Commit Graph

187 Commits (e7de7417021e0905dd4e2e8b0699a3600b877506)

Author SHA1 Message Date
Zuul 8e0bb61135 Merge "tripleo_container_manage: fail if podman_container returns stderr" 3 years ago
Zuul 2d4f3b6951 Merge "Improve idempotency for podman_container" 3 years ago
Emilien Macchi 1fa6fe819d Lint fix on
Change-Id: I17c92010cad9d2cd05bcebfb5452adac96223a94
3 years ago
Sagi Shnaidman 14aae2b43f Improve idempotency for podman_container
Fix idempotency issues for containers in pods.
Fix problem with options configured in images, like user, workdir,
Add tests.
Change-Id: I5891c573dc969b9e239f65c2ce81404f68b6558e
3 years ago
Emilien Macchi 3880fc7690 tripleo_container_manage: fail if podman_container returns stderr
If podman_container returns non-empty stderr, but the tasks didn't
report failure when running in async, we want to fail because the
container is in error and we need to catch it.

Change-Id: I2ffba02ce1a2ec7bcca6ff152a53f9fe34e3e624
3 years ago
Rabi Mishra 03c6c36eb5 Add module and playbook for overcloudrc generation
playbook: cli-generate-overcloudrc.yaml
module: tripleo_generate_overcloudrc

Change-Id: I9d3bb745dbd67b870bace87da48ccc77773b7209
3 years ago
Kevin Carter a31dcfa319 Add a new set of modules to support derived params
This change introduces several new modules that make up the bulk of the functionality
required to port over the derived parameters functionality into an Ansible role. All
modules will be tested within the derived params role, to be introduced in a follow
on commit.

> Documentation has been generated for the new modules.

Change-Id: I19da74ff1b1b6a1e889e93d3fcad82918ad8a367
Signed-off-by: Kevin Carter <>
3 years ago
Zuul 1683ccb3ee Merge "Revert "Add strategy optimization"" 3 years ago
Zuul 6565a0638c Merge "Add filters used to process data for derived params" 3 years ago
Kevin Carter eaa10c1b5b Add filters used to process data for derived params
These filters will be used within the soon to be created derived params role.

Tests have been added to ensure the filters function as expected.

Change-Id: I6e73940773148757002b996096b29e29f0b88b1e
Signed-off-by: Kevin Carter <>
3 years ago
Emilien Macchi db4a5dbca2 tripleo_container_manage: remove systemd healthchecks
Now that Podman natively supports healthchecks, let's use them; which
will reduce our footprint in how we consume Podman.

Using native healthcheck brings a few benefits:
- Less Ansible tasks to manage the systemd resources, so deployment
  should be slightly faster.
- Leverage features into the container tooling directly; not in tripleo.

This patch does the following:

- Fix the podman arguments for healthcheck options in podman_container
  module, transparent for the end-user. Indeed, the args are "health-*".
- Remove the management of timers and healthcheck services and their
- New playbook "healthcheck_cleanup" to cleanup previous systemd
  healthchecks if they exist.
- Update molecule default testing to test if new healthchecks work fine.
- Update the role manual for healthchecks usage.

This patch should be transparent for the end-users except that the
systemd healthchecks won't exist anymore:
Instead of running: "systemctl status tripleo_keystone_healthcheck.timer
status", we would run "podman healthcheck run keystone" or check the
output of "podman inspect keystone".
The document has also been updated in the role manual.

It requires at least Podman 1.6 where this patch has been tested.

Change-Id: I37508cd8243999389f9e17d5ea354529bb042279
3 years ago
Zuul 1c73d3ac64 Merge "tripleo_container_manage: set empty default to systemd registers" 3 years ago
Emilien Macchi 4a89d96a08 tripleo_container_manage: set empty default to systemd registers
If the tasks are skipped the variables are empty and should be default
to an empty list; which will return empty services when figuring out
what services need a restart.

Change-Id: I852066179c86b97a7f775a7babb4e44e89a0d9a3
3 years ago
Kevin Carter 81d63b24f0 Update method name to be more accurate
The old module util method name was not accurate given it is interacting
with inspection data, not baremetal data directly. This change corrects
the method name so its more accurate.

Change-Id: I8d1ef3942154e7990147270d84127a53b175d3ca
Signed-off-by: Kevin Carter <>
3 years ago
Zuul a52058cc80 Merge "tripleo_container_manage: manage systemd services per step vs start_order" 3 years ago
Alex Schultz ab2491686b Revert "Add strategy optimization"
This reverts commit 9405496053.

