From f72d17c637c874ae9dcf05db941e13410604f77b Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 23 Aug 2023 12:12:47 -0400 Subject: [PATCH] Switch OSP default to 17.1 * Update README and add RHEL versions table * Move telco examples to 17.1 * Add new example for 16.2 * Updade vars defaults and add some doc too for storage on RHEL9 * Skip some tasks in prepare_host for RHEL9 * Add `ntp_server` parameter (with a safe default when not using RHSM) for deploying with a specific NTP. * Handle the RH container registry login when deploying Ceph. Unfortunately, `redhat_registry_credentials` is now a dict with mandatory `username` and `password` fields. --- README.md | 10 +++++- .../local-overrides-osp16-2-with-dpdk.yaml | 9 ----- ...=> local-overrides-osp17-1-with-dpdk.yaml} | 0 ...verrides-osp17-1-with-sriov-and-dpdk.yaml} | 0 ...> local-overrides-osp17-1-with-sriov.yaml} | 0 ...cal-overrides-rhel8_4-tripleo-osp16-2.yaml | 15 +++++++++ playbooks/prepare_host.yaml | 2 ++ playbooks/roles/ceph/tasks/main.yaml | 21 ++++++++++++ .../templates/standalone_parameters.yaml.j2 | 5 ++- playbooks/vars/defaults.yaml | 33 ++++++++++++------- 10 files changed, 72 insertions(+), 23 deletions(-) delete mode 100644 example-overrides/local-overrides-osp16-2-with-dpdk.yaml rename example-overrides/{local-overrides-osp16-2-with-pcipassthrough.yaml => local-overrides-osp17-1-with-dpdk.yaml} (100%) rename example-overrides/{local-overrides-osp16-2-with-sriov-and-dpdk.yaml => local-overrides-osp17-1-with-sriov-and-dpdk.yaml} (100%) rename example-overrides/{local-overrides-osp16-2-with-sriov.yaml => local-overrides-osp17-1-with-sriov.yaml} (100%) create mode 100644 example-overrides/local-overrides-rhel8_4-tripleo-osp16-2.yaml diff --git a/README.md b/README.md index c9d3976..8f42e0a 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,15 @@ dev-install requires that: * the machine running dev-install can SSH to the standalone host as either root or a user with passwordless sudo access * this machine has Ansible installed, and some dependencies like python3-netaddr. -For OSP 16.2, the recommended OS is RHEL 8.4. For OSP 17, the recommended RHEL will be 9. +You need to deploy the right RHEL version depending on which OSP version you want: + +| OSP version | RHEL Version | +|--------------|--------------| +| 16.2 | 8.4 | +| 17.1* | 9.2 | + +> * Current default in dev-install + There is no need to do any other configuration prior to running dev-install. When deploying on TripleO from upstream, you need to deploy on CentOS Stream. If CentOS is not Stream, dev-install will migrate it. diff --git a/example-overrides/local-overrides-osp16-2-with-dpdk.yaml b/example-overrides/local-overrides-osp16-2-with-dpdk.yaml deleted file mode 100644 index a452699..0000000 --- a/example-overrides/local-overrides-osp16-2-with-dpdk.yaml +++ /dev/null @@ -1,9 +0,0 @@ -dpdk_interface: enp130s0f0 -kernel_args: "default_hugepagesz=1GB hugepagesz=1G hugepages=128 iommu=pt intel_iommu=on isolcpus=4-47" -tuned_isolated_cores: "4-47" -extra_heat_params: - NovaComputeCpuDedicatedSet: ['6-47'] - NovaReservedHostMemory: 4096 - NovaComputeCpuSharedSet: [0,1,2,3] - OvsDpdkSocketMemory: "4096,4096" - OvsPmdCoreList: "4,5" diff --git a/example-overrides/local-overrides-osp16-2-with-pcipassthrough.yaml b/example-overrides/local-overrides-osp17-1-with-dpdk.yaml similarity index 100% rename from example-overrides/local-overrides-osp16-2-with-pcipassthrough.yaml rename to