3750 Commits

Author SHA1 Message Date
Zuul
c464b3d206 Merge "Added Dell EMC SC multipath support" 2018-11-27 05:42:25 +00:00
Zuul
b8206cc0f5 Merge "Fluentd deprecation releasenote" 2018-11-26 16:14:27 +00:00
Zuul
687c3cd90c Merge "Add customized libvirt-guests unit file to properly shutdown instances" 2018-11-26 15:03:50 +00:00
Steven Hardy
fd088e2fe7 Adjust haproxy-public-tls-inject.yaml bootstrap variable
In RDO CI we're seeing this undefined, but haproxy_short_bootstrap_node_name
is defined, which proves https://review.openstack.org/#/c/605046/ is included
and working.

The root cause is that the haproxy_public_tls_inject_service is actually
created via the haproxy template as a nested stack, so we need to use
haproxy_short_bootstrap_node_name instead

Change-Id: I870825140b8947a1845307b5bec1bcff387c15c0
Closes-Bug: #1804433
2018-11-23 06:26:46 +00:00
Zuul
6ae97d1587 Merge "Sensu Deprecation note" 2018-11-22 21:49:09 +00:00
Zuul
444657edd2 Merge "Cleanup nova metadata port in nova api service" 2018-11-22 21:48:08 +00:00
Zuul
07241f33d1 Merge "Revert "Revert "Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name""" 2018-11-21 05:08:05 +00:00
Zuul
a163736d2f Merge "Add more NSX config parameters" 2018-11-19 18:39:26 +00:00
Zuul
da0f6f98a1 Merge "Enable Glance Image Cache" 2018-11-19 12:34:19 +00:00
Martin Schuppert
9f478ee18e Add customized libvirt-guests unit file to properly shutdown instances
If resume_guests_state_on_host_boot is set in nova.conf instances
need to be shutdown using libvirt-guests after nova_compute container
is shut down. Therefore we need a customized libvirt-guests unit file
which:
1) removes the dependency to libvirt (non container) that it don't
   get started as a dependency and make the nova_libvirt container
   to fail.
2) adds a dependency to docker related services that a shutdown of
   nova_compute container is possible on system reboot.
3) stops nova_compute container
4) shutdown VMs

This is a missing part of Bug 1778216.

Change-Id: Ic4b7b427827114fcec0f4973a200461e811ee53a
Related-bug: 1778216
2018-11-19 09:54:39 +01:00
Zuul
3694dee4b3 Merge "Fix ansible conditional for ovs upgrade." 2018-11-16 16:55:56 +00:00
Zuul
80e22a5aa0 Merge "Configure cinder's access to the nova API" 2018-11-16 03:56:47 +00:00
Sofer Athlan-Guyot
49e9d44d00 Fix ansible conditional for ovs upgrade.
Change-Id: I3a9f56217bb365b844acdf1d65776038c5bf9378
Closes-Bug: #1803154
2018-11-16 00:29:35 +00:00
Zuul
08fdd01b68 Merge "Move set of database_connection to OctaviaBase" 2018-11-15 21:08:47 +00:00
Pranali Deore
bd870fbac8 Enable Glance Image Cache
Enabling glance image cache by setting up value of 'flavor' to
'keystone+cachemanagement' in glance-api.conf from THT.

Change-Id: I9a87d8edcb2e98ae45e98439b44b659916e44d89
blueprint: split-controlplane-glance-cache
2018-11-15 16:37:21 +05:30
Alan Bishop
f49ca18155 Configure cinder's access to the nova API
Configure cinder to use the nova API's admin endpoint instead of the
default public endpoint. Add the necessary auth credentials so that
cinder can access nova's API as a privileged user, which is required
for certain actions (see [1]).

[1] https://git.openstack.org/cgit/openstack/cinder/tree/cinder/compute/nova.py#n86

Closes-Bug: #1802347
Depends-On: I925e25bcc352955560fc449fc5287e56beb12ca3
Depends-On: Ia357ea41f8472d47e266d853f120a14b767e880d
Change-Id: Ic0eef51c1dafd4a1378f5317390e7c09f1d429cd
2018-11-14 16:51:20 -05:00
Steven Hardy
97c111bf1e Revert "Revert "Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name""
This reverts commit 3cbaadd09c034629fb20e3c663ad64b3b468f77b.

Change-Id: Ib344a3b89d3755891bd0d34faad96e4fe20ee524
2018-11-13 14:17:00 +00:00
Martin Schuppert
57cda0b66e Cleanup nova metadata port in nova api service
Nova metadata api is running via http wsgi in its own service.
Therefore we can cleanup the ports definition being opened by
nova api service.

Change-Id: I3066806f8810e30742516c3ca14afc12a1c95bbc
2018-11-13 12:59:41 +01:00
Alex Schultz
fb0e8f62fc Convert dynamic lookups to use colon notation
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.

Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
2018-11-12 21:21:49 -07:00
Zuul
117d8e966f Merge "Handle LP openvswitch meta-package on upgrade" 2018-11-12 13:01:02 +00:00
Zuul
71bd36bb57 Merge "Enable _member_ role for undercloud install." 2018-11-09 19:19:28 +00:00
Zuul
6669b10a38 Merge "Rework neutron/own agent wrapper tools for podman" 2018-11-09 13:53:29 +00:00
Zuul
581b88d716 Merge "Do not purge the Ironic Inspector dhcp-hostsdir" 2018-11-09 10:15:47 +00:00
Zuul
90d022a129 Merge "Added all keystone log files to fluentd" 2018-11-09 06:42:08 +00:00
Zuul
27c931baa8 Merge "Handle difference between future and current container_cli" 2018-11-09 06:42:06 +00:00
Brent Eagles
1773afb068 Handle LP openvswitch meta-package on upgrade
With layered product packaging upgrading openvswitch may involve a
package rename of the openvswitch package (e.g. openvswitch to
openvswitch 2.10 or openvswitch2.12 to openvswitch2.13) This patch
adds special handling for the rhosp-openvswitch layered product package
to ensure that openvswitch networking remains available during the
upgrade.

Note that this patch also moves the special upgrade logic to
tripleo-packages because it could affect any node that is running
openvswitch for host networking, not just those that are using it for
cloud workloads.

Closes-Bug: #1794359

Change-Id: Ibd64ac1407333c1548261f9d2ae69cdf013e94ce
2018-11-08 14:54:28 -03:30
Jiri Stransky
978c5978ae Handle difference between future and current container_cli
During upgrade we may have container_cli be Podman but the containers
may still be running on Docker. Handle this situation in the upgrade
tasks which are the last-resort online data migration if user forgot
to trigger them earlier, as they seem to be hitting this issue.

We must support both options at the same time, because the upgrade
code must be idempotent (re-runnable). When running upgrade 1st time,
the containers will be running in Docker, when re-running the upgrade
(e.g. because a part of it failed), the containers will be running in
Podman.

Once we converge onto a single solution and do not have to support
migration, this commit can be reverted.

Change-Id: I933ce754f081ee87ec53d5f8d9c901ab71dceb1e
Closes-Bug: #1802085
2018-11-08 10:40:07 +01:00
Zuul
86e79e047e Merge "Add support for configuring ppc64le in ironic" 2018-11-07 21:42:23 +00:00
Sofer Athlan-Guyot
1c64c2c07b Enable _member_ role for undercloud install.
During upgrade, as we don't use instack_undercloud anymore, we missing
the _member_ role to the admin user.

This creates the necessary hooks in tht to have the member role
created during upgrade (and install for that matter).

This passes on the keystone_enable_member to puppet-tripleo, but it
needs a patch there as well for this mechanism to fully work.

Change-Id: I2319ed876eba7f21c0e80444bf78ca080fef252a
Depends-On: https://review.openstack.org/611919
Partial-Bug: #1799177
2018-11-07 14:30:40 +01:00
Bogdan Dobrelya
8f4738362a Rework neutron/own agent wrapper tools for podman
Add ContainerCli parameter, default to docker. Possible values:
podman/docker (default).

Deprecate DockerAdditionalSockets so it does nothing for podman.
Nested podman CLI replaces docker sockets. Only bind mount
/var/lib/openstack for the neutron/ovn agents for docker.

Support debug messages for Neutron/OVN wrappers controled via
NeutronWrapperDebug and OWNWrapperDebug (defaults to False). Or
globally controlled by Debug.

Make the wrapper containers managed by its parent processes and
not exited/removed forcibly, when the parent container restarts.

Background for podman CLI replacing the docker socket:

We'll use 'nsenter -m -n -p -t 1 podman' in wrappers
to execute podman in the same namespaces as on the host
and to NOT bind-mount world for that, like:
- /sys/fs/cgroup:/sys/fs/cgroup
- /run/libpod:/run/libpod
- /run/containers:/run/containers
- /run/runc:/run/runc
- /run/runc-ctrs:/run/runc-ctrs
- /var/lib/containers:/var/lib/containers
- /etc/containers:/etc/containers:ro
- /usr/bin/podman:/usr/bin/podman:ro
- /usr/bin/runc:/usr/bin/runc:ro
- /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro
- /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro
...

We cannot use chroot /host instead as there is more bind-mounts to use
outside of the /host chroot. Maybe varlink is a good replacement for
all of that, but it's not there yet.

Change-Id: I055fb7a5fd20932c5bee665bb96678f3ae92bffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-11-07 09:48:40 +01:00
Zuul
6cd75e791b Merge "Use container_cli for post_upgrade_tasks & external_upgrade_tasks" 2018-11-06 05:13:32 +00:00
Zuul
47ef133ec1 Merge "Set TraceEnable directive for apache to 'Off'" 2018-11-06 05:04:13 +00:00
rajinir
72eea3c6ea Added Dell EMC SC multipath support
Added a new parameter CinderDellScMultipathXfer to
support cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer
to the Dell EMC SC Cinder iSCSI volume driver template.

