142 Commits

Author SHA1 Message Date
Thomas Herve
ae2ccb5f41 Remove workflow_tasks
I don't think it's used anymore.

Change-Id: I928b53d7388e460da3b26306b9f3c548808d329e
2019-01-24 11:08:53 +01:00
Zuul
68f1636b5b Merge "Ensure /var/lib/config-data exists before setting selinux context" 2019-01-23 11:48:08 +00:00
Jiri Stransky
c2e2b62974 Ensure /var/lib/config-data exists before setting selinux context
Otherwise the follow up task would fail on newly provisioned nodes.

Change-Id: I33017682e878d0542669aa8fbaba1968047aac24
2019-01-22 08:21:34 +00:00
zhulingjie
a6479d0b51 use include_tasks instead of include
Change-Id: I4aa8055fe800723b3e140f8232c9e41e769e11f3
2019-01-22 04:54:34 +00:00
Zuul
52a70658ab Merge "Be explicit when passing vars into deploy steps" 2019-01-15 18:16:40 +00:00
Bogdan Dobrelya
35aae87301 Be explicit when passing vars into deploy steps
Implicit defaults hide issues with overring ansible variables as we
pass values in from deploy-steps.j2.

Make no implicit defaults for variables passed into deploy steps via
ansible vars. Only expect those take the values defined in the caller
deploy-steps.j2 playbook template. Add missing params and vars for
templates to propagate ansible values for external deploy/upgrade,
upgrade/update and post upgrade steps playbooks.

Make DockerPuppetDebug boolean to align with other booleans we pass
into deploy steps via ansible vars. Fix its processing in
docker-puppet.py, which is defaults for DockerPuppetDebug: ''
converted into 'false' in deploy steps tasks playbook, and then
that becomes always True in docker-puppet.py.

Related-Bug: #1799914

Change-Id: Ia630f08f553bd53656c76e5c8059f15d314a17c0
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-15 10:59:50 +01:00
Cédric Jeanneret
ee7fbe5963 Ensure we get the right SELinux context for config-data sub-dir
When docker was used, its "create host directory tree" feature was
used. It apparently created directories with "container_var_lib_t"
type, and this prevents podman container to access the content with
AVC errors (permission denied).

The following patch ensures we get a recursive chcon running.

We're using "command" instead of "file" module because ansible doesn't
like broken symlink (in fact, they are symlink with relative path
within containers).

Change-Id: I20d00c79fc898b0c4e535662ee6a70472e075b36
2019-01-03 15:33:36 +01:00
Zuul
795dfcfdce Merge "Replace confusing usage of update_identifier" 2018-12-20 01:51:14 +00:00
Thomas Herve
eb3efe7133 Remove deploy steps on empty roles
When a role count is 0, we can create the deployment resources
conditionally.

Closes-Bug: #1671859
Change-Id: I467b9ded1a1b33d520cb69aa86b253a0552643f7
2018-12-12 09:50:36 +01:00
Rabi Mishra
c2aeb45e38 Replace confusing usage of update_identifier
We use update_identifier ansible variable to check if we need to
re-run deployment tasks. Though there is no bug as we use
DeployIdentifier heat param for it, it's little confusing
(UpdateIdentifier was meant for package updates).

This also removes usage of UpdateIdentifier/update_identifier in
all_nodes_config.j2.yaml. We can deprecate/remove the heat param in a
subsequent patch.

