Remove configutilities and move what is being used in other components
to controllerconfig.
Tested with a clean install on AIO-DX and running config_controller.
With the StarlingX move to supporting pure upstream OpenStack, the
majority of the SDK Modules are related to functionality no longer
supported. The remaining SDK Modules will be moved to StarlingX
documentation.
Story: 2005275
Task: 30262
Change-Id: Ie496548dfc6efee677a501c98c227c586df0a7d6
Signed-off-by: Kristine Bujold <kristine.bujold@windriver.com>
LAG mode 2 should be supported because AE balanced mode
should be supported for the cluster-host interface. Thus
the supported_lag_mode for cluser network should be
[1, 2, 4].
Co-Authored-By: Huifeng Le<huifeng.le@intel.com>
Change-Id: I0b81c963705820a9fec6225dac1cee2a14bbe030
Closes-Bug: #1819738
Story: #2004273
The following changes are required to enable system
controller and sub cloud configuration in a distributed
cloud environment:
* Remove references to os-keystone-region-name as the
openstack patches that support it, have been removed.
* Change the iptables rule for the NAT entry, to only
apply, if the selected outgoing interface is the
OAM interface.
* Configure keystone endpoints, before configuring
openrc on subclouds
* Remove all openstack services, and users from the region
config and update the tox
* Disable nova, cinder and neutron api proxy
Only tested distributed cloud configuration as multi-region
configuration is not supported in the current release.
Story: 2004766
Task: 30017
Change-Id: I5c43e2112f34225aa9e23ff777c5333ae77efcdc
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Currently docker images were pulled from public registries during
config_controller. For some users, the connection to the public
docker registry may be slow such that installing the containerized
services images may timeout or the system simply does not have
access to the public internet.
This change allows users to specify alternative public/private
registries to replace k8s.gcr.io, gcr.io, quay.io and docker.io.
Insecure registry is supported if all default registries were
replaced by one unified registry. It lowers the complexity for
those who build his own registry without internet access.
Docker doesn't support ipv6 addr as registry name, instead
hostname or domain name in ipv6 network is allowed.
Test:
AIO-SX/AIO-DX/Standard(2+2):
Alternative public registry (ipv4/domain) with proxy
- config_controller pass
Private registry (ipv4/ipv6/domain) without internet
- config_controller pass
Default registry with/without proxy
- config_controller pass
Story: 2004711
Task: 28742
Change-Id: I4fee3f4e0637863b9b5ef4ef556082ac75f62a1d
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
the configuration validator will switch the .ini configuration file to
a temp configuration file(/tmp/config/cgcs_config).
this patch fixed the wrong format of NO_PROXY under section DOCKER_PROXY
in the temp configuration file.
Closes-bug: 1814833
Change-Id: I347ef37a92676fa74548846c95a730b86cc25337
Signed-off-by: SidneyAn <ran1.an@intel.com>
The pylint checks that fail are being suppressed.
Those checks will be fixed and un-suppressed in later commits.
Story: 2004515
Task: 29298
Change-Id: Iacc18da64ed5e2d82ff2f3e64368c9b4a94bb1d5
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Current config_controller for containerization pulls kubernetes
images from public container registry. This requires controller
to access internet. If a host network is behind a proxy, there
is no chance to setup docker proxy configuration during config_
controller, therefore, kubernetes images are not accessible.
Docker proxy configuration questions were added to require users
input http/https proxy and no proxy settings. The docker proxy
configurations are added to service_parameter table in sysinv.
http-proxy.conf is the proxy info file required by docker daemon,
generated by docker puppet manifest. It consists of the user
input docker proxy configuration.
Tests:
AIO-SX: public k8s images accessible
AIO-DX: public k8s images accessible
AIO-SX without k8s config: config_controller successfully
Story: 2004710
Task: 28741
Change-Id: Ie273ad77338cdec496c5d05bf3e05baa83166626
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
In kubernetes deployments, a DNS server is required to locate
the registry servers used to download the kubernetes images.
