Forces lowercase matching of user provided node data with dmidecode
output.
Change-Id: I844a2f7660dff5feda8397706671ac0efd37949f
Co-Authored-By: Francesco Pantano <fpantano@redhat.com>
Closes-Bug: 1814070
This flattens rabbitmq and removes puppet parts. The next step will
move the flattened templates to their final location.
It's split in two steps in order to make reviews easier on that big change.
Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69
The NodeDataLookup parameter should be valid JSON and we should
help the user by adding type checking for this early in the
deployment so that the user doesn't experience the related bug.
Change-Id: Id9d2208f1cbaba9234d7657420cd7efcad3507a0
Related-Bug: #1784967
Related-Bug: #1814070
As we are changing the ownership of the whole /var/lib/mistral directory in a
recursive way, we can't be mapping /var/lib/mistral/undercloud.conf as read-only,
otherwise we will get a OSError: [Errno 30] Read-only file system: '/var/lib/mistral/undercloud.conf'.
Instead, we will be mapping the undercloud.conf file into /var/lib/ directory
inside the container and then copy it from /var/lib into /var/lib/mistral
directory on start up, this way we will get rid of ownership permission issues.
Change-Id: Icbdaaf628d996bac89a770426db97d556df4003a
Closes-Bug: #1814275
Since 8e67ec833173920ac60b5548a711885a4d28e16f, docker-puppet doesn't
change mysql password config file on password update. It only notifies
of config change and paunch restarts some containers accordingly.
In non-HA mysql service, when a stack update changes the mysql password,
a docker-puppet task updates the root password config file at step 2.
However, the mysql container is started before the docker-puppet task,
which means that it gets the old root password config file from kolla
and it is never updated afterwards.
This discrepancy between the updated password and the password config
file in the mysql container makes it impossible to connect to mysql
without using a password at command line. This also breaks mysql's
post upgrade tasks which require the proper root credentials in the file.
Fix that discrepancy by adding a synchronization action at step3, which
will be triggered by paunch whenever a config change happens, and make
the docker-puppet task modify the config file shared with the mysql
container (from /var/lib/config-data/puppet-generated)
Note: this discrepancy does not happen for the HA version of the mysql
service, because we already have a container that is in charge of
restarting mysql on config change (mysql_restart_bundle).
Change-Id: I9cc725c77fd9a2f9e55c4878cd2125f99f35c06d
Closes-Bug: #1814514
While using ControllerStorageNfs role images are not pushed to local registry,
since ContainerImagePrepare service is missing in ControllerStorageNfs role.
Closes-Bug: #1814057
Change-Id: Iafe7bf37d7d04eed32a32b8881fab48fdc9f9dd6
As iptables-services injects default rules, we must ensure,
upon upgrade, that none of those unmanaged rules are present
in the firewall, nor in the iptables saved state.
We cannot remove them with puppet nor ansible due to the following
reasons:
- puppetlabs-firewall, the puppet module used in TripleO, manages
the firewall resources with comments - the comment value is the
name of the puppet resource. As the default rules have no comment,
puppet doesn't "see" them as managed resources, and can't affect
them.
- we can't simply "flush" all the rules and reapply them, because
puppet does not manage all the rules - some are managed by neutron,
for example.
- ansible "iptables" module doesn't make a full match of the chain,
and might drop the unwanted ones, keeping the unmanaged in place.
Also, it doesn't take care of the saved state.
SecurityImpact
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1667887
Closes-Bug: #1812695
Change-Id: I59733cb9a0323bbce4e20838a78103a70ec0d426
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the neutron-metadata, neutron-ovs-agent, and neutron-ovs-dpdk-agent.
With this patch the baremetal version of each respective neutron service
has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I7a918e72ce4bfd06a95d7a575603a6fb65ded5a9
We need to mount the whole directory inside the libvirt container,
so that when new certificates are generated, they could be accessed from
within the container.
Related-Bug: #1811401
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I3f1e7511d56f9a974409a9a1e3ed66ba8fa72e36
When there is a directory where the owner can not be changed, we
fail and do not proceed to check the remaining directories. This
has been seen where netapp creates a special .snapshot directory
which is protected and visible when useing NFSv3, not visible
when using NFSv4.
This change catches the error and proceeds.
Change-Id: I2e61030c863041cd73cb204e31e423da3c6f6944
Resolves-Bug: 1814260
The default procedure wasn't working, here we set one that will actually work.
The script additionally copies the certificates in the right place.
Related-Bug: #1811401
Depends-On: I9954cf33efedf2ec3dfb03109595cd4431feff60
Change-Id: I449df13ea2c49a8cf6d2e8e632b2b39707071c52
The default command wasn't working, here we set one that will actually work.
The script additionally copies the certificates in the right place.
Related-Bug: #1811401
Depends-On: Ifacbee9e31d84be1008ab7545defac71cf65793f
Change-Id: Idc0844c8726aa53bc4cbd55f902248f854d2464f
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the congress service.
Change-Id: Ic39a7bca37a21ce01e1d185c1eb5c28c6aabb804
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the panko service.
Change-Id: I0c9010145550507e1145131f5a8b1fde5153bea4
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the tacker service.
Related-Blueprint: services-yaml-flattening
Change-Id: Ica75b52f1064237c5be6c9f9478b777c54616ec8
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all manila services.
With this patch the baremetal version of each manila service has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I02addc0ecbbbcb60d2c6a0d30d7c9cfa42346f7c
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the neutron-api, neutron-dhcp, and neutron-l3 services.
With this patch the baremetal version of each respective neutron service
has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6d1fae29498d2c8bffff2ccffcfbf0b605350205
So far nova_statedir_owner step is only run on initial deploy or
when the image changes. This runs it on every deploy/scale/...
run.
Related-Bug: 1814260
Change-Id: I5eaaad9371183dff070d0eb72457fb76a6a60ebe
