572 Commits

Author SHA1 Message Date
Zuul
2f1ec04ad4 Merge "Configure nova_compute for vendordata" 2019-05-18 00:42:41 +00:00
Zuul
54d48b591d Merge "Set configure_delegated_roles a parameter" 2019-05-16 18:53:08 +00:00
Zuul
d20f609334 Merge "Fix NovaNfs role parameter precedence in conditions" 2019-05-16 11:29:00 +00:00
Zuul
7a5103ef93 Merge "Ensure we aren't running some dry-run also for Pacemaker case" 2019-05-16 10:42:41 +00:00
Zuul
c609599fe5 Merge "placement: Add nova_api data extraction step during deployment" 2019-05-15 12:12:51 +00:00
Steve Baker
3778e6121b Configure nova_compute for vendordata
The next change in this series turns off the nova_metadata service,
which means nova_compute needs to have the same vendordata
configuration so that it can populate the config-drive data with the
same vendordata served by nova_metadata.

Change-Id: I2dc1d120d0bd7cc91bde767097945598148d3e9b
Blueprint: nova-less-deploy
2019-05-15 16:40:00 +12:00
Zuul
35ea92178d Merge "Default CephAnsibleDisksConfig to bluestore" 2019-05-14 20:43:57 +00:00
Zuul
80c3546402 Merge "Modified the way fluentd configures rsyslog" 2019-05-14 16:44:53 +00:00
Oliver Walsh
32bf12e20e Fix NovaNfs role parameter precedence in conditions
I2702a022565a130ab339d165cb2252ad67d1162e changed the Nova NFS params to be
role specific, however the global param still takes precedence in the
enable_live_migration_tunnelled condition.
With this change the the global param is only considered when the role
specific param is not set.

Change-Id: I3d1a0f632e8a7e4924ebabdc795c0ef5d53cdd6d
Related-Bug: 1823712
2019-05-14 17:10:29 +01:00
Juan Badia Payno
bbbca8d65d Modified the way fluentd configures rsyslog
Fluentd makes rsyslog to send the logs to fluentd locally.
This configuration was create within the puppet-tripleo,
mounting the /etc/rsyslog.d/ directory on the fluentd
container. This generates an issue when is deployed on
RHEL BZ #1701726.

This patch aim to fix it.
 - The /etc/rsyslog.d directory is no longer mounted
 on the fluentd container.
 - The rsyslog configuration was moved to the host_prep_tasks.

Depends-On: I388180dc991926ff30f8bbc556f61447152f8dc9
Change-Id: Iae610832c12d63bde1eb507ba4bb89f2e3cfa24b
2019-05-14 09:15:48 +02:00
Zuul
9f7fbe0678 Merge "Fix haproxy firewall rules" 2019-05-13 17:59:50 +00:00
Cédric Jeanneret
cc95b17edb Ensure we aren't running some dry-run also for Pacemaker case
I5851dc7820fdcc4f5790980d94b81622ce3b0c8d corrected the dry-run case
only for non-HA setup.

The HA case was overlooked since it doesn't inherits from the non-HA.

Change-Id: Id678bbc2127bc3742d3c254ff4f62fc1b0e27daa
Related-Bug: #1823841
2019-05-13 09:52:08 +02:00
Zuul
08ead26e66 Merge "Remove OVNTunnelEncapType" 2019-05-11 01:54:52 +00:00
Zuul
f5ba43ea21 Merge "Add DPDK support for OVN" 2019-05-10 21:03:53 +00:00
Michele Baldessari
ef6c23ef64 Fix haproxy firewall rules
The problem we want to selve is that the change
https://review.opendev.org/#/c/631486/ (moving iptables creation to the
host) never really worked.

The reason it never worked and we never noticed is two-fold:
A) It ran: -e include ::tripleo::profile::base::haproxy
the problem is that without quoting puppet basically does a noop

B) Once the quoting is fixed it breaks because 'export FACTER_step'
exports a custom fact but does not export a hiera key per-se (so calls
to hiera('step') would fail

So we add proper quoting only on the variables that are arguments to a
parameter so that there is no risk of ansible doing the wrong thing and
puppet gets the correct arguments.

We also explicitely set the step for hiera in the deploy_steps_tasks.
The reason we need it is because in non-HA the iptables rules would
be created at step 1. But since the deploy_steps_tasks run before the
actual tasks that set the step hieradata.we would get the following
error:
Error: Function lookup() did not find a value for the name 'step'

We can just write out the step hiera key during the deploy_steps_tasks,
it will be enforced again shortly afterwards once the
common/deploy-steps-tasks.yaml gets invoked.

