198 Commits

Author SHA1 Message Date
Zuul
2b9e5d412d Merge "Stop upgrade if a task on one node fails" 2018-11-27 05:42:23 +00:00
Zuul
82a79f3235 Merge "Run docker-puppet.py in debug mode." 2018-11-22 22:11:21 +00:00
Jiri Stransky
021d1b1efb Stop upgrade if a task on one node fails
When we were upgrading multiple nodes at the same time,
e.g. controllers, and a taks on one of the nodes failed, the other
nodes would keep upgrading. This is undersirable and can be fixed by
adding any_errors_fatal to the Ansible plays.

Change-Id: Iad2b5e32e955da41af4d2b8dd8ad8aa1eb5dffa9
Closes-Bug: #1804468
2018-11-21 15:48:53 +01:00
Emilien Macchi
eeb07fcb4a Honor --skip-deploy-identifier in common deploy tasks for updates
To continue the work that was done in
I711dbb00a9c34dbd96ef179ef41bff281b0001d1, we also need to skip the common
deploy tasks if --skip-deploy-identifier is passed by the operator.

When using --skip-deploy-identifier, the UpdateIdentifier is set to
None.
Ansible doesn't see None as "", so we really need to test if the
variable is defined or not. That patches changes the logic to test that.
We also support the case where the variable is set to "", and consider
is as empty which means we want to skip the deploy/updates.
It is also doing it for the update playbooks which includes tasks from
commont deploy.

It is not replicating the exact condition as in deploy_steps_playbook.
There is no need to also check if /var/lib/docker-container-startup-configs.json
file is here because it has been created during the initial deployment.

This fix the bug where --skip-deploy-identifier wasn't honored during
stack updates.

Co-Authored-By: Thomas Hervé <therve@redhat.com>
Co-Authored-By: Sam Doran <sdoran@redhat.com>

Change-Id: Ibab17dcaeebea65135fca4f40562109c90f36c27
Related-Bug: #1796924
2018-11-19 13:53:13 +00:00
Jose Luis Franco Arza
9527808075 Run docker-puppet.py in debug mode.
Allow running docker-puppet.py in
debug mode, depending on the value
of the ansible variable docker_puppet_debug.

This variable takes its value from DockerPuppetDebug,
which is set to true in the env file
environments/config-debug.yaml.

Change-Id: I7c88aa22dce3396c6a79843ac13db479ed987f9d
2018-11-15 11:24:10 +01:00
Quique Llorente
851bd0953a Use correct python version for puppet-docker.py
Now that we are running this at fedora28 with python3 we need to use
python3 to run python scripts at playbooks

Depends-On: I2c471724374da44eeddc4680b268bc362572ee27
Closes-Bug: #1802531
Change-Id: I42b18b228bfe361d19b580a853328c1a6c896257
2018-11-12 06:51:19 +00:00
Emilien Macchi
de798c5947 Use container_cli for post_upgrade_tasks & external_upgrade_tasks
- Export container_cli for post_upgrade_tasks & external_deploy_tasks
  and external_upgrade_tasks
- Replace "docker exec" by {{ container_cli }} exec in these tasks
  (cinder, nova, mysql, ironic and TLS).

Depends-On: Iff509f4dc09862a451ad5cf915aa7764a314c28c
Change-Id: I7b11f44c9255294863879aaff88d0dd1672bff6e
2018-11-05 12:00:46 -05:00
Emilien Macchi
da224f7a9c Export container_cli for update & upgrades & post upgrade tasks
container_cli will be used later by update, upgrade and post upgrade tasks.
This patch is separated from actual tasks, so we can quickly iterate in
multiple patches.

Change-Id: I1ed7dec0019113f1259bce986f354723237f6a25
2018-11-03 03:56:59 +00:00
James Slagle
16dff38eb4 Fix tasks in check mode
These tasks should have check_mode:no set so that they run in check
mode, as the variables they register are used in later tasks. Otherwise,
ansible in check mode fails with undefined variable errors.

Also, some tasks may fail due to not all requirements being available
since those requirements were not created by previous tasks that were
also ran in check mode.

This adds ignore_errors to these tasks, and sets the value to the
boolean ansible_check_mode which is provided by ansible and set based on
whether or not --check was passed to the ansible command line.

Change-Id: I84bc3c14ede37959a4078fd14ce4661b7bd23f84
2018-11-01 19:14:14 +00:00
James Slagle
5a5ad11d0b Add common vars to common plays
We should pass in the common vars to all the common plays in
deploy-steps.j2 so that tasks will have them available. Some of these
parameter driven variables were never actually wired up, so they didn't
work to begin with (such as enable_puppet/enable_debug).

