This change adds a debug print statement which will assist in debugging should there
ever be an issue rendering files.
This change also removes the tcib_pre_build option, this var was not doing anything
and creating condusion when executing role builds.
Change-Id: I2f2003cfa00873d3669c94711635c51c4ac69ab3
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change normalizes how we execute validations by ensuring all validations calls are
running via a shell command and sourcing the `stackrc` file; this is due to validations
not being completely compatible with the OSC clouds config. All validations will now
run when the `run_validations` is set to true. This ensures that the playbook will only
execute validations when instructed to.
Change-Id: Ie1b0c739dc08023a1bba7a98292a8c570b8a2a9c
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Fix idempotency issues for containers in pods.
Fix problem with options configured in images, like user, workdir,
etc.
Add tests.
Change-Id: I5891c573dc969b9e239f65c2ce81404f68b6558e
If podman_container returns non-empty stderr, but the tasks didn't
report failure when running in async, we want to fail because the
container is in error and we need to catch it.
Change-Id: I2ffba02ce1a2ec7bcca6ff152a53f9fe34e3e624
On slow systems, it's possible that systemd takes more time than usual
to execute a task from Ansible (e.g. service restart); so Ansible
doesn't have yet the registered facts from systemd.
To make sure that Ansible doesn't fail with:
dict object' has no attribute 'status'
We first check if status is defined.
Change-Id: Ie73cecc115c87fe452a90892755a1df5b3d894a7
Closes-Bug: #1877449
In these tests, we use the fedora container and not centos:8; so right
after when we run "podman run", it can fail if the fedora image isn't
pulled.
Let's pull the right image before the podman run.
Change-Id: If32d5f9e3ff1a590d2fc467969404861ec733f9b
For stopping and removing podman container use podman_container
modules which is idempotent. Retry it a few times if it doesn't
pass first time.
Partial-Bug: #1876893
Change-Id: Ic9f063eac866b25f980f20f86502653289321592
This change creates a role that implements the Dockerfile specification via
simple template, which will allow us to generate our container files based on
our current needs. When container files are generated, both a Dockerfile
and Buildah script will be created in the selected base path. This will maintain
flexability in our build choices.
Change-Id: I86102fe7075fd6918644e3e981a28e0b31ae9694
Signed-off-by: Kevin Carter <kecarter@redhat.com>
tripleo_container_manage_create_retries and
tripleo_container_manage_exec_retries (default to 60) will allow a
timeout of 10 minutes for both podman exec and podman run commands.
Indeed, some containers (db-sync or when puppet runs) can take up to 10
minute to execute and finish.
Change-Id: Iff752cd124546bdd7cf857b0dacfc7d33b9a71a6
This change introduces several new modules that make up the bulk of the functionality
required to port over the derived parameters functionality into an Ansible role. All
modules will be tested within the derived params role, to be introduced in a follow
on commit.
> Documentation has been generated for the new modules.
Change-Id: I19da74ff1b1b6a1e889e93d3fcad82918ad8a367
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change updates all uses of docker to podman and removes our docker
installation process from zuul and our local test process. Some container
based tests have been moved to "delegated" becuase they no longer make
sense to run in a container and the hacks needed to maintain the container
based testing are not worth maintaining for podman.
Change-Id: I02de94a1229bfa847f14ecf282eadbcfe6396875
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The lock used in the wrapper is under /var/lock in the container which
is not shared with the host so the sync script never waits for the
wrapper to be done. Moving the lock file to a path on a shared mount in
the container seems to solve that particular race.
Change-Id: I660b7189a9e1c3197f2cdcc77af62584691dde16
Partial-bug: #1874470
Depends-On: https://review.opendev.org/723522
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
OSP, the downstream version of tripleo have to enforce some policies
for rhel version and subscribed channel.
This module hosts hoses requirements, so that we prevent update to
wrong rhel release or subscription to wrong channels.
Currently it only implements a basic check to the subscribed rhel
version.
This check has some fail-safe logic to avoid crashing the update on
temporary network issue when running subscription-manager.
We are avoiding the validation framework as this can be easily
disabled and we want this enforcement to be mandatory as this could
lead user to unsupported combination of OSP/RHEL.
