9905 Commits

Author SHA1 Message Date
Mark Goddard
33564a0097 Remove RabbitMQ support from Bifrost
During the Train cycle, Bifrost switched to using JSON-RPC by default
for Ironic's internal communication [1], avoiding the need to install
RabbitMQ. This simplifies things, so we may as well remove our custom
configuration of RabbitMQ.

[1] https://review.openstack.org/645093

Change-Id: I3107349530aa753d68fd59baaf13eb7dd5485ae6
2019-04-10 11:30:50 +01:00
Mark Goddard
d93c604d7a Remove shutdown of MariaDB
Since we are now in the Train cycle, we can be sure that any running
MariaDB containers can be safely stopped, and we do not need to perform
an explicit shutdown prior to restarting them.

Change-Id: I5450690f1cbe0c995e8e4b01a76e90dac2574d61
Related-Bug: #1820325
2019-04-08 12:25:27 +01:00
Mark Goddard
3e77798f66 Set previous release to Stein
Now that the stable/stein branch has been cut, we can set the previous
release to Stein. This is done in kolla-ansible for rolling upgrades,
and in CI configuration for upgrade tests.

Change-Id: I87269738db9521fc22a6ce3aee67d9ab00d47e2a
2019-04-08 12:25:27 +01:00
ce6222ae8b Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: I4a9a0eab03f3dd06bf2214ed6d6e8db6af5bd032
Sem-Ver: feature
2019-04-05 14:00:22 +00:00
Zuul
688ec75e45 Merge "Change heat bootstrap to use internal API interface" 2019-04-05 08:11:23 +00:00
Zuul
d08f06dd64 Merge "Add support for ovsdb conversion" 8.0.0.0rc1 2019-04-04 07:46:14 +00:00
Zuul
d9a0734fc5 Merge "Use database_address and database_port var for mariadb check" 2019-04-04 07:35:08 +00:00
Jim Rollenhagen
524f969bfc Use database_address and database_port var for mariadb check
This is how services reach mariadb; verify it that way.

Closes-Bug: #1823005
Change-Id: I9924ad050118b8a853e2309654a089f65178cd77
2019-04-03 12:54:21 +00:00
Michal Nasiadka
86910a94db Change heat bootstrap to use internal API interface
This patch fixes Heat deployment with TLS self-signed certs.

Change-Id: Iadf67d1a5eb2b771e34d27fbced5aad15f271822
Closes-Bug: #1822990
2019-04-03 13:22:08 +02:00
Mark Goddard
8c4ab41ffa Check configuration file permissions in CI
Typically, non-executable files should have 660 or 600 and executable
files and directories should have 770. All should be owned by the
'config_owner_user' and 'config_owner_group' variables.

This change adds a script to check the owner and permissions of config
files under /etc/kolla, and runs it at the end of CI jobs.

Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab
Related-Bug: #1821579
2019-04-03 08:48:00 +00:00
Mark Goddard
a4bb8567da Fix up config file permissions on the host
Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.

Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
Closes-Bug: #1821579
2019-04-02 17:23:31 +01:00
Zuul
0b67ce93eb Merge "Use ipc_mode: host for manila share" 2019-04-02 15:21:37 +00:00
Zuul
cb845f7585 Merge "Tidy up release notes for Stein release" 2019-04-02 11:34:32 +00:00
liyingjun
313d7871aa Use ipc_mode: host for manila share
ipc_mode: host should be set for manila share when using LVM driver[1].

