9497 Commits

Author SHA1 Message Date
Zuul
9213525d70 Merge "Rework nova_cell_v2_discover_host.py to use nova.conf and python novaclient" 2019-02-07 11:56:54 +00:00
Zuul
9c1ac6212d Merge "Flatten rabbitmq service - step 2" 2019-02-07 11:26:27 +00:00
Zuul
94203f0447 Merge "Fix deployment of gluster with openshift AllInOne" 2019-02-07 06:48:09 +00:00
Zuul
faa5736c96 Merge "Disable tacker for scenario007" 2019-02-07 02:52:43 +00:00
Zuul
a87630c95e Merge "step1: flatten nova service configuration" 2019-02-06 23:43:03 +00:00
Zuul
85c208fe64 Merge "Fix a spelling mistake." 2019-02-06 23:19:07 +00:00
Zuul
a857fe1ad6 Merge "Fix files conditions for scenario 007 and 008" 2019-02-06 19:40:24 +00:00
Zuul
87c74e3234 Merge "Adding dependency for NetworkDeployment in 'server_resource_name'Deployment" 2019-02-06 18:37:54 +00:00
Zuul
f7df2c5ff4 Merge "Remove unneeded iptables mount points" 2019-02-06 15:06:53 +00:00
Chandan Kumar
707dcf2b70 Disable tacker for scenario007
https://review.openstack.org/#/c/633546 changed the path of
tacker service deployment from docker/services/tacker.yaml to
deployment/tacker/tacker-container-puppet.yaml but not updated
in environments files, leading to failure during overcloud
deployment. Also now tacker is containerize by default but this is a wip
[1] so we disable here for sceanrio007 while work is finished

[1] https://bugs.launchpad.net/tripleo/+bug/1714270

Change-Id: Ic802a2ca60ee26a805731a6a64df3c51cde44d6a
Closes-Bug: #1814852
2019-02-06 14:30:31 +01:00
Cédric Jeanneret
c9adaaeb2f Flatten rabbitmq service - step 2
Now that we could get rid of the puppet dedicated definitions,
we can move the docker/* rabbitmq related stuff to the final
location, and correct the paths and some nits.

Change-Id: I47ca1e303bd38642200ccb7f6823bcd06cd00255
2019-02-06 12:50:51 +01:00
Zuul
440630449e Merge "Adding support of glance cinder store settings" 2019-02-06 11:46:07 +00:00
Zuul
a269c1a5a6 Merge "Flatten rabbitmq service - step 1" 2019-02-06 11:46:04 +00:00
Carlos Camacho
aa2dc674fb Adding dependency for NetworkDeployment in 'server_resource_name'Deployment
We removed the dependency for NetworkDeployment[1] in
role.role.j2.yaml after moving to Ansible the
UpgradeInitCommand and UpgradeInitCommonCommand Heat hooks.

[1]: https://review.openstack.org/#/c/632108/17/puppet/role.role.j2.yaml@649

Change-Id: I2dae3358b56946aaae7eddbf3eb501e672455565
2019-02-06 12:41:59 +01:00
Zuul
9127abc193 Merge "Handle case change for dmidecode >= 3.1 in Ceph templates" 2019-02-06 00:37:44 +00:00
Zuul
e1062e14e4 Merge "Clean unmanaged rules pushed by iptables-services package" 2019-02-05 21:32:53 +00:00
Zuul
ad21014ad9 Merge "Copy undercloud.conf file during mistral-executor start up." 2019-02-05 18:09:44 +00:00
Zuul
f6e29c14a8 Merge "Export global_config for compute-only stack" 2019-02-05 17:18:43 +00:00
Zuul
3b2c7f9960 Merge "Create tripleo-admin user on the undercloud" 2019-02-05 17:18:41 +00:00
Giulio Fidente
c01d9d8475 Handle case change for dmidecode >= 3.1 in Ceph templates
Forces lowercase matching of user provided node data with dmidecode
output.

