447 Commits

Author SHA1 Message Date
Zuul
f5152da976 Merge "Switch public endpoints to use FQDNs by default" 2018-05-14 23:27:04 +00:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Juan Antonio Osorio Robles
8e104b3c54 Switch public endpoints to use FQDNs by default
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.

Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
2018-05-08 18:16:27 +03:00
Damien Ciabrini
9602a9bafc Instance HA: prevent compute to start on a host being evacuated
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.

To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.

[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd

Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>

Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
2018-05-03 07:05:39 +02:00
Zuul
7eb4eafae6 Merge "Add an openshift-cns service" 2018-05-01 09:25:09 +00:00
Zuul
c2b6211f6c Merge "Run the dispatch script for vlans as well" 2018-04-26 23:12:08 +00:00
Zuul
fea5bfbcc8 Merge "Remove todo as mistral tag filtering is fixed" 2018-04-21 10:02:58 +00:00
Flavio Percoco
e200974421 Add an openshift-cns service
This service file allows for enabling CNS in an OpenShift deployment.
It works as a tagging service and the rest of the configs are applied in
the openshift-master service file.

Note that the disks used can be specified as follows:

parameter_defaults:
  OpenShiftGlusterDisks:
    - /dev/sdb

Or per-role like:

parameter_defaults:
  OpenShiftMasterParameters:
    OpenShiftGlusterDisks:
      - /dev/sdb
  OpenShiftWorkerParameters:
    OpenShiftGlusterDisks:
      - /dev/sdc

Change-Id: I92972d89ee7edf2ff211e88c6e0758628c3018a2
2018-04-20 17:27:14 +02:00
Adriano Petrich
af8f06b07e Remove todo as mistral tag filtering is fixed
Fixed tag filtering in mistral so it is safe to remove the workaround
to delete workflows

Change-Id: I543c58047fa2113fa2d39e7f06d3697e9cedee11
Depends-On: Ie082901fd7eb8b61a6306da1275a79aeb6c4a6de
2018-04-17 12:40:31 +00:00
Flavio Percoco
f64e4719f3 Use external IP for public interfaces
If available, we should be using the external_ip for the public hostname
and public ip variables. This way, the webconsole and other APIs will be
made available through the external network rather than just using the
internal, non public, one

Change-Id: I1d17ea8f9a14736593df56d288eb0147a58bb957
2018-04-12 13:46:22 +02:00
Flavio Percoco
b7fe99e172 Run the dispatch script for vlans as well
The dispatch script is only executed for interfaces managed by
os-net-config but not for their vlans. This patch gets the vlans
that belong to every interface and adds them to the list of interfaces
to scan.

Change-Id: I44517d2fda0f6252634aa76d41e7a5bb3622456b
2018-04-09 14:26:34 +02:00
Zuul
8fd00675e8 Merge "Remove no longer used disable_upgrade_deployment flag" 2018-04-03 05:30:26 +00:00
Harald Jensas
e947c7e610 Add ctlplane networking for routed networks
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.

Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
2018-03-29 23:32:45 +00:00
mandreou
66df6bdb46 Remove no longer used disable_upgrade_deployment flag
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the tripleo_upgrade_node.sh
script, both of which are no longer used and have no effect on
the upgrade.

Related reviews
    I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
    I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient

Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
2018-03-29 15:27:30 +03:00
Zuul
14af18e393 Merge "Allow for passing boot-time vars/args to OC nodes" 2018-03-29 07:02:09 +00:00
Bogdan Dobrelya
e14ecb1114 Fix undercloud key upload to nova keypairs UC post
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/undercloud_post.sh, when installed
via Heat templates.

This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.

The deployed-server/scripts/enable-ssh-admin.sh fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.

Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-03-23 16:46:44 +01:00
Bogdan Dobrelya
70b3d1d844 Fix ssh keys validation workflow trigger UC post
Additional: fix bashisms to make checkbashisms happy.

Change-Id: I8943f0dcd21acf77a91fa4bcb82facb2d51eaffb
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-03-23 16:30:24 +01:00
Flavio Percoco
de39f8a3eb Allow for passing boot-time vars/args to OC nodes
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
2018-03-22 09:12:59 +01:00
Zuul
3eb0c62e47 Merge "Remove unused minor update code" 2018-03-19 12:34:21 +00:00
Zuul
2f2f22e76c Merge "Don't stop openvswitch when deploying OpenShift" 2018-03-19 07:48:54 +00:00
Jiri Stransky
a782462a1a Remove unused minor update code
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.

Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.

Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
2018-03-15 18:27:14 +01:00
Flavio Percoco
fd740a409e Don't stop openvswitch when deploying OpenShift
Instead of disabling openvswitch managed by TripleO when deploying
OpenShift, we should tell OpenShift to let TripleO manage it. We're
going down this path on the openshift-ansible path so we'll stop
disabling openvswitch in t-h-t.

Change-Id: I51226fc363f1c15deb6e33cc7ce15ffe3ac7e9c7
2018-03-14 14:06:30 +00:00
Emilien Macchi
33abdba533 undercloud_post: manage post mistral config
- Replicate what has been done in _post_config_mistral
  (instack-undercloud)
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.

Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
2018-03-13 14:35:23 +01:00
Emilien Macchi
0acc40d36b undercloud_post: override stackrc
When upgrading to a containerized undercloud, the stackrc needs to be
overriden so we don't rely on hiera CLI anymore to get the admin
password.

Change-Id: Ie2579bf83d709838557c56d952e61656b84acf31
2018-03-09 09:31:22 +00:00
Alex Schultz
75ee85b1e4 Add KernelIpForward configuration
Expose the configuration of net.ipv4.ip_forward via the kernel service.

Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255
Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1
Related-Bug: #1750194
2018-03-07 08:28:13 +00:00
Zuul
e0f59eefd2 Merge "Removed ovs-dpdk workaround to fix the vhost socket permission" 2018-02-27 12:12:55 +00:00
Flavio Percoco
ec8d2bad4c Set openshift_(ip|hostname) to ctrlplane ip
When enabling network isolation, openshift-ansible picks the wrong ip
address as the default IP for the services. Set the IP to the ctrlplane
network by default, which works with and without network isolation.

Change-Id: I0deef6c2a71c1f2a34e6efed9586bbaa052b49c9
2018-02-26 12:16:12 +01:00
Zuul
24dd89b305 Merge "Remove unused DeploymentActions resource" 2018-02-21 15:29:43 +00:00
Zuul
092bab01a6 Merge "Add RHELRegistrationActions to rhel-registration template" 2018-02-21 15:29:39 +00:00
Zuul
f075e46076 Merge "Ensure node is rebooted before enabling DPDK" 2018-02-19 20:46:36 +00:00
Zuul
d7ec3c48ac Merge "Allow passing custom openshift-ansible playbook" 2018-02-19 20:46:28 +00:00
Steven Hardy
dcf126bc79 Remove unused DeploymentActions resource
This is potentially confusing now we added RHELRegistrationActions
since it's unused but mentions DeploymentActions.

Change-Id: Ifb335cb8055528fd9b64081b30e987524169dc95
2018-02-19 12:12:05 +00:00
Steven Hardy
db61b37345 Add RHELRegistrationActions to rhel-registration template
This can be used in the case where e.g a satellite has been added
after the initial deployment to re-register the nodes with the
satellite, even those nodes that already exist.

Change-Id: I944bc4c65b08de1ca08dd91f55764ebfe141dd9c
2018-02-19 12:12:02 +00:00
Saravanan KR
b7a70f5613 Removed ovs-dpdk workaround to fix the vhost socket permission
Change-Id: I5d8e31020700f13e21f4cfa2f1bfa14ff4c88e4a
2018-02-19 15:13:04 +05:30
Zuul
5a5d1a745c Merge "undercloud_post: fix subnet name" 2018-02-15 13:38:12 +00:00
Emilien Macchi
2468fe12e7 undercloud_post: fix subnet name
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.

Note: the subnet can't be overriden (yet) but for now we rely on the
default.

Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
2018-02-15 05:30:27 +00:00
Dan Prince
32fe279eec Undercloud: fix stackrc TLS URL detection
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.

Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
2018-02-15 00:02:39 +00:00
Martin André
cf1de90684 Allow passing custom openshift-ansible playbook
This allows deploying openshift from the packaged openshift-ansible or
from a git checkout more easily, by setting the
OpenShiftAnsiblePlaybook heat environment variable.