[1]: https://docs.openstack.org/manila/latest/install/install-share-rdo.html

Change-Id: If57e623f381f8de1e1433916f2ec37455ad3becd
Closes-bug: #1822713
2019-04-02 11:42:59 +08:00
Zuul
c7ef124557 Merge "Change action to kolla_action" 2019-04-02 03:42:38 +00:00
Zuul
1ee374835a Merge "Cleanup glance-registry" 2019-04-01 11:13:55 +00:00
白永君
4bdb0f3570 Change action to kolla_action
the action show be kolla_action in kolla-ansible/cyborg
Closes-bug: #1822555
Change-Id: I3dd909ae785dd43d5faabbc3fdd5f8bb8aca370b
2019-04-01 18:03:47 +08:00
Zuul
1b64c88986 Merge "Remove recurse: yes for owner/perms on /etc/kolla" 2019-04-01 08:33:33 +00:00
Zuul
78fefb7df4 Merge "add version to OPENSTACK_KEYSTONE_URL" 2019-03-29 14:42:39 +00:00
Mark Goddard
3a6a9384cb Tidy up release notes for Stein release
Change-Id: I0d66e49f09313de8abb89f510c7a5098507c572a
2019-03-29 13:34:43 +00:00
Zuul
98e6328f6f Merge "Nics for dpdk should be binded to proper dpdk driver" 2019-03-29 12:12:49 +00:00
Erol Guzoglu
dd97c78684 add version to OPENSTACK_KEYSTONE_URL
"v3" is supposed to be part of the OPENSTACK_KEYSTONE_URL:
https://docs.openstack.org/horizon/latest/admin/customize-configure.html#configure-the-dashboard

Closes-Bug: #1822257

Change-Id: I5fd2d36305172d351fbfa9141c7cbc7c5af98f3b
2019-03-29 14:38:59 +03:00
Michal Nasiadka
2a6070b963 Add support for ovsdb conversion
After upgrade we should check if OVSDB doesn't need conversion to new
version - this patch adds that to ovsdb start script.

Change-Id: Ifa8766d050b506708142a1970121ce5944c6bae1
Closes-Bug: #1792496
2019-03-28 20:33:00 +01:00
Zuul
ed5588c934 Merge "Don't pull images during upgrade" 2019-03-28 12:41:22 +00:00
Zuul
1b2503b5d4 Merge "Test upgrades in CI" 2019-03-28 12:31:08 +00:00
Zuul
03d3885a56 Merge "Add cyborg to kolla-ansible" 2019-03-28 08:20:13 +00:00
Zuul
14bcf33eb0 Merge "Retry perform a synced flush task while upgrading elasticsearch" 2019-03-27 20:15:03 +00:00
Mark Goddard
c23c9b2c25 Test upgrades in CI
This patch adds two new jobs:

* kolla-ansible-centos-source-upgrade
* kolla-ansible-ubuntu-source-upgrade

These jobs first deploy a control plane using the previous release of
Kolla Ansible, then upgrade to the current release.

Because we can't change the branch of the git repository on the Zuul
executor, we change the branch of the kolla-ansible repository on the
primary node to the branch of the previous release, in this case
stable/rocky. A new remote-template role has been added that supports
generating templates using a remote template source, to generate config
files using the previous kolla-ansible branch.

If the change being tested depends on a kolla change for the current
branch, then we build images. Rather than using the current
kolla-ansible version to tag the images, we now tag them with
change_<gerrit change ID>. This is because the version of kolla-ansible
will change from the previous release to the current one as we upgrade
the system.

Finally, it should be noted that the 'previous_release' variable in the
Zuul config needs to be updated with each release, since this sets the
release of kolla-ansible that is installed initially.

Depends-On: https://review.openstack.org/645089/
Depends-On: https://review.openstack.org/644250/
Depends-On: https://review.openstack.org/645816/
Depends-On: https://review.openstack.org/645840/
Change-Id: If301e0affcd55360fefe3b105f023ae5c47b0853
2019-03-27 16:13:49 +00:00
jamesbagwell
c0a3970e36 Removing '/certificates' entry in generate.yml as this causes an
incorrect path when generating certificates.

The 'setting permissions on key' task fails because the task looks for
the haproxy.key in an invalid path. The certificates_dir is defined as
'{{ node_config }}/certificates' in the main.yml . The 'Setting
permissions on Key' task has a path of '{{ certificates_dir
}}/certificates/private/haproxy.key which is incorrect. Removing the
'certificates' in the path corrects this problem and allows the user to
successfully create certificates using 'kolla-ansible certificates'.

Change-Id: I37b10b994b05d955b6f67c908df1472231a91160
Closes-Bug: 1821805
2019-03-27 09:26:58 -06:00
Serhat Demircan
adb02958e7 Retry perform a synced flush task while upgrading elasticsearch
The synced flush fails due to concurrent indexing operations.
The HTTP status code in that case will be 409 CONFLICT. We can
retry this task until returns success.