Change-Id: I830e1ae21fe3e278a5f7591065d066c0a6883a9a
Closes-Bug: #1785635
2018-10-25 14:32:17 +02:00
Zuul
0797f537dc Merge "check mode: paunch configs" 2018-10-20 08:01:47 +00:00
Zuul
557e69c0dc Merge "check mode: docker_puppet_tasks" 2018-10-20 08:01:45 +00:00
Jill Rouleau
fc30066a35 Add stack output ansible_group_vars
This change adds a stack output to services/common.yaml that acts
as an interface for Ansible group variables.  Ansible vars provided
via this interface will be consumed by config-download and written
under $config-download-dir/group_vars/ where they can be accessed
by ansible commands.

Part of blueprint ansible-tasks-to-role.

Change-Id: Ib70e7dda13b4a3ed30af88906ba42c25cdc93038
2018-10-17 16:44:50 +00:00
Zuul
94943cfff9 Merge "Introduce proper steps to external update/upgrade tasks" 2018-10-17 15:03:47 +00:00
Zuul
c262998fcf Merge "check mode: docker_puppet" 2018-10-16 23:12:05 +00:00
Zuul
cac9d17663 Merge "Remove references to logging_source" 2018-10-13 09:06:39 +00:00
Zuul
52960f30dc Merge "Honor --skip-deploy-identifier in common deploy tasks" 2018-10-12 01:00:28 +00:00
Cédric Jeanneret
245da47a9d Add SELinux configurations for a proper Standalone deploy
With this patch, we're able to deploy a "standalone" stack using
podman on a fully-enabled SELinux system.

Change-Id: I4bfa2e1d3fe6c968c4d4a2ee1c2d4fb00a1667a1
2018-10-10 11:57:21 +00:00
James Slagle
a7955832df Honor --skip-deploy-identifier in common deploy tasks
To match the previous functionality when not using config-download, the
common deploy step tasks should be skipped for already deployed nodes
when using --skip-deploy-identifier.

This patch adds a task to check if one of the json configuration files
created by the common tasks already exists. If it does, and
--skip-deploy-identifier has caused an empty DeployIdentifier parameter
value, the tasks will be skipped for that node.

Change-Id: I711dbb00a9c34dbd96ef179ef41bff281b0001d1
Closes-Bug: #1796924
2018-10-09 11:55:13 -04:00
Juan Antonio Osorio Robles
cb3c72f37d Remove references to logging_source
This has been unused for a while, and even deprecation was scheduled
(although the patch never merged [1]). So, in order to stop folks
getting confused with this, it's being removed.

[1] https://review.openstack.org/#/c/543871/

Change-Id: Iada64874432146ef311682f26af5990469790ed2
2018-10-08 13:43:47 +03:00
Jiri Stransky
bcd6cde608 Introduce proper steps to external update/upgrade tasks
So far the tasks for external update/upgrade were not using the step
mechanism as other tasks, we had a single step. As external
deploy/update/upgrade tasks are being used for more things nowadays,
it's likely that we'll need to go towards a similar model like we have
for deploy/update/upgrade tasks -- proper usage of steps.

For now we have just 2:

* Step 0 for setting global facts, and performing validations.

* Step 1 for actual update/upgrade tasks. (There's an upcoming change
  to run online data migrations in step 1).

Change-Id: I1933bd0eedab71caab56c0e5d93ba7927fb7c20f
Partial-Bug: #1793332
2018-10-04 12:08:21 +02:00
James Slagle
b76a36eca1 check mode: paunch configs
Adds initial check mode support for the paunch container startup
configuration and kolla config files. This cleans up the formatting of
the generated files so that the diff shown duing check mode with --diff
is useful.

We can't actually run paunch during check mode as it doesn't yet have
any support for a dry run mode.

Change-Id: I9add7b9fda50847c111e91735bd55a1ddf32f696
2018-10-03 07:47:20 -04:00
James Slagle
29f05e1e6f check mode: docker_puppet_tasks
Adds check mode support for docker_puppet_tasks.

Since it's not possible to reliably determine what these tasks do, we
can't actually run them to get an idea of what might be changed. We can
however show the diff of the json file to get an idea of what would be
run.

Change-Id: I19e8bc9eb93d8acc8ee7d737770f9cc7e63f7a27
2018-10-03 07:47:20 -04:00
James Slagle
a6f9821821 check mode: docker_puppet
Adds check mode support for docker_puppet. The updated json file is
written to /var/lib/docker-puppet/check-mode/docker-puppet.json
during check mode and then diffed with the existing version at
/var/lib/docker-puppet/docker-puppet.json.

