We need KernelIpNonLocalBind on the undercloud to bind non local ips
among other ip forward options. This sysctl parameter was managed by
instack-undercloud but never ported to the containerized undercloud.
We need the same sysctl parameters for parity with non containerized
undercloud.
Change-Id: Idd3d432b8f7eb573d94cd56be8e05614510ebddf
Related-Bug: #1774898
Add an OPNFV scenario environment that uses ODL for overcloud
networking and OVS for virthost networking.
Depends-On: I33602ac5521c4f059c1a0d08e3e828fb64d3c817
Depends-On: Ib7968c46a59f266c20628c36178d2235ad833915
Depends-On: I37405e41ec0f85249cef87c09c966cbe0f9baddf
Change-Id: If1f476bb933106456df3568978b4555dde190621
Modify both the inspector and dnsmasq containers for the inspector to be
able to modify dnsmasq configuration on the fly to filter the dhcp
traffic.
The upgrade_tasks moved to the puppet service in order to be shared
between both the containerised and regular deployment. The upgrade_tasks
were amended with steps to clean-up the iptables inspector chain&rules.
With inspector no longer managing iptables rules, create new rules to
allow DHCP traffic on IronicInspectorInterface.
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Change-Id: Ic7e32acb8559a7a12cd8767dc68c343872a6a4e3
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
We don't expect our operators to have SSH keys setup on the undercloud
node, so we don't want to block the PasswordAuthentication in
sshd_config.
Depends-On: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Change-Id: I10b112e8bffff30879606ddd970dfd3ec67fd9c7
Closes-Bug: #1772519
This patch adds the required parameters to the Compute role so the
agents are configured properly on upgrade.
Related-Bug: #1774199
Change-Id: Iab42ae0fb13e8e92cc9903432a95e04a94a5913c
To trigger ceph-ansible we need to make sure the WorkfowSteps
resource is enabled in ceph-upgrade-prepare env file.
Change-Id: Id760305971a68c397f9334265dd023b1e1884295
Closes-Bug: 1774647
We currently create /var/lib/docker-puppet/docker-puppet.sh
inside the mp_puppet_config() function which then gets
invoked in parallel via the following:
p = multiprocessing.Pool(process_count)
returncodes = list(p.map(mp_puppet_config, process_map))
This is problematic because we have the following potential race:
1) Process A opens /var/lib/docker-puppet/docker-puppet.sh for writing
2) Process B runs docker run and has the following bind mount:
/var/lib/docker-puppet/docker-puppet.sh:/var/lib/docker-puppet/docker-puppet.sh:z
3) Process B will fail because an exec of a file being written to
will return ETXTBSY
The deployment can fail due to the above with the following error:
[root@overcloud-controller-2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a401108cd827 192.168.24.1:8787/tripleoqueens/centos-binary-glance-api:current-tripleo-rdo "/var/lib/docker-p..." 19 minutes ago Exited (1) 19 minutes ago docker-puppet-glance_api
[root@overcloud-controller-2 ~]# docker logs docker-puppet-glance_api
standard_init_linux.go:178: exec user process caused "text file busy"
Since /var/lib/docker-puppet/docker-puppet.sh never changes
there is really no need to create it multiple times. Let's just
create it once before spawning the multiple docker run commands
so we avoid any ETXTBSY errors.
Ran 20 successful deployments in sequence with this change applied.
Change-Id: I16b19488ce9f1411273459576db76d16b318dacb
Closes-Bug: #1760787
- do not use set_fact when a lookup can be done directly in the task
- use multi-line YAML for easier legibility
- ignore errors in file lookup plugin when file does not exist and set defaults
Change-Id: I832a2ec34f4ed4a87e30d0c88f4c60bcf2f4c151
For containerized undercloud install this completes the image
preperation. The flow for undercloud install is now:
1. Early in tripleo deploy there is a dry-run prepare which generates
the heat environment for all of the image parameters
2. Here after the registry is installed, populate it by running
prepare again
This file is now a jinja template so that the prepare command has
access to the roles data. This reduces the number of images processed
to services which *might* be containerized, but we can't filter by
services which *are* containerised because we're inside the heat stack
and don't have access to the full heat environment. The actual image
numbers are:
136 prepare with no filtering
97 prepare filtering only by roles_data_undercloud.yaml
64 prepare with undercloud env+roles_data_undercloud.yaml filtering
This might be a time hit for undercloud jobs, but hopefully not
a big hit for undercloud+overcloud jobs because many of those extra images
will be used in the overcloud.
Change-Id: I7449ee364ec9e976fbe9df95024ce3c42f6459b5
Blueprint: container-prepare-workflow
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml
UpgradeImpact: NodeTLSData is not used anymore
Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
To not to redefine variable multiple times in each service we
split httpd_enabled to per service fact set in step|int == 0 block.
Change-Id: Icea0865aadd9253ead464247bf78f45842b3a578
Add "--bump-versions" option to Cinder's db sync command so that stale
RPC version info is purged from Cinder's DB. This ensures all Cinder
services use the latest RPC version after an upgrade.
Closes-Bug: #1774262
Change-Id: I935e65e765fe0a5a88b9cdce9a72b67555e7f9a6
In OpenDaylight, a config parameter is available to enable DSCP
marking inheritance for packets egressing out of OVS through
VXLAN/GRE tunnels.
Add a flag in TripleO to enable this parameter via puppet-opendaylight.
Change-Id: I3b192c8fc1bc92c1124d3b27c60ad5c0c4dd42f9