Commit Graph

7189 Commits (19be98ba07d9c8881d67a359b9c1a424f824e2ac)

Author SHA1 Message Date
Jiri Stransky 19be98ba07 No-op Mistral workflow resources for update/upgrade/ffwd
So far we haven't been disabling workflows for update/upgrade. We
should disable them by default as they could have the potential to
disrupt the update/upgrade/ffwd procedure.

The main example of a thing we deploy via the workflow resources is
Ceph. We decided no-opping ceph-ansible for the main
update/upgrade/ffwd upgrade steps is the safest path forward and we'll
update/upgrade Ceph it after the main procedure is finished.

Change-Id: I34c7213ab7b70963ad2e50f7633b665fad70bde5
5 years ago
Zuul c235aa43d3 Merge "Update environment files for Q upgrade and ffwd upgrade" 5 years ago
Zuul dd558e656d Merge "FFU: Use yum shell instead of ansible yum module" 5 years ago
mandreou 19ed1afb2a Update environment files for Q upgrade and ffwd upgrade
This consolidates the upgrade and ffwd-upgrade related env files,
removing no longer relevant files (like converge vs converge-docker).

In line with recent/ongoing work in tripleoclient [1][2] we now have
cli: overcloud [upgrade|update|ffwd-upgrade] [prepare|run|converge]

With this patch we can also change the set/unset of resource 'noop'
and move it from tripleo-common to python-tripleoclient, like I am
pointing at in related client review below. If others agree then I
will do the same with the upgrade-prepare and also the ffwd cli
in [3], i.e. add explicit inclusion of the upgrade-prepare.yaml
and then similarly include the upgrade-converge.yaml for the
upgrade/ffwd-upgrade converge cli.

  I1288fe68ae8af02a5d77390d237ec467d88e43d2 python-tripleoclient

[1] 96ffa3a325

Change-Id: Icfe494e3219d6d6cd3251f75bb4329fc4d793c3c
5 years ago
yatin d3d27d7ea8 Use hiera interpolation for memcached_network
After [1] iptables rules are not set for memcached service
thus services relying on memcached were not functioning well.
With [2] it's requrired to use hiera interpolation for service
configs, this patch fixes it for memcached_network.


Related-Bug: #1757556
Closes-Bug: #1763009
Change-Id: If9b274192ea4738f455a6106ff1a62eb4e7a5c91
5 years ago
Zuul 4fa675c292 Merge "Add the service_config_settings from {{service-name}} base" 5 years ago
Zuul a86208bcf9 Merge "pep8: include no-tls-endpoints-public-ip.yaml in validation" 5 years ago
Zuul 6d0f2f56af Merge "Handle undercloud upgrades via host_prep_tasks" 5 years ago
Emilien Macchi a5e5041762 pep8: include no-tls-endpoints-public-ip.yaml in validation
no-tls-endpoints-public-ip.yaml is a new file that needs to be validated
among other TLS environments, so we can make sure that EndpointMap will
be constructed correctly with all needed endpoints.

Change-Id: I5e83b37d8fa757065a6dab87d6eeac1c345efd32
5 years ago
Lukas Bezdicka c2536e22f1 FFU: Use yum shell instead of ansible yum module
Ansible yum module installs all packages available in the repo
 if you use asterix. We instead will use yum -y update name*.

Change-Id: I8e71367ae91faa06313711c6a954c61af705fd8f
Resolves: rhbz#1549845
5 years ago
Juan Badia Payno 51269a1e22 Add the service_config_settings from {{service-name}} base
Some container yaml file does not get the
service_config_settings from the base file.

This patch makes for the following docker yaml files get
the service_config_settings:

Related-Bug: #1757066

Change-Id: Ifc8def10da0b10decd12efaab4452ff46f3c685b
5 years ago
Zuul 83fdc0b30b Merge "Set ulimit for nova-compute and cinder-volume" 5 years ago
Zuul 1ed7b14f4a Merge "Always run mysql init bundle" 5 years ago
Zuul 3a6f3c831c Merge "no-tls: add missing endpoint for Designate" 5 years ago
Emilien Macchi d86025593b Handle undercloud upgrades via host_prep_tasks
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.

Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.

Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
5 years ago
Zuul f2b336520b Merge "Removes odl-dlux-gui feature for ODL" 5 years ago
Zuul a30f74a5e9 Merge "Sanitize the uuid string" 5 years ago
Emilien Macchi 9757572d74 no-tls: add missing endpoint for Designate
Containerized undercloud without SSL is now failing because of this
missing. The file was added here:

But in the meantime, Designate was implemented.

