Set CtlplaneNetworkAttributes parameter in overcloud
environment. The parameter contains a map with network
and subnets data.
CtlplaneNetworkAttributes:
network:
dns_domain: ctlplane.localdomain.
mtu: 1442
name: ctlplane
tags: ['192.168.24.0/24', '192.168.25.0/24']
subnets:
ctlplane-leaf1:
cidr: 192.168.25.0/24
dns_nameservers: ['8.8.8.8', '8.8.4.4']
gateway_ip: 192.168.25.254
host_routes:
- {'destination': '192.168.24.0/24', 'nexthop': '192.168.25.254'}
ip_version: 4
name: ctlplane-leaf1
Also set the CtlplaneNetworkAttributes in the undercloud environment
from the data in undercloud.conf.
Also set the CtlplaneNetworkAttributes in the standalone environment.
Change-Id: I12f1ea965d489eb36353e988cc3ec947f72a35ad
The updates and upgrades operations should not be executed as "root"
user, and the operator should use the regular deployment user (e.g.
"stack").
This enforces this expected behavior.
Change-Id: If23f12d6ab571bc3a3b41aef3dcbd58f98d80977
Update/Upgrade commands have now a prompt by default that ask for
confirmation before proceeding. It'll prevent an user to run the
command that may cause the problems to infrastructure.
This prompt can be skipped with --yes/-y argument.
Note: putting "UPDATE" and "UPGRADE" in uppercase to make sure this is
visible and clear. We have seen many users running the wrong command and
ending up doing an upgrade instead of an update.
Note2: this prompt will be ported to the upgrade and FFWD workflows to
prevent unexpected execution to prevent potential harm to
infrastructures.
Depends-On: https://review.opendev.org/741480
Change-Id: I838e6748879c668dd004ca2243b7b00b857c2a7b
The use of `yaml.load` is deprecated and considered unsafe.
The warning notice:
> /usr/lib/python3.6/site-packages/tripleoclient/utils.py:2349:
YAMLLoadWarning: calling yaml.load() without Loader=...
is deprecated, as the default Loader is unsafe. Please read
https://msg.pyyaml.org/load for full details.
This change removes the use of the deprecated function, which
corrects the issue.
Change-Id: I7b747fd124880f55a30f75e5efb27c22c57ac10c
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This reverts commit 90eee3abc1.
I'm reverting this because it's a regression.
I'm open to not reverting this one if we want to fix it. If the
intention is to backport then we should revert this and correct it
before backporting. We shouldn't touch the verbosity for anything
except ansible items. I'm uncertain if this silenced the heat output
for the upgrade tasks but it impacted the deployment output.
Change-Id: I1bc27ca55a86d8d51960750d36ba825e5197b75f
Closes-Bug: #1863633
This change removes several layers of abstration from our overcloud commands.
By cleaning up these layers we'll improve the understandability of the client
code while also improving the speed of these interactions.
Story: 2007212
Change-Id: I71617d4f47caaee9ce3025191ff0c0ebfe2adf79
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change removes all of mistral from the config_download_deploy function
by calling the required functions directly.
- All of the inputs within this function have been cleaned up and documented.
- New log entires will be created when using this method giving the deployer
a better overall user experience.
- To ensure we're able to support the ability to reproduce commands, the ssh
args extravar has been moved to an environment variable.
- The methods get_config and get_key have been moved to the utils module.
This was done to help avoid circular imports.
Update methods have been changed to execute without running within a mistral
workflow. This was changed because there's no need to support the multiple
code paths anymore given config_download is now running directly.
Test classes have been updated to reduce duplication.
With the new streamlined execution process we should see improved deployment
times and better visability into the deployment process.
Task: 38422
Story: 2007212
Depends-On: I006291a2465aa4c950abce76f9e5f9459b76e330
Change-Id: Ide1a4503dd2bdd2d5e494cd1eac483b842a21acf
Co-authored-by: Luke Short <ekultails@gmail.com>
Co-authored-by: Dougal Matthews <dougal@dougalmatthews.com>
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change uses the the generated mistral context to call the underlying workflow
function without needing mistral.
Story: 2007212
Task: 38436
Depends-On: https://review.opendev.org/#/c/706196/
Change-Id: I79ded325b904bf0f60408250611935d229eda426
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The OpenStack CLI defaults to 1 level of verbosity
which was being directly passed to Ansible methods.
When the CLI is given "-v", the verbosity level is set to 2.
This patch ensures that Ansible will not be verbose by default.
This lowers the amount of RAM a default
deployment/update/upgrade will use along with lowering
log file sizes.
