644 Commits

Author SHA1 Message Date
Zuul
a23598c413 Merge "Include the DB password in a Mistral environment for creating backups and restores" 2019-02-02 02:48:02 +00:00
Martin André
8a818ab226 Apply changes to cluster using updated inventory
It could cause issue when being on inventory containing nodes marked as
new.

Specifically, it caused an undefined ansible variable error when
re-running the deploy playbook on an inventory that contained nodes in
the new_masters group.

Closes-Bug: #1812962
Change-Id: Iaf9403b5f60f06769d94317d261de8cad94274ab
2019-01-23 11:45:05 +01:00
Martin André
ff36d44af5 Generate post-deployment openshift-ansible inventory
This allows to run custom openshift-ansible playbooks with an inventory
that reflects the deployment status.

Related-Bug: #1812962
Change-Id: I94b6ae04a3e31fe0b7951df2446cc91b5842cd77
2019-01-23 11:42:26 +01:00
Martin André
1febc8b7b3 Store nodes information in a dict
Re-using the same variable for each role was not very clean and forced
us to re-check which master nodes were new in the deployment. Instead,
use a dict for `role_nodes` and `new_role_nodes` with keys being the
role name.

This will allow us to re-generate updated inventory in later step
without needing to set the facts once again.

Related-Bug: #1812962
Change-Id: I21ed56a1c4d43a3e0945c8b74dd94ccf89dc05b0
2019-01-23 11:42:26 +01:00
Martin André
cb675a91a7 Fix openshift playbook import
I4aa8055fe800723b3e140f8232c9e41e769e11f3 wrongly replaced 'include'
with 'include_tasks' in openshift and kubernetes templates and broke
their deployment, resulting in an ansible error:

  ERROR! 'include_tasks' is not a valid attribute for a Play

Use import_playbook instead.

Change-Id: I0bb9bfabeb06dc9d602ad173ce2d12d1771b6b1f
Closes-Bug: #1812983
2019-01-23 11:42:20 +01:00
Zuul
a535dd6e9c Merge "Revert "post_deploy: support python3 for undercloud scripts."" 2019-01-23 05:14:18 +00:00
Alex Schultz
85d9cf4956 Revert "post_deploy: support python3 for undercloud scripts."
This reverts commit 1143714b340cc5a3c9ed422af54fc12993067005.

So we're actually changing this out in packaging. It'll fail
if you deploy from code, but the fedora version of the 
package should end up with /usr/bin/python3. This is why
we didn't hit this in CI.

https://review.rdoproject.org/r/#/c/18465/

Change-Id: Ibad6ff84b33ae3d6011c87028fe02695eea69482
2019-01-23 00:23:02 +00:00
Zuul
36dbe92cc0 Merge "post_deploy: support python3 for undercloud scripts." 2019-01-22 23:24:43 +00:00
Emilien Macchi
1143714b34 post_deploy: support python3 for undercloud scripts.
Use str_replace to use Python3 interpreter when needed in cloud_yaml.py
called by undercloud_post and standalone_post.

Also for undercloud_post.py and undercloud_ctlplane_network.py.

Change-Id: I48d779c0b142d885214ca4c2158f61f7f886ebf7
2019-01-22 12:58:34 -05:00
Carlos Camacho
166803d05f Include the DB password in a Mistral environment for creating backups and restores
We need to include also the Undercloud DB in a Mistral
environment to be able to create the DB backup from the CLI.

Now, we do this using python and THT but we didn't include it.

Change-Id: If503e733b103a34ae5639eb56dfae05f9783d59a
Closes-Bug: 1812839
2019-01-22 16:08:03 +01:00
zhulingjie
a6479d0b51 use include_tasks instead of include
Change-Id: I4aa8055fe800723b3e140f8232c9e41e769e11f3
2019-01-22 04:54:34 +00:00
Zuul
1bcacedb11 Merge "Remove gluster settings from previous deployments on re-deploy" 2019-01-22 00:49:48 +00:00
Zuul
f228e94efa Merge "Set container images for openshift 3.11" 2019-01-17 22:25:56 +00:00
Zuul
4b4f7f89da Merge "Remove openshift-ansible customization" 2019-01-17 22:25:51 +00:00
Zuul
11374f4ab8 Merge "Rely on osa defaults for enabled services" 2019-01-17 22:25:46 +00:00
Zuul
eb30f0e7c9 Merge "Fix address for glusterfs container images" 2019-01-17 22:25:39 +00:00
Martin André
dfe4f2ddb0 Remove gluster settings from previous deployments on re-deploy
The openshift/global_gluster_vars.yml file was not removed on re-deploy
and caused issue when reploying openshift without CNS after deploying
openshift a first time with CNS.

