7599 Commits

Author SHA1 Message Date
Zuul
837a58df1a Merge "Add release note for PasswordAuthentication parameter" 2018-06-05 13:33:11 +00:00
Zuul
68c3856b83 Merge "Enable inspector dnsmasq dhcp filter" 2018-06-05 11:16:28 +00:00
Zuul
e3d6a47a31 Merge "undercloud: enable KernelIpNonLocalBind" 2018-06-05 07:21:23 +00:00
Zuul
542f9e00ab Merge "Merge values for same key from multiple services" 2018-06-05 02:45:25 +00:00
Emilien Macchi
32ea5028fd undercloud: enable KernelIpNonLocalBind
We need KernelIpNonLocalBind on the undercloud to bind non local ips
among other ip forward options. This sysctl parameter was managed by
instack-undercloud but never ported to the containerized undercloud.
We need the same sysctl parameters for parity with non containerized
undercloud.

Change-Id: Idd3d432b8f7eb573d94cd56be8e05614510ebddf
Related-Bug: #1774898
2018-06-05 01:38:51 +00:00
Zuul
30ddce3e3d Merge "ssh: enable PasswordAuthentication for containerized undercloud" 2018-06-05 01:07:26 +00:00
Emilien Macchi
b749e027a0 Add release note for PasswordAuthentication parameter
Add release note for I10b112e8bffff30879606ddd970dfd3ec67fd9c7.

Change-Id: I9475e6386a3747e7aeddb997e2e0bf585652060c
2018-06-04 10:41:14 -07:00
Milan Kováčik
a1a2048d47 Enable inspector dnsmasq dhcp filter
Modify both the inspector and dnsmasq containers for the inspector to be
able to modify dnsmasq configuration on the fly to filter the dhcp
traffic.

The upgrade_tasks moved to the puppet service in order to be shared
between both the containerised and regular deployment.  The upgrade_tasks
were amended with steps to clean-up the iptables inspector chain&rules.

With inspector no longer managing iptables rules, create new rules to
allow DHCP traffic on IronicInspectorInterface.

Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Change-Id: Ic7e32acb8559a7a12cd8767dc68c343872a6a4e3
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
2018-06-04 16:36:14 +02:00
Zuul
9108e56456 Merge "Support containerized DVR in compute role" 2018-06-04 14:34:57 +00:00
Zuul
34b6e5e7ec Merge "standalone: cleanup environment" 2018-06-04 14:34:54 +00:00
Zuul
939a32f246 Merge "Create docker-puppet.sh only once to avoid ETXTBSY errors" 2018-06-04 14:04:55 +00:00
Zuul
d5a2c0b3d0 Merge "Pike to Queens controller upgrade guard rerun with no images" 2018-06-04 09:13:47 +00:00
Emilien Macchi
70901ab69a ssh: enable PasswordAuthentication for containerized undercloud
We don't expect our operators to have SSH keys setup on the undercloud
node, so we don't want to block the PasswordAuthentication in
sshd_config.

Depends-On: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Change-Id: I10b112e8bffff30879606ddd970dfd3ec67fd9c7
Closes-Bug: #1772519
2018-06-03 01:49:26 +00:00
Zuul
a33d05d30d Merge "Run image prepare after registry install" 2018-06-01 22:23:51 +00:00
Zuul
97d6aa7b51 Merge "Ensure WorkflowSteps resource is enabled in ceph-upgrade-prepare" 2018-06-01 20:40:25 +00:00
Zuul
fdef4acb68 Merge "Upgrades: Refactor httpd_enabled variable" 2018-06-01 17:43:59 +00:00
Zuul
c099f863c9 Merge "Clear up Upgrade params on converge" 2018-06-01 17:43:57 +00:00
Zuul
096cef093c Merge "Manage public certificate with ansible" 2018-06-01 17:37:48 +00:00
Brent Eagles
f51f84e781 Support containerized DVR in compute role
This patch adds the required parameters to the Compute role so the
agents are configured properly on upgrade.

