To be consistent with auto config-download and overcloud export
create subfloder with plan/stack name.
Change-Id: I08b447379ae6e267f8dff11e6e703a991918683c
Closes-Bug: #1884246
(cherry picked from commit 46c9aa552f)
Update/Upgrade commands have now a prompt by default that ask for
confirmation before proceeding. It'll prevent an user to run the
command that may cause the problems to infrastructure.
This prompt can be skipped with --yes/-y argument.
Note: putting "UPDATE" and "UPGRADE" in uppercase to make sure this is
visible and clear. We have seen many users running the wrong command and
ending up doing an upgrade instead of an update.
Note2: this prompt will be ported to the upgrade and FFWD workflows to
prevent unexpected execution to prevent potential harm to
infrastructures.
Depends-On: https://review.opendev.org/741658
Change-Id: I838e6748879c668dd004ca2243b7b00b857c2a7b
(Partly cherry picked from commit 7a044ca251)
Allow for bypassing check_stack_network_matches_env_files()
when --disable-validations is provided.
Change-Id: Ie24163a39a68ec73ae8ea5ad1011eb3789961077
Closes-Bug: #1866155
(cherry picked from commit d8a7eaf88c)
This change allows us identifying a set of parameters which should
not been passed in the upgrade prepare or upgrade converge steps.
As it is now, it is mostly intended to block the converge step
if the FFU parameters (Stein registry parameters) were left in
the environment files before running the converge step, however
it will allow blocking the upgrade prepare in the case that some
deprecated or not recommended parameter is provided in the templates.
The way how it works is by converting every single yaml passed in
the environment files into a list of keys (only for the
parameters_default so far), then it will try to intersect the list
of forbidden parameters with the list of keys. If there is a match
an exception will be raised showing those parameters:
ERROR openstack [-] The following parameters should be removed from
the environment files:
ceph3_namespace
name_suffix_stein
tag_stein
name_prefix_stein
ceph3_image
namespace_stein
ceph3_tag
Change-Id: I24715f5e55d4cd6cf9879345980d3a3c5ab8830c
(cherry picked from commit fbc1eba88a)
(cherry picked from commit 3a86f9f7f5)
Encoding the names to utf-8 leads to unwanted failures such as:
KeyError: b'undercloud'
as well as
TypeError: sequence item 0: expected str instance, bytes found
Removing the two calls to .encode() solves those issues.
It also correct a tiny deprecation warning, moving from LOG.warn to
LOG.warning.
This is a train-only patch since later the whole thing was moved out of
tripleoclient in favor of validations-libs and/or validations-common.
Change-Id: Ie1530321b488bef11692553ea25131d9360763dd
As we aren't required to re-deploy any more during the converge step
the actions performed by the Upgrade Converge and Prepare are exactly
the same, the only difference is the lifecycle environment file we
use to set and unset parameters.
This patch refactors both classes, the UpgradePrepare and UpgradeConverge
clasess:
- UpgradePrepare: Stop forcing update-plan-only and then try to do most of the
actions from deployment into UpgradePrepare. This change will force config_download
to false (which will avoid running the full deployment and do only an stack update),
then download the config by invoking get_config from package_update and lastly
enable ssh into overcloud nodes, as that part is perforemd in deployment only if
config_download is set to true. Add new attributes to UpgradePrepare so we can
override them in UpgradeConverge via inheritence.
- UpgradeConverge: Inherit from UpgradePrepare instead of DeployOvercloud. Set the
right value for the class attributes and let UpgradePrepare class do all the magic.
Change-Id: I6148511eb6ad1e3798a7bf40c721824830c7073d
(cherry picked from commit 8df46e3798)
In cases where we need to support TLS for pre-provisioned nodes, we need
to be able to enroll hosts without using novajoin. This commit detects
if an OTP is present but without novajoin enabled. If so, if uses a
separate composible service, without novajoin, to enroll the undercloud
as a FreeIPA host.
