9273 Commits

Author SHA1 Message Date
Zuul
aa624468b5 Merge "Move cellv2 discovery from control plane services to compute services" 2019-01-18 10:27:02 +00:00
Zuul
349083a058 Merge "Add HorizonSecureCookies to environments/ssl/enable-tls.yaml" 2019-01-18 10:26:59 +00:00
Zuul
a263ac7609 Merge "Fetch scheme/port from hiera instead of hard coding it" 2019-01-18 01:37:42 +00:00
Zuul
f228e94efa Merge "Set container images for openshift 3.11" 2019-01-17 22:25:56 +00:00
Zuul
4b4f7f89da Merge "Remove openshift-ansible customization" 2019-01-17 22:25:51 +00:00
Zuul
11374f4ab8 Merge "Rely on osa defaults for enabled services" 2019-01-17 22:25:46 +00:00
Zuul
733a7f4ee9 Merge "Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive" 2019-01-17 22:25:43 +00:00
Zuul
eb30f0e7c9 Merge "Fix address for glusterfs container images" 2019-01-17 22:25:39 +00:00
Zuul
7a01baca25 Merge "flatten sahara service configuration" 2019-01-17 22:25:33 +00:00
Douglas Mendizábal
9012fff849 Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive
Added support for setting the Barbican option
always_set_cka_sensitive.  The option defaults to true as
needed by Safenet HSMs.  It is set to false in the ATOS
and Thales HSM environments.

Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
2019-01-17 08:50:24 -06:00
David J Peacock
ae1efdd44c flatten sahara service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of sahara services has been removed.

Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
2019-01-17 09:43:11 -05:00
Zuul
efe9b8fa1f Merge "Remove with_items for 'yum/package'" 2019-01-17 14:20:09 +00:00
Zuul
007f32ceb1 Merge "Drop duplicate keystone logging group parameter" 2019-01-17 13:56:52 +00:00
Zuul
4d45dff6a1 Merge "Use the tripleo-standalone-scenarios-full template" 2019-01-17 12:46:59 +00:00
Juan Antonio Osorio Robles
eb52c794d9 Add HorizonSecureCookies to environments/ssl/enable-tls.yaml
It was missing and breaking folks trying to use it.

Change-Id: I06c3a8499ce72973f850df60961226a168ba49e4
Closes-Bug: #1812211
2019-01-17 14:40:49 +02:00
Zuul
992dc37e7f Merge "Make ceph-ansible integration respect PythonInterpreter" 2019-01-17 11:17:01 +00:00
Zuul
243044e652 Merge "nova-libvirt: conditionalize selinux bind-mount" 2019-01-17 11:16:59 +00:00
Marios Andreou
632a184a94 Fetch scheme/port from hiera instead of hard coding it
Looks like nit/forgotten in https://review.openstack.org/626177
Depends-On is so we can see the job run here missing nova in layout

Co-Authored-By: Yatin Karel <ykarel@redhat.com>
Depends-On: https://review.openstack.org/631228
Change-Id: I4dbebcd3f3f530f21d3afc822084278136e58b4c
Closes-Bug: #1811004
2019-01-17 10:17:06 +00:00
Marios Andreou
beb7aa1124 Use the tripleo-standalone-scenarios-full template
Instead of carrying a distinct files: and check/gate layout use
the one defined in Depends-On below

Depends-On: https://review.openstack.org/630239
Change-Id: I7cf36baa80e91d87b1b41c45204c61cf87846d34
Story: https://tree.taiga.io/project/tripleo-ci-board/us/585
2019-01-17 09:02:31 +05:30
Zuul
c296b305e0 Merge "Remove unused jinja code in network-isolation environment" 2019-01-17 01:49:46 +00:00
Zuul
c9d2f3b46d Merge "Make neutron ovs agent work with python3" 2019-01-17 01:26:14 +00:00
Zuul
1df2bd8d31 Merge "Per role Numa aware vswitch configuration" 2019-01-17 01:06:32 +00:00
Zuul
30f95926a9 Merge "Update manila environment file name in capabilities-map" 2019-01-16 22:53:58 +00:00
Zuul
3027b16fa6 Merge "Fix paunch logs verbosity control" 2019-01-16 22:53:28 +00:00
Zuul
4f9653cbdd Merge "implement default ssh-from-ctlplane rule via hiera" 2019-01-16 22:33:15 +00:00
Zuul
4d0ea9e119 Merge "Reuse the container in case we have a temporary podman failure" 2019-01-16 18:37:05 +00:00
Zuul
c9bccf43fa Merge "Assure that updates job is listed in both check and gate" 2019-01-16 18:37:02 +00:00
Zuul
e0a53f4429 Merge "Enable image inject metadata properties & user roles to be ignored" 2019-01-16 17:33:14 +00:00
Zuul
e7f7bd927e Merge "Transitioning to HAProxy 1.8" 2019-01-16 16:50:55 +00:00
Zuul
474d6b7b4f Merge "Run 'Delete Upgrade Flag and Unset it via Rest' only once" 2019-01-16 16:16:36 +00:00
Damien Ciabrini
de35766338 Make neutron ovs agent work with python3
Currently neutron_ovs_agent_launcher.sh unconditionally
runs neutron with the default python from /usr/bin/python,
so it is impossible to force it to use python3 if
/usr/bin/python points to python2.

