Save more stack outputs in the working directory.
Change-Id: I30903cfea1ee595c84ef021f5c3be7716c0726d9
Signed-off-by: James Slagle <jslagle@redhat.com>
With ephemeral-heat, we need to save the needed stack outputs in the
working_dir so that the values can be used when needed if the stack is
no longer around.
With the outputs saved, the stack object no longer needs to be passed to
workflows.deployment.config_download and
workflows.deployment.get_hosts_and_enable_ssh_admin, only the stack name
and output values are needed.
Signed-off-by: James Slagle <jslagle@redhat.com>
Change-Id: I3cc61bfee94227045909a4b0ccf84a8d595b2cea
We no longer need to handle this case and the logic doesn't work now
that packaging uses platform-python.
Change-Id: Ic506842240417142230e39755e7663b9276d4e34
Closes-Bug: #1945357
Change the constant OVERCLOUD_NETWORKS_FILE to point
to network_data_default.yaml in THT. (The new v2 default).
Add check, and prompt the user for confirmation in case
legacy networks definition is provided. The check and prompt
can be disabled with the '--allow-deprecated-network-data'
argument.
Also add the '--yes' in 'OvercloudDeploy' and remove it in the
Update nad Upgrade classes that will now inherit it.
blueprint network-data-v2
Depends-On: I618c0a0d99c934fb65a6af30bc76096d52d4679d
Depends-On: I759402fb22a9a3fd0fc06c8e107eee6eb5798c51
Change-Id: I2d14d9e587fce28ea0897bb235c9dedc8f68fa12
When using ephemeral Heat, the update run can no
longer rely on the Heat stack being present. Since
we create the stack and update the playbooks during
update prepare. We can simply execute the
update_steps_playbook.yaml now.
With this change, we also change the converge to just
execute the deploy_steps_playbook.yaml without doing
the entire stack update. The stack update is no longer
necessary with Ephemeral Heat.
Related: https://review.opendev.org/c/openstack/tripleo-upgrade/+/806565
Change-Id: I57d788639b651945ad765f810b504529e41f0fbd
When running 'overcloud deploy' command look for dynamic
defaults file for these options:
--roles-file, --network-file, --vip-file and
--baremetal-deployment
When the option is set by the user, use the user provided
file and make sure a copy is created in the working
directory. If the argument is not set look in the working
directory for the file used previously and use that file.
overclod node, and overcloud network commands require the
user input. But will place a copy in the working_dir for
overcloud deploy.
The depends-on creates these "defaults" by running the
different nova-less/network-v2 export commands when
upgrading the undercloud. With this change the next
'overcloud deploy' after the undercloud upgrade will use
the correct files (unless the user set the args ...)
Depends-On: https://review.opendev.org/795773
Change-Id: I53ba631dc80428c6f1fe71c2bbfb0b5a36dd8f01
MD5 hash, is no longer considered sufficient in security contexts,
as it is susceptible to collisions.[0][1][2]
Since Glance offers multiple hashing algorithms and all other uses
of the function are internal to the tripleoclient, the call can be replaced.
Function is now able to work with multiple hash algorithms,
provided their names are known to python hashlib and specified as compliant
in the tripleoclient constants.
Tests were adjusted to work with new hash algorithm,
and expanded to one compliant, and one non-compliant, alternative.
Docstrings now describe where is the information about image coming from.
In order to simplify potential future work on the related functionality.
[0] - https://csrc.nist.gov/projects/hash-functions
[1] - https://csrc.nist.gov/publications/detail/fips/180/4/final
[2] - https://www.win.tue.nl/~bdeweger/CollidingCertificates/
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: Iee5184755365d94f3b85073ed689079966c8bfcc
The 'export_data' variable in the 'tripleoclient.export.export_stack'
is accessed in read-only manner and is used to determine
parameters selected for export.
It is, effectivelly, a constant, but placed within a function
body, without declaration of it's exact contents in the docstrings.
By moving the 'export_data' among constants, we expose the information
about exported parameters, with minimal change to the original code,
as the 'tripleoclient.constants' is already imported by the module.
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: I408560ffbecd145b476aa5205c4fd1c780491d0c
For the image upload command, if overcloud-hardened-uefi-full.qcow2
file exists in the --image-path directory then this will be used as
the default value of --os-image-path.
If overcloud-hardened-uefi-full.qcow2 is the explicit or implicit
value of --os-image-path then --whole-disk will be implicitly set.
Otherwise the current default behaviour will continue (default image
overcloud-full.qcow2, whole-disk flag defaults to false)
With this change, the documentation can continue to call this command
without extra arguments whether uploading a whole-disk or partition
overcloud image.
