3891 Commits

Author SHA1 Message Date
Zuul
3694dee4b3 Merge "Fix ansible conditional for ovs upgrade." 2018-11-16 16:55:56 +00:00
Zuul
80e22a5aa0 Merge "Configure cinder's access to the nova API" 2018-11-16 03:56:47 +00:00
Sofer Athlan-Guyot
49e9d44d00 Fix ansible conditional for ovs upgrade.
Change-Id: I3a9f56217bb365b844acdf1d65776038c5bf9378
Closes-Bug: #1803154
2018-11-16 00:29:35 +00:00
Zuul
08fdd01b68 Merge "Move set of database_connection to OctaviaBase" 2018-11-15 21:08:47 +00:00
Pranali Deore
bd870fbac8 Enable Glance Image Cache
Enabling glance image cache by setting up value of 'flavor' to
'keystone+cachemanagement' in glance-api.conf from THT.

Change-Id: I9a87d8edcb2e98ae45e98439b44b659916e44d89
blueprint: split-controlplane-glance-cache
2018-11-15 16:37:21 +05:30
Alan Bishop
f49ca18155 Configure cinder's access to the nova API
Configure cinder to use the nova API's admin endpoint instead of the
default public endpoint. Add the necessary auth credentials so that
cinder can access nova's API as a privileged user, which is required
for certain actions (see [1]).

[1] https://git.openstack.org/cgit/openstack/cinder/tree/cinder/compute/nova.py#n86

Closes-Bug: #1802347
Depends-On: I925e25bcc352955560fc449fc5287e56beb12ca3
Depends-On: Ia357ea41f8472d47e266d853f120a14b767e880d
Change-Id: Ic0eef51c1dafd4a1378f5317390e7c09f1d429cd
2018-11-14 16:51:20 -05:00
Steven Hardy
97c111bf1e Revert "Revert "Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name""
This reverts commit 3cbaadd09c034629fb20e3c663ad64b3b468f77b.

Change-Id: Ib344a3b89d3755891bd0d34faad96e4fe20ee524
2018-11-13 14:17:00 +00:00
Martin Schuppert
57cda0b66e Cleanup nova metadata port in nova api service
Nova metadata api is running via http wsgi in its own service.
Therefore we can cleanup the ports definition being opened by
nova api service.

Change-Id: I3066806f8810e30742516c3ca14afc12a1c95bbc
2018-11-13 12:59:41 +01:00
Alex Schultz
fb0e8f62fc Convert dynamic lookups to use colon notation
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.

Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
2018-11-12 21:21:49 -07:00
Zuul
117d8e966f Merge "Handle LP openvswitch meta-package on upgrade" 2018-11-12 13:01:02 +00:00
Zuul
71bd36bb57 Merge "Enable _member_ role for undercloud install." 2018-11-09 19:19:28 +00:00
Zuul
6669b10a38 Merge "Rework neutron/own agent wrapper tools for podman" 2018-11-09 13:53:29 +00:00
Zuul
581b88d716 Merge "Do not purge the Ironic Inspector dhcp-hostsdir" 2018-11-09 10:15:47 +00:00
Zuul
90d022a129 Merge "Added all keystone log files to fluentd" 2018-11-09 06:42:08 +00:00
Zuul
27c931baa8 Merge "Handle difference between future and current container_cli" 2018-11-09 06:42:06 +00:00
Brent Eagles
1773afb068 Handle LP openvswitch meta-package on upgrade
With layered product packaging upgrading openvswitch may involve a
package rename of the openvswitch package (e.g. openvswitch to
openvswitch 2.10 or openvswitch2.12 to openvswitch2.13) This patch
adds special handling for the rhosp-openvswitch layered product package
to ensure that openvswitch networking remains available during the
upgrade.

Note that this patch also moves the special upgrade logic to
tripleo-packages because it could affect any node that is running
openvswitch for host networking, not just those that are using it for
cloud workloads.

Closes-Bug: #1794359

Change-Id: Ibd64ac1407333c1548261f9d2ae69cdf013e94ce
2018-11-08 14:54:28 -03:30
Jiri Stransky
978c5978ae Handle difference between future and current container_cli
During upgrade we may have container_cli be Podman but the containers
may still be running on Docker. Handle this situation in the upgrade
tasks which are the last-resort online data migration if user forgot
to trigger them earlier, as they seem to be hitting this issue.

