To port what has been done in instack-undercloud, we need a new service
to manage IPtables rules when we need to redirect network through the
undercloud via masquerading.
It was done in instack-undercloud via bash, it'll now be done in THT via
a service, disabled by default and that will be activated in CI when
deploying with a containerized undercloud.
Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: Ic9a2626e73d132c3be7ff14a1f4cdba0c16c5b53
Change-Id: I93ff9a3bebcec1bc7ee188f9ec00feafca2c5117
This updates the relevant environment/services templates so that
they also default to docker. Without this change users of these
services could end up with mismatched (unsupported) deployments.
Additionally, this picks environment/services-docker as the
source of truth when resolving collisions for moving those over
environment/services. So environment/services now contain all of
the containerized services' env files used to be located in
environment/services-docker. The latter will be deleted later to
prevent future desync of contents.
Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I923731f46ea26582160a11d2dfe85792ab74110b
During major upgrade, ensure that the haproxy bundle exposes
the HAProxy stats socket by ensuring there is a bind mount of
/var/lib/haproxy from the host.
Also create /var/lib/haproxy on the host with host_prep_tasks,
and make sure that permissions will be set by Kolla init
at next container restarts.
Depends-On: Ib833ebe16fcc1356c9e0fc23a7eebe9c4b970c55
Change-Id: I0923375fef9f392d3692afb50b21fee7b57c3ca0
This patch adds possibility to pass non-standard ports of monitoring
RabbitMQ instance to sensu-client container health check
Change-Id: Icc01ce23b3fc538811b4dfc4fbaba18dc7165f89
This removes the config.json used by os-apply-config for old style nic
config files in the script invoked for new style nic config files.
This will avoid the case when the network files are set up by
run-os-net-config.sh and then later overwritten by os-apply-config.
Change-Id: I8f17a53c392aac657b00afdecbb5e58a2e192787
Closes-Bug: 1758161
On upgrade from environments earlier than Pike we should remove
this file as it can cause problems with post-upgrade reboots
see bug for more info.
Change-Id: If7f4bef3a79a881f003ee42f62fe51c537004e2a
Related-Bug: 1758161
OVN configuration was not done when deployed with
scenario007 as default for NeutronMl2PluginBase was
used which is neutron-plugin-ml2.yaml. This patch
fixes this to use neutron-plugin-ml2-ovn.yaml which
correctly configures neutron for ovn metadata.
Change-Id: I7cadd0567951b85c1ba69d4b4843ee29b67e7a11
Closes-Bug: #1757134
CephClient should be removed from the CephAll role.
The only thing it does is the key set which is already
handled by the ceph mon profile.
if not will cause Duplicate declaration: Class[Ceph::Keys]
Change-Id: I77bbec1edd21cd6a4212a381a1a7712adc4b604f
Related-Bug: 1722633
Add an ansible task to run mysql_upgrade whenever a container
image upgrade causes a major upgrade of mariadb (e.g. 5.5 -> 10.1)
. If the overcloud was containerized prior to the major upgrade, the
mysql upgrade job is ran in an ephemeral container (where the latest
version of mysql comes from) and uses credentials from the Kolla
configuration.
. Otherwise the upgrade job is run from the host (once the mysql
rpm has been updated) and uses credentials from the host.
We log the output of the script in the journal. Also, the mysql server
needs to be started temporarily, so use a temporary log file for it
when run from the ephemeral container.
Change-Id: Id330d634ee214923407ea893fdf7a189dc477e5c
{{role.name}}ExtraConfig was previously ignored if the role used
deprecated params in roles_data.yaml. This was due to the usage of
server_resource_name in the ExtraConfig resource, where
service_resource_name also defaulted to
deprecated_service_resource_name. So, the new {{role.name}}ExtraConfig
was never actually used.
Change-Id: I83e57317e2c56260957be90c66290a41a926835a
Closes-Bug: #1758343
Directory /var/lib/vhost_sockets will be used to create vhost sockets
which should have the the group name as hugetlbfs, which is common
between qemu and openvswitch to share the vhost_sockets. And the
correct selinux context to be applied on the vhost_sockets directory.