Change-Id: I844a2f7660dff5feda8397706671ac0efd37949f
Co-Authored-By: Francesco Pantano <fpantano@redhat.com>
Closes-Bug: 1814070
2019-02-05 16:51:25 +00:00
Zuul
43c2a8e8a6 Merge "Change NodeDataLookup type from string to json" 2019-02-05 16:48:29 +00:00
Zuul
fc104ea6c5 Merge "step2: flatten the neutron service configurations" 2019-02-05 15:38:45 +00:00
Cédric Jeanneret
fb7ea6734e Flatten rabbitmq service - step 1
This flattens rabbitmq and removes puppet parts. The next step will
move the flattened templates to their final location.

It's split in two steps in order to make reviews easier on that big change.

Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69
2019-02-05 15:44:40 +01:00
John Fulton
fe2fda491b Change NodeDataLookup type from string to json
The NodeDataLookup parameter should be valid JSON and we should
help the user by adding type checking for this early in the
deployment so that the user doesn't experience the related bug.

Change-Id: Id9d2208f1cbaba9234d7657420cd7efcad3507a0
Related-Bug: #1784967
Related-Bug: #1814070
2019-02-05 11:53:45 +00:00
Jose Luis Franco Arza
2587f4e961 Copy undercloud.conf file during mistral-executor start up.
As we are changing the ownership of the whole /var/lib/mistral directory in a
recursive way, we can't be mapping /var/lib/mistral/undercloud.conf as read-only,
otherwise we will get a OSError: [Errno 30] Read-only file system: '/var/lib/mistral/undercloud.conf'.

Instead, we will be mapping the undercloud.conf file into /var/lib/ directory
inside the container and then copy it from /var/lib into /var/lib/mistral
directory on start up, this way we will get rid of ownership permission issues.

Change-Id: Icbdaaf628d996bac89a770426db97d556df4003a
Closes-Bug: #1814275
2019-02-05 10:10:38 +01:00
Michele Baldessari
1814b3032f Remove unneeded iptables mount points
With ca041e2c41e84 we moved the iptables rule creation to the host.
We can now remove the bind mounts that were needed to call iptables
from inside a container.

Change-Id: Ie7284ffe0268ff6d76e72b74e4a88fa86000554a
2019-02-05 08:54:19 +01:00
Oliver Walsh
8a0ddc7f09 Export global_config for compute-only stack
Change-Id: Ib52c8bec82158055f4dfd9c778c80bcbb3e80f89
2019-02-05 08:39:02 +01:00
Zuul
5137d4d02f Merge "mysql: sync credentials in running container on password change" 2019-02-04 22:17:58 +00:00
Jill Rouleau
2bae8cc78a step1: flatten nova service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
nova has been removed.

Change-Id: If8f4daa9127aa528a2088a978494f2d6d83106e2
2019-02-04 14:27:41 -07:00
Zuul
70296a027d Merge "Add ContainerImagePrepare service to ControllerStorageNfs role" 2019-02-04 21:21:27 +00:00
Zuul
d4615d2e4c Merge "flatten the manila service configurations" 2019-02-04 18:49:28 +00:00
Zuul
bbbe046c2b Merge "TLS everywhere: Mount the whole /etc/pki/libvirt/ directory in libvirt" 2019-02-04 18:49:26 +00:00
Zuul
25ce3b8168 Merge "TLS everywhere: Set post-save command for neutron dhcpd" 2019-02-04 18:21:02 +00:00
Zuul
f59aa45d68 Merge "TLS everywhere: Set post-save command for nova-vnc-proxy" 2019-02-04 18:20:59 +00:00
Zuul
c185fd85db Merge "Catch directories we can not change ownership" 2019-02-04 18:20:56 +00:00
Zuul
130a7fd2f4 Merge "Run nova_statedir_owner on every run" 2019-02-04 18:20:54 +00:00
Damien Ciabrini
dd54e32d11 mysql: sync credentials in running container on password change
Since 8e67ec833173920ac60b5548a711885a4d28e16f, docker-puppet doesn't
change mysql password config file on password update. It only notifies
of config change and paunch restarts some containers accordingly.

In non-HA mysql service, when a stack update changes the mysql password,
a docker-puppet task updates the root password config file at step 2.

