10310 Commits

Author SHA1 Message Date
Zuul
2f43d4b967 Merge "Consolidate RpcPort healthchecks" 2019-05-31 14:58:21 +00:00
Zuul
65b68f3729 Merge "Respect tags in upgrade tasks" 2019-05-31 11:08:06 +00:00
Zuul
457572bd48 Merge "Ensure openstack clients are installed" 2019-05-31 05:09:00 +00:00
Zuul
4a3491b0fc Merge "Sync the ControllerStorageNfs role with the Controller role" 2019-05-31 05:08:58 +00:00
Zuul
92bd1a5417 Merge "Fix haproxy stats network binding" 2019-05-31 02:32:24 +00:00
Zuul
e47bc1fcc9 Merge "Remove unnecessary openldap-clients package from overcloud controllers" 2019-05-31 00:10:48 +00:00
Zuul
fc81bf0fbd Merge "Move neutron base, plugins to deployment" 2019-05-30 20:27:40 +00:00
Nathan Kinder
34e1c75e54 Remove unnecessary openldap-clients package from overcloud controllers
We currently install the openldap-clients package on overcloud
controller nodes.  It was assumed that this package was needed for
IPA client enrollment, but the ipa-client package only uses the
openldap libraries that will already be pulled in as an indirect
dependency of ipa-client.  The openldap-clients package contains
LDAP CLI utilities, which don't appear to be actually used.

Change-Id: I14c1d8204bd84ead0d6995b5aefd10d2bbc4227d
2019-05-30 10:55:59 -07:00
Zuul
d0b443a67d Merge "Switch to use $NETWORK_uri for memcached" 2019-05-30 16:48:13 +00:00
Zuul
dc82208e06 Merge "Reintroduce upgrade tasks for stopping pacemaker cluster" 2019-05-30 13:24:55 +00:00
Jiri Stransky
6d9560e177 Respect tags in upgrade tasks
There seems to be a difference between how include_tasks and
import_tasks work.

`include_tasks` applies properties on the inclusion itself, and if we
want to apply something on the included tasks, we need to use `apply`
dict. We previously had to add `always` tag onto `include_tasks` to
make the inclusion happen when we ran upgrade with `--tags`.

`import_tasks`, on the other hand, is processed more like a block than
an individual task, and all its properties get applied on the tasks
inside. This meant that the `always` tag got applied on all tags in
the upgrade playbook, instead of on the import itself, which broke use
of tags in `upgrade_tasks`. This is now fixed by removing the tags
from `import_tasks`. The import should happen always regardless if
there are any `tags` on the import.

Change-Id: I66a4ed99f9e0cc199899494813073b4a085d99e7
Closes-Bug: #1830892
2019-05-30 07:35:27 +00:00
Jiri Stransky
f8ca0d41ad Reintroduce upgrade tasks for stopping pacemaker cluster
It is likely that change I50a1289a864f804d02a2e2bc0ca8738a186beff0
broke upgrade CI, even though the job somehow passed on it. MariaDB
upgrade tasks now cannot remove the container image, because it's
being used by a running container. Let's keep all tasks for stopping
Pacemaker cluster for now, both untagged ones and the ones tagged for
system_upgrade_prepare step.

Change-Id: Ic45b74c83b99dc58cd6e0f0f45d421b88c7e97a1
Closes-Bug: #1831022
2019-05-30 07:35:27 +00:00
Zuul
019d66dbfa Merge "krb-service-principals support service_net_map_replace" 2019-05-30 02:43:44 +00:00
Zuul
d34566c8e5 Merge "ceph-base: Update ceph-ansible default playbook" 2019-05-29 21:54:25 +00:00
Harald Jensås
30708633dc Switch to use $NETWORK_uri for memcached
When passing connection string for memcached the
address must be in brackets if IP version 6 is
used. The $NETWORK_uri provides the ip address
with/whithout brackets depending on ip version.

