This exposes new var for tripleo_container_manage. Also,
removes the check to force set clean_orphans=True in
needs_delete filter, when there is one or no item in
the startup config.
There is a possibility when disabling services, there would
be one or zero container_startup_configs for a step.
Partial-Bug: #1893335
Change-Id: I9d08168015487c48d8b380a9575ba236b7fb7d0d
This module takes a file input and checks to see if it has changed since
the last time checked and runs a command if it has changed. The module
will take a copy of the file being checked to be used for subsequent
executions if the file has changed.
Change-Id: Iea02a40639529ff9d80d3368f07ce81e6b1e911f
When container disappears between "podman ps -a" call and
inspection call "podman inspect cont1 cont2, ..", the module fails.
To avoid this run inspection of each container one by one if total
inspection call failed.
This is update of module from collection.
Closes-Bug: #1892701
Change-Id: I0c085c6c136e5d5b162feb8a1f72d906ab08502e
We need to add OpenFlow10 to the required protocols to support
backwards compatibility with neutron's destroy_patch_ports.
Closes-Bug: #1892491
Change-Id: I6865787f4d0b0459ac2eb91c0f1da9c08b36dd8d
To replace the task that looks over kolla_config.yaml and creates the
json files per item in the YAML, create a module that will lead to one
task creating all the files.
Change-Id: I19d8b8c3bc37cca6fb2c9e535e70b43dabef58d6
This module will help to simplify the task that creates the container
config scripts, generated via config download.
It'll replace the loop in THT that iterate over a file to create the
scripts and their content, and executer faster on module.
Change-Id: I4bbd54d193271daa10383b8cb48c9ea9aa0b5b74
This change reduces the risk of provide having a lock timeout by
waiting for existing node locks to be released before starting the
provide.
Ansible based provide may not be affected by bug #1846791 because
power-down happens after the provide, not before. However waiting for
locks to be released is recommended practice, and doing it here may
improve reliability.
Change-Id: I5bced3b91e4fa3568185e2bbc85c0a000182394e
Closes-Bug: #1846791
This adds a new ansible module for container image prepare
and changes the role to use the module instead.
Change-Id: I1cfa68c74eb772ddf794c53827fd9bea1fe2e5a3
We noticed a bug in OSP that OVN controller (2.13) was unable to
contact to OVS bridge (2.11).
Before running the update we should set the OpenFlow protocols on
integration bridge (br-int).
More about the issue [1].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1843811
Change-Id: I575d67521719ae3908777284b4225eff5169ae6b
When we grab the task to execute, use the one we fetch to advance the
host rather than the peeked version.
Change-Id: If8f53f900070bb714662e519b4017d963af30ccc
When we want to create a large set of containers at the same time, an
action plugin can now be used which will call the podman_container
module.
The podman_containers action plugin takes a list of containers with
pre-defined parameters ready to be consumed by the podman_container
module.
The podman_containers module is just useful for Ansible documentation.
The molecule tests will ensure that the action plugin actually works and
creates the 3 containers.
Change-Id: I1e6881f3871a7a125db9374c608ecad0bafcb882
This module replace the code in [1] as we need to replicate this
sequence of actions in several places in the templates.
It first checks if it's a layered product ovs update which uses
rhosp-openvswitch. If so, it makes sure that openvswitch is removed
without triggering any actions, like stopping the service. Then we
install the rhos-openvswitch package which will take care of updating
everything without disturbance.
If the os is not using layer product, then we download the openvswitch
and update it without triggering the systemctl restart if present in
the postun scripts.
[1] https://opendev.org/openstack/tripleo-heat-templates/src/branch/master/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml#L234-L370
Change-Id: I793bdb8db1d34011cf64cf9942a811ab5efc00ed
Change the wording to replace "This or these node(s) failed to deploy"
by "The following node(s) had failures:"; failures can happen at a
different level (not necessarily deploy). Update the wording to avoid
any confusion.
Change-Id: I80041738df05dbe0da678efa91e861390ad4657e
Related-Bug: #1889212
We seem to be using incorrect parameters for HostnameFormat and
Count when generating environment for nova less deploy.
It's always {{role.name}}Count and {{role.name}}HostnameFormat
Change-Id: I59233aeb488ae3938128d0ed6b86649a671ba526
If a service never starts, the "status" key won't exist so Ansible
raises with KeyError which is very misleading (we don't even have the
service name).
This make pass the KeyError exception, so we fail at the end of the loop
of attempts with proper Ansible raise and we give the service name.
Change-Id: I74f3d5b51bde1ec33b69b2488174eef9cc4a330d
If an operator would have disabled or stopped the service, we make sure
that it is again enabled and started when a deployment occurs.