Change-Id: Id6d193ab10e43a5d2706705588269654073910cc
(cherry picked from commit 97d54f2b39)
This patch adds logging support for validations. It introduces two new
Tripleo Validator commands to allow the user to get the executions
history and get the details of them.
Change-Id: Ie80318a7fa684adb7c3bf7c99d526b0de64b0904
Depends-On: I502c38d3f27db3c6f62a47190136dd03627956bc
Depends-On: I0cb2743d1d4d118320a799c6820d48f9b917498f
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
(cherry picked from commit 4fbd5ffe4f)
For many releases we have seen overall deployment and workflow exections
that timeout throw a json decode error. This is usually because either
the mistral execution completely failed (unhandled exception),
something during the deployment hangs (bad network config), or the
--timeout was less than the time it takes to run an action. If we get an
exception waiting for timeouts that isn't already a websocket timeout or
something to that effect, we should catch it and print some useful
messaging that the user can use to begin their troubleshooting.
Change-Id: Ie239f3fc11bbf95dc9af9786b288f6e8aef1193a
Closes-Bug: #1882134
We merged a debug print in with the upgrade improvements. Let's clean it
up.
Change-Id: Id44da18bec44e0b013705e96f689e7bdc6ddbc9f
(cherry picked from commit cd89407893)
We need to prompt the user if we should upgrade earlier in the code so
we can handle additional things like package upgrades in the undercloud
upgrade after the prompt. This change pulls the confirmation logic out
of tripleo_deploy and reuses the prompt_user_for_confirmation code in
the tripleo upgrade and undercloud upgrade actions.
Change-Id: I8dbcae39e6f6d966c1337bad5fb5ba673f7be874
Closes-Bug: #1877825
(cherry picked from commit c0b0a5aa67)
Rather than require the end user to manually update packages prior to
kicking off the undercloud process we can do it ourselves by
implementing a flag to skip the update and invoking the upgrade after
the packages have been updated.
Change-Id: Idda6387922adeb182afd11cb0d692d1fcceff9a8
Related-Bug: #1869776
(cherry picked from commit 7d1b738910)
This job is failing since long time. It is depricated from ci.
Depends-On: https://review.opendev.org/#/c/722807/
Change-Id: Ic0e5cd242567fdba227f11a10175d8a195dd6d08
Signed-off-by: Amol Kahat <amolkahat@gmail.com>
A previous change added support to clean up FreeIPA during overcloud
deletes:
https://review.opendev.org/#/c/716784/11
In master, we added support for operators to skip this step if needed:
https://review.opendev.org/#/c/713075/6
This change introduces the same --skip-ipa-cleanup parameter to
stable/train so that both branches are consistent.
Change-Id: Ie272f575e3a7c6567ef9fd876b7e45e59cf11966
For slow nodes, we don't wait for node to boot completely after the
heat stack is CREATE/UPDATE_COMPLETE. This would ensure we try a
few times before failing.
Adds tenacity to requirements and bumps lower-constraints.
Change-Id: Iee8f3200a3c108375c7ca296734db1a51914cd69
Closes-Bug: #1873892
If a registry requires authentication and --local-push-destination is
not used, a user may need to enable the login functionality. This change
adds a --enable-registry-login flag to `openstack container image
prepare default` that can be used to ensure the
ContainerImageRegistryLogin flag is defined as true. Previously this
would have needed to be added in elsewhere.
Change-Id: I809023604fe119ba162638d921ffec56d4eb72f2
(cherry picked from commit c08c5c2b92)
We should not be ignoring the error as we would skip the
admin-enablement workflow and running ansible playbooks would
fail later.
Change-Id: I69c79b3bfec4467210ca6c480f61e14cbf1d0a44
Partial-Bug: #1873892
This change will provide the operator the ability to better control
a given deployment or operational task while leveraging the
tripleoclient.
A utility has been added to sanitize user input. This will ensure
the parsed string is in valid ansible limit format.
