20 Commits

Author SHA1 Message Date
Zuul
feb42d79bf Merge "Fix a race when upgrading Neutron & Ironic on the undercloud" 2018-07-27 01:35:10 +00:00
Bogdan Dobrelya
9d9daebdda Fix ironic containers data owning races
Complements I5ad4956174346f0$24945852da09f3841c3378c2b.
Fix ironic_pxe/inspector containers missing the kolla_config sections
to recursively chown /var/lib/ironic* shared paths. That removes data
owning races across other ironic containers starting on earlier or the
same steps/order.

For example, when ironic_pxe_http fails to access the
/var/lib/ironic/httpboot path shared with ironic_conductor, the latter
reports errors like:

DriverLoadError: Driver, hardware type or interface ilo-pxe could not
be loaded. Reason: [Errno 13] Permission denied:
'/var/lib/ironic/httpboot/...

Fixing the dir owner allows HW provisioning to complete w/o such
errors.

Change-Id: I34b54077c1c610a4bed73129e9784b2fa353e944
Closes-bug: #1783762
2018-07-26 16:11:15 +03:00
Emilien Macchi
8b2fa8e7fc Fix a race when upgrading Neutron & Ironic on the undercloud
There is a race condition where Ironic Inspector upgrade removes the
service packages, which has in dependency Neutron as well so it will try
to remove Neutron at Step 2 while other Neutron services need to be
stopped by Ansible first, also at Step 2.
The packages removals happen at Step 3, so this patch moves these tasks
to it, like we do for other services.

Change-Id: Ic14f7837d8d11fd5260ba7c5236018c9a6226e5e
2018-07-25 01:40:52 +00:00
Emilien Macchi
b3a7cfc43f ansible: replace yum module by package module when possible
Problem: RHEL and CentOS8 will deprecate the usage of Yum.

From DNF release note:
DNF is the next upcoming major version of yum, a package
manager for RPM-based Linux distributions.
It roughly maintains CLI compatibility with YUM and defines a strict API for
extensions.

Solution: Use "package" Ansible module instead of "yum".

"package" module is smarter when it comes to detect with package manager
runs on the system. The goal of this patch is to support both yum/dnf
(dnf will be the default in rhel/centos 8) from a single ansible module.

Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
2018-07-21 00:17:25 +00:00
Bogdan Dobrelya
90a7a22f15 Fix containerized ironic bind-mounts
We obvserve errors "DriverLoadError: Driver, hardware type or interface
ilo-pxe could not be loaded" as it uses the host level access to
/var/lib/ironic, which is owned by root.  When we have the
host/container(s) shared access to a bind mounted dir, it needs to be
shared instead of the default private mode.

Additionally, fix the missing /var/lib/ironic ownership change in
the ironix-pxe's kolla config.

Related-bug: #1782267

Change-Id: I5ad4956174346f024945852da09f3841c3378c2b
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-07-20 10:45:34 +03:00
Emilien Macchi
fcc225159a undercloud: add missing services for upgrade cleanup
Add cleanup tasks for Ironic, Keystone Mistral and Zaqar, so when
upgrading an undercloud to be containerized, an operator can also
cleanup these services rpms.

Depends-On: I2af99d8bad58f12bd895b473ecb84e4f2091f738
Change-Id: I7e257cece9fa3bdd9f2d1be08ccdf5c681213149
2018-06-12 13:25:19 -07:00
Lukas Bezdicka
56bec75c02 Upgrades: Refactor playbooks to set facts
To not to redefine variable multiple times in each service we
run check only once and we set fact. To increase readability of
generated playbook we add block per strep in services.

Change-Id: I2399a72709d240f84e3463c5c3b56942462d1e5c
2018-06-08 11:46:12 +02:00
Milan Kováčik
a1a2048d47 Enable inspector dnsmasq dhcp filter
Modify both the inspector and dnsmasq containers for the inspector to be
able to modify dnsmasq configuration on the fly to filter the dhcp
traffic.

The upgrade_tasks moved to the puppet service in order to be shared
between both the containerised and regular deployment.  The upgrade_tasks
were amended with steps to clean-up the iptables inspector chain&rules.

With inspector no longer managing iptables rules, create new rules to
allow DHCP traffic on IronicInspectorInterface.

Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Change-Id: Ic7e32acb8559a7a12cd8767dc68c343872a6a4e3
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
2018-06-04 16:36:14 +02:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Emilien Macchi
77aa6763f6 Undercloud upgrades will use upgrade_tasks
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.

Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
2018-05-05 06:52:34 +00:00
Derek Higgins
af51fc9a30 Download IPA kernel and ramdisk
The overcloud inspector requires a IPA agent and ramdisk, provide
a mechanism so that they can be downloaded.

Change-Id: If19fb7bb3bf91f9aef3c00e07d2cf7862a0ec66a
2018-04-27 15:25:01 +01:00
Emilien Macchi
d86025593b Handle undercloud upgrades via host_prep_tasks
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.

Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.

Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
2018-04-12 18:14:28 -07:00
Dan Prince
8b578da433 inspector: fix perms on /var/lib/ironic
This patch fixes permissions on the /var/lib/ironic directory when
it gets used by ironic-inspector. It was previously getting owned as
root:root which causes functional issues with the ironic-conductor
service on the same node which expects it to be ironic:ironic.

Change-Id: I408f791af1d6dca059836efc197d814ec63f942d
Closes-bug: #1746553
2018-01-31 12:02:40 -05:00
Jose Luis Franco Arza
cc0c466044 Correct erroneous upgrade tasks.
After merging [0], the step for each upgrade_task
is now handled in a 'when' condition. This patch
corrects some templates which where not following
that logic or had some syntax error.

[0] https://review.openstack.org/#/c/510902/

Change-Id: I5e42fa6b3d84ad6e0163900ee8146fd224fb5103
2018-01-17 11:16:45 +01:00
marios
dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00
Carlos Camacho
927495fe3d Change template names to queens
The new master branch should point now to queens instead of pike.

So, HOT templates should specify that they might contain features
for queens release [1]

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens

Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
2017-11-23 10:15:32 +01:00
Zuul
6a72a9f1b4 Merge "Drop step_config as top level docker requirement" 2017-11-17 08:33:29 +00:00
Dan Prince
a307fe7ffc Drop step_config as top level docker requirement
Step config is only required within the puppet_configs section
of docker/services/*. This patch drops the top level 'step_config'
and updates the unit tests accordingly.

Change-Id: I7dc7cfae3ef1965ec95b1d9ef23e7f162418c034
2017-11-15 16:01:16 -05:00
Jiri Stransky
85ec193403 Write readme.txt into old log directories
This should help operators find the new log files. We do have them
documented, but not everybody reads every word in the docs :)

The readme creation has ignore_errors: true so that if the directory
isn't present at all (e.g. on deployed server environments, which
don't have openstack packages installed), we don't fail the deployment
when we're not able to create the readme.

Change-Id: I6b36db7b7ce8b3e4da566eb7828d0c3b8646a14f
Partial-Bug: #1730957
2017-11-14 10:35:11 +01:00
Dan Prince
b4de9e5fbc Add docker templates to configure Ironic inspector
Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: Ib3eab702c0ca5219ef6eb52861589d82f54c6db1
2017-10-30 14:35:27 -04:00