example-overrides/local-overrides-osp17-1-with-dpdk.yaml diff --git a/example-overrides/local-overrides-osp16-2-with-sriov-and-dpdk.yaml b/example-overrides/local-overrides-osp17-1-with-sriov-and-dpdk.yaml similarity index 100% rename from example-overrides/local-overrides-osp16-2-with-sriov-and-dpdk.yaml rename to example-overrides/local-overrides-osp17-1-with-sriov-and-dpdk.yaml diff --git a/example-overrides/local-overrides-osp16-2-with-sriov.yaml b/example-overrides/local-overrides-osp17-1-with-sriov.yaml similarity index 100% rename from example-overrides/local-overrides-osp16-2-with-sriov.yaml rename to example-overrides/local-overrides-osp17-1-with-sriov.yaml diff --git a/example-overrides/local-overrides-rhel8_4-tripleo-osp16-2.yaml b/example-overrides/local-overrides-rhel8_4-tripleo-osp16-2.yaml new file mode 100644 index 0000000..c522404 --- /dev/null +++ b/example-overrides/local-overrides-rhel8_4-tripleo-osp16-2.yaml @@ -0,0 +1,15 @@ +standalone_host: +public_api: +virt_release: 8.4 +rhsm_repos: + - advanced-virt-for-rhel-8-x86_64-rpms + - ansible-2.9-for-rhel-8-x86_64-rpms + - fast-datapath-for-rhel-8-x86_64-rpms + - openstack-16.2-for-rhel-8-x86_64-rpms + - rhceph-4-tools-for-rhel-8-x86_64-rpms + - rhel-8-for-x86_64-appstream-eus-rpms + - rhel-8-for-x86_64-baseos-eus-rpms + - rhel-8-for-x86_64-highavailability-eus-rpms +rhsm_method: "portal" +rhsm_release: 8.4 +rhsm_container_tools_version: '3.0' diff --git a/playbooks/prepare_host.yaml b/playbooks/prepare_host.yaml index d76924c..129f436 100644 --- a/playbooks/prepare_host.yaml +++ b/playbooks/prepare_host.yaml @@ -41,10 +41,12 @@ ansible.builtin.shell: | dnf module disable -y container-tools:rhel8 dnf module enable -y container-tools:"{{ rhsm_container_tools_version }}" + when: ansible_distribution_major_version | int < 9 - name: Install virt module # noqa no-changed-when ansible.builtin.shell: | dnf module disable -y virt:rhel dnf module enable -y virt:"{{ virt_release }}" + when: ansible_distribution_major_version | int < 9 - name: Prepare host on RHEL system with rhos-release when: diff --git a/playbooks/roles/ceph/tasks/main.yaml b/playbooks/roles/ceph/tasks/main.yaml index 25b905d..fd5aab3 100644 --- a/playbooks/roles/ceph/tasks/main.yaml +++ b/playbooks/roles/ceph/tasks/main.yaml @@ -14,6 +14,25 @@ containers_prep: "{{ ansible_env.HOME }}/containers-prepare-parameters.yaml" deployed_ceph: "{{ ansible_env.HOME }}/deployed_ceph.yaml" + - name: Login into registry.redhat.io + become: true + when: + - rhsm_enabled + block: + - name: Create /run/containers/0/ directory + ansible.builtin.file: + path: /run/containers/0/ + state: directory + mode: '0755' + owner: root + group: root + - name: Login to registry.redhat.io and create /run/containers/0/auth.json + containers.podman.podman_login: + username: "{{ redhat_registry_credentials.username | ansible.builtin.mandatory }}" + password: "{{ redhat_registry_credentials.password | ansible.builtin.mandatory }}" + registry: registry.redhat.io + authfile: /run/containers/0/auth.json + - name: Configure Storage Network ansible.builtin.include_tasks: storage-network.yml vars: @@ -104,6 +123,8 @@ tripleo_ceph_deploy_generate_scripts: true tripleo_ceph_deploy_network_data: "{{ network_data }}" tripleo_ceph_deploy_cluster_network_name: storage + tripleo_ceph_deploy_with_ntp: "{{ ntp_server is defined | ternary(true, false) }}" + tripleo_ceph_deploy_ntp_server: "{{ ntp_server | default(omit) }}" - name: Add ceph to enabled services