Closes-Bug: #1751711
Change-Id: Ib917cf86bd9a4ce57af243ab43337ea6c88bf76c
- Move out cors config from tripleo-ui to be in services.
- Configure allowed_origin to '*' for the containerized
undercloud (when TripleO UI is containerized)
- Default param for allowed_origin is unset for security reasons.
Change-Id: Iee983d84c78fe055f295eedfadde336b25a5d6a1
I54b5b59ef49de8d66232312bc449559a7f16eaad configures the HAProxy
service to expose the stats socket with a bind mount, however the
main service container doesn't use that bind mount. Fix that.
Change-Id: I316ab408e82cda70bed8b203b3755936392201da
HA containerized services currently log under
/var/log/pacemaker/bundles/{service-replica}.
Move the logging of those HA services into /var/log/containers,
like all the paunch-managed containers. Also leave a readme.txt
in the previous location to notify the change (taken from
Ic8048b25a33006a3fb5ba9bf8f20afd2de2501ee)
Only the main service log is being moved, e.g. for mysql:
. mysqld.log now ends up in /var/log/containers/mysqld.log
. pacemaker logs stay under /var/log/pacemaker/bundles/{service-replica}
Note: some HA services don't need to be changed during upgrade:
. cinder-{backup|volume} log under /var/log/containers/cinder
. manila-share log under /var/log/containers/manila
. haproxy only logs to the journal
Change-Id: Icb311984104eac16cd391d75613517f62ccf6696
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Partial-Bug: #1731969
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/undercloud_post.sh, when installed
via Heat templates.
This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.
The deployed-server/scripts/enable-ssh-admin.sh fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.
Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This works alongside of the new environments/baremetal-services.yaml
file in I373fef6581dfbfa365479f88d7b967cfbed446e4 to
enable baremetal services.
Change-Id: Ia61631e11dbbdbe39199db0afee2006b7e58cda2
During major upgrade of non-HA overcloud, paunch stops the
containerized mysql service, update container image and restart
the containerized mysql.
After a major update of mysql (e.g. 5.5 to 10.0), run mysql_upgrade
to ensure that database on-disk is upgraded to match the mysql
server version (e.g. update all MyISAM tables)
The mysql_upgrade cannot be performed during upgrade_steps because
paunch only runs during the deploy_steps. So run it in the
post_upgrade_steps, once we know paunch has updated mysql.
Change-Id: I6b6a531fd716ad9abcbf29886c0b1f2c64f04c9d
Since we include redis in telemetry role, we also need
pacemaker for redis containers to start
correctly.
Closes-bug: #1756959
Change-Id: I6b5a07f33b50f443c63b04b1ef1d2c81a2c24963
Change I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f removed old
update-related resources, but it seems that we need to do such removal
in two steps to allow smooth transition for existing stacks: first
remove them from the stack, and only then completely remove the
mapping from resource registry. If we try to do both at the same time,
we get:
ERROR: The Resource Type (OS::TripleO::Tasks::UpdateWorkflow) could
not be found.
So we'll need to keep these resource registry entries around (even
though mapped to OS::Heat::None) for the Rocky cycle still. They can
be removed in S.
Change-Id: I866e659bd373dfb2816508165b7f3abb9580e2d0
Closes-Bug: #1758014
The upgrade task doesn't check for the service existence which make
the upgrade fails during ffu.
We're using the set_facts idiom as it persist between steps.
Closes-Bug: #1757985
Change-Id: I1d3ccd7d3fb641d187f214c20f1d6a4d6113304a
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
Missing attributes docker_config_scripts and update_tasks are added in the
neutron-ovs-dpdk-agent docker service.
Closes-Bug: #1757947
Change-Id: I7301eb7a2b094236c7caad38996a4c3983f22603
Ben Nemec
Emilien Macchi
Zuul
Dan Prince
Damien Ciabrini
Martin Mágr
Bob Fournier
mandreou
yatin
binhong.hua
James Slagle
Harald Jensås
Saravanan KR
Bogdan Dobrelya
Pradeep Kilambi
Jiri Stransky
Sofer Athlan-Guyot
Flavio Percoco