We must support both options at the same time, because the upgrade
code must be idempotent (re-runnable). When running upgrade 1st time,
the containers will be running in Docker, when re-running the upgrade
(e.g. because a part of it failed), the containers will be running in
Podman.

Once we converge onto a single solution and do not have to support
migration, this commit can be reverted.

Change-Id: I933ce754f081ee87ec53d5f8d9c901ab71dceb1e
Closes-Bug: #1802085
2018-11-08 10:40:07 +01:00
Zuul
86e79e047e Merge "Add support for configuring ppc64le in ironic" 2018-11-07 21:42:23 +00:00
Sofer Athlan-Guyot
1c64c2c07b Enable _member_ role for undercloud install.
During upgrade, as we don't use instack_undercloud anymore, we missing
the _member_ role to the admin user.

This creates the necessary hooks in tht to have the member role
created during upgrade (and install for that matter).

This passes on the keystone_enable_member to puppet-tripleo, but it
needs a patch there as well for this mechanism to fully work.

Change-Id: I2319ed876eba7f21c0e80444bf78ca080fef252a
Depends-On: https://review.openstack.org/611919
Partial-Bug: #1799177
2018-11-07 14:30:40 +01:00
Bogdan Dobrelya
8f4738362a Rework neutron/own agent wrapper tools for podman
Add ContainerCli parameter, default to docker. Possible values:
podman/docker (default).

Deprecate DockerAdditionalSockets so it does nothing for podman.
Nested podman CLI replaces docker sockets. Only bind mount
/var/lib/openstack for the neutron/ovn agents for docker.

Support debug messages for Neutron/OVN wrappers controled via
NeutronWrapperDebug and OWNWrapperDebug (defaults to False). Or
globally controlled by Debug.

Make the wrapper containers managed by its parent processes and
not exited/removed forcibly, when the parent container restarts.

Background for podman CLI replacing the docker socket:

We'll use 'nsenter -m -n -p -t 1 podman' in wrappers
to execute podman in the same namespaces as on the host
and to NOT bind-mount world for that, like:
- /sys/fs/cgroup:/sys/fs/cgroup
- /run/libpod:/run/libpod
- /run/containers:/run/containers
- /run/runc:/run/runc
- /run/runc-ctrs:/run/runc-ctrs
- /var/lib/containers:/var/lib/containers
- /etc/containers:/etc/containers:ro
- /usr/bin/podman:/usr/bin/podman:ro
- /usr/bin/runc:/usr/bin/runc:ro
- /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro
- /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro
...

We cannot use chroot /host instead as there is more bind-mounts to use
outside of the /host chroot. Maybe varlink is a good replacement for
all of that, but it's not there yet.

Change-Id: I055fb7a5fd20932c5bee665bb96678f3ae92bffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-11-07 09:48:40 +01:00
Carol Bouchard
a425a6f1ff CiscoNexus: Update and Remove deprecated vars
Update and Remove deprecated variables from Cisco Nexus Config.
* Deprecated variables include vlan_name_prefix, svi_round_robin,
  provider_vlan_name_prefix, persistent_switch_config,
  never_cache_ssh_connection, ssh_port, switch_replay_count,
  nexus_driver, and host_key_checks.
* Change config replay to on by defaulting switch_heartbeat_time=30.
* Replaced method of configurating host_ports_mapping config.

Depends-On: Iee2f869c4054f1120d224994aba8c827f981e6c0
Change-Id: Ibda17afdcf7a6748f15390fd8a0a8b70bb6dfc2b
Closes-bug:  #1793381
2018-11-06 15:52:30 +00:00
Zuul
6cd75e791b Merge "Use container_cli for post_upgrade_tasks & external_upgrade_tasks" 2018-11-06 05:13:32 +00:00
Zuul
47ef133ec1 Merge "Set TraceEnable directive for apache to 'Off'" 2018-11-06 05:04:13 +00:00
rajinir
72eea3c6ea Added Dell EMC SC multipath support
Added a new parameter CinderDellScMultipathXfer to
support cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer
to the Dell EMC SC Cinder iSCSI volume driver template.

