1285 Commits

Author SHA1 Message Date
Zuul
b01bee5639 Merge "Add fast_forward_upgrade_tasks in ironic services." 2018-05-15 18:17:25 +00:00
Jose Luis Franco Arza
6403c9b9bc Add fast_forward_upgrade_tasks in ironic services.
Ironic services already present in Newton release,
ironic-api and ironic-conductor, are missing their
fast_forward_upgrade_tasks section.

Change-Id: Ic6e8c1515bb16d29a285b5a5bdbd4971adf3e2c2
Closes-Bug: #1770634
2018-05-14 14:29:38 +02:00
Carlos Goncalves
0e87e640c8 Default Octavia SSH pub key to UC default keypair
The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.

Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
2018-05-11 15:33:18 +02:00
Zuul
dbe335df20 Merge "Mount ODL log file on host node" 2018-05-09 20:03:13 +00:00
Zuul
e64c10b9c1 Merge "Change template names to rocky" 2018-05-09 16:21:49 +00:00
Zuul
a09f481909 Merge "Add EnablePublicTLS flag" 2018-05-09 16:21:45 +00:00
Zuul
be4b9c1c4f Merge "Generate and mount wrappers for neutron agent processes" 2018-05-09 09:13:08 +00:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Brent Eagles
b022737652 Generate and mount wrappers for neutron agent processes
The neutron agents use things like dnsmasq and keepalived as part of
their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart. This patch triggers the creation and mounting of
wrappers for launching these processes in containers.

Related-Bug: #1749209
Depends-On: Icd4c24ac686d957391548a04722266cefc1bce27
Depends-On: I8d93f4eccde1dc6e55e10399184ee80671355769
Depends-On: Ib2d2ad4960ea34ec9e3fca1eeb322742341f7eb7
Change-Id: Iea53489c916765bcfd88d7d12e6a32e1b6276d81
2018-05-08 15:10:06 -02:30
Zuul
c7d18a4db3 Merge "Do not overescape the Manila keyring caps" 2018-05-08 13:43:34 +00:00
Juan Antonio Osorio Robles
1260da2746 Add EnablePublicTLS flag
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.

It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.

Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
2018-05-08 10:45:09 +00:00
Zuul
25741d4fd9 Merge "Delay collectd start" 2018-05-08 04:20:59 +00:00
Giulio Fidente
1dedf30fdd Do not overescape the Manila keyring caps
Recent changes [1] [2] in ceph-ansible break old way of escaping
quotes in the Manila keyring caps.

1. 82ccbdafbc
2. 424815501a

Change-Id: I7ff5df0e602aff000c9a4213231b7abc68871fc4
Closes-Bug: 1769436
2018-05-07 19:40:51 +00:00
Emilien Macchi
77aa6763f6 Undercloud upgrades will use upgrade_tasks
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.

Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
2018-05-05 06:52:34 +00:00
Zuul
09cd18eba0 Merge "[DNM] ceph-nfs: disable ganesha caching" 2018-05-05 00:06:27 +00:00
Zuul
72df07f8fd Merge "Octavia amphora image handling updates" 2018-05-04 17:59:23 +00:00
Zuul
a7257c2344 Merge "Instance HA: prevent compute to start on a host being evacuated" 2018-05-04 10:27:27 +00:00
Janki Chhatbar
d53522165e Mount ODL log file on host node
This patch mounts karaf.log file at /var/log/
container/opendaylight/. So the logs are now available
via docker logs and in file both.

Change-Id: Ib1275d42daf2896db9e6de6513070a0fba47ed40
2018-05-04 15:51:14 +05:30
Zuul
a9c5093fab Merge "Expose Horizon "DocumentRoot" on host" 2018-05-04 10:11:36 +00:00
Martin Mágr
9171eef1a7 Delay collectd start
We need to make collectd container start in the same step as Gnocchi,
so that we avoid occasional connection problems with collectd deployed
without working Keystone and Gnocchi.

Change-Id: Ifce5d3a7395d9ddf99e2d9097f71a222e8c64487
2018-05-03 16:42:39 +02:00
Zuul
bea70218ac Merge "Copy-in libvirt certs via kolla extended/start" 2018-05-03 06:39:54 +00:00
Zuul
4b1cdff1fc Merge "Copy-in neutron cert via kolla extended/start" 2018-05-03 05:18:34 +00:00
Damien Ciabrini
9602a9bafc Instance HA: prevent compute to start on a host being evacuated
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.

To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.

[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd

Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>

Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
2018-05-03 07:05:39 +02:00
Zuul
929c5675bf Merge "Add missing check for gnocchi api enabled" 2018-05-03 01:19:04 +00:00
Zuul
7b0957896f Merge "Download IPA kernel and ramdisk" 2018-05-02 20:18:30 +00:00
Zuul
2d252d8e7b Merge "Move Nova Compute undercloud upgrade logic into nova-ironic" 2018-05-02 16:22:08 +00:00
Zuul
fc57254d1d Merge "Copy-in redis certs via kolla extended/start" 2018-05-02 16:21:56 +00:00
Yolanda Robla
1651f4aa15 Add missing check for gnocchi api enabled
If gnocchi api is not enabled, the db sync cannot be run, as
it will fail due to an invalid config file.

Change-Id: If08b3ef4c87f501cf7fff690441351c74ebc4c98
2018-05-02 14:34:00 +00:00
Cédric Jeanneret
4f2c29e83f Expose Horizon "DocumentRoot" on host
This will allow webroot plugin for Let's Encrypt to actually work.
The container has no need to write in this location.