I've noticed a time penalty (5mins in my env) over just using 'linear'
for the standalone. See if this affects the time on more scenarios by
testing a revert

Change-Id: I18ea66b9ea97228af44803c55dd79533da433741
3 years ago
Emilien Macchi ca80ec5c17 tripleo_container_manage: manage systemd services per step vs start_order
Instead of managing systemd services per start_order per step, we could
manage them per step.

The start_order was created to be able to create containers which runs
some command or do exec; but not really for the ones who are services
and managed by systemd.

Doing it per step will reduce the number of tasks and therefore the
deployment time.

Note: it adds dict_to_list() filter; which converts a dict of dicts to a
list of dicts. Ansible allows to do it via dict2items | list but in this
particular case we don't want key/value when later treating the data to
figure out if systemd is needed.

Change-Id: Ia38f2ec753dc3c21bcf91f057fe7ff8020d214e6
3 years ago
Zuul 31a289fbce Merge "podman_container: only add --rm if rm is True" 3 years ago
Zuul 249aea8bd1 Merge "[upgrade] Add inventory filters to map groups to roles" 3 years ago
Emilien Macchi 06bc6505de podman_container: only add --rm if rm is True
If "rm" is set to False (default), don't add --rm=False to the podman
command, it seems like podman treats it as --rm anyway. Let's just skip
that parameter if set to False and add it if True.

Change-Id: Ic2877684cd0210b23b23d852ee59fa49d9013f0d
3 years ago
Oliver Walsh b7f027ff09 [upgrade] Add inventory filters to map groups to roles
tripleo-upgrade previously relied on <service_group>.children.keys to determine
which roles include a particular service.

Since I2cc721676005536b14995980f7a042991c92adcc altered the inventory
structure this will no longer work.

Create filters to generate a group to role mapping instead. Use the
tripleo_role_name var to determine the role names instead of group names.

Change-Id: I3daf77f099fd0277a9d8495932ca3e28ae7b964d
3 years ago
Zuul baa55b2eda Merge "Add a tripleo-common module util" 3 years ago
Emilien Macchi 761e5cbdd5 tripleo_container_manage: optimize systemd services/healthcheck bootstrap
Separate the creation of systemd files & service restarts so we don't
call systemd too many times and makes the deployment faster.

It also uses a new filter that will read register data to figure out
what systemd files changed so what containers need a restart.

Change-Id: I16596a5b262642a678a8b8b123384fc387f69c70
3 years ago
Kevin Carter 2adb49cf63
Add a tripleo-common module util
This change will co-locate all tripleo-common utility code which we use
within modules. By creating a module util for tripleo-common we'll save
duplication and ensure functionality across all modules that leverage

The ansible-auto-doc plugin has been updated to support a new module-util.

Change-Id: Ic85c45a64e160223a012b77f698c2224da5d09d7
Signed-off-by: Kevin Carter <>
3 years ago
Zuul 9d9208389e Merge "Don't call sdk.connect() again" 3 years ago
Emilien Macchi 9fefb30c5d tripleo_all_nodes_data: sort enabled_services (idempotency)
Sorting the enabled_services list so we can have idempotent hieradata
where the content doesn't change between Ansible runs of the
tripleo_all_nodes_data action plugin.

Change-Id: I8f54265dbadf21da6badd690f5cb123b549cf48c
3 years ago
Zuul 6b533dc2be Merge "container_puppet_config: don't show a warning if config_hash is empty" 3 years ago
Emilien Macchi 00e71a890f container_puppet_config: don't show a warning if config_hash is empty
Default the old config hash to an empty string, so during step1 when
creating puppet & startup configs there is no need to display empty
config hashes.

Change-Id: I417aea66ad0dc0a868eaadda1e6eacc847389f16
3 years ago
Emilien Macchi bc25dd663e Relax get_failed_containers() filter
When Ansible is run in check mode, the async_results are missing some
keys from regular runs, so we can't really tell if the container has
finished and failed; let's just skip it.

Closes-Bug: #1871397
Change-Id: I5f99c8e5392326fc8274ca3278966cddd49e0c3d
3 years ago
Rabi Mishra 0007e05c78 Don't call sdk.connect() again
openstack_cloud_from_module() returns a connection object.

Change-Id: Icda289b76b8b57857e6ace521c7984b70ba04392
3 years ago
Luke Short e0d073b936 tripleo_all_nodes_data: Append server node IP to the list.
This is the proper way to add another element to a list. Otherwise
the plugin would fail if a string was trying to be concatenated to
a list.

