With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
Since tempest container is no longer tested in CI and is
replaced with os_tempest ansible-role.
An user can use and install tempest from rpm which is
supported as earlier.
Depends-On: https://review.opendev.org/c/openstack/python-tripleoclient/+/776654
Related-Bug: #1916875
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: Ifefebdffe0c27b8e1e88a41a6deeb3792c3194f0
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
To ensure we get the right package versions we need to
make sure the right stream is configured for the
container-tools module.
This patch leverages the dnf module, which when passing as name
the @ identifier allows us to enable a stream for some specific
module [0], configuring the stream passed in DnfStreams heat parameter
in updates/upgrades task for step0.
If the stream passed in such parameter is alredy set, then the
module won't do anything else. On the contrary, it will disable
the current stream, enable the ones from DnfStreams and synchronize
the content.
By default the new Heat parameter defaults to empty list and it is
in the environment files where we set the right values depending
on the operation to perform (undercloud upgrade, overcloud update
or overcloud upgrade).
*****************************************************************
*BACKPORT NOTE: Add DNF module stream virt:8.2 in the overcloud *
*upgrade/update environment files. *
*****************************************************************
[0] - https://docs.ansible.com/ansible/latest/modules/dnf_module.html#examples
Closes-Bug: #1890631
Resolves: rhbz#1866479
Change-Id: Ib388af0a06bbb6172593dc2fd19748b770b2e335
In some cases such as RHEL7>RHEL8 upgrade leapp or NetworkManager may
change resolv.conf. This patch invokes os-net-config on step3 to ensure
that network parts are configured properly (interfaces, resolv.conf).
Since os-net-config is idempotant it causes no harm or packet loss to
undercloud.
Change-Id: I0b2f28cd3d92795802e51c69d975826af0ee86ee
Resolves: rhbz#1870617
Keepalived was deprecated and the VIPs are now deployed by
os-net-config.
When Keepalived is stopped, it brings down the VIPs which is
problematic since it'll remove the resources created by os-net-config
so let's teardown keepalived in the upgrade tasks here and later
during the deploy the os-net-config tool will re-create the VIPs.
Doing it at step 5 so upgrade steps which need API access still work.
Change-Id: Iee46d0394ad0b2b31da93d0a93dcfa53766fa246
Related-Bug: #1888411
Openvswitch package update can be disruptive during update too. So we
factor out the code used for upgrade to re-use for update and
undercloud update.
We also fix a issue where yum/yumdownloader is not available anymore.
This cause the special treatment to not happen anymore what not matter
what.
Instead of duplicating the ansible sequence, this has been ported to a
ansible module that replicate the action defined in the templates.
We also make sure to not try to restart the openvswitch service if
nothing has been changed during the ovs upgrade task. This cover two
cases. First, it's an optimization, if nothing has been done, we
don't need to check the service. Second, and most importantly, if ovs
isn't installed (this can happen on some minimal installation) then we
don't try to restart the non-existent service.
We keep the tasks at step 3 that make sure again that the openvswitch
service is started. This is a failsafe and as such we ignore any
error there. This also support the overcloud-minimal type of
installation.
Depends-On: https://review.opendev.org/742968
Change-Id: I4fde50e353ab7b2e6b03d963f585f6abe35ca32d
Closes-Bug: #1888651
Related-Bug: #1888821
By default the undercloud uses
deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml for the
notification messaging credentials. This services reuses the Rpc*
settings for the notify transport url. Previously the minion would split
out the notify and rpc transport urls. This doesn't work if the notify
credentials are never setup.
Closes-Bug: #1880956
Change-Id: I2b38cb1a2c4340ff173d349d0f3b49f6f4997262
The current regex will match more than one package if the
openvswitchX.YZ-test package is installed.
eg:
rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-|openvswitch-2)/'
openvswitch2.11-test-2.11.0-35.el7fdp.noarch
openvswitch2.11-2.11.0-35.el7fdp.x86_64
The right package to find has the form: openvswitchA.BC-A.BC.D-
So we change the regex to only match if it has that form.
rhbz#1826367
Change-Id: I2f9456395b19c26d20917f8ca9183741566635c3
This add an import of the tripleo_redhat_enforce role[1] at the
beginning of undercloud upgrade tasks (which are used for update and
upgrade) and overcloud update.
