Commit Graph

81 Commits

Author SHA1 Message Date
Kevin Carter
d5a26bd7e7 Allow comments in variable files to be rendered in docs
This change will allow all comments in our variable files to be rendered
normally within our documentation. This will allow folks reading our
documentation to benifit from information we may put in the various
files.

Change-Id: I0ce554651916f2b942dc0fd9f647d5a348042203
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-01-15 11:54:57 -06:00
Zuul
f8c53ca1d0 Merge "Initial documentation for tripleo-container-manage role" 2020-01-09 22:17:16 +00:00
Emilien Macchi
f5139d4dcc Initial documentation for tripleo-container-manage role
Change-Id: Id60123cdeb921879cf0b92288dc7bc3a5d4ef599
2020-01-09 01:13:03 +00:00
Emilien Macchi
b588d9d30a Initial documentation for tripleo-keystone-resources role
Change-Id: I827a546ebf0da17a18cf0603a9cdbef0fb234fe9
2020-01-08 16:20:45 +00:00
Oliver Walsh
8dc6d50b16 Add role/playbook to manage nova image cache
Adds a tripleo-nova-image-cache role to manage the nova local image cache on
remote compute nodes.
For multi-site/stack deployments the image can be downloaded once and
distributed to the remaining nodes in the stack to minimise WAN traffic.

Also adds a playbook to run the role using the single/multi-stack inventory
and the overcloudrc environment variables.

Change-Id: Ib5aaa22f6cf307181d8f34cf89f9f24619b43004
Implements: blueprint tripleo-nova-cache-mgmt
2019-12-19 16:19:06 +00:00
Emilien Macchi
566bcf66ce Introduce tripleo-keystone-resources role
This role will manage Keystone resources, like
/etc/openstack/clouds.yaml, Keystone endpoints/users/roles/etc and
everything that was managed by Puppet before regarding Keystone.

Management of Keystone resources for each OpenStack service:
- services
- projects
- endpoints
- roles
- users and their assignment to roles
- admin resources

It's using batch + async so it runs faster than with Puppet where it
calls openstack client for each resource. Here it's using the python
openstacksdk with concurrency.

Change-Id: Ib9615c55d0fb4ea71208d74c5ee22594db52f46a
2019-12-12 15:24:04 -05:00
Zuul
c96d839968 Merge "Implement tripleo-systemd-wrapper role" 2019-11-14 19:03:34 +00:00
Zuul
abf6d499ef Merge "normalize newlines at end of file" 2019-11-13 21:35:21 +00:00
Alex Schultz
699249f179 Implement tripleo-systemd-wrapper role
This patch adds a new role that will be used to manage side containers
with systemd instead of docker.socket or nsenter.  The main use case here
is Neutron, although this role is designed to work with any service.

This role will create a series of systemd files to monitor a file which
gets mounted into a container. Additionally a wrapper script is
generated which is mounted in the container that will provide the
arguments that should be used to launch new containers.

Blueprint: safe-side-containers
Change-Id: I4821b7ca0260e4dfd1717ba976cef700d160f84f
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2019-11-13 09:14:27 -07:00
Sorin Sbarnea
26ebbf1700 normalize newlines at end of file
This is needed for https://review.opendev.org/#/c/693826 which improves
linting.

The funny aspect is that we already had pre-commit rule to check this
inside the repository but it was not active on CI.

Change-Id: I7c528e193c7656d71d53908620970e7b51e9e6cc
2019-11-12 15:06:58 +00:00
Alex Schultz
cfe4f38b59 Create role to do puppet cache actions
Rather than inline this code in the deploy steps, let's use a proper
role that can just be included.

Change-Id: I3f38ea132390867b455790c9c1c0507b13beb836
2019-11-11 17:15:01 -07:00
Zuul
d804d8c68c Merge "Add tripleo-hosts-entries role" 2019-10-29 00:26:08 +00:00
James Slagle
207e350ca6 Add tripleo-hosts-entries role
Add a new role to manage /etc/hosts entries. Instead of these entries
being calculated by Heat, a jinja2 expression is used to construct the
individual hosts entries for each overcloud nodes.

