So far we haven't been disabling workflows for update/upgrade. We
should disable them by default as they could have the potential to
disrupt the update/upgrade/ffwd procedure.
The main example of a thing we deploy via the workflow resources is
Ceph. We decided no-opping ceph-ansible for the main
update/upgrade/ffwd upgrade steps is the safest path forward and we'll
update/upgrade Ceph it after the main procedure is finished.
This consolidates the upgrade and ffwd-upgrade related env files,
removing no longer relevant files (like converge vs converge-docker).
In line with recent/ongoing work in tripleoclient  we now have
cli: overcloud [upgrade|update|ffwd-upgrade] [prepare|run|converge]
With this patch we can also change the set/unset of resource 'noop'
and move it from tripleo-common to python-tripleoclient, like I am
pointing at in related client review below. If others agree then I
will do the same with the upgrade-prepare and also the ffwd cli
in , i.e. add explicit inclusion of the upgrade-prepare.yaml
and then similarly include the upgrade-converge.yaml for the
upgrade/ffwd-upgrade converge cli.
no-tls-endpoints-public-ip.yaml is a new file that needs to be validated
among other TLS environments, so we can make sure that EndpointMap will
be constructed correctly with all needed endpoints.
Some container yaml file does not get the
service_config_settings from the base file.
This patch makes for the following docker yaml files get
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Containerized undercloud without SSL is now failing because of this
missing. The file was added here:
But in the meantime, Designate was implemented.
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override() i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.
The GUI feature is no longer supported with ODL and needs to be removed.
We relied on the URL provided by this feature in order to run our docker
healtcheck, which is modified in the depends-on patch to a new URI.
Signed-off-by: Tim Rozet <firstname.lastname@example.org>
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
This init container runs docker-puppet manually and is responsible of
provisioning the mysql users and passwords. This currently doesn't get
ran every time since the configuration stays the same, even if the users
or passwords change (which are gotten from hieradata). Allowing this to
run every time will allow us to change database passwords
As part of the minor update workflow and the update workflow, this changes
the pacemaker haproxy bundle resource to add the needed mount for public
TLS to work.
This also handles the reloading of the container to fetch any new certificates
and if needed, it will restart the pacemaker resource (for upgrades), since
we would need pacemaker to re-create the resource.