Change-Id: I60594faa10dfd817d94038b3938d7de269330e2e
2018-02-13 16:30:47 +01:00
Saravanan KR
f9e099f218 Ensure node is rebooted before enabling DPDK
In the PreNetworkConfig, the order of resources sent to os-collect-config
changed after introducing vhost user resource. The current order is
1. HostParametersDeployment
2. DpdkVhostGroupDeployment
3. RebootDeployment and EnableDpdkDeployment
Here the expectation is that RebootDeployment should be completed
before enabling DPDK, but since both are provided at the same time to
os-collect-config, DPDK is enabled first. The reson is RebootDepolyment
is having signal transport as NONE and EnableDpdkDeployment is moved
after reboot because of ovs2.7 change of restart vswitchd, when DPDK is
enabled. This is causing the a failure.
This patch modifies the order as below:
1. HostParametersDeployment and DpdkVhostGroupDeployment
2. RebootDeployment and RebootEnsureDeployment
3. EnableDpdkDeployment

Change-Id: I5db52d5dd833833c989532931baea8fac03f9cb7
2018-02-13 11:26:39 +05:30
Zuul
5e72697d48 Merge "OpenShift: Properly disable bare metal OVS" 2018-02-08 15:49:50 +00:00
Jiri Stransky
5ebcd23f0d OpenShift: Properly disable bare metal OVS
We're deploying containerized OpenShift, which means openshift-ansible
deploys also containerized OVS. When not disabled explicitly, the bare
metal OVS service seemed to persist at least partially, and it likely
caused issues with the containerized OVS, where nodes in `kubectl get
nodes` would go from Ready status to NotReady shortly after the
deployment finished.

Change-Id: I8952198be7f78a699cf363af2e10f26714e94850
Closes-Bug: #1741224
2018-02-08 11:06:46 +01:00
Flavio Percoco
5e0e06bd1b Move options out of the OpenShiftMaster template
Some of the options that had been hard-coded in the openshift-master
template should be configuratble in a per-deployment bases. This patch
moves them out into an environment file instead.

Change-Id: I4b6f6180b11f36b1212b9e887365a99b6ae12017
2018-02-07 17:18:01 +01:00
Jiri Stransky
254d1dee4b OpenShift: Accept generic global parameters
This will allow arbitrary config of global variables for
openshift-ansible, e.g. customizing SDN params according to:

https://docs.openshift.org/3.6/install_config/configuring_sdn.html

Also remove the setting which was meant to disable OVS service
handlers in openshift-ansible -- that wouldn't solve the problem
fully.

Change-Id: Ib87e5d38797da166826af90659e3d05da3352dcf
Related-Bug: #1741224
2018-02-07 17:17:29 +01:00
Zuul
91de1c223d Merge "Configure qemu group setting as hugetlbfs for ovs-dpdk" 2018-02-05 13:05:25 +00:00
Zuul
fc21b64061 Merge "Enable configuring tripleo-ipsec variables through IpsecVars" 2018-01-31 14:19:56 +00:00
Zuul
7a120b64e8 Merge "Do not format output for kubespray or openshift deployments" 2018-01-31 14:16:11 +00:00
Zuul
7a1ad4068e Merge "Remove unused pre_network configuration" 2018-01-31 09:44:01 +00:00
Juan Antonio Osorio Robles
0dcb51e101 Enable configuring tripleo-ipsec variables through IpsecVars
This exposes the IpsecVars heat parameter which in turn can set any
variable from the tripleo-ipsec ansible role.

Change-Id: Ie6ef4aa05567c739884c1d402fc59eea80b31506
2018-01-30 12:07:42 +00:00
Saravanan KR
785d1b2b38 Configure qemu group setting as hugetlbfs for ovs-dpdk
Till now, the ovs service file and ovs-ctl command files
are patched to allow ovs to run with qemu group. In order
to remove this workarounds, a new group hugetlbfs is created
which will be shared between ovs and qemu. This patch contains
the changes required for applying these changes.

Depends-On: I674cbd45e17906448dd54acfdf7a7059880b7278
Change-Id: Iec6be0b99e84b0c89f791c3c9694fe10f3a1e7db
2018-01-29 14:26:25 +05:30
Flavio Percoco
238675b25e Update to openshift 3.7
Packages and repositories for openshift 3.7 have been created already.
I've updated the version we are installing and tested this manually.

Change-Id: Id09242b637ca2a060f068887e10981eecaa59e4a
2018-01-25 14:02:05 +01:00