Change-Id: I36ed62ae605a2d8f8f139b50646144b143d5e5f4
2018-12-12 09:25:00 +05:30
Zuul
8f5b24de22 Merge "Add ansible python interpreter configuration support" 2018-12-12 00:50:06 +00:00
Zuul
d368217c83 Merge "Remove HostPrepConfig" 2018-12-12 00:50:03 +00:00
Alex Schultz
63a6d4b33f Add ansible python interpreter configuration support
Because we call ansible to run heat to execute ansible for the HostPrep
and RoleConfig, we need to be able to pass the
ansible_python_interpreter to be used for the ansible-playbook execution
via the ansible heat hook.  This change adds an PythonInterpreter
heat configuration than can be used to config it from the default
/usr/bin/python to something like /usr/bin/python3

Change-Id: Idfefe1959e5b95b7d54ce8cb5c2a569225d50847
Related-Blueprint: python3-support
2018-12-10 08:42:58 -07:00
Zuul
570f1da4e3 Merge "Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml" 2018-12-07 16:57:36 +00:00
Emilien Macchi
efa69b734b Remove HostPrepConfig
HostPrepConfig was using the old way (Heat) to run Ansible. We don't
need it anymore thanks to config-download.

It removes some technical debt and reduce our number of interfaces to
configure software.

Change-Id: I2041e6892de76b0ed04d7497e3f9064bfaf58270
2018-12-07 09:10:38 -05:00
Dan Prince
0cbbdac604 Add DockerPuppetMountHostPuppet parameter
This can be used to control whether puppet modules are consumed
from the baremetal host or from the container. Our default
is to consume these from the host so that deployment
archive tarballs can be used to extra puppet modules from
the host.

Since I61e35d8118c1de4c2976f496e8a6c9c529f3d91f we've had
puppet-tripleo in our containers however so using this
location would be possible as well.

Change-Id: I73026e66bcfafd1c582916141b5b1cf0ce0dc36c
2018-11-30 07:39:59 -05:00
Steven Hardy
21905f7588 Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml
There was also a special flag for FFU that triggered repo setup only
on the bootstrap node, so switch this to use the per-service bootstrap
name instead.

Change-Id: I32f963a002399af4911acbf507312f378aac3599
Partial-Bug: #1792613
2018-11-27 15:59:28 +00:00
Jiri Stransky
021d1b1efb Stop upgrade if a task on one node fails
When we were upgrading multiple nodes at the same time,
e.g. controllers, and a taks on one of the nodes failed, the other
nodes would keep upgrading. This is undersirable and can be fixed by
adding any_errors_fatal to the Ansible plays.

Change-Id: Iad2b5e32e955da41af4d2b8dd8ad8aa1eb5dffa9
Closes-Bug: #1804468
2018-11-21 15:48:53 +01:00
Emilien Macchi
eeb07fcb4a Honor --skip-deploy-identifier in common deploy tasks for updates
To continue the work that was done in
I711dbb00a9c34dbd96ef179ef41bff281b0001d1, we also need to skip the common
deploy tasks if --skip-deploy-identifier is passed by the operator.

When using --skip-deploy-identifier, the UpdateIdentifier is set to
None.
Ansible doesn't see None as "", so we really need to test if the
variable is defined or not. That patches changes the logic to test that.
We also support the case where the variable is set to "", and consider
is as empty which means we want to skip the deploy/updates.
It is also doing it for the update playbooks which includes tasks from
commont deploy.

It is not replicating the exact condition as in deploy_steps_playbook.
There is no need to also check if /var/lib/docker-container-startup-configs.json
file is here because it has been created during the initial deployment.

This fix the bug where --skip-deploy-identifier wasn't honored during
stack updates.

Co-Authored-By: Thomas Hervé <therve@redhat.com>
Co-Authored-By: Sam Doran <sdoran@redhat.com>

Change-Id: Ibab17dcaeebea65135fca4f40562109c90f36c27
Related-Bug: #1796924
2018-11-19 13:53:13 +00:00
Emilien Macchi
de798c5947 Use container_cli for post_upgrade_tasks & external_upgrade_tasks
- Export container_cli for post_upgrade_tasks & external_deploy_tasks
  and external_upgrade_tasks
- Replace "docker exec" by {{ container_cli }} exec in these tasks
  (cinder, nova, mysql, ironic and TLS).