Currently, when config_controller is run, the 8.8.8.8
nameserver is used, with no way to change it. Some users
need to specify their own name server to be used during
the execution of config_controller.
This change allows the user to specify up to three DNS
servers when running config_controller interactively or with
a config file. If using a config file, add the following
section to the config file (only one nameserver is required,
but up to three are allowed):
[DNS]
NAMESERVER_1=8.8.8.8
NAMESERVER_2=8.8.4.4
NAMESERVER_3=9.9.9.9
Change-Id: I59556138a11c6f627f45886a2da6b8a1ad9d89e1
Closes-bug: 1812449
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
Barbican service is needed during bootstrap phase for StarlingX.
Implement bootstrap and runtime manifests to achieve that.
Change-Id: I6c22ebddacf8aec3a731f7f6d7a762f79f511c78
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Up the configutilities version (3.1.0) after adding pxeboot dhcp addr
range in the config_gui.
Depends-On: https://review.openstack.org/#/c/625337/
Story: 2004584
Task: 28825
Change-Id: Iea1b2c113153df0438f8625a866e833bfca40382
Signed-off-by: Bin Qian <bin.qian@windriver.com>
The Kubernetes cluster network is introduced and configurable.
The cluster-host interface can be configured on any interface of the
host and is defaulted to the management interface if it is not
specified.
The infrastructure network is no longer used in kubernetes config.
SM and MTCE are setup to monitor the cluster-host if kubernetes is
enabled.
Nova live migration ip is set to use the cluster-host ip.
Tests Performed:
Containerized setup:
AIO-SX: mgmt and cluster-host shared loopback interface
AIO-DX: mgmt and cluster-host shared an interface
AIO-DX: mgmt and cluster-host on different interface
Standard 2+2+2: mgmt and cluster-host shared an interface
Standard 2+2+2: mgmt and cluster-host on different interface
For each of the setup, launch VM and connect to VM console
Non-containerized deployments
AIO-SX sanity
AIO-DX sanity
Standard 2+2 sanity
Story: 2004273
Task: 27826
Change-Id: If6b918665131f01bc62687fbdc7978c5c103e3b7
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Replace filter(lambda obj: test(obj), data) with
[obj for obj in data if test(obj)]
Story: 2003433
Task: 28380
Change-Id: I69262226bb454319be6b3d2a1c3c64bb7bb3357c
Signed-off-by: Sun Austin <austin.sun@intel.com>
hacking and flake8 have compatability issues.
By specifying the version of hacking to be the same
as what other openstack components are using, we
clamp the version of flake8 and allow for reliable
hacking checks.
Change-Id: I8ab1543c030439903d99fffec1a9e3a264f20a80
Story: 2004515
Task: 28571
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This commit related modules during controller config. It removes
a) the "link capacity" option of inputs/config file when
config_controller run.
b) "link_speed" generation and validation in configfiletool and
config_validator.
c) related unit test.
Tests conducted:
a) run '$sudo config_controller' and input configuration.
b) run 'python configfiletool.py' to generate config.ini in local
run '$sudo config_controller --config-file config.ini' on
controller.
Impact: compatibility with old *.ini configure file.
Closes-bug: 1805320
Change-Id: Ie96318357d5598be129567884ee662e991d46466
Signed-off-by: SidneyAn <ran1.an@intel.com>
and remove 'H233 Python 3.x incompatible use of print operator'
pep8/flake8 ignore case in cgts-client and sysinv tox setup
enable flake8 hacking and ignore some case and fix it later for
those ignore case.
Story: 2003433
Task: 24629
Change-Id: I0dfc4c17681dd9b0042a4277b7956d270eb73495
Signed-off-by: Sun Austin <austin.sun@intel.com>
1. Add the new barbican DB and barbican user.
2. Support DB backup/restore and upgrades for barbican.
3. Configure barbican user and password in region config.
4. Provide Barbican configuration with appropriate data via SysInv.
5. Setup Barbican thru puppet manifests.
There are three main services that need to be configured:
- Barbican API: a RESTful API for managing secrets.