We also switch back to puppet_execute: ::tripleo::profile::base::haproxy
even for the pacemaker profile. This was broken by the flattening of the
haproxy service (Id55ae44a7b1b5f08b40170f7406e14973fa93639)

Co-Authored-By: Luca Miccini <lmiccini@redhat.com>

Change-Id: Iab310207ca17a6c596470dda30a39e029c4fe09c
Closes-Bug: #1828250
2019-05-10 17:42:39 +02:00
Lee Yarwood
967d42b543 placement: Add nova_api data extraction step during deployment
This change adds an additional deployment step that will attempt to
extract all Placement data from the nova_api database ahead of db syncs
being preformed. For the time being this is a noop as there should be no
data to move across. Eventually this will be used during upgrades and
actually used to migrate data between the nova_api and placement
database.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: Ifaa1101d05b835529730002ef985990c6469a449
2019-05-10 17:15:23 +02:00
Zuul
546ca82416 Merge "Propagate AdditionalArchitectures to container image prepare" 2019-05-10 10:53:13 +00:00
Zuul
eeb609a89d Merge "Use RpcPort for container healthchecks" 2019-05-10 09:31:16 +00:00
Zuul
33c98887c0 Merge "Scale-down tasks for nova-compute" 2019-05-10 00:39:39 +00:00
Zuul
aaa72c461b Merge "Fix the step_config input in the OvS-DPDK template" 2019-05-10 00:39:37 +00:00
Zuul
1c36467055 Merge "Enable zaqar healthchecks" 2019-05-09 22:24:19 +00:00
Alan Bishop
c5fe51147b Use RpcPort for container healthchecks
Update healthcheck commands that probe oslo's messaging port to use the
RpcPort parameter. Previously, some templates referenced the service's
own 'rabbit_port' config setting, which led to malformed healthcheck
commands when the 'rabbit_port' settings were deprecated.

Update the templates that looked up the port in the RabbitMQService's
global_config_settings. Not only did this break the oslo abstraction
by referring to a specific messaging backend (rabbit), it broke
split-stack deployments in which the RabbitMQService is not actually
deployed on the secondary stack's nodes.

This patch creates a common healthcheck command using the RpcPort
parameter in containers-common.yaml. This allows other templates to
reference a common healthcheck command. Other templates that should
also use this can be cleaned up in a separate patch.

Closes-Bug: #1825342
Change-Id: I0d3974089ae6e6879adab4852715c7a1c1188f7c
2019-05-09 14:41:36 -04:00
Zuul
5834f17f4b Merge "Remove hardcoded RabbitMQService" 2019-05-09 18:29:22 +00:00
Zuul
88b59b649e Merge "Adapt check-docker-health for podman" 2019-05-09 16:02:49 +00:00
Zuul
c5c21e7418 Merge "Clean up leftover mount point after docker stop." 2019-05-09 15:15:59 +00:00
Saravanan KR
0c19fa2b90 Fix the step_config input in the OvS-DPDK template
Also add the /etc/modules.d mount point for container-puppet
scripts, so that vfio module load conf file is created.

Change-Id: If585d8d807c350273d152f1fb4ef2615ac1d1b81
Closes-Bug: #1828413
2019-05-09 18:47:44 +05:30
Cédric Jeanneret
c901a4137f Enable zaqar healthchecks
Depends-On: I0d5ea0ba630714f7ec3ca4f1361e3235320e52d7
Change-Id: I6f53fdaa56871298416ebbba31106d31058517e1
2019-05-09 13:30:14 +02:00
Kamil Sambor
b20ca116aa Remove OVNTunnelEncapType
The only OVN Tunnel Encap Type that we are supporting in OVN is Geneve
and this is set by default in ovn puppet. So there are no need to set
it in TripleO

Change-Id: Ide08d028d3311dfd08ee3872b32ebd1e1a36e17b
Closes-Bug: 1828186
2019-05-09 09:41:43 +02:00
Kamil Sambor
485b3c9644 Remove hardcoded RabbitMQService
Change-Id: I42f99eb17520b8e04fe85fa69df4cdee753bf6af
Depends-On: https://review.opendev.org/#/c/657831/
Partial-Bug: #1824326
2019-05-08 16:59:32 +02:00
John Fulton
940de74b82 Default CephAnsibleDisksConfig to bluestore
Change-Id: I81a334532b5d8fb970fbdca50b262c2074c6bb03
2019-05-07 17:16:05 -04:00
Nate Johnston
f3df90f2c0 Set arp_notify to match ndisc_notify
A previous change [1] enabled ndisc_notify, which is the IPv6 equivalent
for IPv4's arp_notify.  Enable the latter to keep them consistent with
each other.

Change-Id: I15e8348585a9c0ee824a4c123677992010980b9e
Related-Bug: #1827927
2019-05-07 16:51:04 -04:00
Jose Luis Franco Arza
a8ec699416 Clean up leftover mount point after docker stop.
Some mountpoints are left on the host after docker shut down.  This
seems to be an issue with docker, but couldn't trace it back to a
specific docker bug.

In the meantime to unblock the upgrade CI we make sure that every
mount point under /var/lib/docker are umounted before deleting that
directory.

Note that we need to keep the order right, so that we do a depth first
list so that umount can do leaves before root.

