1113 Commits

Author SHA1 Message Date
Steven Hardy
3a7baa8fa6 Convert ServiceNetMap evals to hiera interpolation
Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.

In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.

This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
2018-03-10 08:18:30 +00:00
Zuul
448598d681 Merge "Fixes certificate generation error for Neutron agents" 2018-03-10 02:06:55 +00:00
Jakub Libosvar
e860b9580c neutron: Call destroy-patch-ports before starting ovs-agent
The script called destroy-patch-ports will break connection between the
integration bridge and provider bridges configured in Neutron config
files. See https://bugzilla.redhat.com/show_bug.cgi?id=1490281 for more
details about the reason.

With systemd, we have control over dependencies between services,
therefore we can tell that destroy-patch-ports service must be run
before neutron-openvswitch-agent. But we do not have this ability using
docker. That's why this patch simply calls the script before each start
of the agent. To avoid unnecessary breakage of patch ports, the script
was enhanced to check a canary flow on integration bridge and in case
the flow is there, it will not delete the patch ports. Presence of
canary flow on integration bridge means that bridge has been already
configured. It also implies provider bridges are configured too and thus
they can't cause the ARP storm as described in Red Hat Bugzilla 1490281.

NOTE: This patch requires the packaging side to be merged first:
      https://review.rdoproject.org/r/#/c/10480/

Co-Authored-By: Dan Prince <dprince@redhat.com>

Closes-bug: #1731924

Change-Id: I005af23b1815c904ef63676553df9b14b7edfbfc
2018-03-09 15:28:13 -05:00
Dan Prince
a28892df4f docker-puppet.py: don't pull if image exists
This updates the pull function here so that it matches
how paunch also handle's images, only pulling them if
the existing image doesn't already exist on the host.

Change-Id: I90ea41ccdfdb0b9206a63901554d002a5ec0fd3a
2018-03-08 12:26:31 -05:00
Zuul
19803e6174 Merge "ffu: Introduce Neutron fast-forward upgrade tasks" 2018-03-08 17:20:41 +00:00
Tim Rozet
df31016a9a Fixes certificate generation error for Neutron agents
TLS certificates were introduced for the Neutron Base service in order
for Neutron to securely communicate with OVS via SSL/TLS.  However, the
implementation only required Neutron DHCP agent (ODL deployment) to use
the certificates.  The other OVS agents are not used in ODL deployments
and SSL/TLS use there may be added in the future.  However, since other
services inherit NeutronBase config_settings, they will attempt to
generate certs.  This certificate generation will fail because these
services do not inherit metadata settings.

This patch fixes the above issue by adding the metadata settings
inheritance to every service derived from NeutronBase.

Closes-Bug: 1754363

Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-03-08 11:05:33 -05:00
Zuul
07857e3f87 Merge "Add support of netapp configuration for glance in THT" 2018-03-08 14:35:00 +00:00
Zuul
48c1cbf43b Merge "Add fast_forward_upgrade_tasks for ceilometer services" 2018-03-08 13:29:26 +00:00
Janki Chhatbar
98faacad44 Minor update steps for ODL
Updating OpenStack (within release) means updating ODL from v1 to v1.1.
This is done by "openstack overcloud update" which collects
update_tasks. ODL needs 2 different steps to achieve this
minor update. These are called Level1 and Level2. L1 is
simple - stop ODL, update, start. This is taken care by paunch
and no separate implementation is needed. L2 has extra steps
which are implemented in update_tasks and post_update_tasks.

Updating ODL within the same major release (1->1.1) consists of either
L1 or L2 steps. These steps are decided from ODLUpdateLevel parameter
specified in environments/services-docker/update-odl.yaml.

Upgrading ODL to the next major release (1.1->2) requires
only the L2 steps. These are implemented as upgrade_tasks and
post_upgrade_tasks in https://review.openstack.org/489201.

Steps involved in level 2 update are
 1. Block OVS instances to connect to ODL
 2. Set ODL upgrade flag to True
 3. Start ODL
 4. Start Neutron re-sync and wait for it to finish
 5. Delete OVS groups and ports
 6. Stop OVS
 7. Unblock OVS ports
 8. Start OVS
 9. Unset ODL upgrade flag

These steps are exactly same as upgrade_tasks.
The logic implemented is:
follow upgrade_tasks; when update_level == 2

Change-Id: Ie532800663dd24313a7350b5583a5080ddb796e7
2018-03-08 17:20:47 +05:30
Zuul
ca6f35c5e9 Merge "FFU: Add memcached fast forward upgrade tasks" 2018-03-07 17:59:28 +00:00
marios
fa66d68c08 Adds fast_forward_upgrade_tasks for Heat services
Adds ffu tasks for the heat services -api, -api-cfn,
-api-cloudwatch and -engine under systemd are stopped
and also disabled (e.g. to be containerized, migrated httpd etc).
Services stopped step 1, package update step 6, dbsync step8.

