22 Commits

Author SHA1 Message Date
Emilien Macchi
7c84a9b390 upgrades/validation: only run validation when services exist
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.

This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.

Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.

Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-03-01 19:49:00 +00:00
Sofer Athlan-Guyot
fb78213782 Put service stop at step1 and quiesce at step2.
In the previous release[1], the services were stopped before the
pacemaker services, so that they get a chance to send last message to
the database/rabbitmq queue:

Let's do the upgrade in the same order.

[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71

Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-28 19:20:13 +01:00
Jenkins
67b14a5996 Merge "neutron: don't set external_network_bridge option by default" 2017-02-23 00:06:28 +00:00
marios
d14c56e1b6 Adds a pre-upgrade check that service is running (step0)
Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).

You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:

parameter_defaults:
  SkipUpgradeConfigTags: validation

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-27 11:20:15 +02:00
Steven Hardy
df1e016ad7 Don't start all services during upgrade steps
Currently we start all OpenStack services in step6, but puppet
already does this, and sometimes services require configuration
to account for the new version after the yum update before they
will start.

So instead of reimplementing that configuration management in
ansible, just defer starting the services until puppet has run
which will happen right after the ansible upgrade steps complete.

Note there are some DB sync operations etc that we may also be able
to remove and let puppet do those steps, but I've left those in
for now, as we know there are some actions during that phase
e.g nova cells setup, which aren't yet handled by puppet.

Change-Id: Idc8e253167a4bc74b086830cfabf28d4aab97d28
2017-01-19 13:27:58 +00:00
Steven Hardy
04ed7e511d Add neutron service support for composable upgrades
Change-Id: I9c6116ddb4475b798876635cbb701214759fa33b
Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-13 14:10:55 +00:00
Steven Hardy
3c6ec654b4 Bump template version for all templates to "ocata"
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.

This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.

Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23 11:43:39 +00:00
Ihar Hrachyshka
21d2afd4bf neutron: don't set external_network_bridge option by default
It's deprecated, to be removed in Ocata, and it's discouraged to set it
to anything but the default value ('') that means that routers are not
plugged directly into br-ex, but allows l2 agent to do the wiring.

There are known issues with setting it to br-ex (like wrong port
statuses): If533cf7c4c379be78f5a15073accaff7f65973ab

The only caveat to setting it to the default ('') value is that in that
case l2 agent should be configured with bridge mapping for physical
networks. Since we already configure bridge_mappings for the agent, we
should be safe to unset the option.

Now that it's the default, there is no reason to override it in example
environments.

This patch also changes the description for the parameter to make it
more clear that users are not expected to set it unless they know what
they are doing. Also, moved the parameter into deprecated section to
make it even more clear it's not something to touch in new deployments.

Change-Id: Iade7fbaf92c8c601227f4456a15ea3f13a907ee2
Related-Bug: #1563070
2016-12-12 11:26:14 +00:00
Ihar Hrachyshka
d4db12b988 neutron: don't set router_delete_namespaces
It's no longer available in Neutron (removed in Mitaka). See:
I2a879213c3b095a007a4531f430a33cea9fdf1bd

Change-Id: I044c648eb8c4933667b8ea2c9159a30e5ebb7df3
2016-12-06 22:03:18 +00:00
Dan Prince
36aa652247 Neutron L3 service cleanups for hiera json hook
This patch resolves a few issues I noticed when porting our
Neutron L3 service to support the new heat hiera agent hook (which
uses Json instead of Yaml).

 - If NeutronExternalNetworkBridge is an emptry string '' Json was
   dropping the single quotes thus causing the bridge to get set
   incorrectly in the config file. To correct this we use a heat
   conditional to avoid setting the external bridge (the '' default
   is what we want in this case) if the bridge is an empty string.

Change-Id: I5037cbde6b76a37a4c22c4616278420e9d759109
Partial-bug: #1596373
2016-11-10 07:44:15 -05:00
Emilien Macchi
7322d60610 Enable firewalling by default on compute nodes
- Move VXLAN and VRRP rules from Neutron Server to the right services.
- Enable Firewall by default on Compute nodes.

Change-Id: I99d172dcedaf6be297aad184cc51fe9f292a57e1
2016-10-06 12:07:35 -04:00
Lars Kellogg-Stedman
0d9298bb8f Add fluentd client service
This implements support for installing fluentd agents as a composable
service on the overcloud.

Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940

Implements: tripleo-opstools-centralized-logging
Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-09-17 01:31:12 +00:00
Martin Mágr
25ad7b8e1e Availability monitoring agents support
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription

Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-31 09:22:59 -04:00
Dan Prince
3b62761d2f Add DefaultPasswords to composable services
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).

Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.

Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18 12:45:30 -04:00
Giulio Fidente
885b37c80e Pass ServiceNetMap to services
This will be needed to pick the network where the service has
to bind to from within the service template.

Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-18 12:36:18 -04:00
Brent Eagles
deb098c29a Add environment file to enable DVR
This patch adds support for conditionally enabling DVR by deploying the
L3 and metadata agents on the compute node and setting the proper
configuration values throughout.

Implements: blueprint neutron-dvr-support
Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
2016-08-04 10:59:59 -02:30
Jenkins
9aec3de5b8 Merge "Convert service_name to underscore syntax" 2016-07-29 08:52:05 +00:00
Steven Hardy
7df649f59e Convert service_name to underscore syntax
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api.  To enable dynamic generation of
this data, we need the service name in underscore format.

Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-28 16:31:36 +01:00
Emilien Macchi
315fa31963 Migrate Puppet Hieradata to composable services
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml
except for some services that are not composable yet.

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-27 12:23:38 -04:00
Dan Prince
6b30ff11d4 Add 'service_name' to composable services
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.

This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.

Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-22 07:29:39 -04:00
Giulio Fidente
a6438a2082 Pass MysqlVirtualIP via EndpointMap
By passing the MysqlVirtualIP via the EndpointMap we won't need it
to be provided as a parameter to the services.

This follows what is already happening for the glance registry
service with I9186e56cd4746a60e65dc5ac12e6595ac56505f0.

Change-Id: Iad2ab389bf64d0fc8b06eb0e7d29b5370ff27dff
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2016-05-30 10:22:59 +03:00
Dan Prince
59e2f29fd1 composable neutron l3 service
Adds new puppet and puppet pacemaker specific services for
the Neutron L3 agent.

Partially-implements: blueprint composable-services-within-roles

Change-Id: I0316043efe357a41ef3b4088a55d98dbb6d25963
2016-05-18 08:25:00 -04:00