Change-Id: I57f9a009b12715eed8dfcf829a71f418d2ce437b
2019-03-27 18:14:07 +03:00
caoyuan
47a2c5a85e update the event_connection to connection for panko
more infomation, refer to the panko docs[1] or code[2]

[1]: https://docs.openstack.org/panko/rocky/install/manual.html
[2]: 9c4677f178/panko/storage/__init__.py (L39)

Change-Id: Ic7bdf555eb262005ca24f675cd8cee09d9bc3092
Closes-Bug: #1690843
2019-03-26 19:17:54 +08:00
Zuul
4a5d8b0d05 Merge "Add mising handlers for external Ceph." 2019-03-26 06:17:09 +00:00
Zuul
0a3bf6b27f Merge "Fix MariaDB 10.3 upgrade" 2019-03-26 00:25:38 +00:00
Mark Goddard
6b0be5c5ba Remove recurse: yes for owner/perms on /etc/kolla
When kolla-ansible bootstrap-servers is run, it executes one of the
following two tasks:

- name: Ensure node_config_directory directory exists for user kolla
  file:
    path: "{{ node_config_directory }}"
    state: directory
    recurse: true
    owner: "{{ kolla_user }}"
    group: "{{ kolla_group }}"
    mode: "0755"
  become: True
  when: create_kolla_user | bool

- name: Ensure node_config_directory directory exists
  file:
    path: "{{ node_config_directory }}"
    state: directory
    recurse: true
    mode: "0755"
  become: True
  when: not create_kolla_user | bool

On the first run, normally node_config_directory (/etc/kolla/) doesn't
exist, so it is created with kolla:kolla ownership and 0755 permissions.

If we then run 'kolla-ansible deploy', config files are created for
containers in this directory, e.g. /etc/kolla/nova-compute/. Permissions
for those files should be set according to 'config_owner_user' and
'config_owner_group'.

If at some point we again run kolla-ansible bootstrap-servers, it will
recursively set the ownership and permissions of all files in /etc/kolla
to kolla:kolla / 0755.

The solution is to change bootstrap-servers to not set the owner and
permissions recursively. It's also arguable that /etc/kolla should be
owned by 'config_owner_user' and 'config_owner_group', rather than
kolla:kolla, although that's a separate issue.

Change-Id: I24668914a9cedc94d5a6cb835648740ce9ce6e39
Closes-Bug: #1821599
2019-03-25 15:39:21 +00:00
Zuul
def2ac9a7e Merge "Bump up timeout for ceph jobs" 2019-03-25 14:58:40 +00:00
Zuul
14a52effd9 Merge "Fix booting instances after nova-compute upgrade" 2019-03-25 12:53:38 +00:00
Zuul
9ef0d6d512 Merge "Update openstack_previous_release_name to rocky" 2019-03-25 12:53:36 +00:00
Zuul
42d664c156 Merge "Fix neutron rolling upgrade" 2019-03-25 12:53:35 +00:00
Zuul
e4693e8dcd Merge "Wait for cinder volume to become available in CI" 2019-03-25 11:52:09 +00:00
Michal Nasiadka
ab04ab931a Bump up timeout for ceph jobs
Currently ceph jobs are often getting TIMED_OUT, increasing limit.

Change-Id: I3c6684984930d55a56da846bd8c3f19df2754b06
2019-03-25 12:50:53 +01:00
Mark Goddard
b25c0ee477 Fix MariaDB 10.3 upgrade
Upgrading MariaDB from Rocky to Stein currently fails, with the new
container left continually restarting. The problem is that the Rocky
container does not shutdown cleanly, leaving behind state that the new
container cannot recover. The container does not shutdown cleanly
because we run dumb-init with a --single-child argument, causing it to
forward signals to only the process executed by dumb-init. In our case
this is mysqld_safe, which ignores various signals, including SIGTERM.
After a (default 10 second) timeout, Docker then kills the container.