Some data still comes out of Heat, such as those for the undercloud,
vips, and extra hosts entries used for multi-stack. As such, variables
are used for these entries so that the role can add them to /etc/hosts.

Change-Id: I1e12962e2f2fa6c1a2b429a3e02424fd42b0a08d
2019-10-25 11:37:56 -04:00
Emilien Macchi
a191a2d600 Introduce tripleo-container-manage role
This is a first ieration of the role, but there is still a long TODO,
that will come later in separated patches:
- Add molecule testing
- In podman.yaml, add cpuset_cpus with parity of what is in paunch
- Remove containers that are:
  - managed by tripleo-ansible (using the container_label flag)
  - not in the container-startup-config
- Print stdout when containers start as it was done with paunch

Story: 2006732
Task: 37165

Co-Authored-By: Kevin Carter <kecarter@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>

Change-Id: I2f88caa8e1c230dfe846a8a0dd9f939b98992cd5
2019-10-24 12:14:10 +02:00
Emilien Macchi
27ef0a279a Remove leftovers for podman-image*
The modules don't live here anymore, we missed to removed the rst.

Change-Id: I92f8a4aabb1642d7f454cbeb5258e045a330fdb4
2019-10-10 08:45:39 -04:00
Zuul
f511229250 Merge "Introduce new module for Paunch" 2019-09-17 11:36:46 +00:00
Emilien Macchi
e4d6813b0c Introduce new module for Paunch
Now, it only supports "apply" which is called by THT but later we could
add other actions that are supported by the CLI.

Example of usage:

- name: Start containers for step 1
  paunch:
    config: /var/lib/tripleo-config/hashed-container-startup-config-step_1.json
    config_id: tripleo_step1

Co-Authored-By: Sagi Shnaidman <sshnaidm@redhat.com>
Change-Id: Iaf988eaf3136c93703aac972a0e853c98a888e65
2019-09-17 04:37:39 +03:00
Zuul
df614e3071 Merge "Create the tripleo-packages role." 2019-09-16 18:13:14 +00:00
Zuul
2e1055adc5 Merge "Create a role for OvS-DPDK host configuration" 2019-09-15 09:10:39 +00:00
Saravanan KR
2b54427b8b Create a role for OvS-DPDK host configuration
A new role has been created to initialize DPDK in
openvswitch. Currently, puppet-vswitch module does this
initialization. This role has the functionality in par
with current puppet-vswitch's dpdk implementation.
The goal is to remove the invocation of puppet-vswitch
in two places in THT by replacing it with this role.

Depends-On: https://review.opendev.org/#/c/677726
Change-Id: Ib16face659108aa59878f47e793a6a4991b49636
2019-09-12 09:56:32 +05:30
ekultails
905da0751a
Create the tripleo-packages role.
This manages installing, updating, and upgrading TripleO packages.

Story: 2006031
Task: 34668
Task: 34670
Task: 34671

Change-Id: Ib31212da20620b355f2fc196511f168804a008a4
Signed-off-by: ekultails <ekultails@gmail.com>
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-09-06 14:53:16 -05:00
Carlos Camacho
c3ae6f818a Include the ansible role to run the backup and restore feature
We currently support the backup and restore of the control plane
using ReaR.

This submission adds the boiler plate to start the integration
of the documented ReaR backup and restore using Ansible.

Change-Id: Ie34ff6f49285fc78675d67e289f1507f20f7fb78
2019-09-04 16:43:06 +02:00
Luke Short
2f6cc5cdff Create the tripleo-sshd role
This role configures the sshd service and related
issue and motd banners that are displayed during
SSH login.

