When mysql ed25519 authentication is enabled, puppet-tripleo
uses a python helper to generate password hashes. Python
helpers have their +x permission stripped on install time,
so run the helper via the right python interpreter instead.
Change-Id: I13b02af166d7767799be99a0fb52066b00637a01
Related-Bug: #1866093
... because OpenDaylight tempmates and environemtns were alredy removed
in tripleo-heat-teampltes[1].
[1] 9c3638b8a13ea08a1bab95c9cd6ab335b729b6b3
Change-Id: I0204b6985de71441e0f63f21cfda24d55fd340e5
Apparently the implicit conversion done via '0 + string' is not robust
enough. Adding a "to_i" to make sure we don't break if output is empty.
Change-Id: I1e31761fd2129f57f61707d1920db835df7f7346
This commit adds a check to make sure 'crm_node' is present on the
system (or inside a container, fwiw) before attempting to collect
the stonith level info, so preventing errors like:
~~~
Error: Facter: error while resolving custom fact
\"stonith_levels\": execution of command \"crm_node -n 2> /dev/null\"
failed: command not found."
~~~
Change-Id: I4b4304b54a8aec76fad50b503a007b2bfcc41bd1
This commit improves the way stonith levels are set up and their
resiliency against redeployments by introducing a stonith_levels
custom fact that collects the current stonith levels defined for
the specific server, so we can compare against the desired number
of levels defined in hiera.
If these do not match (for example if there are additional levels
that are no longer necessary), the clean up step also introduced
by this commit takes care of deleting the ones no longer necessary.
Change-Id: Ifae73ac2bf4481d0a11e89c0ea0916e85dd2db1d
Add noop service provider that we use when configuring Apache in
containers. Supresses actions performed on the httpd service.
Change-Id: Ibed34a9eeecc9d8ab310816e05652bdd5962f772
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
After moving mlnx interfaces to switchdev mode in sriov, it will
reset that interface and may change its name and also will need ifup
in order to get back the previous configuration.
So adding a udev rule and ifup command the save the interface name
and its configuration
Change-Id: Ib4f384da344344f9e2ec666b0d8dbae441f24568
Closes-Bug: 1816710
In facter 3.x, the networking facts are in a complex hash. Previously
the interface facts where flat so we would lookup the vars. This change
first tries the facter 2.x lookup before falling back to the facter 3.x
syntax.
Change-Id: I260b18ae3479da4f5176027d4b26b3e1c6b22063
Closes-Bug: #1812938
When configuring vf-lag, it will not work properly when configuring switchdev
capability while there are some vfs bounded.
So removing all the binding codes as it's not needed anymore.
Closes-Bug: 1809733
Change-Id: I135cef33bece6fd31363e093e53617caac413ce0
This change updates additional parser functions we have to use teh
puppet 4.x function api. This includes some basic unit tests to ensure
they continue to function as expected.
Change-Id: Iebeb82b2890216bed139219441718fffc4004391
Related-Bug: #1799786
With the release of 5.5.7, some of the legacy function definitions no
longer pass in unit tests. This change updates the functions that are
failing in the tests to the modern style (4.x) for function
declarations. Additionally we're removing teh lookup_hiera_hash
function which is failing but not actually consumed by our code base.
There will be a followup patch to migrate the rest of the parser
functions to the new format, but this patch should unblock the gates.
NOTE: git thinks some of these files have been added/deleted rather than
git move due to the large amount of changes between the two versions of
the file.
Change-Id: Ie7316fd422bd4a5eb91f94016977e5d8d76c27bc
Closes-Bug: #1799786
Modified Liquidio puppet module for containerization support.
These changes would support both baremetal and container based
deployments.
Change-Id: Ice2baafae2fb1011e16d83c83b5c85f721f6d679
If os-net-config is not installed, this fact causes a warning to be
generated. Let's check for os-net-config prior to trying to run it to
cleanup this error.
Change-Id: Ie55b96bbd7b60dae2342b89c24936d4d071cec10
Closes-Bug: #1794837
Make necessary changes for proper deployment
of ODL on IPv6 network.
Change-Id: Id7a0986f886a81b2041987b0d5a95edf2160e05e
Depends-On: Idd257cf4666b853eb4c52861f9f400b6dbdeeadb
Partial-Bug: #1783196
It is possible to configure bond over two virtual functions
for the vms in case of using mellanox interfaces.