Make the python interpreter overridable, by reusing the
existing Heat parameter "PythonInterpreter" and honouring
its value in neutron_ovs_agent_launcher.sh

Change-Id: I43c17de81603bd41e6503dd01d6f4ef452b7d533
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
2019-01-16 17:13:08 +01:00
Bogdan Dobrelya
c5d1b6fb63 Fix paunch logs verbosity control
Make ConfigDebug also controlling the paunch logs verbosity.

Depends-On: https://review.openstack.org/614166
Related-Bug: #1799182

Change-Id: I89fd73eaa2120f06ab245be148a60bb08f0cb512
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-16 15:06:32 +00:00
Dan Prince
a3b55888f7 Drop duplicate keystone logging group parameter
Change-Id: I6c1e659c637e68cbbfa08080a148ac315084af84
2019-01-16 10:01:50 -05:00
Damien Ciabrini
34d0e5b020 nova-libvirt: conditionalize selinux bind-mount
on a F28-based container image nova-libvirt fails to
start in Podman if /sys/fs/selinux is bind-mounted
from the host, with the following logs:

2019-01-16 13:41:35.375+0000: 452430: error : virSecuritySELinuxQEMUInitialize:634 : cannot open SELinux label_handle: No such file or directory
2019-01-16 13:41:35.375+0000: 452430: error : qemuSecurityInit:425 : internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : virStateInitialize:775 : Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : daemonRunStateInit:837 : Driver state initialization failed

Perform the bind-mount only when the ContainerCli is set
to 'docker'.

Change-Id: I7a2ca4fb1ff8ea5950fd52774c648af5ef274796
Closes-Bug: #1812013
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
2019-01-16 15:55:55 +01:00
John Fulton
8f297c22e7 Make ceph-ansible integration respect PythonInterpreter
PythonInterpreter defaults to /usr/bin/python. If a user overrides
this default, e.g. to something like python3, then we should use it.
Modify ceph-base.yml to use the PythonInterpreter parameter. The
variable will already be set to ansible_python_interpreter by the
calling ansible execution.

Change-Id: If599855c00d0ab8861ea7f873d410f9a880d35be
Closes-Bug: #1811974
2019-01-16 14:20:42 +00:00
Cédric Jeanneret
704b6870ba Reuse the container in case we have a temporary podman failure
The "retry" patch[1] didn't take care of the existing container. This patch
intends to allow to reuse the container in case it has failed, in order to
avoid an error when the container is already existing.

[1] https://review.openstack.org/#/c/614639/

Change-Id: I5c7258c8687582f56b59ed410c0cc8f6ba4c2d4f
Context: https://github.com/containers/libpod/issues/1844
Related-Bug: #1811383
2019-01-16 14:07:12 +01:00
Sergii Golovatiuk
9eeb4518c6 Remove with_items for 'yum/package'
According to [1] with_items should be changed to list. It's a
prerequisite for ansible 2.7

[1] https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.7.html

Change-Id: Ic94b91e5f92751f7da67631e2689c64aba808f0d
2019-01-16 13:12:06 +01:00
Zuul
d747625b82 Merge "Conditionalize docker socket bind-mount" 2019-01-16 11:44:58 +00:00
Zuul
c0b7d47084 Merge "docker-puppet: retry container run command" 2019-01-16 05:18:24 +00:00
Zuul
5c4f603580 Merge "Don't force Horizon's secure cookies to disabled" 2019-01-15 22:52:21 +00:00
Zuul
f89de7a569 Merge "Mount system modules when calling system iptables" 2019-01-15 22:33:36 +00:00
Emilien Macchi
d87efd29ed Conditionalize docker socket bind-mount
The socket is only needed when ContainerCli is set to 'docker'.
It only affects mistral executor and sensu-client containers, which were
the last containers relying on the socket.

