The tripleo_ovn_mac_port_name can become very
long in case a very long role name is used.
For example, the following role name triggered
the maximum length of 60 characters error:
"DistributedComputeHCIScaleOut"
The tags are used for ideompetency in:
tripleo_ansible/ansible_plugins/modules/tripleo_ovn_mac_addresses.py
However the tripleo_ovn_mac_port_name tag is
not actually used.
Related Bug: #1921713
Change-Id: I5b6124210aec0c25ffa7daf82a9c6e944bdb4966
(cherry picked from commit d8475ede4a)
Services need to provide this rsyslog configuration in order for
their logs to get ingested by rsyslog for forwarding.
Closes-Bug: 1953672
Change-Id: I0da99239275fa7f53f032ca4a85460e6111738b4
(cherry picked from commit c3bb913386)
This was introduced to manage keystone resources (users, projects and
so on) by puppet but now these resources are managed by ansible.
Conflicts:
deployment/keystone/keystone-container-puppet.yaml
Resolved conflict caused by e329ca915e .
Change-Id: I9e76f21e41e2891f959cbf41b89cba07b2e67632
(cherry picked from commit 925e2db462)
(cherry picked from commit 48d547ce7c)
This patch clears up confusion resulting from both tripleo and
cinder creating "default" volume types. The quotes indicate subtle
differences in how the term is used, and how it causes confusion for
cloud users.
TripleO added support for configuring cinder's default volume type,
and later cinder itself added its own support for a default volume
type. The cinder project's motivation was to provide a volume type
for all volumes, even when cloud administrators hadn't defined one.
But from tripleo's perspective, cinder's volume type was redundant
because tripleo *does* define a default volume type.
The confusion for cloud users is that cinder chose "__DEFAULT__" for
the name of the volume type, and "Default Volume Type" for its
description. This is misleading because tripleo's CinderDefaultVolumeType
is the actual default volume type.
Clearing up the confusion depends on whether the overcloud is a green
field deployment where no volumes have been created, or a brown field
deployment where cinder's __DEFAULT__ type may be in use. If no volumes
exist then it's safe for tripleo to simply delete cinder's __DEFAULT__
type. Otherwise, the __DEFAULT__ type's description is updated so that
it indicates the actual default type is the one established by the
CinderDefaultVolumeType parameter.
Lastly, CinderDefaultVolumeType is now constrained to prevent it being
set to an empty string. That should never happen, so this is just a
safety net.
Related-Bug: #1782217
Change-Id: Idf27c14b31dc077ef9a0e567bd502ed6842bd52b
(cherry picked from commit 4bf4866030)
(cherry picked from commit f10e5f2e6e)
This reverts commit fd58e99dec.
There is additional work to be done in Glance/Cinder to handle correctly images moved to 'trash'
Change-Id: I5ce9085172a5ed2f1f5caeeed6dfbe30e58b4fdc
Closes-Bug: 1951433
Fix condition to add per subnet {{network.name}}Routes_{{subnet}}
parameter to the network-environments file.
Change-Id: I38b8b899716bfd8c50c419761963a423e45397ea
(cherry picked from commit 0474999379)
(cherry picked from commit 61bf0ab938)
To be able to run properly dns_domain_name related tests from the
neutron_tempest_plugin.api.test_ports module, Neutron has to have
configured non default dns_domain_name option.
This patch adds custom environment file which will set that config
option to "openstackgate.local" which is the same value like is configured
in all of the Neutron CI jobs by the Neutron Devstack plugin.
Related-Bug: #1950815
Change-Id: I4d803a7b43533debdf6063299878cf1b13c664e6
Seconds to regard the agent as down; should be at least twice
NeutronGlobalReportInterval, to be sure the agent is down for good.
Closes-Bug: #1937843
Signed-off-by: Kamil Sambor <ksambor@redhat.com>
Change-Id: Ib3f7cd9d6c050140a5e8b59adf7fd8f65b12df2f
(cherry picked from commit 5ab70af5a6)
The default CephDashboardNetwork in ServiceNetMap was
'ctlplane'. Change this to default to storage_dashboard
with a fallback to 'ctlplane'.
This will allow us to remove the hard-coded conditionals
on 'StorageDashboard' network name in tripleo_hiera_data.