Change-Id: Ia76a0cc007abfdec6f25e1371eb696864f2925fd
Closes-Bug: 1768519
2018-05-02 15:15:31 +02:00
Bogdan Dobrelya
be5fd4eaeb Copy-in libvirt certs via kolla extended/start
Instead of bind-mounting directly into the libvirt container,
follow the established approach for ditributing certificates
in containers.

Change-Id: Icdec38004df28988aa3a62019cb092c59d915f0e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-05-02 14:24:32 +02:00
Bogdan Dobrelya
bce3452104 Copy-in neutron cert via kolla extended/start
Instead of bind-mounting in RW mode, follow the established
approach for ditributing certificates in containers.

Related-Bug: #1759049
Partial-Bug: #1767998

Change-Id: I6bcb72b8b600b6b1d916b64c161bca22c802cf07
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-05-02 08:35:57 +00:00
Emilien Macchi
a990a15dc5 Move Nova Compute undercloud upgrade logic into nova-ironic
NovaIronic service is deployed on the undercloud, not NovaCompute, so we
need to run the teardown tasks in NovaIronic otherwise nova-compute will
never be stopped during an upgrade.

Change-Id: Ifd65ff55c525abd5d27f4920b115fe32b69dbb9c
2018-05-01 11:53:22 -07:00
Zuul
b1f6f96d42 Merge "undercloud-upgrade: use deploy_steps_tasks for yum update" 2018-05-01 18:48:37 +00:00
Zuul
aeb5a8b077 Merge "Remove empty host prep tasks for Tempest" 2018-05-01 16:49:17 +00:00
Zuul
5d0bf89145 Merge "Add /var/log/opendaylight directory to ODL" 2018-05-01 12:25:38 +00:00
Zuul
0d42727ffa Merge "Execute ceph-ansible with its own ansible.cfg" 2018-05-01 01:09:31 +00:00
Emilien Macchi
88bfa38ae5 undercloud-upgrade: use deploy_steps_tasks for yum update
Use deploy_steps_tasks instead of external_deploy_tasks so we execute
the playbook on nodes that match "overcloud" group, which is the case of
the containerized undercloud.

Also add deploy_steps_tasks to tools/yaml-validate.py part of
OPTIONAL_DOCKER_SECTIONS.

Change-Id: Iaa6a05bf864cdb54a000ef74e6c5ab8e627ab0cf
2018-04-30 16:38:32 -07:00
Emilien Macchi
ca69e1c57d Remove empty host prep tasks for Tempest
There is no task, so we don't need this config, which leads to Ansible
error if a task is empty.

Change-Id: I8ca0d6f012e3bac68d052df117366d816c2b9cb6
Closes-Bug: #1768019
2018-04-30 19:57:23 +00:00
Zuul
7952d2e53a Merge "Add support to ironic "direct" deploy interface" 2018-04-30 15:18:26 +00:00
Zuul
5e17a83d02 Merge "Define Octavia SSH key name and file path" 2018-04-30 12:52:34 +00:00
Bogdan Dobrelya
04fd6ff1b1 Copy-in redis certs via kolla extended/start
Instead of bind-mounting directly into the redis container,
follow the established approach for ditributing certificates
in containers.

Partial-bug: #1767998

Change-Id: Iff1a757c4893698ba550143d786088e5b9ffd714
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-04-30 13:16:02 +02:00
Zuul
68a9a1c96a Merge "Add DeployIdentifier to Swift set_swift_secret container" 2018-04-28 13:54:20 +00:00
Zuul
a196a291cf Merge "Make novajoin vendordata timeout configurable" 2018-04-28 13:54:18 +00:00
Zuul
220ea00dfa Merge "Fixes chowning neutron cert/key perms" 2018-04-28 10:23:12 +00:00
Zuul
d147e837a7 Merge "Parameterizing Puppet Tags" 2018-04-28 04:55:10 +00:00
John Fulton
cf8c443ffb Execute ceph-ansible with its own ansible.cfg
Modify the ceph-ansible execution so that it uses the ansible.cfg
that is shipped with ceph-ansible. ceph-ansible's own testing uses
this file and the project's maintainers recommend it be used.

This configuration file also uses ControlMaster=auto which is not
used by config download at this time. Adding this setting to the
ceph-ansible execution should make it take less time.

Change-Id: I774132eb8b7a43c921c0696635d56b4136301346
Closes-Bug: 1767252
2018-04-27 12:27:47 -04:00
Juan Antonio Osorio Robles
52d4eb503d Make novajoin vendordata timeout configurable
It exposes the timeout as a parameter, sets the default to 30, and
makes it configurable.

Change-Id: If76475f359a020bf8eab55df7e3f5f674ea2e85d
Related-Bug: #1760118
2018-04-27 18:15:05 +03:00
Christian Schwede
5fd8757c5f Add DeployIdentifier to Swift set_swift_secret container
Resolves an issue during scale out where the Swift set_swift_secret
container that sets the required Barbican key ID wasn't executing on a
Heat stack update if the container name and configs all stayed the same.

Closes-bug: 1767395
Change-Id: I683bb9e96eef73a014d5967a5930ef519ac34430
2018-04-27 16:56:45 +02:00
Derek Higgins
af51fc9a30 Download IPA kernel and ramdisk
The overcloud inspector requires a IPA agent and ramdisk, provide
a mechanism so that they can be downloaded.

Change-Id: If19fb7bb3bf91f9aef3c00e07d2cf7862a0ec66a
2018-04-27 15:25:01 +01:00
Tim Rozet
542ec3590f Fixes chowning neutron cert/key perms
Modifyign the certificate and key permissions for neutron was failing
during kolla start because the files were mounted as read only in the
container.

Related-Bug: 1759049

Change-Id: I99ccea35edb39ed98b537eb7f7947f1c957d79f9
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-04-26 16:03:16 -04:00