Commit Graph

436 Commits (19be98ba07d9c8881d67a359b9c1a424f824e2ac)

Author SHA1 Message Date
Zuul 8fd00675e8 Merge "Remove no longer used disable_upgrade_deployment flag" 2018-04-03 05:30:26 +00:00
Harald Jensas e947c7e610 Add ctlplane networking for routed networks
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.

Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
2018-03-29 23:32:45 +00:00
mandreou 66df6bdb46 Remove no longer used disable_upgrade_deployment flag
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the
script, both of which are no longer used and have no effect on
the upgrade.

Related reviews
    I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
    I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient

Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
2018-03-29 15:27:30 +03:00
Zuul 14af18e393 Merge "Allow for passing boot-time vars/args to OC nodes" 2018-03-29 07:02:09 +00:00
Bogdan Dobrelya e14ecb1114 Fix undercloud key upload to nova keypairs UC post
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/, when installed
via Heat templates.

This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.

The deployed-server/scripts/ fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.

Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <>
Signed-off-by: Bogdan Dobrelya <>
2018-03-23 16:46:44 +01:00
Bogdan Dobrelya 70b3d1d844 Fix ssh keys validation workflow trigger UC post
Additional: fix bashisms to make checkbashisms happy.

Change-Id: I8943f0dcd21acf77a91fa4bcb82facb2d51eaffb
Signed-off-by: Bogdan Dobrelya <>
2018-03-23 16:30:24 +01:00
Flavio Percoco de39f8a3eb Allow for passing boot-time vars/args to OC nodes
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.

Co-Authored-By: Martin André <>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
2018-03-22 09:12:59 +01:00
Zuul 3eb0c62e47 Merge "Remove unused minor update code" 2018-03-19 12:34:21 +00:00
Zuul 2f2f22e76c Merge "Don't stop openvswitch when deploying OpenShift" 2018-03-19 07:48:54 +00:00
Jiri Stransky a782462a1a Remove unused minor update code
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.

Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.

Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
2018-03-15 18:27:14 +01:00
Flavio Percoco fd740a409e Don't stop openvswitch when deploying OpenShift
Instead of disabling openvswitch managed by TripleO when deploying
OpenShift, we should tell OpenShift to let TripleO manage it. We're
going down this path on the openshift-ansible path so we'll stop
disabling openvswitch in t-h-t.

Change-Id: I51226fc363f1c15deb6e33cc7ce15ffe3ac7e9c7
2018-03-14 14:06:30 +00:00
Emilien Macchi 33abdba533 undercloud_post: manage post mistral config
- Replicate what has been done in _post_config_mistral
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.

Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
2018-03-13 14:35:23 +01:00
Emilien Macchi 0acc40d36b undercloud_post: override stackrc
When upgrading to a containerized undercloud, the stackrc needs to be
overriden so we don't rely on hiera CLI anymore to get the admin

Change-Id: Ie2579bf83d709838557c56d952e61656b84acf31
2018-03-09 09:31:22 +00:00
Alex Schultz 75ee85b1e4 Add KernelIpForward configuration
Expose the configuration of net.ipv4.ip_forward via the kernel service.

Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255
Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1
Related-Bug: #1750194
2018-03-07 08:28:13 +00:00
Zuul e0f59eefd2 Merge "Removed ovs-dpdk workaround to fix the vhost socket permission" 2018-02-27 12:12:55 +00:00
Flavio Percoco ec8d2bad4c Set openshift_(ip|hostname) to ctrlplane ip
When enabling network isolation, openshift-ansible picks the wrong ip
address as the default IP for the services. Set the IP to the ctrlplane
network by default, which works with and without network isolation.

Change-Id: I0deef6c2a71c1f2a34e6efed9586bbaa052b49c9
2018-02-26 12:16:12 +01:00
Zuul 24dd89b305 Merge "Remove unused DeploymentActions resource" 2018-02-21 15:29:43 +00:00
Zuul 092bab01a6 Merge "Add RHELRegistrationActions to rhel-registration template" 2018-02-21 15:29:39 +00:00
Zuul f075e46076 Merge "Ensure node is rebooted before enabling DPDK" 2018-02-19 20:46:36 +00:00
Zuul d7ec3c48ac Merge "Allow passing custom openshift-ansible playbook" 2018-02-19 20:46:28 +00:00
Steven Hardy dcf126bc79 Remove unused DeploymentActions resource
This is potentially confusing now we added RHELRegistrationActions
since it's unused but mentions DeploymentActions.

