On OSP17 there are some ml2 ovs services that are not
present on some computes eventhought is defined on the
ansible service facts.
This patch will ensure that only those services that are
actually running will be stopped.
Change-Id: I94f0832d09d263837262ada109a567e864915a1a
Before this patch, when migrating from ML2/OVS to ML2/OVN, we
removed the VIF details that are not used by OVN. However, this
changes how the VIFs are plugged if the hybrid iptables firewall
was used.
In order to not break the migration, we want to keep whatever
plugging was used in ML2/OVS. For this reason, this patch is
leaving the VIF details untouched.
The consequence is that, after migration, whatever workloads
used the hybrid plugging will remain like that. Newly created
VIFs will be plugged to the OVS bridge directly. As a result,
the migration to OVN won't require moving to the OVS firewall
first while in ML2/OVS.
This patch is also removing the constraint that prevented the
migration if the hybrid firewall was used.
Signed-off-by: Daniel Alvarez Sanchez <dalvarez@redhat.com>
Change-Id: Iad4fae7af54cc502ac0ba02a911cdd4fefa13535
[1] Updated the migration script to check for config-download
directory instead of stack, but missed update the Error
message.
check_stack function is renamed to check_source_inventory
as now it only checks for source inventory instead of heat
stack.
If source inventory file doesn't exist the script
will report Error message and exit.
This is follow up of [1].
[1] https://review.opendev.org/c/openstack/neutron/+/834925
Related-Bug: #1966099
Change-Id: I2416fba50fc495da4d59a3f335f33d831ca6e91d
The validation is intended mostly for tests and don't make much sense
when running the migration in production because likely there are
already running workloads. This patch changes the default to False so
migration validation must be explicitly asked for.
Change-Id: I5470f61a5e0b55bf682526208c3f57dc0ca6ffd5
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
tripleo-ansible-inventory stopped working in Wallaby. However, TripleO
now stores the needed ansible-inventory on the undercloud filesystem.
This patch switches from dynamic generation of the Ansible inventory to
use of the already existing inventory file. Fortunately, the format of
the file remained the same as the generated one, so no other changes in
parsing are required.
Closes-Bug: #1966099
Change-Id: I3bdf878617fbe962d56ebb66d59ae7edeb9b7c38
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
It's a common practice to have /tmp/ mounted separately with noexec
option. This effectively means no scripts can be executed from the
filesystem mounted to /tmp.
This patch explicitly calls sh binary to execute scripts from /tmp and
removes the executable flag from the scripts.
Closes-Bug: #1965183
Change-Id: I2f9cd67979a8a75848fcdd7a8c3bb56dd3590473
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
During the clone-br-int the interfaces sg- (SNAT)
and the interfaces fg- (FIP) are cloned. But this
is not necessary, since this kind of interfaces
are useless on OVN (OVN uses OpenFlow).
Change-Id: I3cd74d1d4fca9add50b0700a82b8e8a16140f085
Port status, server status and server console log output are printed
when the create-resources.sh script fails during the OVN migration
Example: OVN migration fails because SSH connection is not possible,
after ping successfully replied - probably a metadata issue and having
the console logs could help to identify it
Change-Id: I83e55203907526caf44ba34cd38241eccf70adb3
After stopping and deleting the services if this role is runned
again it could fail bc systemd has still some ovs services loaded
(eventhough the service is stopped) this will cause that ansible
will try to delete again and fail while trying to disable and
delete the service.
Change-Id: If51d7f25375768f8c60492c84d84e91d91886025
While migrating from OVS to OVN one of the steps of the migration
is clean all the OVS trunk ports, this will fail if the environment
does not have any trunk ports configured.
This will do a comprovation in order to know if it's necessary
to clean them or not.
Also, since this playbook it will only clean the ovn interfaces
it is not necessary to stop the whole migration. If any error
occured while deleting any ovs interface a message will be
printed so the user can take action if necessary.
Change-Id: I6ec0b392b13daa9f64e051fb12b4b97a6c0a1730
Prevent the OVS to OVN migration if any node has the OVS agent
firewall set to "iptables_hybrid". If present, the migration will
exit. This check is implemented in the OVN migration script for
TripleO environments.
Closes-Bug: #1951272
Change-Id: I55f25f56f87bfa2a5e330cdf4c1087e8d4082b29
This change is to include missing OvS DPDK nodes also as part of
ovn-controllers group in hosts_for_migration file.
Change-Id: Ic0727ffdbd1f60574b6d5397177a58172cbd60f0
- Telco usecases requires a flavor which has to contain "extra_specs"
to boot a dpdk instance.
Add the "FLAVOR_NAME" parameter to override the use of the default
flavor used during migration flow.
- Modify the hardcoded server user name (cirros) to use the
"SERVER_USER_NAME" environment variable.
Change-Id: I3d50526d3192cafb673092bc8b22da6c48454434
Currently workload VMs start before subnet is connected to router.
When DVR is enabled this causes sometimes that one of the VMs is not
able to get metadata.
Closes bug: #1947547
Change-Id: Ifd686d7ff452abd1226fbbc97f499e05102e4596
Log the results of the Ansible playbooks by default so that it is easier
to go through them later in case there's something unexpected. The log
is located in $HOME instead of /var/log/ to avoid the need of privileges.
