https://review.openstack.org/#/c/633546 changed the path of
tacker service deployment from docker/services/tacker.yaml to
deployment/tacker/tacker-container-puppet.yaml but not updated
in environments files, leading to failure during overcloud
deployment. Also now tacker is containerize by default but this is a wip
[1] so we disable here for sceanrio007 while work is finished
[1] https://bugs.launchpad.net/tripleo/+bug/1714270
Change-Id: Ic802a2ca60ee26a805731a6a64df3c51cde44d6a
Closes-Bug: #1814852
Now that we could get rid of the puppet dedicated definitions,
we can move the docker/* rabbitmq related stuff to the final
location, and correct the paths and some nits.
Change-Id: I47ca1e303bd38642200ccb7f6823bcd06cd00255
We removed the dependency for NetworkDeployment[1] in
role.role.j2.yaml after moving to Ansible the
UpgradeInitCommand and UpgradeInitCommonCommand Heat hooks.
[1]: https://review.openstack.org/#/c/632108/17/puppet/role.role.j2.yaml@649
Change-Id: I2dae3358b56946aaae7eddbf3eb501e672455565
Forces lowercase matching of user provided node data with dmidecode
output.
Change-Id: I844a2f7660dff5feda8397706671ac0efd37949f
Co-Authored-By: Francesco Pantano <fpantano@redhat.com>
Closes-Bug: 1814070
This flattens rabbitmq and removes puppet parts. The next step will
move the flattened templates to their final location.
It's split in two steps in order to make reviews easier on that big change.
Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69
The NodeDataLookup parameter should be valid JSON and we should
help the user by adding type checking for this early in the
deployment so that the user doesn't experience the related bug.
Change-Id: Id9d2208f1cbaba9234d7657420cd7efcad3507a0
Related-Bug: #1784967
Related-Bug: #1814070
As we are changing the ownership of the whole /var/lib/mistral directory in a
recursive way, we can't be mapping /var/lib/mistral/undercloud.conf as read-only,
otherwise we will get a OSError: [Errno 30] Read-only file system: '/var/lib/mistral/undercloud.conf'.
Instead, we will be mapping the undercloud.conf file into /var/lib/ directory
inside the container and then copy it from /var/lib into /var/lib/mistral
directory on start up, this way we will get rid of ownership permission issues.
Change-Id: Icbdaaf628d996bac89a770426db97d556df4003a
Closes-Bug: #1814275
With ca041e2c41e84 we moved the iptables rule creation to the host.
We can now remove the bind mounts that were needed to call iptables
from inside a container.
Change-Id: Ie7284ffe0268ff6d76e72b74e4a88fa86000554a
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
nova has been removed.
Change-Id: If8f4daa9127aa528a2088a978494f2d6d83106e2
Since 8e67ec833173920ac60b5548a711885a4d28e16f, docker-puppet doesn't
change mysql password config file on password update. It only notifies
of config change and paunch restarts some containers accordingly.
In non-HA mysql service, when a stack update changes the mysql password,
a docker-puppet task updates the root password config file at step 2.
However, the mysql container is started before the docker-puppet task,
which means that it gets the old root password config file from kolla
and it is never updated afterwards.
This discrepancy between the updated password and the password config
file in the mysql container makes it impossible to connect to mysql
without using a password at command line. This also breaks mysql's
post upgrade tasks which require the proper root credentials in the file.
Fix that discrepancy by adding a synchronization action at step3, which
will be triggered by paunch whenever a config change happens, and make
the docker-puppet task modify the config file shared with the mysql
container (from /var/lib/config-data/puppet-generated)
Note: this discrepancy does not happen for the HA version of the mysql
service, because we already have a container that is in charge of
restarting mysql on config change (mysql_restart_bundle).
Change-Id: I9cc725c77fd9a2f9e55c4878cd2125f99f35c06d
Closes-Bug: #1814514
While using ControllerStorageNfs role images are not pushed to local registry,
since ContainerImagePrepare service is missing in ControllerStorageNfs role.
Closes-Bug: #1814057
Change-Id: Iafe7bf37d7d04eed32a32b8881fab48fdc9f9dd6
As iptables-services injects default rules, we must ensure,
upon upgrade, that none of those unmanaged rules are present
in the firewall, nor in the iptables saved state.
We cannot remove them with puppet nor ansible due to the following
reasons:
- puppetlabs-firewall, the puppet module used in TripleO, manages
the firewall resources with comments - the comment value is the
name of the puppet resource. As the default rules have no comment,
puppet doesn't "see" them as managed resources, and can't affect
them.
- we can't simply "flush" all the rules and reapply them, because
puppet does not manage all the rules - some are managed by neutron,
for example.
- ansible "iptables" module doesn't make a full match of the chain,
and might drop the unwanted ones, keeping the unmanaged in place.
Also, it doesn't take care of the saved state.
SecurityImpact
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1667887
Closes-Bug: #1812695
Change-Id: I59733cb9a0323bbce4e20838a78103a70ec0d426
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the neutron-metadata, neutron-ovs-agent, and neutron-ovs-dpdk-agent.
With this patch the baremetal version of each respective neutron service
has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I7a918e72ce4bfd06a95d7a575603a6fb65ded5a9