This playbook reflects the same behaviour as the mistral workbook
of the same name.
It adds the functionality discussed on this external bug
https://bugzilla.redhat.com/show_bug.cgi?id=1659888
Change-Id: Icf964c23745941dd596f65e2b0bfa81e515508d0
Previously when Heat was choosing the bootstrap node, it always chose
the first node due to the ResourceGroup ordering.
When it was switched to ansible, the last node was chosen instead due to
unpredictable dict sorting from the inventory.
This patch restores the previous behavior and makes sure the first node
in a group is chosen as the bootstrap node for the both the name
and ip if the sorted_bootstrap_node variable is set.
The variable is used so that the tripleo-heat-templates patch and this
patch can merge, otherwise they'd block each other from merging.
See I6b93f5b0747c5a11d24615a3bbb5516f9be81401 for the
tripleo-heat-templates patch.
Change-Id: I3d595ea5b84f940a3b2dbc69798f69fe03529c10
This reverts commit I2f24738cf7ec13230e1111f4cc209e4843b416a4.
Depends-On: I1bf74a4fb0adcae632c06b38e06a572ebc434201
Change-Id: I2822aaf51163d38282f9b5f07ee93a4d9c01c9ba
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change updates the install path for roles and plugins making it so
these resources are always available whenever `ansible` commands are
invoked.
Change-Id: I00f6a71424882115fa0c765142c03797d9daa285
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This reverts commit 1ac27c39eb3bf01c85daba1ddebe108cc47d1c4f.
Ansible environment enforcing broke logs collection (as any other task
with ansible on this host).
It should have "restored" after the job, not unset.
Change-Id: I34e1125ccdfa0560bd5688f99d788b20d67f646e
the dport option could be a port number using a string instead of a array or int.
This change ensures our loop is able to properly handle dport options written as
list, string, or int.
Change-Id: I13dbdb2043ad216d1c89801c974508dd9b958cdc
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This role allows to easily install either all or some of the openstack
clients.
Change-Id: I6fe8f2469207d75e2c7aa6621f6683a1949ac0ca
Story: 2005984
Task: 34433
Task: 34434
Task: 34435
Task: 34436
This commit is the same as I890bbef764b6bae7cb71cfedaff2ce17829737fb, which was
previously applied to tripleo-common, but lost in the migration to
tripleo-ansible.
Commit a7661065743086961b8ef93056b810e7d2a49eda removed the
all-nodes-config.j2.yaml Heat template. This template had the support
for specifying hieradata to merge into the all_nodes hieradata via the
AllNodesExtraMapData.
This commit restores the merge logic so that the merged hieradata from
the parameter value and the calculated hieradata is rendered in
all_nodes.json.
Change-Id: I49948f8d74c3846321af4f423a4891a71d0fabdc
Closes-Bug: #1839546
This change introduce tripleo-cellv2 role and playbook
create-nova-cell-v2.yaml to simplify the post steps when creating
an additional cellv2 in tripleo. For reference, [1] is the doc
patch providing at the moment the manual steps.
[1] https://review.opendev.org/672744
Change-Id: I288a9217dce948d33d9b47938e7977294d255c7a
Also fixes indentation for the radosgw keyring and removes some
global overrides which we don't pass from tht
Change-Id: Ic7e72b1d28110305e3b6ed1f65c1a0423bf9db67
This change sets our desired ansible options as default environment variables
on systems where the `tripleo-bootstrap` role is executed. This change will
ensure all of our ansible resources are accessible by users of the system,
using the default shell, and are executed in an expected way, mirroring what
we setup within our mistral ansible configuration file.
Change-Id: If5a997dc2698dc286e118289431cc441e3c03199
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The original puppet manifest would prune non-persistent firewall rules from
the save file whenever needed. This change reimplements that functionality.
In addition to pruning the original puppet manifest had special protocol
handling for particular types and states. This change also reimplements
that functionality.
These new functions have been added to our molicule tests to ensure we're
validating functionality.
Change-Id: Ibe4bed6b27cb774dabc40e28a61032bc399c2eae
Signed-off-by: Kevin Carter <kecarter@redhat.com>
We now use a promote job for publishing that avoids building again the
documents after merge. use this here as well.
We can only use the promote jobs when the job run in gate, so use the
same file conditions. To make those easier to sync, get rid of the
special tripleo job and use openstack-tox-docs directly.
For further details about promote jobs, see
http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008610.html
Change-Id: I31fa0d59ce2715abe6c36ecfbca8f6a70aaa60e2
The securetty role will create the file `/etc/securetty` when an array
of tty's are provided.
Test Matrix:
- default: runs through the role top to bottom with all default
settings
- create: runs through the role with an array of of tty's to
ensure the role is working as expected.
Story: 2006021
Task: 34618
Task: 34620
Task: 34621
Change-Id: I6b3644cf7aa62c171172f225c25866f89830a233
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change adds the tripleo-firewall role which will serve as a general
purpose filewall configuration interface. The role will leverage iptables
and ensure a 1:1 compatibility with existing options coming from tripleo
heat templates.
Story: 2006030
Task: 34663
Task: 34665
Task: 34666
Change-Id: Ic6d7462d82c9811e95aedf90b7a9d92700f2ebe3
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The requiurements in tests needs the python package netaddr to wrap
and filter IP addresses, while this package is assumed to be installed
when ansible is installed via the package manager, these assumptions
are not true when installing using pip, like we do in test. This change
ensures that the netaddr package is part of the test environment.
