3891 Commits

Author SHA1 Message Date
Harald Jensås
2024bb0218 Ironic Inspector - disjoint ip range(s) for HA
Allow tht parameter IronicInspectorSubnets to specify
per-instance ip range(s) using hostname as key for each
list of ip ranges. For HA deployments use disjoint
address pools to avoid potential address conflict.

Implements: blueprint ironic-inspector-overcloud
Depends-On: Ifae513265b8c35d98012f14f951bac33ae90b66c
Change-Id: Ifdebe9fcc817b4572f1eb461a3396af6b55f1e6b
2018-12-12 08:18:23 +00:00
Rabi Mishra
c2aeb45e38 Replace confusing usage of update_identifier
We use update_identifier ansible variable to check if we need to
re-run deployment tasks. Though there is no bug as we use
DeployIdentifier heat param for it, it's little confusing
(UpdateIdentifier was meant for package updates).

This also removes usage of UpdateIdentifier/update_identifier in
all_nodes_config.j2.yaml. We can deprecate/remove the heat param in a
subsequent patch.

Change-Id: I36ed62ae605a2d8f8f139b50646144b143d5e5f4
2018-12-12 09:25:00 +05:30
Zuul
f2f63a3808 Merge "Fix - ApacheServiceBase needs ServiceData" 2018-12-12 00:49:59 +00:00
Jose Luis Franco Arza
5bc5ae944a Perform docker reconfiguration on upgrade_tasks.
The container-registry role is idempotent in a way that the
restarting of the docker service will be done only if some
configuration value has changed.
During the upgrade, host_prep_tasks are being run and if the
new templates bring some configuration change then the Docker
service gets restarted. The issue is the point at which they
get restarted, which is after the upgrade_tasks have already
run and prior to the deploy_tasks. This is causing issues with
Pacemaker handled resources.

For that reason, we include the very same task running in host_prep_tasks
into upgrade_tasks for the docker and docker-registry services,
forcing the Docker service reconfiguration to happen during
upgrade_tasks instead of at a latter point.

Closes-Bug: #1807418
Change-Id: I5e6ca987c01ff72a3c7e8900f9572024521164de
2018-12-11 15:27:04 +01:00
Emilien Macchi
e3c1b7e755 docker: wire SELinuxMode with Ansible vars
When SELinuxMode is set to enforced in thedeployment, configure Docker
to enable SElinux.

It'll wire container_registry_selinux variable in ansible-role-container-registry
which enables --selinux-enabled if set to True.

Change-Id: Ic030ecbe8b6719ba45cb7c27c6cf44bab14fed88
2018-12-11 08:43:31 -05:00
Zuul
a0cf19837b Merge "Allow to skip docker reconfiguration during stack update" 2018-12-11 10:38:51 +00:00
John Fulton
bc0246ff8a Add TunedCustomProfile parameter and HCI Ceph filestore environment
Add TunedCustomProfile parameter which may contain a string in
INI format describing a custom tuned profile. Also provide a new
environment file for users of hypercoverged Ceph deployments
using the Ceph filestore storage backened. The tuned profile is
based on heavy I/O load testing. The provided environment file
creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf whose
content is the following and sets this tuned profile to be active.

[main]
summary=ceph-osd Filestore tuned profile
include=throughput-performance
[sysctl]
vm.dirty_ratio = 10
vm.dirty_background_ratio = 3
[sysfs]
/sys/kernel/mm/ksm/run=0

Depends-On: Iba17d86bbdd710623ba1ba44b1ea5d4c1b99c541
Change-Id: Iaa1c82cefac5c8f2959fd7aeb57bd6860fd9096a
Closes-Bug: #1800232
2018-12-10 22:26:06 +00:00
Harald Jensås
9efb5f9d52 Fix - ApacheServiceBase needs ServiceData
The puppet apache service uses the cidr map in ServiceData.
Services did not pass the ServiceData to the apache
service template. Because of this the property resolves to
an empty string which is not correct. The empty string
cause problems when yaql in common/services.yaml is merging
config_settings.