Related-Bug: #1774199
Change-Id: Iab42ae0fb13e8e92cc9903432a95e04a94a5913c
2018-06-01 11:31:50 -02:30
Zuul
125b0a6109 Merge "Optimized Ansible tasks in deplay-steps-tasks.yaml" 2018-06-01 13:53:31 +00:00
Giulio Fidente
ba8168fe96 Ensure WorkflowSteps resource is enabled in ceph-upgrade-prepare
To trigger ceph-ansible we need to make sure the WorkfowSteps
resource is enabled in ceph-upgrade-prepare env file.

Change-Id: Id760305971a68c397f9334265dd023b1e1884295
Closes-Bug: 1774647
2018-06-01 15:51:48 +02:00
mandreou
adb10e6586 Pike to Queens controller upgrade guard rerun with no images
As discussed at [0] if current overcloud resources are removed
manually/some error, and even container images deleted, the
upgrade tasks should be able to guard.

We already have a similar guard for the fetch&retag at [1]

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1584809
[1] 8824e7abcd/docker/services/pacemaker/haproxy.yaml (L305-L324)

Change-Id: I2c81e6d0f73fbef0f2a347b9fd4d27df91c2fdd1
2018-06-01 12:13:42 +03:00
Michele Baldessari
1037786b6c Create docker-puppet.sh only once to avoid ETXTBSY errors
We currently create /var/lib/docker-puppet/docker-puppet.sh
inside the mp_puppet_config() function which then gets
invoked in parallel via the following:

  p = multiprocessing.Pool(process_count)
  returncodes = list(p.map(mp_puppet_config, process_map))

This is problematic because we have the following potential race:
1) Process A opens /var/lib/docker-puppet/docker-puppet.sh for writing
2) Process B runs docker run and has the following bind mount:
   /var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:z
3) Process B will fail because an exec of a file being written to
   will return ETXTBSY

The deployment can fail due to the above with the following error:
[root@overcloud-controller-2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a401108cd827 192.168.24.1:8787/tripleoqueens/centos-binary-glance-api:current-tripleo-rdo "/var/lib/docker-p..." 19 minutes ago Exited (1) 19 minutes ago docker-puppet-glance_api
[root@overcloud-controller-2 ~]# docker logs docker-puppet-glance_api
standard_init_linux.go:178: exec user process caused "text file busy"

Since /var/lib/docker-puppet/docker-puppet.sh never changes
there is really no need to create it multiple times. Let's just
create it once before spawning the multiple docker run commands
so we avoid any ETXTBSY errors.

Ran 20 successful deployments in sequence with this change applied.

Change-Id: I16b19488ce9f1411273459576db76d16b318dacb
Closes-Bug: #1760787
2018-06-01 07:13:19 +02:00
Zuul
5a2ac547b6 Merge "Add site id parameter to cisco vts ml2 template" 2018-06-01 04:14:51 +00:00
Zuul
f0b6d58db9 Merge "Pass designate configuration to neutron" 2018-06-01 02:12:29 +00:00
Zuul
7c88c50d2c Merge "Add basics for standalone node" 2018-06-01 01:17:22 +00:00
Zuul
c6d5c11784 Merge "Drop old ceilometer services" 2018-06-01 01:07:42 +00:00
Sam Doran
1deab1217d Optimized Ansible tasks in deplay-steps-tasks.yaml
- do not use set_fact when a lookup can be done directly in the task
- use multi-line YAML for easier legibility
- ignore errors in file lookup plugin when file does not exist and set defaults

Change-Id: I832a2ec34f4ed4a87e30d0c88f4c60bcf2f4c151
2018-05-31 19:59:06 -04:00
Steve Baker
b8b0755f91 Run image prepare after registry install
For containerized undercloud install this completes the image
preperation. The flow for undercloud install is now:

1. Early in tripleo deploy there is a dry-run prepare which generates
the heat environment for all of the image parameters
2. Here after the registry is installed, populate it by running
prepare again

This file is now a jinja template so that the prepare command has
access to the roles data. This reduces the number of images processed
to services which *might* be containerized, but we can't filter by
services which *are* containerised because we're inside the heat stack
and don't have access to the full heat environment. The actual image
numbers are:
136 prepare with no filtering
97 prepare filtering only by roles_data_undercloud.yaml
64 prepare with undercloud env+roles_data_undercloud.yaml filtering

This might be a time hit for undercloud jobs, but hopefully not
a big hit for undercloud+overcloud jobs because many of those extra images
will be used in the overcloud.