Change-Id: Ic59cc6b2b9b979255c10d71e437afa733517e3e1
Signed-off-by: Luke Short <ekultails@gmail.com>
The container name needs to be passed with the stack name value to the
update_nodes workflow so that the right config container is used during
the update.
Previously, this was not an issue since all update actions just
defaulted to overcloud-config even if the stack name wasn't overcloud.
However, with the multiple overclouds feature and the multi-stack
feature, we need to make sure the right config container is used that
matches the stack name.
Closes-Bug: #1854991
Depends-On: Id6b4a5913141fc558c40f2cfd29f5e0741544ab4
Change-Id: Ib25d8f8fbfde8fb13bd6518fd2383b7e3ae7abee
When running overcloud deploy set the UndercloudHostsEntries
parameter to include the <shortname>.ctlplane entry from
/etc/hosts on the undercloud.
With IPv6 the overcloud nodes cannot pull images from the
undercloud using an IPv6 address. By adding the host entry
for the undercloud in the overcloud nodes hosts file a name
can be used instead of the IPv6 address.
Related-Bug: #1836578
Change-Id: Id9271460b20e602f935f1eddd70f989cd605b1f4
Fixes an issue wich cause warnings such as the one below on the
console when using python3.
ResourceWarning : unclosed file <_io.TextIOWrapper name='FILENAME'
Closes-Bug: #1836379
Change-Id: I4a80a339b2cc0c3fca992cfc456581a91dbf2eef
Currently we have nodes and roles options for upgrade run and update run
but it's a bit confusing. This both options it's same. Depecrated nodes
and roles and a new option limit. The options nodes and roles will be
remove in the future version.
Closes-Bug: #1813810
Change-Id: I4d33e7e5bd4b892219cfc2067e81938e0f6a8668
The tripleo-common allow us to provide a verbosity level
but its not possible to pass it with the cli.
This review catch the --debug option passed to the cli
and provide it to package_update workflow
Change-Id: Ib1fc8f6aab9a0b1a26945d441185b5c8ccb6e7dd
In commit 4cb7a22529 we changed
to set the DeployIndentifier to ''. This looks like an incorrect
change. It would set the DeployIdentifier to '' (from the existing
unique value), if --skip_deploy_identifier is used and this would
result in deployments applied on nodes, whereas we want exactly
the opposite. This checks the existing value in the stack for an
update.
Change-Id: Idd4178aa06aba5668dec6d8ba0427f57dfe5b5b6
Related-Bug: #1759326
Use a single queue for update and upgrade ansible run to avoid
race while consuming both messages from the web wocket
Change-Id: I8b04c2a39d35f530467ddb5f2c4305c08cbc44f1
Closes-Bug: #1804812
The convention is to use the same queue name ("tripleo") for all
workflows. This can lead to messages showing from other tripleoclient
triggered workflows showing up during message polling if multiple
workflows are running at the same time.
This patch adds a check that will filter out any messages that do not
belong to the execution that is being waited on by comparing the
execution id with the root_execution_id returned in the execution
payload.
Depends-On: Icbe80c338d69efc6ce8fceb0f73f833bec588536
Change-Id: Ie6473d6a1044cdf76552d62645b4d63da2df9398
Related-Bug: #1794277
In Rocky we've moved to config-download, which also means ssh
administration via tripleo-admin user when running Ansible via
Mistral.
Using heat-admin no longer seems to work for freshly deployed Rocky
environments, we need tripleo-admin. For upgraded environments, the
assumption is that we'd create and authorize tripleo-admin user during
upgrade from Queens to Rocky, so using tripleo-admin for subsequent
minor update should be safe too.
Change-Id: If4f65d1001c23829fe3285493a6f18bc9af05a99
Closes-Bug: #1789220
Currently the container image registry references are passed with
--container-registry-file in prepare but as -e in converge for
the upgrade/update/ffwd-upgrade/ceph-upgrade clis.
There is no special handling of the file, and it is ultimately
included as any other environment file [1].
This removes the --container-registry-file parameter from
openstack overcloud [upgrade|update|ffwd-upgrade|ceph-upgrade]
prepare.
The related tripleo-common review is for removal of the parameter
from the mistral workflow and action
The related tripleo-docs patch is for updating the operator
instructions to include the container image registry references
using -e as any other environment file.
[1] 2c83dc964b/tripleo_common/actions/package_update.py (L60)
Related: https://review.openstack.org/570903 tripleo-docs
Partial-Bug: #1785825
Co-Authored-By: Jiri Stransky <jistr@jistr.com>
Depends-On: https://review.openstack.org/571186
Change-Id: Id2811dbef59d1be2a35cea062eb7116648f52145
The parameter was necessary before we inherited the update/upgrade
prepare commands from the deploy command. Nowadays this is not
necessary and can be achieved by 2 different means: either via the
*-prepare.yaml files setting CephAnsiblePlaybook parameter, or via
external_update_tasks and external_upgrade_tasks.
