed hypervisor. + +Since Yoga, Kayobe provides support for deploying and configuring a libvirt +host daemon, as an alternative to the ``nova_libvirt`` container support by +Kolla Ansible. The host daemon is not used by default, but it is possible to +enable it by setting ``kolla_enable_nova_libvirt_container`` to ``false`` in +``$KAYOBE_CONFIG_PATH/kolla.yml``. + +Migration of hosts from a containerised libvirt to host libvirt is currently +not supported. + +The following options are available in ``$KAYOBE_CONFIG_PATH/compute.yml`` and +are relevant only when using the libvirt daemon rather than the +``nova_libvirt`` container: + +``compute_libvirt_enabled`` + Whether to enable a host libvirt daemon. Default is true if + ``kolla_enable_nova`` is ``true`` and + ``kolla_enable_nova_libvirt_container`` is ``false``. +``compute_libvirt_conf_default`` + A dict of default configuration options to write to + ``/etc/libvirt/libvirtd.conf``. +``compute_libvirt_conf_extra`` + A dict of additional configuration options to write to + ``/etc/libvirt/libvirtd.conf``. +``compute_libvirt_conf`` + A dict of configuration options to write to ``/etc/libvirt/libvirtd.conf``. + Default is a combination of ``compute_libvirt_conf_default`` and + ``compute_libvirt_conf_extra``. +``compute_libvirtd_log_level`` + Numerical log level for libvirtd. Default is 3. +``compute_qemu_conf_default`` + A dict of default configuration options to write to + ``/etc/libvirt/qemu.conf``. +``compute_qemu_conf_extra`` + A dict of additional configuration options to write to + ``/etc/libvirt/qemu.conf``. +``compute_qemu_conf`` + A dict of configuration options to write to ``/etc/libvirt/qemu.conf``. + Default is a combination of ``compute_qemu_conf_default`` and + ``compute_qemu_conf_extra``. +``compute_libvirt_enable_sasl`` + Whether to enable libvirt SASL authentication. Default is the same as + ``compute_libvirt_tcp_listen``. +``compute_libvirt_sasl_password`` + libvirt SASL password. Default is unset. This must be defined when + ``compute_libvirt_enable_sasl`` is ``true``. +``compute_libvirt_enable_tls`` + Whether to enable a libvirt TLS listener. Default is false. +``compute_libvirt_ceph_repo_install`` + Whether to install a Ceph package repository on CentOS and Rocky hosts. + Default is ``true``. +``compute_libvirt_ceph_repo_release`` + Ceph package repository release to install on CentOS and Rocky hosts when + ``compute_libvirt_ceph_repo_install`` is ``true``. Default is ``pacific``. + +Example: custom libvirtd.conf +----------------------------- + +To customise the libvirt daemon log output to send level 3 to the journal: + +.. code-block:: yaml + :caption: ``compute.yml`` + + compute_libvirt_conf_extra: + log_outputs: "3:journald" + +Example: custom qemu.conf +------------------------- + +To customise QEMU to avoid adding timestamps to logs: + +.. code-block:: yaml + :caption: ``compute.yml`` + + compute_qemu_conf_extra: + log_timestamp: 0 + +Example: SASL +------------- + +SASL authentication is enabled by default. This provides authentication for +TCP and TLS connections to the libvirt API. A password is required, and should +be encrypted using Ansible Vault. + +.. code-block:: yaml + :caption: ``compute.yml`` + + compute_libvirt_sasl_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63363937303539373738356236393563636466313130633435353933613637343231303836343933 + 3463623265653030323665383337376462363434396361320a653737376237353261303066616637 + 66613562316533313632613433643537346463303363376664396661343835373033326261383065 + 3731643633656636360a623534313665343066656161333866613338313266613465336332376463 + 3234 + +Example: enabling libvirt TLS listener +-------------------------------------- + +To enable the libvirt TLS listener: + +.. code-block:: yaml + :caption: ``compute.yml`` + + compute_libvirt_enable_tls: true + +When the TLS listener is enabled, it is necessary to provide client, server and +CA certificates. The following files should be provided: + +``cacert.pem`` + CA certificate used to sign client and server certificates. +``clientcert.pem`` + Client certificate. +``clientkey.pem`` + Client key. +``servercert.pem`` + Server certificate. +``serverkey.pem`` + Server key. + +It is recommended to encrypt the key files using Ansible Vault. + +The following paths are searched for these files: + +* ``$KAYOBE_CONFIG_PATH/certificates/libvirt/{{ inventory_hostname }}/`` +* ``$KAYOBE_CONFIG_PATH/certificates/libvirt/`` + +In this way, certificates may be generated for each host, or shared using +wildcard certificates. + +If using Kayobe environments, certificates in the environment take precedence. + +Kayobe makes the CA certificate and client certificate and key available to +Kolla Ansible, for use by the ``nova_compute`` service. + +Example: disabling Ceph repository installation +----------------------------------------------- + +On CentOS and Rocky hosts, a CentOS Storage SIG Ceph repository is installed +that provides more recent Ceph libraries than those available in CentOS/Rocky +AppStream. This may be necessary when using Ceph for Cinder volumes or Nova +ephemeral block devices. In some cases, such as when using local package +mirrors, the upstream repository may not be appropriate. The installation of +the repository may be disabled as follows: + +.. code-block:: yaml + :caption: ``compute.yml`` + + compute_libvirt_ceph_repo_install: false + +Example: installing additional packages +--------------------------------------- + +In some cases it may be useful to install additional packages on compute hosts +for use by libvirt. The `stackhpc.libvirt-host +`__ Ansible role supports +this via the ``libvirt_host_extra_daemon_packages`` variable. The variable +should be defined via group variables in the Ansible inventory, to avoid +applying the change to the seed hypervisor. For example, to install the +``trousers`` package used for accessing TPM hardware: + +.. code-block:: yaml + :caption: ``inventory/group_vars/compute/libvirt`` + + libvirt_host_extra_daemon_packages: + - trousers diff --git a/doc/source/configuration/reference/index.rst b/doc/source/configuration/reference/index.rst index 2085025a1..100b7ae84 100644 --- a/doc/source/configuration/reference/index.rst +++ b/doc/source/configuration/reference/index.rst @@ -18,6 +18,7 @@ options. kolla kolla-ansible bifrost + overcloud-dib ironic-python-agent docker-registry seed-custom-containers diff --git a/doc/source/configuration/reference/ironic-python-agent.rst