- Barbican Worker: a RPC interface for Barbican API.
- Barbican Keystone Listener: a service for Keystone changes.
Also, HA Proxy and Firewall need to be updated with Barbican port (9311)
as well as Remote Logging manifest to allow Barbican log collection.
Change-Id: I6b0b0c90456627bebde2b834b339bc968100b6f9
Story: 2003108
Task: 27700
Depends-On: I2667d56a71b7d3881c03b6a5c1e5ed61d4f0b902
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Prior to kubernetes integration, the nova-api-proxy
communicated with the VIM using port 30003 on the loopback
address. This worked fine when both the nova-api-proxy and
the VIM were running on bare metal.
When nova-api-proxy is running in a pod, it
cannot use the loopback address to communicate with the VIM,
since the loopback address is local to the pod. The
nova-api-proxy pod will instead use the floating management
address (which is present on all systems) to communicate with
the VIM. The problem is that on AIO simplex systems, the
floating management address is also in the loopback subnet.
The fix for this is to use a non-loopback address for
management on AIO simplex systems. This required changes to
configuration scripts/utilities to allow the user to
specify the management subnet on AIO simplex systems,
instead of hardcoding it to a loopback address.
Change-Id: I26c15657471f8214e628c6d43eaab07eb8e744ec
Story: 2003910
Task: 28061
Depends-on: Ib7c08bfc1c661a9fb347308e55cc806b4dd129ad
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
The new flake8 version 3.6.0 introduces new warnings that cause
the check and gate jobs to fail. Locking down the flake8 version
to avoid these surprises in the future. We can later increment
the flake8 version and fix the new warnings in a controlled
manner.
Change-Id: Iced6ff91591616ade3c5cd5b0dd67f310227bdc9
Partial-Bug: 1799721
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
This update adds hooks to the spec files for the following packages
to generate wheels for the python modules:
- configutilities
- controllerconfig
- cgts-client
- sysinv
Change-Id: I340db4c6516c9bf8badbdd0ecdcf61670e168aea
Story: 2003907
Task: 27524
Signed-off-by: Don Penney <don.penney@windriver.com>
This update allows management and infrastructure interface
to share the same interface without VLAN.
Removed the restriction that enforce a VLAN to be used.
Story: 2003087
Task: 23171
Change-Id: Ic50fa0cd388c664f3277681b4d87b63aeb0c6447
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Listed below are the errors which were fixed as well as the actions
taken to fix them:
" E124 closing bracket does not match visual indentation":
--> fix from ' "FM_SERVICE_TYPE": "faultmanagement",
})'
to ' "FM_SERVICE_TYPE": "faultmanagement",
})'
Story: 2003360
Task: 24857
Change-Id: I4d9081a0a9f96aabf50dc792480ea46c11f10d3c
Signed-off-by: SidneyAn <ran1.an@intel.com>
List of changes:
1.Remove all fault management (FM) database tables from sysinv DB
2.Remove all FM commands from sysinv REST API service
3.Remove all FM CLI commands from cgts client
4.Add FM user to config controller to support region config
5.Update backup restore to reference the new alarm database table
6.Update controller config test files and add the new FM user
7.Add a FM puppet module in order to manage configuration data and
database; to configure user, service and endpoint in Keystone
8.Add a FM puppet operator to populate FM and SNMP configuration data
9.Update NFV puppet to support FM endpoint configuration
10.Update haproxy manifest to support active-active FM API service
Story: 2002828
Task: 22747
Change-Id: I96d22a18d5872c2e5398f2e9e26a7056fe9b4e82
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Modified the configutils README to support Ubuntu installs again
Change-Id: Id3d2f2f745c42c15070a330bb5ec0b6607c8ec24
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
Task: 23080
Story: 2003044
Changes to config_controller to ensure user has left some mgmt network
address space for gateway(s), with appropriate warnings.