Conflicts:
overcloud-resource-registry-puppet.j2.yaml
Related-Bug: #1946239
Change-Id: I9a62b2cf24b2dd020de74e18af8c7bc0535d12d9
(cherry picked from commit 28161b5868)
(cherry picked from commit 5d4785bd61)
Fix bind-mount to point /var/log/containers/libvirt/(qemu)
on the host, via the shared NovaLibvirtLogging attribute.
Remove the nested libvirt/qemu path bind-mount since the outer libvirt
directory is sufficient to hold the qemu logs as well. For that,
bind-mount it with the shared mounts propagation mode.
Change-Id: Iccbae5589aa4a4fc449f23b82755dea1f54f5678
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit 56a58f88e9)
With conditional monitoring enabled in OVN, southbound ovsdb-serve
takes lot of time in handling the monitoring and sending the updates
to all its connected clients. Its takes lot of CPU. With monitor-all
option, all ovn-controllers do not enable conditional monitoring there
by reducing the load on the Southbound ovsdb-server.
Enable this for all deployments is-lowrisk and user shoudn't have
posibilities to modified this manually form tht level.
Depends-On: https://review.opendev.org/c/openstack/puppet-ovn/+/816955
Closes-Bug: #1936781
Signed-off-by: Kamil Sambor <ksambor@redhat.com>
Change-Id: I9014ad0c7fae391dec4ad70bcbc0728667d413c5
(cherry picked from commit bc934d18a4)
During updates/upgrades, installing mariadb-server on the
host may impact the behaviour of containerized mysql.
During a FFU if mariadb-server is upgraded, it may happen
that the rpm scriptlets fail to start mariadb server and
leave a crash log behind (tc.log). This prevents the
regular online upgrade from happening.
During an upgrade, mariadb-server used to be force-upgraded
in the mysql service for historical reasons. It's not
necessary since mysql is containerized and can trigger
the same crash as explained above.
During a minor update, the same reasoning can apply if
RHEL channel ships a new mariadb-server rpm as scriptlets
will probably leave a crash behind as well.
Make sure mariadb-server is never installed, while
keeping mariadb CLI if already present on the host, to
avoid operational impacts.
Change-Id: Ib669bb4a5fcbb493d6d5edb5999bd1d87418558b
Closes-Bug: #1946742
(cherry picked from commit d33865cded)
A heat parameter ``IronicPowerStateChangeTimeout`` has been added
which sets the number of seconds to wait for power operations to
complete, i.e., so that a baremetal node is in the desired power
state. If timed out, the power operation is considered a failure. The
default is 60 seconds, which is the same as the current Ironic
default.
This could be backported to stable/train, where the ironic default of
30s is causing failures in CI jobs.
Related-Bug: #1947403
Change-Id: I9729beac4c4e84d2619c4c629cd26eba8a26b87d
(cherry picked from commit 65151adc18)
Currently to set az for ovn, user need to set
OVNCMSOptions with value:
"enable-chassis-as-gw,availability-zones=az-0:az-1:az-2",
which is not very good ux.
Adding new param OVNAvailabilityZone will improve ux
and improve configuration redabilities
Closes-Bug: #1923585
Change-Id: I90932c2445eda2cd0d6e661b561ce86a87dcdec2
(cherry picked from commit 1ddef85c91)
In order to get a working vTPM support in containers, we need to enable
a new SELinux boolean provided by openstack-selinux[1].
This patch affects only the deprecated
nova-libvirt-container-puppet.yaml template in order to do a clean
backport to stable/Wallaby and stable/Victoria.
[1] https://github.com/redhat-openstack/openstack-selinux/pull/80
Change-Id: I1d2368135f7b0a83dec2192c242c081e2f5127c1
Closes-Bug: #1902468
Resolves: rhbz#2007314
(cherry picked from commit f664302c3d)
Since PyYAML 5.1, yaml.load without specifying the Loader option is
deprecated and shows the following warning.
YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated,
as the default Loader is unsafe.
Please read https://msg.pyyaml.org/load for full details.
This change replaces yaml.load by yaml.safe_load (which is effectively
same as adding Loader=yaml.SafeLoader) to get rid of that warning
message. Also, existing all usage of yaml.load with the Loader option
are also replaced so that we to make all implementation to load yaml
files consistent.
Closes-Bug: #1947373
Change-Id: Id44fa2354429b944fbc0809f63db558bb7de23f7
(cherry picked from commit 53040573ab)
When we set Debug: true, placement is the only service without
DEFAULT/debug set to true.
