diff --git a/docs/v1-redeploy-changelog.md b/docs/v1-redeploy-changelog.md index f342698..1b03912 100644 --- a/docs/v1-redeploy-changelog.md +++ b/docs/v1-redeploy-changelog.md @@ -1131,7 +1131,29 @@ image-format=raw, amp-image-tag=octavia-amphora on both sides); octavia blocked, charm-octavia resources 0/0/0; PRE gate PROCEED. Step 5.1 configure-resources running (--wait=20m; do NOT re-fire on wait-timeout). +### 2026-06-30 -- Phase-05 executed (Octavia enablement, D-021) -- PASS; DOCFIX-061 + +PHASE-05 (octavia) -- PASS (scripts ran clean; no script defects): +- 5.1 configure-resources (op 35/task 36, --wait=20m) cleared octavia's blocked -> active; lb-mgmt-net / + lb-mgmt-subnetv6 / lb-mgmt-sec-grp created; o-hm0 UP with an fc00:: ULA (state=UNKNOWN is normal for an + OVS internal port). Benign in-progress noise confirmed harmless: `ovs-vsctl: no row o-hm0` (queried + before the action creates the port) and the systemd-networkd stop/socket warning. +- 5.2 amphora pipeline (phase-05-amphora-pipeline.sh): config gate clear; base seeded via STAGE-AND-VERIFY + (sha256 070de108...); retrofit op 39/task 40 built amphora-haproxy-x86_64-ubuntu-22.04-20260701 + (807e3f5b-...) ACTIVE, tag octavia-amphora, image-format raw. phase-05-octavia-verify.sh -> PASS. + +DOCFIX-061 -- phase-05 as-built reconciliation (runbook drift; no script change): +- Retrofit's internal glance target corrected .8.53 -> 10.12.12.53: under D-052 the INTERNAL glance VIP is + on metal-internal (.12.53, confirmed live this session); the doc's ".8.53" predates the metal-admin/ + metal-internal split and is now the ADMIN VIP. +- Seed-method note corrected: this rebuild used STAGE-AND-VERIFY (the canonical Step 5.2 script), not the + 06-16 web-download expedient. Object IDs / op numbers refreshed to 2026-06-30. noble is seeded in + phase-06 6.0-BOOT this rebuild (not pre-staged in phase-05). o-hm0 ULA not captured this run (regenerates). + +DISCIPLINE (operator-directed 2026-06-30): reconcile scripts + commands + this changelog at the SUCCESSFUL +completion of EACH phase, before starting the next. Deliver the per-phase reconciliation as a repo-relative ZIP. + ### Next-free numbers -Design decision: D-063. Doc fix: DOCFIX-061. (DOCFIX-059 internal-cert SAN gate, DOCFIX-060 phase-04 md -drift both recorded above; D-061 teardown, D-062 mysql; DOCFIX-057 old-teardown deprecation, DOCFIX-058 -phase-03 3.3 HTTP-upstream recorded earlier.) +Design decision: D-063. Doc fix: DOCFIX-062. (DOCFIX-061 phase-05 as-built reconciliation recorded above; +DOCFIX-059 internal-cert SAN gate, DOCFIX-060 phase-04 md drift; D-061 teardown, D-062 mysql; DOCFIX-057 +old-teardown deprecation, DOCFIX-058 phase-03 3.3 HTTP-upstream recorded earlier.) diff --git a/runbooks/phase-05-octavia-enablement.md b/runbooks/phase-05-octavia-enablement.md index 31446e7..202a7c0 100644 --- a/runbooks/phase-05-octavia-enablement.md +++ b/runbooks/phase-05-octavia-enablement.md @@ -197,22 +197,25 @@ admin-scope failover) is D-011 criterion 4 -- run in phase-08 (needs tenant scaffolding + the external provider network from phase-04). -## As-built reference (current rebuild 2026-06-16; per-deploy values regenerate -- old IDs are not discrepancies) +## As-built