Change-Id: Ifb335cb8055528fd9b64081b30e987524169dc95
2018-02-19 12:12:05 +00:00
Steven Hardy db61b37345 Add RHELRegistrationActions to rhel-registration template
This can be used in the case where e.g a satellite has been added
after the initial deployment to re-register the nodes with the
satellite, even those nodes that already exist.

Change-Id: I944bc4c65b08de1ca08dd91f55764ebfe141dd9c
2018-02-19 12:12:02 +00:00
Saravanan KR b7a70f5613 Removed ovs-dpdk workaround to fix the vhost socket permission
Change-Id: I5d8e31020700f13e21f4cfa2f1bfa14ff4c88e4a
2018-02-19 15:13:04 +05:30
Zuul 5a5d1a745c Merge "undercloud_post: fix subnet name" 2018-02-15 13:38:12 +00:00
Emilien Macchi 2468fe12e7 undercloud_post: fix subnet name
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.

Note: the subnet can't be overriden (yet) but for now we rely on the

Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
2018-02-15 05:30:27 +00:00
Dan Prince 32fe279eec Undercloud: fix stackrc TLS URL detection
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.

Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
2018-02-15 00:02:39 +00:00
Martin André cf1de90684 Allow passing custom openshift-ansible playbook
This allows deploying openshift from the packaged openshift-ansible or
from a git checkout more easily, by setting the
OpenShiftAnsiblePlaybook heat environment variable.

Change-Id: I60594faa10dfd817d94038b3938d7de269330e2e
2018-02-13 16:30:47 +01:00
Saravanan KR f9e099f218 Ensure node is rebooted before enabling DPDK
In the PreNetworkConfig, the order of resources sent to os-collect-config
changed after introducing vhost user resource. The current order is
1. HostParametersDeployment
2. DpdkVhostGroupDeployment
3. RebootDeployment and EnableDpdkDeployment
Here the expectation is that RebootDeployment should be completed
before enabling DPDK, but since both are provided at the same time to
os-collect-config, DPDK is enabled first. The reson is RebootDepolyment
is having signal transport as NONE and EnableDpdkDeployment is moved
after reboot because of ovs2.7 change of restart vswitchd, when DPDK is
enabled. This is causing the a failure.
This patch modifies the order as below:
1. HostParametersDeployment and DpdkVhostGroupDeployment
2. RebootDeployment and RebootEnsureDeployment
3. EnableDpdkDeployment

Change-Id: I5db52d5dd833833c989532931baea8fac03f9cb7
2018-02-13 11:26:39 +05:30
Zuul 5e72697d48 Merge "OpenShift: Properly disable bare metal OVS" 2018-02-08 15:49:50 +00:00
Jiri Stransky 5ebcd23f0d OpenShift: Properly disable bare metal OVS
We're deploying containerized OpenShift, which means openshift-ansible
deploys also containerized OVS. When not disabled explicitly, the bare
metal OVS service seemed to persist at least partially, and it likely
caused issues with the containerized OVS, where nodes in `kubectl get
nodes` would go from Ready status to NotReady shortly after the
deployment finished.

Change-Id: I8952198be7f78a699cf363af2e10f26714e94850
Closes-Bug: #1741224
2018-02-08 11:06:46 +01:00
Flavio Percoco 5e0e06bd1b Move options out of the OpenShiftMaster template
Some of the options that had been hard-coded in the openshift-master
template should be configuratble in a per-deployment bases. This patch
moves them out into an environment file instead.

Change-Id: I4b6f6180b11f36b1212b9e887365a99b6ae12017
2018-02-07 17:18:01 +01:00
Jiri Stransky 254d1dee4b OpenShift: Accept generic global parameters
This will allow arbitrary config of global variables for
openshift-ansible, e.g. customizing SDN params according to:

Also remove the setting which was meant to disable OVS service
handlers in openshift-ansible -- that wouldn't solve the problem

Change-Id: Ib87e5d38797da166826af90659e3d05da3352dcf
Related-Bug: #1741224
2018-02-07 17:17:29 +01:00
Zuul 91de1c223d Merge "Configure qemu group setting as hugetlbfs for ovs-dpdk" 2018-02-05 13:05:25 +00:00
Zuul fc21b64061 Merge "Enable configuring tripleo-ipsec variables through IpsecVars" 2018-01-31 14:19:56 +00:00
Zuul 7a120b64e8 Merge "Do not format output for kubespray or openshift deployments" 2018-01-31 14:16:11 +00:00
Zuul 7a1ad4068e Merge "Remove unused pre_network configuration" 2018-01-31 09:44:01 +00:00
Juan Antonio Osorio Robles 0dcb51e101 Enable configuring tripleo-ipsec variables through IpsecVars
This exposes the IpsecVars heat parameter which in turn can set any
variable from the tripleo-ipsec ansible role.

