The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl
parameters that we use in the same environment generate but since the
script did not fail, it made it past CI. This change fixes the
RabbitClientUseSsl parameter in the environment to match the new
RpcUseSsl flag and updates the check script to fail if this happens
again.
Change-Id: I47c63875c6934bca2903883787467fc1804ba5da
Closes-Bug: #1768358
Ansible doesn't like it when tasks are empty dicts so let's make sure
we aren't passing an empty dict in to the ansible tasks. Unfortunately
since we're validating non-heat processed yaml, the list_concats end
up being dicts to the yaml validator so we can't just ensure they are
always lists.
Change-Id: I13dcc4f3d4ea2ac4c7ab62887dfea293246f6530
Related-Bug: #1768019
Use deploy_steps_tasks instead of external_deploy_tasks so we execute
the playbook on nodes that match "overcloud" group, which is the case of
the containerized undercloud.
Also add deploy_steps_tasks to tools/yaml-validate.py part of
OPTIONAL_DOCKER_SECTIONS.
Change-Id: Iaa6a05bf864cdb54a000ef74e6c5ab8e627ab0cf
OVN doesn't support VXLAN networks. VLAN tenant networks
have limitations and should be blocked till they are fixed.
So we restrict tenant network to geneve.
Change-Id: I4cabde39c252a605d769e137ae402f6fbc5a3041
Closes-Bug: 1767070
Adds a new validation to check role_data for workflow_tasks. If found,
the validation will fail. Existing templates with workflow_tasks are
excluded for now until they are fully migrated to external_deploy_tasks.
Depends-On: I0cf206e8ceeecfca17dd99a83b8c2eaa50e66712
Change-Id: I830a5cda660f5f73ca3a98f4a886abce6989daf0
implements: blueprint deprecate-workflow-tasks
The quiet arg (-q) is cumulative and should suppress warnings when -qq is
specified per the help text. These warnings were previously added and
did not honor -qq.
Depends-On: I0cf206e8ceeecfca17dd99a83b8c2eaa50e66712
Change-Id: Ic9fe4d7934fa6ad9c4d689a5402f43231c245ada
Move new files, which made it into environments/services-docker.
Ensure YAML validate will not pass for environments/services-docker
any more.
Change-Id: If16cf6bdafa8e10480134d356a7d7787f1c0bd72
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
SoftwareConfig/StructuredConfig outputs aren't supported with
config-download given that Heat doesn't know what the output values will
since Ansible is applying all configuration after the stack is complete.
This validation will report a warning whenever it finds use of outputs on
these resource types.
After config-download is the default and the Heat driven method is no
longer supported, we can switch this warning to an error.
Change-Id: I44d5ee3bab3d05ab0a59261d15ea915c75b35713
Sometimes it is nice to know which templates
should be rendered into which files. For example,
if we need to define additional checks in the client.
Change-Id: I10d4dffcd3802f62fc824c808728c0b5b4f1002c
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Walk through services' templates role_data to identify
missing hiera interplolation of networks.
Use additionally provided interfaces for validations:
* search in dicts by keys or values matching some regex,
entering into lists as an option;
* safe get values by the discovered paths casted as lists,
like get_param/get_attr works for heat templates.
Add PyYAML missing to the requirements.txt.
Closes-bug: #1764315
Change-Id: Idef66ee96cbd67d23760a1cce9537ecc157c3429
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
no-tls-endpoints-public-ip.yaml is a new file that needs to be validated
among other TLS environments, so we can make sure that EndpointMap will
be constructed correctly with all needed endpoints.
Change-Id: I5e83b37d8fa757065a6dab87d6eeac1c345efd32
CephClient should be removed from the CephAll role.
The only thing it does is the key set which is already
handled by the ceph mon profile.
if not will cause Duplicate declaration: Class[Ceph::Keys]
Change-Id: I77bbec1edd21cd6a4212a381a1a7712adc4b604f
Related-Bug: 1722633
Since old-style nic config files can no longer be used in Queens
or Rocky (the format changed in Ocata), add a check in yaml-validate
to detect that old-style files are in use and list conversion script
that can be used.
Made some changes to the script to ask before overwriting the nic
config file and save a datestamped copy as backup. In addition,
the script now takes an optional parameter to define location
of run-os-net-config.sh.