Change-Id: I15e6148bafac05d8800665bf6b7268bec49dad6f
Blueprint: whole-disk-default
Use the defaults from container image prepare to set the default values
for the standalone and undercloud heat api and engine images. This will
allow the default upstream or downstream defaults from the right branch
to be used.
Additionally this patch splits out the ephemeral heat containers to a
special namespace and tag that we use in THT to setup the containers for
the overcloud deploy command on an undercloud.
related-bug: 1931995
Depends-On: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/796617
Change-Id: I55fb9816e2b0a54717938b7a094bde6780811305
Signed-off-by: James Slagle <jslagle@redhat.com>
Signed-off-by: Alex Schultz <aschultz@redhat.com>
Save a copy of the deployment archive to /var/lib/tripleo to avoid
accidental deletion by a normal user.
Change-Id: I9f5dc697dd1cd7895723d4c23ce89a00631b310f
Signed-off-by: James Slagle <jslagle@redhat.com>
When the --vip-file argument provides the vip_data.yaml
provision Virtual IPs and include the deployed network
environment file in user environments.
Depends-On: https://review.opendev.org/795080
Change-Id: I1e4f8dde9f56311bed8dcbe1b08ade09225fd595
Heat creates some listener and worker queues before creating
the queue that clients publish message to.
Let's check for the service queue to ensure that all queues
are created before we make any api call.
Also uses a constant for the pod name which is used by
podman for the pod hostname[1].
[1] https://github.com/containers/podman/blob/master/libpod/runtime_pod_infra_linux.go#L34
Change-Id: I7d544dc277bd81a0f6f5f9d5ca15b2bdc99c102f
'/usr/share/openstack-tripleo-validations' doesn't exist anymore since
Train. Tripleo-validations installs its bits in '/usr/share/ansible/'.
It is now quite safe to remove the references to this legacy directory.
**Note**
This patch will be applied to master and stable/wallaby only. This logic
will be kept as is for stable/train like this directory may still be
present during an upgrade.
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
Change-Id: I3d277cdefda431d08fd8fbc103b53304ea44eb29
This patch begins to add support for using the ephemeral Heat process
to the overcloud deploy command.
The functionality is enabled with the newly added --heat-type cli arg,
which can be used to select the heat type to be used by the deployment
playbooks and modules. The options are:
installed: current behavior using Heat installed on the undercloud
pod: ephemeral Heat podman pod (heat-api/engine)
container: ephemeral Heat podman container (heat-all)
native: ephemeral Heat native heat-all process
The default is "installed" initially to preserve the existing
functionality.
Signed-off-by: James Slagle <jslagle@redhat.com>
Implements: blueprint ephemeral-heat-overcloud
Change-Id: I8fb6ca088b1052488ff4f9ada4d3ab29c0be4735
Extend the command which extract overcloud node
information to also include network information.
The command now requires the --roles-file used
when deploying the overcloud to be passed because
this is the source for these options:
* default_route_networks
* networks_skip_config
Partial-Implements: blueprint network-data-v2-ports
Depends-On: https://review.opendev.org/772359
Change-Id: I09c886fe6bada721caac61d25d9a0915cf9aff02
ODL support was deprecared since Stein. It was removed in Ussuri and
the removal was backported to Train. Thus we don't expect any users
using that removed service with recent version >=Train.
Change-Id: Id1199f8b6abe852877da722b917f30f770043422
Add a new subclass, HeatPodLauncher to launching an emphemeral Heat
within a podman pod. The pod contains separate processes for Heat API
and engine, allowing for multiple engine workers (defaults to cpu
logical core count / 2).
The pod makes use of the undercloud's already installed database and
message bus.
Change-Id: Ie8b4a5ca83284f66dceae32c6f2fc99cdc8c9ffb
Signed-off-by: James Slagle <jslagle@redhat.com>
In order to be re-used by post deployment action, this review
copy the ansible inventory into the output_dir as:
standalone-inventory.yaml.
If file exist it will replace the old one.
Change-Id: Ied14f40cf074755225abe1e8f1c859bacbe9022f
The constant for tripleoclient was still set to docker.io instead of
quay.io.
Change-Id: I2450e0fe2f497c9e627a1e75924a447b10c2b570
Signed-off-by: James Slagle <jslagle@redhat.com>
We need to use default image parameters as we create all
service chains irrespective of role count. We don't seem
to use the default resource registry that would have
service mappings OS::Heat::None that should be used for
filtering.
Closes-Bug: #1914396
Change-Id: Ie3fcb2ab509e73d4631e3ef4c9d6ecfad9894112
Today if you pip install tripleoclient and pip install tripleo-ansible,
you can't run some of the cli commands because they cannot be found. In
order to support this, we need to check if the playbook folder is
available in a venv and fall back to the /usr/share/ansible version if
it does not exist.
