Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.
In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.
This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).
Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
The script called destroy-patch-ports will break connection between the
integration bridge and provider bridges configured in Neutron config
files. See https://bugzilla.redhat.com/show_bug.cgi?id=1490281 for more
details about the reason.
With systemd, we have control over dependencies between services,
therefore we can tell that destroy-patch-ports service must be run
before neutron-openvswitch-agent. But we do not have this ability using
docker. That's why this patch simply calls the script before each start
of the agent. To avoid unnecessary breakage of patch ports, the script
was enhanced to check a canary flow on integration bridge and in case
the flow is there, it will not delete the patch ports. Presence of
canary flow on integration bridge means that bridge has been already
configured. It also implies provider bridges are configured too and thus
they can't cause the ARP storm as described in Red Hat Bugzilla 1490281.
NOTE: This patch requires the packaging side to be merged first:
https://review.rdoproject.org/r/#/c/10480/
Co-Authored-By: Dan Prince <dprince@redhat.com>
Closes-bug: #1731924
Change-Id: I005af23b1815c904ef63676553df9b14b7edfbfc
This updates the pull function here so that it matches
how paunch also handle's images, only pulling them if
the existing image doesn't already exist on the host.
Change-Id: I90ea41ccdfdb0b9206a63901554d002a5ec0fd3a
TLS certificates were introduced for the Neutron Base service in order
for Neutron to securely communicate with OVS via SSL/TLS. However, the
implementation only required Neutron DHCP agent (ODL deployment) to use
the certificates. The other OVS agents are not used in ODL deployments
and SSL/TLS use there may be added in the future. However, since other
services inherit NeutronBase config_settings, they will attempt to
generate certs. This certificate generation will fail because these
services do not inherit metadata settings.
This patch fixes the above issue by adding the metadata settings
inheritance to every service derived from NeutronBase.
Closes-Bug: 1754363
Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694
Signed-off-by: Tim Rozet <trozet@redhat.com>
Updating OpenStack (within release) means updating ODL from v1 to v1.1.
This is done by "openstack overcloud update" which collects
update_tasks. ODL needs 2 different steps to achieve this
minor update. These are called Level1 and Level2. L1 is
simple - stop ODL, update, start. This is taken care by paunch
and no separate implementation is needed. L2 has extra steps
which are implemented in update_tasks and post_update_tasks.
Updating ODL within the same major release (1->1.1) consists of either
L1 or L2 steps. These steps are decided from ODLUpdateLevel parameter
specified in environments/services-docker/update-odl.yaml.
Upgrading ODL to the next major release (1.1->2) requires
only the L2 steps. These are implemented as upgrade_tasks and
post_upgrade_tasks in https://review.openstack.org/489201.
Steps involved in level 2 update are
1. Block OVS instances to connect to ODL
2. Set ODL upgrade flag to True
3. Start ODL
4. Start Neutron re-sync and wait for it to finish
5. Delete OVS groups and ports
6. Stop OVS
7. Unblock OVS ports
8. Start OVS
9. Unset ODL upgrade flag
These steps are exactly same as upgrade_tasks.
The logic implemented is:
follow upgrade_tasks; when update_level == 2
Change-Id: Ie532800663dd24313a7350b5583a5080ddb796e7
Adds ffu tasks for the heat services -api, -api-cfn,
-api-cloudwatch and -engine under systemd are stopped
and also disabled (e.g. to be containerized, migrated httpd etc).
Services stopped step 1, package update step 6, dbsync step8.
Change-Id: Ida0b4cb7f6f0a9d966e2a79dd05460565d98aaf9
Adds ffu_tasks for ceilometer - stop services on step 1.
In the docker/ templates services are also disabled.
Lots of changes for ceilo-* since Newton:
--> openstack-ceilometer-api, -collector and -expirer are
removed in Pike and no longer in the templates. The disable
files are re-added by the parent review so these services
can be retired with ffu_tasks.
--> The disabled services are set back in environment for Fast
Forward Upgrade
Change-Id: I1c8ac2285ab222cfb7cb7ff898d222ae6e846567
fast_forward_upgrade_tasks for neutron covering Ocata and Pike.