Change-Id: Ic56c48fa35ab2f4c1762c0e370be03fbf2e7671c
Closes-Bug: 1753812
The resultin pre_upgrade_rolling_steps_playbook will be executed in a
node-by-node rolling fashion at the beginning of major upgrade
workflow (before upgrade_steps_playbook).
The current intended use case is special handling of L3 agent upgrade
when moving Neutron services into containers. Special care needs to be
taken in this case to preserve L3 connectivity of instances (with
regard to dnsmasq and keepalived sub-processes of L3 agent).
The playbook can be run before the main upgrade like this:
openstack overcloud upgrade run --roles overcloud --playbook pre_upgrade_rolling_steps_playbook.yaml
Partial-Bug: #1738768
Change-Id: Icb830f8500bb80fd15036e88fcd314bf2c54445d
Implements: blueprint major-upgrade-workflow
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
The ControlPlanePort interface changed in the deployed-server
ressource. It now takes an additional fixed_ips parameters.
This add the required parameter and is required for FFU testing in CI.
Adjust the validation to take the fixed_ips discrepancies between two
different templates interfaces in deployed-neutron-port and
ctlplane-port.
Change-Id: I58af23129bcba04a367d0169dcafd53d33ab42f2
Closes-Bug: #1755837
In last step of FFU we need to swich repos before running upgrade.
We do so by introducing post FFU steps and running the switch in
them. We also update heat agents and os-collect-config on nodes.
Change-Id: I649afc6fa384ae21edc5bc917f8bb586350e5d47
Updating OpenStack (within release) means updating ODL from v1 to v1.1.
This is done by "openstack overcloud update" which collects
update_tasks. ODL needs 2 different steps to achieve this
minor update. These are called Level1 and Level2. L1 is
simple - stop ODL, update, start. This is taken care by paunch
and no separate implementation is needed. L2 has extra steps
which are implemented in update_tasks and post_update_tasks.
Updating ODL within the same major release (1->1.1) consists of either
L1 or L2 steps. These steps are decided from ODLUpdateLevel parameter
specified in environments/services-docker/update-odl.yaml.
Upgrading ODL to the next major release (1.1->2) requires
only the L2 steps. These are implemented as upgrade_tasks and
post_upgrade_tasks in https://review.openstack.org/489201.
Steps involved in level 2 update are
1. Block OVS instances to connect to ODL
2. Set ODL upgrade flag to True
3. Start ODL
4. Start Neutron re-sync and wait for it to finish
5. Delete OVS groups and ports
6. Stop OVS
7. Unblock OVS ports
8. Start OVS
9. Unset ODL upgrade flag
These steps are exactly same as upgrade_tasks.
The logic implemented is:
follow upgrade_tasks; when update_level == 2
Change-Id: Ie532800663dd24313a7350b5583a5080ddb796e7
Also delete the newly rendered per-role sample nic config templates when
process-templates.py is called with --clean.
Change-Id: Ic77b3c9e243839201065260b5807d145c4bb9972
Extra checks:
- Check that only tags=['common', 'validate',
'pre-upgrade'] are accepted.
- Fail if tags not defined.
- Fail if 'step|int == ' condition inside 'when'
is not the evaluated first.
- Suggest the use of lists to append conditions
inside 'when'.
Change-Id: I15f6d4cb6f2a13d04580779a93a02daf86f8b412
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.
The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.
The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).
Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.
Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
When copying templates or files with the
process-templates.py's shutil, ignore cases when
the source and the destination are same files.
This allows the following scenario:
- Symlink t-h-t from the installed package to a work dir
- Process j2 templates with overwrite in the work dir
Required-by: https://review.openstack.org/#/c/542875
Change-Id: I9a9c32f05fde325709998f4fe8bc7fef6c25b5c5
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Templates processor fails to locate *.j2 files,
when a custom output dir is specified.
Ensure *.j2 templates are on their expected search
paths for upcoming pasring and rendering
Change-Id: Idbc93e27574c66a9a5a73e3fcd7e88647282f201
Closes-bug: #1748425
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
If ceph-nfs (ganesha) service is enabled, it's set up by ceph-ansible
and it can be used as a manila backend. Manila can be configured to use
ceph either directly (manila-cephfsnative-config-docker.yaml env file)
or through ganesha (environments/manila-cephfganesha-config-docker.yaml
env file).
Change-Id: Ib408c7827e5fba0c1b01388db26363806fc64370
Partially-Implements: blueprint nfs-ganesha