1811 Commits

Author SHA1 Message Date
Zuul
9174ae0f13 Merge "Use templating for nova cell transport-url" 2019-01-08 09:30:51 +00:00
Zuul
008b951de5 Merge "docker-puppet.py: move entrypoint mount to latest in order" 2019-01-08 06:53:32 +00:00
Zuul
8f5fb5144d Merge "flatten sshd service configuration" 2019-01-08 06:50:55 +00:00
Zuul
37251b2da9 Merge "Bind mount /var/lib/iscsi in containers using iSCSI" 2019-01-08 03:44:36 +00:00
Emilien Macchi
b1d34c98bc docker-puppet.py: move entrypoint mount to latest in order
Put the entrypoint bind as the last one so to be sure it is accessible.
See https://github.com/containers/libpod/issues/1844#issuecomment-451442611

Change-Id: I5a9dbbee5fde81c3f7ecc41a557f15d54d6e070a
2019-01-07 22:01:33 +00:00
Zuul
2e37e7e22f Merge "Bind mount docker-puppet.py in RO without SElinux labelling" 2019-01-07 21:25:12 +00:00
Zuul
c61009a7c2 Merge "Ensure we get the correct setype for haproxy log dir" 2019-01-07 19:41:19 +00:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Martin Schuppert
20b677d70a Use templating for nova cell transport-url
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.

This patch addresses the templated transport_url urls as part 2.

Nova support added here:
https://review.openstack.org/#/c/578163/

Change-Id: I889dcf632b3306ce7e56ac5394884c7c72481833
Related-Bug: 1808134
2019-01-07 14:20:02 +00:00
Zuul
950640ad52 Merge "Use templating for nova cell database_connection" 2019-01-07 14:02:29 +00:00
Zuul
9292982060 Merge "Prevent service bootstrap node facts from colliding with each other" 2019-01-07 10:40:28 +00:00
Zuul
df10ea7afa Merge "Add template code to configure hsm backends for barbican" 2019-01-05 02:47:09 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Emilien Macchi
21145a91b5 Bind mount docker-puppet.py in RO without SElinux labelling
docker-puppet.sh doesn't need to be bind-mounted in read-write,
read-only should be enough.
Therefore, we don't need to relabel the script when running the
container.

The background of this patch can be found here:
https://github.com/containers/libpod/issues/1844

The version of runc that is vendored in libpod contains is a bit old and
doesn't the labelling task isn't tied to the threads yet (done by
aa3fee6c80)

We will request an update of runc in libpod but we also want to avoid
useless RW for this bind mount, which is the goal of this patch.

Note: we also switch /etc/config.pp and /etc/puppet/ to RO, without labelling
as well.

Change-Id: I87568372e80bd8bdb17ae6396ffe5805e37359a7
2019-01-04 10:52:01 +01:00
Zuul
c4fb84b044 Merge "Fix a typo of "rabbitmq"" 2019-01-04 03:02:01 +00:00
Zuul
1980cfd3a4 Merge "Fix and consolidate cinder-backup host prep tasks" 2019-01-03 19:03:20 +00:00
Zuul
2346d52362 Merge "Flatten Zaqar service configuration" 2019-01-03 19:03:17 +00:00
Alan Bishop
243cb34615 Bind mount /var/lib/iscsi in containers using iSCSI
Services that create iSCSI connections need to share the connection info
that gets created in /var/lib/iscsi. It's especially important that the
host has knowledge of *all* connections so that it can disconnect them
whenever the host shuts down or reboots.

Closes-Bug: #1810338
Change-Id: I803ed2ba9ff52f9a02c550a28d21cc9102568c8e
2019-01-03 16:36:58 +00:00
Jiri Stransky
54fb81ecd9 Prevent service bootstrap node facts from colliding with each other
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).

This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.

Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.

Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
2019-01-03 17:27:27 +01:00
Cédric Jeanneret
44b155eca6 Ensure we get the correct setype for haproxy log dir
Since haproxy logs are managed by rsyslog, we want to ensure this
service can actually write in the location.

This means we have to ensure haproxy/* is set to var_log_t, and NOT
the usual svirt_sandbox_file_t context.

Change-Id: Ica897c186268461f8f90cca4d417794d9b7dedad
2019-01-03 16:00:21 +01:00
Zuul
da38d3d3f2 Merge "Align novajoin container logging to other services" 2019-01-03 07:41:10 +00:00
Zuul
02a80d1141 Merge "Remove unused nova packages from host during upgrade and update" 2019-01-03 03:55:03 +00:00
Ade Lee
17e0087e43 Add template code to configure hsm backends for barbican
Adds support for the Thales and ATOS client software.

Change-Id: I79f8608431fecc58c8bdeba2de4a692a7ee388e9
Co-Authored-By: Douglas Mendizabal <dmendiza@redhat.com>
2018-12-20 12:54:55 -06:00
Oliver Walsh
7288062676 Use templating for nova cell database_connection
Nova now allows use of templated urls in the database and mq
connections which will allow static configuration elements to be
applied to the urls read from the database per-node. This should
be a simpler and less obscure method of configuring things like
the per-node bind_address necessary for director's HA arrangement.

This patch addresses the templated DB urls as part 1.

Nova support added here:
https://review.openstack.org/#/c/578163/

Related-Bug: 1808134

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: If30b4647bca210663a22fd653e752d4d57345bdd
2018-12-20 16:30:00 +01:00
c3bd127421 Temporary remove selinux label mount option for neutron
Neutron services failing with below Error when running
with podman(0.12.1) and container-selinux(2.77):-

relabel failed "/run/netns": operation not supported

Until this is fixed in podman/container-selinux, temporary
remove selinux relabel on /run/netns.