Change-Id: I0eedca7d53f7d3801f163ab9dd901bfb8651dd2c
Closes-Bug: #1811664
2019-01-14 11:30:02 +01:00
Martin André
7c070ab11e Fix address for glusterfs container images
The `openshift_storage_glusterfs*_version` openshift-ansible variables
were removed in commit [1] as a way to specify the image tags to use.
Instead, the image URL needs to be fully specified in the
`openshift_storage_glusterfs*_image` variables to include the tags.

[1] 0be4b2565b

Change-Id: Ia68ff32008c154a644af88ef5d4da21b2b368526
Closes-Bug: #1805611
2019-01-10 09:16:07 +01:00
Martin André
df8e592498 Restart openshift master services after stack update
For some configs changes, such as the identity providers, it is
necessary to restart the master services in order for them to take
effect.

Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
Closes-Bug: #1807668
2019-01-10 09:03:04 +01:00
Martin André
bb1a1209ac Rework the generated openshift-ansible playbook
The `prerequisites.yml` playbook should only be explicitly run on
initial deployment to prepare the nodes. It is already included in the
scaleup playbooks for the new nodes so there is no need to include it
again. Re-running the `prerequisites.yml` playbook reconfigures the
container runtime and may cause outage, it is supposed to be run only
once.

Make update and upgrade playbooks exclusive. There is no need to run
both of them.

Add comments to clarify the intent for each playbooks.

Change-Id: I30278360fcc1ffa9bd7ce7cb77d023629fb6fa47
Closes-Bug: #1804790
2019-01-10 09:02:34 +01:00
Zuul
738eb1aa7c Merge "Let the operator manage openshift updates and upgrades" 2019-01-09 14:59:00 +00:00
Martin André
97cf1c274a Let the operator manage openshift updates and upgrades
This remove the upgrade code to ensure that TripleO will not get
involved in the business of updating and upgrading OpenShift clusters
as it currently involved manual steps for clusters using glusterfs.

Instead, the operator is invited to upgrade OpenShift separately from
TripleO and follow the OpenShift upgrade documentation.

[1] https://docs.openshift.com/container-platform/3.11/upgrading/automated_upgrades.html#special-considerations-for-glusterfs
[2] https://docs.openshift.com/container-platform/3.11/upgrading/automated_upgrades.html

Change-Id: I6033525cde40fd44d648cef792efbca6901e88f0
Closes-Bug: #1810812
2019-01-07 18:05:34 +01:00
Harald Jensås
00cecfe2f3 Add a tag's containing subnet cidr to ctlplane network
Since the ctlplane network and it's subnets are created
outside of the overcloud heat templates we cannot in an
easy way create a list containing the cidr of each of
the ctlplane subnets in THT.

Prior to routed networks we only had one subnet and was
able to create the NetCidrMapValue by reading the cidr
value of one of the ControlVirtualIP resource. When we
have multiple subnets on each network we should make
NetCidrMapValue contain lists of cidrs for each network.

By setting a tags on the ctlplane network, one
per subnet, containing each individual subnets cidr the
tags can be loaded via the ControlVirtualIP resource so
that we can have NetCidrMapValue contain all the cidrs
of the ctlplane network.

Change-Id: I7d9a951d0c156c83430c1e326bc8edcb52b08537
Partial: blueprint tripleo-routed-networks-templates
2019-01-06 18:20:05 +01:00
Zuul
fdba8a89e3 Merge "Allow customization of more openshift-ansible vars" 2019-01-05 12:14:20 +00:00
Zuul
c8094771b4 Merge "Use calculated undercloud ctlplane DHCP allocation pools" 2019-01-03 09:54:59 +00:00
Harald Jensås
88ab644bdf Use calculated undercloud ctlplane DHCP allocation pools
Change: I4ba148f465b4c452bd5b2c31009ac8a2897bcd5f makes
dhcp_start and dhcp_end optional for non-local subnet
definitions in undercloud.conf.

Start using the AllocationPools parameter istead of the
legacy DhcpStart | DhcpEnd parameters.