Related-Bug: #1830406
Depends-On: https://review.opendev.org/661221
Depends-On: https://review.opendev.org/661220
Depends-On: https://review.opendev.org/661299
Depends-On: https://review.opendev.org/661136
Change-Id: If4f32d2d591018c71b2dee9c5898a10d78e47c5e
2019-05-29 19:17:25 +00:00
Harald Jensås
f708ab7a82 krb-service-principals support service_net_map_replace
Handle service_net_map_replace in the jinja2 logic so that
service_net_map_replace works for both default networks and
custom networks.

Enables a user either to change 'name_lower' of a network
and overriding the ServiceNetMap accordingly, as well as
user changeing 'name_lower' and use 'service_net_map_replace'
so that the default ServiceNetMap can be used.

Related-Bug: #1830852
Change-Id: Iae4341e9e7c888da4dd8d0dedd5ad28b7e0e6c40
2019-05-29 20:27:14 +02:00
Zuul
0d2f1df7cd Merge "cinder: set cinder::nova::project_name to service" 2019-05-29 18:22:54 +00:00
Zuul
281effb780 Merge "Fix custom network.name_lower in krb-service-principals" 2019-05-29 16:45:27 +00:00
Zuul
51c3ec6872 Merge "Adapt sensu on refactor" 2019-05-29 15:15:11 +00:00
Zuul
ef88503c03 Merge "Use make_url to wrap IPv6 addresses in brackets." 2019-05-29 12:33:20 +00:00
Zuul
7f8348974e Merge "Fix manila-scheduler-container-puppet.yaml typo" 2019-05-29 12:33:18 +00:00
Zuul
f1ed1aae3c Merge "Stop all services before upgrading node's OS." 2019-05-29 12:18:23 +00:00
Harald Jensås
c0fcf8674d Fix custom network.name_lower in krb-service-principals
The lowercase network names was hardcoded to 'external',
'internal_api' and 'storage_mgmt'. Use jinja to get the
network.name_lower value from network_data.yaml instead
so that users can customize the lowercase network name.

Closes-Bug: #1830852
Change-Id: Ie9bd482782ff770d90dfc38a585237812ed81c06
2019-05-29 09:46:37 +02:00
dsariel
f7b8be6ccb Fix manila-scheduler-container-puppet.yaml typo
Change-Id: Ifc9226c33482c6562c368ed384e9d062384a1817
Closes-Bug: #1830750
2019-05-28 20:15:13 +00:00
Zuul
1ce6d43d1b Merge "Configure server_certs_key_passphrase for Octavia" 2019-05-28 19:00:57 +00:00
Dimitri Savineau
c450bae2ba ceph-base: Update ceph-ansible default playbook
The main ceph-ansible playbook for containerized deployment is named
site-container.yml because it isn't only used for docker.
Currently the site-docker playbook is a symlink to site-container and
this symlink will probably be remove in the future.

Change-Id: Ie623e91517f2b310d58181233f06bc3e7c9e9c71
2019-05-28 14:50:48 -04:00
Zuul
b381a7fefa Merge "Re-add amphora flavor management settings" 2019-05-28 18:17:08 +00:00
Zuul
32d5c92bd0 Merge "Initialize ip(6)tables "raw" table" 2019-05-28 16:52:41 +00:00
Zuul
63985433de Merge "Add domain and no-ntp options to ipaclient" 2019-05-28 14:30:41 +00:00
Emilien Macchi
d75aee60f3 cinder: set cinder::nova::project_name to service
The default is changing in https://review.opendev.org/661413
and in TripleO we use 'service', and not 'services'. So we need to force
cinder::nova::project_name to be 'service'.

Change-Id: I688e6b32703e19df032c86c0f4d04b75a12bfd20
2019-05-28 10:04:32 -04:00
Jose Luis Franco Arza
9d5c972d99 Stop all services before upgrading node's OS.
During the system_upgrade_prepare step in the upgrade
workflow, we need to stop all services before starting
the operating system upgrade, we're doing that by stopping
all docker containers at once after stopping the pcmkr
cluster in step 2.