Partial-Bug: #1783949
Change-Id: If54e12dbac1a982e89d29b96d86f9f5299e3d810
Depends-On: If80f9cc2f4cb32610dc5eb87159872e28363a21a
New `openstack overcloud external-update run` and `openstack overcloud
external-upgrade run` commands are defined. These are meant to perform
updates and upgrades for services deployed via
external_deploy_tasks. A separate command is used because external
installers don't fit well within the --nodes and --roles selection
pattern we've established for the normal `update run` and `upgrade
run` commands.
Partial-Bug: #1783949
Depends-On: Ib2474e8f69711cd6610a78884d5032ffd19ad249
Depends-On: I982032a0eadfbfb7f1eadee9cae26c8cd5fcdbba
Change-Id: Ib2f32ae8ac234b0c25b0e1ff1f8f8d8e041185e0
To provide a consistent upgrades/updates CLI,
the same --roles and --nodes argument is added into
minor updates CLI command. The use of these two
arguments is mutually exclusive, either we specify a
set of nodes or controlplane roles in which the minor
update will be run.
Change-Id: I1971b19b28049c98697631d6b0e190bdda078fcb
Removing no-ops from plan only will have no effect, we need to let
Heat know about the no-ops removal too. Client commands always fully
recreate the plan in swift, so any plan edits need to be immediately
applied.
For the same reason this commit also drops execution of the workfow --
so far we thought it's just superfluous (does what the env file did),
but in fact can't have any effect at all, so let's not execute that
code at all.
Depends-On: I9039db99f43e8ad091ea6fef7e3a149fcddf1334
Change-Id: Ife57bfae034f70e33bb64cfc3f3063b6a5528cc6
Closes-Bug: #1768586
The no-opped DeploymentSteps need to be re-added after we're done with
minor update.
Change-Id: I9656d8c6137fb656aecda7d13768ca4ab3c10b1f
Depends-On: I6abe8cba12806730bb3686d4f2695070c85e468a
Closes-Bug: #1760898
As well as in [0], the stack being referenced
in the first of the updates test does not match
the one being mocked as part of the arguments.
[0] - https://review.openstack.org/#/c/561181/
Change-Id: I10e708c4c6b59f317a1d0b56d18083fe7ef1698d
We'll be using t-h-t environment files to insert and remove no-ops in
the plan/stack. This should help make the update/upgrade Mistral
workflows more release-agnostic and thus reduce the risk of bugs in
mixed-release UC/OC enviornments.
Depends-On: I486ad0d44f105a6fa9fd24dcf7ac28d40ceecc27
Change-Id: If173d5f6e0be71f467bd062627e9f17e8b684b99
When config-download becomes our only way of deploying, we'll be able
to assume that tripleo-admin user always exists. Until then it's not a
given, so we need to allow using custom user names for running updates
and upgrades playbooks. We default to heat-admin for now, as that's
expected to work on majority of current production environments.
Change-Id: I0df57002b2305c1e2504c9f7a7d0c326d8ffcaf7
Closes-Bug: #1759845
This exposes the --skip-tags which is useful for skipping the
service validations (--skip-tags validation). The expected
format is a comma-separated string for multiple values,
though 'validation' and 'pre-upgrade' are the only currently
supported tags for --skip-tags in the upgrade playbooks. The
full list of tags currently used in tripleo-heat-templates
upgrade_tasks is at [0]
openstack overcloud upgrade run --nodes foo
--skip-tags validation
[0]: 3eb0c62e47/tools/yaml-validate.py (L167)
Change-Id: Ie7fb8d9a388c6d53a31800406b03ddb8ed426401
Depends-On: I8544de64d3307e3dc925c1cecf2d9156e31d25a8
This is the first step which defines the minor update related
classes and entry points:
openstack overcloud update prepare --container-registry-file ...
For running the no-op heat stack update to refresh outputs and
openstack overcloud update run --nodes FOO --playbook all
For running the minor update ansible playbooks on specified
nodes.
