The `prerequisites.yml` playbook should only be explicitly run on
initial deployment to prepare the nodes. It is already included in the
scaleup playbooks for the new nodes so there is no need to include it
again. Re-running the `prerequisites.yml` playbook reconfigures the
container runtime and may cause outage, it is supposed to be run only
once.
Make update and upgrade playbooks exclusive. There is no need to run
both of them.
Add comments to clarify the intent for each playbooks.
Change-Id: I30278360fcc1ffa9bd7ce7cb77d023629fb6fa47
Closes-Bug: #1804790
As tracked by ci squad in [1] the scenario3 standalone has some
extra services cinder/horizon/swift removed here.
[1] https://tree.taiga.io/project/tripleo-ci-board/task/544
Change-Id: Ibb09de39cf2769a8516e4245d4a41150c97f6e0c
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled. This patch just exposes
some new parameters to use puppet-horizon for configuration. The
sample environment file for OpenID Connect federation is also updated
to use the new parameters. Some of the sample defaults were updated
to more closely match the URLs that horizon expects.
Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
public_virtual_ip previously required the External network to be
present in networks data. Add a conditional to use the VIP on the
ctlplane if the External network is not in networks data.
Closes-Bug: #1774401
Change-Id: Ie6c3d7124d11ee89788b432da39df16f031fcf12
Add's a conditional to only include internal_api_virtual_ip if
InternalApi network is defined in custom networks.
According to code comment internal_api_virtual_ip is only used
by Contrail.
Change-Id: Ifd8f59bd03c9bab1283e580a64957f201eb8f335
Closes-Bug: #1772124
Change I803ed2ba9ff52f9a02c550a28d21cc9102568c8e adds this directory
as bind-mount for many services, but there is no guarantee this directory
actually exists on the node.
This might break the deploy, as it will prevent the iscsi container to
start as expected when using podman.
Although this directory is managed by a package (iscsi-initiator-utils),
this one isn't always present (i.e. on undercloud, or deployed servers,
or standalone).
Related-Bug: #1810338
Change-Id: I8fc52b2a872fd77b342a0f20e4602b21d9e33fed
In docker-puppet.py, we only create docker-puppet.sh script if it
doesn't exist yet. It's not useful to re-create it and it can be
dangerous to regenerate the script while docker-puppet.py is running,
since we bind mount the script to the containers.
It's possible that during a multi-process task, the script changes and
then the entrypoint fails to run correctly if the interpreter is not
present in the script.
This patch makes sure that we create the script only when needed, and
also that we remove it before running docker-puppet.py, which will be
useful when doing clean deployments or upgrades.
Context: https://github.com/containers/libpod/issues/1844
Change-Id: I0ac69adb47f59a9ca82764b5537532014a782913
As tracked by ci squad at [1] scenario2 standalone is missing some
services and has extra horizon compared to the multinode being
replaced
[1] https://tree.taiga.io/project/tripleo-ci-board/task/543
Change-Id: I034dd365f6fd20060f9ad49c4e81b3c534efbe4b
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
In 459b2664d99befa452e1946a4e4cf400183dd9e3 (Handle missing or bad
dmidecode) we accept return values of 0, 1 or 2 from command modules
that call 'dmidecode'. However we then unconditionally look at the
stdout key in the result object. When the dmidecode binary is missing
the result dictionary from the command module doesn't contain a stdout
key (resulting in something like):
---
fatal: [overcloud-novacomputeppc64le-1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to have been in '/var/lib/mistral/overcloud/ceph-ansible/nodes_uuid_playbook.yml': line 14, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n failed_when: machine_uuid.rc not in [0, 1, 2]\n - name: generate host vars from nodes data\n ^ here\n"}
---
This change just adds a default('') filter to the lookup so a missing
key will fallback to an empty dictionary
Closes-Bug: 1790447
Change-Id: I7db180674c3696508a7f449e2e825e7083a00f6e
Since change: I07822ec0cba7eed352c0010eb893b5e5a522e95c
resources are no longer created for networks that are not
defined in roles data. While this is an improvement we
need to communicate this change.
There is tribal knowledge and documentation that failed
reflect the requirement to add networks to roles data
since the introduction of composable networks in Pike.
Prior to Pike adding a network to a role was achived by
overriding the resource_registry entry to not use the
noop.yaml fake port (fall back to ctlplane) template.
i.e to add External network to compute role the
following was commonly added to network-environment.yaml
OS::TripleO::Compute::Ports::ExternalPort:
../network/ports/external.yaml
NOTE: Current OVN-DVR and ODL doc's downstream uses the
resource_registry override, whitout also adding
the network to roles data.
Related-Bug: #1800811
Change-Id: I6c03c7a2bd6f369bf35a9e479a97302c9a455197
Add timezone service to the undercloud role so that it is properly
configured when we install the undercloud.
Change-Id: I4814cfb52f57d8260cda61adb6ac20609f435846
Depends-On: https://review.openstack.org/#/c/628015/
Closes-Bug: #1784068
Previously all networks was rendered for all roles, and
thus the default set in network/network.j2#L83 would
propgate to the nic config for any role. Since we now
only include properties for network's in role.networks
when passing parameters puppet/role.role.j2.yaml this
default may not propagate to the nic config and can
cause problems if merge-new-params-nic-config-script.py
was used to add new parameters with a role missmatch.
(i.e Updating the Compute roles NIC config file while
specifying the Controller role in merge-new-params
tool would add the parameter with no default which
causes Property {{network.name}}Mtu not assigned
error when deploying.
Change-Id: I3031977a0daabb093cb8f61bcfc22b68e8e35bed
Adds new roles for DistributedCompute and DistributedComputeHCI. These
roles closely match the existing Compute roles but also include the
CinderVolume service.
implements split-controlplane
Change-Id: Ia7f5ba93a9fc31b4653e6cbd9b3e5d8f00d26a27