Via 31cfdbd407
oslo.rootwrap gained support eventlet when using subprocess. By moving
to oslo_rootwrap.subprocess we make sure that with python3 the
subprocess calls use eventlet.green.subprocess if eventlet is used.
This worked on python2 because (from above commit):
"""
On Python 2, it "works" to use directly subprocess: subprocess.Popen
calls os.pipe() and os.fdopen(fd) which are both monkey-patched. On
Python 3, it doesn't work because subprocess uses os.pipe() and
io.open(fd), and the io module is *not* monkey-patched at all.
"""
By applying this change what happens is that the heartbeat thread is
able to be scheduled every 15seconds by default. Without this patch
what we have been observing with python3 is that while running ansible
mistral would constantly log error messages like the following:
2019-05-02 19:14:36.702 8 WARNING oslo.messaging._drivers.impl_rabbit [-] Unexpected error during heartbeart thread processing, retrying...: amqp.exceptions.ConnectionForced: Too many heartbeats missed
With this change we could not reproduce this issue during a deployment
and no missed heartbeat messages were observed during the deploy.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Hervé Beraud <hberaud@redhat.com>
Closes-Bug: #1826281
Change-Id: Id22b1465d6d2424d90781983b970aba4545feb8a
Starting the service can fail is the script was run before.
The task is really to enable the network after a reboot, so let's just
make sure we enable the service, and not need to start it.
Change-Id: Ib8fb5e9154091f80a08c272df014bea25c39c475
The tripleo-common sudoers file allows an owner change on the
validations identity file. The command is only allowed with the `-h`
option, but this option isn't used in the `write_inputs_file` python
code. This breaks validation runs started through Mistral.
This patch adds this option to the `chown` command. It also removes an
useless line in the sudoers file.
Change-Id: Idd3098cfa3aab5dd618645e54b922f90cd9ae13f
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
We are using 'network' service provided by 'network-scripts' which is
deprecated in RHEL8/CentOS8/Fedora28 but os-net-config doesn't support yet
NetworkManager. Until it happens, we need to ensure that network is started
at boot, as it'll take care of restarting the network interfaces managed by
OVS. Note that OVS unit service is already configure to start before
network.service.
See https://bugzilla.redhat.com/show_bug.cgi?id=1701866 for context.
Change-Id: Ib2ca3830e3c3a79cdea93cdb8976757d0697811d
Zaqar has 2 containers, one for API (wsgi) and a second one for
websocket (python).
We therefore want to ensure the ports are in use in the containers.
Change-Id: I0d5ea0ba630714f7ec3ca4f1361e3235320e52d7
The tripleoui was disabled and the parameters to build it were removed
in https://review.opendev.org/#/c/641743/
This deletes the kolla image creation for that because the missing parameter
was causing problems
Change-Id: I4deb83bad8b907ff400fb9159e2a5842c479a89b
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: Ie831b89ae9cf7c68fc898ef0ffd1e0e84e9a9977
Sem-Ver: feature
If the deployment wasn't deployed under Docker, python2-docker package
is missing. Therefore, during the upgrade we don't want to try to remove
the containers under Docker, since they don't exist anyway.
python2-docker is needed by Ansible to remove the containers, so let's
make sure the package is installed, which is the case when the
deployment was under Docker.
If the rpm doesn't exist, we'll skip the tasks and don't try to remove
the containers.
The main case where docker-rm is useful is when upgrading on centos7
from rocky to stein, since we clear containers running in Docker during
the upgrade, so they run on Podman.
In reality, the future platform won't have Docker installed, so this
role will become useless and we'll probably deprecate it.
Closes-Bug: #1824301
Change-Id: Ic5036ffa756775e3806e18b09e034af2290bfb56
Instead of using 'TRIPLEO_VALIDATIONS' as an hardcoded variable, this
patch will use 'DEFAULT_VALIDATIONS_BASEDIR' variable coming from
constants.py.
Change-Id: I5c08ca0bfb9923f7b6834f0d14464c60320f6e6f
Implements: blueprint inflight-validations
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
* Uploads now the contents of tripleo-validations/playbooks directory
instead of tripleo-validations/validations ones.
* Adds a new parameter to run-validation script to be able to properly
export Ansible variables:
- ANSIBLE_CALLBACK_PLUGINS
- ANSIBLE_LOOKUP_PLUGINS
- ANSIBLE_ROLES_PATH
- ANSIBLE_LIBRARY
Change-Id: I43cf796b0147a9b2054d3ff7941274a7497a14d9
Implements: blueprint validation-framework
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
In order to allow access to the roles provided by tripleo-validations,
we have to inject its path in the generated ansible configuration.
We also inject tripleo-validations library paths.
Change-Id: Ic73411ab5a30a57e3e33a9990fa6b3ecea3ee389
Implements: blueprint inflight-validations
We can't really check the socket presence in containers:
- ovn doesn't really listen to them
- playing with lsof and ss doesn't help, since there are some
issues with inodes and overlays
The new healthcheck ensures the service is properly running, and
will fail if ovn-northd has an issue.
