422 Commits

Author SHA1 Message Date
Zuul
e0f59eefd2 Merge "Removed ovs-dpdk workaround to fix the vhost socket permission" 2018-02-27 12:12:55 +00:00
Flavio Percoco
ec8d2bad4c Set openshift_(ip|hostname) to ctrlplane ip
When enabling network isolation, openshift-ansible picks the wrong ip
address as the default IP for the services. Set the IP to the ctrlplane
network by default, which works with and without network isolation.

Change-Id: I0deef6c2a71c1f2a34e6efed9586bbaa052b49c9
2018-02-26 12:16:12 +01:00
Zuul
24dd89b305 Merge "Remove unused DeploymentActions resource" 2018-02-21 15:29:43 +00:00
Zuul
092bab01a6 Merge "Add RHELRegistrationActions to rhel-registration template" 2018-02-21 15:29:39 +00:00
Zuul
f075e46076 Merge "Ensure node is rebooted before enabling DPDK" 2018-02-19 20:46:36 +00:00
Zuul
d7ec3c48ac Merge "Allow passing custom openshift-ansible playbook" 2018-02-19 20:46:28 +00:00
Steven Hardy
dcf126bc79 Remove unused DeploymentActions resource
This is potentially confusing now we added RHELRegistrationActions
since it's unused but mentions DeploymentActions.

Change-Id: Ifb335cb8055528fd9b64081b30e987524169dc95
2018-02-19 12:12:05 +00:00
Steven Hardy
db61b37345 Add RHELRegistrationActions to rhel-registration template
This can be used in the case where e.g a satellite has been added
after the initial deployment to re-register the nodes with the
satellite, even those nodes that already exist.

Change-Id: I944bc4c65b08de1ca08dd91f55764ebfe141dd9c
2018-02-19 12:12:02 +00:00
Saravanan KR
b7a70f5613 Removed ovs-dpdk workaround to fix the vhost socket permission
Change-Id: I5d8e31020700f13e21f4cfa2f1bfa14ff4c88e4a
2018-02-19 15:13:04 +05:30
Zuul
5a5d1a745c Merge "undercloud_post: fix subnet name" 2018-02-15 13:38:12 +00:00
Emilien Macchi
2468fe12e7 undercloud_post: fix subnet name
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.

Note: the subnet can't be overriden (yet) but for now we rely on the
default.

Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
2018-02-15 05:30:27 +00:00
Dan Prince
32fe279eec Undercloud: fix stackrc TLS URL detection
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.

Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
2018-02-15 00:02:39 +00:00
Martin André
cf1de90684 Allow passing custom openshift-ansible playbook
This allows deploying openshift from the packaged openshift-ansible or
from a git checkout more easily, by setting the
OpenShiftAnsiblePlaybook heat environment variable.

Change-Id: I60594faa10dfd817d94038b3938d7de269330e2e
2018-02-13 16:30:47 +01:00
Saravanan KR
f9e099f218 Ensure node is rebooted before enabling DPDK
In the PreNetworkConfig, the order of resources sent to os-collect-config
changed after introducing vhost user resource. The current order is
1. HostParametersDeployment
2. DpdkVhostGroupDeployment
3. RebootDeployment and EnableDpdkDeployment
Here the expectation is that RebootDeployment should be completed
before enabling DPDK, but since both are provided at the same time to
os-collect-config, DPDK is enabled first. The reson is RebootDepolyment
is having signal transport as NONE and EnableDpdkDeployment is moved
after reboot because of ovs2.7 change of restart vswitchd, when DPDK is
enabled. This is causing the a failure.
This patch modifies the order as below:
1. HostParametersDeployment and DpdkVhostGroupDeployment
2. RebootDeployment and RebootEnsureDeployment
3. EnableDpdkDeployment

Change-Id: I5db52d5dd833833c989532931baea8fac03f9cb7
2018-02-13 11:26:39 +05:30
Zuul
5e72697d48 Merge "OpenShift: Properly disable bare metal OVS" 2018-02-08 15:49:50 +00:00
Jiri Stransky
5ebcd23f0d OpenShift: Properly disable bare metal OVS
We're deploying containerized OpenShift, which means openshift-ansible
deploys also containerized OVS. When not disabled explicitly, the bare
metal OVS service seemed to persist at least partially, and it likely
caused issues with the containerized OVS, where nodes in `kubectl get
nodes` would go from Ready status to NotReady shortly after the
deployment finished.

Change-Id: I8952198be7f78a699cf363af2e10f26714e94850
Closes-Bug: #1741224
2018-02-08 11:06:46 +01:00
Flavio Percoco
5e0e06bd1b Move options out of the OpenShiftMaster template
Some of the options that had been hard-coded in the openshift-master
template should be configuratble in a per-deployment bases. This patch
moves them out into an environment file instead.