However, the mysql container is started before the docker-puppet task,
which means that it gets the old root password config file from kolla
and it is never updated afterwards.

This discrepancy between the updated password and the password config
file in the mysql container makes it impossible to connect to mysql
without using a password at command line. This also breaks mysql's
post upgrade tasks which require the proper root credentials in the file.

Fix that discrepancy by adding a synchronization action at step3, which
will be triggered by paunch whenever a config change happens, and make
the docker-puppet task modify the config file shared with the mysql
container (from /var/lib/config-data/puppet-generated)

Note: this discrepancy does not happen for the HA version of the mysql
service, because we already have a container that is in charge of
restarting mysql on config change (mysql_restart_bundle).

Change-Id: I9cc725c77fd9a2f9e55c4878cd2125f99f35c06d
Closes-Bug: #1814514
2019-02-04 15:48:23 +00:00
lkuchlan
a2d0899f9c Add ContainerImagePrepare service to ControllerStorageNfs role
While using ControllerStorageNfs role images are not pushed to local registry,
since ContainerImagePrepare service is missing in ControllerStorageNfs role.

Closes-Bug: #1814057

Change-Id: Iafe7bf37d7d04eed32a32b8881fab48fdc9f9dd6
2019-02-04 14:10:53 +00:00
Cédric Jeanneret
65041ed9d8 Clean unmanaged rules pushed by iptables-services package
As iptables-services injects default rules, we must ensure,
upon upgrade, that none of those unmanaged rules are present
in the firewall, nor in the iptables saved state.

We cannot remove them with puppet nor ansible due to the following
reasons:

- puppetlabs-firewall, the puppet module used in TripleO, manages
  the firewall resources with comments - the comment value is the
  name of the puppet resource. As the default rules have no comment,
  puppet doesn't "see" them as managed resources, and can't affect
  them.

- we can't simply "flush" all the rules and reapply them, because
  puppet does not manage all the rules - some are managed by neutron,
  for example.

- ansible "iptables" module doesn't make a full match of the chain,
  and might drop the unwanted ones, keeping the unmanaged in place.
  Also, it doesn't take care of the saved state.

SecurityImpact
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1667887
Closes-Bug: #1812695
Change-Id: I59733cb9a0323bbce4e20838a78103a70ec0d426
2019-02-04 14:56:08 +01:00
Dan Prince
d1fea280f4 step2: flatten the neutron service configurations
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the neutron-metadata, neutron-ovs-agent, and neutron-ovs-dpdk-agent.

With this patch the baremetal version of each respective neutron service
has been removed.

Related-Blueprint: services-yaml-flattening

Change-Id: I7a918e72ce4bfd06a95d7a575603a6fb65ded5a9
2019-02-04 07:56:02 -05:00
Zuul
57d23df6be Merge "mysql: do not stop container when upgrade doesn't update mysql image" 2019-02-04 12:55:52 +00:00
Zuul
7b9c549795 Merge "flatten the tacker service" 2019-02-02 06:16:47 +00:00
Zuul
e78c69e6ac Merge "flatten the panko service" 2019-02-02 06:15:49 +00:00
Zuul
9617be2d2f Merge "step1: flatten the neutron service configurations" 2019-02-02 06:15:44 +00:00
Zuul
663d4e36d4 Merge "flatten the congress service" 2019-02-02 06:15:37 +00:00
Zuul
a23598c413 Merge "Include the DB password in a Mistral environment for creating backups and restores" 2019-02-02 02:48:02 +00:00
Zuul
db37eba7b0 Merge "Introducing Nuage Neutron VRS resource." 2019-02-02 02:47:55 +00:00
Zuul
fed9a3423e Merge "certmonger: Don't restart haproxy on cert renewal" 2019-02-02 02:08:43 +00:00
Zuul
34cabe691f Merge "flatten the swift service configurations" 2019-02-01 20:51:40 +00:00
Zuul
1b346b941a Merge "Move UpgradeInitCommand and UpgradeInitCommonCommand to run by Ansible" 2019-02-01 19:49:26 +00:00