Please note: the current STDERR has some output, this is due to
some packaging issue being worked on right now.
Change-Id: I645e18cf198a948479083df94b5d373ed92f2aae
Closes-Bug: #1823882
v1 manifests store the layer digests in a different way, which the
prepare code has conditional logic to handle, however this is missing
from image copy when discovering source layer digests.
There is also a v1 manifest format error in the image export delete code.
This change fixes both of these issues, which should make it possible
to copy images from quay.io.
Change-Id: I3e6c95beb387dc4b462eb037eeb8cb628016b7e4
Closes-Bug: #1823821
From the OpenStack Stein release we want to deploy the Ceph Nautilus
version; this change updates the default container image to use accoringly.
Depends-On: Id0de75e7459b9a8d993a87552b51cf6fdbd29687
Change-Id: I133cd0cd632e0ba6b5a844a89bf74a063cf50f07
Some validations run commands on multiple containers and have to know if
the Overcloud has been deployed using Docker or Podman.
This patch gets the 'ContainerCli' variable from the Overcloud stack
environment and adds it as an Overcloud vars.
Change-Id: I7541bfd244acaf1d00d18b3eef031dbadfe4dd4a
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This patch is a followup to this[1] change.
The reasons for removing amp_hw_arch from octavia_post:
1. In stable/queens, we break since we don't feed ansible with any
value.
2. We don't support or ship an Amphora image that is non-x86_64.The
purpose of specifying the arch is (as stated here[1]) to hint the Nova
scheduler which compute nodes to take into account when it schedules
an Amphora instance.
Closes-Bug: #1824368
[1] Ia7be6503a40e08d0d1f7f4d89132c9e9b5bd6704
Change-Id: I36a851397a0adeadc3216656c96c58f8668fd7fc
We sometimes start health checks before a file is actually written out
by the service. This results in a bash error in the logs. Let's check
the file exists before trying to use it in the health check.
Change-Id: I58815050117af20abc547f46d15073ac0bf8ca74
Closes-Bug: #1824246
This adds a call to parameters.convert_docker_params
to our template processing function so that Overcloud
deploys will have Docker* parameters converted to
the new varients transparently.
Change-Id: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
This will be used in workflows to transition from the
old Docker* parameters to the new Container* varients.
Change-Id: I29d5791acaafa31de15bd58a79302a6b0cb0b7dd
This tiny script ensures we:
- have a crontab for a specified user
- this crontab isn't empty
If we don't pass a user, it defaults to root.
The emptyness takes into account puppet comments, thus we count
the lines without any leading '#'. By default, puppet adds
some environment variables before the command itself, thus we want
to have at least 2 uncommented lines.
Change-Id: I8ee23f05a2925a20d003dd85b6095fd0b559a23a
Use "buildah" CLI instead of "podman" to manipulate the container images
when uploading the images.
Buildah vendoring seems to have more recent versions of the dependencies
which would avoid some lock issues during the image upload tasks.
Change-Id: I61b30c7c935a1530d78a93704e8528af7b6ebe7d
This change passes the value of parameter
ContainerImageRegistryCredentials to the authenticate method in
container prepare. The value is a dict of dicts, so it is validated to
be in the expected format before being used. This allows prepare tasks
to pull or push from any registry which requires a username/password,
which is required by downstream.
Change-Id: I71b767d16a22c732cc18378cedf6c6599ccc5ae1
Closes-Bug: #1823579
Some registry implementations do not serve the Docker-Content-Digest
which we currently expect. According to the spec[1] this is optional
anyway.
This change checks for the header and if it doesn't exist it
calculates the digest from the manifest content.
[1] https://docs.docker.com/registry/spec/api/#content-digests
Change-Id: Ica4bdefb6b8b97e67356cc3ac0e0307689b46c80
Closes-Bug: #1822915
We have jsonschema capped at a fairly old version. Other than some
specific releases, it looks like keeping it below 3.0 was added in
I943fd68b9fab3bce1764305a5058df5339470757 without really any explanation
why.
In order to update to a 3.x release we need to:
1. Remove the cap from global-requirements.txt (see Depends-On), leaving
upper-constraints.txt at a 2.x release
2. Remove the cap from all consumers (this change)
3. Release a new version of consumers that are published to pypi
4. Update upper-constraints.txt with those new releases
5. Update jsonschema in upper-constraints.txt to a 3.X release
(See: https://review.openstack.org/649789)
6. Test consumers with the change from 5.
7. [Optional] fix issues in consumers that arise from 6.
8. Merge the change from 5.
Change-Id: Ic782c3085fb85634d2ae2b7d5538ae2948d2f9b8
Co-Authored-by: Sean McGinnis <sean.mcginnis@gmail.com>
Depends-On: https://review.openstack.org/649669