b/doc/source/configuration/reference/ironic-python-agent.rst index da2936e40..fb8f7aaa0 100644 --- a/doc/source/configuration/reference/ironic-python-agent.rst +++ b/doc/source/configuration/reference/ironic-python-agent.rst @@ -44,6 +44,9 @@ image build``. https://opendev.org/openstack/ironic-python-agent-builder ``ipa_builder_source_version`` Version of IPA builder source repository. Default is ``master``. +``ipa_build_dib_host_packages_extra`` + List of additional build host packages to install. Default is an empty + list. ``ipa_build_dib_elements_default`` List of default Diskimage Builder (DIB) elements to use when building IPA images. Default is ``["centos", "enable-serial-console", diff --git a/doc/source/configuration/reference/os-distribution.rst b/doc/source/configuration/reference/os-distribution.rst index 44742c8d9..f73524f35 100644 --- a/doc/source/configuration/reference/os-distribution.rst +++ b/doc/source/configuration/reference/os-distribution.rst @@ -1,3 +1,5 @@ +.. _os-distribution: + =============== OS Distribution =============== diff --git a/doc/source/configuration/reference/overcloud-dib.rst b/doc/source/configuration/reference/overcloud-dib.rst new file mode 100644 index 000000000..90a1e8770 --- /dev/null +++ b/doc/source/configuration/reference/overcloud-dib.rst @@ -0,0 +1,249 @@ +.. _overcloud-dib: + +=============================== +Overcloud host disk image build +=============================== + +This section covers configuration for building overcloud host disk images with +Diskimage builder (DIB), which is available from the Yoga 12.0.0 release. This +configuration is applied in ``${KAYOBE_CONFIG_PATH}/overcloud-dib.yml``. + +Enabling host disk image build +============================== + +From the Yoga release, disk images for overcloud hosts can be built directly +using Diskimage builder rather than through Bifrost. This is enabled with the +following option: + +``overcloud_dib_build_host_images`` + Whether to build host disk images with DIB directly instead of through + Bifrost. Setting it to true disables Bifrost image build and allows images + to be built with the ``kayobe overcloud host image build`` command. Default + value is false, except on Rocky where it is true. This will change in a + future release. + +With this option enabled, Bifrost will be configured to stop building a root +disk image. This will become the default behaviour in a future release. + +Overcloud root disk image configuration +======================================= + +Kayobe uses Diskimage builder (DIB) to build root disk images that are deployed +to overcloud hosts when they are provisioned. The following options configure +how these images are built. Consult the +:diskimage-builder-doc:`Diskimage-builder documentation <>` for further +information on building disk images. + +The default configuration builds a whole disk (partitioned) image using the +selected :ref:`OS distribution ` (CentOS Stream 8 by default) +with serial console enabled, and SELinux disabled if CentOS Stream or Rocky +Linux is used. +`Cloud-init `__ is used to process +the configuration drive built by Bifrost during provisioning. + +``overcloud_dib_host_packages_extra`` + List of additional host packages to install. Default is an empty list. +``overcloud_dib_host_images`` + List of overcloud host disk images to build. Each element is a dict + defining an image in a format accepted by the `stackhpc.os-images + `__ role. Default is to + build an image named ``deployment_image`` configured with the + ``overcloud_dib_*`` variables defined below: ``{"name": "deployment_image", + "elements": "{{ overcloud_dib_elements }}", "env": "{{ + overcloud_dib_env_vars }}", "packages": "{{ overcloud_dib_packages }}"}``. +``overcloud_dib_os_element`` + DIB base OS element. Default is ``{{ 'rocky-container' if os_distribution == 'rocky' else os_distribution }}``. +``overcloud_dib_os_release`` + DIB image OS release. Default is ``{{ os_release }}``. +``overcloud_dib_elements_default`` + List of default DIB elements. Default is ``["centos", + "cloud-init-datasources", "disable-selinux", "enable-serial-console", + "vm"]`` when ``overcloud_dib_os_element`` is ``centos``, or + ``["rocky-container", "cloud-init-datasources", "disable-selinux", + "enable-serial-console", "vm"]`` when overcloud_dib_os_element is ``rocky`` + or ``["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]`` + when ``overcloud_dib_os_element`` is ``ubuntu``. The ``vm`` element is + poorly named, and causes DIB to build a whole disk image rather than a + single partition. +``overcloud_dib_elements_extra`` + List of additional DIB elements. Default is none. +``overcloud_dib_elements`` + List of DIB elements. Default is a combination of ``overcloud_dib_elements_default`` + and ``overcloud_dib_elements_extra``. +``overcloud_dib_env_vars_default`` + DIB default environment variables. Default is + ``{"DIB_BOOTLOADER_DEFAULT_CMDLINE": "nofb nomodeset gfxpayload=text + net.ifnames=1", "DIB_CLOUD_INIT_DATASOURCES": "ConfigDrive", + "DIB_CONTAINERFILE_RUNTIME": "docker", "DIB_CONTAINERFILE_NETWORK_DRIVER": + "host", DIB_RELEASE": "{{ overcloud_dib_os_release }}"}``. +``overcloud_dib_env_vars_extra`` + DIB additional environment variables. Default is none. +``overcloud_dib_env_vars`` + DIB environment variables. Default is combination of + ``overcloud_dib_env_vars_default`` and + ``overcloud_dib_env_vars_extra``. +``overcloud_dib_packages`` + List of DIB packages to install. Default is to install no extra packages. +``overcloud_dib_git_elements_default`` + List of default git repositories containing Diskimage Builder (DIB) + elements. See stackhpc.os-images role for usage. Default is empty. +``overcloud_dib_git_elements_extra`` + List of additional git repositories containing Diskimage Builder (DIB) + elements. See stackhpc.os-images role for usage. Default is empty. +``overcloud_dib_git_elements`` + List of git repositories containing Diskimage Builder (DIB) elements. See + stackhpc.os-images role for usage. Default is a combination of + ``overcloud_dib_git_elements_default`` and + ``overcloud_dib_git_elements_extra``. +``overcloud_dib_upper_constraints_file`` + Upper constraints file for installing packages in the virtual environment + used for building overcloud host disk images. Default is ``{{ + pip_upper_constraints_file }}``. + +Disk images are built with the following command: + +.. code-block:: console + + (kayobe) $ kayobe overcloud host image build + +It is worth noting that images will not be rebuilt if they