Depends-On: https://review.openstack.org/#/c/611126/
Change-Id: I04f42ce0cd117f7dcc7a817274ea7664d9995864
2018-11-05 12:48:41 -06:00
Zuul
9e67edf32d Merge "Add posibilities to set default timeouts for octavia" 2018-11-05 17:14:07 +00:00
Emilien Macchi
de798c5947 Use container_cli for post_upgrade_tasks & external_upgrade_tasks
- Export container_cli for post_upgrade_tasks & external_deploy_tasks
  and external_upgrade_tasks
- Replace "docker exec" by {{ container_cli }} exec in these tasks
  (cinder, nova, mysql, ironic and TLS).

Depends-On: Iff509f4dc09862a451ad5cf915aa7764a314c28c
Change-Id: I7b11f44c9255294863879aaff88d0dd1672bff6e
2018-11-05 12:00:46 -05:00
Zuul
c6a5a6f345 Merge "Add chrony time service" 2018-11-05 03:01:00 +00:00
Zuul
1ef3efc61f Merge "Fix tasks in check mode" 2018-11-03 01:33:21 +00:00
Zuul
d9652ebe5e Merge "Move metadata file creation for netapp to puppet-tripelo from THT" 2018-11-03 01:23:05 +00:00
Zuul
d341da504b Merge "Sets ODL OVSDB inactivity probe timer" 2018-11-03 01:23:02 +00:00
Harald Jensås
48e7aba0bf Do not purge the Ironic Inspector dhcp-hostsdir
Since the ironic-inspector service and the dnsmasq
service for ironic-inspector is running in different
containters, having the ironic-inspector service
start/stop the dnsmasq service is non-trivial.

Using `--pid="host"` and making the containers
priviligeied seems less than ideal.

This changes the ironic-inspector configuration so
that it will no longer purge the dhcp-hosts dir on
intialization. Purging the directory without also
restarting (or HUP) the dnsmasq service can cause
the configuration in the DHCP service to deviate
from what ironic-inspector intend it to be.

Related-Bug: #1780421
Depends-On: Icc532115891c567dde20a28110bf08f54187c49f
Change-Id: Id26b578b57c46f9993459f83b5f90393d7798a82
2018-11-02 23:29:37 +00:00
Carlos Goncalves
73cedbc851 Move set of database_connection to OctaviaBase
Other Octavia services like octavia-worker also require setting of
database connection in order to access the octavia database.

Closes-Bug: #1797098
Depends-On: https://review.openstack.org/#/c/612395/

Change-Id: I33a08521a4cfffc709de850b99f9292ca464537e
2018-11-02 19:38:53 +01:00
Zuul
61800c2c63 Merge "Set correct project name for designate-neutron integration" 2018-11-02 16:32:21 +00:00
Zuul
fb066c168a Merge "Add /v2 suffix to Designate uris" 2018-11-02 16:32:19 +00:00
Zuul
6c21a25eb2 Merge "Add parameters for cinder storage availability zones" 2018-11-02 09:54:12 +00:00
Rabi Mishra
2777c2b7d8 Set TraceEnable directive for apache to 'Off'
Openstack service don't support TRACE requests, so there is little
point allowing TRACE for apache.

Change-Id: I396a4c3bfab8f353d038b011d5dc8029f4137a57
Closes-Bug: #1801298
2018-11-02 12:10:55 +05:30
James Slagle
16dff38eb4 Fix tasks in check mode
These tasks should have check_mode:no set so that they run in check
mode, as the variables they register are used in later tasks. Otherwise,
ansible in check mode fails with undefined variable errors.

Also, some tasks may fail due to not all requirements being available
since those requirements were not created by previous tasks that were
also ran in check mode.

This adds ignore_errors to these tasks, and sets the value to the
boolean ansible_check_mode which is provided by ansible and set based on
whether or not --check was passed to the ansible command line.

Change-Id: I84bc3c14ede37959a4078fd14ce4661b7bd23f84
2018-11-01 19:14:14 +00:00
Steve Baker
d5728ef0b1 Pass DockerRegistryMirror to prepare
This is required to fix bug #1800958 so that DockerRegistryMirror is
available to make mirror requests during prepare.

Change-Id: If896c22bf449a3ac91ca363648f84dd5b9aef227
2018-11-01 14:50:23 +13:00
Zuul
92ffd5cf75 Merge "Add OpenStack clients service" 2018-11-01 01:35:45 +00:00
Alex Schultz
2d59a92a34 Add chrony time service
Add a chrony service configuration. The chrony service configuration
includes tasks to ensure that the ntpd service is stopped prior to
configuring chronyd. Since both can be switched back and forth, the ntpd
configuration is also updated to stop chronyd prior to attemping to
configure the ntpd service.

Change-Id: Ie5e8183c000915f28166c842cecc04f445c013ae
Related-Blueprint: tripleo-chrony
2018-10-31 18:55:19 +00:00
Juan Badia Payno
de7b5ce651 Sensu Deprecation note
Sensu is going to be remove in future releases.

Change-Id: Iecd7845f5b57c56f4f39ff6965969184eef8ebf2
2018-10-30 11:36:32 +01:00