Update #1
Merged
Update #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Remove error return from a function that cannot fail * Hoist provider generation
Get the new ServerGroupID of OpenstackProviderSpec
This places the Control Plane servers in a Server Group that enforces "soft anti-affinity" policy. "Soft anti-affinity" will cause Nova to create VMs on separate hosts, if that is possible. Implements OSASINFRA-1300
Inline single-action function, optimize for readability
When the cloud doesn't have support for trunk ports, we should not try to delete them.
The UPI documentation recommends keeping the worker Machineset in case the user wants to create compute machines via the machine API. However, the Machineset won't work unless the `image` property is updated to the user-defined value. This change adds a recommendation to update the OS image in case the user wants to use the installer-provisioned Machineset.
Now we generate terraform config and create resources for OpenStack first, and only then we create the metadata.json file. In case the resources were not created because of an error, we get garbage in the system. And the installer cannot remove it because the metadata file has not been generated yet. This commit creates the file before the generation of terraform config.
For the baremetal platform, we need to know where the images are in order to mirror them. Especially for IPv6 environments where we may not have outbound internet access to download the images. Typically, we download the rhcos.json from the sha reported by `openshift-install version` but this doesn't work in CI, where PR's are always rebased on master and the sha reported doesn't exist on GitHub. This is a temporary workaround until the machine OS content is part of the release image itself.
A vSphere IPI install requires that the installer host have the vCenter's CA certificates. This commit adds the CA certs to the UPI image's system trust in order to enable CI for IPI installs.
images/baremetal: save rhcos.json in container image
Add vCenter CA to UPI CI image.
Add the AWS CLI to the UPI image for use in the upi templates (which install the cli through pip) and the VSphere IPI template. These commands are the same as used by the OpenStack Dockerfile.
Bug 1814593: OpenStack: Allow destroying cluster without trunk ports
openstack: soft-anti-affinity policy for CP
Bug 1815133: osp UPI machineset OS image name
Add AWS CLI to UPI image.
bug 1759617: vendor: bump tf provider aws to v2.54.0
Bug 1812950: generate metadata before tfvars
Now we support http(s) schemes only, but for disconnected installs it's very convenient to specify the local file path to the image file. This commit adds "file" scheme support, so users can set the location as "file:///path/to/image".
Now we create the server group in OpenStack Machines asset, but it is called twice: from Bootstrap Ignition Config and from Terraform Variables. It leads to the fact that we create two server groups during installation. This commit makes the server group creation idempotent.
Bug 1816995: OpenStack: create server group only once
The documentation was not clear as to where the path for "cacert" was relative to.
openstack: Detail the clouds.yaml cacert option
OpenStack: support "file" scheme for custom os image urls
Update Kuryr known limitations
GCP UPI: document how to install into a Shared VPC
This change documents how to add custom tags to the bootstrap, master, and worker nodes at install time. This will enable users with custom firewall rules to use previously known tags to enable communications to their cluster.
vsphere ipi: set vm name to extra config - guestinfo.hostname
gcp upi: document how to tag the masters and workers
OpenStack: Docs: Fix a typo in the property name
This commit ensures we rely on the openstackcli instead of ansible modules for UPI.
…penstackcli Bug 1819132: Convert ansible module to openstackcli
Add information about the number of amphora VMs created, as well as fixing the typo for CGO_ENABLED Fix issue: #2373
…ied to BootstrapOSImage and ClusterOSImage fields added new validation rule to wrap existing url sanity checks on BootstrapOSImage and ClusterOSImage fields
Bug 1817201: Fix intermittent deprovision loop on NoSuchHostedZone error
baremetal: Validate os images exist
Use the existing server group, if it exists with the target name. Also convert the call from HTTP to openstackclient for consistency.
* Normalise title hierarchy * Incorporate Glance instructions into the flow * TLS public certificates are not sensitive data
Now if the function fails, we stop the installation immediately, but it's better to retry several times before finally stopping the installation.
Bug 1819320: os UPI Idempotent server group create
Enhancements to Kuryr documentation
openstack UPI: Small documentation fixes
As of OpenShift 4.4.0, the "router-ca" configmap is deprecated, and the "default-ingress-cert" configmap should be used instead. * cmd/openshift-install/create.go (addRouterCAToClusterCA): Replace use of "router-ca" with use of "default-ingress-cert". Return not-found errors to caller. * docs/user/troubleshooting.md: Update references to "router-ca".
…ter-ca Use "default-ingress-cert", not "router-ca"
Looks like image import is not configured well on our testing cloud, which leads to the uploading error. We have to temporary disable image import in the installer until the cloud is fixed.
OpenStack: Temporary disable image import
This allows someone installing OpenShift to slip in a ConfigMap that keeps cloud-credential-operator from ever starting up. The process would look like: openshift-install create manifests create YAML for CCO Configmap for namespace/name: openshift-cloud-credential-operator/cloud-credential-operator-config openshift-install create cluster When the CCO render command sees the ConfigMap indicating that it should be disabled, it will not render the bootstrap Pod manifest, and the ConfigMap will make it into the cluster so the in-cluster CCO will also not attempt to run.
This commit creates a new asset to perform platform validation specifically for cluster creation. This is useful for when UPI and IPI install configs may have different requirements. In the case of vSphere, IPI requires cluster and VIPs but these are optional in UPI. IPI requires the following fields which are optional for UPI: - Network - Cluster - APIVIP - IngressVIP - DNSVIP
Generated with: $ openshift-install graph | dot -Tsvg >docs/design/resource_dep.svg using: $ dot -V dot - graphviz version 2.40.1 (0)
pass the manifests-dir param to CCO render
Bug 1816155: OpenStack: Add retries to DeleteGlanceImage
vSphere: Add IPI-specific validation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.