An update has been made to allow the tripleo_container_stop role to
pass one of its tests. The shell command to stop containers was
prefixing the container name which would result in a failure to stop
the given container name in a production environment.
Test packages have been added to the tripleo_ptp molecule tests. These
packages are being added so that we can ensure the test container
images are created with everything assumed to be installed on a running
system.
Change-Id: If704272fb44cff35e7093c5f91ff1b48fd20a91e
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The test runner was setting a default flag for the option
`tripleo_job_ansible_args` which was resulting in tests being
executed in convergence mode. When in convergence mode, a given
secnario is expected because the test will run with extra args,
which are assumed to be scenario specific. This change sets the
default for `tripleo_job_ansible_args` to an empty string which
will ensure the test runner is running all discovered scenarios
when envoked.
Change-Id: I7cd7ded239f32eb8fd2a697b1b42154841712fc2
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change creates a role for the tripleo heat template content for
"container-image-prepare-baremetal-ansible.j2.yaml". This change will
ensure our task process is tested using molecule and scenario tests
while also streamlining our process.
Test Matrix:
- default - tests role using all default options
- build - tests end to end building containers using mock data
A new playbook for docker vfs setup has been added. This was added to
allow some tests to run docker workloads within a local filesystem.
Without this change, docker workloads would fail because docker is
not able to run an overlayfs job from within an overlayfs
environment. This new playbook will be used within our zuul jobs
whenever the variable `docker_enable_vfs`, is set to "true".
Change-Id: Ic6e26eb95734ccf17e42e649b5e5808e1a096a78
Story: 2005985
Task: 34438
Task: 34440
Task: 34441
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This new role will add, load, and modify kernel tuning
options as well as load kernel modules. This role provides
an interface to allow users to customize the kernel
parameters and modules as needed.
Test Matrix:
- default - Runs through the role top to bottom with all default
settings
- extra - uses the available interfaces to customize the deployment.
Story: 2005998
Task: 34503
Task: 34505
Task: 34506
Change-Id: I1b5fb1ce35121107229d66ccd1e49116974f2e8f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The hiera roles (data and upgrade) have been imported. These roles will now
be tested using molecule which will ensure functionality via multiple
scenarios tests which should provide coverage for all currently available
code path's.
Because these roles use the ip filter from Ansible a change to the test
requirements has been made to include the require python library, netaddr.
Hieradata Test Matrix:
- Default - Runs through the role top to bottom with all default
settings
- hieradata_vars - Rests role include functionality to generate
hiera templates
- per-host - Tests running with hiera config with host specific
values
- all-hosts - Tests running through a standard multi-node deployment
using mock hieradata
Hiera Upgrade Test Matix:
- Default - Runs through the role top to bottom with all default
settings
To ensure we maintain coverage for the hieradata and upgrade roles
additional voting scenario jobs have been added to the layout. These
jobs will execute whenever a change is made to either of the hiera
roles ensuring we're not experiencing any regressions on a critical
part of our deployment process.
Story: 2006044
Task: 34726
Task: 34728
Task: 34729
Story: 2006044
Task: 34730
Task: 34732
Task: 34733
Change-Id: I7f9e993735a0347aac12f728393639d88c80ff0f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
When config-download runs ceph-ansible it does so by calling
Ansible from within Ansible. This change adds a new boolean,
ceph_ansible_inherits_calling_ansible_environment (default:
true), which passes all ANSIBLE_* environment variables to
the nested Ansible execution. If a config-download user
exported a variable, e.g. ANSIBLE_PRIVATE_KEY_FILE, then
they might be surprised if they got to the Ceph installation
and it failed because Ansible was unable to SSH into the
target nodes because it didn't have that environment variable
set. Rather than require the user to know about the nested
execution and use the CephAnsibleEnvironmentVariables parameter,
assume they want the same variables passed.
Required TripleO defaults for ceph-ansible still take precedence
over config-download environment variables; ANSIBLE_ROLES_PATH
still refers to ceph-ansible roles, not config-download roles.
CephAnsibleEnvironmentVariables takes precedence over both the
calling Ansible environment variables and TripleO defaults for
ceph-ansible.
Change-Id: I428f6deb416b540dae552b5fc7a778cbc7505e8c
We need to stop several containers on the upgrades workflow.
This submission allows to reduce the duplicated code in THT.
It also handles the case in which we have podman as the CLI
but the containers running with docker.
Change-Id: I4fcc0858cac8f59d797d62f6de18c02e4b1819dc
This change converts the tripleo time role into two roles:
- tripleo-ptp
- tripleo-timezone
This change will ensure we're able to cleanly install and setup
ptp when needed while also providing a well defined interface
for setting the timezone on systems.
Change-Id: I0a2b2241a38f3d98ac421e6106fb81210961c1f5
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This patch removes pytest argument "-s" which is actually the shortcut for
--capture=no.
Change-Id: Iab0933f4ba64cc69dc298c48d1a8aa859067903d
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
Improve error handling if deployer sets the variable for
local_ceph_ansible_fetch_directory_backup to a directory
which ansible cannot write to.
Instead of failing the deployment with a message that the
object has no attribute stat, fail with a message explaining
what happened and how to fix.
Change-Id: Ib13f367b23126df35902a260ab25f99adc898245
