As Kuryr is removed the creation of trunks for the machines
is not a requirement anymore. To reduce the amount of
resources we manage by default, let's avoid creating it as is
not a requirement. This commit will disable trunk creation by default
and let the user enable trunk by modifying the generated Machine manifests.
Also, the terraform support for creation of Machines with Trunk is being
removed.
Avoid the duplication of configuring the client in multiple locations.
It also gives us a single point to start configuring a user agent for
the installer.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This commit adds dual stack support with bring your own network
for OpenStack platform. The new ControlPlanePort field accepts IPv4/IPv6
subnets and the network in the install config, while the machinesSubnet
only supports IPv4 Subnets and is deprecated.
We introduced a TechPreview of OpenStack network failure domains in 4.13
that is now incompatible with the new control-plane-machine-set.
With this change, we remove the experimental implementation of network
failure domains to prepare for the control-plane-machine-set
implementation.
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Pierre Prinetti <pierreprinetti@redhat.com>
When using dual-stack installations the user needs to pre-create
the api and ingress port given OpenStack does not allow direct
assignment of addresses when using slaac/stateless, consequently
the installer can't create those. This commit adds support to tag
those Ports, assign security groups to them, attach the Floating IP
when needed and allow clean up of resources.
Distribute Control plane machines across user-defined failure domains.
This feature is being release under a TechPreviewNoUpgrade FeatureSet.
Failure domains can be defined in the `controlPlane` machine-pool of
`install-config.yaml` as follows:
```yaml
controlPlane:
name: master
platform:
openstack:
type: ${CONTROL_PLANE_FLAVOR}
failureDomains:
- computeAvailabilityZone: 'nova-1'
storageAvailabilityZone: 'cinder-1'
portTargets:
- id: storage
network:
id: 8db6a48e-375b-4caa-b20b-5b9a7218bfe6
- computeAvailabilityZone: 'nova-2'
storageAvailabilityZone: 'cinder-2'
portTargets:
- id: storage
network:
id: 39a7b82a-a8a4-45a4-ba5a-288569a6edd1
- computeAvailabilityZone: 'nova-3'
storageAvailabilityZone: 'cinder-3'
portTargets:
- id: storage
network:
id: 8e4b4e0d-3865-4a9b-a769-559270271242
```
Each `failureDomains` entry can take an optional
`computeAvailabilityZone` string, an optional `storageAvailabilityZone`
string, and an optional `portTargets` array.
Each `portTargets` entry requires an arbirtary `id`, which must be unique per
`failureDomain`. If `id` is exactly `control-plane`, then that
`portTarget` is used instead of the default primary subnet (or instead
of `machinesSubnet` if defined) as the first machine network.
Each `portTargets` entry takes an optional `network` object and an
optional `fixedIPs` array (not represented in the example).
The `network` object taks an optional `name` string and an optional `id`
string. `name` is ignored if `id` is passed.
Each `fixedIPs` entry takes a `subnet` object which syntax is [defined
in the `machinev1alpha1` spec as
`SubnetFilter`](d170fcdc0f/machine/v1alpha1/types_openstack.go (L230-L281)).
Note that unless an external load balancer is used, `portTargets` with
id `control-plane` must all have one single subnet and must all refer to
the same OpenStack subnet. As a consequence, the result will be similar
as setting a `machinesSubnet`, except that Compute nodes will not
follow.
With this change, Compute nodes within each MachineSet are automatically
created in a Server group, with a default policy of
"soft-anti-affinity".
With this change, a "serverGroupPolicy" can be set in install-config, on
the worker MachinePool and/or in the platform default.
Implements OSASINFRA-2570
Co-Authored-By: Matthew Booth <mbooth@redhat.com>
Prior to this change, the Control plane nodes are created in a server
group with the hardcoded policy "soft-anti-affinity".
This change adds a new configuration knob in the OpenStack-specific
MachinePool configuration of `install-config.yaml`.
The new property `controlPlane.platform.openstack.serverGroupPolicy`
defines the policy that will be applied to the Control Plane server
group.
Acceptable values are:
* `affinity`
* `anti-affinity`
* `soft-affinity`
* `soft-anti-affinity`
Defaults to `soft-anti-affinity`, to match the previous hardcoded
behaviour.
Validation will fail if the property is set on the Compute MachinePool.
Add Proxy config to the bootstrap ignition, so in the case of
a disconnected install using a local proxy, ignition will be able to go
through the proxy.
Co-Authored-By: @mandre
Co-Authored-By: @pierreprinetti
Signed-off-by: Emilien Macchi <emilien@redhat.com>
This commit explicitly disables reading auth data from env variables
by setting an invalid EnvPrefix. By doing this, we make sure that the
data from clouds.yaml is enough to authenticate.
After this change we don't have to unset OS_CLOUD env variable explicitly
anymore.
Ref https://issues.redhat.com/browse/OSASINFRA-2152
In the OpenStack platform, the primary subnet is where a node's kubernetes endpoints are published.
Right now, we set this with a tag in OpenStack. Due to some users having restrictions on tagging
resources, and this being a difficult user interface, we added a way to modify this value in the
machine api. We still fully support setting this value with tagging for backwards compatibility
reasons. In this patch, we update the installer code to set the primarySubnet using the MachineSpec.
ClusterOSImageProperties is a list properties to be added
to the installer-uploaded ClusterOSImage in Glance.
The default is to not set any properties.
Co-Authored-By: Martin André <m.andre@redhat.com>
Previously we validate overriden Glance images during generation
of tfvars variables. This is not a correct place to do it, so we
implemented the check in the "validation" module:
https://github.com/openshift/installer/pull/3964
To prevent code duplication we should remove the legacy code.
Now we use cloud name not from the install config, which is set by
the user, but from master specs, where it is hardcoded to 'openstack'.
This patch starts using the value from the install config.
Following suit with AWS, OpenStack is adding support for custom AZs
for installer machine pools. Users can pass a list of zones to use
and the nodes in that machine pool will be spread across them.
To make the user experience more cohesive, we are adding this feature to
allow users to pass a floating IP to be attached to the ingress port. This
mirrors the way users add the floating ip for the API port.
Now we defining these parameters in installconfig module, and then
passing them to tvfars as a part of platform configuration.
It's better to define them in the tvfars directly.
In the case of multiple added networks the tag
<infraID>-primaryClusterNetwork should allow
cluster-api-provider-openstack to define which
IP address to set as the primary one for machines.
Now CAPO can't do this, because Neutron returns the
list of networks in alphabetical order.
Users want to re-use and customize their networking infrastructure during IPI
installs, so to enable them, we are allowing them to pass custom subnets to the
installer.
Now we support http(s) schemes only, but for disconnected installs
it's very convenient to specify the local file path to the image file.
This commit adds "file" scheme support, so users can set the location as
"file:///path/to/image".
This places the Control Plane servers in a Server Group that enforces
"soft anti-affinity" policy.
"Soft anti-affinity" will cause Nova to create VMs on separate hosts, if
that is possible.
Implements OSASINFRA-1300
We need to obtain the service catalog in several places inside the code,
but each time we expect that project_name is specified in the clouds.yaml,
and if it's not there, installation fails.
In general it's not necessary and users can specify just project_id instead
of the name.
This commit updates the service catalog downloading functions by removing
this restriction.