A child review will add the openstack overcloud upgrade prepare
and openstack overcloud upgrade run classes and entry points
here https://review.openstack.org/545365
Co-Authored-By: Marios Andreou <marios@redhat.com>
Change-Id: I32c672dffc876250b9949f4fc4ff77c648186e4d
Instead of dealing with some decidated functions in Update/upgrade
classes for manipulating the plan and the env files,
inherit the update class from the DeployCommand class will allow the
update && upgrade to take benefit from the plan management code
and all the tips and tricks that the deploy class does for handling
the corner cases of the plan (access rights, path of user files)
Also it avoid to rewrite/duplicate some code to solve the issue where
the --templates option is ignored by the update workflow
(and upgrade for Queens btw).
Related tripleo-common review:
https://review.openstack.org/540816
Depends-On: Ica4bb404cd3a38a97300b8af36af41c35f09825c
Change-Id: Ib96f4f5078ec1c45981d051e546bf931d2885ae2
Add the openstack overcloud upgrade command and workflow
for major upgrade from P to Queens.
It share the same code base as the minor upgrade but add options
for the converge part and take as parameter a list of
environment files, that could be needed in some cases for the
upgrade init stage. (like repo_setupt)
Change-Id: I54f8fc57b758e34c620d607be15d2291d545ff6f
The rolling-update for ceph ansible is broken now,
so we have to switch to the docker site playbook
instead
Closes-Bug: 1734307
Change-Id: I41f638b0a7df903bd95ab8d42241249d6ec1043a
Consume the update zaqar queue to get the ansible output in
real time.
The queue used is not the 'tripleo' queue because we need
to not be disrupt by other messages.
We need to claim all the zaqar messages in the queue to
get a consistent ansible output
Change-Id: I3682051eb719f8da9c744f7ec8be3a58f3db3f86
Closes-Bug: 1732497
We need to provide an option to let the user
change the default ansible playbook path
for ceph-ansible update.
Closes-Bug: #1723428
Change-Id: I085eb817a6cf3f4f69ba8d67b55d5d01b56428b5
The generate-inventory is always true in the current
code, when we want to provide a static inventory
it won't be taken in account.
the patch aim to fix this bug
Change-Id: If204b3da9b279d7b001d8cfe8c77106f8bf594af
This will allow the cli and tripleo UI to share a common queue,
which will help with scripting the frontend behaviour or track
the progress of the cli from the frontend.
Related-Bug: #1603345
Change-Id: I5849983eee82b5a56cae1bf38a3c2694b6b291db
This change aim to refactor the way of doing the minor upgrade
via ansible playbook download by the config download
It will depend on a mistral change which will get the
ansible update_task and run it via mistral
The user will have two ways for performing the minor update:
- the stack update command which will make an automatic minor
upgrade (or just upgrade a given set of nodes)
- running it manually via ansible on the undercloud
Closes-Bug: #1715557
Closes-Bug: #1723108
Change-Id: I4fcd443d975894a1da0286b19506d00682c5768c
This moves the package update to using a mistral workflow.
Change-Id: I5176746ca4843202a385206289be66f7e6450f48
Depends-On: I8a1f2dbffa19c2d8c93684562d2fb16aef6667db
Closes-Bug: #1614928
This patch removes some of the indirection, deception and complexity in
tripleoclients password handling. At the end of the Newton cycle the
password generation was moved to Mistral. tripleoclient was updated, but
some methods got left behind in the process.
Before this patch, we had one utils function, that called another, that
called a workflow wrapper. The tests then embraced this oportunity and
mocked at different levels of abstraction, some of the tests even mocked
it out in mutliple places to be safe.
This patch replces that with a small function in overcloud_deploy. Once
the post-deploy steps are removed, there will be less of a need for the
password generation and it can hopefully be deprecated with that code.
Change-Id: Icf77dae225caa716c35ce5ded83f7356c958d695
There is an issue with update that the templates files need
to be downloaded before being sent to heat. This solves the issue
on the update side.
Change-Id: I8aa6262716534dec7b51e64f491d7131c359f802
Depends-On: Ib644185f2459e1705267a4114d97cf077ebfa884
Closes-Bug: #1626128
This new library provides the common logic used by openstack
clients. Replacing the imports from openstackclient and cliff.
Depends-On-External: https://review.rdoproject.org/r/#/c/2088/
Depends-On: I095209c241876c6ab48595962e07144fc5cc34a6
Closes-Bug: #1620964
Change-Id: I103a13ff6c0af94b82f5e48652380adfbf331d34
The overcloud update currently returns an exit code of 0 regardless
of the outcome of the update. Unless the result is COMPLETE,
the client now throws an exception, and therefore a non-0 RC.
Also, change the unit tests to use 'COMPLETE' and not 'UPDATE_COMPLETE'
since Heat returns status as 'COMPLETE'.
Change-Id: Ib4aa7982718fda7c3b5fc4e5ea7501203c69bb98
Closes-Bug: 1599872
ramishra