Depends-On: Iff509f4dc09862a451ad5cf915aa7764a314c28c
Change-Id: I7b11f44c9255294863879aaff88d0dd1672bff6e
2018-11-05 12:00:46 -05:00
Emilien Macchi
da224f7a9c Export container_cli for update & upgrades & post upgrade tasks
container_cli will be used later by update, upgrade and post upgrade tasks.
This patch is separated from actual tasks, so we can quickly iterate in
multiple patches.

Change-Id: I1ed7dec0019113f1259bce986f354723237f6a25
2018-11-03 03:56:59 +00:00
James Slagle
5a5ad11d0b Add common vars to common plays
We should pass in the common vars to all the common plays in
deploy-steps.j2 so that tasks will have them available. Some of these
parameter driven variables were never actually wired up, so they didn't
work to begin with (such as enable_puppet/enable_debug).

Change-Id: I830e1ae21fe3e278a5f7591065d066c0a6883a9a
Closes-Bug: #1785635
2018-10-25 14:32:17 +02:00
Zuul
94943cfff9 Merge "Introduce proper steps to external update/upgrade tasks" 2018-10-17 15:03:47 +00:00
James Slagle
a7955832df Honor --skip-deploy-identifier in common deploy tasks
To match the previous functionality when not using config-download, the
common deploy step tasks should be skipped for already deployed nodes
when using --skip-deploy-identifier.

This patch adds a task to check if one of the json configuration files
created by the common tasks already exists. If it does, and
--skip-deploy-identifier has caused an empty DeployIdentifier parameter
value, the tasks will be skipped for that node.

Change-Id: I711dbb00a9c34dbd96ef179ef41bff281b0001d1
Closes-Bug: #1796924
2018-10-09 11:55:13 -04:00
Jiri Stransky
bcd6cde608 Introduce proper steps to external update/upgrade tasks
So far the tasks for external update/upgrade were not using the step
mechanism as other tasks, we had a single step. As external
deploy/update/upgrade tasks are being used for more things nowadays,
it's likely that we'll need to go towards a similar model like we have
for deploy/update/upgrade tasks -- proper usage of steps.

For now we have just 2:

* Step 0 for setting global facts, and performing validations.

* Step 1 for actual update/upgrade tasks. (There's an upcoming change
  to run online data migrations in step 1).

Change-Id: I1933bd0eedab71caab56c0e5d93ba7927fb7c20f
Partial-Bug: #1793332
2018-10-04 12:08:21 +02:00
James Slagle
bf6efb06c7 Tag step plays
This adds a tag step[1-5] to each of the plays within the jinja2 loop to
create our 5 deployment steps. Using these tags, it's possible to run
these plays individually if desired.

Change-Id: Ic705afbf174b4597d98c2b83041ff88dd8d6664c
2018-09-24 09:17:15 -04:00
Emilien Macchi
e175e5ab2f Initial support for Podman in docker-puppet
Create a new parameter in TripleO: ContainerCli.
The default is set to 'docker' for backward compatibility but it allows
to also set to 'podman'.
When podman is selected, the right commands will be run so docker-puppet
can configure the containers when Podman is the selected container
library backend.

It removes the tripleo_logs:/var/log/tripleo/ mount that was used
by tripleo-ui but we shouldn't do that here. We'll create a bind mount
in tripleo-ui container later.

It run puppet with FACTER_hostname only if NET_HOST is disabled.

Change-Id: I240b15663b720d6bd994d5114d43d51fa26d76cc
Co-Authored-by: Martin André <m.andre@redhat.com>
2018-09-08 05:23:00 +00:00
Zuul
639a043f0d Merge "Allow performing Ceph update/upgrade separately" 2018-09-04 23:04:41 +00:00
Zuul
06c4507550 Merge "Parallelize server pre and post steps" 2018-08-21 19:03:14 +00:00
Zuul
46ef074336 Merge "Default bootstrap_server_id" 2018-08-19 02:50:12 +00:00
James Slagle
d4d15d0407 Default bootstrap_server_id
When blacklisting all servers from the primary role, the yaql expression
to get the bootstrap_server_id value fails as it tries to index the list
at the 0'th element. In this case, default the bootstrap_server_id value
to a constant string which won't match any actual server id's.