Change-Id: I50a1289a864f804d02a2e2bc0ca8738a186beff0
2019-05-28 13:11:23 +00:00
Cédric Jeanneret
e97d4dcfd2 Initialize ip(6)tables "raw" table
With RHEL8, we apparently hit an issue where the "raw" table doesn't
exist. While this is worked around during the deploy, we need to ensure
this table does exist upon reboot.

This patch creates 2 systemd unit in order to ensure this table is
present in both iptables and ip6tables. They are to be launched before
the ip(6)tables.service in order to allow the standard rules to be
loaded at boot time.

Those units will probably be removed once we have an updated iptables
package.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1673609

Change-Id: I5334ac3e8080700d77e7a1de3330fdad76bc633f
2019-05-28 10:43:17 +02:00
Martin Magr
a3f5d1282b Adapt sensu on refactor
This patch fixes path containers-common.yaml after it has been moved to deployment dir.

Change-Id: I447ef5241572e31729893cdad1902fe38e92d3e7
2019-05-27 11:52:00 +02:00
Zuul
4d6eeaee01 Merge "Add CephAnsibleEnvironmentVariables to nodes-uuid call" 2019-05-25 19:36:48 +00:00
Brent Eagles
504f8fc750 Re-add amphora flavor management settings
The octavia amphora flavor config was inadvertantly removed during the
flattening stage. This adds it back.

Change-Id: Ic928d3562583291f4d640d6ccdc3d9d9b22a7866
2019-05-24 20:04:19 +00:00
Harald Jensås
824dd9003a Use make_url to wrap IPv6 addresses in brackets.
Replace the dependency of network data values for wrapping
'ip_address_uri' in brackets. Instead of using jinja2
variables network.ipv6 or ipv6_override to decide if the
IP need to be wrapped in brackets or not the make_url
function in heat in combination with a str_replace is
used.

Related-Bug: #1830406
Change-Id: I2d8c405c1df30ac11cc2286398fe4749694da10e
2019-05-24 20:06:38 +02:00
Ade Lee
edfbeae918 Add domain and no-ntp options to ipaclient
Two options have proven useful for deployers.
--domain: To specify the IdM DNS domain in cases where the client is
  not in the same DNS domain as the IdM server
--no-ntp: To ensure that the idm-client-install does not change the
  NTP settings when they have already been set by puppet.

The patch adds both these options.

Change-Id: I88075174dfffe4117c8ccc31f28ed9f43bf8b4e7
2019-05-24 11:46:54 -04:00
Zuul
c06232fba2 Merge "Remove the iptables rules set via service_config_settings" 2019-05-24 15:20:16 +00:00
Michele Baldessari
45f5c283e3 Fix haproxy stats network binding
a) The haproxy.stats stanza in haproxy config file has pretty much remained the same since newton:
listen haproxy.stats
  bind 192.168.24.8:1993 transparent
  mode http
  stats enable
  stats uri /
  stats auth admin:tRJre6PnQuN4ZwqKYUygTJArB

b) what we do today with the haproxy stats makes little sense:
- we bind it to the VIP running on the control-plane network on all controller nodes
- de facto we allow to look at the haproxy stat info via web only on the node holding the ctlplane VIP
- since haproxy does not share stats across nodes, we're effectively
  limited at looking at the stats info on a single node.

Now imagine ctrl-0 holding the internal_api VIP and ctrl-1 holding the
ctlplane VIP. Basically now the only stats you will be able to see are
the ones relative to keystone_admin (which for other silly reasons has
been moved to ctlplane by default) and very little else.

