1803 Commits

Author SHA1 Message Date
Zuul
2e37e7e22f Merge "Bind mount docker-puppet.py in RO without SElinux labelling" 2019-01-07 21:25:12 +00:00
Zuul
c61009a7c2 Merge "Ensure we get the correct setype for haproxy log dir" 2019-01-07 19:41:19 +00:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Zuul
950640ad52 Merge "Use templating for nova cell database_connection" 2019-01-07 14:02:29 +00:00
Zuul
9292982060 Merge "Prevent service bootstrap node facts from colliding with each other" 2019-01-07 10:40:28 +00:00
Zuul
df10ea7afa Merge "Add template code to configure hsm backends for barbican" 2019-01-05 02:47:09 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Emilien Macchi
21145a91b5 Bind mount docker-puppet.py in RO without SElinux labelling
docker-puppet.sh doesn't need to be bind-mounted in read-write,
read-only should be enough.
Therefore, we don't need to relabel the script when running the
container.

The background of this patch can be found here:
https://github.com/containers/libpod/issues/1844

The version of runc that is vendored in libpod contains is a bit old and
doesn't the labelling task isn't tied to the threads yet (done by
aa3fee6c80)

We will request an update of runc in libpod but we also want to avoid
useless RW for this bind mount, which is the goal of this patch.

Note: we also switch /etc/config.pp and /etc/puppet/ to RO, without labelling
as well.

Change-Id: I87568372e80bd8bdb17ae6396ffe5805e37359a7
2019-01-04 10:52:01 +01:00
Zuul
c4fb84b044 Merge "Fix a typo of "rabbitmq"" 2019-01-04 03:02:01 +00:00
Zuul
1980cfd3a4 Merge "Fix and consolidate cinder-backup host prep tasks" 2019-01-03 19:03:20 +00:00
Zuul
2346d52362 Merge "Flatten Zaqar service configuration" 2019-01-03 19:03:17 +00:00
Jiri Stransky
54fb81ecd9 Prevent service bootstrap node facts from colliding with each other
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).

This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.

Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.

Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
2019-01-03 17:27:27 +01:00
Cédric Jeanneret
44b155eca6 Ensure we get the correct setype for haproxy log dir
Since haproxy logs are managed by rsyslog, we want to ensure this
service can actually write in the location.

This means we have to ensure haproxy/* is set to var_log_t, and NOT
the usual svirt_sandbox_file_t context.

Change-Id: Ica897c186268461f8f90cca4d417794d9b7dedad
2019-01-03 16:00:21 +01:00
Zuul
da38d3d3f2 Merge "Align novajoin container logging to other services" 2019-01-03 07:41:10 +00:00
Zuul
02a80d1141 Merge "Remove unused nova packages from host during upgrade and update" 2019-01-03 03:55:03 +00:00
Ade Lee
17e0087e43 Add template code to configure hsm backends for barbican
Adds support for the Thales and ATOS client software.

Change-Id: I79f8608431fecc58c8bdeba2de4a692a7ee388e9
Co-Authored-By: Douglas Mendizabal <dmendiza@redhat.com>
2018-12-20 12:54:55 -06:00
Oliver Walsh
7288062676 Use templating for nova cell database_connection
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.

This patch addresses the templated DB urls as part 1.

Nova support added here:
https://review.openstack.org/#/c/578163/

Related-Bug: 1808134

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: If30b4647bca210663a22fd653e752d4d57345bdd
2018-12-20 16:30:00 +01:00
c3bd127421 Temporary remove selinux label mount option for neutron
Neutron services failing with below Error when running
with podman(0.12.1) and container-selinux(2.77):-

relabel failed "/run/netns": operation not supported

Until this is fixed in podman/container-selinux, temporary
remove selinux relabel on /run/netns.


Depends-On: https://review.openstack.org/#/c/626546/
Change-Id: Iedbeac17a0c530ecdc7e8cbba5ddd4ffb22bb616
Partial-Bug: #1809218
2018-12-20 11:07:03 +00:00
Rajesh Tailor
669a7b8aeb Remove unused nova packages from host during upgrade and update
As of now, during to upgrade from pike -> queens or doing
minor update on pike/queens deployment, the nova packages upgrade
on compute node changes the permissions on /var/lib/nova tree from
42436 (container nova uid) to 162 (host nova uid) which
prevents user from creating instances with permission Error.

This change handles removing unused nova packages from compute
host during major upgrade as well as minor update on explicitly.

Change-Id: I7e7167252f08f5df555912e0692f33649228fc83
2018-12-20 12:17:09 +05:30
Zuul
24a63061aa Merge "puppet_config for rabbitmq_bundle needs file_line" 2018-12-19 15:46:30 +00:00
Zuul
7e1a0a9014 Merge "Remove ties between ceilometer and panko" 2018-12-19 13:28:19 +00:00
Zuul
9f67423cc9 Merge "Add config files/templates to integrate nsx plugin with container" 2018-12-19 06:54:00 +00:00
Zuul
9f4e2dc2cf Merge "flatten memcached service configuration" 2018-12-18 02:40:07 +00:00
Zuul
454eff05fe Merge "Flatten Ironic services configuration" 2018-12-18 02:40:05 +00:00
Zuul
be9deb3575 Merge "Flatten Glance service configuration" 2018-12-17 18:01:53 +00:00
Zuul
beb8ae7dd5 Merge "Correct file modes for rpmlint failures" 2018-12-15 19:06:38 +00:00
Zuul
1a4ee4ee0e Merge "Fix access to /var/lib/haproxy when SELinux is enabled" 2018-12-14 22:08:29 +00:00
Zuul
e8f5104440 Merge "Flatten Keepalived service configuration" 2018-12-14 21:59:41 +00:00
Jill Rouleau
971d97bf99 Correct file modes for rpmlint failures
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.

Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
2018-12-14 13:21:28 -07:00
David J Peacock
7a9d6cbc22 flatten memcached service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of memcached services has been removed.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ibb74d9e1673d079a6090efe4215c7ee041fce7d6
Related-Blueprint: services-yaml-flattening
2018-12-14 12:06:53 -05:00
Cédric Jeanneret
7fbc4b098f Flatten Glance service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of glance services has been removed.

Change-Id: Ie2ac2072f0742ec5e521fc6e3734e89f8a007077
Related-Blueprint: services-yaml-flattening
2018-12-14 08:23:32 +01:00
Cédric Jeanneret
0de7bc09f3 Flatten Zaqar service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of zaqar service has been removed.

Change-Id: I8947d2fc5e5672e701d2802cd14a3fa176877a7d
Related-Blueprint: services-yaml-flattening
2018-12-14 07:45:24 +01:00
Cédric Jeanneret
ced9f888e9 Flatten Ironic services configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of Ironic services have been removed.

Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
2018-12-14 07:25:13 +01:00
Zuul
c4b816e8c5 Merge "Ensure we get dedicated logging file for HAProxy" 2018-12-14 05:40:57 +00:00
Alan Bishop
81e8f08a12 Fix and consolidate cinder-backup host prep tasks
This patch consolidates the host prep tasks for the HA and non-HA
versions of the cinder-backup service. In addition to not maintaining
two separate lists, it fixes an error in the non-HA service.

Change-Id: I79709b64dc7f6cadc7dec9f80f64ca962d2f4130
2018-12-13 10:35:38 -05:00
Emilien Macchi
7345963531 Flatten Keepalived service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.

Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
2018-12-13 10:26:26 -05:00
Zuul
84c0748674 Merge "Enable image import plugins & image output format" 2018-12-13 07:22:32 +00:00
Zuul
7e94554c0e Merge "Upload amphora image in RAW format if RBD backend" 2018-12-13 07:22:30 +00:00
Mike Fedosin
32f4db83c6 Fix access to /var/lib/haproxy when SELinux is enabled
Currently we don't use relabeling of the folder when SELinux is enabled.
This leads to the fact that we can not update the configuration of
haproxy during the update, because of missing permissions.

This commit adds the relabeling for the folder, which allows the
container with haproxy to write into it.

Closes-Bug: #1807933

Change-Id: Ie79aed5f5665658ea09e000a4847062e9207e25c
2018-12-12 15:02:45 +00:00
Pranali Deore
9333740b69 Enable image import plugins & image output format
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.

Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.

Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
2018-12-12 15:32:12 +05:30
Cédric Jeanneret
0576e26234 Ensure we get dedicated logging file for HAProxy
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
2018-12-12 10:16:42 +01:00
Zuul
f2f63a3808 Merge "Fix - ApacheServiceBase needs ServiceData" 2018-12-12 00:49:59 +00:00
Zuul
371f76dfca Merge "mistral-executor: bind-mount undercloud.conf when validations are enabled" 2018-12-12 00:49:55 +00:00
Michele Baldessari
34aa23814e puppet_config for rabbitmq_bundle needs file_line
The main reason for this change is that in a related puppet-tripleo patch
we will use the file_line puppet class in order to set some parameters
to reduce the excessive rabbitmq logging.

Because this change will be very specific to rabbitmq running in a
container we also need to make sure that we actually use the
rabbitmq_bundle puppet manifest to create config files and not the
more generic one.

Change-Id: Ic0789da4645a4ee186d82ad7d943de78d4d5c443
Related-Bug: #1806451
2018-12-11 16:17:24 +00:00
Zuul
bf48c36bc4 Merge "upgrade: remove tasks that stop and disable services" 2018-12-11 05:11:53 +00:00
Zuul
95368f6e30 Merge "Allow to run docker-puppet.py with SELinux enabled" 2018-12-10 22:14:57 +00:00
Harald Jensås
9efb5f9d52 Fix - ApacheServiceBase needs ServiceData
The puppet apache service uses the cidr map in ServiceData.
Services did not pass the ServiceData to the apache
service template. Because of this the property resolves to
an empty string which is not correct. The empty string
cause problems when yaql in common/services.yaml is merging
config_settings.

Closes-Bug: #1806718
Change-Id: Ia3af9535e3af1dad4ac833983ebe29b6002f0815
2018-12-10 19:26:44 +00:00
Zuul
2256a5e84a Merge "Re-implement keepalived restart without pre_deploy" 2018-12-10 18:11:35 +00:00
Zuul
ddc69b2570 Merge "Don't mount data folder" 2018-12-10 17:48:06 +00:00
Emilien Macchi
e4ee042a2a upgrade: remove tasks that stop and disable services
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.

Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
2018-12-10 09:19:59 -05:00