Change-Id: Ibb26245156675f64709bab075875ce4b498b4db6
Closes-Bug: #1785665
2018-08-06 17:46:08 -04:00
James Slagle
553fc0d264 Pass all vars to deploy-steps-tasks.yaml with config-download
Not all vars were getting passed to deploy-steps-tasks.yaml when using
config-download. This didn't cause any issue because all the vars have
default value, but the user specified value should be honored as well.

Change-Id: I5972e1c674cf9008366c2bb10b54eb975ab8cb93
Closes-Bug: #1785635
2018-08-06 10:15:56 -04:00
James Slagle
6b506eea2c Parallelize server pre and post steps
Update the play for the server pre and post steps so that the tasks run
in parallel across all roles, instead of doing one role at a time. By
not using the "when" attribute, and relying on the tripleo_role_name var
for the list of deployments, we can force these tasks to run in parallel
across all roles.

Change-Id: I83a4deaa68d5788edb5ab13652bb30c762f337d8
2018-08-06 13:26:59 +00:00
Jiri Stransky
4504aadef6 Allow performing Ceph update/upgrade separately
Running `openstack overcloud external-update run` will update all
external services. This commit adds possibility of running `openstack
overcloud external-update run --tags ceph` to specifically update just
Ceph. It works analogically for upgrades.

Change-Id: Ic1786b6dbfa54516bfb836b450fc35452dca8cb5
Partial-Bug: #1783949
2018-08-02 15:04:22 +02:00
Jiri Stransky
6364f2286c Update and upgrade tasks for services deployed via external deploy tasks
Composable service templates can now define external_update_tasks and
external_upgrade_tasks. They are meant for update/upgrade logic of
services deployed via external_deploy_tasks. The external update
playbook first executes external_update_tasks and then
external_deploy_tasks, the procedure for upgrades works
analogously. All happens within a single playbook, so variables or
fact overrides exported from the update/upgrade tasks will be
available to the deploy tasks during the update/upgrade procedure.

Partial-Bug: #1783949
Change-Id: Ib2474e8f69711cd6610a78884d5032ffd19ad249
2018-08-02 15:04:15 +02:00
Emilien Macchi
6860fb84f5 Switch deployment_source_hosts default to "Undercloud"
"undercloud" host is too opinionated and hostnames can change. We should
rather apply the tasks to the Undercloud HostGroup, which contains one
host for now: the actual undercloud hostname.

So this patch switches "undercloud" to "Undercloud" so when the hostname
isn't "undercloud", the external tasks will run correctly on this host.

Change-Id: I7200f930387406e6cc8e6fee6d5278768074c892
Closes-Bug: #1784910
2018-08-01 16:35:21 -04:00
Zuul
44514779bc Merge "Don't run host_prep_tasks from {{role}}HostPrepDeployment" 2018-07-26 06:58:56 +00:00
James Slagle
697b1d9438 Don't run host_prep_tasks from {{role}}HostPrepDeployment
host_prep_tasks are run from deploy_steps_playbook.yaml, so there's no
need to also run them as part of the {{role}}HostPrepDeployment
resources.

Change-Id: If1bf6dda19e6e0b875463c421f9504efab85251b
2018-07-23 19:37:36 -04:00
Emilien Macchi
b3a7cfc43f ansible: replace yum module by package module when possible
Problem: RHEL and CentOS8 will deprecate the usage of Yum.

From DNF release note:
DNF is the next upcoming major version of yum, a package
manager for RPM-based Linux distributions.
It roughly maintains CLI compatibility with YUM and defines a strict API for
extensions.

Solution: Use "package" Ansible module instead of "yum".

"package" module is smarter when it comes to detect with package manager
runs on the system. The goal of this patch is to support both yum/dnf
(dnf will be the default in rhel/centos 8) from a single ansible module.

Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
2018-07-21 00:17:25 +00:00
Zuul
1f7062b0ef Merge "Add blankline for readability" 2018-07-13 06:09:09 +00:00
Zuul
65795c744a Merge "Remove unuseful become: true from deploy-steps" 2018-07-11 00:03:10 +00:00
Zuul
d2994ca593 Merge "Replace deprecated include module with include/import_tasks module" 2018-07-10 20:09:42 +00:00
Bogdan Dobrelya
f29e2c7a22 Double the docker puppet process counts
Deploy steps run the docker puppet steps with max of
a 3 processes. This takes like 30 min to finish the
containers configuration for a typical overcloud (in CI).

Double the numbers to allow more puppets finish threir
tasks sooner.

Change-Id: Id0b0371e7f21f56528027921732ade786525d659
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-07-05 14:01:10 +03:00
Saravanan KR
1f9881554c Replace deprecated include module with include/import_tasks module
include module is deprecated. The alternate is to use import_tasks
for static file tasks inclusion and include_tasks for dynamic tasks
file inclusions (like using with_items).

Change-Id: I8b3bf3ba3d7c2cfbe1187218c51f619e65efe0e5
2018-07-05 16:01:14 +05:30
Jiri Stransky
6b3e8aa073 Execute post_update_tasks in update playbook
We drop the post_update_steps_playbook, and execute post_update_tasks
as part of the update_steps_playbook. This will ensure that
post_update_tasks are executed, and they're executed in accordance
with the `serial: 1` ordering that update_steps_playbook is using. (We
want to avoid an issue similar to what we've had in bug #1776206).

Change-Id: I15a984172cd5532bc966269d8c68f27b5703733e
Closes-Bug: #1778471
2018-06-25 10:39:56 +02:00
Raoul Scarazzini
c494a508f8 Remove unuseful become: true from deploy-steps
The ansible command generated in ansible-playbook-command.sh by default
have "--become" in it.
This commit removes "become: true" where is used to avoid confusion in
deploy steps. Today we explicitly set "become: false" in deploy-steps.j2
for certain actions, so there's no meaning of having also "become: true"
for the other ones.
We have a release note [1] that explains why the "become" was
introduces, but maybe we can revisit it.

[1] releasenotes/notes/use-become-true-in-deploy-steps-playbook-01decb18d895879f.yaml

Change-Id: Ic666b4ecaecf0591dd8bb0406f239649b20b9623
2018-06-13 16:28:48 +02:00
Jiri Stransky
416b35f4c3 Updates: run host_prep_tasks between update tasks and deployment tasks
We should re-run host_prep_tasks as part of the minor update, to make
sure the host is ready for starting the updated containers. The right
place for them is between update tasks and deployment tasks.

This is important in case we deliver changes to host_prep_tasks during
minor update, or if update_tasks do something that would partially
undo the host preparation, e.g. clear/delete some directories on the
host to get rid of previous state.

Change-Id: Ic0a905a8c4691cbe75113131bd84e8a39dea046d
Related-Bug: #1776206
2018-06-11 14:06:40 +02:00
James Slagle
e01005f7af Add blankline for readability
Improves readability of rednered deploy_steps_playbook.yaml playbook.

Change-Id: I327a905aaef3acb1e5a7939d7adbc806645f46f8
2018-06-05 09:05:13 -04:00
Zuul
25f583c640 Merge "Add stack name to env() for OS::TripleO::WorkflowSteps" 2018-05-31 11:27:15 +00:00
Alex Schultz
3a9c0e8420 Parameterized deployment hosts
In order to make the deployment more flexible, we should allow for the
ansible hosts to be configurable from the old undercloud/overcloud
concepts. Rather than assume 'undercloud'/'overcloud', we should allow
for these to include the same set of hosts.  This change introduces
'deployment_source_hosts' and 'deployment_target_hosts' variables that
can be used to control where the tasks are run on.

Change-Id: I249cc7e179bc1423788aab967c4b2e3f9ffc81d4
Related-Blueprint: all-in-one
2018-05-29 14:49:07 -06:00