Closes-Bug: #1806718
Change-Id: Ia3af9535e3af1dad4ac833983ebe29b6002f0815
2018-12-10 19:26:44 +00:00
Alex Schultz
ec8cc54df4 Switch debug to use logging classes
The puppet openstack modules have switched the debug setting to a
logging class in the modules. They are starting to remove the base debug
option so we need to switch our usages to use the logging classes

Change-Id: I690448db2de341ec428181f19364c93a3273b565
Needed-By: https://review.openstack.org/#/c/619379/
2018-12-10 08:32:28 -07:00
Emilien Macchi
e4ee042a2a upgrade: remove tasks that stop and disable services
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.

Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
2018-12-10 09:19:59 -05:00
Martin Magr
36cfba38f8 Run collectd socket cleanup on container start
This patch enables collectd deleting /var/run/collect-socket on startup.
It is created for monitoring purposes and on some conditions is created
by health check script sooner than collectd starts, which results on collect
failing to create the socket and listening on it.

Change-Id: I9fed91255f6857ac39a68278fb2c036606d88468
Closes-Bug: #1807683
2018-12-10 11:03:45 +01:00
Zuul
a0b72fa415 Merge "Handle python binary look for scripts" 2018-12-08 11:42:23 +00:00
Zuul
e4aa5f8958 Merge "Flatten Aodh service configuration" 2018-12-07 23:52:51 +00:00
Zuul
570f1da4e3 Merge "Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml" 2018-12-07 16:57:36 +00:00
Thomas Herve
862f52cce0 Put user data in the main stack
We create user data per instance, but two are global for all, and the
last one per role, so we can move it up the stack.

Change-Id: I1330e54744adef9be159edd8f01aefa3db85a480
2018-12-07 15:45:10 +01:00
Juan Antonio Osorio Robles
aaad5025e2 Introduce container_cli hiera key
This hiera key is useful for when scripts want to figure out what tool
to call. This way they only need to call hiera in order to figure that
out.

Change-Id: I63dfd339a68ee1730e84cdcc32856f2fb4590cf4
2018-12-07 08:13:02 +00:00
Zuul
fd04035471 Merge "Set facter variable 'uuid' explicitly in docker-puppet.py" 2018-12-07 06:18:21 +00:00
Zuul
7e754dcf14 Merge "Specify multiple NtpServers by default" 2018-12-06 22:14:22 +00:00
Alan Bishop
07c02286fd Add support for cinder NFS snapshots
Add CinderNfsSnapshotSupport parameter that controls whether cinder's
NFS driver supports snapshots. The default value is True.

Depends-On: I4df8e3941eb074339e399e5a5c44fa411ff21560
Change-Id: I9a42f805fd28fd04bee771cac63bd0080b39c7c0
2018-12-06 12:27:38 -05:00
Alex Schultz
2dfd0ea8ca Flatten Aodh service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of aodh services have been
removed.

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I39645aff0365218d4b841ed0d9c964b3622f143a
Related-Blueprint: services-yaml-flattening
2018-12-06 15:07:05 +00:00
Zuul
a073fe75f2 Merge "Fix Swift S3 API configuration" 2018-12-06 15:05:36 +00:00
Zuul
2485978bee Merge "Add SERVICE_bootstrap_node_ip values to allNodesConfig" 2018-12-06 11:49:36 +00:00
Zuul
769f18f0f5 Merge "Check for available networks for a role" 2018-12-05 19:01:14 +00:00
Zuul
d73dedd4bc Merge "Use new ODL diagstatus heath check REST URL" 2018-12-04 17:36:29 +00:00
Alex Schultz
90d3723175 Specify multiple NtpServers by default
The NtpServer default set now includes multiple pool.ntp.org hosts to
ensure that the time can be properly synced during the deployment.
Having only a single timesource can lead to deployment failures if the
time source is unavailable during the deployment. It is recommended
that you either set multiple NtpServers or use the NtpPool
configuration to ensure that enough time sources are available for the
hosts. Note that the NtpPool configuration is only available when using
chrony.

Change-Id: I5b82d77cbf0f2e8c2a59645a72aa533d7d2c86b8
Closes-Bug: #1806521
2018-12-04 08:31:55 -07:00
Zuul
a80bb71642 Merge "ctlplane pre-alloc IPs - deprecated/non-deprecated role name" 2018-12-04 14:03:07 +00:00
Matthias Runge
3960b8e6f9 Include cpu plugin in default collect plugins
It delivers a better idea on how the machine operates
than just having the load plugin.