Change-Id: Ida0b4cb7f6f0a9d966e2a79dd05460565d98aaf9
2018-03-07 17:41:27 +01:00
marios
92624d6730 Add fast_forward_upgrade_tasks for ceilometer services
Adds ffu_tasks for ceilometer - stop services on step 1.
In the docker/ templates services are also disabled.

Lots of changes for ceilo-* since Newton:
  --> openstack-ceilometer-api, -collector and -expirer are
      removed in Pike and no longer in the templates. The disable
      files are re-added by the parent review so these services
      can be retired with ffu_tasks.
  --> The disabled services are set back in environment for Fast
      Forward Upgrade

Change-Id: I1c8ac2285ab222cfb7cb7ff898d222ae6e846567
2018-03-07 16:20:57 +01:00
Lee Yarwood
de40fe5cbd ffu: Introduce Neutron fast-forward upgrade tasks
fast_forward_upgrade_tasks for neutron covering Ocata and Pike.
- Service status check
- Stop service when updating from Ocata to Pike
- Update neutron package
- Db sync

bp fast-forward-upgrades
Change-Id: I8858bbab2d5ec0e5a88fff3275368711a0bf8a8a
2018-03-07 15:59:38 +01:00
Pradeep Kilambi
c5a08fdc24 FFU: add fast forward upgrade support for sensu client
bp fast-forward-upgrades

Change-Id: I5b09f20aa273904cf7a0949e10ca9137827a4957
2018-03-07 15:58:59 +01:00
Zuul
55150b315d Merge "Add step to run secret_store_sync before instance startup" 2018-03-06 19:25:31 +00:00
Zuul
6bfbf10668 Merge "FFU: Fix nova fast forward steps" 2018-03-06 13:38:25 +00:00
Zuul
af8c426aab Merge "Add support for libvirt VNC TLS" 2018-03-05 20:27:01 +00:00
Ade Lee
86793eea52 Add step to run secret_store_sync before instance startup
Change-Id: Ibe4e5023b8773ee70ee914118628acc5c149f379
2018-03-05 14:18:47 -05:00
Zuul
2f37f93c6e Merge "Disable murano horizon plugin until dep is met" 2018-03-02 14:37:33 +00:00
Zuul
dee442fec2 Merge "Enable mistral-api health check" 2018-03-02 02:43:49 +00:00
Pranali Deore
5f7fdb1656 Add support of netapp configuration for glance in THT
This change adds all the required netapp environment configuartion
for glance in heat template.

Change-Id: Ib44796f77cbc50c3b3c37dcdd37a59f48a7baa1a
Closes-Bug: #1740456
2018-03-01 17:07:34 +05:30
Lukas Bezdicka
6f49d078ef FFU: Add memcached fast forward upgrade tasks
Change-Id: I5f37b6789b641ef09bb82efa756471b3b78fd641
2018-03-01 11:55:34 +01:00
Lukas Bezdicka
30382323ce FFU: Fix nova fast forward steps
We need to check the running services only on step 0. We need
to provide correct nova_cell0 DB url.

Change-Id: I1817f4da5578005c95570b77ce5e85380ac3ecf6
2018-02-28 17:04:46 +01:00
Martin André
c2538f78f1 Disable murano horizon plugin until dep is met
Murano dashboard has a dependency on heat-dashboard which is not yet in
the horizon image. The heat-dashboard was recently packaged in RDO [1]
but hasn't yet made it's way into current-tripleo or current-passed-ci.

We need to add the package into the kolla image once there is a RDO
promotion and re-enable the plugin.

[1] https://github.com/rdo-packages/heat-dashboard-distgit

Change-Id: I7c0ccd915d8429bb348c09ab621163aef275c669
Related-Bug: #1752132
2018-02-27 18:10:29 +01:00
Martin Mágr
472b2f4ab4 Enable nova placement health check
This patch enables health check execution for Nova placement API
docker container.

Change-Id: I8c53308e07e1487eecb90f3c35864ea77a3c2937
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 16:26:12 +01:00
Martin Mágr
e9bf3415c6 Enable Tacker health check
This patch enables health check execution for Tacker docker container.

Change-Id: Id134a649e046625218c1593766b6833baaa9f168
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:36:30 +00:00
Martin Mágr
2415b5e1ec Enable gnocchi-metricd health check
This patch enables health check execution for gnocchi-metricd docker container.

Change-Id: I8717c56c35dc5a5ee7714ffaa48554ab7718035d
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:36:06 +00:00
Martin Mágr
1e7544dafc Enable gnocchi-api health check
This patch enables health check execution for gnocchi-api docker container.

Change-Id: Ibe7dcfd4c5dcd1d2558fecbb8d0e7f2b880f275e
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:35:44 +00:00
Martin Mágr
9cf63b91b3 Enable nova-migration-target health check
This patch enables health check execution for nova-migration-target
docker container. Nova compute image is used for this container
and support for this service has been implemented in previous release
already.