already exist. To +force rebuilding images, it is necessary to use the ``--force-rebuild`` +argument. + +.. code-block:: console + + (kayobe) $ kayobe overcloud host image build --force-rebuild + +Example: Adding an element +-------------------------- + +In the following, we extend the list of DIB elements to add the ``growpart`` +element: + +.. code-block:: yaml + :caption: ``dib.yml`` + + overcloud_dib_elements_extra: + - "growpart" + +Example: Building an XFS root filesystem image +---------------------------------------------- + +By default, DIB will format the image as ``ext4``. In some cases it might be +useful to use XFS, for example when using the ``overlay`` Docker storage driver +which can reach the maximum number of hardlinks allowed by ``ext4``. + +In DIB, we achieve this by setting the ``FS_TYPE`` environment variable to +``xfs``. + +.. code-block:: yaml + :caption: ``dib.yml`` + + overcloud_dib_env_vars_extra: + FS_TYPE: "xfs" + +Example: Configuring a development user account +----------------------------------------------- + +.. warning:: + + A development user account should not be used in production. + +When debugging a failed deployment, it can sometimes be necessary to allow +access to the image via a preconfigured user account with a known password. +This can be achieved via the :diskimage-builder-doc:`devuser +` element. + +This example shows how to add the ``devuser`` element, and configure a username +and password for an account that has passwordless sudo: + +.. code-block:: yaml + :caption: ``dib.yml`` + + overcloud_dib_elements_extra: + - "devuser" + + overcloud_dib_env_vars_extra: + DIB_DEV_USER_USERNAME: "devuser" + DIB_DEV_USER_PASSWORD: "correct horse battery staple" + DIB_DEV_USER_PWDLESS_SUDO: "yes" + +Alternatively, the :diskimage-builder-doc:`dynamic-login element +` can be used to authorize SSH keys by appending +them to the kernel arguments. + +Example: Configuring custom DIB elements +---------------------------------------- + +Sometimes it is useful to use custom DIB elements that are not shipped with DIB +itself. This can be done by sharing them in a git repository. + +.. code-block:: yaml + :caption: ``overcloud-dib.yml`` + + overcloud_dib_elements_extra: + - "my-element" + + overcloud_dib_git_elements: + - repo: "https://git.example.com/custom-dib-elements" + local: "{{ source_checkout_path }}/custom-dib-elements" + version: "master" + elements_path: "elements" + +In this example the ``master`` branch of +https://git.example.com/custom-dib-elements would have a top level ``elements`` +directory, containing a ``my-element`` directory for the element. + +Example: Installing a package +----------------------------- + +It can be necessary to install additional packages in the root disk image. +Rather than needing to write a custom DIB element, we can use the +``overcloud_dib_packages`` variable. For example, to install the +``biosdevname`` package: + +.. code-block:: yaml + :caption: ``dib.yml`` + + overcloud_dib_packages: + - "biosdevname" + +Example: Building multiple images +--------------------------------- + +It can be necessary to build multiple images to support the various types of +hardware present in a deployment or the different functions performed by +overcloud hosts. This can be configured with the ``overcloud_dib_host_images`` +variable, using a format accepted by the `stackhpc.os-images +`__ role. Note that image names +should not include the file extension. For example, to build a second image +with a development user account and the ``biosdevname`` package: + +.. code-block:: yaml + :caption: ``dib.yml`` + + overcloud_dib_host_images: + - name: "deployment_image" + elements: "{{ overcloud_dib_elements }}" + env: "{{ overcloud_dib_env_vars }}" + packages: "{{ overcloud_dib_packages }}" + - name: "debug_deployment_image" + elements: "{{ overcloud_dib_elements + ['devuser'] }}" + env: "{{ overcloud_dib_env_vars | combine(devuser_env_vars) }}" + packages: "{{ overcloud_dib_packages + ['biosdevname'] }}" + + devuser_env_vars: + DIB_DEV_USER_USERNAME: "devuser" + DIB_DEV_USER_PASSWORD: "correct horse battery staple" + DIB_DEV_USER_PWDLESS_SUDO: "yes" + +Running the ``kayobe overcloud host image build`` command with this +configuration will create two images: ``deployment_image.qcow2`` and +``debug_deployment_image.qcow2``. + +Disk image deployment configuration +=================================== + +See :ref:`disk image deployment configuration in +Bifrost` for how to configure +the root disk image to be used to provision each host. diff --git a/doc/source/configuration/reference/physical-network.rst b/doc/source/configuration/reference/physical-network.rst index 38f9c9104..a65bbeb59 100644 --- a/doc/source/configuration/reference/physical-network.rst +++ b/doc/source/configuration/reference/physical-network.rst @@ -18,6 +18,7 @@ The following switch operating systems are currently supported: `__) * Dell OS 6 * Dell OS 9 +* Dell OS 10 * Dell PowerConnect * Juniper Junos OS * Mellanox MLNX OS @@ -192,13 +193,13 @@ default connection parameters used by Ansible: * ``ansible_user`` is the SSH username. -Dell OS6 and OS9 ----------------- +Dell OS6, OS9, and OS10 +----------------------- -Configuration for these devices is applied using the ``dellos6_config`` and -``dellos9_config`` Ansible modules. +Configuration for these devices is applied using the ``dellos6_config``, +``dellos9_config``, and ``dellos10_config`` Ansible modules. -``switch_type`` should be set to ``dellos6`` or ``dellos9``. +``switch_type`` should be set to ``dellos6``, ``dellos9``, or ``dellos10``. Provider ^^^^^^^^ diff --git a/doc/source/deployment.rst b/doc/source/deployment.rst index e1ddc3e6a..44563759b 100644 --- a/doc/source/deployment.rst +++ b/doc/source/deployment.rst @@ -172,13 +172,13 @@ At this point the seed services need to be deployed on the seed VM. These services are deployed in the ``bifrost_deploy`` container. This command will also build the Operating System image that will be used to -deploy the overcloud nodes using Disk Image Builder (DIB). +deploy the overcloud nodes using Disk Image Builder (DIB), unless +``overcloud_dib_build_host_images`` is set to ``True``. .. note:: If you are using Rocky Linux - building of the Operating System image - needs to be done outside of Kayobe (no support for diskimage-builder - containerfile element based builds in bifrost container). + needs to be done using ``kayobe overcloud host image build``. To deploy the seed services in containers:: @@ -223,6 +223,28 @@ rebuilding images, use the ``--force-rebuild`` argument. See :ref:`here ` for information on how to configure the IPA image build process. +Building Overcloud Host Disk Images +----------------------------------- + +.. note:: + + This step is only relevant if ``overcloud_dib_build_host_images`` is set to + ``True``. By default, a host disk image is automatically built by Bifrost + unless you're running Rocky Linux - which requires this step. + +Host disk images are deployed on overcloud hosts during provisioning. To build +host disk images:: + + (kayobe) $ kayobe overcloud host image build + +If images have been built previously, they will not be rebuilt. To force +rebuilding images, use the ``--force-rebuild`` argument. + +.. seealso:: + + See :ref:`here ` for information on how to configure the + overcloud host disk image build process. + Accessing the Seed via SSH (Optional) ------------------------------------- diff --git a/etc/kayobe/bifrost.yml b/etc/kayobe/bifrost.yml index 9cabe8121..a9eba19dd 100644 --- a/etc/kayobe/bifrost.yml +++ b/etc/kayobe/bifrost.yml @@ -65,6 +65,12 @@ # Name of disk image file to deploy. Default is "deployment_image.qcow2". #kolla_bifrost_deploy_image_filename: +# UUID of the root filesystem contained within the deployment image. +# See below URL for instructions on how to extract it: +# https://docs.openstack.org/ironic/latest/admin/raid.html#image-requirements +# Default is none. +#kolla_bifrost_deploy_image_rootfs: + ############################################################################### # Ironic configuration. diff --git a/etc/kayobe/compute.yml b/etc/kayobe/compute.yml index cd0ceb247..b1d8d6562 100644 --- a/etc/kayobe/compute.yml +++ b/etc/kayobe/compute.yml @@ -143,6 +143,53 @@ # - state: enabled #compute_firewalld_rules: +############################################################################### +# Compute node host libvirt configuration. + +# Whether to enable a host libvirt daemon. Default is true if kolla_enable_nova +# is true and kolla_enable_nova_libvirt_container is false. +#compute_libvirt_enabled: + +# A dict of default configuration options to write to +# /etc/libvirt/libvirtd.conf. +#compute_libvirt_conf_default: + +# A dict of additional configuration options to write to +# /etc/libvirt/libvirtd.conf. +#compute_libvirt_conf_extra: + +# A dict of configuration options to write to /etc/libvirt/libvirtd.conf. +# Default is a combination of compute_libvirt_conf_default and +# compute_libvirt_conf_extra. +#compute_libvirt_conf: + +# Numerical log level for libvirtd. Default is 3. +#compute_libvirtd_log_level: + +# A dict of default configuration options to write to +# /etc/libvirt/qemu.conf. +#compute_qemu_conf_default: + +# A dict of additional configuration options to write to +# /etc/libvirt/qemu.conf. +#compute_qemu_conf_extra: + +# A dict of configuration options to write to /etc/libvirt/qemu.conf. +# Default is a combination of compute_qemu_conf_default and +# compute_qemu_conf_extra. +#compute_qemu_conf: + +# Whether to enable a libvirt TLS listener. Default is false. +#compute_libvirt_enable_tls: + +# Whether to install a Ceph package repository on CentOS and Rocky hosts. +# Default is true. +#compute_libvirt_ceph_repo_install: + +# Ceph package repository release to install on CentOS and Rocky hosts when +# compute_libvirt_ceph_repo_install is true. Default is 'pacific'. +#compute_libvirt_ceph_repo_release: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/ipa.yml b/etc/kayobe/ipa.yml index 519ca2a59..81ee97493 100644 --- a/etc/kayobe/ipa.yml +++ b/etc/kayobe/ipa.yml @@ -19,6 +19,9 @@ # Version of IPA builder source repository. Default is {{ openstack_branch }}. #ipa_builder_source_version: +# List of additional build host packages to install. Default is an empty list. +#ipa_build_dib_host_packages_extra: + # List of default Diskimage Builder (DIB) elements to use when building IPA # images. Default is ["centos", "enable-serial-console", # "ironic-python-agent-ramdisk"]. diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index cda576f31..9f70334fe 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -50,6 +50,11 @@ # Extra requirements to install inside the kolla-ansible virtualenv. #kolla_ansible_venv_extra_requirements: +# Pip requirement specifier for the ansible package. NOTE: This limits the +# version of ansible used by kolla-ansible to avoid new releases from breaking +# tested code. Changes to this limit should be tested. +#kolla_ansible_venv_ansible: + # Path to Kolla-ansible configuration directory. Default is $KOLLA_CONFIG_PATH # or /etc/kolla if $KOLLA_CONFIG_PATH is not set. #kolla_config_path: @@ -481,6 +486,21 @@ # default. #kolla_internal_fqdn_cacert: +############################################################################### +# Proxy configuration + +# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by +# Kolla. Default value is "{{ http_proxy }}". +#kolla_http_proxy: + +# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by +# Kolla. Default value is "{{ https_proxy }}". +#kolla_https_proxy: + +# List of domains, hostnames, IP addresses and networks for which no proxy is +# used. Default value is "{{ no_proxy }}". +#kolla_no_proxy: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/overcloud-dib.yml b/etc/kayobe/overcloud-dib.yml new file mode 100644 index 000000000..bca69e92d --- /dev/null +++ b/etc/kayobe/overcloud-dib.yml @@ -0,0 +1,84 @@ +--- +# Overcloud host disk image configuration. + +############################################################################### +# Diskimage-builder configuration for overcloud host disk images. + +# Whether to build host disk images with DIB directly instead of through +# Bifrost. Setting it to true disables Bifrost image build and allows images to +# be built with the `kayobe overcloud host image build` command. Default value +# is {{ os_distribution == 'rocky' }}. This will change in a future release. +#overcloud_dib_build_host_images: + +# List of additional build host packages to install. Default is an empty list. +#overcloud_dib_host_packages_extra: + +# List of overcloud host disk images to build. Each element is a dict defining +# an image in a format accepted by the stackhpc.os-images role. Default is to +# build an image named "deployment_image" configured with the overcloud_dib_* +# variables defined below: {"name": "deployment_image", "elements": "{{ +# overcloud_dib_elements }}", "env": "{{ overcloud_dib_env_vars }}", +# "packages": "{{ overcloud_dib_packages }}"}. +#overcloud_dib_host_images: + +# DIB base OS element. Default is {{ 'rocky-container' if os_distribution == +# 'rocky' else os_distribution }}. +#overcloud_dib_os_element: + +# DIB image OS release. Default is {{ os_release }}. +#overcloud_dib_os_release: + +# List of default DIB elements. Default is ["centos", "cloud-init-datasources", +# "disable-selinux", "enable-serial-console", "vm"] when +# overcloud_dib_os_element is "centos", or ["rocky-container", +# "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"] +# when overcloud_dib_os_element is "rocky" or +# ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"] +# when overcloud_dib_os_element is "ubuntu". +#overcloud_dib_elements_default: + +# List of additional DIB elements. Default is none. +#overcloud_dib_elements_extra: + +# List of DIB elements. Default is a combination of +# overcloud_dib_elements_default and overcloud_dib_elements_extra. +#overcloud_dib_elements: + +# DIB default environment variables. Default is +# {"DIB_BOOTLOADER_DEFAULT_CMDLINE": "nofb nomodeset gfxpayload=text +# net.ifnames=1", "DIB_CLOUD_INIT_DATASOURCES": "ConfigDrive", +# "DIB_CONTAINERFILE_RUNTIME": "docker", "DIB_CONTAINERFILE_NETWORK_DRIVER": +# "host", "DIB_RELEASE": "{{ overcloud_dib_os_release }}"}. +#overcloud_dib_env_vars_default: + +# DIB additional environment variables. Default is none. +#overcloud_dib_env_vars_extra: + +# DIB environment variables. Default is combination of +# overcloud_dib_env_vars_default and overcloud_dib_env_vars_extra. +#overcloud_dib_env_vars: + +# List of DIB packages to install. Default is to install no extra packages. +#overcloud_dib_packages: + +# List of default git repositories containing Diskimage Builder (DIB) elements. +# See stackhpc.os-images role for usage. Default is empty. +#overcloud_dib_git_elements_default: + +# List of additional git repositories containing Diskimage Builder (DIB) +# elements. See stackhpc.os-images role for usage. Default is empty. +#overcloud_dib_git_elements_extra: + +# List of git repositories containing Diskimage Builder (DIB) elements. See +# stackhpc.os-images role for usage. Default is a combination of +# overcloud_dib_git_elements_default and overcloud_dib_git_elements_extra. +#overcloud_dib_git_elements: + +# Upper constraints file for installing packages in the virtual environment +# used for building overcloud host disk images. Default is {{ +# pip_upper_constraints_file }}. +#overcloud_dib_upper_constraints_file: + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/proxy.yml b/etc/kayobe/proxy.yml new file mode 100644 index 000000000..714b9dae5 --- /dev/null +++ b/etc/kayobe/proxy.yml @@ -0,0 +1,22 @@ +--- +############################################################################### +# Configuration of HTTP(S) proxies. + +# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By +# default no proxy is used. +#http_proxy: + +# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By +# default no proxy is used. +#https_proxy: + +# List of domains, hostnames, IP addresses and networks for which no proxy is +# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~ +# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or +# ["127.0.0.1", "localhost"] otherwise. This is configured only if either +# http_proxy or https_proxy is set. +#no_proxy: + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 94233567a..40d62fd75 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -409,6 +409,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, * Allocate IP addresses for all configured networks. * Add the host to SSH known hosts. * Configure a user account for use by kayobe for SSH access. + * Configure proxy settings. * Configure package repos. * Configure a PyPI mirror. * Optionally, create a virtualenv for remote target hosts. @@ -442,7 +443,7 @@ def take_action(self, parsed_args): limit="seed-hypervisor") playbooks = _build_playbook_list( - "ssh-known-host", "kayobe-ansible-user", + "ssh-known-host", "kayobe-ansible-user", "proxy", "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") @@ -559,6 +560,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, * Allocate IP addresses for all configured networks. * Add the host to SSH known hosts. * Configure a user account for use by kayobe for SSH access. + * Configure proxy settings. * Configure package repos. * Configure a PyPI mirror. * Optionally, create a virtualenv for remote target hosts. @@ -599,7 +601,7 @@ def take_action(self, parsed_args): # Run kayobe playbooks. playbooks = _build_playbook_list( - "ssh-known-host", "kayobe-ansible-user", + "ssh-known-host", "kayobe-ansible-user", "proxy", "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") @@ -870,6 +872,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin, * Allocate IP addresses for all configured networks. * Add the host to SSH known hosts. * Configure a user account for use by kayobe for SSH access. + * Configure proxy settings. * Configure package repos. * Configure a PyPI mirror. * Optionally, create a virtualenv for remote target hosts. @@ -905,7 +908,7 @@ def take_action(self, parsed_args): # Kayobe playbooks. playbooks = _build_playbook_list( - "ssh-known-host", "kayobe-ansible-user", + "ssh-known-host", "kayobe-ansible-user", "proxy", "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") @@ -1120,6 +1123,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, * Allocate IP addresses for all configured networks. * Add the host to SSH known hosts. * Configure a user account for use by kayobe for SSH access. + * Configure proxy settings. * Configure package repos. * Configure a PyPI mirror. * Optionally, create a virtualenv for remote target hosts. @@ -1138,6 +1142,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, * Optionally, create a virtualenv for kolla-ansible. * Configure a user account for kolla-ansible. * Configure Docker engine. + * Configure libvirt. """ def get_parser(self, prog_name): @@ -1158,7 +1163,7 @@ def take_action(self, parsed_args): # Kayobe playbooks. playbooks = _build_playbook_list( - "ssh-known-host", "kayobe-ansible-user", + "ssh-known-host", "kayobe-ansible-user", "proxy", "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") @@ -1176,7 +1181,8 @@ def take_action(self, parsed_args): # Further kayobe playbooks. playbooks = _build_playbook_list( - "kolla-host", "docker", "swift-block-devices") + "kolla-host", "docker", "swift-block-devices", + "compute-libvirt-host") self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud") @@ -1772,6 +1778,31 @@ def take_action(self, parsed_args): extra_vars=extra_vars) +class OvercloudHostImageBuild(KayobeAnsibleMixin, VaultMixin, Command): + """Build overcloud host disk images. + + Builds host disk images using Diskimage Builder (DIB) for use when + provisioning the overcloud hosts. + """ + + def get_parser(self, prog_name): + parser = super(OvercloudHostImageBuild, self).get_parser( + prog_name) + group = parser.add_argument_group("Host Image Build") + group.add_argument("--force-rebuild", action="store_true", + help="whether to force rebuilding the images") + return parser + + def take_action(self, parsed_args): + self.app.LOG.debug("Building overcloud host disk images") + playbooks = _build_playbook_list("overcloud-host-image-build") + extra_vars = {} + if parsed_args.force_rebuild: + extra_vars["overcloud_host_image_force_rebuild"] = True + self.run_kayobe_playbooks(parsed_args, playbooks, + extra_vars=extra_vars) + + class OvercloudPostConfigure(KayobeAnsibleMixin, VaultMixin, Command): """Perform post-deployment configuration. diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py index 029a5be73..17daeb47d 100644 --- a/kayobe/tests/unit/cli/test_commands.py +++ b/kayobe/tests/unit/cli/test_commands.py @@ -319,6 +319,7 @@ def test_seed_hypervisor_host_configure(self, mock_run): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "proxy.yml"), utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), @@ -494,6 +495,7 @@ def test_seed_host_configure(self, mock_kolla_run, mock_run): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "proxy.yml"), utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), @@ -986,6 +988,7 @@ def test_infra_vm_host_configure(self, mock_run): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "proxy.yml"), utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), @@ -1266,6 +1269,7 @@ def test_overcloud_host_configure(self, mock_kolla_run, mock_run): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "proxy.yml"), utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), @@ -1309,6 +1313,94 @@ def test_overcloud_host_configure(self, mock_kolla_run, mock_run): utils.get_data_files_path("ansible", "docker.yml"), utils.get_data_files_path( "ansible", "swift-block-devices.yml"), + utils.get_data_files_path( + "ansible", "compute-libvirt-host.yml"), + ], + limit="overcloud", + ), + ] + self.assertEqual(expected_calls, mock_run.call_args_list) + + expected_calls = [ + mock.call( + mock.ANY, + "bootstrap-servers", + ), + ] + self.assertEqual(expected_calls, mock_kolla_run.call_args_list) + + @mock.patch.object(commands.KayobeAnsibleMixin, + "run_kayobe_playbooks") + @mock.patch.object(commands.KollaAnsibleMixin, + "run_kolla_ansible_overcloud") + def test_overcloud_host_configure_wipe_disks(self, mock_kolla_run, + mock_run): + command = commands.OvercloudHostConfigure(TestApp(), []) + parser = command.get_parser("test") + parsed_args = parser.parse_args(["--wipe-disks"]) + + result = command.run(parsed_args) + self.assertEqual(0, result) + + expected_calls = [ + mock.call( + mock.ANY, + [utils.get_data_files_path("ansible", "ip-allocation.yml")], + limit="overcloud", + ), + mock.call( + mock.ANY, + [ + utils.get_data_files_path("ansible", "ssh-known-host.yml"), + utils.get_data_files_path( + "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "proxy.yml"), + utils.get_data_files_path("ansible", "apt.yml"), + utils.get_data_files_path("ansible", "dnf.yml"), + utils.get_data_files_path("ansible", "pip.yml"), + utils.get_data_files_path( + "ansible", "kayobe-target-venv.yml"), + utils.get_data_files_path("ansible", "wipe-disks.yml"), + utils.get_data_files_path("ansible", "users.yml"), + utils.get_data_files_path("ansible", "dev-tools.yml"), + utils.get_data_files_path( + "ansible", "disable-selinux.yml"), + utils.get_data_files_path("ansible", "network.yml"), + utils.get_data_files_path("ansible", "firewall.yml"), + utils.get_data_files_path("ansible", "tuned.yml"), + utils.get_data_files_path("ansible", "sysctl.yml"), + utils.get_data_files_path("ansible", "disable-glean.yml"), + utils.get_data_files_path( + "ansible", "disable-cloud-init.yml"), + utils.get_data_files_path("ansible", "time.yml"), + utils.get_data_files_path("ansible", "mdadm.yml"), + utils.get_data_files_path("ansible", "luks.yml"), + utils.get_data_files_path("ansible", "lvm.yml"), + utils.get_data_files_path("ansible", + "docker-devicemapper.yml"), + utils.get_data_files_path( + "ansible", "kolla-ansible-user.yml"), + utils.get_data_files_path("ansible", "kolla-pip.yml"), + utils.get_data_files_path( + "ansible", "kolla-target-venv.yml"), + ], + limit="overcloud", + ), + mock.call( + mock.ANY, + [utils.get_data_files_path("ansible", "kolla-ansible.yml")], + tags="config", + ignore_limit=True, + ), + mock.call( + mock.ANY, + [ + utils.get_data_files_path("ansible", "kolla-host.yml"), + utils.get_data_files_path("ansible", "docker.yml"), + utils.get_data_files_path( + "ansible", "swift-block-devices.yml"), + utils.get_data_files_path( + "ansible", "compute-libvirt-host.yml"), ], limit="overcloud", ), @@ -2073,6 +2165,50 @@ def test_overcloud_container_image_build_with_regex(self, mock_run): ] self.assertEqual(expected_calls, mock_run.call_args_list) + @mock.patch.object(commands.KayobeAnsibleMixin, + "run_kayobe_playbooks") + def test_overcloud_host_image_build(self, mock_run): + command = commands.OvercloudHostImageBuild(TestApp(), []) + parser = command.get_parser("test") + parsed_args = parser.parse_args([]) + + result = command.run(parsed_args) + self.assertEqual(0, result) + + expected_calls = [ + mock.call( + mock.ANY, + [ + utils.get_data_files_path( + "ansible", "overcloud-host-image-build.yml"), + ], + extra_vars={}, + ), + ] + self.assertEqual(expected_calls, mock_run.call_args_list) + + @mock.patch.object(commands.KayobeAnsibleMixin, + "run_kayobe_playbooks") + def test_overcloud_host_image_build_force_rebuild(self, mock_run): + command = commands.OvercloudHostImageBuild(TestApp(), []) + parser = command.get_parser("test") + parsed_args = parser.parse_args(["--force-rebuild"]) + + result = command.run(parsed_args) + self.assertEqual(0, result) + + expected_calls = [ + mock.call( + mock.ANY, + [ + utils.get_data_files_path( + "ansible", "overcloud-host-image-build.yml"), + ], + extra_vars={"overcloud_host_image_force_rebuild": True}, + ), + ] + self.assertEqual(expected_calls, mock_run.call_args_list) + @mock.patch.object(commands.KayobeAnsibleMixin, "run_kayobe_playbooks") def