Change-Id: I7449ee364ec9e976fbe9df95024ce3c42f6459b5
Blueprint: container-prepare-workflow
2018-06-01 09:51:15 +12:00
Emilien Macchi
f5aeac7f2b standalone: cleanup environment
The 2 patches that were in comment merged, we don't need these
workarounds anymore.

Change-Id: If5f433b649ad7c14603af6d2d9c2dcc52528f7e1
2018-05-31 14:17:45 -07:00
Zuul
dc3b0a76aa Merge "Reset Cinder RPC versions after upgrade" 2018-05-31 21:01:03 +00:00
Zuul
06d97a1dec Merge "Only add internal_api_virtual_ip if InternalApi is in network_data" 2018-05-31 21:01:01 +00:00
Zuul
da48ba5454 Merge "Disable StrictHostKeyChecking when removing keys too" 2018-05-31 14:26:20 +00:00
Zuul
9e8bbc1cb4 Merge "Remove deprecated NeutronExternalNetworkBridge from CI environments" 2018-05-31 14:26:17 +00:00
Zuul
d44a2eee42 Merge "Remove support for classic drivers" 2018-05-31 14:26:13 +00:00
Zuul
1785d431b2 Merge "Add ability to pre-assign IPs by role on ctlplane" 2018-05-31 14:26:10 +00:00
Cédric Jeanneret
59b762658d Manage public certificate with ansible
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml

UpgradeImpact: NodeTLSData is not used anymore

Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
2018-05-31 14:50:00 +02:00
Lukas Bezdicka
81db32ca8c Upgrades: Refactor httpd_enabled variable
To not to redefine variable multiple times in each service we
split httpd_enabled to per service fact set in step|int == 0 block.

Change-Id: Icea0865aadd9253ead464247bf78f45842b3a578
2018-05-31 13:46:15 +02:00
Zuul
25f583c640 Merge "Add stack name to env() for OS::TripleO::WorkflowSteps" 2018-05-31 11:27:15 +00:00
Zuul
949dc8877b Merge "Fix Designate worker conditional" 2018-05-31 11:27:12 +00:00
Zuul
c91fa431ea Merge "Unset UpgradeRemoveUnusedPackages on converge." 2018-05-31 11:27:10 +00:00
Zuul
2269015600 Merge "Containerized control plane with Dell EMC ScaleIO storage" 2018-05-31 10:45:08 +00:00
Zuul
2e45599652 Merge "Trigger scenario003 on designate changes" 2018-05-31 04:50:32 +00:00
Zuul
3195e45e48 Merge "gnocchi: add missing /var/lib/gnocchi" 2018-05-30 22:52:45 +00:00
Alan Bishop
3426d4cdc6 Reset Cinder RPC versions after upgrade
Add "--bump-versions" option to Cinder's db sync command so that stale
RPC version info is purged from Cinder's DB. This ensures all Cinder
services use the latest RPC version after an upgrade.

Closes-Bug: #1774262
Change-Id: I935e65e765fe0a5a88b9cdce9a72b67555e7f9a6
2018-05-30 15:49:17 -04:00
Wojciech Dec
e52d7a552c Add site id parameter to cisco vts ml2 template
Closes-Bug: 1774153
Change-Id: I80ca2449d4cabb20f0d9869a13896c53f380ed20
Signed-off-by: Wojciech Dec <wdec@cisco.com>
2018-05-30 10:01:48 +00:00
Zuul
1c9b288079 Merge "Parameterized deployment hosts" 2018-05-30 09:38:27 +00:00
Zuul
1c1027f81d Merge "Remove ironic_host_manager usage" 2018-05-30 09:38:23 +00:00
Zuul
ea26db3258 Merge "Add condition to ovs run during upgrade." 2018-05-30 09:08:29 +00:00
Yurii Prokulevych
5df1d9d904 Unset UpgradeRemoveUnusedPackages on converge.
There is an option to remove package, if the service is being
disabled during upgrade. This option should be unset when running
'overcloud upgrade converge'.

Change-Id: I7bad96be0c3dfc1e605efe9d504249dc9045d71d
2018-05-30 11:00:13 +02:00