Change-Id: Iaeee31a9edaefec25498a734cac6eda389c38ec5
OpenFlow flows for table 17 now only appear after a port is created and
there is no longer a default flow during the deploy stage. Therefore
remove the check for table 17 existing during deployment.
Closes-Bug: 1781616
Change-Id: Ie988ba6a2d444a614e97c0edf5fce24b23970310
Signed-off-by: Tim Rozet <trozet@redhat.com>
The gid of the docker group is discovered by stating the gid of the
file /var/run/docker.sock. The gid of the docker group is not fixed,
so it must match the gid assigned when docker is installed on the
host. If no docker.sock exists, the custom fact will return nil.
This change also makes sure the user and group ensure_resource calls are
tagged so that docker-puppet.py can include those tags explicitly.
Blueprint: container-prepare-workflow
Change-Id: I94fa558480e408f76e69d292b1d84849ddf9a2a2
Some flows may be missing in OVS (on a per table basis) when deploying
with OpenDaylight. There is no OpenDaylight fix yet for this issue, so
this patch implements a workaround. The workaround is to check if all
the tables exist on each OVS node. If they are missing, then reset the
OpenFlow connection to the ODL controller, which will result in ODL
pushing the flows again and inserting the missing flows.
Closes-Bug: 1775436
Change-Id: I28d13a26198268cfd1f3e9e64236605f24319a04
Signed-off-by: Tim Rozet <trozet@redhat.com>
This is useful for getting the alias name of
a real network interface name which in turn
will allow users to configure alias name in tht.
Change-Id: I28fae19f8c1c8dacad38d10513330b15bd6cdbe6
Introduce a new function called is_ip_addresses which will verify
if a string or an array of strings are composed of correct ip addresses.
We do this in order to fail a bit more clearly if we are passed an empty
or broken ip address. Without this the failure will be in pacemaker
failing to start a VIP called 'ip-'.
Also convert the only use of legacy is_ip_address stdlib function in
mysql::client to this new function (for consistency reasons).
Suggested-by: Rhys Oxenham <roxenham@redhat.com>
Change-Id: Ie15c585a9a902b577f35a75de191bfa91c132668
Add parameters for controlling the docker container settings used to
create the cinder-volume and cinder-backup pacemaker bundles. The
parameters eliminate the need to hard-code the list of docker volumes
and environment variables, making it possible to control the values
using hiera data.
For backward compatibility, the previous hard-coded values are used
when no parameter inputs are supplied.
Partial-Bug: #1748290
Change-Id: I4ba0d78ad17183b97290b853a6c103e55bc8977c
On some machines it's failing to run the devlink and ethtool commands
without the full path of these commands
Closes-Bug: #1745821
Change-Id: If2f7c7a46fb1b52cce9ffbfa31a3161fc07f1334
https://tickets.puppetlabs.com/browse/FACT-777
Puppet downcases fact names so they names don't become Types
Interfaces can have Uppercase letters in them.
Closes-Bug: #1745448
Change-Id: I03fd5c103f4b4d4c90770f4d8aa26ae8eeeecdcd
In Kernel 4.10 supports changing SR-IOV to switchdev mode.
This mode allows to create VFs represontors which can manage
the SR-IOV VFs from the hypervsior.
This patch extends the tripleo::host::sriov::number_of_vf to
<physical_network>:<number_of_vfs>:<sriov_mode>,
where sriov_mode accepts legacy or switchdev.
if sriov_mode is not specified we default to legacy.
Change-Id: I578f956f2a8c6ee29a9d1ff38ee51765bcab05c1
This patch will move the Contrail roles communication towards
OpenStack APIs from the public/external network to the
internal_api network. I will also add the option to enable
dpdk for Contrail.
Change-Id: Ia835df656031cdf28de20f41ec6ab1c028dced23
Closes-Bug: 1698422
Fixes a problem where SR-IOV VF count configuration will fail if a
physical function is in use by a guest when 'puppet apply' is executed.
This change substitutes warnings for failures and skips complaints if a
PCI device is unavailable.
Note: this patch has the side-effect of allowing the same configuration
data on hosts that may *not* or *ever* have PCI SR-IOV devices on the
hardware. Time will tell how evil this is in practice.
Closes-Bug: #1701284
Change-Id: I71edc135432ab2193741c37ce977dd11172401e6
If the norpm provider attempts to do any install/update/remove actions,
we should throw a warning in the logs so people are aware that the
action did not actually take place.