For upstream that change is transparent as the tasks are skipped if
the ansible_distribution is not Red Hat.
For Red Hat, there will be a mechanism in THT to avoid the check
altogether, for instance for CI purposes.
For this first check (RHEL/OSP version), downstream patches will add
the required values in vars/redhat.yml.
Change-Id: I2d1ac92ee6ee8407fb156a2718f94ad3e9220bbe
These filters will be used within the soon to be created derived params role.
Tests have been added to ensure the filters function as expected.
Change-Id: I6e73940773148757002b996096b29e29f0b88b1e
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Currently there isn't a good way to pass dynamic information from
ansible to puppet to end up in the configuration. This change adds an
ansible_managed hierafile that can be updated via ansible to pass
dynamic variables into a future puppet execution.
An example playbook would be:
- name: Set my data
set_fact:
my_data: foo
- name: Add my_data to hieradata
include_role:
name: tripleo_hieradata
tasks_from: ansible_hierdata.yml
vars:
hieradata_ansible_data:
my_magical_var: "{{ my_data }}"
The puppet code that would be executed later would just be:
class myclass(
$my_data = lookup('my_magical_var', 'bar')
) {
file { '/var/tmp/data':
ensure = present,
content = $my_data
}
}
Change-Id: I52ba520dbdd97b25cb093f7e09609e6e1797e3a1
It seems broken since we changed to use containerized
overcloud.
- hostvars used are incorrect
- swift-ring-builder not available on hosts
Change-Id: I0f8d755da12f031b83c765412528feaea9fa0d1a
[0] got merged to enable multistack working in the overcloud. This
patch modifies the overcloud group in the inventory and changes its
name into allovercloud. We need to adapt all the calls to the old
overcloud group to work with the new allovercloud instead.
[0] - Ife14dbe04dd11db44a944f98373f63e01dfbb8d8
Change-Id: I80a00b3d7d11921306f86efc8023aa89500d4f3e
This change adds a connection check to the "Run create admin" playbook
which will ensure the target host is up and ready to recieve connection
prior to attempting to execute the rest of the playbook. This is being
done because there is a chance servers may not be up and available by
the time this playbook is executed and we dont want to cause a bad
user experience by failing early, forcing the deployer to rerun a
deployment for no reason.
Closes-Bug: #1873246
Change-Id: I2d2e3bdcaf0a31d8daf90656533ac0f55b70fa26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
- In container_running, replace 2 tasks by one task
- In podman/create, move the check_exit_code tasks into its own playbook
- Rework podman/systemd to only be included if systemd services are
needed by the container configs and also reduce the tasks
Change-Id: Ief05797caf12084d7c1432bea037ccd56107dcde
Now that Podman natively supports healthchecks, let's use them; which
will reduce our footprint in how we consume Podman.
Using native healthcheck brings a few benefits:
- Less Ansible tasks to manage the systemd resources, so deployment
should be slightly faster.
- Leverage features into the container tooling directly; not in tripleo.
This patch does the following:
- Fix the podman arguments for healthcheck options in podman_container
module, transparent for the end-user. Indeed, the args are "health-*".
- Remove the management of timers and healthcheck services and their
requires.
- New playbook "healthcheck_cleanup" to cleanup previous systemd
healthchecks if they exist.
- Update molecule default testing to test if new healthchecks work fine.
- Update the role manual for healthchecks usage.
This patch should be transparent for the end-users except that the
systemd healthchecks won't exist anymore:
Instead of running: "systemctl status tripleo_keystone_healthcheck.timer
status", we would run "podman healthcheck run keystone" or check the
output of "podman inspect keystone".
The document has also been updated in the role manual.
It requires at least Podman 1.6 where this patch has been tested.
Depends-On: https://review.opendev.org/720089
Change-Id: I37508cd8243999389f9e17d5ea354529bb042279
If the tasks are skipped the variables are empty and should be default
to an empty list; which will return empty services when figuring out
what services need a restart.
Change-Id: I852066179c86b97a7f775a7babb4e44e89a0d9a3
Zuul