A Kolla change [1] removes the --single-child argument from dumb-init
for the MariaDB container, however we still need to support upgrading
from Rocky images that don't have this change. To do that, we add new
handlers to execute 'mysqladmin shutdown' to cleanly shutdown the
service.

A second issue with the current upgrade approach is that we don't
execute mysql_upgrade after starting the new service. This can leave the
database state using the format of the previous release. This patch also
adds handlers to execute mysql_upgrade.

[1] https://review.openstack.org/644244

Depends-On: https://review.openstack.org/644244
Depends-On: https://review.openstack.org/645990
Change-Id: I08a655a359ff9cfa79043f2166dca59199c7d67f
Closes-Bug: #1820325
2019-03-23 10:21:37 +00:00
Mark Goddard
192dcd1e1b Fix booting instances after nova-compute upgrade
After upgrading from Rocky to Stein, nova-compute services fail to start
new instances with the following error message:

Failed to allocate the network(s), not rescheduling.

Looking in the nova-compute logs, we also see this:

Neutron Reported failure on event
network-vif-plugged-60c05a0d-8758-44c9-81e4-754551567be5 for instance
32c493c4-d88c-4f14-98db-c7af64bf3324: NovaException: In shutdown, no new
events can be scheduled

During the upgrade process, we send nova containers a SIGHUP to cause
them to reload their object version state. Speaking to the nova team in
IRC, there is a known issue with this, caused by oslo.service performing
a full shutdown in response to a SIGHUP, which breaks nova-compute.
There is a patch [1] in review to address this.

The workaround employed here is to restart the nova compute service.

[1] https://review.openstack.org/#/c/641907

Change-Id: Ia4fcc558a3f62ced2d629d7a22d0bc1eb6b879f1
Closes-Bug: #1821362
2019-03-22 16:26:36 +00:00
Mark Goddard
98df4dd841 Update openstack_previous_release_name to rocky
This is used for version pinning during rolling upgrades.

Change-Id: I6e878a8f7c9e0747d8d60cb4527c5f8f039ec15a
2019-03-22 15:05:19 +00:00
Zuul
33a92b9f7d Merge "Add ceilometer_ipmi container into ceilometer role" 2019-03-22 12:02:22 +00:00
Scott Solkhon
c70d806666 Add mising handlers for external Ceph.
When Nova, Glance, or Cinder are deployed alongside an external Ceph deployment
handlers will fail to trigger if keyring files are updated, which results in the
containers not being restarted.

This change adds the missing 'when' conditions for nova-libvirt, nova-compute,
cinder-volume, cinder-backup, and glance-api containers.

Change-Id: I8e183aac9a72e7a7210f7edc7cdcbaedd4fbcaa9
2019-03-22 11:20:34 +00:00
Mark Goddard
e956cd87c8 Wait for cinder volume to become available in CI
Fixes a race condition where sometimes a volume would still be in the
'creating' state when trying to attach it to a server.

Invalid volume: Volume <id> status must be available or downloading to
reserve, but the current status is creating.

Change-Id: I0687ddfd78c384650cb361ff07aa64c5c3806a93
2019-03-21 17:35:13 +00:00
Zuul
7741925537 Merge "Use endpoint_override for nova-compute-ironic" 2019-03-21 16:22:08 +00:00
Zuul
5841ec7851 Merge "Fix placement-api WSGI error" 2019-03-21 13:52:23 +00:00
Mark Goddard
55633ebf93 Fix neutron rolling upgrade
Services were being passed as a JSON list, then iterated over in the
neutron-server container's extend_start.sh script like this:

['neutron-server'
'neutron-fwaas'
'neutron-vpnaas']

I'm not actually sure why we have to specify services explicitly, it
seems liable to break if we have other plugins that need migrating.

Change-Id: Ic8ce595793cbe0772e44c041246d5af3a9471d44
2019-03-21 12:31:23 +00:00
Michal Nasiadka
779a8013c1 Fix placement-api WSGI error
RDO is packaging placement-api with bundled httpd config
and it conflicts with kolla-ansible generated one.

Change-Id: I018a4ed1b2282e8a789b63e3893e61db2fde8cf2
2019-03-21 12:02:09 +01:00