24 Commits

Author SHA1 Message Date
Emilien Macchi
7c84a9b390 upgrades/validation: only run validation when services exist
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.

This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.

Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.

Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-03-01 19:49:00 +00:00
Sofer Athlan-Guyot
fb78213782 Put service stop at step1 and quiesce at step2.
In the previous release[1], the services were stopped before the
pacemaker services, so that they get a chance to send last message to
the database/rabbitmq queue:

Let's do the upgrade in the same order.

[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71

Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-28 19:20:13 +01:00
marios
d14c56e1b6 Adds a pre-upgrade check that service is running (step0)
Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).

You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:

parameter_defaults:
  SkipUpgradeConfigTags: validation

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-27 11:20:15 +02:00
Steven Hardy
df1e016ad7 Don't start all services during upgrade steps
Currently we start all OpenStack services in step6, but puppet
already does this, and sometimes services require configuration
to account for the new version after the yum update before they
will start.

So instead of reimplementing that configuration management in
ansible, just defer starting the services until puppet has run
which will happen right after the ansible upgrade steps complete.

Note there are some DB sync operations etc that we may also be able
to remove and let puppet do those steps, but I've left those in
for now, as we know there are some actions during that phase
e.g nova cells setup, which aren't yet handled by puppet.

Change-Id: Idc8e253167a4bc74b086830cfabf28d4aab97d28
2017-01-19 13:27:58 +00:00
Brent Eagles
18e6dc96e5 Conditionally set OVS agent firewall driver
Using an empty string to allow the default value in the puppet module no
longer seems to work, resulting in the OVS agent configuration having an
empty firewall driver configuration. This patch uses a heat template
condition to set the hieradata only if something other than an empty
string has been set.

Change-Id: Ifef9ded1dbb719e75997474bf5ada909dbf40599
Related-Bug: #1656939
2017-01-17 10:13:04 -03:30
Steven Hardy
04ed7e511d Add neutron service support for composable upgrades
Change-Id: I9c6116ddb4475b798876635cbb701214759fa33b
Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-13 14:10:55 +00:00
Steven Hardy
3c6ec654b4 Bump template version for all templates to "ocata"
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.

This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.

Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23 11:43:39 +00:00
Dan Prince
7876851011 Hiera optimization: use a new hiera hook
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:

 - we update all the 'hiera' software configurations to set the group to hiera
   instead of os-apply-config.

 - The new format uses JSON instead of YAML. The hook actually writes
   out the hiera JSON directly so no conversion takes place. Arrays,
   Strings, Booleans all stay in their native formats. As such we can avoid
   having to do many of the awkward string and list conversions in t-h-t to
   support the previous YAML formatting.

 - The new hook prefers JSON over YAML so upgrading users will have the
   new files prefered. (we will post a cleanup routine for the old files
   soon but this isn't a new behavior, JSON is now simply prefered.)

 - A lot of services required edits to account for default settings that
   worked in YAML that no longer work correctly in the native JSON
   format. In almost all these cases I think the resulting codes looks
   cleaner and is more explicit with regards to what is getting
   configured in hiera on the actual nodes.

Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373

Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-11-30 22:16:13 -05:00
Emilien Macchi
7322d60610 Enable firewalling by default on compute nodes
- Move VXLAN and VRRP rules from Neutron Server to the right services.
- Enable Firewall by default on Compute nodes.

Change-Id: I99d172dcedaf6be297aad184cc51fe9f292a57e1
2016-10-06 12:07:35 -04:00
Lars Kellogg-Stedman
0d9298bb8f Add fluentd client service
This implements support for installing fluentd agents as a composable
service on the overcloud.

Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940

Implements: tripleo-opstools-centralized-logging
Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-09-17 01:31:12 +00:00
Jenkins
ede33f67b9 Merge "Fix service config files having wrong map_merge format" 2016-09-12 09:39:05 +00:00
Brent Eagles
866ed11712 Add support for configuring the OVS firewall driver
This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.

Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
2016-09-08 12:55:46 -02:30
Saravanan KR
85df73d239 Fix service config files having wrong map_merge format
map_merge in heat templates should start with hypen for
each map group, few templates are missing the hypen for the
second map group, which is added in this patch

Closes-Bug: #1621008
Change-Id: I307fdd7afc374cce46d6e378594f1b688b9fd4f6
2016-09-07 16:21:28 +05:30
Martin Mágr
25ad7b8e1e Availability monitoring agents support
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription

Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-31 09:22:59 -04:00
Jenkins
081f787b46 Merge "Move network bind IPs out of compute.yaml" 2016-08-25 22:24:44 +00:00
Brent Eagles
47bdf4438a Make OVS ARP responder feature configurable
Adds NeutronEnableARPResponder parameter to allow enabling the ARP
responder feature in the OVS agent.

Change-Id: Ide82d890ddbd842383255f5c06c186054ec8f97d
2016-08-24 16:34:18 -02:30
Dan Prince
b31d80f74c Move network bind IPs out of compute.yaml
This patch moves the local bind host hiera data out
of compute.yaml and into composable services.

Change-Id: Iae4ca707c429cc8f5ec4d1d514ae7da0bf557dfd
2016-08-24 12:41:05 -04:00
Dan Prince
3b62761d2f Add DefaultPasswords to composable services
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).

Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.

Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18 12:45:30 -04:00
Giulio Fidente
885b37c80e Pass ServiceNetMap to services
This will be needed to pick the network where the service has
to bind to from within the service template.

Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-18 12:36:18 -04:00
Bob Fournier
ed6409f756 Remove NeutronEnableTunnelling from templates
As described in https://bugs.launchpad.net/tripleo/+bug/1532830,
the OVS agent no longer uses enable_tunneling, which is controlled by
NeutronEnableTunnelling, so this change removes NeutronEnableTunnelling
from the Heat templates.

This change depends on NeutronEnableTunnelling also being removed
from python-tripleoclient and puppet-neutron no longer using the
enable_tunneling hieradata.

Change-Id: I1ff6902ebd15041fc57ffff20a07455f171a004b
Closes-Bug: 1532830
Depends-On: I28d33592374f60cb5222a866efaf9d137aca1c5a
Depends-On: I73630653330c67444827f32740c44e9d25b5db31
2016-08-12 20:46:38 -02:30
Brent Eagles
deb098c29a Add environment file to enable DVR
This patch adds support for conditionally enabling DVR by deploying the
L3 and metadata agents on the compute node and setting the proper
configuration values throughout.

Implements: blueprint neutron-dvr-support
Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
2016-08-04 10:59:59 -02:30
Steven Hardy
7df649f59e Convert service_name to underscore syntax
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api.  To enable dynamic generation of
this data, we need the service name in underscore format.

Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-28 16:31:36 +01:00
Dan Prince
6b30ff11d4 Add 'service_name' to composable services
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.

This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.

Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-22 07:29:39 -04:00
Dan Prince
89fbd07afe composable neutron ml2 and ovs agent
Adds new puppet and puppet pacemaker specific services for
the Neutron ml2 configuration and the Ovs agent.

Partially-implements: blueprint composable-services-within-roles

Change-Id: I896e5dfe6fae49371c9fe7f47c4364eb6f621b07
2016-06-09 10:45:30 -04:00