So far we haven't been disabling workflows for update/upgrade. We
should disable them by default as they could have the potential to
disrupt the update/upgrade/ffwd procedure.
The main example of a thing we deploy via the workflow resources is
Ceph. We decided no-opping ceph-ansible for the main
update/upgrade/ffwd upgrade steps is the safest path forward and we'll
update/upgrade Ceph it after the main procedure is finished.
Change-Id: I34c7213ab7b70963ad2e50f7633b665fad70bde5
This consolidates the upgrade and ffwd-upgrade related env files,
removing no longer relevant files (like converge vs converge-docker).
In line with recent/ongoing work in tripleoclient [1][2] we now have
cli: overcloud [upgrade|update|ffwd-upgrade] [prepare|run|converge]
With this patch we can also change the set/unset of resource 'noop'
and move it from tripleo-common to python-tripleoclient, like I am
pointing at in related client review below. If others agree then I
will do the same with the upgrade-prepare and also the ffwd cli
in [3], i.e. add explicit inclusion of the upgrade-prepare.yaml
and then similarly include the upgrade-converge.yaml for the
upgrade/ffwd-upgrade converge cli.
Related:
I1288fe68ae8af02a5d77390d237ec467d88e43d2 python-tripleoclient
[1] 96ffa3a325
[2] https://review.openstack.org/#/c/558536/5/tripleoclient/v1/overcloud_update.py
[3] https://review.openstack.org/#/c/557937/4/tripleoclient/v1/overcloud_ffwd_upgrade.py@72
Change-Id: Icfe494e3219d6d6cd3251f75bb4329fc4d793c3c
After [1] iptables rules are not set for memcached service
thus services relying on memcached were not functioning well.
With [2] it's requrired to use hiera interpolation for service
configs, this patch fixes it for memcached_network.
[1] https://review.openstack.org/#/c/551292
[2] https://review.openstack.org/#/c/526692
Related-Bug: #1757556
Closes-Bug: #1763009
Change-Id: If9b274192ea4738f455a6106ff1a62eb4e7a5c91
no-tls-endpoints-public-ip.yaml is a new file that needs to be validated
among other TLS environments, so we can make sure that EndpointMap will
be constructed correctly with all needed endpoints.
Change-Id: I5e83b37d8fa757065a6dab87d6eeac1c345efd32
Ansible yum module installs all packages available in the repo
if you use asterix. We instead will use yum -y update name*.
Change-Id: I8e71367ae91faa06313711c6a954c61af705fd8f
Resolves: rhbz#1549845
Some container yaml file does not get the
service_config_settings from the base file.
This patch makes for the following docker yaml files get
the service_config_settings:
docker/services/neutron-l3.yaml
docker/services/neutron-metadata.yaml
docker/services/neutron-ovs-agent.yaml
Related-Bug: #1757066
Change-Id: Ifc8def10da0b10decd12efaab4452ff46f3c685b
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
Containerized undercloud without SSL is now failing because of this
missing. The file was added here:
Ia4fb60e2e88cd0f28dd254bb18b3959a9732a7ce
But in the meantime, Designate was implemented.
Change-Id: Ib0ccbe722c61074fb140df6a879e0558be710438
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.
[1] https://review.rdoproject.org/r/#/c/1360/.
Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
The GUI feature is no longer supported with ODL and needs to be removed.
We relied on the URL provided by this feature in order to run our docker
healtcheck, which is modified in the depends-on patch to a new URI.
Depends-On: I2f33d2cf6a96005ef1d18468a8d2fcc71b17b6f8
Related-Bug: 1751857
Change-Id: I762789e65913b4f653bbf9019b5d3d05903912f1
Signed-off-by: Tim Rozet <trozet@redhat.com>
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
This init container runs docker-puppet manually and is responsible of
provisioning the mysql users and passwords. This currently doesn't get
ran every time since the configuration stays the same, even if the users
or passwords change (which are gotten from hieradata). Allowing this to
run every time will allow us to change database passwords
Closes-Bug: #1762991
Change-Id: I1f07272499b419079466cf9f395fb04a082099bd
As part of the minor update workflow and the update workflow, this changes
the pacemaker haproxy bundle resource to add the needed mount for public
TLS to work.
This also handles the reloading of the container to fetch any new certificates
and if needed, it will restart the pacemaker resource (for upgrades), since
we would need pacemaker to re-create the resource.
Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
Closes-Bug: #1759797
OVNcontroller service, along with openvswitch runs in
Liquidio Smart NIC
Added Missing paramters in environment file
Change-Id: Id4f357917cf68dd9b79f2db2d4326fcf9a6a29ef
Closes-Bug: 1761452
Jiri Stransky
yatin