Fix idempotency issues for containers in pods.
Fix problem with options configured in images, like user, workdir,
etc.
Add tests.
Change-Id: I5891c573dc969b9e239f65c2ce81404f68b6558e
If podman_container returns non-empty stderr, but the tasks didn't
report failure when running in async, we want to fail because the
container is in error and we need to catch it.
Change-Id: I2ffba02ce1a2ec7bcca6ff152a53f9fe34e3e624
This change introduces several new modules that make up the bulk of the functionality
required to port over the derived parameters functionality into an Ansible role. All
modules will be tested within the derived params role, to be introduced in a follow
on commit.
> Documentation has been generated for the new modules.
Change-Id: I19da74ff1b1b6a1e889e93d3fcad82918ad8a367
Signed-off-by: Kevin Carter <kecarter@redhat.com>
These filters will be used within the soon to be created derived params role.
Tests have been added to ensure the filters function as expected.
Change-Id: I6e73940773148757002b996096b29e29f0b88b1e
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Now that Podman natively supports healthchecks, let's use them; which
will reduce our footprint in how we consume Podman.
Using native healthcheck brings a few benefits:
- Less Ansible tasks to manage the systemd resources, so deployment
should be slightly faster.
- Leverage features into the container tooling directly; not in tripleo.
This patch does the following:
- Fix the podman arguments for healthcheck options in podman_container
module, transparent for the end-user. Indeed, the args are "health-*".
- Remove the management of timers and healthcheck services and their
requires.
- New playbook "healthcheck_cleanup" to cleanup previous systemd
healthchecks if they exist.
- Update molecule default testing to test if new healthchecks work fine.
- Update the role manual for healthchecks usage.
This patch should be transparent for the end-users except that the
systemd healthchecks won't exist anymore:
Instead of running: "systemctl status tripleo_keystone_healthcheck.timer
status", we would run "podman healthcheck run keystone" or check the
output of "podman inspect keystone".
The document has also been updated in the role manual.
It requires at least Podman 1.6 where this patch has been tested.
Depends-On: https://review.opendev.org/720089
Change-Id: I37508cd8243999389f9e17d5ea354529bb042279
If the tasks are skipped the variables are empty and should be default
to an empty list; which will return empty services when figuring out
what services need a restart.
Change-Id: I852066179c86b97a7f775a7babb4e44e89a0d9a3
The old module util method name was not accurate given it is interacting
with inspection data, not baremetal data directly. This change corrects
the method name so its more accurate.
Change-Id: I8d1ef3942154e7990147270d84127a53b175d3ca
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This reverts commit 9405496053.
I've noticed a time penalty (5mins in my env) over just using 'linear'
for the standalone. See if this affects the time on more scenarios by
testing a revert
Change-Id: I18ea66b9ea97228af44803c55dd79533da433741
Instead of managing systemd services per start_order per step, we could
manage them per step.
The start_order was created to be able to create containers which runs
some command or do exec; but not really for the ones who are services
and managed by systemd.
Doing it per step will reduce the number of tasks and therefore the
deployment time.
Note: it adds dict_to_list() filter; which converts a dict of dicts to a
list of dicts. Ansible allows to do it via dict2items | list but in this
particular case we don't want key/value when later treating the data to
figure out if systemd is needed.
Change-Id: Ia38f2ec753dc3c21bcf91f057fe7ff8020d214e6
If "rm" is set to False (default), don't add --rm=False to the podman
command, it seems like podman treats it as --rm anyway. Let's just skip
that parameter if set to False and add it if True.
Change-Id: Ic2877684cd0210b23b23d852ee59fa49d9013f0d
tripleo-upgrade previously relied on <service_group>.children.keys to determine
which roles include a particular service.
Since I2cc721676005536b14995980f7a042991c92adcc altered the inventory
structure this will no longer work.
Create filters to generate a group to role mapping instead. Use the
tripleo_role_name var to determine the role names instead of group names.
Change-Id: I3daf77f099fd0277a9d8495932ca3e28ae7b964d
Separate the creation of systemd files & service restarts so we don't
call systemd too many times and makes the deployment faster.
It also uses a new filter that will read register data to figure out
what systemd files changed so what containers need a restart.
Change-Id: I16596a5b262642a678a8b8b123384fc387f69c70
This change will co-locate all tripleo-common utility code which we use
within modules. By creating a module util for tripleo-common we'll save
duplication and ensure functionality across all modules that leverage
tripleo-common.
The ansible-auto-doc plugin has been updated to support a new module-util.
Change-Id: Ic85c45a64e160223a012b77f698c2224da5d09d7
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Sorting the enabled_services list so we can have idempotent hieradata
where the content doesn't change between Ansible runs of the
tripleo_all_nodes_data action plugin.
Change-Id: I8f54265dbadf21da6badd690f5cb123b549cf48c
Default the old config hash to an empty string, so during step1 when
creating puppet & startup configs there is no need to display empty
config hashes.
Change-Id: I417aea66ad0dc0a868eaadda1e6eacc847389f16
When Ansible is run in check mode, the async_results are missing some
keys from regular runs, so we can't really tell if the container has
finished and failed; let's just skip it.
Closes-Bug: #1871397
Change-Id: I5f99c8e5392326fc8274ca3278966cddd49e0c3d
This is the proper way to add another element to a list. Otherwise
the plugin would fail if a string was trying to be concatenated to
a list.
Change-Id: Ieba3396bbe89e2ad1de7ad842b31f3ad092ff36f
Closes-Bug: #1871228
The tripleo-upgrade playbooks require a group to host mapping and a
list of roles. It currently makes assumptions about the inventory
structure which is fragile. This adds filters to generate the
required data regardless of the structure.
Change-Id: I8a47c945656558a0d3baa67a5547f0d859f8c816
When provide is immediately run after import, it sometimes stalls
indefinitely due to port creation failure.
This fix avoids this issue by polling the ironic neutron agent
associated with the host until:
1. the agent entry exists for that host
2. the agent configuration has something populated for bridge_mappings
Change-Id: I7eb90fb0b532942825e32c43ebd057a28005c8ec
Closes-Bug: #1866204
To avoid this error:
The error was: KeyError: 'container_data'
We need to fetch container_data from async_result_item in the async
results; that's where the key is. Updating unit tests as well, and the
task which creates the facts so there is no confusion in the logs.
Change-Id: I2a5533335151c4b292e85aea310adfdc44ab1e02
The expand function was failing to add the username and public keys to
the instances list. This change treats these arguments like other
defaults, and adds tests to confirm they're ending up in the instances
list.
This change also has a minor fix to the unprovision prompt validation
logic.
Change-Id: I603623511e4061e782a65d53a3118d211ea6e708
If a container fails to start after many retries, the default logging of
the async_status tasks isn't great and it's hard to figure out what
container failed to start.
In this patch, we introduce a new filter that will read the
async_results and build a list of containers which failed to start
(failed to True) or did not finish to start (finished to 0); the
async_status ignores errors, but we fail a bit later after building that
list.
Change-Id: I5a2270130bdf5b9d781f4d81ec25c6ccf12fdc07
This adds a new module to upload templates to plan as a tar
file.
Change-Id: I7ac4c328ec7f4dd0fb4aa7495945fbc57feb4bbc
Depends-On: https://review.opendev.org/712599
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Zuul