Story: 2006023
Task: 34628
Task: 34630
Task: 34631
Change-Id: I1af1b95ede5f2ed61126ef345d4c87d950fa2525
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-30 22:12:42 +00:00
Cédric Jeanneret
83ad0fdd5b Creates tripleo-validations-package role
Change-Id: I897e63b79b7fb35080b1ea853afe503cd1189800
Story: 2006034
Task: 34683
Task: 34684
Task: 34685
Task: 34686
2019-08-23 14:23:17 -05:00
Cédric Jeanneret
64d28e6f5f Adds tripleo-clients-install role
This role allows to easily install either all or some of the openstack
clients.

Change-Id: I6fe8f2469207d75e2c7aa6621f6683a1949ac0ca
Story: 2005984
Task: 34433
Task: 34434
Task: 34435
Task: 34436
2019-08-23 14:21:14 -05:00
Martin Schuppert
688ec4c8cd Create tripleo-cellv2 role
This change introduce tripleo-cellv2 role and playbook
create-nova-cell-v2.yaml to simplify the post steps when creating
an additional cellv2 in tripleo. For reference, [1] is the doc
patch providing at the moment the manual steps.

[1] https://review.opendev.org/672744

Change-Id: I288a9217dce948d33d9b47938e7977294d255c7a
2019-08-23 12:11:44 +02:00
Kevin Carter
bb7bc41730 Add securetty role
The securetty role will create the file `/etc/securetty` when an array
of tty's are provided.

Test Matrix:
  - default: runs through the role top to bottom with all default
             settings
  - create: runs through the role with an array of of tty's to
            ensure the role is working as expected.

Story: 2006021
Task: 34618
Task: 34620
Task: 34621
Change-Id: I6b3644cf7aa62c171172f225c25866f89830a233
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-18 18:44:59 +00:00
Kevin Carter
33669499f9 Create the tripleo-firewall role
This change adds the tripleo-firewall role which will serve as a general
purpose filewall configuration interface. The role will leverage iptables
and ensure a 1:1 compatibility with existing options coming from tripleo
heat templates.

Story: 2006030
Task: 34663
Task: 34665
Task: 34666
Change-Id: Ic6d7462d82c9811e95aedf90b7a9d92700f2ebe3
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-16 17:06:42 +00:00
Kevin Carter
bc9fe7f827
Create tripleo container image prepare role
This change creates a role for  the tripleo heat template content for
"container-image-prepare-baremetal-ansible.j2.yaml". This change will
ensure our task process is tested using molecule and scenario tests
while also streamlining our process.

Test Matrix:
  - default - tests role using all default options
  - build - tests end to end building containers using mock data

A new playbook for docker vfs setup has been added. This was added to
allow some tests to run docker workloads within a local filesystem.
Without this change, docker workloads would fail because docker is
not able to run an overlayfs job from within an overlayfs
environment. This new playbook will be used within our zuul jobs
whenever the variable `docker_enable_vfs`, is set to "true".

Change-Id: Ic6e26eb95734ccf17e42e649b5e5808e1a096a78
Story: 2005985
Task: 34438
Task: 34440
Task: 34441
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-13 19:02:07 -05:00
Kevin Carter
f4c81bd8f8 Add kernel tuning role
This new role will add, load, and modify kernel tuning
options as well as load kernel modules. This role provides
an interface to allow users to customize the kernel
parameters and modules as needed.

Test Matrix:
  - default - Runs through the role top to bottom with all default
              settings
  - extra - uses the available interfaces to customize the deployment.

Story: 2005998
Task: 34503
Task: 34505
Task: 34506
Change-Id: I1b5fb1ce35121107229d66ccd1e49116974f2e8f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-09 15:33:41 +00:00
Kevin Carter
9743b73de6 Import Hiera roles
The hiera roles (data and upgrade) have been imported. These roles will now
be tested using molecule which will ensure functionality via multiple
scenarios tests which should provide coverage for all currently available
code path's.

Because these roles use the ip filter from Ansible a change to the test
requirements has been made to include the require python library, netaddr.