Change-Id: I190f6efe8d728f124c18ce80be715ae7c5c0da01
Depends-On: I2a8bcd6f8e365058d667fccb3d47625ab307b9e4
Depends-On: I0056fdbe3d9807e6baf4a1645a632ab9eb1b2668
Signed-off-by: Luke Short <ekultails@gmail.com>
Co-Authored-By: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 67c49244be)
With large number of nodes this can run for more than the
default timeout of 360s as we do fetch the whole config
from heat and generate the playbooks and the workflow can
timeout very easily.
This was removed for config-download worflow with
https://review.opendev.org/620627
Related-Bug: #1805649
Change-Id: Ib413a40a63c9d79e7387f854167d80a105888337
This change adds a release note to cover the strict parsing of the `undercloud.conf`.
Closes-Bug: #1874410
Change-Id: Ic3aa73b28f46694a5ce43f8435a64e195df1328f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 93952566d6)
This used to be a manual step in the tripleo process. You still have
to update python-tripleoclient and tripleo-common manually. But:
- "openstack-tripleo-heat-templates"
- "openstack-tripleo-validations"
- "tripleo-ansible"
can all be installed from this process as we spawn another new process
"openstack tripleo upgrade". Thus all those packages will be
available for it.
Note that tripleo-common should still be installed before running that
command as some of its code is used by tripleoclient.
Eventually adding version dependencies from python-tripleoclient to those
other packages (or from tht which would stay a manual step) looks
challenging as it would be hard to track which version work with which
version.
Backport diff: we are using "yum" instead of "dnf" here because Train
can run on CentOS 7 which uses yum, while CentOS 8 still has yum
support. So don't add to much logic here and run everything with yum.
Change-Id: Ic258f314074007e7e5fd16d87448ffb7a3447fc3
Closes-Bug: #1869776
(cherry picked from commit 0227a54473)
Fix misused ansible connection timeout and deployment timeout passed in
config download. Also fix the misuse of timeout parameters in the
related worklow being called by config_download.
Add missing coverage for the existing timeout-related params in other
unit tests.
This partially backports https://review.opendev.org/713807.
Closes-Bug: #1868063
Depends-On: https://review.opendev.org/718339
Change-Id: I2a4d151bcb83074af5bcf7d1b8c68d81d3c0400d
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
By default the output directory is the executing users home folder,
however, because this is meant to be user configurable, we need
to modify our constants to respect the users configured information.
This change ensures that the constant UNDERCLOUD_OUTPUT_DIR is consistently
by pre-loading the undercloud configration file when present and pulling
out the `output_dir` option. When this file is not present or the option
is undefined, the constant will use the executing users home folder; the
execting users home folder is the original default.
Related-Bug: #1868619
Change-Id: I94257d1d5ceb2795f5d9596a6a1d5066d881c3b7
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit d38c7c329f)
Invoke a playbook to clean up hosts and services in FreeIPA when doing a
stack delete. This ensures we don't orphan objects in FreeIPA after the
stack is gone.
This playbook runs on the undercloud host. It doesn't run on any
overcloud instances or hosts.
Change-Id: I64889715218b3f51a485dbca94ab733410aa0178
Downstream we see that folks repeatedly forget to set this variable even
though they may generate a containers yaml file. This ultimately leads
to an undercloud installation failure due to lack of credentials. This
change updates the configuration item to be required=False for upstream
(because it's not) but includes additional comments around what this
file does. We can flip the configuration to required in environments
where we know we need authentication.
Change-Id: I8c26aa68ec2668fb9c94d0191914bd676e082ebe
(cherry picked from commit 24b87f1997)
This change normalizes our client return formation by ensuring we're always
using the configured output path as defined within our constants.
Closes-Bug: #1868619
Change-Id: Ied051214c4d3f2a695d58a6cde6180f040ca02d4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 8dc3273495)
Add --work-dir to openstack overcloud container image build command and
every run will create a unique workspace which where will be stored Kolla
configs and build logs. Default directory will be in
/tmp/container-builds. UUIDs are used to identify each time we run the
command and will be the directory name in the work dir.
Related-Bug: #1864108
Change-Id: Id3e52ba920c54c98529ecb5f723ba452362a0b32
(cherry picked from commit 7aeba8f51a)
Rabi Mishra