Depends-On: https://review.openstack.org/#/c/611126/
Change-Id: I04f42ce0cd117f7dcc7a817274ea7664d9995864
2018-11-05 12:48:41 -06:00
Zuul
9e67edf32d Merge "Add posibilities to set default timeouts for octavia" 2018-11-05 17:14:07 +00:00
Emilien Macchi
de798c5947 Use container_cli for post_upgrade_tasks & external_upgrade_tasks
- Export container_cli for post_upgrade_tasks & external_deploy_tasks
  and external_upgrade_tasks
- Replace "docker exec" by {{ container_cli }} exec in these tasks
  (cinder, nova, mysql, ironic and TLS).

Depends-On: Iff509f4dc09862a451ad5cf915aa7764a314c28c
Change-Id: I7b11f44c9255294863879aaff88d0dd1672bff6e
2018-11-05 12:00:46 -05:00
Zuul
c6a5a6f345 Merge "Add chrony time service" 2018-11-05 03:01:00 +00:00
Zuul
1ef3efc61f Merge "Fix tasks in check mode" 2018-11-03 01:33:21 +00:00
Zuul
d9652ebe5e Merge "Move metadata file creation for netapp to puppet-tripelo from THT" 2018-11-03 01:23:05 +00:00
Zuul
d341da504b Merge "Sets ODL OVSDB inactivity probe timer" 2018-11-03 01:23:02 +00:00
Harald Jensås
48e7aba0bf Do not purge the Ironic Inspector dhcp-hostsdir
Since the ironic-inspector service and the dnsmasq
service for ironic-inspector is running in different
containters, having the ironic-inspector service
start/stop the dnsmasq service is non-trivial.

Using `--pid="host"` and making the containers
priviligeied seems less than ideal.

This changes the ironic-inspector configuration so
that it will no longer purge the dhcp-hosts dir on
intialization. Purging the directory without also
restarting (or HUP) the dnsmasq service can cause
the configuration in the DHCP service to deviate
from what ironic-inspector intend it to be.

Related-Bug: #1780421
Depends-On: Icc532115891c567dde20a28110bf08f54187c49f
Change-Id: Id26b578b57c46f9993459f83b5f90393d7798a82
2018-11-02 23:29:37 +00:00
Carlos Goncalves
73cedbc851 Move set of database_connection to OctaviaBase
Other Octavia services like octavia-worker also require setting of
database connection in order to access the octavia database.

Closes-Bug: #1797098
Depends-On: https://review.openstack.org/#/c/612395/

Change-Id: I33a08521a4cfffc709de850b99f9292ca464537e
2018-11-02 19:38:53 +01:00
Zuul
61800c2c63 Merge "Set correct project name for designate-neutron integration" 2018-11-02 16:32:21 +00:00
Zuul
fb066c168a Merge "Add /v2 suffix to Designate uris" 2018-11-02 16:32:19 +00:00
Zuul
6c21a25eb2 Merge "Add parameters for cinder storage availability zones" 2018-11-02 09:54:12 +00:00
Rabi Mishra
2777c2b7d8 Set TraceEnable directive for apache to 'Off'
Openstack service don't support TRACE requests, so there is little
point allowing TRACE for apache.

Change-Id: I396a4c3bfab8f353d038b011d5dc8029f4137a57
Closes-Bug: #1801298
2018-11-02 12:10:55 +05:30
James Slagle
16dff38eb4 Fix tasks in check mode
These tasks should have check_mode:no set so that they run in check
mode, as the variables they register are used in later tasks. Otherwise,
ansible in check mode fails with undefined variable errors.

Also, some tasks may fail due to not all requirements being available
since those requirements were not created by previous tasks that were
also ran in check mode.

This adds ignore_errors to these tasks, and sets the value to the
boolean ansible_check_mode which is provided by ansible and set based on
whether or not --check was passed to the ansible command line.

Change-Id: I84bc3c14ede37959a4078fd14ce4661b7bd23f84
2018-11-01 19:14:14 +00:00
Steve Baker
d5728ef0b1 Pass DockerRegistryMirror to prepare
This is required to fix bug #1800958 so that DockerRegistryMirror is
available to make mirror requests during prepare.