reference (current rebuild 2026-06-30; per-deploy values regenerate -- old IDs are not discrepancies) - octavia/0: octavia 14.0.0, charm rev 441 2024.1/stable, on 3/lxd/3, data leg 10.12.12.1; multi-homed (reaches provider VIPs over eth1). -- configure-resources op 9 / task 10 completed (--wait=20m; 06-03 snapshot: op 15/task 16). - Created lb-mgmt-net / lb-mgmt-subnetv6 (IPv6 geneve) / lb-mgmt-sec-grp; o-hm0 UP, IPv6-ULA - fc00:3f8c:7162:d105:f816:3eff:feea:7e45/64 (06-03: fc00:9c49:...:56df; the ULA regenerates per deploy). -- amphora: retrofit is metal-only -> internal glance VIP 10.12.8.53. base jammy-amphora-base - = da757cb1-... (untagged; 06-03: f8b48cdb-...); retrofit op 13/task 14 (06-03: op 19/task 20) - built amphora-haproxy-x86_64-ubuntu-22.04-20260616 = ca5552a5-... ACTIVE, tag octavia-amphora - (matches octavia amp-image-tag), image-format raw, ~6.2 GB, owned by the services project - (06-03 OUTPUT: 4e4a94ac-...). -- mgmt VM image pre-staged for phase-06: ubuntu-24.04-noble = 899b4b5c-... (public, os props). -- SEED METHOD this rebuild vs canonical: the base + noble were seeded via WEB-DOWNLOAD this - rebuild (the 06-16 expedient). Canonical going forward is STAGE-AND-VERIFY (Step 5.2 header); - web-download is a tested alternative (appendix-A). The web-downloaded base landed raw (import - conversion ran); a staged --file base lands qcow2 (CORRECTION-1) and is equally fine for the retrofit. +- configure-resources op 35 / task 36 completed (2026-06-30; --wait=20m; prior: op 9/task 10). + Created lb-mgmt-net / lb-mgmt-subnetv6 (IPv6 geneve) / lb-mgmt-sec-grp; o-hm0 UP with a fresh + IPv6-ULA on the lb-mgmt prefix (fc00::/64; exact addr not captured this run -- the ULA regenerates per deploy). +- amphora: the retrofit (use-internal-endpoints=true) reaches the glance INTERNAL VIP 10.12.12.53 + (DOCFIX-061 / D-052; the old ".8.53" predates the metal-admin/metal-internal split -- .8.53 is now the + ADMIN glance VIP). base jammy-amphora-base = 15a14c5a-... (untagged; sha256 070de108...; prior: da757cb1-...); + retrofit op 39/task 40 (prior: op 13/task 14) built amphora-haproxy-x86_64-ubuntu-22.04-20260701 + = 807e3f5b-... ACTIVE, tag octavia-amphora (matches octavia amp-image-tag), image-format raw, + owned by the services project (prior OUTPUT: ca5552a5-...). +- mgmt VM image ubuntu-24.04-noble is NOT pre-staged in phase-05 this rebuild; it is seeded in phase-06 + Step 6.0-BOOT (stage-and-verify). (Prior rebuilds pre-staged it here as a convenience; 06-16 id 899b4b5c-...) +- SEED METHOD this rebuild (2026-06-30): the amphora base was seeded via STAGE-AND-VERIFY -- download to + $HOME + sha256 vs published SHA256SUMS + `openstack image create --file` -- per the canonical Step 5.2 + script (phase-05-amphora-pipeline.sh), NOT web-download. The staged --file base landed qcow2 + (CORRECTION-1); the retrofit consumed it and emitted the raw octavia-amphora OUTPUT. Web-download + remains a tested alternative (appendix-A). - Charm gap (parked): glance-simplestreams-sync is metal-only and cannot reach glance on a no-DNS deploy (use-internal-endpoints steers keystone auth but not the glance/swift client) -> gss does NOT seed the base. The base is seeded per Step 5.2