Closes-Bug: #1806512
Closes-Bug: #1807707
Depends-On: I4ba148f465b4c452bd5b2c31009ac8a2897bcd5f
Change-Id: Ifdf3e9d22766c1b5ede151979b93754a3d244cc3
2018-12-22 16:06:04 +00:00
Alex Schultz
2913e57412 Add python interpreter to ansible postconfig
In order to specify which version of python we should use for the
deployment, we need to pass in the python interpreter into the
postconfig where we are directly calling the ansible heat hook.

Change-Id: I9dfc72269f800395a9864c457a5a43f7590c8e75
Related-Blueprint: python3-support
2018-12-18 22:17:51 +00:00
Zuul
beb8ae7dd5 Merge "Correct file modes for rpmlint failures" 2018-12-15 19:06:38 +00:00
Zuul
752695ae12 Merge "Spliting compact services in multiples lines" 2018-12-15 18:14:40 +00:00
Jill Rouleau
971d97bf99 Correct file modes for rpmlint failures
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.

Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
2018-12-14 13:21:28 -07:00
Rabi Mishra
ce72766b97 Update tuned profile variable configuration file if it exists
Update /etc/tuned/{{ _TUNED_PROFILE_NAME_ }}-variables.conf only
if it exists.

Change-Id: I20562efd61ba49b3ae0af62c079967681e05aeed
Closes-Bug: #1806812
2018-12-14 11:01:42 +05:30
Zuul
224bdd7f3a Merge "Configure registry to use gluster" 2018-12-13 17:17:44 +00:00
Zuul
fd10f25b58 Merge "Call etcd scaleup playbook when adding master nodes" 2018-12-13 17:17:42 +00:00
Mike Fedosin
ab6395a644 Set container images for openshift 3.11
Wire in the new openshift 3.11 images with tripleo, so that any
customization applied either via heat param with the integrated image
preparation workflow gets passed to openshift-ansible.

Depends-On: Ibbd5ff9d3597f5add440b92a27a2f2f669f7bdbe
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2cb6eac9136f4c24bfc2881ff0aa1ddec7a35fe4
2018-12-13 12:21:00 +01:00
Raildo Mascena
12468acb11 Spliting compact services in multiples lines
When we generate metadata for compact services, all of the compact
services where joining in one single blob and we hit the size limit
for it. Splitting compact services each one with per line with the
compact service name and a list of their networks, so we will not hit
this size limit anymore.

Change-Id: I90d7bc73000352ad2c4b3f08f00d2a115f075a5e
Depends-On: Ida39f5768c67f982b2fe316f6fae4988a74c8534
2018-12-12 20:57:24 +00:00
Jose Luis Franco Arza
25a4fb7b62 Force rhsm re-registration during upgrades.
The redhat-subscription ansible module doesn't cover the case
when a system is already registered via Satellite and we try to
upgrade it's repositories to a new version providing a different
activation key. The role will catch that the system is already
registered and it won't register the new activation key.
This patch passes the rhsm_force_registration option when invoking
redhat-subscription during an upgrade. This way the system will
be unregistered and registered again, activating the new key passed.

Change-Id: I9cd35882e5db47d22df8a456749188c17b48e451
Closes-Bug: #1807987
2018-12-11 17:17:29 +01:00
Zuul
2256a5e84a Merge "Re-implement keepalived restart without pre_deploy" 2018-12-10 18:11:35 +00:00
Zuul
dbc66fd451 Merge "Add hosts to expected ansible groups" 2018-12-10 12:13:21 +00:00
Emilien Macchi
be61d8a2b5 Re-implement keepalived restart without pre_deploy
... and use host_prep_tasks from config-download.
We are trying to HostPrepConfig resource that use OS::Heat::SoftwareConfig
and the old fashion to run Ansible, for more native config-downlaod.
undercloud_pre is the only service that needs HostPrepConfig now, so
let's switch to config-download.

It restarts keepalived container at each undercloud install & upgrade.
Also it adds support for podman as it uses container_cli variable.

Note: the workaround can still be removed once we have Keepalived 2.0.6
but it won't happen before CentOS8 probably.

Change-Id: I7454013c2e37058b5010a2a6cacfae0d0f873744
Related-Bug: #1791238
2018-12-06 17:08:57 -05:00
Zuul
eb70154796 Merge "Invoke redhat-subscription role during upgrade." 2018-12-06 15:05:42 +00:00
Zuul
79ce8a504b Merge "Use InternalApi network for openshift_master_cluster_hostname" 2018-12-04 17:36:34 +00:00
Zuul
0bfcc0fc73 Merge "Set balance to source for openshift_router endpoints" 2018-12-04 17:36:31 +00:00
Martin André
7c4b027a75 Allow customization of more openshift-ansible vars
The `openshift_master_cluster_hostname` and
`openshift_master_cluster_public_hostname` variables are set to IP
addresses by tripleo, but were wrongly combined with the
openshift_global_vars dictionnary in a way that prevented customization
via the OpenShiftGlobalVariables heat parameter.