Tested this and am able to bind the haproxy stat to another network
and to have it listen to the IP of the node on said network (in addition
to the ctrlplane vip which we do not remove as it might break stuff):

    listen haproxy.stats
      bind fd00:fd00:fd00:2000::16:1993 transparent
      bind 192.168.24.15:1993 transparent
      mode http
      stats enable
      stats uri /
      stats auth admin:password

Closes-Bug: #1830334

Depends-On: Iab5f11c3065ff34a3543621554e7f05161d069f2

Change-Id: If2ee15f1e0fcf6d077cba524fad75dec7e1144b6
2019-05-24 14:43:26 +02:00
Dan Sneddon
68bfc26728 Fix run-os-net-config.sh to use ping6 for IPv6 hostnames
The run-os-net-config.sh script checks to see if an IP address is
IPv4 or IPv6, and uses ping or ping6 accordingly. This change also
resolves hostnames and submits the resolved IP to the same test.
If the hostname only resolves to an IPv6 address, then ping6 will
be used.

Change-Id: I9f37992157935b37cc9beb8a2f3b9d749a62bd1b
Closes-bug: 1830274
2019-05-23 12:38:00 -07:00
Zuul
5dd09273aa Merge "Add ability to specify dns search domains" 2019-05-23 17:34:11 +00:00
Zuul
c36eaa42d0 Merge "Fix IPA client when doing brownfield deployment of internal TLS" 2019-05-23 17:23:39 +00:00
Zuul
afdd75454f Merge "Set force_config_drive only when OVNMetadata is disabled" 2019-05-23 14:25:23 +00:00
John Fulton
6858ef4114 Add CephAnsibleEnvironmentVariables to nodes-uuid call
CephAnsibleEnvironmentVariables are also useful when running
the nodes-uuid playbook. Users may know ceph-ansible playbook
is run but may not know the nodes-uuid playbook is run too.
If additional Ansible environment variables are useful for
running ceph-ansible it is likely they will be needed for
the nodes-uuid playbook. The altnernative is to create another
parameter like NodesUuidAnsibleEnvironmentVariables.

Change-Id: I10ddb4f79f5c8b69b09622b96e96325ba19d62e0
2019-05-23 09:22:54 -05:00
Jakub Libosvar
7ac8e67d82 Set force_config_drive only when OVNMetadata is disabled
There are usecases when operator wants to talk to metadata API from
config-drive script (e.g. using curl to get data from metadata). That
means it makes sense to have OVN Metadata Agent deployed while forcing
config-drive to be used.

This patch sets force_config_drive to true only when OVNMetadataEnable
is set to false. If it's set to true then it doesn't touch
force_config_drive option, leaving it up to environment to define it.
(The default for force_config_drive is false.)

Closes-Bug: #1830179
Change-Id: Ib956ff2f521b9853c58eaa5500836c692dd9321d
2019-05-23 08:55:57 +00:00
Michele Baldessari
114e5778f9 Remove the iptables rules set via service_config_settings
This breaks the rules for the haproxy stats access because it
shadows them. Let's remove these rules and move the iptables
rules for haproxy in puppet-tripleo where they should have
been in the first place, like for all other services.

Depends-On: I1325171ef60d7a7e3b57373082fcdb5487be939b
Change-Id: I2f177c930567b3a45f0d95cec4140f478f14a074
Closes-Bug: #1829338
2019-05-23 05:14:05 +00:00
Zuul
e3ad34aece Merge "standalone/undercloud - post: use EndpointMap to fetch Keystone URL" 2019-05-23 00:30:49 +00:00
Zuul
612d1b9d99 Merge "OVS Revalidator and handler threads" 2019-05-23 00:22:01 +00:00
Zuul
aab5feed70 Merge "Try a timesync as part of first boot" 2019-05-22 15:26:46 +00:00
5e83eeda5b Override ovn::controller::hostname to use hiera:fqdn_canonical
ovn::controller::hostname defaults to ::fqdn,
hostname can differ based on how nova configures it, detected
when dhcp_domain name is removed in [1].
So it's good to rely on fqdn_canonical hiera key which
nova also relies on to set "host" in nova.conf.

Also use neutron_timeout instead of neutron_url_timeout
which was deprecated for long and is removed in [1].

[1] https://review.opendev.org/#/c/658400/

Related-Bug: #1829993
Change-Id: If52302b5a04b5e146ac53ccd3fc65a064b2df2fb
2019-05-22 14:48:21 +05:30