Signed-off-by: Elvira García <egarciar@redhat.com>
Change-Id: Ida2fc11f28200030fff9ddf1e56fc442a2016bab
After migration from ML2/OVS to ML2/OVN trunk subports which were created
by the neutron-ovs-agent to connect br-int with trunk bridges (tbr-)
aren't needed anymore and should be deleted.
Closes-Bug: #1946479
Change-Id: Ib1e3b78597ebdde1aa9d2b242e2005a05a7db89f
After migration from ML2/OVS to ML2/OVN tap ports which were created
by the DHCP agents and router ports (like e.g. qr- or qg-) which were
created by the L3 agents aren't needed at all and should be deleted.
Previously those ports were set to be DOWN only. With this patch
all such ports will be simply deleted from the openvswitch.
Related-bug: #1946479
Change-Id: I74cd5820389c86819c6884d3d61c9b2f7907cc88
Some VMs are created before the ovn mgiration process starts in order to
verify they are healthy after the migration
Sometimes these VMs are not accessible via ssh due to an issue in cirros
0.4.0 that was fixed in a later release [1]
Closes-Bug: #1945299
[1] https://github.com/cirros-dev/cirros/pull/11
Change-Id: Ib133b5e1bed19aeac8514e3c6690ca768991bbd4
OVN migration script fails when VALIDATE_MIGRATION is not set to
True. oc_check_public_network should return successfully in case
VALIDATE_MIGRATION is set to False.
Closes bug: #1942344
Change-Id: Ibd0aea5b4e6bf44803d5d0100cacc17d401b03cc
In DVR environment, there are FG interfaces on nodes. We can delete
those after the migration.
Change-Id: I44967e55213d12af24acbf9561a96afb34548324
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The new "migrate" mode for the DB sync utility changes DB contents as
follows:
- it changes vxlan networks to Geneve, including its allocation in
order to avoid future collisions when creating new geneve networks
- it removes settings from ports' vif_details that are no longer
needed, such as hybrid plugging or bridge_name for the trunk bridges
- it sets profile for subports - OVN doesn't use trunk_details but port
profile to store data about trunk. Subports have tag and parent_name
fileds.
Previously, the vxlan to Geneve change was done via ansible role. The
tasks in the role were replaced by the script therefore the role is
removed.
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Change-Id: I29a39108d9fddb30050ec63a1cdf6bba0400e136
It turned out there doesn't need to be crudini tool present on the node
running the command. This patch fetches the Neutron conf file instead
and performs an ini lookup over it in order to get the DB connection
string.
Change-Id: Iaf79b8512a920e9f667bd6881d50e8852595fa71
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The Ansible command itself is hard to read, the patch adds some doctext
to improve understanding of the ansible task.
Change-Id: I4ab7a83da9bbf64ee6b19b2a0611fd64e09e2132
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Previously, the migration script used controller nodes to configure
dnsmasq when configuring new MTU. Controller nodes may not run DHCP
agents. The patch detects DHCP agents instead and uses those to
configure dnsmasq.
Change-Id: Ib468c04779af7aaf4dedf84ba885bce71078248b
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The patch goes to one of ovn-dbs nodes and runs a SQL query to change
all vxlan networks to Geneve. It's done via Python and sqlalchemy in
neutron_api container because mysql client is not installed there. This
approach was chosen to avoid installing more dependencies.
Change-Id: Ic417a115fdc212527866122bc9d3c93ea9599bdf
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The undercloud node user is configurable in TripleO and isn't always set
to heat-admin. This patch introduces an environment variable for cases
where user is different.
Change-Id: If65925ded1b5df2bfdcfba50445ff7d821c725d8
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Previously docker command used grep to search for neutron server
container. It used image name instead of container name. With the switch
to podman, it stopped working. This patch fixes the container name.
Change-Id: Id650c2e7ac427dd53ebaab4e6d95d54efc657e3f
Closes-bug: #1895108
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
This patch is a workaround for bug in OVS [1]. The OVS is restarted
after setting protocols for the integration bridge. This will cause
a data plane disruption. We can remove the workaround once
the bug [1] is fixed.
Closes-bug: #1890596
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1782834
Change-Id: Ia635f705fa03036a9e9c1c14eab59038ec39bda3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The heat stack name is variable. This patch adds a new environment
variable to support migrating stacks that are different name than
overcloud.
Change-Id: I6fd72bf83def28ae633d720b8495888cea3ac0a3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Instead of adapting to changes to the tripleo inventory structure let
ansible parse it for us using ansible-inventory.
Change-Id: I34ad0fd5feed65dd1266993a77f6ebc69fecfdfb
Closes-bug: #1884764
Docker commands are replaced with podman. References to docker resources
is fixed. Some improvements to avoid storing container ids and
performing operations is also done in this patch.
Change-Id: I2b9661d06b30eeb7752bdb4fad73778d2ed940d7
Migration ansible playbooks are not able to connect to overcloud
nodes using ssh due to bad settings in the generated ansible
inventory file. Ctlplane subnet ip addresses should be used by
ansible in order to be able to establish connection successfully.
Closes-bug: #1881029
Change-Id: I1588b88279ba1e25706cc74f4a888901e5aadcb6
TripleO used to uninstall services if the resources were set to None. It
was not intentional and TripleO no longer does that. This patch manually
removes dhcp, l3, metadata and ovs agents from controller and compute
nodes, including its systemd service files.
Closes-Bug: #1878358
Change-Id: I140ae0c476bf9e19b4429ce388ddc7cc3f4cd421
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>