test_overcloud_deployment_image_build(self, mock_run): diff --git a/playbooks/kayobe-overcloud-base/globals.yml.j2 b/playbooks/kayobe-overcloud-base/globals.yml.j2 index 03e173614..58c4c7ec9 100644 --- a/playbooks/kayobe-overcloud-base/globals.yml.j2 +++ b/playbooks/kayobe-overcloud-base/globals.yml.j2 @@ -21,4 +21,6 @@ kolla_copy_ca_into_containers: "yes" kolla_enable_tls_backend: "yes" openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt" kolla_admin_openrc_cacert: "/etc/pki/tls/certs/ca-bundle.crt" +libvirt_tls: "yes" +certificates_libvirt_output_dir: "{% raw %}{{ kayobe_env_config_path }}{% endraw %}/certificates/libvirt" {% endif %} diff --git a/playbooks/kayobe-overcloud-base/overrides.yml.j2 b/playbooks/kayobe-overcloud-base/overrides.yml.j2 index edbd62bb7..5ba1c563e 100644 --- a/playbooks/kayobe-overcloud-base/overrides.yml.j2 +++ b/playbooks/kayobe-overcloud-base/overrides.yml.j2 @@ -30,10 +30,16 @@ pip_trusted_hosts: aio_bridge_ports: - dummy1 +# Generate a password for libvirt SASL authentication. +compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sasl-password') }}{% endraw %}" + # Enable ironic for testing baremetal compute. kolla_enable_ironic: true {% if tls_enabled %} +kolla_enable_nova_libvirt_container: false +compute_libvirt_enable_tls: true + kolla_enable_tls_external: "yes" kolla_enable_tls_internal: "yes" diff --git a/playbooks/kayobe-overcloud-base/run.yml b/playbooks/kayobe-overcloud-base/run.yml index 3d77e86aa..350b47dfd 100644 --- a/playbooks/kayobe-overcloud-base/run.yml +++ b/playbooks/kayobe-overcloud-base/run.yml @@ -3,6 +3,8 @@ environment: KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}" KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES: "{{ tls_enabled | ternary(1, 0) }}" + # TODO(mgoddard): Remove this when libvirt on host is used by default. + TENKS_CONFIG_PATH: "dev/tenks-deploy-config-compute{% if tls_enabled %}-libvirt-on-host{% endif %}.yml" tasks: - name: Ensure overcloud is deployed shell: @@ -18,8 +20,6 @@ executable: /bin/bash - name: Perform testing of the virtualized machines - # We must do this before tenks-deploy as that will stop the nova_libvirt - # container shell: cmd: dev/overcloud-test-vm.sh &> {{ logs_dir }}/ansible/overcloud-test-vm chdir: "{{ kayobe_src_dir }}" diff --git a/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 b/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 index c1c920f67..438338e1e 100644 --- a/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 +++ b/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 @@ -185,3 +185,6 @@ controller_firewalld_rules: - service: cockpit state: disabled zone: public + +# Generate a password for libvirt SASL authentication. +compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sasl-password') }}{% endraw %}" diff --git a/playbooks/kayobe-overcloud-upgrade-base/overrides.yml.j2 b/playbooks/kayobe-overcloud-upgrade-base/overrides.yml.j2 index 5b19dc729..9e82ee563 100644 --- a/playbooks/kayobe-overcloud-upgrade-base/overrides.yml.j2 +++ b/playbooks/kayobe-overcloud-upgrade-base/overrides.yml.j2 @@ -37,6 +37,9 @@ pip_trusted_hosts: aio_bridge_ports: - dummy1 +# Generate a password for libvirt SASL authentication. +compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sasl-password') }}{% endraw %}" + # Enable ironic for testing baremetal compute. kolla_enable_ironic: true diff --git a/playbooks/kayobe-seed-base/overrides.yml.j2 b/playbooks/kayobe-seed-base/overrides.yml.j2 index e5d666091..82f177ece 100644 --- a/playbooks/kayobe-seed-base/overrides.yml.j2 +++ b/playbooks/kayobe-seed-base/overrides.yml.j2 @@ -36,3 +36,6 @@ aio_bridge_ports: ipa_build_images: {{ build_images }} ipa_build_dib_elements_extra: - "extra-hardware" + +# Build overcloud host image +overcloud_dib_build_host_images: true diff --git a/playbooks/kayobe-seed-vm-base/overrides.yml.j2 b/playbooks/kayobe-seed-vm-base/overrides.yml.j2 index 35a46c319..becc1495e 100644 --- a/playbooks/kayobe-seed-vm-base/overrides.yml.j2 +++ b/playbooks/kayobe-seed-vm-base/overrides.yml.j2 @@ -53,3 +53,5 @@ configdrive_debian_network_interfaces_supports_glob: false # are using for SSH to be removed. Use a dummy interface. aio_bridge_ports: - dummy1 + +overcloud_dib_build_host_images: False diff --git a/releasenotes/notes/add-efi-lvm-dependencies-2358e7930a32fa66.yaml b/releasenotes/notes/add-efi-lvm-dependencies-2358e7930a32fa66.yaml new file mode 100644 index 000000000..0e0ef38c3 --- /dev/null +++ b/releasenotes/notes/add-efi-lvm-dependencies-2358e7930a32fa66.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adds dependencies for EFI and LVM based overcloud images. diff --git a/releasenotes/notes/add-support-for-custom-horizon-themes-5da1d99c1b8107b9.yaml b/releasenotes/notes/add-support-for-custom-horizon-themes-5da1d99c1b8107b9.yaml new file mode 100644 index 000000000..a422a837f --- /dev/null +++ b/releasenotes/notes/add-support-for-custom-horizon-themes-5da1d99c1b8107b9.yaml @@ -0,0 +1,3 @@ +--- +features: + - Adds support for custom Horizon themes. diff --git a/releasenotes/notes/add-support-for-rootfs-uuid-42f0c551a383799b.yaml b/releasenotes/notes/add-support-for-rootfs-uuid-42f0c551a383799b.yaml new file mode 100644 index 000000000..413adbf20 --- /dev/null +++ b/releasenotes/notes/add-support-for-rootfs-uuid-42f0c551a383799b.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds support for setting root filesystem's UUID via a new variable + ``kolla_bifrost_deploy_image_rootfs``. This is useful when deploying + overcloud hosts with software RAID based root disk devices. diff --git a/releasenotes/notes/adds-ansible-requirement-specifier-728e3045fc448715.yaml b/releasenotes/notes/adds-ansible-requirement-specifier-728e3045fc448715.yaml new file mode 100644 index 000000000..d41ac7db9 --- /dev/null +++ b/releasenotes/notes/adds-ansible-requirement-specifier-728e3045fc448715.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds the ``kolla_ansible_venv_ansible`` configuration option. This allows + you to override the version of ansible installed in the kolla-ansible + virtualenv. diff --git a/releasenotes/notes/dellos10-support-31e209bcdb45552a.yaml b/releasenotes/notes/dellos10-support-31e209bcdb45552a.yaml new file mode 100644 index 000000000..09f03211e --- /dev/null +++ b/releasenotes/notes/dellos10-support-31e209bcdb45552a.