Change-Id: Ide11718f33a9d656719ff714a324fbe9f3fc18e8
2018-12-04 13:58:23 +01:00
Mike Fedosin
0101b46387 Allow to skip docker reconfiguration during stack update
When installing OpenShift by means of TripleO, after
the initial docker configuration, openshift-ansible
also adds several parameters there.

Then, if we want to remove a single node, then a stack
update is performed, which returns the configuration
to its original state. In other words, it removes all
parameters added by openshift-ansible, which breaks OpenShift.

This commit adds the ability to disable reconfiguration of
docker at the time of stack update for all roles associated
with OpenShift.

Closes-Bug: #1804790

Depends-On: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Change-Id: If202be5d27d81672e39cbe21867459d277220e23
2018-12-03 13:20:38 +01:00
Rabi Mishra
4de17945a1 Set facter variable 'uuid' explicitly in docker-puppet.py
Unprivileged docker-puppet-$service containers don't have access
to devices and can't get facter 'uuid' variable. Therefore per node
hiera customizations don't work. We can work around this by using
/sys/class/dmi/id/product_uuid instead.

dmidecode>=3.1 returns system-id in lower case, so it's better to
use lowe case for compatibility.

This would also require changes to the docs as ironic node
introspection data may show it in both cases.

Change-Id: I899de7732c5b29ed70d4d487fdbc363117ac327f
Closes-Bug: #1806011
2018-12-01 19:13:37 +05:30
Daniel Farrell
da87906ac3 Use new ODL diagstatus heath check REST URL
OpenDaylight's Infrautils project has a new, recommended method for
checking when ODL is up and ready. Use this new diagstatus ODL NB REST
API endpoint vs the old netvirt:1 endpoint.

ODL Jira that tracked adding diagstatus REST API:

https://jira.opendaylight.org/browse/INFRAUTILS-33

RH BZ tracking moving to diagstatus:

https://bugzilla.redhat.com/show_bug.cgi?id=1642270

Change-Id: I44dc5ba7680a9c5db2d6070e813d9b0e31d6e811
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
2018-11-30 01:34:39 +00:00
Zuul
b6b4201be1 Merge "Add ctlplane interface routes" 2018-11-29 10:45:53 +00:00
Christian Schwede
8980b5756d Fix Swift S3 API configuration
The endpoint must use the v3 suffix, otherwise authentication fails.

Closes-Bug: 1805660
Change-Id: I878abbeb9c0c2dc146692403b32002a4798f25f0
2018-11-29 09:13:09 +01:00
Harald Jensås
7a1cd822f6 ctlplane pre-alloc IPs - deprecated/non-deprecated role name
By default, Compute role template set's the deprecated_param_ips
parameter in roles data. This forces the use of the deprecated
names in paramer_defaults when using predictable IPs for the
ctlplane network.

To allow the user to either use the deprecated role name, or the
non deprecated role name in parameters defaults extend the
ctlplane_fixed_ip_set contition to use or logic to test for data
in either the deprecated name parameter or the new parameter.

In the server resource use yaql to pick the first element that
is not empty. The non-deprecated parameter name is prioritiezed.

Change-Id: Iedc65064c5efaa618c3d54df10bf09296829efd2
Closes-Bug: #1805482
2018-11-27 20:20:50 +01:00
Steven Hardy
21905f7588 Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml
There was also a special flag for FFU that triggered repo setup only
on the bootstrap node, so switch this to use the per-service bootstrap
name instead.

Change-Id: I32f963a002399af4911acbf507312f378aac3599
Partial-Bug: #1792613
2018-11-27 15:59:28 +00:00
Carlos Goncalves
3c8e736981 Fix Octavia hieradata keys
Commit https://review.openstack.org/#/c/612395/ deprecated some
parameters in class octavia::worker and moved them to the new class
octavia::controller.

Closes-Bug: #1805345
Depends-On: https://review.openstack.org/#/c/620118/

Change-Id: I53264dc6cbb75165484c3b1f6ddbee45dc4e0206
2018-11-27 08:49:58 +01:00
Zuul
c464b3d206 Merge "Added Dell EMC SC multipath support" 2018-11-27 05:42:25 +00:00
Steven Hardy
a77d045663 Add SERVICE_bootstrap_node_ip values to allNodesConfig
This can be used to replace the per-role bootstrap_nodeid_ip,
and the redis-base template is updated to use the new hiera
key.