Change-Id: I27ac01aae7155cfc84bf5aef926ae220b57373c9
We recently renamed the container prefixes from centos-binary to
openstack. Additionally this moves the version information of this into
constants that can be updated in stable branches if needed.
Blueprint: bp/switch-to-heat-all-container
Change-Id: I208a6ae5b314e8482ca5fc8d3e5695dbd7da5f1b
We still expect users to add -e deployed-server-environment.yaml
to the deploy command when using --deployed-server (ex. when
using metalsmith for node provisioning). This adds the default env
automatically when using --deployed-server with the deploy command.
The resource mappings and parameters in it can be overridden by
any environment file provided by the user.
Change-Id: I849e4077b7fba88651904642fa8c2df08ec8352a
This patch standardize the way how ConfigParser is imported, so that
we can maintain the implementation more easily.
Change-Id: I90c1936401892f0b3a57d80814113837ebed506f
We're in a weird state with validations roles in different locations.
Let's reflect it in the variables.
Also, let's point to a valid "groups.yaml" location.
Closes-Bug: #1895507
Depends-On: https://review.opendev.org/#/c/751828/
Change-Id: Iee198b04f962a3a049515d7b70584f55413bba6f
According to: https://review.rdoproject.org/r/#/c/29059/
We decide to converge ansible roles/libraries/plugin and playbooks to
the /usr/share/ansible path instead of having a dedicated path for
validations.
This will avoid duplication since the validation-framework is now
an external framework from tripleo, the common validations between
validations-common and tripleo-validations can be stored at the same
place.
Add a fallback path for Updates and Upgrades
Change-Id: Ibe97d70f4d321d04900ca9fe88144bc16511611c
Update/Upgrade commands have now a prompt by default that ask for
confirmation before proceeding. It'll prevent an user to run the
command that may cause the problems to infrastructure.
This prompt can be skipped with --yes/-y argument.
Note: putting "UPDATE" and "UPGRADE" in uppercase to make sure this is
visible and clear. We have seen many users running the wrong command and
ending up doing an upgrade instead of an update.
Note2: this prompt will be ported to the upgrade and FFWD workflows to
prevent unexpected execution to prevent potential harm to
infrastructures.
Depends-On: https://review.opendev.org/741480
Change-Id: I838e6748879c668dd004ca2243b7b00b857c2a7b
tripleo_states will be a useful callback to print out informations about
a deployment state (e.g. if a node failed but was ignored because of
max_failed_percentage).
Depends-On: https://review.opendev.org/735962
Change-Id: Ia53a5fb554e231d8ea16639efe3c394d0811556c
Now that the FFU process relies on the openstack overcloud upgrade
commands there is no need to keep the old ffwd-upgrade command
available.
This patch removes the three ffwd-upgrade (run, prepare and converge)
as well as their tests, utils functions and constants.
Change-Id: If0c0ed9a44a51cf367fd060c77e10055f367694c
This change allows us identifying a set of parameters which should
not been passed in the upgrade prepare or upgrade converge steps.
As it is now, it is mostly intended to block the converge step
if the FFU parameters (Stein registry parameters) were left in
the environment files before running the converge step, however
it will allow blocking the upgrade prepare in the case that some
deprecated or not recommended parameter is provided in the templates.
The way how it works is by converting every single yaml passed in
the environment files into a list of keys (only for the
parameters_default so far), then it will try to intersect the list
of forbidden parameters with the list of keys. If there is a match
an exception will be raised showing those parameters:
ERROR openstack [-] The following parameters should be removed from
the environment files:
ceph3_namespace
name_suffix_stein
tag_stein
name_prefix_stein
ceph3_image
namespace_stein
ceph3_tag
Change-Id: I24715f5e55d4cd6cf9879345980d3a3c5ab8830c
Iff8eec43bd73bc6486f56e741e740869d1b8acbb adjusted ansible config for
custom 'tripleo_dense' and 'tripleo_profile_tasks' plugins.
That was not sufficient because of bug/1881254.
Align settings provided by run_ansible_playbook utility with that
Iff8eec43bd73bc6486f56e741e740869d1b8acbb provides for tripleo_common
shared ansible configuration module. That is to have:
- better coverage in CI jobs
- users experience as well.
Callbacks whitelist defaults switches to
tripleo_dense,tripleo_profile_tasks. And default output callback
becomes tripleo_dense.
Change-Id: I5e8bc9ac5cbf4a042b5cd7e27578092062839726
Related-Bug: #1881254
James Slagle