Complements I5ad4956174346f0$24945852da09f3841c3378c2b.
Fix ironic_pxe/inspector containers missing the kolla_config sections
to recursively chown /var/lib/ironic* shared paths. That removes data
owning races across other ironic containers starting on earlier or the
same steps/order.
For example, when ironic_pxe_http fails to access the
/var/lib/ironic/httpboot path shared with ironic_conductor, the latter
reports errors like:
DriverLoadError: Driver, hardware type or interface ilo-pxe could not
be loaded. Reason: [Errno 13] Permission denied:
'/var/lib/ironic/httpboot/...
Fixing the dir owner allows HW provisioning to complete w/o such
errors.
Change-Id: I34b54077c1c610a4bed73129e9784b2fa353e944
Closes-bug: #1783762
There is a race condition where Ironic Inspector upgrade removes the
service packages, which has in dependency Neutron as well so it will try
to remove Neutron at Step 2 while other Neutron services need to be
stopped by Ansible first, also at Step 2.
The packages removals happen at Step 3, so this patch moves these tasks
to it, like we do for other services.
Change-Id: Ic14f7837d8d11fd5260ba7c5236018c9a6226e5e
Problem: RHEL and CentOS8 will deprecate the usage of Yum.
From DNF release note:
DNF is the next upcoming major version of yum, a package
manager for RPM-based Linux distributions.
It roughly maintains CLI compatibility with YUM and defines a strict API for
extensions.
Solution: Use "package" Ansible module instead of "yum".
"package" module is smarter when it comes to detect with package manager
runs on the system. The goal of this patch is to support both yum/dnf
(dnf will be the default in rhel/centos 8) from a single ansible module.
Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
We obvserve errors "DriverLoadError: Driver, hardware type or interface
ilo-pxe could not be loaded" as it uses the host level access to
/var/lib/ironic, which is owned by root. When we have the
host/container(s) shared access to a bind mounted dir, it needs to be
shared instead of the default private mode.
Additionally, fix the missing /var/lib/ironic ownership change in
the ironix-pxe's kolla config.
Related-bug: #1782267
Change-Id: I5ad4956174346f024945852da09f3841c3378c2b
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Add cleanup tasks for Ironic, Keystone Mistral and Zaqar, so when
upgrading an undercloud to be containerized, an operator can also
cleanup these services rpms.
Depends-On: I2af99d8bad58f12bd895b473ecb84e4f2091f738
Change-Id: I7e257cece9fa3bdd9f2d1be08ccdf5c681213149
To not to redefine variable multiple times in each service we
run check only once and we set fact. To increase readability of
generated playbook we add block per strep in services.
Change-Id: I2399a72709d240f84e3463c5c3b56942462d1e5c
Modify both the inspector and dnsmasq containers for the inspector to be
able to modify dnsmasq configuration on the fly to filter the dhcp
traffic.
The upgrade_tasks moved to the puppet service in order to be shared
between both the containerised and regular deployment. The upgrade_tasks
were amended with steps to clean-up the iptables inspector chain&rules.
With inspector no longer managing iptables rules, create new rules to
allow DHCP traffic on IronicInspectorInterface.
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Change-Id: Ic7e32acb8559a7a12cd8767dc68c343872a6a4e3
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.
Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
The overcloud inspector requires a IPA agent and ramdisk, provide
a mechanism so that they can be downloaded.
Change-Id: If19fb7bb3bf91f9aef3c00e07d2cf7862a0ec66a
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
This patch fixes permissions on the /var/lib/ironic directory when
it gets used by ironic-inspector. It was previously getting owned as
root:root which causes functional issues with the ironic-conductor
service on the same node which expects it to be ironic:ironic.
Change-Id: I408f791af1d6dca059836efc197d814ec63f942d
Closes-bug: #1746553
After merging [0], the step for each upgrade_task
is now handled in a 'when' condition. This patch
corrects some templates which where not following
that logic or had some syntax error.
[0] https://review.openstack.org/#/c/510902/
Change-Id: I5e42fa6b3d84ad6e0163900ee8146fd224fb5103
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.
This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)
The yaml-validate also now checks for duplicate 'when:' statements
Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
Step config is only required within the puppet_configs section
of docker/services/*. This patch drops the top level 'step_config'
and updates the unit tests accordingly.
Change-Id: I7dc7cfae3ef1965ec95b1d9ef23e7f162418c034
This should help operators find the new log files. We do have them
documented, but not everybody reads every word in the docs :)
The readme creation has ignore_errors: true so that if the directory
isn't present at all (e.g. on deployed server environments, which
don't have openstack packages installed), we don't fail the deployment
when we're not able to create the readme.
Change-Id: I6b36db7b7ce8b3e4da566eb7828d0c3b8646a14f
Partial-Bug: #1730957