Change-Id: I4b6f6180b11f36b1212b9e887365a99b6ae12017
2018-02-07 17:18:01 +01:00
Jiri Stransky
254d1dee4b OpenShift: Accept generic global parameters
This will allow arbitrary config of global variables for
openshift-ansible, e.g. customizing SDN params according to:

https://docs.openshift.org/3.6/install_config/configuring_sdn.html

Also remove the setting which was meant to disable OVS service
handlers in openshift-ansible -- that wouldn't solve the problem
fully.

Change-Id: Ib87e5d38797da166826af90659e3d05da3352dcf
Related-Bug: #1741224
2018-02-07 17:17:29 +01:00
Zuul
91de1c223d Merge "Configure qemu group setting as hugetlbfs for ovs-dpdk" 2018-02-05 13:05:25 +00:00
Zuul
fc21b64061 Merge "Enable configuring tripleo-ipsec variables through IpsecVars" 2018-01-31 14:19:56 +00:00
Zuul
7a120b64e8 Merge "Do not format output for kubespray or openshift deployments" 2018-01-31 14:16:11 +00:00
Zuul
7a1ad4068e Merge "Remove unused pre_network configuration" 2018-01-31 09:44:01 +00:00
Juan Antonio Osorio Robles
0dcb51e101 Enable configuring tripleo-ipsec variables through IpsecVars
This exposes the IpsecVars heat parameter which in turn can set any
variable from the tripleo-ipsec ansible role.

Change-Id: Ie6ef4aa05567c739884c1d402fc59eea80b31506
2018-01-30 12:07:42 +00:00
Saravanan KR
785d1b2b38 Configure qemu group setting as hugetlbfs for ovs-dpdk
Till now, the ovs service file and ovs-ctl command files
are patched to allow ovs to run with qemu group. In order
to remove this workarounds, a new group hugetlbfs is created
which will be shared between ovs and qemu. This patch contains
the changes required for applying these changes.

Depends-On: I674cbd45e17906448dd54acfdf7a7059880b7278
Change-Id: Iec6be0b99e84b0c89f791c3c9694fe10f3a1e7db
2018-01-29 14:26:25 +05:30
Flavio Percoco
238675b25e Update to openshift 3.7
Packages and repositories for openshift 3.7 have been created already.
I've updated the version we are installing and tested this manually.

Change-Id: Id09242b637ca2a060f068887e10981eecaa59e4a
2018-01-25 14:02:05 +01:00
Flavio Percoco
a592631239 Assign labels to nodes
Make sure nodes have, at least, the region and zone labels to allow for
deployments to schedule infra PODs on them.

Change-Id: If3849a46391cfac7eb5dd556d5b65c831026a95c
2018-01-25 14:02:05 +01:00
Martin André
4254e58174 Do not format output for kubespray or openshift deployments
The output comes from ansible and is already fully readable as it is.
Also, because the previous task didn't have the 'failed_when: false'
directive, it would never reach the 'print xxx outputs' task in case of
failure, while showing the output twice on success.

It is safe to just delete the task.

Change-Id: I56b44aec0a549e184f46344ea362f655ab80b3b0
2018-01-19 17:55:13 +01:00
Zuul
313d42c4c7 Merge "Split IPSEC deployment in two" 2018-01-18 19:11:46 +00:00
Juan Antonio Osorio Robles
1363eda063 Split IPSEC deployment in two
The first phase sets up the node-to-node tunnels at step 1; this
ensures that the corosync cluster setup is done over the tunnels
and prevents any timeouts that were happening when the setup was
done after the cluster was up. This has the added value that all
the pacemaker communication is encrypted from the beginning.

The second phase is the VIP tunnel setup, which is in step 3. This
is because we need the VIPs to be setup by pacemaker, and we also
need pacemaker to be up.

Depends-On: Ib9a134648c74e5dfcbd7a8ebd2d67bda87992497
Change-Id: Ic402dc73044e2426b097ed0eaf57a77c5e6eef24
2018-01-18 08:31:29 +02:00
Sven Anderson
dc8a61b7b4 Replace hardcoded profile name with _TUNED_PROFILE_NAME_
The *-variables.conf file for tuned is hardcoded for the profile
"cpu-partitioning", which makes other profiles fail, that also need
the isolated_cores variable.

Change-Id: Iaeedfe5d7c501453fd2039b81c1603eff6125ebf
2018-01-16 16:20:18 +01:00
Zuul
0d24fdbd2e Merge "OvsDpdkMemoryChannels parameter default value" 2018-01-16 00:29:36 +00:00
Zuul
1af7729939 Merge "Convert tags to when statements for Q major upgrade workflow" 2018-01-13 09:39:38 +00:00
Carlos Camacho
7bf4edde5d Enhance completion message when upgrading non controller nodes
This adds a better completion message when upgrading a non
controller node.

Change-Id: I1cd765b1998f059702f0c17ccb67d54f6d5db362
Closes-Bug: 1703792
2018-01-11 10:08:30 +01:00
Jaganathan Palanisamy
2194cce7b8 OvsDpdkMemoryChannels parameter default value
This change is to update the memory channels parameter default
value in service yaml instead of environment yaml file.