For sensu-client, it was for healthchecks and they are being replaced by
systemd so the feature parity will be here.

For mistral-executor, it's needed by tripleo-validations running docker
CLI and they will have to run podman cli instead of docker.

Change-Id: I4e3d29a6eb65d871d7a1a935fcbd7bb98e7d1752
2019-01-15 22:49:01 +01:00
Zuul
52a70658ab Merge "Be explicit when passing vars into deploy steps" 2019-01-15 18:16:40 +00:00
Michele Baldessari
e26ef65e50 Transitioning to HAProxy 1.8
Haproxy 1.8 brings in a specific change that breaks us:
It removes the haproxy-systemd-wrapper which
we use in order to be able to reload the config file without
restarting the whole container (important in TLS scenarios).

We fix this by calling the haproxy binary directly and
using the master-worker mode (-Ws) which allows to receive
a SIGUSR2 command which will then reload the config for
all the workers. It should also not background.

This commit keeps backward compatibility with current HAProxy
to ease the transition to new HAProxy.

Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>

Change-Id: I93943efefa22b9107c85f9f5e0bd4c3c1ab867ed
2019-01-15 16:41:58 +00:00
Emilien Macchi
fda5b5ab3c docker-puppet: retry container run command
Context: https://github.com/containers/libpod/issues/1844
We have concurrency issue when podman is enabled, where
the bind-mounted entrypoint can't be found.

This patch will retry the podman run commands 3 times before declaring
a failure.
Also, everytime it fails we'll log the number of attempts to configure
the container. So we can track these numbers in CI.

I'll allow us to keep doing concurrent calls, but with less chance
to fail with the issue #1844.

Note: we hate this patch and we hope to revert it soon. But now it's how
we'll reduce issues in CI.

Change-Id: I6af89bf54e562e7c6bbcdb82041a7274789dcf28
Related-Bug: #1811383
2019-01-15 17:38:22 +01:00
Cédric Jeanneret
1bebfdcbdd Mount system modules when calling system iptables
In order to allow the system iptables to actually run from within a container,
we might need specific, per-kernel modules in order to avoid mismatches.

Currently, the only container having the system iptables mounted is the
haproxy_firewall thingy.

Change-Id: Idabc2da14413d953c8fe9effdd240dc250e7c64d
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1665598
2019-01-15 15:37:39 +01:00
Bogdan Dobrelya
35aae87301 Be explicit when passing vars into deploy steps
Implicit defaults hide issues with overring ansible variables as we
pass values in from deploy-steps.j2.

Make no implicit defaults for variables passed into deploy steps via
ansible vars. Only expect those take the values defined in the caller
deploy-steps.j2 playbook template. Add missing params and vars for
templates to propagate ansible values for external deploy/upgrade,
upgrade/update and post upgrade steps playbooks.

Make DockerPuppetDebug boolean to align with other booleans we pass
into deploy steps via ansible vars. Fix its processing in
docker-puppet.py, which is defaults for DockerPuppetDebug: ''
converted into 'false' in deploy steps tasks playbook, and then
that becomes always True in docker-puppet.py.

Related-Bug: #1799914

Change-Id: Ia630f08f553bd53656c76e5c8059f15d314a17c0
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-15 10:59:50 +01:00
Sorin Sbarnea
dc46a8684c Assure that updates job is listed in both check and gate
Fixes reported problem of job running only in check and not in gate:
tripleo-ci-centos-7-scenario000-multinode-oooq-container-updates

Change-Id: I7df8d811287c7605b1b406420de1eb17ae555346
2019-01-14 18:58:38 +00:00
Zuul
e8fd828d3b Merge "Remove default role-name from merge network param script" 2019-01-14 16:10:20 +00:00
Harald Jensås
2e36a4cfe9 Remove unused jinja code in network-isolation environment
Change I222873859af1b4ed1050cfffe55687b2f8d4c528 removed the
RedisVipPort using the {{primary_role_name}} jinja varialble.
The code to get the primary_role_name is no longer necessary.

Closes-Bug: #1808893
Change-Id: Id416786c85a48c598ccc8a9975bb07d7735df218
2019-01-14 12:49:56 +00:00