stackhpc · elelaysh · Dec 31, 2025 · Jan 5, 2026 · Feb 17, 2025 · Feb 18, 2025
@@ -87,8 +87,8 @@ Copy the relevant certificates into your kayobe-config:
    cd ${KAYOBE_CONFIG_PATH}/environments/$KAYOBE_ENVIRONMENT/kolla/config/octavia
    cp $KOLLA_CONFIG_PATH/octavia-certificates/client_ca/client_ca.cert.pem .
    cp $KOLLA_CONFIG_PATH/octavia-certificates/client_ca/client.cert-and-key.pem .
-   cp $KOLLA_CONFIG_PATH/octavia-certificates/client_ca/server_ca.cert.pem .
-   cp $KOLLA_CONFIG_PATH/octavia-certificates/client_ca/server_ca.key.pem .
+   cp $KOLLA_CONFIG_PATH/octavia-certificates/server_ca/server_ca.cert.pem .
+   cp $KOLLA_CONFIG_PATH/octavia-certificates/server_ca/server_ca.key.pem .
 
 Encrypt any files containing the keys:
 
@@ -232,7 +232,7 @@ Access the database from a controller:
 .. code-block:: console
 
   docker exec -it mariadb bash
-  mysql -u root -p  octavia
+  mysql -u octavia -p  octavia
   # Enter the database password when prompted.
 
 List the load balancers to find the ID of the broken one(s):

@@ -5,7 +5,6 @@ controller_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' el
 controller_lvm_groups:
   - "{{ stackhpc_lvm_group_rootvg }}"
 
-
 ###############################################################################
 # Controller node firewalld configuration.
 
@@ -28,3 +27,7 @@ controller_firewalld_default_zone: trusted
 # - permanent: true
 # - state: enabled
 controller_firewalld_rules: "{{ stackhpc_firewalld_rules }}"
+
+# List of extra networks to which controller nodes are attached.
+controller_extra_network_interfaces:
+  - octavia
@@ -63,6 +63,9 @@ stackhpc_barbican_role_id_file_path: "/tmp/barbican-role-id"
 # Enable rebooting to update SELinux state
 selinux_do_reboot: true
 
+# For ansible/maintenance/octavia-amphora-image-register.yml
+openstack_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution == 'rocky' else '/etc/ssl/certs/ca-certificates.crt' }}"
+
 ###############################################################################
 # Extra vars.
 

@@ -16,6 +16,8 @@ public_routes:
   - cidr: "{{ external_cidr }}"
     gateway: "{{ public_net_name | net_ip( groups['seed'][0] ) }}"
 
+octavia_interface: "{{ vxlan_interfaces[0].device}}.{{ octavia_vlan }}"
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
@@ -47,11 +47,6 @@ neutron_dns_domain: "{{ root_domain }}."
 # OpenSearch memory tuning
 opensearch_heap_size: 1g
 
-# Octavia load balancer configuration
-octavia_auto_configure: "no"
-octavia_provider_drivers: "ovn:OVN provider"
-octavia_provider_agents: "ovn"
-
 # Manila CephFS configuration
 manila_cephfs_filesystem_name: manila-cephfs
 
@@ -70,3 +65,21 @@ external_api_firewalld_zone: "{{ public_net_name | net_zone }}"
 
 # Test cinder cluster
 cinder_cluster_name: "stackhpc_test_cinder_cluster"
+
+# Octavia load balancer configuration
+octavia_network_interface: "{{ hostvars[groups['controllers'] | first].octavia_interface }}"
+
+octavia_amp_network:
+  name: lb-mgmt-net
+  provider_network_type: vlan
+  provider_physical_network: "physnet1"
+  provider_segmentation_id: 999
+  external: false
+  shared: false
+  subnet:
+    name: lb-mgmt-subnet
+    cidr: "192.168.34.0/24"
+    allocation_pool_start: "192.168.34.10"
+    allocation_pool_end: "192.168.34.254"
+    no_gateway_ip: yes
+    enable_dhcp: yes
@@ -131,6 +131,13 @@ provision_oc_allocation_pool_end: 192.168.33.254
 provision_oc_vlan: 107
 provision_oc_zone: "provision_oc"
 
+octavia_cidr: 192.168.34.0/24
+octavia_vlan: 999
+octavia_allocation_pool_start: 192.168.34.3
+octavia_allocation_pool_end: 192.168.34.9
+octavia_mtu: "{{ ansible_facts.default_ipv4.mtu - 50 }}"
+octavia_zone: octavia
+
 ###############################################################################
 # Network virtual patch link configuration.
 

@@ -62,3 +62,6 @@ stackhpc_docker_registry: "{{ stackhpc_repo_mirror_url | regex_replace('^https?:
 
 stackhpc_docker_registry_username: "{{ stackhpc_repo_mirror_username }}"
 stackhpc_docker_registry_password: "{{ stackhpc_repo_mirror_password }}"
+
+stackhpc_release_pulp_username: "{{ stackhpc_repo_mirror_username }}"
+stackhpc_release_pulp_password: "{{ stackhpc_repo_mirror_password }}"