Hieradata Test Matrix:
  - Default - Runs through the role top to bottom with all default
              settings
  - hieradata_vars - Rests role include functionality to generate
                     hiera templates
  - per-host - Tests running with hiera config with host specific
               values
  - all-hosts - Tests running through a standard multi-node deployment
                using mock hieradata

Hiera Upgrade Test Matix:
  - Default - Runs through the role top to bottom with all default
              settings

To ensure we maintain coverage for the hieradata and upgrade roles
additional voting scenario jobs have been added to the layout. These
jobs will execute whenever a change is made to either of the hiera
roles ensuring we're not experiencing any regressions on a critical
part of our deployment process.

Story: 2006044
Task: 34726
Task: 34728
Task: 34729
Story: 2006044
Task: 34730
Task: 34732
Task: 34733
Change-Id: I7f9e993735a0347aac12f728393639d88c80ff0f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-09 10:32:07 -05:00
Zuul
9d5e6e7877 Merge "Separate tripleo-time into two distinct roles" 2019-08-08 01:43:43 +00:00
Carlos Camacho
27a4d63c85 Add playbook to stop containers
We need to stop several containers on the upgrades workflow.

This submission allows to reduce the duplicated code in THT.
It also handles the case in which we have podman as the CLI
but the containers running with docker.

Change-Id: I4fcc0858cac8f59d797d62f6de18c02e4b1819dc
2019-08-07 15:40:37 +02:00
Kevin Carter
3d4093672a
Separate tripleo-time into two distinct roles
This change converts the tripleo time role into two roles:

  - tripleo-ptp
  - tripleo-timezone

This change will ensure we're able to cleanly install and setup
ptp when needed while also providing a well defined interface
for setting the timezone on systems.

Change-Id: I0a2b2241a38f3d98ac421e6106fb81210961c1f5
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-08-07 07:23:50 -05:00
Zuul
aba4d93e85 Merge "Introduce tripleo-config role" 2019-08-01 18:13:28 +00:00
Zuul
8a815d8ebd Merge "Correct role documentation heading" 2019-07-30 18:27:33 +00:00
Emilien Macchi
96b9fc6540
Introduce tripleo-config role
This basic role will provide an interface to TripleO so we can consume the
ansible-config_template action plugin to generate configuration files.

Change-Id: I4e28be86e28dd227a682362af56833fe97035a88
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-30 13:02:25 -05:00
Kevin Carter
c1e098de6d Create a time role
This change creates a role using the time content from
THT[0]. This role will run through all of the tasks found
within the THT file, and implements molecule tests coving
the functionality.

Test Matrix:
    - default - Runs through the role top to bottom,
                installing and configuring ptp.
    - ntp_stop - Sets up an environment and ensures we
                 properly stop ntpd when directed to.

[0] - https://github.com/openstack/tripleo-heat-templates/tree/master/deployment/time

Story: 2006028
Task: 34653
Task: 34655
Task: 34656
Change-Id: I4c36c5058c901cb4ead5f781082e5f97014221cb
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-29 17:06:18 -05:00
Sagi Shnaidman
7b6bd68569 Logindefs role in tripleo-ansible
Change-Id: I61625792cd581b1ccd26cfc63c140151634d1318
2019-07-29 17:06:18 -05:00
Kevin Carter
e413851d8c
Correct role documentation heading
This change updates the role documentation heading to ensure
consistency. These docs were merged using the old name, which
is too long making it hard to read within the openstack
documentation navigation bar.

Change-Id: I277eabfeeafb393ea11379bc0d27d2022f0b04db
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-29 16:26:44 -05:00
Zuul
d029ba838b Merge "Add library documentation within roles" 2019-07-28 21:59:43 +00:00
John Fulton
d762e27dc7 Add molecule test structure to ceph roles
Add molecule test structure for each ceph role. Also
add missing doc/*tripleo-ceph-*.rst files.

Local test setup changes have been made in support of
these roles.

Change-Id: I43b828d5c892a0b33c7a3cbae4034267ce493dc0
Task: 34717
Task: 34718
Task: 34719
Task: 34720
Story: 2006041
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-24 10:47:34 -05:00
Kevin Carter
7e712a3377
Add library documentation within roles
Roles can have libraries nested within them. This change adds
module documentation to roles whenever the "library" directory
exists. This will ensure all nested libraries are automatically
documeneted.