When docker-puppet.py is run during check mode, the updated json file
under the check-mode directory is passed to the command. All generated
config files are then written under /var/lib/config-data/check-mode,
which is then recursively diffed with the existing config under just
/var/lib/config-data to report on all changed config files.

Change-Id: I5c831e9546f8b6edaf3b0fda6c9fbef86c825a4c
2018-10-03 07:47:16 -04:00
James Slagle
6d0f16d430 check mode: puppet host
Adds check mode support for puppet host tasks.

This works by writing the new puppet host manifest under
/var/lib/tripleo-config/check-mode, and diffing it against the existing
version of the manifest.

Puppet is also run with --noop, so that it only reports on what changes
would have been made.

It also uses the check mode hiera configuration at
/etc/puppet/check-mode/hiera.yaml if it exists so that the updated hiera
data is also accounted for when puppet runs with --noop.

Depends-On: Ibe0c2ab79c35f04ce51e7a1ade0e8ff72b430163
Change-Id: I112b63096c8dce05176b0939a7678bec02987294
2018-10-01 13:59:59 -04:00
James Slagle
1b0c827930 Convert with_dict tasks to use loop and be less chatty
with_dict is replaced by ansible's loop:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#with-dict

This migrates tasks using with_dict over to use loop instead.

Additionally, when using loop (or with_dict), the entire loop item is
logged by default. This makes these tasks very verbose since we're
looping over large json/yaml files. Instead, use loop_control and label
ot only log the item key. The entire data structure already exists in
the config-download directory anyway, so there's no need to log the
whole thing to the console.

Change-Id: I1fc7431dfc662212b6ca64f4f738760f25b0c30b
2018-10-01 13:59:59 -04:00
Zuul
e516e8bfec Merge "Tag tasks in in common tasks" 2018-09-28 11:37:13 +00:00
Zuul
fd52b25c8b Merge "Remove "when failed" from debug task names" 2018-09-28 00:54:50 +00:00
Zuul
ebbfee9516 Merge "Tag step plays" 2018-09-28 00:54:48 +00:00
Cédric Jeanneret
57154fd084 Dropped "recurse" for idempotency
We should not need that recurse anyway.

Change-Id: I504b52a2bb3c89e75ac3402f259c317889c054e6
Closes-Bug: #1794251
2018-09-25 13:20:12 +02:00
James Slagle
961fdc22ee Tag tasks in in common tasks
Adds the following tags to relevant tasks in deploy-steps-tasks.yaml
that are common to all roles:

- host_config
- container_config
- container_config_tasks
- container_config_scripts
- container_startup_configs

The tags are tool agnostic, so hopefully they won't have to be updated
over time. They allow users to run only specific parts of the common
tasks.

Change-Id: Ia7476da222218411caddae887f99c029b4bccf23
2018-09-24 09:21:53 -04:00
James Slagle
13aaf52a46 Remove "when failed" from debug task names
This commit removes the "when failed" from the task title to eliminate
confusion.

These tasks always run to show the debug output for the previous task,
regardless of whether the the previous task failed or not. They will
show the debug output as long as the previous task finished (success or
failure).

Change-Id: I4e52bdc18885f13793550e5032fb1316a13b248c
2018-09-24 09:17:15 -04:00
James Slagle
bf6efb06c7 Tag step plays
This adds a tag step[1-5] to each of the plays within the jinja2 loop to
create our 5 deployment steps. Using these tags, it's possible to run
these plays individually if desired.

Change-Id: Ic705afbf174b4597d98c2b83041ff88dd8d6664c
2018-09-24 09:17:15 -04:00
Cédric Jeanneret
7719263c27 Ensure some directories are created with the correct SELinux label
As Podman doesn't create host location for bind-mount, we have to ensure
directories actually exists.
SELinux labels are also important, since Podman has selinux enabled by default,
and there is currently no way to disable it like in Docker.

Change-Id: Ic1bede203e8199a296944273cb334027dab940fe
2018-09-21 22:11:11 +00:00
Zuul
85da81624f Merge "Remove references to logging_group" 2018-09-19 08:01:19 +00:00
Emilien Macchi
e175e5ab2f Initial support for Podman in docker-puppet
Create a new parameter in TripleO: ContainerCli.
The default is set to 'docker' for backward compatibility but it allows
to also set to 'podman'.
When podman is selected, the right commands will be run so docker-puppet
can configure the containers when Podman is the selected container
library backend.

It removes the tripleo_logs:/var/log/tripleo/ mount that was used
by tripleo-ui but we shouldn't do that here. We'll create a bind mount
in tripleo-ui container later.

It run puppet with FACTER_hostname only if NET_HOST is disabled.

