The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.
To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.
[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd
Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>
Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
This service file allows for enabling CNS in an OpenShift deployment.
It works as a tagging service and the rest of the configs are applied in
the openshift-master service file.
Note that the disks used can be specified as follows:
parameter_defaults:
OpenShiftGlusterDisks:
- /dev/sdb
Or per-role like:
parameter_defaults:
OpenShiftMasterParameters:
OpenShiftGlusterDisks:
- /dev/sdb
OpenShiftWorkerParameters:
OpenShiftGlusterDisks:
- /dev/sdc
Change-Id: I92972d89ee7edf2ff211e88c6e0758628c3018a2
Fixed tag filtering in mistral so it is safe to remove the workaround
to delete workflows
Change-Id: I543c58047fa2113fa2d39e7f06d3697e9cedee11
Depends-On: Ie082901fd7eb8b61a6306da1275a79aeb6c4a6de
If available, we should be using the external_ip for the public hostname
and public ip variables. This way, the webconsole and other APIs will be
made available through the external network rather than just using the
internal, non public, one
Change-Id: I1d17ea8f9a14736593df56d288eb0147a58bb957
The dispatch script is only executed for interfaces managed by
os-net-config but not for their vlans. This patch gets the vlans
that belong to every interface and adds them to the list of interfaces
to scan.
Change-Id: I44517d2fda0f6252634aa76d41e7a5bb3622456b
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.
Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the tripleo_upgrade_node.sh
script, both of which are no longer used and have no effect on
the upgrade.
Related reviews
I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient
Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/undercloud_post.sh, when installed
via Heat templates.
This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.
The deployed-server/scripts/enable-ssh-admin.sh fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.
Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.
Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.
Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
Instead of disabling openvswitch managed by TripleO when deploying
OpenShift, we should tell OpenShift to let TripleO manage it. We're
going down this path on the openshift-ansible path so we'll stop
disabling openvswitch in t-h-t.
Change-Id: I51226fc363f1c15deb6e33cc7ce15ffe3ac7e9c7
- Replicate what has been done in _post_config_mistral
(instack-undercloud)
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.
Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
When upgrading to a containerized undercloud, the stackrc needs to be
overriden so we don't rely on hiera CLI anymore to get the admin
password.
Change-Id: Ie2579bf83d709838557c56d952e61656b84acf31
Expose the configuration of net.ipv4.ip_forward via the kernel service.
Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255
Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1
Related-Bug: #1750194
When enabling network isolation, openshift-ansible picks the wrong ip
address as the default IP for the services. Set the IP to the ctrlplane
network by default, which works with and without network isolation.
Change-Id: I0deef6c2a71c1f2a34e6efed9586bbaa052b49c9
This is potentially confusing now we added RHELRegistrationActions
since it's unused but mentions DeploymentActions.
Change-Id: Ifb335cb8055528fd9b64081b30e987524169dc95
This can be used in the case where e.g a satellite has been added
after the initial deployment to re-register the nodes with the
satellite, even those nodes that already exist.
Change-Id: I944bc4c65b08de1ca08dd91f55764ebfe141dd9c
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.
Note: the subnet can't be overriden (yet) but for now we rely on the
default.
Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.
Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
This allows deploying openshift from the packaged openshift-ansible or
from a git checkout more easily, by setting the
OpenShiftAnsiblePlaybook heat environment variable.
Change-Id: I60594faa10dfd817d94038b3938d7de269330e2e
In the PreNetworkConfig, the order of resources sent to os-collect-config
changed after introducing vhost user resource. The current order is
1. HostParametersDeployment
2. DpdkVhostGroupDeployment
3. RebootDeployment and EnableDpdkDeployment
Here the expectation is that RebootDeployment should be completed
before enabling DPDK, but since both are provided at the same time to
os-collect-config, DPDK is enabled first. The reson is RebootDepolyment
is having signal transport as NONE and EnableDpdkDeployment is moved
after reboot because of ovs2.7 change of restart vswitchd, when DPDK is
enabled. This is causing the a failure.
This patch modifies the order as below:
1. HostParametersDeployment and DpdkVhostGroupDeployment
2. RebootDeployment and RebootEnsureDeployment
3. EnableDpdkDeployment
Change-Id: I5db52d5dd833833c989532931baea8fac03f9cb7
We're deploying containerized OpenShift, which means openshift-ansible
deploys also containerized OVS. When not disabled explicitly, the bare
metal OVS service seemed to persist at least partially, and it likely
caused issues with the containerized OVS, where nodes in `kubectl get
nodes` would go from Ready status to NotReady shortly after the
deployment finished.
Change-Id: I8952198be7f78a699cf363af2e10f26714e94850
Closes-Bug: #1741224
Some of the options that had been hard-coded in the openshift-master
template should be configuratble in a per-deployment bases. This patch
moves them out into an environment file instead.
Change-Id: I4b6f6180b11f36b1212b9e887365a99b6ae12017
This will allow arbitrary config of global variables for
openshift-ansible, e.g. customizing SDN params according to:
https://docs.openshift.org/3.6/install_config/configuring_sdn.html
Also remove the setting which was meant to disable OVS service
handlers in openshift-ansible -- that wouldn't solve the problem
fully.
Change-Id: Ib87e5d38797da166826af90659e3d05da3352dcf
Related-Bug: #1741224
This exposes the IpsecVars heat parameter which in turn can set any
variable from the tripleo-ipsec ansible role.
Change-Id: Ie6ef4aa05567c739884c1d402fc59eea80b31506
Till now, the ovs service file and ovs-ctl command files
are patched to allow ovs to run with qemu group. In order
to remove this workarounds, a new group hugetlbfs is created
which will be shared between ovs and qemu. This patch contains
the changes required for applying these changes.
Depends-On: I674cbd45e17906448dd54acfdf7a7059880b7278
Change-Id: Iec6be0b99e84b0c89f791c3c9694fe10f3a1e7db
Packages and repositories for openshift 3.7 have been created already.
I've updated the version we are installing and tested this manually.
Change-Id: Id09242b637ca2a060f068887e10981eecaa59e4a