Ansible yum module installs all packages available in the repo
if you use asterix. We instead will use yum -y update name*.
Change-Id: I8e71367ae91faa06313711c6a954c61af705fd8f
Resolves: rhbz#1549845
Some container yaml file does not get the
service_config_settings from the base file.
This patch makes for the following docker yaml files get
the service_config_settings:
docker/services/neutron-l3.yaml
docker/services/neutron-metadata.yaml
docker/services/neutron-ovs-agent.yaml
Related-Bug: #1757066
Change-Id: Ifc8def10da0b10decd12efaab4452ff46f3c685b
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.
It should also be enabled on undercloud.
Also enables ``baremetal`` ML2 mechanism driver on undercloud.
Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.
[1] https://review.rdoproject.org/r/#/c/1360/.
Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
This init container runs docker-puppet manually and is responsible of
provisioning the mysql users and passwords. This currently doesn't get
ran every time since the configuration stays the same, even if the users
or passwords change (which are gotten from hieradata). Allowing this to
run every time will allow us to change database passwords
Closes-Bug: #1762991
Change-Id: I1f07272499b419079466cf9f395fb04a082099bd
As part of the minor update workflow and the update workflow, this changes
the pacemaker haproxy bundle resource to add the needed mount for public
TLS to work.
This also handles the reloading of the container to fetch any new certificates
and if needed, it will restart the pacemaker resource (for upgrades), since
we would need pacemaker to re-create the resource.
Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
Closes-Bug: #1759797
ovn-cms-options config option is mistakenly added as ovn-cms-opts.
As a result ovn_cms_options is never set in SBDB and OVN
mechanism driver is unable to schedule router as expected.
Change-Id: Iaa89a1dbec732c3aa743fa3f5cf1f4931e2ab9ef
Added nfs as an option to where CinderBackupBackend was hardcoded
as either ceph or swift. Also added some parameters for this
driver - CinderBackupNfsShare and CinderBackupNfsMountOptions
Depends-On: Ic0adb294aa2e60243f8adaf167bdd75e42c8e20e
Change-Id: I29a488374726676a28fb82f2f950db891fcf9627
Closes-Bug: #1744174
InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt.
Certmonger attempts to save the CA cert to this path as cert_t, however
/etc/ipa is etc_t.
Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is
arugably a more suitable location.
Change-Id: Ib275fc43dd772851511598a4932c19fcda706479
Neutron agents are using oslo-rootwrap-daemon to run
privileged commands. Containers inherit file descriptor
limit from docker daemon(currently:1048576) which is too
high and leading to performance issues. This patch set
nofile limit for neutron agent containers to 1024 which is
reasonable as before containers they were using host defaults
i.e 1024.
Depends-On: I0cfcf4e3e3e13578ec42e12f459732992fb3a760
Change-Id: Iec722cdfd7642ff3149f50d940d8079b9e1b7147
Related-Bug: #1760471
Zaqar was using mongodb by default but we haven't supported mongodb
since pike. This change switches Zaqar to use redis by default.
Change-Id: If6ed9fddf4a4fcff3bb9105b04df777ec8a8990e
Closes-Bug: #1761239
Name was defined as ceph_client instead of ceph_external.
Closes-Bug: 1761531
Change-Id: I5fd84bbdbb175d81e247664929f728fa1c5b4bdb
Signed-off-by: Tim Rozet <trozet@redhat.com>
The Neutron UID is not static and may be different between the host and
neutron container. Since we generate certificates and keys on the host
for neutron and then mount them in a container, it is highly likely the
container Neutron UID will not match the one used on the host to
generate the files and reading these files will fail in the container.
This patch modifies the permissions after the files are mounted in the
container to be owned by the correct Neutron UID.
Closes-Bug: 1759049
Depends-On: I83b14b91d1ee600bd9d5863acba34303921368ce
Change-Id: Ibad3f1af4b44459e96a6dc9937e5fcef3e6335f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
This reverts commit bd48087520c5f0846363bdc0c025508ba450ceb3.
After further inspection It seems that panko dbsync shouldn't be
needed, as it will upgrade an newly created empty db.
And this is assuming we find a way to:
- configure panko database connection properly
- create the db
Knowing that we don't have access to this information[1] as the
new hieradata haven't been rendered at this stage.
So all that to upgrade a newly (I guess empty) database seems like too
much trouble.
The db will be created in the last step of the FFU.
[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/ocata/puppet/services/panko-base.yaml#L39..L75
Change-Id: Ie68849a7033c199c339d28cdb10c3dba9419904b
Closes-Bug: #1760135
This is necessary for certain setups (such as enabling multiple LDAP
domains). So, instead of always adding checks every time to see if
we need to refresh or not, lets just do it always, thus simplifying
the already convoluted logic here.
Change-Id: Ie1a0b9740ed18663451a3907ec3e3575adb4e778
Closes-Bug: #1748219
Co-Authored-By: Raildo Mascena <rmascena@redhat.com>