Change-Id: I240b15663b720d6bd994d5114d43d51fa26d76cc
Co-Authored-by: Martin André <m.andre@redhat.com>
2018-09-08 05:23:00 +00:00
Zuul
639a043f0d Merge "Allow performing Ceph update/upgrade separately" 2018-09-04 23:04:41 +00:00
Juan Antonio Osorio Robles
90234f4f2a Remove references to logging_group
This has been unused for a while, and even deprecation was scheduled
(although the patch never merged [1]). So, in order to stop folks
getting confused with this, it's being removed.

[1] https://review.openstack.org/#/c/543871/

Change-Id: Icc6b51044ccc826f5b629eb1abd3342813ed84c0
2018-08-29 13:43:30 +03:00
Zuul
06c4507550 Merge "Parallelize server pre and post steps" 2018-08-21 19:03:14 +00:00
Zuul
46ef074336 Merge "Default bootstrap_server_id" 2018-08-19 02:50:12 +00:00
James Slagle
d4d15d0407 Default bootstrap_server_id
When blacklisting all servers from the primary role, the yaql expression
to get the bootstrap_server_id value fails as it tries to index the list
at the 0'th element. In this case, default the bootstrap_server_id value
to a constant string which won't match any actual server id's.

Change-Id: Ibb26245156675f64709bab075875ce4b498b4db6
Closes-Bug: #1785665
2018-08-06 17:46:08 -04:00
James Slagle
553fc0d264 Pass all vars to deploy-steps-tasks.yaml with config-download
Not all vars were getting passed to deploy-steps-tasks.yaml when using
config-download. This didn't cause any issue because all the vars have
default value, but the user specified value should be honored as well.

Change-Id: I5972e1c674cf9008366c2bb10b54eb975ab8cb93
Closes-Bug: #1785635
2018-08-06 10:15:56 -04:00
James Slagle
6b506eea2c Parallelize server pre and post steps
Update the play for the server pre and post steps so that the tasks run
in parallel across all roles, instead of doing one role at a time. By
not using the "when" attribute, and relying on the tripleo_role_name var
for the list of deployments, we can force these tasks to run in parallel
across all roles.

Change-Id: I83a4deaa68d5788edb5ab13652bb30c762f337d8
2018-08-06 13:26:59 +00:00
Jiri Stransky
4504aadef6 Allow performing Ceph update/upgrade separately
Running `openstack overcloud external-update run` will update all
external services. This commit adds possibility of running `openstack
overcloud external-update run --tags ceph` to specifically update just
Ceph. It works analogically for upgrades.

Change-Id: Ic1786b6dbfa54516bfb836b450fc35452dca8cb5
Partial-Bug: #1783949
2018-08-02 15:04:22 +02:00
Jiri Stransky
6364f2286c Update and upgrade tasks for services deployed via external deploy tasks
Composable service templates can now define external_update_tasks and
external_upgrade_tasks. They are meant for update/upgrade logic of
services deployed via external_deploy_tasks. The external update
playbook first executes external_update_tasks and then
external_deploy_tasks, the procedure for upgrades works
analogously. All happens within a single playbook, so variables or
fact overrides exported from the update/upgrade tasks will be
available to the deploy tasks during the update/upgrade procedure.

Partial-Bug: #1783949
Change-Id: Ib2474e8f69711cd6610a78884d5032ffd19ad249
2018-08-02 15:04:15 +02:00
Emilien Macchi
6860fb84f5 Switch deployment_source_hosts default to "Undercloud"
"undercloud" host is too opinionated and hostnames can change. We should
rather apply the tasks to the Undercloud HostGroup, which contains one
host for now: the actual undercloud hostname.

So this patch switches "undercloud" to "Undercloud" so when the hostname
isn't "undercloud", the external tasks will run correctly on this host.

Change-Id: I7200f930387406e6cc8e6fee6d5278768074c892
Closes-Bug: #1784910
2018-08-01 16:35:21 -04:00
Quique Llorente
2f44dbd938 Revert "Fix deploy health checks"
This reverts commit bd1d5d72caf25010e373f1ad2ed6ebc5aee96914.

Closes-Bug: #1784307
Change-Id: Ia2c12d7455564b6297c5f0934812b10fabbdc914
2018-07-30 13:20:11 +01:00
Zuul
0dd0b62379 Merge "Fix deploy health checks" 2018-07-27 03:08:42 +00:00
Zuul
44514779bc Merge "Don't run host_prep_tasks from {{role}}HostPrepDeployment" 2018-07-26 06:58:56 +00:00
Oliver Walsh
bd1d5d72ca Fix deploy health checks
Allow up to 5 minutes for unhealthy and restarting containers to stabilise.

Change-Id: Icb0ef7648920e77fe368409f07612cdcba83e4cf
Related-Bug: 1782598
2018-07-24 13:30:33 +00:00