- Service status check
- Stop service when updating from Ocata to Pike
- Update neutron package
- Db sync
bp fast-forward-upgrades
Change-Id: I8858bbab2d5ec0e5a88fff3275368711a0bf8a8a
This change adds all the required netapp environment configuartion
for glance in heat template.
Change-Id: Ib44796f77cbc50c3b3c37dcdd37a59f48a7baa1a
Closes-Bug: #1740456
We need to check the running services only on step 0. We need
to provide correct nova_cell0 DB url.
Change-Id: I1817f4da5578005c95570b77ce5e85380ac3ecf6
Murano dashboard has a dependency on heat-dashboard which is not yet in
the horizon image. The heat-dashboard was recently packaged in RDO [1]
but hasn't yet made it's way into current-tripleo or current-passed-ci.
We need to add the package into the kolla image once there is a RDO
promotion and re-enable the plugin.
[1] https://github.com/rdo-packages/heat-dashboard-distgit
Change-Id: I7c0ccd915d8429bb348c09ab621163aef275c669
Related-Bug: #1752132
This patch enables health check execution for Nova placement API
docker container.
Change-Id: I8c53308e07e1487eecb90f3c35864ea77a3c2937
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for Tacker docker container.
Change-Id: Id134a649e046625218c1593766b6833baaa9f168
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for gnocchi-metricd docker container.
Change-Id: I8717c56c35dc5a5ee7714ffaa48554ab7718035d
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for gnocchi-api docker container.
Change-Id: Ibe7dcfd4c5dcd1d2558fecbb8d0e7f2b880f275e
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for nova-migration-target
docker container. Nova compute image is used for this container
and support for this service has been implemented in previous release
already.
Change-Id: I2bf04544d4cf200ce7e3960a7c71ab15f013fe52
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for gnocchi-statsd docker container.
Change-Id: I6d0aa53aa9e3fbb4fd47300f8fa6a32574cfda9f
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for cinder-api docker container.
Change-Id: I4c51f8b7260eb04cd8a8c502ed1b80df4f025880
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for collectd docker container.
Change-Id: Ifd16dbb87073aecade5f2b68b060e56dec92c51e
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for aodh-api docker container.
Change-Id: Ie71eeabfd514ab17e8c8181f9c45e0a1e2f6c2bc
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for etcd docker container.
Change-Id: I6cb4380f897ed820f7ecd588610fb3cf80c4297a
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for ceilometer-agent-central docker container.
Change-Id: I8bfd49f0d1762b4dbf1952a3454e0fa6a42697bc
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for memcached docker container.
Change-Id: Ie3634af9c62787ab4059a18778d3a3632dec2500
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for iscsid docker container.
Change-Id: I39dc5fa64b3a9bccf485f335ee0ec6090c48a3c3
Depends-On: Ib82cb849540694106a869ec81694f1159967ee79
This patch enables health check execution for mistral api docker container.
Change-Id: I5e2c689c152a21aa12476789d4c64fb71b32d34f
Depends-On: Id10f0d52b1732003533aba6b5c89a5079baba852
This patch enables health check execution for mistral-event-engine
docker container.
Change-Id: I804da516d5fe335a0a050ce3aa3c6a44c2be9f59
Depends-On: I074f7911e8a41d45249dbbf277138bc80ee3a774
fast_forward_upgrade_tasks for keystone covering Ocata and Pike.
- Service status check
- Stop service when updating from Ocata to Pike
- Update keystone package
- Db sync
bp fast-forward-upgrades
Change-Id: I65b0c562c6e2545e99e9511d7b148c2130cc6b25
Configures certs/key for nova-novnc vencrypt when TLS is enabled on the
internal network. A dedicated IPA sub-CA can be used to restrict access,
however by default the main IPA CA is used.
Depends-On: Ic73bcbdbecc1bc05f43acdd5480370f37ead3fb8
Change-Id: I67ffd847dc2d1949833a9d7039ad51e4364e02da