The management network is used extensively for all internal
communication.
Since the original use of the network was a private network before
it was exposed for external communication in a distributed cloud
configuration, it was never designed to be reconfigured.
To support MGMT network reconfiguration the idea is to configure the
applications to use the hostname/FQDN instead of a static MGMT IP
address.
In this way the MGMT network can be changed and the services and
applications will still work since they are using the hostname/FQDN
and the DNS will be responsible to translate to the current MGMT
IP address.
The use of FQDN will be applied for all installation modes: AIO-SX,
AIO-DX, Standard, AIO-PLUS and DC subclouds. But given the
complexities of supporting the multi-host reconfiguration,
the MGMT network reconfiguration will focus on support for AIO-SX
only.
The DNSMASQ service must start as soon as possible to translate
the FQDN to IP address.
Test plan ( Debian only )
- AIO-SX and AIO-DX virtualbox installation IPv4/IPv6
- Standard virtualbox installation IPv6
- DC virtualbox installation IPv4 ( AIO-SX/DX subclouds )
- AIO-SX and AIO-DX installation IPv4/IPv6
- AIO-DX plus installation IPv6
- DC IPv6 and subcloud AIO-SX
- AIO-DX host-swact
- DC IPv4 virtualbox with subcloud AIO-DX and AIO-DX
- AIO-SX to AIO-DX migration
- netstat -tupl ( no services are using the MGMT IP address )
- Ran sanity/regression tests
- Backup and Restore for AIO-SX/AIO-DX
Story: 2010722
Task: 48241
Change-Id: If340354755ec401dac1b0da2c93e278e390f81a9
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
Because the management network and its parameters are
embedded in many parts of the system, having a separate
admin network makes it much easier to change the parameters
of this network (subnet, gateway, etc) after a subcloud has
been provisioned.
The admin network will take precedence over the existing
management network for communication between the
subcloud and system controller if it is defined.
The management network will still exist on the subcloud, but
will be a private network.
This commit contains logic to choose the most appropriate
keystone auth url and admin endpoint required for subcloud
administration depending on whether the admin network is
present or not.
Note: Corresponding puppet review:
https://review.opendev.org/c/starlingx/stx-puppet/+/865288
Test Plan:
- Bootstrap and install DC subcloud with admin network defined.
PASS: Ensure the openstack admin endpoints on both the subcloud
and system controller for the affected services use the
admin subnet of the subcloud
PASS: Ensure the subcloud can become online and in-sync using
the admin network.
Regression:
- AIO-SX: On a non-DC system, ensure the openstack endpoints for
the various services are not impacted by the change.
- Bootstrap and install DC subcloud with no admin network defined.
PASS: Ensure the openstack admin endpoints on both the subcloud
and system controller for the affected services use the
management subnet of the subcloud (no impact)
PASS: Ensure the subcloud can become online and in-sync with the
management network (no impact).
Depends-On: https://review.opendev.org/c/starlingx/config/+/863033
Story: 2010319
Task: 46910
Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: Icf4c7c97ed69c74e6827c63614cb44abca28e38a
This feature adds a new RPC backend for communication between
sysinv-api, sysinv-conductor and sysinv-agent processes.
This backend is implemented using a patched zerorpc library [1],
which is built on top of ZeroMQ and message-pack.
The motivation behind this change is to decouple sysinv from RabbitMQ,
and use a brokerless solution for RPC instead.
The key points are:
- All imports of rpcapi.py are replaced by rpcapiproxy.py, which
decides the backend to use (rabbitmq or zeromq) according to
configuration.
- During an upgrade process the rpc service listens to both rabbitmq
and zeromq. For communication between hosts, the client backend api
is chosen according to host software version.
- In future versions, the usage of RabbitMQ will no longer be
necessary and its usage can be removed. I have marked these parts of
code with "TODO(RPCHybridMode)" to easily track it.
[1] https://review.opendev.org/c/starlingx/integ/+/864310
TEST PLAN:
PASS: Bootstrap and host-unlock on AIO-SX, AIO-Duplex, Standard
PASS: Bootstrap and host-unlock on DC system-controller and subcloud
PASS: Verify sysinv.log and confirm no error occurs in RPC communication
PASS: Perform system cli commands that interacts with sysinv RPCs:
- system host-cpu-max-frequency-modify
- system license-install
- system storage-backend-add ceph-external
- system host-swact
PASS: Backup & Restore on AIO-SX
PASS: Bootstrap replay (updating mgmt and cluster subnet) on AIO-SX
PASS: Platform upgrade on AIO-DX (22.06 -> 22.12)
PASS: Platform upgrade on AIO-DX+ (22.06 -> 22.12)
PASS: Platform upgrade on AIO-SX (22.06 -> 22.12)
Depends-On: https://review.opendev.org/c/starlingx/tools/+/859576
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/859575
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/862609
Story: 2010087
Task: 46444
Change-Id: I5cd61b541a6d8c62628a0f99db0e35af1eae5961
Signed-off-by: Alyson Deives Pereira <alyson.deivespereira@windriver.com>
Signed-off-by: Eduardo Juliano Alberti <eduardo.alberti@windriver.com>
This commit updated platform services' sysinv puppet plugins to
generate proper admin_url hiera data to enable https for these endpoints
during controller unlock.
This commit also updated controller_config to copy and install dc admin
endpoint CA cert and haproxy cert for the second controller.
Change-Id: I21345a96f8a0ffb416069ff28dbcfa51b9e12359
Story: 2007347
Task: 39314
Signed-off-by: Andy Ning <andy.ning@windriver.com>
nova, neutron, swift and heat are not installed on bare metal
and do not need to be configured through puppet plugins.
The storage hiera data being calculated in the nova plugin has been
moved to the storage puppet plugin.
Change-Id: Icb1cf333292e17230f871b5227bde9e2ca8ad287
Story: 2004515
Task: 36183
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
- Removed the sysinv puppet cinder operator.
- Updated all puppet operators that referenced cinder, those
operators are likely to be removed as well.
- Removed all cinder service parameters.
- Cleaned up some requirements warnings from tox.
- Removed any unused constants that seemed related to cinder
that were not being referenced anywhere in the code.
Note: the code related to cinder storage backend remains.
This will be cleaned up as part of shared services and
distributed cloud cleanup and re-implementation.
Change-Id: I3861f5e48d2fd89fdfd33b9c1431d8fdc7ed05ce
Story: 2004764
Task: 33614
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Magnum is no longer packaged on bare metal.
The sysinv and upgrades code related to magnum has been removed.
The helm configuration for magnum remains, although it is not currently
supported in containers either. The magnum-ui is not installed in
platform or containerized horizon so the code to enable it is removed.
Some upgrade code remains, due to the fact that that utility is
in the process of being re-written.
Story: 2004764
Task: 34333
Change-Id: I56873b4e04aac2e7d0cd57909beea00ecc2c1b9a
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Barbican service is needed during bootstrap phase for StarlingX.
Implement bootstrap and runtime manifests to achieve that.
Change-Id: I6c22ebddacf8aec3a731f7f6d7a762f79f511c78
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Support bare metal and pod based keystone in sysinv. The existing
keystone_authtoken section of sysinv.conf remains and is used for
platform service authentication, while openstack service authentication
parameters are moved to a new openstack_keystone_authtoken section.
Admin credentials are used in the new openstack_keystone_authtoken
section and the region name parameters are also moved to this new
section.
Change-Id: I7a53dd5a2dc52213e0f1e0cc748649a33f0f9f40
Story: 2002876
Task: 26926
Signed-off-by: Kevin Smith <kevin.smith@windriver.com>
Fabiano Correa Mercer