Change-Id: Ia0a79b5dc3aa060b91d68e0d23cb1fb5b33eb020
Closes-Bug: #1741234
2018-01-11 00:42:59 -05:00
Zuul
7e148af75f Merge "OpenShift: allow scheduling on all nodes" 2018-01-08 13:48:35 +00:00
marios
dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00
Michael Henkel
4b2ef6887a Removal of Contrail templates
As a preparation for the new contrail microservices current templates are
removed.

Change-Id: Iea61fefe9a147b96cf00a008bbb61a482eb95a75
Closes-Bug: 1741452
2018-01-06 15:25:09 +00:00
Zuul
4c7389fa78 Merge "IPSEC: stop relying on cloning the repository from t-h-t" 2018-01-06 12:27:48 +00:00
Jiri Stransky
cfcfed7acc OpenShift: allow scheduling on all nodes
By default OpenShift won't allow scheduling on masters. We'll want to
deploy OpenStack pods on the controllers so we need this enabled, and
we'll need this for CI too.

Change-Id: Ia4190a23c04bda52b17eac50e57da891af615ff4
2018-01-05 12:03:36 +00:00
Juan Antonio Osorio Robles
fe3be577ab IPSEC: stop relying on cloning the repository from t-h-t
Since the ansible-tripleo-ipsec package is now available and
tripleo-heat-templates relies on it, we no longer need to clone
the tripleo-ipsec repo as part of the ansible tasks.

Change-Id: I513f748abeaee6589829e1d45483db9a7e7791ea
2018-01-05 06:22:18 +00:00
Emilien Macchi
eb324768d0 puppet apply: add --summarize
... so we can know how long take resources configuration in Puppet
catalogs, and more easily debug why we have timeouts.

Change-Id: If3fae8837140caae91120e46b4880146ffe22afc
2018-01-04 09:37:46 -08:00
Emilien Macchi
6a6872f390 Introduce OS::TripleO::Services::Rhsm
Background:
extraconfig/pre_deploy/rhel-registration interface has been maintained
for some time now but it's missing some features and the code overlaps
with ongoing efforts to convert everything to Ansible.

Plan:
Consume ansible-role-redhat-subscription from TripleO, so all the logics
goes into the Ansible role, and not in TripleO anymore.
The single parameter exposed to TripleO is RhsmVars and any Ansible
parameter can be given to make the role working.
The parameter can be overriden per roles, so we can think at specific
cases were some Director roles would have specific RHSM configs.
Once we have feature parity between what is done and what was here
before, we'll deprecate the old interface.

Testing:
Because RHSM can't be tested on CentOS, this code was manually tested on
RHEL against the public subscription portal. Also, we verified that
generated Ansible playbooks were correct and called the role with the
right parameters.

Documentation:
We'll work on documentation during the following weeks and explain
how to switch from the previous interface to the new one, and also
document new uses requested by our users.

Change-Id: I8610e4f1f8478f2dcbe3afc319981df914ce1780
2017-12-27 11:03:49 -08:00
Zuul
8809cd0ad4 Merge "Update templates alias to queens" 2017-12-23 07:20:34 +00:00
Zuul
1bf2793db8 Merge "Check for yum lock befor all yum* operations." 2017-12-20 16:25:39 +00:00
Carlos Camacho
b13728cac3 Update templates alias to queens
There are still some templates with the wrong
alias name. This patch updates them with the
correct version.

Change-Id: I43549ac98f3736029d4aaad1ead745caf40f9299
2017-12-20 10:27:23 +01:00
Ian Main
e144858927 Create flavors for undercloud
We weren't creating the default flavors for the undercloud.  Do it here!

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ic0b00ab42422e8d7f1ddd750d993c7919af0823e
2017-12-19 22:17:53 +00:00
Yurii Prokulevych
bfe876e01c Check for yum lock befor all yum* operations.
A previous (failed/hanging?) yum process blocks 'yum makecache'
 and 'yum check-update' operations, which leads to timeout during
minor update.

Change-Id: I461c1c722944813493f53f339054f420d6ddbe15
Related-Bug: #1704131
2017-12-19 12:01:05 +02:00
Zuul
42a07d7dc4 Merge "Fix permissions on .ssh directory." 2017-12-19 03:14:11 +00:00
Ian Main
5ada69131b Fix permissions on .ssh directory.
Typo I think.. should be 700.

Change-Id: Iaafe68328b507caff46c9d2610a72541f19b0979
2017-12-15 19:31:24 +00:00
Jiri Stransky
88bbed3d85 Add readme for experimental extraconfig/services
These services only work with the new Ansible deploy workflow, which
is currently considered experimental because it's yet to be integrated
with UI.

Change-Id: Ia3f6b62118696792c6581f08f1beb5c75742c66f
2017-12-15 15:41:23 +00:00