Ironic services already present in Newton release,
ironic-api and ironic-conductor, are missing their
fast_forward_upgrade_tasks section.
Change-Id: Ic6e8c1515bb16d29a285b5a5bdbd4971adf3e2c2
Closes-Bug: #1770634
The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.
Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
The neutron agents use things like dnsmasq and keepalived as part of
their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart. This patch triggers the creation and mounting of
wrappers for launching these processes in containers.
Related-Bug: #1749209
Depends-On: Icd4c24ac686d957391548a04722266cefc1bce27
Depends-On: I8d93f4eccde1dc6e55e10399184ee80671355769
Depends-On: Ib2d2ad4960ea34ec9e3fca1eeb322742341f7eb7
Change-Id: Iea53489c916765bcfd88d7d12e6a32e1b6276d81
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.
It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.
Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
Recent changes [1] [2] in ceph-ansible break old way of escaping
quotes in the Manila keyring caps.
1. 82ccbdafbc
2. 424815501a
Change-Id: I7ff5df0e602aff000c9a4213231b7abc68871fc4
Closes-Bug: 1769436
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.
Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
This patch mounts karaf.log file at /var/log/
container/opendaylight/. So the logs are now available
via docker logs and in file both.
Change-Id: Ib1275d42daf2896db9e6de6513070a0fba47ed40
We need to make collectd container start in the same step as Gnocchi,
so that we avoid occasional connection problems with collectd deployed
without working Keystone and Gnocchi.
Change-Id: Ifce5d3a7395d9ddf99e2d9097f71a222e8c64487
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.
To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.
[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd
Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>
Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
If gnocchi api is not enabled, the db sync cannot be run, as
it will fail due to an invalid config file.
Change-Id: If08b3ef4c87f501cf7fff690441351c74ebc4c98
This will allow webroot plugin for Let's Encrypt to actually work.
The container has no need to write in this location.
Change-Id: Ia76a0cc007abfdec6f25e1371eb696864f2925fd
Closes-Bug: 1768519
Instead of bind-mounting directly into the libvirt container,
follow the established approach for ditributing certificates
in containers.
Change-Id: Icdec38004df28988aa3a62019cb092c59d915f0e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Instead of bind-mounting in RW mode, follow the established
approach for ditributing certificates in containers.
Related-Bug: #1759049
Partial-Bug: #1767998
Change-Id: I6bcb72b8b600b6b1d916b64c161bca22c802cf07
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
NovaIronic service is deployed on the undercloud, not NovaCompute, so we
need to run the teardown tasks in NovaIronic otherwise nova-compute will
never be stopped during an upgrade.
Change-Id: Ifd65ff55c525abd5d27f4920b115fe32b69dbb9c
Use deploy_steps_tasks instead of external_deploy_tasks so we execute
the playbook on nodes that match "overcloud" group, which is the case of
the containerized undercloud.
Also add deploy_steps_tasks to tools/yaml-validate.py part of
OPTIONAL_DOCKER_SECTIONS.
Change-Id: Iaa6a05bf864cdb54a000ef74e6c5ab8e627ab0cf
There is no task, so we don't need this config, which leads to Ansible
error if a task is empty.
Change-Id: I8ca0d6f012e3bac68d052df117366d816c2b9cb6
Closes-Bug: #1768019
Instead of bind-mounting directly into the redis container,
follow the established approach for ditributing certificates
in containers.
Partial-bug: #1767998
Change-Id: Iff1a757c4893698ba550143d786088e5b9ffd714
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Modify the ceph-ansible execution so that it uses the ansible.cfg
that is shipped with ceph-ansible. ceph-ansible's own testing uses
this file and the project's maintainers recommend it be used.
This configuration file also uses ControlMaster=auto which is not
used by config download at this time. Adding this setting to the
ceph-ansible execution should make it take less time.
Change-Id: I774132eb8b7a43c921c0696635d56b4136301346
Closes-Bug: 1767252
It exposes the timeout as a parameter, sets the default to 30, and
makes it configurable.
Change-Id: If76475f359a020bf8eab55df7e3f5f674ea2e85d
Related-Bug: #1760118
Resolves an issue during scale out where the Swift set_swift_secret
container that sets the required Barbican key ID wasn't executing on a
Heat stack update if the container name and configs all stayed the same.
Closes-bug: 1767395
Change-Id: I683bb9e96eef73a014d5967a5930ef519ac34430
The overcloud inspector requires a IPA agent and ramdisk, provide
a mechanism so that they can be downloaded.
Change-Id: If19fb7bb3bf91f9aef3c00e07d2cf7862a0ec66a
Modifyign the certificate and key permissions for neutron was failing
during kolla start because the files were mounted as read only in the
container.
Related-Bug: 1759049
Change-Id: I99ccea35edb39ed98b537eb7f7947f1c957d79f9
Signed-off-by: Tim Rozet <trozet@redhat.com>