We also add test coverage for it in molecule.
Change-Id: I97a6819574772835eb4a291b63bb05551fe4439a
1) shutdown: include tasks without a block. this should remove the stat
and include task; to only have one task that include the shutdown
playbook if needed.
2) Remove containers_changed tasks. This is not useful to restart a
container just because its podman_container resource changed.
when podman_container module applies a change to the container, this
one is already restarted.
3) Remove all_containers_commands tasks, there aren't needed. Ansible
output already provides the commands that are run via the
container_status module.
Change-Id: Ic625bc5dd7bbd964d36eab0a3f81eca31c533716
Currently any_errors_fatal cannot be dynamic value based on the current
task vars. This change attempts to evaulate the provided value and
verifies it's a boolean when using it to handle the any_errors_fatal
logic.
Related Upstream: https://github.com/ansible/ansible/pull/70694
Related-Bug: #1887702
Change-Id: I31cf042b72aad5cdd2c7c1ae8bc319eca372acff
The metalsmith_instances module calls into metalsmith and there is
currently no logging mechanism to see what is happening. This change
is an attempt to improve this by configuring logging and adding the
output to the result dict as 'logging'.
Change-Id: I3da2e72383787f96bf4d930e416b8fb5c0a4ff72
Related-Bug: #1879472
These files aren't needed anymore, since we generate one JSON per
container in its step directory.
We now make sure these files don't exist so there is no confusion.
Change-Id: I9674102d6b3686206eec78f8d6f4408988a69b7b
Support the checks of "podman exec" commands, and add the commands to
the list of things podman ran.
It reduces the number of tasks as it removes get_commands_exec and
re-use the container_status action plugin.
Change-Id: I4c84b389b595a8fe18ef6d31e896d6b6608b9920
Change the wording when a container will be added to the list of
containers that will be restarted, so it's not confusing.
Change-Id: Ieb50138b5c1d35fa3c59dd368a58c1af3f61807b
Add image inspection, idempotency for ulimits, workdir, user,
other image overriden parameters.
Add idempotency for volumes, published ports, others.
Small improvements for docs.
Change-Id: I01011e451827387f70d505242811e896a3a8ad4d
Use wait_for_node_reservation method from cloud.baremetal class,
not from cloud.baremetal_introspection.
Change-Id: Iaf2d410a2da74f062f1ad0de49c76beba8548f9a
Instead of running a bunch of tasks to manage systemd resources, move
it into an action plugin which should make the execution faster and
easier to debug as well.
Example of task:
- name: Manage container systemd services
container_systemd:
container_config:
- keystone:
image: quay.io/tripleo/keystone
restart: always
- mysql:
image: quay.io/tripleo/mysql
stop_grace_period: 25
restart: always
The output is "restarted" for the list of services that were actually
restarted in systemd.
Note on testing: since that module is consummed by
tripleo_container_manage role, there is no need to create dedicated
molecule tests, we already cover containers with restart policy in that
role's molecule tests. So we'll re-use it.
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Kevin Carter <kecarter@redhat.com>
Change-Id: I614766bd9b111bda9ddfea0a60b032e1dee09abc
Instead of running a bunch of tasks to figure out what container
commands have been run, which ones did not terminate after 5 minutes,
which ones failed or finished with a wrong exit code. We now have an
action plugin that will do it faster and with better logging.
Faster before it reduces the number of tasks.
Better logging is provided, now displaying all errors during a run and
fail at the end.
Supporting check-mode.
Re-using tripleo_container_manage role for molecule testing.
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Kevin Carter <kecarter@redhat.com>
Change-Id: Ie7f8c9cceaf9540d7d33a9bb5f33258c46185e77
container_startup_config will replace a bunch of tasks that we did in
THT to generate the .json file for each container in
/var/lib/tripleo-config/container-startup-config.
It'll accelerate a bit the deployment by replacing tasks into a
single module, so we can generate the startup configs much faster.
Also tolerate empty configs in container_config_data, switching a
failure into a debug. If the config is empty, there is no need to run
the rest of the role tasks in tripleo_container_manage.
Note: we manage the SElinux context at the openstack-selinux:
https://github.com/redhat-openstack/openstack-selinux/commit/0b62
TODO (later): Manage idempotency and only create configs that need to be
updated.
Change-Id: I501f31b52db6e10826bd9a346d38e34f95ae8b75
Rather than using ansible task loops which increase the time to execute,
this change creates a filter that is used to assert that the containers
used in execs are running before we run the execs
Change-Id: I5e15cc71c45160109f5c303c13dd25a052ede3c3
Zuul