Change-Id: I7b9d3b1beda62b9941ec9126cb9f3a25a16d74e4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-24 07:34:42 -05:00
Luke Short
7f726d8cf8 Import the tripleo-persist role from tripleo-common.
The role will now also be tested with Molecule on CentOS 7 and
Fedora 28 docker containers.

Change-Id: Ic6dfaa56317c68779a50cea63bbf85b9d663184c
Signed-off-by: Luke Short <ekultails@gmail.com>
2019-07-18 14:14:59 -04:00
Kevin Carter
9912b049e9
Create a podman role
This change creates a role using the podman content from
THT[0]. This role will run through all of the tasks found
within the THT file, and implements molecule tests coving
the functionality.

Test Matrix:
  - default - Runs through the role top to bottom
  - install - Runs only the install portions of the role
  - login - Runs only the login portion of the role

[0] - https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/podman/podman-baremetal-ansible.yaml

Task: 34598
Task: 34600
Task: 34601
Story: 2006017

Change-Id: Ia7fd611320d2f29b330a04484dca3146d74d8d82
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-16 11:46:21 -05:00
Kevin Carter
d9b2ee9f30
Update all role docs to use the ansible autodoc plugin
The ansible autodoc sphinx plugin has been updated to automatically
create role documentation for a given role. Because we can now auto
doc all of our roles, all roles with missing documentation have been
added.

Because the ansible autodoc plugin has been made more functional it
has been renamed.

The role addition playbook has been updated to use the new autodoc
module whenever a role is created.

Change-Id: I806217202884fc744fbb26a754617c0125be2857
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-12 20:07:06 -05:00
Kevin Carter
32aed164b9
Add ansible requirement to our docs builds
This change combines the docs and molecule requirements files. This is
being done because the zuul publishing job does not use tox to render
documentation so we're not able to combine the two requirements files
via the tox interface. To ensure we're not creating duplicate
requirements, which could be frustrating to maintain in the future,
we're linking doc/requirements.txt to molecule-requirements.txt and
combining the package lists.

Change-Id: If7977ad06bf0775834a15e6274ae6457e4601fa6
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-10 14:29:08 -05:00
Kevin Carter
e25e9c8bc3
Add plugin documentation
This change adds documentation for all of the plugins currently
found in the tripleo-ansible repo. This will provide for much
greater visability into what we're providing and will allow
users and developers to better understand how to consume
the available resources.

Change-Id: I2f5813095cbadd999bc68235278a9da1f883e01e
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-09 20:33:27 -05:00
Kevin Carter
560e4cbb75 update example zuul job parent
The zuul job parent was not correct and if someone was following
the documentation importing or creating a new role, manually or
using the automation, their initial commit would not work. This
change updates the parent job name so that its functional on day
one.

Change-Id: Ic614d166451032c1b7b650a4d37a4e3a89afa629
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-08 14:12:32 -05:00
Kevin Carter
09b1805e5f Convert tox to native zuul
This change converts the TripleO-Ansible test process to using native zuul.
After a long discussion about the current test process [0] it has been
determined that most folks using tox do so on a local workstation and
would not expect the local system to be modified when envoked.

To ensure we're not creating a situation where a developer runs tox with a
job that may require modifications of the system the current test
structure has been replaced with a native zuul `base` job.

> This change opens the door for us to add tox jobs later which may be
  added in support of the native jobs we're running now.

> The test_json_error role was updated to set required configuration
  for that specific role, which was being passed in via tox before.

Documentation has been added to the contributing section to highlight
the role development process and how folks can test things locally using
a script which will mimic the zuul job runtime.

[0] - http://eavesdrop.openstack.org/irclogs/%23tripleo/latest.log.html#t2019-06-27T14:01:13

Change-Id: Ia1f3d479f3ac447d125169d08c78aaccfeacea3a
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-07-06 02:31:06 +00:00