Change-Id: Ib0ccbe722c61074fb140df6a879e0558be710438
5 years ago
Zuul b10b9ac4cd Merge "Add CACerts service to all scenario environment files" 5 years ago
Zuul 6461bab97d Merge "Add prepare/converge env files for update" 5 years ago
Zuul 0b45e404cb Merge "Update OS::TripleO::Services::ComputeNeutronCorePlugin for containers" 5 years ago
Zuul 7a921f7404 Merge "Enable SSL when UI is containerized" 5 years ago
Zuul fc02bef9bc Merge "Replace LOG.warn with LOG.warning" 5 years ago
Zuul 7cdfd46dd5 Merge "Add validation task in docker services [Octavia]" 5 years ago
Zuul 8dfab08d67 Merge "Fix typo in ovn_cms_options config" 5 years ago
yatin 70276931a4 Set ulimit for nova-compute and cinder-volume
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.


Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
5 years ago
Emilien Macchi 87a48d730b Enable SSL when UI is containerized
The protocol and ports were wrong when UI is containerized and SSL

Change-Id: I06a6a2ea72bfcdad579b968c353e2139e8a15093
5 years ago
Tim Rozet f51f533679 Removes odl-dlux-gui feature for ODL
The GUI feature is no longer supported with ODL and needs to be removed.
We relied on the URL provided by this feature in order to run our docker
healtcheck, which is modified in the depends-on patch to a new URI.

Depends-On: I2f33d2cf6a96005ef1d18468a8d2fcc71b17b6f8

Related-Bug: 1751857

Change-Id: I762789e65913b4f653bbf9019b5d3d05903912f1
Signed-off-by: Tim Rozet <>
5 years ago
Zuul 0f34ca6574 Merge "Allowing Non-IP Traffic in L2 and L3 domains" 5 years ago
Sergii Golovatiuk bf99d30f56 Replace LOG.warn with LOG.warning
logging.warn is deprecated in Python 3 [1].


Change-Id: I61218125ebf85b7951163360279645d7ad4d176c
5 years ago
Juan Antonio Osorio Robles 00c9ec85c9 Add CACerts service to all scenario environment files
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.

Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
5 years ago
Zuul 16cea93444 Merge "Removed unnecessary services from the LiquidioCompute role." 5 years ago
Zuul c83b38edb5 Merge "Delete not-used services-docker files" 5 years ago
Juan Antonio Osorio Robles 6c40b1586a Always run mysql init bundle
This init container runs docker-puppet manually and is responsible of
provisioning the mysql users and passwords. This currently doesn't get
ran every time since the configuration stays the same, even if the users
or passwords change (which are gotten from hieradata). Allowing this to
run every time will allow us to change database passwords

Closes-Bug: #1762991
Change-Id: I1f07272499b419079466cf9f395fb04a082099bd
5 years ago
Zuul e9418e171c Merge "Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker" 5 years ago
Zuul f6fde74d20 Merge "Don't use keystone admin endpoint for nova placement" 5 years ago
Zuul 8998de68aa Merge "Add environment to enable Designate" 5 years ago
Zuul 879653c456 Merge "Stop configuring nova_catalog_admin_info for cinder" 5 years ago
Zuul b6ddcc7fa4 Merge "Use sensu-client healthcheck parameter" 5 years ago
Zuul 223e793e97 Merge "Add endpoint map environment without TLS" 5 years ago
Zuul 1595e2739f Merge "Containerized Designate" 5 years ago
Zuul 95761ae6f1 Merge "Designate Integration" 5 years ago
Zuul 850a28c439 Merge "Fix Cinder's default db purge cron settings" 5 years ago
Zuul 5e59b0252c Merge "Add nfs as a cinder backup driver option to CinderBackupBackend" 5 years ago
Zuul edf7fcf079 Merge "Fix missing allowed network type 'flat' for ODL OVS" 5 years ago
Zuul bb8de8ad69 Merge "masquerade-networks: update defaults" 5 years ago
Zuul 08053924d8 Merge "Added network enabled check in multiple nic role rendering file" 5 years ago
Zuul 7a829c128d Merge "Set ulimit for neutron agent containers" 5 years ago
Juan Antonio Osorio Robles 8b85faf7e6 Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker
As part of the minor update workflow and the update workflow, this changes
the pacemaker haproxy bundle resource to add the needed mount for public
TLS to work.

This also handles the reloading of the container to fetch any new certificates
and if needed, it will restart the pacemaker resource (for upgrades), since
we would need pacemaker to re-create the resource.

Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
Closes-Bug: #1759797
5 years ago
hanish gogada 1e2cfcd864 Removed unnecessary services from the LiquidioCompute role.
OVNcontroller service, along with openvswitch runs in
Liquidio Smart NIC

Added Missing paramters in environment file

Change-Id: Id4f357917cf68dd9b79f2db2d4326fcf9a6a29ef
Closes-Bug: 1761452
5 years ago