Change-Id: Ieba3396bbe89e2ad1de7ad842b31f3ad092ff36f
Closes-Bug: #1871228
3 years ago
Zuul 2c2d201e7a Merge "Add filters to help process inventory for tripleo-upgrade" 3 years ago
Oliver Walsh b85dc78f61 Add filters to help process inventory for tripleo-upgrade
The tripleo-upgrade playbooks require a group to host mapping and a
list of roles. It currently makes assumptions about the inventory
structure which is fragile. This adds filters to generate the
required data regardless of the structure.

Change-Id: I8a47c945656558a0d3baa67a5547f0d859f8c816
3 years ago
Rabi Mishra 17912413f8 Remove mistral dependency from password rotate module
Also fixes the check mode support.

Change-Id: I9a78d415e9768096fade660e93760a1f2f57f51d
3 years ago
Zuul 83dab913b4 Merge "Don't rotate passwords when updating plan" 3 years ago
Zuul aca1a4ac3c Merge "Wait for ironic-neutron-agent bridge_mappings before provide" 3 years ago
Zuul ac71e85e50 Merge "Do not duplicate config volumes for puppet manager" 3 years ago
Steve Baker 1bc900c749 Wait for ironic-neutron-agent bridge_mappings before provide
When provide is immediately run after import, it sometimes stalls
indefinitely due to port creation failure.

This fix avoids this issue by polling the ironic neutron agent
associated with the host until:
1. the agent entry exists for that host
2. the agent configuration has something populated for bridge_mappings

Change-Id: I7eb90fb0b532942825e32c43ebd057a28005c8ec
Closes-Bug: #1866204
3 years ago
Rabi Mishra a56157f64b Don't rotate passwords when updating plan
If the passwods exist we should not update those when updating

Change-Id: Iaa7b3d3e24f05bdb66a0aba42ff3be897500735c
Closes-Bug: #1869010
3 years ago
Bogdan Dobrelya 59b0772e27 Do not duplicate config volumes for puppet manager
Change-Id: If285ef708290be334e4195a327fc18c9c8f22c41
Signed-off-by: Bogdan Dobrelya <>
3 years ago
Emilien Macchi d6204498d7 Fix get_failed_containers() to correctly fetch container_data
To avoid this error:
The error was: KeyError: 'container_data'

We need to fetch container_data from async_result_item in the async
results; that's where the key is. Updating unit tests as well, and the
task which creates the facts so there is no confusion in the logs.

Change-Id: I2a5533335151c4b292e85aea310adfdc44ab1e02
3 years ago
Steve Baker 967da6836e
Fix population of username, public keys
The expand function was failing to add the username and public keys to
the instances list. This change treats these arguments like other
defaults, and adds tests to confirm they're ending up in the instances

This change also has a minor fix to the unprovision prompt validation

Change-Id: I603623511e4061e782a65d53a3118d211ea6e708
3 years ago
Zuul a70139e5b9 Merge "Add baremetal node providing module" 3 years ago
Zuul d3e790da80 Merge "tripleo_container_manage: improve logging for failed containers" 3 years ago
Sagi Shnaidman 16c79930a1 Add baremetal node providing module
Change-Id: I7bd1bb388e1213d8b0caf1453ab35679b04d7186
3 years ago
Emilien Macchi 62fcbf2925 tripleo_container_manage: improve logging for failed containers
If a container fails to start after many retries, the default logging of
the async_status tasks isn't great and it's hard to figure out what
container failed to start.

In this patch, we introduce a new filter that will read the
async_results and build a list of containers which failed to start
(failed to True) or did not finish to start (finished to 0); the
async_status ignores errors, but we fail a bit later after building that

Change-Id: I5a2270130bdf5b9d781f4d81ec25c6ccf12fdc07
3 years ago
Rabi Mishra 91a2b34b13 Add deploy plan playbook
Change-Id: I42a65e379981fe7d7879ae5061eafe32845887b7
3 years ago
Rabi Mishra ac40b0f5ef Add playbook for update deployment plan
This adds the playbook and required modules.

Change-Id: I3090106fd24a82373ab308a1ba7f8bcd0eddecad
3 years ago
Rabi Mishra ce16399264 Add tripleo_plan_parameters_update module
This adds ansible module to update plan parameters and optionally
validate the stack.

Change-Id: I60f4ed38584a6b55a09590d9a012d2bfb010f9bc
3 years ago
Rabi Mishra e8c9b421f9
Add tripleo_templates_upload module
This adds a new module to upload templates to plan as a tar

Change-Id: I7ac4c328ec7f4dd0fb4aa7495945fbc57feb4bbc
Signed-off-by: Kevin Carter <>
3 years ago