Change-Id: Ie6ef4aa05567c739884c1d402fc59eea80b31506
2018-01-30 12:07:42 +00:00
Saravanan KR 785d1b2b38 Configure qemu group setting as hugetlbfs for ovs-dpdk
Till now, the ovs service file and ovs-ctl command files
are patched to allow ovs to run with qemu group. In order
to remove this workarounds, a new group hugetlbfs is created
which will be shared between ovs and qemu. This patch contains
the changes required for applying these changes.

Depends-On: I674cbd45e17906448dd54acfdf7a7059880b7278
Change-Id: Iec6be0b99e84b0c89f791c3c9694fe10f3a1e7db
2018-01-29 14:26:25 +05:30
Flavio Percoco 238675b25e Update to openshift 3.7
Packages and repositories for openshift 3.7 have been created already.
I've updated the version we are installing and tested this manually.

Change-Id: Id09242b637ca2a060f068887e10981eecaa59e4a
2018-01-25 14:02:05 +01:00
Flavio Percoco a592631239 Assign labels to nodes
Make sure nodes have, at least, the region and zone labels to allow for
deployments to schedule infra PODs on them.

Change-Id: If3849a46391cfac7eb5dd556d5b65c831026a95c
2018-01-25 14:02:05 +01:00
Martin André 4254e58174 Do not format output for kubespray or openshift deployments
The output comes from ansible and is already fully readable as it is.
Also, because the previous task didn't have the 'failed_when: false'
directive, it would never reach the 'print xxx outputs' task in case of
failure, while showing the output twice on success.

It is safe to just delete the task.

Change-Id: I56b44aec0a549e184f46344ea362f655ab80b3b0
2018-01-19 17:55:13 +01:00
Zuul 313d42c4c7 Merge "Split IPSEC deployment in two" 2018-01-18 19:11:46 +00:00
Juan Antonio Osorio Robles 1363eda063 Split IPSEC deployment in two
The first phase sets up the node-to-node tunnels at step 1; this
ensures that the corosync cluster setup is done over the tunnels
and prevents any timeouts that were happening when the setup was
done after the cluster was up. This has the added value that all
the pacemaker communication is encrypted from the beginning.

The second phase is the VIP tunnel setup, which is in step 3. This
is because we need the VIPs to be setup by pacemaker, and we also
need pacemaker to be up.

Depends-On: Ib9a134648c74e5dfcbd7a8ebd2d67bda87992497
Change-Id: Ic402dc73044e2426b097ed0eaf57a77c5e6eef24
2018-01-18 08:31:29 +02:00
Sven Anderson dc8a61b7b4 Replace hardcoded profile name with _TUNED_PROFILE_NAME_
The *-variables.conf file for tuned is hardcoded for the profile
"cpu-partitioning", which makes other profiles fail, that also need
the isolated_cores variable.

Change-Id: Iaeedfe5d7c501453fd2039b81c1603eff6125ebf
2018-01-16 16:20:18 +01:00
Zuul 0d24fdbd2e Merge "OvsDpdkMemoryChannels parameter default value" 2018-01-16 00:29:36 +00:00
Zuul 1af7729939 Merge "Convert tags to when statements for Q major upgrade workflow" 2018-01-13 09:39:38 +00:00
Carlos Camacho 7bf4edde5d Enhance completion message when upgrading non controller nodes
This adds a better completion message when upgrading a non
controller node.

Change-Id: I1cd765b1998f059702f0c17ccb67d54f6d5db362
Closes-Bug: 1703792
2018-01-11 10:08:30 +01:00
Jaganathan Palanisamy 2194cce7b8 OvsDpdkMemoryChannels parameter default value
This change is to update the memory channels parameter default
value in service yaml instead of environment yaml file.

Change-Id: Ia0a79b5dc3aa060b91d68e0d23cb1fb5b33eb020
Closes-Bug: #1741234
2018-01-11 00:42:59 -05:00
Zuul 7e148af75f Merge "OpenShift: allow scheduling on all nodes" 2018-01-08 13:48:35 +00:00
marios dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/ (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00