The next change in this series turns off the nova_metadata service,
which means nova_compute needs to have the same vendordata
configuration so that it can populate the config-drive data with the
same vendordata served by nova_metadata.
Change-Id: I2dc1d120d0bd7cc91bde767097945598148d3e9b
Blueprint: nova-less-deploy
I2702a022565a130ab339d165cb2252ad67d1162e changed the Nova NFS params to be
role specific, however the global param still takes precedence in the
enable_live_migration_tunnelled condition.
With this change the the global param is only considered when the role
specific param is not set.
Change-Id: I3d1a0f632e8a7e4924ebabdc795c0ef5d53cdd6d
Related-Bug: 1823712
Fluentd makes rsyslog to send the logs to fluentd locally.
This configuration was create within the puppet-tripleo,
mounting the /etc/rsyslog.d/ directory on the fluentd
container. This generates an issue when is deployed on
RHEL BZ #1701726.
This patch aim to fix it.
- The /etc/rsyslog.d directory is no longer mounted
on the fluentd container.
- The rsyslog configuration was moved to the host_prep_tasks.
Depends-On: I388180dc991926ff30f8bbc556f61447152f8dc9
Change-Id: Iae610832c12d63bde1eb507ba4bb89f2e3cfa24b
I5851dc7820fdcc4f5790980d94b81622ce3b0c8d corrected the dry-run case
only for non-HA setup.
The HA case was overlooked since it doesn't inherits from the non-HA.
Change-Id: Id678bbc2127bc3742d3c254ff4f62fc1b0e27daa
Related-Bug: #1823841
The problem we want to selve is that the change
https://review.opendev.org/#/c/631486/ (moving iptables creation to the
host) never really worked.
The reason it never worked and we never noticed is two-fold:
A) It ran: -e include ::tripleo::profile::base::haproxy
the problem is that without quoting puppet basically does a noop
B) Once the quoting is fixed it breaks because 'export FACTER_step'
exports a custom fact but does not export a hiera key per-se (so calls
to hiera('step') would fail
So we add proper quoting only on the variables that are arguments to a
parameter so that there is no risk of ansible doing the wrong thing and
puppet gets the correct arguments.
We also explicitely set the step for hiera in the deploy_steps_tasks.
The reason we need it is because in non-HA the iptables rules would
be created at step 1. But since the deploy_steps_tasks run before the
actual tasks that set the step hieradata.we would get the following
error:
Error: Function lookup() did not find a value for the name 'step'
We can just write out the step hiera key during the deploy_steps_tasks,
it will be enforced again shortly afterwards once the
common/deploy-steps-tasks.yaml gets invoked.
We also switch back to puppet_execute: ::tripleo::profile::base::haproxy
even for the pacemaker profile. This was broken by the flattening of the
haproxy service (Id55ae44a7b1b5f08b40170f7406e14973fa93639)
Co-Authored-By: Luca Miccini <lmiccini@redhat.com>
Change-Id: Iab310207ca17a6c596470dda30a39e029c4fe09c
Closes-Bug: #1828250
This change adds an additional deployment step that will attempt to
extract all Placement data from the nova_api database ahead of db syncs
being preformed. For the time being this is a noop as there should be no
data to move across. Eventually this will be used during upgrades and
actually used to migrate data between the nova_api and placement
database.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Change-Id: Ifaa1101d05b835529730002ef985990c6469a449
Update healthcheck commands that probe oslo's messaging port to use the
RpcPort parameter. Previously, some templates referenced the service's
own 'rabbit_port' config setting, which led to malformed healthcheck
commands when the 'rabbit_port' settings were deprecated.
Update the templates that looked up the port in the RabbitMQService's
global_config_settings. Not only did this break the oslo abstraction
by referring to a specific messaging backend (rabbit), it broke
split-stack deployments in which the RabbitMQService is not actually
deployed on the secondary stack's nodes.
This patch creates a common healthcheck command using the RpcPort
parameter in containers-common.yaml. This allows other templates to
reference a common healthcheck command. Other templates that should
also use this can be cleaned up in a separate patch.
Closes-Bug: #1825342
Change-Id: I0d3974089ae6e6879adab4852715c7a1c1188f7c
Also add the /etc/modules.d mount point for container-puppet
scripts, so that vfio module load conf file is created.
Change-Id: If585d8d807c350273d152f1fb4ef2615ac1d1b81
Closes-Bug: #1828413
The only OVN Tunnel Encap Type that we are supporting in OVN is Geneve
and this is set by default in ovn puppet. So there are no need to set
it in TripleO
Change-Id: Ide08d028d3311dfd08ee3872b32ebd1e1a36e17b
Closes-Bug: 1828186
A previous change [1] enabled ndisc_notify, which is the IPv6 equivalent
for IPv4's arp_notify. Enable the latter to keep them consistent with
each other.
Change-Id: I15e8348585a9c0ee824a4c123677992010980b9e
Related-Bug: #1827927
Some mountpoints are left on the host after docker shut down. This
seems to be an issue with docker, but couldn't trace it back to a
specific docker bug.
In the meantime to unblock the upgrade CI we make sure that every
mount point under /var/lib/docker are umounted before deleting that
directory.
Note that we need to keep the order right, so that we do a depth first
list so that umount can do leaves before root.
Closes-Bug: #1826375
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I03a065556caca4385bb8b28be0dfbe21addbf003
On RHEL/CentOS systems, ndisc_notify is disabled by default. When
OVS restarts or an internal port flaps, the MAC address may change.
Without ndisc_notify, neighbor hosts on the same network will not
know about the MAC change, and will lose connectivity until the MAC
timer expires.
This change sets net.ipv6.conf.all.ndisc_notify to 1, which will
cause a gratuitous neighbor discovery packet which will update MAC
address tables on neighboring hosts.
Change-Id: I89062275541d7c6bb6fb725f5283ba59feb38a94
Closes-bug: 1827927
The configure_delegated_roles configure if the heat_stack_onwer role
would be created or not by keystone. Right now this is set to false,
without any way to override to true. This patch change this option to be
a parameter and it also change scenario001 to true in order to run heat
tempest tests.
Change-Id: I916cc4842ccef587a25b06cb422436953974e790
This patch will properly tear down a compute node.
It's running openstackclient from the Undercloud against Nova API on the
Overcloud, to disable and delete the nova compute service.
Then it's disabling and stopping the containers.
Change-Id: Iedf5b45b9870ad90735d5d7f7c7cafe638db67d1
This reverts commit 374fafd66afa792ba197403b479dadbfa3055bce.
The root cause of the timeout has been addressed by:
Id22b1465d6d2424d90781983b970aba4545feb8a
We don't need that horrible hack.
Related-Bug: #1826281
Change-Id: I5f1c89e7fad7624c2edbf557ec39f5777b089d55
Chrony has replaced the usage of ntp and is not supported beyond Stein.
Change-Id: Iab476205f29e0ca9e4053c0c9fb2d051b72b13f0
Related-Blueprint: tripleo-chrony
This list will be used by container image prepare to determine whether
to prepare images for every architecture in the registry, or just for
the default architecture.
Change-Id: Ie2885e5a5cdd6dde71be996950154cd2e759062f
Blueprint: multiarch-support
Currently the 'Remove ceph-ansible fetch directory' task fails with
permission denied.
Change-Id: Iab61b0fed8251ffe0e208d12abd874d02a37027f
Closes-bug: 1827273
Right now all scripts log in DEBUG level. This change enables only
DEBUG level if debug is also enabled for the nova service.
Change-Id: Ie58a6630877a58bec8ce763ede166997bd41f882