Depends-On: https://review.openstack.org/#/c/626546/
Change-Id: Iedbeac17a0c530ecdc7e8cbba5ddd4ffb22bb616
Partial-Bug: #1809218
2018-12-20 11:07:03 +00:00
Rajesh Tailor
669a7b8aeb Remove unused nova packages from host during upgrade and update
As of now, during to upgrade from pike -> queens or doing
minor update on pike/queens deployment, the nova packages upgrade
on compute node changes the permissions on /var/lib/nova tree from
42436 (container nova uid) to 162 (host nova uid) which
prevents user from creating instances with permission Error.

This change handles removing unused nova packages from compute
host during major upgrade as well as minor update on explicitly.

Change-Id: I7e7167252f08f5df555912e0692f33649228fc83
2018-12-20 12:17:09 +05:30
David J Peacock
67e74a676c flatten sshd service configuration
This change realigns the sshd baremetal puppet service yaml config
files into a common hierachy as with the rest of this blueprint.

This change also removes container functionality, since this was a
temporary measure to proxy live-migration connections from
non-containerized to containerized compute nodes during upgrade.

Change-Id: I87e112a0f1973fa3b0e959777e00071c2bbf7c9c
Related-Blueprint: services-yaml-flattening
2018-12-19 13:04:08 -05:00
Zuul
24a63061aa Merge "puppet_config for rabbitmq_bundle needs file_line" 2018-12-19 15:46:30 +00:00
Zuul
7e1a0a9014 Merge "Remove ties between ceilometer and panko" 2018-12-19 13:28:19 +00:00
Zuul
9f67423cc9 Merge "Add config files/templates to integrate nsx plugin with container" 2018-12-19 06:54:00 +00:00
Zuul
9f4e2dc2cf Merge "flatten memcached service configuration" 2018-12-18 02:40:07 +00:00
Zuul
454eff05fe Merge "Flatten Ironic services configuration" 2018-12-18 02:40:05 +00:00
Zuul
be9deb3575 Merge "Flatten Glance service configuration" 2018-12-17 18:01:53 +00:00
Zuul
beb8ae7dd5 Merge "Correct file modes for rpmlint failures" 2018-12-15 19:06:38 +00:00
Zuul
1a4ee4ee0e Merge "Fix access to /var/lib/haproxy when SELinux is enabled" 2018-12-14 22:08:29 +00:00
Zuul
e8f5104440 Merge "Flatten Keepalived service configuration" 2018-12-14 21:59:41 +00:00
Jill Rouleau
971d97bf99 Correct file modes for rpmlint failures
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.

Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
2018-12-14 13:21:28 -07:00
David J Peacock
7a9d6cbc22 flatten memcached service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of memcached services has been removed.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ibb74d9e1673d079a6090efe4215c7ee041fce7d6
Related-Blueprint: services-yaml-flattening
2018-12-14 12:06:53 -05:00
Cédric Jeanneret
7fbc4b098f Flatten Glance service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of glance services has been removed.

Change-Id: Ie2ac2072f0742ec5e521fc6e3734e89f8a007077
Related-Blueprint: services-yaml-flattening
2018-12-14 08:23:32 +01:00
Cédric Jeanneret
0de7bc09f3 Flatten Zaqar service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of zaqar service has been removed.

Change-Id: I8947d2fc5e5672e701d2802cd14a3fa176877a7d
Related-Blueprint: services-yaml-flattening
2018-12-14 07:45:24 +01:00
Cédric Jeanneret
ced9f888e9 Flatten Ironic services configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of Ironic services have been removed.

Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
2018-12-14 07:25:13 +01:00
Zuul
c4b816e8c5 Merge "Ensure we get dedicated logging file for HAProxy" 2018-12-14 05:40:57 +00:00
Alan Bishop
81e8f08a12 Fix and consolidate cinder-backup host prep tasks
This patch consolidates the host prep tasks for the HA and non-HA
versions of the cinder-backup service. In addition to not maintaining
two separate lists, it fixes an error in the non-HA service.

Change-Id: I79709b64dc7f6cadc7dec9f80f64ca962d2f4130
2018-12-13 10:35:38 -05:00
Emilien Macchi
7345963531 Flatten Keepalived service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.

Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
2018-12-13 10:26:26 -05:00
Zuul
84c0748674 Merge "Enable image import plugins & image output format" 2018-12-13 07:22:32 +00:00
Zuul
7e94554c0e Merge "Upload amphora image in RAW format if RBD backend" 2018-12-13 07:22:30 +00:00
Mike Fedosin
32f4db83c6 Fix access to /var/lib/haproxy when SELinux is enabled
Currently we don't use relabeling of the folder when SELinux is enabled.
This leads to the fact that we can not update the configuration of
haproxy during the update, because of missing permissions.

This commit adds the relabeling for the folder, which allows the
container with haproxy to write into it.

Closes-Bug: #1807933

Change-Id: Ie79aed5f5665658ea09e000a4847062e9207e25c
2018-12-12 15:02:45 +00:00
Pranali Deore
9333740b69 Enable image import plugins & image output format
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.

Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.

Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
2018-12-12 15:32:12 +05:30
Cédric Jeanneret
0576e26234 Ensure we get dedicated logging file for HAProxy
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
2018-12-12 10:16:42 +01:00
Zuul
f2f63a3808 Merge "Fix - ApacheServiceBase needs ServiceData" 2018-12-12 00:49:59 +00:00