Change-Id: I2f977f4a710a5e9f68f508d4b880c18ec61caf0c
(cherry picked from commit 514f6df76f)
(cherry picked from commit 5e577ace7d)
Adding it there will basically enforce using the archive policy
high all over, and will prevent using any other.
Change-Id: I9d471633d5650544f2fd9a2b00bd9aa166c737c3
(cherry picked from commit 10e0652199)
(cherry picked from commit d5726a1326)
This changes to provide the option to choose the required DDP
package when multiple different packages are available.
Change-Id: I6d140714b813e1be76e803f60b54ece1cccad128
(cherry picked from commit 1e2d02d9e3)
Looks like swift log forwarding is skipped atm. Conditions on
ansible blocks are evaluated per task and once a var is
registered, 'is not defined' check (from block) fails and the tasks
are skipped.
This keeps the tasks same in both services so the duplicates
are excluded in DeployStepsTasks.
Also uses shell command like haproxy to check service status.
| OK | Check if rsyslog exists | overcloud-controller-0
| TIMING | Check if rsyslog exists | overcloud-controller-0 | 0:15:17.829966 | 0.37s
| TASK | Forward logging to swift.log file
| SKIPPED | Forward logging to swift.log file | overcloud-controller-0
| TIMING | Forward logging to swift.log file | overcloud-controller-0 | 0:15:17.881102 | 0.04s
| TASK | Restart rsyslogd service after logging conf change
| SKIPPED | Restart rsyslogd service after logging conf change | overcloud-controller-0
| TIMING | Restart rsyslogd service after logging conf change | overcloud-controller-0 | 0:15:17.924588 | 0.03s
Change-Id: I2f17b993029fc02ffe1e9d0f6a9c31b9eb97cc0a
(cherry picked from commit 8d51d6d3f4)
Using delegate_to: undercloud relies on the director host name
being "undercloud". We should instead delegate to the first
host in the "Undercloud" group.
Change-Id: I3560d27deb316100c3c4bf70c609c7367192d44a
(cherry picked from commit d346aa94bd)
There is a possibility that haproxy container crashed and restarted
with another UUID, while the deployment is trying to reload it
after reconfiguring the certificates, by sending a
`kill -HUP <uuid-of-the-container>`. In that case, ingore errors
for the commands block, since there is no longer need to reload the
newly created container.
Also fix the failure condition for HAproxy chgrp script.
Reasoning behind: at the time the chgrp&HUP block is executed, the new
cert has already been deployed on the host, with the correct owner
already set. So if the container_id changes at this time, it will pick
up the new cert automatically. That means that by ignoring errors
caused by mismatching UUID we'd skip an unnecessary consequent restart
of the newly spawned container, ending up with the same result. So the
safest path here would provide a sort of a cascading failure for the
crasher->restarted->reloaded once again containers.
Related rhbz#1973674
Closes-bug: #1940729
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I4b40d73ab329dc219ee7a387201b0747a6233ed4
(cherry picked from commit 810b81991f)
(cherry picked from commit 5c30345325)
(cherry picked from commit a235b70b2e)
Currently, we are setting file ACLs on /var/lib/neutron as part of
upgrade tasks if there is a neutron user in the system. Since moving to
containerized deployment, we don't have neutron user on the system
anymore. This code was added to resolve issues arising with existing
neutron resources when moving from system services to containerized
services.
This patch is to remove the stale upgrade tasks to remove file ACLs.
Closes-Bug: #1943034
Signed-off-by: Purandhar Sairam Mannidi <pmannidi@redhat.com>
Change-Id: I19f457a99dedfd781bd56987e3fea6626737500d
(cherry picked from commit a522941695)
(cherry picked from commit b9fe05d56c)
The neutron::agents::ml2::networking_baremetal class does not provide
the user parameter but the username parameter.
Change-Id: I7141dff598b73cbee062e127677880c396680f32
(cherry picked from commit e7f027d33a)
Zuul
Martin Schuppert
Harald Jensås
Chris Sibbitt
Takashi Kajinami
Sandeep Yadav
Alan Bishop
Giulio Fidente
Slawek Kaplonski
Kamil Sambor
Bogdan Dobrelya
Damien Ciabrini
Steve Baker
Cédric Jeanneret
David Vallee Delisle
Matthias Runge
Jaganathan Palanisamy
rabi
Lewis Denny
Purandhar Sairam Mannidi