Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.
This patch addresses the templated transport_url urls as part 2.
Nova support added here:
https://review.openstack.org/#/c/578163/
Change-Id: I889dcf632b3306ce7e56ac5394884c7c72481833
Related-Bug: 1808134
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.
Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
docker-puppet.sh doesn't need to be bind-mounted in read-write,
read-only should be enough.
Therefore, we don't need to relabel the script when running the
container.
The background of this patch can be found here:
https://github.com/containers/libpod/issues/1844
The version of runc that is vendored in libpod contains is a bit old and
doesn't the labelling task isn't tied to the threads yet (done by
aa3fee6c80)
We will request an update of runc in libpod but we also want to avoid
useless RW for this bind mount, which is the goal of this patch.
Note: we also switch /etc/config.pp and /etc/puppet/ to RO, without labelling
as well.
Change-Id: I87568372e80bd8bdb17ae6396ffe5805e37359a7
Services that create iSCSI connections need to share the connection info
that gets created in /var/lib/iscsi. It's especially important that the
host has knowledge of *all* connections so that it can disconnect them
whenever the host shuts down or reboots.
Closes-Bug: #1810338
Change-Id: I803ed2ba9ff52f9a02c550a28d21cc9102568c8e
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).
This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.
Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.
Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
Since haproxy logs are managed by rsyslog, we want to ensure this
service can actually write in the location.
This means we have to ensure haproxy/* is set to var_log_t, and NOT
the usual svirt_sandbox_file_t context.
Change-Id: Ica897c186268461f8f90cca4d417794d9b7dedad
Adds support for the Thales and ATOS client software.
Change-Id: I79f8608431fecc58c8bdeba2de4a692a7ee388e9
Co-Authored-By: Douglas Mendizabal <dmendiza@redhat.com>
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.
This patch addresses the templated DB urls as part 1.
Nova support added here:
https://review.openstack.org/#/c/578163/
Related-Bug: 1808134
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Change-Id: If30b4647bca210663a22fd653e752d4d57345bdd
Neutron services failing with below Error when running
with podman(0.12.1) and container-selinux(2.77):-
relabel failed "/run/netns": operation not supported
Until this is fixed in podman/container-selinux, temporary
remove selinux relabel on /run/netns.
Depends-On: https://review.openstack.org/#/c/626546/
Change-Id: Iedbeac17a0c530ecdc7e8cbba5ddd4ffb22bb616
Partial-Bug: #1809218
As of now, during to upgrade from pike -> queens or doing
minor update on pike/queens deployment, the nova packages upgrade
on compute node changes the permissions on /var/lib/nova tree from
42436 (container nova uid) to 162 (host nova uid) which
prevents user from creating instances with permission Error.
This change handles removing unused nova packages from compute
host during major upgrade as well as minor update on explicitly.
Change-Id: I7e7167252f08f5df555912e0692f33649228fc83
This change realigns the sshd baremetal puppet service yaml config
files into a common hierachy as with the rest of this blueprint.
This change also removes container functionality, since this was a
temporary measure to proxy live-migration connections from
non-containerized to containerized compute nodes during upgrade.
Change-Id: I87e112a0f1973fa3b0e959777e00071c2bbf7c9c
Related-Blueprint: services-yaml-flattening
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.
Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of memcached services has been removed.
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ibb74d9e1673d079a6090efe4215c7ee041fce7d6
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of glance services has been removed.
Change-Id: Ie2ac2072f0742ec5e521fc6e3734e89f8a007077
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of zaqar service has been removed.
Change-Id: I8947d2fc5e5672e701d2802cd14a3fa176877a7d
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of Ironic services have been removed.
Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
This patch consolidates the host prep tasks for the HA and non-HA
versions of the cinder-backup service. In addition to not maintaining
two separate lists, it fixes an error in the non-HA service.
Change-Id: I79709b64dc7f6cadc7dec9f80f64ca962d2f4130
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.
Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
Currently we don't use relabeling of the folder when SELinux is enabled.
This leads to the fact that we can not update the configuration of
haproxy during the update, because of missing permissions.
This commit adds the relabeling for the folder, which allows the
container with haproxy to write into it.
Closes-Bug: #1807933
Change-Id: Ie79aed5f5665658ea09e000a4847062e9207e25c
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.
Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.
Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.
This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.
Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d