Closes-Bug: #1826375
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>

Change-Id: I03a065556caca4385bb8b28be0dfbe21addbf003
2019-05-07 10:15:52 +02:00
Kamil Sambor
d2fae913d9 Copy keys for tripleo-admin user
Change-Id: Iab64473d2b5ccc910d226fc6bec06c73f43515b8
Partial-Bug: #1824326
2019-05-07 10:01:18 +02:00
Zuul
a5d7d84a02 Merge "Enable ndisc_notify sysctl setting to notify of MAC changes" 2019-05-07 03:21:08 +00:00
Zuul
1c4d4e3862 Merge "Remove NTP" 2019-05-06 23:49:41 +00:00
Dan Sneddon
4b113a7a12 Enable ndisc_notify sysctl setting to notify of MAC changes
On RHEL/CentOS systems, ndisc_notify is disabled by default. When
OVS restarts or an internal port flaps, the MAC address may change.
Without ndisc_notify, neighbor hosts on the same network will not
know about the MAC change, and will lose connectivity until the MAC
timer expires.

This change sets net.ipv6.conf.all.ndisc_notify to 1, which will
cause a gratuitous neighbor discovery packet which will update MAC
address tables on neighboring hosts.

Change-Id: I89062275541d7c6bb6fb725f5283ba59feb38a94
Closes-bug: 1827927
2019-05-06 11:45:17 -07:00
Arx Cruz
9e14ae6c92 Set configure_delegated_roles a parameter
The configure_delegated_roles configure if the heat_stack_onwer role
would be created or not by keystone. Right now this is set to false,
without any way to override to true. This patch change this option to be
a parameter and it also change scenario001 to true in order to run heat
tempest tests.

Change-Id: I916cc4842ccef587a25b06cb422436953974e790
2019-05-06 13:15:43 +00:00
Emilien Macchi
d1b187a56a Scale-down tasks for nova-compute
This patch will properly tear down a compute node.
It's running openstackclient from the Undercloud against Nova API on the
Overcloud, to disable and delete the nova compute service.
Then it's disabling and stopping the containers.

Change-Id: Iedf5b45b9870ad90735d5d7f7c7cafe638db67d1
2019-05-05 15:23:28 +01:00
Zuul
577f507dfe Merge "Revert "mistral: configure heartbeat parameters to avoid action timeout"" 2019-05-04 20:13:11 +00:00
Zuul
20e099bbc1 Merge "Use oslo_messaging_rpc_port for nova rpc healthchecks" 2019-05-04 17:22:39 +00:00
Emilien Macchi
738486f108 Revert "mistral: configure heartbeat parameters to avoid action timeout"
This reverts commit 374fafd66afa792ba197403b479dadbfa3055bce.

The root cause of the timeout has been addressed by:
Id22b1465d6d2424d90781983b970aba4545feb8a

We don't need that horrible hack.
Related-Bug: #1826281

Change-Id: I5f1c89e7fad7624c2edbf557ec39f5777b089d55
2019-05-04 14:52:25 +00:00
Zuul
4c3b51cbc4 Merge "Fix cinder-backup deployment templates" 2019-05-03 21:58:55 +00:00
Alex Schultz
3abededac2 Remove NTP
Chrony has replaced the usage of ntp and is not supported beyond Stein.

Change-Id: Iab476205f29e0ca9e4053c0c9fb2d051b72b13f0
Related-Blueprint: tripleo-chrony
2019-05-03 14:42:15 -06:00
Zuul
71bb8ff635 Merge "Remove ceph-ansible fetch directory as privileged user" 2019-05-03 00:51:46 +00:00
Zuul
dc3c396b34 Merge "Avoid issues with non-existing directories" 2019-05-03 00:19:57 +00:00
Zuul
d4dab0cb8e Merge "Set debug level of nova container_config_scripts only when enabled" 2019-05-02 17:48:08 +00:00
Steve Baker
36148ff6a8 Propagate AdditionalArchitectures to container image prepare
This list will be used by container image prepare to determine whether
to prepare images for every architecture in the registry, or just for
the default architecture.

Change-Id: Ie2885e5a5cdd6dde71be996950154cd2e759062f
Blueprint: multiarch-support
2019-05-02 11:33:57 -06:00
Matthias Runge
db89f2d9a5 Avoid issues with non-existing directories
at deploy time.

Change-Id: I693a21f1d6b48602642fe161d5f0ee2bc03e3acf
2019-05-02 17:33:53 +02:00
Marius Cornea
87549eb4c5 Remove ceph-ansible fetch directory as privileged user
Currently the 'Remove ceph-ansible fetch directory' task fails with
permission denied.

Change-Id: Iab61b0fed8251ffe0e208d12abd874d02a37027f
Closes-bug: 1827273
2019-05-01 15:47:09 -04:00
Martin Schuppert
4d4263f4f1 Set debug level of nova container_config_scripts only when enabled
Right now all scripts log in DEBUG level. This change enables only
DEBUG level if debug is also enabled for the nova service.

Change-Id: Ie58a6630877a58bec8ce763ede166997bd41f882
2019-04-30 14:40:33 +02:00