The code upstream won't do anything even with SkipRhelEnforcement set
to 'false' as the role itself only activate the checks for RedHat
distribution. This variable is only there to support use case where we
deploy on Red Hat and for /some/ reason, the checks shouldn't
enabled (mainly CI).
[1] in tripleo-ansible
Depends-On: https://review.opendev.org/721292
Change-Id: I076bebf6bbd5f45d5ecb372a3b83e8cc279946b8
Almost every single tripleo service creates a persistent directory. To
simplify the creation, a with_items structure was being used. In which
many times, the mode option was being set. However, that mode option
was not taken into account at the time of creating the file. As a
consequence, the directory was being created with its father directory
rights, instead of the ones being passed in the template.
Change-Id: I215db2bb79029c19ab8c62a7ae8d93cec50fb8dc
Closes-Bug: #1871231
- deploy-steps-tasks-step-1.yaml: Do not ignore errors when dealing
with check-mode directories. The file module is resilient enough to
not fail if the path is already absent.
- deploy-steps-tasks.yaml: Replace ignore_errors by another condition,
"not ansible_check_mode"; this task is not needed in check mode.
- generate-config-tasks.yaml: Replace ignore_errors by another
condition, "not ansible_check_mode"; this task is not needed in check mode.
- Neutron wrappers: use fail_key: False instead of ignore_errors: True
if a key can't be found in /etc/passwd.
- All services with service checks: Replace "ignore_errors: true" by
"failed_when: false". Since we don't care about whether or not the
task returns 0, let's just make the task never fail. It will only
improve UX when scrawling logs; no more failure will be shown for
these tasks.
- Same as above for cibadmin commands, cluster resources show
commands and keepalived container restart command; and all other shell
or command or yum modules uses where we just don't care about their potential
failures.
- Aodh/Gnocchi: Add pipefail so the task isn't support to fail
- tripleo-packages-baremetal-puppet and undercloud-upgrade: check shell
rc instead of "succeeded", since the task will always succeed.
Change-Id: I0c44db40e1b9a935e7dde115bb0c9affa15c42bf
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).
A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.
Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
The nuage integration uses a different package name for openvswitch,
breaking the update steps. This patch bypasses the update logic if the
expected packages are not present allowing nuage deployments to manage
the openvswitch package some other other way.
Closes-Bug: #1858640
Change-Id: I8c116aba50cc7f1cb7cd3fd32cf8aec868e074ec
We switched to containers a long time ago. This patch drops the
management of a /var/log/<service> directory and the creation of a
readme indicating that we've moved to containers which makes the logging
available under /var/log/containers/<service>
Change-Id: Ia4e991d5d937031ac3312f639b726a944743dd1e
We should ensure that the service folders are 0750. We're setting
/var/log/containers but we should also ensure the service folders also
have the correct permissions.
Change-Id: I28e8017edc7e30a60288adf846da722fd6ab310e
This adds a role and service files to support an undercloud minion that
runs additional services that connects to an undercloud.
Change-Id: Ib6fb39f7baa6972ea9879f4f29d7dd46487e2b8f
Related-Blueprint: undercloud-minion
Package update for Ansible breaks[1] with:
Ansible 2.7 crashes on apt upgrade
because it upgrades itself to 2.8:
"fragment_class is None"
[1]: https://github.com/ansible/ansible/issues/56636
Change-Id: I1dabe448edfb118440b9ef1ee59c2e080d16ccf8
Closes-Bug: 1831589
This converts all Docker*Image parameter varients into
Container*Image varients.
The commit was autogenerated with the following shell commands:
for file in $(grep -lr Docker.*Image --include \*.yaml --exclude-dir releasenotes); do
sed -e "s|Docker\([^ ]*Image\)|Container\1|g" -i $file
done
Change-Id: Iab06efa5616975b99aa5772a65b415629f8d7882
Depends-On: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
Depends-On: Ib1dc0c08ce7971a03639acc42b1e738d93a52f98
As done for the overcloud in [0], we need to include the
same special package handling in the tasks in charge of
upgrading the undercloud.
This patch adds special handling for the rhosp-openvswitch
layered product package to ensure that openvswitch networking
remains available during the upgrade.
[0] - 1773afb068
Change-Id: Ib115e70ce0ce53a8638ccbe6c9fe6ed6a421e09b
Closes-Bug: #1830627