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds support for configuring Dell OS10 Switches using the `dellemc.os10 + Ansible collection `__. This is + integrated with the ``kayobe physical network configure`` command. diff --git a/releasenotes/notes/dib-host-image-4fe8b1bf078f2d27.yaml b/releasenotes/notes/dib-host-image-4fe8b1bf078f2d27.yaml new file mode 100644 index 000000000..485937990 --- /dev/null +++ b/releasenotes/notes/dib-host-image-4fe8b1bf078f2d27.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Adds support for building overcloud root disk images directly with DIB + rather than through Bifrost. This includes support for building multiple + images, each with a different configuration. See `story 2002098 + ` for details. diff --git a/releasenotes/notes/image-build-host-packages-1f1a3cf59436d82b.yaml b/releasenotes/notes/image-build-host-packages-1f1a3cf59436d82b.yaml new file mode 100644 index 000000000..2d80edc7e --- /dev/null +++ b/releasenotes/notes/image-build-host-packages-1f1a3cf59436d82b.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Adds support for installing additional build host dependencies when + building IPA and overcloud host images via + ``ipa_build_dib_host_packages_extra`` and + ``overcloud_dib_host_packages_extra``. diff --git a/releasenotes/notes/libvirt-on-host-ff83f12923cc1f58.yaml b/releasenotes/notes/libvirt-on-host-ff83f12923cc1f58.yaml new file mode 100644 index 000000000..a16a9cfd2 --- /dev/null +++ b/releasenotes/notes/libvirt-on-host-ff83f12923cc1f58.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Adds support for running a libvirt daemon on the host, rather than in a + container. This is done by setting ``kolla_enable_nova_libvirt_container`` + to ``false``. See `story 2009858 + `__ for details. diff --git a/releasenotes/notes/proxy-settings-32911948a517b35b.yaml b/releasenotes/notes/proxy-settings-32911948a517b35b.yaml new file mode 100644 index 000000000..8084c8217 --- /dev/null +++ b/releasenotes/notes/proxy-settings-32911948a517b35b.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Adds support for configuring HTTP(S) proxy settings using the + ``http_proxy``, ``https_proxy`` and ``no_proxy`` variables in + ``proxy.yml``. These variables are passed down to Kolla Ansible which uses + them to configure Docker, allowing container image pull operations and + container networking to use HTTP(S) proxies. diff --git a/releasenotes/notes/snat-rules-dst-src-14ce6ca6bec26086.yaml b/releasenotes/notes/snat-rules-dst-src-14ce6ca6bec26086.yaml new file mode 100644 index 000000000..6c71ac082 --- /dev/null +++ b/releasenotes/notes/snat-rules-dst-src-14ce6ca6bec26086.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds support for specifying SNAT source and destination filters. This is + useful if forwarded packets need to exit on a different interface depending + on the source or destination IP address or port. diff --git a/releasenotes/notes/update-centos-cloud-image-db4f69b7e87f23ac.yaml b/releasenotes/notes/update-centos-cloud-image-db4f69b7e87f23ac.yaml new file mode 100644 index 000000000..0a2320617 --- /dev/null +++ b/releasenotes/notes/update-centos-cloud-image-db4f69b7e87f23ac.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Updates base CentOS Stream cloud image to CentOS-Stream-GenericCloud-8-20210603.0.x86_64. diff --git a/releasenotes/notes/yum-repository-exclude-includepkgs-6e7b6b988f1f9a9d.yaml b/releasenotes/notes/yum-repository-exclude-includepkgs-6e7b6b988f1f9a9d.yaml new file mode 100644 index 000000000..5103de375 --- /dev/null +++ b/releasenotes/notes/yum-repository-exclude-includepkgs-6e7b6b988f1f9a9d.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Adds support for the ``exclude`` and ``includepkgs`` options in custom DNF + repositories configured with ``dnf_custom_repos`` in ``dnf.yml``. See + `documentation of the yum_repository Ansible module + `__ + for usage. diff --git a/requirements.txt b/requirements.txt index 7502967ab..41279061e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,3 +7,4 @@ PyYAML>=3.10.0 # MIT selinux # MIT # INI parsing oslo.config>=5.2.0 # Apache-2.0 +paramiko # LGPL diff --git a/requirements.yml b/requirements.yml index 725f179e6..0fbac4bdf 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,8 @@ --- +collections: + - name: dellemc.os10 + version: 1.1.1 + roles: - src: ahuffman.resolv version: 1.3.1 @@ -28,7 +32,7 @@ roles: - src: stackhpc.grafana-conf version: 1.1.1 - src: stackhpc.libvirt-host - version: v1.8.3 + version: v1.11.0 - src: stackhpc.libvirt-vm version: v1.14.2 - src: stackhpc.luks @@ -36,7 +40,7 @@ roles: - src: stackhpc.mellanox-switch version: v1.0.0 - src: stackhpc.os-images - version: v1.10.7 + version: v1.15.0 - src: stackhpc.os-ironic-state version: v1.3.1 - src: stackhpc.os-networks diff --git a/roles/kayobe-diagnostics/files/get_logs.sh b/roles/kayobe-diagnostics/files/get_logs.sh index a0a1adf66..eab1e8aad 100644 --- a/roles/kayobe-diagnostics/files/get_logs.sh +++ b/roles/kayobe-diagnostics/files/get_logs.sh @@ -103,6 +103,12 @@ copy_logs() { cp /opt/kayobe/images/ipa/ipa.stderr /opt/kayobe/images/ipa/ipa.stdout ${LOG_DIR}/kayobe/ fi + # Overcloud host image build logs + if [[ -f /opt/kayobe/images/deployment_image/deployment_image.stderr ]] || [[ -f /opt/kayobe/images/deployment_image/deployment_image.stdout ]]; then + mkdir -p ${LOG_DIR}/kayobe + cp /opt/kayobe/images/deployment_image/deployment_image.stderr /opt/kayobe/images/deployment_image/deployment_image.stdout ${LOG_DIR}/kayobe/ + fi + # Rename files to .txt; this is so that when displayed via # logs.openstack.org clicking results in the browser shows the # files, rather than trying to send it to another app or make you diff --git a/setup.cfg b/setup.cfg index 209fdc604..766398d35 100644 --- a/setup.cfg +++ b/setup.cfg @@ -61,6 +61,7 @@ kayobe.cli= overcloud_facts_gather = kayobe.cli.commands:OvercloudFactsGather overcloud_hardware_inspect = kayobe.cli.commands:OvercloudHardwareInspect overcloud_host_configure = kayobe.cli.commands:OvercloudHostConfigure + overcloud_host_image_build = kayobe.cli.commands:OvercloudHostImageBuild overcloud_host_package_update = kayobe.cli.commands:OvercloudHostPackageUpdate overcloud_host_command_run = kayobe.cli.commands:OvercloudHostCommandRun overcloud_host_upgrade = kayobe.cli.commands:OvercloudHostUpgrade @@ -148,6 +149,8 @@ kayobe.cli.overcloud_hardware_inspect = hooks = kayobe.cli.commands:HookDispatcher kayobe.cli.overcloud_host_configure = hooks = kayobe.cli.commands:HookDispatcher +kayobe.cli.overcloud_host_image_build = + hooks = kayobe.cli.commands:HookDispatcher kayobe.cli.overcloud_host_package_update = hooks = kayobe.cli.commands:HookDispatcher kayobe.cli.overcloud_host_command_run =