Change-Id: Ieee5cac3412c709ba6b39316e455d7708cc9d22e
Closes-Bug: #1669666
The norpm provider is supposed to noop package installs/updates but if a
package name in puppet does not match the installed package, it is being
reported as not installed. The provider then 'installs' it every time
which can trigger unwanted service restarts.
Change-Id: Icdfa6567168f9ecc555489ed67405f98544bd910
Closes-Bug: #1665405
A function to create noop providers (set as the default) for the named
resource. This works alongside of 'puppet apply --tags' to disable
some custom resource types that still attempt to run commands during
prefetch, etc.
Change-Id: Icabdb30369c8ca15e77d169dc441bee8cfd3631f
Currently the inter-cluster communication port listens to all ip
addresses:
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 25631/beam.smp
In order to limit it to listen only to the network assigned to rabbitmq
we need to add the following:
{kernel, [
...
{inet_dist_use_interface, {172,17,0,16}},
...
]}
In order to do the conversion from an ip address to the Erlang
representation we add a function that takes a string and returns a
converted output. The (~400 randomly generated) IPv6/4 addresses at [1]
have been parsed both via erl's built-in inet:parse_address() function
and our ruby implementation. All converted ip addresses resulted in the
same output [2], [3]. The only difference is that Erlang's parse_address()
considers network ip addresses (e.g. 10.0.0.0) invalid whereas the ruby
function does not. This should not be a problem as the use case here is
to bind a service to a specific ip address on an interface and if
anything we likely prefer the less strict behaviour, given that at least
in theory it is perfectly valid for an interface to have a network
address assigned to it.
[1] http://acksyn.org/files/tripleo/ip-addresses.txt
[2] http://acksyn.org/files/tripleo/ip-addresses-ruby.txt
[3] http://acksyn.org/files/tripleo/ip-addresses-erl.txt
Change-Id: I211c75b9bab25c545bcc7f90f34edebc92bba788
Partial-Bug: #1645898
This puppet manifest will install and configure by default
the NTP service. It will also make sure chrony is purged, because it's
present on the EL7 images.
Change-Id: If3cf7d9690001b051465ea25cf8a8c3bc6f7c33a
When package installation is disabled we still prefetch packages.
This disables the package prefetch by returning an empty array
which should be fine in the normal case and fixes issues when
running puppet in some docker containers.
Change-Id: Ia483c5f8500b804ba37a80e9ca1ec9c038f0a867
This fact was being retrieving the value of the hostname for the management
network. We should instead be using a value set explicitly in t-h-t.
Depends-On: Idb3ca22ac136691b0bff6f94524d133a4fa10617
Change-Id: I6fcf7c7853071a9f3377aec475308bc8d10d5b33
Related-Bug: #1621742
We don't really expose a management network, but a ctlplane one. So
when someone requests the ctlplane fqdn, we'll give the management
one. Since that's what we actually fill in the hosts.
Change-Id: Iede5a06d73206f98f283729f1879484f09d4012a
This will make it easier to use and consume from t-h-t, making their
use more dynamic. This is still safe to do, since these are not used
by anything yet.
Change-Id: I4d603938c568320d4ae1cc7a396070ad4ac62132
Currently we have some hard-coded mangling in t-h-t but we
instead need to build the array based on the nodes running swift
storage, combined with the SwiftRawDisks parameter.
This will enable running SwiftStorage on nodes other than Controller
and SwiftStorage roles, and is required for custom-roles due to
the hard-coded stuff in the role templates and overcloud.yaml
Change-Id: I11deed1df712ecccf85d36a75b3bd2e9d226af36
Partially-Implements: blueprint custom-roles
This patch shall create VFs via the PCI SYS interface.
Default value : $::os_service_default
Sample Format : ['eth0:4','eth2:128']
For values as in sample format, the sriov_numvfs config files
for eth0 and eth2 will have the values 4 and 128 respectively
The SR-IOV numvfs configuration shall be persisted in /sbin/ifup-local
so that, during the bootup of the compute nodes, the numvfs
configuration will be restored.
Change-Id: I7450b904475bdf46498d9af633416b3eba12f761
Implements: blueprint tripleo-sriov
Signed-off-by: karthik s <ksundara@redhat.com>
When Facter.value(:domain) is nil the facts fqdn_<network> are failing
with :
Could not retrieve fact='fqdn_external', resolution='<anonymous>': undefined method `empty?' for nil:NilClass
Change-Id: I3e7fa983d4cf91c6ab25f9aa4c353b364f44826e
Closes-bug: 1595125