Change-Id: I2bf04544d4cf200ce7e3960a7c71ab15f013fe52
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:35:15 +00:00
Martin Mágr
02eb6193e3 Enable gnocchi-statsd health check
This patch enables health check execution for gnocchi-statsd docker container.

Change-Id: I6d0aa53aa9e3fbb4fd47300f8fa6a32574cfda9f
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:34:32 +00:00
Martin Mágr
d93ac6b491 Enable cinder-api health check
This patch enables health check execution for cinder-api docker container.

Change-Id: I4c51f8b7260eb04cd8a8c502ed1b80df4f025880
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:33:49 +00:00
Martin Mágr
3a76b9e7ba Enable collectd health check
This patch enables health check execution for collectd docker container.

Change-Id: Ifd16dbb87073aecade5f2b68b060e56dec92c51e
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:33:27 +00:00
Martin Mágr
1beaa8dcb9 Enable aodh-api health check
This patch enables health check execution for aodh-api docker container.

Change-Id: Ie71eeabfd514ab17e8c8181f9c45e0a1e2f6c2bc
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:28:57 +00:00
Martin Mágr
c5ca4da03f Enable etcd health check
This patch enables health check execution for etcd docker container.

Change-Id: I6cb4380f897ed820f7ecd588610fb3cf80c4297a
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:27:27 +00:00
Martin Mágr
57fe34b4c5 Enable ceilometer-agent-central health check
This patch enables health check execution for ceilometer-agent-central docker container.

Change-Id: I8bfd49f0d1762b4dbf1952a3454e0fa6a42697bc
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:26:58 +00:00
Martin Mágr
1e19b2e9d0 Enable memcached health check
This patch enables health check execution for memcached docker container.

Change-Id: Ie3634af9c62787ab4059a18778d3a3632dec2500
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:26:12 +00:00
Martin Mágr
98a63abc64 Enable iscsid health check
This patch enables health check execution for iscsid docker container.

Change-Id: I39dc5fa64b3a9bccf485f335ee0ec6090c48a3c3
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
2018-02-26 14:25:45 +00:00
Brad P. Crochet
a929185e68 Enable mistral-api health check
This patch enables health check execution for mistral api docker container.

Change-Id: I5e2c689c152a21aa12476789d4c64fb71b32d34f
Depends-On: Id10f0d52b1732003533aba6b5c89a5079baba852
2018-02-26 12:54:16 +00:00
Brad P. Crochet
b2c996c8d7 Enable mistral-event-engine health check
This patch enables health check execution for mistral-event-engine
docker container.

Change-Id: I804da516d5fe335a0a050ce3aa3c6a44c2be9f59
Depends-On: I074f7911e8a41d45249dbbf277138bc80ee3a774
2018-02-26 12:24:52 +00:00
Lee Yarwood
934850895f ffu: Introduce Keystone fast-forward upgrade tasks
fast_forward_upgrade_tasks for keystone covering Ocata and Pike.
- Service status check
- Stop service when updating from Ocata to Pike
- Update keystone package
- Db sync

bp fast-forward-upgrades
Change-Id: I65b0c562c6e2545e99e9511d7b148c2130cc6b25
2018-02-23 12:15:57 +01:00
Oliver Walsh
37a339d2b0 Add support for libvirt VNC TLS
Configures certs/key for nova-novnc vencrypt when TLS is enabled on the
internal network. A dedicated IPA sub-CA can be used to restrict access,
however by default the main IPA CA is used.

Depends-On: Ic73bcbdbecc1bc05f43acdd5480370f37ead3fb8
Change-Id: I67ffd847dc2d1949833a9d7039ad51e4364e02da
2018-02-22 15:46:39 +00:00
Zuul
f0b8dfa09f Merge "Enable multipathd health check" 2018-02-22 14:24:22 +00:00
Zuul
8903415680 Merge "Add cisco VTS ML2 template for a dockerized service and default environment settings" 2018-02-22 11:16:59 +00:00
Zuul
c96b58c028 Merge "ffu: Introduce Glance fast-forward upgrade tasks" 2018-02-21 19:35:12 +00:00
Zuul
9416bcc21d Merge "ffu: Introduce Cinder fast-forward upgrade tasks" 2018-02-21 19:33:17 +00:00
Zuul
a9531dc8d2 Merge "ffu: Introduce Nova fast-forward upgrade tasks" 2018-02-21 19:31:37 +00:00
Zuul
d8279a9d7d Merge "FFU: Introduce gnocchi fast-forward-upgrade tasks" 2018-02-21 19:26:15 +00:00
Zuul
db7f5ec2ed Merge "ffu: Introduce Swift fast-forward upgrade tasks" 2018-02-21 19:16:35 +00:00
Zuul
9f978d7425 Merge "Add new encryption middleware to swift proxy" 2018-02-21 16:09:54 +00:00
Zuul
655412089a Merge "Allows for configuration of the Ceph cluster name" 2018-02-21 16:09:51 +00:00