Story: 2002870
Task: 22820
Change-Id: Ib3f08d86e015cf614457b2284fe497b04caf5585
Signed-off-by: Jack Ding <jack.ding@windriver.com>
For Distributed Cloud, reduce minimum mgmt ip range upon subcloud add
from 8 to 5.
Story: 2002869
Task: 22819
Change-Id: I05e8ddfbf4adfe723d75a4553905bf05ea107a07
Signed-off-by: Jack Ding <jack.ding@windriver.com>
This commit integrates gnocchi as metric storage backend because of the
deprecation of ceilometer metering backend.
With gnocchi integrated, ceilometer api and collector processes are
removed, ceilometer agent nofitication and polling processes
are still running to collect and normalise data from other openstack
services. Ceilometer notification agent also has the responsiblity
to send samples to gnocchi backend through its gnocchi publisher and
events to panko backend.
Two gnocchi processes are introduced, gnocchi api is REST API service
and gnocchi metricd is for metric computing and gnocchi CLI is
supported to query measures/metric from gnocchi backend. Ceilometer
service and user still need to be registered in keystone, but stop
creating endpoints. Gnocchi is a seperate user/service in keystone and
run on active controller licensing on port 8041
Changes:
- puppet changes to add gnocchi user and endpoints to keystone, gnocchi
port to haproxy and firewall,
remote logging as well as other necessary configurations for gnocchi
- backup restore for gnocchi postgres db (except metric and resource
tables)
- sm changes to manage gnocchi processes through created lsb scripts
- support for multi-region setup
- distributed cloud - do not enable service and create endpoints for
gnocchi in system controller
- add gnocchi logs in syslog
- support no reboot patching for gnocchi processes
- add gnocchiclient in remote CLI
- add NotIn validation method in python-voluptuous which needed in
gnocchi
- collect scripts updates
- cleanup ceilometer api and collector in puppet configuration, sm,
service parameter, syslog, remotelogging, patch-restart-processes
- remote ceilometerclient from remote CLI
- remote openstack client changes for ceilometer CLI extensions
- remove ceilometer-api and ceilometer-collector packages from iso
Story: 2002825
Task: 22871
Depends-On: https://review.openstack.org/587419
Change-Id: Ia46c67eb6543c3694dff03435dc2b00fb2b760e5
Signed-off-by: Jack Ding <jack.ding@windriver.com>
The standby controller would potentially fail to boot while
attempting to PXE-boot when configured with a management LAG.
This commit determines the interface with the lowest slave MAC
address in an active_standby LAG configuration and assigns it
as the primary interface.
Story: 2002865
Task: 22814
Change-Id: I73f03cb9cb2fd632a1e64b4e7744e3be067318a4
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Ceph Cache Tiering feature is not supported anymore. This commit removes
all the code changes associated with the no longer supported Ceph Cache
Tiering. This implies: a. cache tiering cannot be configured on system
b. no ceph-caching host could be added c. no ceph-backing host could be
added d. ceph-caching/ceph-backing personality sub-type won't show up
when 'system host-show'/system host-add command is issued e.
ceph-caching/ceph-backing personality sub-type won't show up when host
is added/listed from horizon
Change-Id: Idd9daf0a258fe4deaf51d174414240cb0a359dde
Fix inefficient IP address validation code in config_controller so
large IP address ranges can be used. Also fix INI file validation
to prevent the configuration of an IPv6 management network without
a separate PXEBOOT network.
Change-Id: I87e1801092a35d74354b666e8ecd76cbf4d1e14c
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
Integrates the latest Open vSwitch with DPDK into the host management
and configuration framework and configures the default system
vswitch type to be ovs-dpdk.
Change-Id: If7ef2975e4b90ce84d170051f332f778a867a873
Signed-off-by: Matt Peters <matt.peters@windriver.com>