The old bootstrap_nodeid_ip appears to only be used for redis,
so the old key is removed, with an upgrade release note added
should any out-of-tree services reference this value.

Partial-Bug: #1792613
Change-Id: I830d5b9bae3e9d65c2c393e3dcdf70bffdb1ac7b
2018-11-26 17:01:24 +00:00
Harald Jensås
055e252872 Add ctlplane interface routes
For the isolated networks we use the subnets host_routes
to set and get the routes for overcloud node interfaces.

This change add's this to the ctlplane interface.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: Id4cf0cc17bc331ae27f8d0ef8f285050330b7be0
2018-11-26 17:49:31 +01:00
Alex Schultz
1e5ccb4c7d Handle python binary look for scripts
We have some scripts that we deploy via tripleo that use inline python.
For this we need to be able to find an available python on the system in
order for it to work. This change adds a lookup function to the scripts
to find a working version of python as /usr/bin/python may not exist.

Change-Id: Ida7a7cbd064ebdb923f38c9102eb4b0771f9b273
Related-Blueprint: python3-support
2018-11-26 16:48:51 +00:00
Zuul
b8206cc0f5 Merge "Fluentd deprecation releasenote" 2018-11-26 16:14:27 +00:00
Zuul
687c3cd90c Merge "Add customized libvirt-guests unit file to properly shutdown instances" 2018-11-26 15:03:50 +00:00
Steven Hardy
fd088e2fe7 Adjust haproxy-public-tls-inject.yaml bootstrap variable
In RDO CI we're seeing this undefined, but haproxy_short_bootstrap_node_name
is defined, which proves https://review.openstack.org/#/c/605046/ is included
and working.

The root cause is that the haproxy_public_tls_inject_service is actually
created via the haproxy template as a nested stack, so we need to use
haproxy_short_bootstrap_node_name instead

Change-Id: I870825140b8947a1845307b5bec1bcff387c15c0
Closes-Bug: #1804433
2018-11-23 06:26:46 +00:00
Zuul
6ae97d1587 Merge "Sensu Deprecation note" 2018-11-22 21:49:09 +00:00
Zuul
444657edd2 Merge "Cleanup nova metadata port in nova api service" 2018-11-22 21:48:08 +00:00
Christian Schwede
b7ebf5835c Disable deprecated parameter ControllerEnableSwiftStorage
Setting this parameter to False not only breaks the deployment, but also
disables important storage services on storage nodes, not only
Controllers.

The parameter has been marked deprecated for quite awhile, thus changing
it to be non-effective (before removing it totally).

Closes-Bug: 1804479

Change-Id: I30bdc60853b6057f4f7c8c28dc88e6b151056422
2018-11-21 16:44:52 +01:00
Zuul
07241f33d1 Merge "Revert "Revert "Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name""" 2018-11-21 05:08:05 +00:00
Zuul
a163736d2f Merge "Add more NSX config parameters" 2018-11-19 18:39:26 +00:00
Zuul
da0f6f98a1 Merge "Enable Glance Image Cache" 2018-11-19 12:34:19 +00:00
Martin Schuppert
9f478ee18e Add customized libvirt-guests unit file to properly shutdown instances
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute container
is shut down. Therefore we need a customized libvirt-guests unit file
which:
1) removes the dependency to libvirt (non container) that it don't
   get started as a dependency and make the nova_libvirt container
   to fail.
2) adds a dependency to docker related services that a shutdown of
   nova_compute container is possible on system reboot.
3) stops nova_compute container
4) shutdown VMs

This is a missing part of Bug 1778216.

Change-Id: Ic4b7b427827114fcec0f4973a200461e811ee53a
Related-bug: 1778216
2018-11-19 09:54:39 +01:00
Rabi Mishra
5d275fb922 Check for available networks for a role
For network isolation, we specifcy available networks for role.
Therefore, there is no point in creating noop network resources for
networks that are not available/connected. This results in redundant
host entries for not available networks on overcloud nodes.

If a network is not available for a role we don't need to create
those extra noop resources.

For Undercloud/Standalone role we keep all networks in roles data
as the default ServiceNetMap specifies non ctlplane networks though
they map to ctlplane.

Change-Id: I07822ec0cba7eed352c0010eb893b5e5a522e95c
Closes-Bug: #1800811
2018-11-19 10:14:34 +05:30