Reverse the order of the combine to make customization possible as they
should.

Change-Id: I47805608b90d8fda7d8357d3cb55f6372e746da1
Closes-Bug: #1806736
2018-12-04 18:22:18 +01:00
Martin André
3e613f1788 Remove openshift-ansible customization
This commit remove variables passed to openshift-ansible in order to
stay more inline with openshift-ansible defaults.

The removed variables are:
- `openshift_enable_excluders`: use default value from
  openshift-ansible.
- `openshift_use_dnsmasq`: removed from openshift-ansible.
- `openshift_docker_selinux_enabled`: use default value from
  openshift-ansible.
- `containerized`: removed from openshift-ansible.
- `skip_version`: removed from openshift-ansible.
- `debug_level`: use default value from openshift-ansible.
- `osm_controller_args`: use default value from openshift-ansible. The
  provided experimental-cluster-signing-duration setting had an
  extremely low period and could cause nodes to become unreachable in
  the event of cert renewal during the master node failover. See [1] for
  details.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1648493

Closes-Bug: #1806726
Change-Id: I4d9ae4f4745393aa817f07a542f06faa0c6a5eb9
2018-12-04 18:03:22 +01:00
Martin André
e26a5ea3be Rely on osa defaults for enabled services
Tripleo should rely on openshift-ansible defaults as much as possible,
especially concerning the services which are enabled.

This removes the setting that explicitly disabled the service catalog
and template service broker, and wire in the ansible-service-broker
from heat parameters. The service-catalog and template-service-broker
images do not need to be specified since they're derived from the
oreg_url in openshift-ansible.

Change-Id: Ie09696a54ba01f23003366a9f221d2f32f4b0270
Depends-On: Ic358ed27d63015d297f50c10f553fc1c470ea6a5
Closes-Bug: #1806353
2018-12-04 17:51:40 +01:00
Zuul
2557bfdf14 Merge "Create clouds.yaml for the undercloud" 2018-12-04 16:30:30 +00:00
Marius Cornea
50de0269d0 Set balance to source for openshift_router endpoints
Currently the haproxy loadbalancer set by TripleO uses balance
roundrobin. According to this Openshift HA configuration example[1]
it uses balance source for both the API and the router backends.
This way we ensure that all traffic from a user’s session goes to
the same node(sticky sessions).

[1] https://blog.openshift.com/keeping-both-of-your-openshift-container-platforms-highly-available-with-keepalived-and-haproxy/

Change-Id: I0be466f7d30748fc46fc69f098bf5aa7eb980aa2
2018-11-30 13:57:32 -05:00
Marius Cornea
bd51cf5f44 Use InternalApi network for openshift_master_cluster_hostname
According to the inventory examples[1] openshift_master_cluster_hostname
points to an internal hostname/address set on the loadbalancer while
openshift_master_cluster_public_hostname points to the external.
This change sets openshift_master_cluster_hostname to use the InternalApi
network instead of the External network as it is at this moment.

[1] https://docs.openshift.com/container-platform/3.11/install/example_inventories.html

Change-Id: I9efab5b07682efd6b03da433801d636e7d324619
2018-11-30 13:25:03 -05:00
Jose Luis Franco Arza
030442d07d Invoke redhat-subscription role during upgrade.
Before performing an upgrade, the new repositories and
activation key should be configured. Rhsm is the service
in charge of performing the overcloud nodes registration,
so we need to enable the new repository/parameters in the
upgrade_tasks to point to the right repositories during
upgrade.
Also, after [0] got merged, the registration is being forced
via --force in case it fails for the first time. Plus,
there is also a new option that allows us to enable only
the repositories passed in rhsm_repos variable, disabling
what is not included and was enabled. We need to pass
this variable set to true during upgrades so we disable
the latest version repositories.

[0] - https://review.openstack.org/#/c/615689/

Change-Id: I10fb84baa67275ed1f01fbb5b1236a284f2c763e
Related-Bug: #1797138
2018-11-29 17:06:23 +01:00
Zuul
ba86e3944b Merge "Don't set boot_option=local on baremetal flavors" 2018-11-28 04:45:15 +00:00