Change-Id: If896c22bf449a3ac91ca363648f84dd5b9aef227
2018-11-01 14:50:23 +13:00
Zuul
92ffd5cf75 Merge "Add OpenStack clients service" 2018-11-01 01:35:45 +00:00
Alex Schultz
2d59a92a34 Add chrony time service
Add a chrony service configuration. The chrony service configuration
includes tasks to ensure that the ntpd service is stopped prior to
configuring chronyd. Since both can be switched back and forth, the ntpd
configuration is also updated to stop chronyd prior to attemping to
configure the ntpd service.

Change-Id: Ie5e8183c000915f28166c842cecc04f445c013ae
Related-Blueprint: tripleo-chrony
2018-10-31 18:55:19 +00:00
Juan Badia Payno
de7b5ce651 Sensu Deprecation note
Sensu is going to be remove in future releases.

Change-Id: Iecd7845f5b57c56f4f39ff6965969184eef8ebf2
2018-10-30 11:36:32 +01:00
Juan Badia Payno
1e65a0b01d Fluentd deprecation releasenote
Fluentd will be replaced by rsyslog. Rsyslog is not integrated yet
so Fluentd is still an option.

Change-Id: Ia8e7329b5ee1c321ccbae016eada729dae8a7d79
2018-10-30 11:31:57 +01:00
Tong Liu
11b0b86afb Add more NSX config parameters
Update dhcp_profile_uuid and metadata_proxy_uuid config params
based on NSX plugin side changes, and also expose more config
parameters that can be used in depoying tripleo with nsx plugin.

Change-Id: I787606f39f1b707211f19415aceb81cda8260d91
2018-10-30 03:28:12 +00:00
Zuul
1393ced362 Merge "Set hierdata for swift server workers conditionally" 2018-10-29 23:01:49 +00:00
Alex Schultz
653649ebbc Add OpenStack clients service
We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.

Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
2018-10-26 16:25:35 -06:00
Kamil Sambor
72996097b6 Add posibilities to set default timeouts for octavia
Expose timeouts values for octavia frontend client
and backend member by parameters:
* OctaviaTimeoutClientData
* OctaviaTimeoutMemberConnect
* OctaviaTimeoutMemberData
* OctaviaTimeoutTcpInspect

Change-Id: I07afa4e15c595f984cba23672f910993495851ff
Closes-Bug: 1797130
Depends-On: https://review.openstack.org/609420/
2018-10-26 10:36:53 +00:00
Zuul
1fd31e4270 Merge "Standardize path to prepare log file" 2018-10-25 19:10:07 +00:00
Tim Rozet
2006b8218d Sets ODL OVSDB inactivity probe timer
Defaults the ODL OVSDB inactivity probe timer to 180s. This value is
more suitable for large number of compute nodes as the default ODL value
of 5s causes too much stress on the controller in large scale
environments.

Closes-Bug: 1797128

Change-Id: I74a8c40b609adec97a27602700bbfa7203ad031f
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-10-24 11:43:20 -04:00
Pranali Deore
cf23c39254 Move metadata file creation for netapp to puppet-tripelo from THT
Since, openstack-glance package has been removed from overcloud image
during the cleanup, 'filesystem_store_metadata_file' file is failing to
create on host in case of glance netapp.

So, moving metadata file creation part in puppet-tripleo and setting
few more conf parameters which were missing previously. Also
merging the regular NFS and Netapp NFS mounts as the process of
mounting NFS share is independent of whether the share is for Netapp
server or any other nfs server.

Depends-on: I031a8921a74af137927ba83ee2307aafc13263cb
Depends-on: If3a0bc37fe23698b5b5730b4e535f4f56b266a75
Change-Id: I621208c2d41a1942b48d4cf92fc1aa7f4e08e1d4
2018-10-24 11:44:54 +05:30
Tony Breeds
1697a3f867 Add support for configuring ppc64le in ironic
Change-Id: Id9688f938cf601508b5f514b0e00fae658764402
2018-10-24 10:38:43 +11:00