ansible.builtin.set_fact: diff --git a/playbooks/templates/standalone_parameters.yaml.j2 b/playbooks/templates/standalone_parameters.yaml.j2 index 990208f..0cbbd55 100644 --- a/playbooks/templates/standalone_parameters.yaml.j2 +++ b/playbooks/templates/standalone_parameters.yaml.j2 @@ -140,9 +140,12 @@ parameter_defaults: AdminPassword: {{ admin_password }} {% endif %} {% if rhsm_enabled %} +{% if ntp_server is defined %} + NtpServer: {{ ntp_server }} +{% endif %} ContainerImageRegistryCredentials: registry.redhat.io: - {{ redhat_registry_credentials | mandatory }} + {{ redhat_registry_credentials.username | ansible.builtin.mandatory | ansible.builtin.quote }}: {{ redhat_registry_credentials.password | ansible.builtin.mandatory | ansible.builtin.quote }} ContainerImageRegistryLogin: true {% endif %} {% if ssl_enabled %} diff --git a/playbooks/vars/defaults.yaml b/playbooks/vars/defaults.yaml index edbeddd..963108f 100644 --- a/playbooks/vars/defaults.yaml +++ b/playbooks/vars/defaults.yaml @@ -1,5 +1,5 @@ --- -rhos_release: 16.2 +rhos_release: 17.1 hostname: standalone clouddomain: shiftstack @@ -133,8 +133,9 @@ tripleo_repos_repos: ceph_enabled: true # List of devices to use for ceph. If unset, we use a loop device instead. +# NOTE: on RHEL 9, this has to be a list of disk paths, and not /dev/sdX. # ceph_devices: -# - /dev/sdc +# - /dev/disk/by-path/pci-0000:45:00.0-ata-3 # Size of the loop device that will be # used for Ceph (in GB). @@ -207,22 +208,24 @@ rhsm_enabled: false # to false. rhsm_ephemeral: true rhsm_repos: - - advanced-virt-for-rhel-8-x86_64-rpms - - ansible-2.9-for-rhel-8-x86_64-rpms - - fast-datapath-for-rhel-8-x86_64-rpms - - openstack-16.2-for-rhel-8-x86_64-rpms - - rhceph-4-tools-for-rhel-8-x86_64-rpms - - rhel-8-for-x86_64-appstream-eus-rpms - - rhel-8-for-x86_64-baseos-eus-rpms - - rhel-8-for-x86_64-highavailability-eus-rpms + - rhel-9-for-x86_64-baseos-eus-rpms + - rhel-9-for-x86_64-appstream-eus-rpms + - rhel-9-for-x86_64-highavailability-eus-rpms + - openstack-17.1-for-rhel-9-x86_64-rpms + - fast-datapath-for-rhel-9-x86_64-rpms + - rhceph-6-tools-for-rhel-9-x86_64-rpms rhsm_method: "portal" -rhsm_release: 8.4 +rhsm_release: 9.2 +# Note: to install 16.1 on RHEL 8.2, you need rhsm_container_tools_version set to "2.0" +# For OSP 16.2 on RHEL 8.4, you need "3.0". rhsm_container_tools_version: '3.0' # Note: to install 16.1 on RHEL 8.2, you need virt_release set to "8.2" # For OSP 16.2 on RHEL 8.4, you need "av". virt_release: av # Red Hat Registry credentials have to be set when deploying OSP on RHEL -# redhat_registry_credentials +# redhat_registry_credentials: +# username: joe +# password: secrete # Edge parameters # The central site must be named "central", otherwise for other AZs it's up to the user. @@ -233,6 +236,7 @@ dcn_services: # A list of block devices which will be combined and used as ephemeral local # storage +# NOTE: on RHEL 9, this has to be a list of disk paths, and not /dev/sdX. ephemeral_storage_devices: [] # Whether or not we want OVN to be enabled @@ -252,3 +256,8 @@ neutron_mtu: 1400 ctlplane_mtu: "{{ neutron_mtu | int + 100 }}" hostonly_mtu: "{{ neutron_mtu | int + 100 }}" public_mtu: "{{ ctlplane_mtu | int + 100 }}" + +# This is a safe default value for NTP server. +# Usually people don't use RHSM when deploying from the internal RH network, but use +# the puddles; so they'll get our internal NTP server. +ntp_server: "{{ rhsm_enabled | ternary(omit, 'clock.redhat.com') }}"