310 Commits

Author SHA1 Message Date
Jenkins
e3f5da81ae Merge "Set name property on missing deployments" 2017-07-24 18:41:06 +00:00
Jenkins
bb963cfe42 Merge "Make Deploy/UpdateIdentifier definition semi-consistent" 2017-07-22 07:55:10 +00:00
Jenkins
dad8c01aaa Merge "Add a new role for ComputeOvsDpdk and clean-up parameters" 2017-07-21 23:30:50 +00:00
Ben Nemec
c02a343623 Make Deploy/UpdateIdentifier definition semi-consistent
It seems UpdateIdentifier is an overloaded parameter - it is used
both to trigger package updates in the minor update case as well as
to trigger the upgrade steps during a major upgrade.  I'm not sure
it's appropriate to change either of the descriptions as a result,
so for the moment that is added to the exclusion list.

Change-Id: Ied36cf259f6a6e5c8cfa7a01722fb7fda6900976
Partial-Bug: 1700664
2017-07-21 18:39:13 +00:00
Jenkins
a89fb921a1 Merge "Ensure yum cache is ready before update" 2017-07-18 11:51:07 +00:00
James Slagle
c1a4f8d810 Set name property on missing deployments
To be consistent with all other SoftwareDeployment's in
tripleo-heat-templates, this sets the name property on
the deployments where it was missing.

Change-Id: I8bc062d2af93acead240bd5e473ea385b2bf6cf2
2017-07-17 17:17:52 -04:00
Saravanan KR
c53918926e Add a new role for ComputeOvsDpdk and clean-up parameters
A new role ComputeOvsDpdk has been added to avoid manual
roles_data creation. And cleaned-up the DPDK parameters
inline with the refactored code.

Change-Id: I16dac69609c98194c2504ff067258fa14363d4f1
2017-07-14 11:09:13 +05:30
Jenkins
c031108b9a Merge "Adds check for existing yum process during the legacy minor update" 2017-07-14 00:33:58 +00:00
Jenkins
b02aedb174 Merge "Added OvS permission workaround for enabling DPDK" 2017-07-13 18:33:29 +00:00
marios
839c0b1116 Adds check for existing yum process during the legacy minor update
Checks for an existing /var/run/yum.pid and exit 1 with an error
message saying why.

Change-Id: I374eeb4164a8007ae67fea2796eac109fffdef97
Closes-Bug: 1704131
2017-07-13 16:25:52 +03:00
Lukas Bezdicka
1a544f66a5 Ensure yum cache is ready before update
To workaround yum bug with libnss we need to make yum cache
before running update. In fact we should have done this
regardless of the bug.

Change-Id: I5b2355fb8abe3c8d4b9ce9c62b9ffdba8c1e8d9d
Resolves: rhbz#1458841
Closes-Bug: #1703830
2017-07-13 12:14:24 +02:00
James Slagle
11b3cb25a9 Revert "Revert "Blacklist support for ExtraConfig""
There is a Heat patch posted (via Depends-On) that resolves the issue
that caused this to be reverted. This reverts the revert and we need to
make sure all the upgrades jobs pass before we merge this patch.

This reverts commit 69936229f4def703cd44ab164d8d1989c9fa37cb.
Closes-Bug: #1699463
implements blueprint disable-deployments

Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
2017-07-10 17:39:57 +00:00
Saravanan KR
d7738012e1 Added OvS permission workaround for enabling DPDK
The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.

Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
2017-07-10 16:12:05 +05:30
Tim Rozet
b30bdb6f8e Adds service for OVS and enables ODL DPDK deployments
In order to deploy OpenDaylight with DPDK we need to copy the DPDK
config for OVS done in the neutron-ovs-dpdk service template, without
enabling OVS agent for compute nodes.  To do this correctly, we should
inherit and openvswitch service which is a common place to set OVS
configuration and parameters.  Note: vswitch::dpdk config will be called
in prenetwork setup with ovs_dpdk_config.yaml so there is no need to
include that in the step config for neutron-ovs-dpdk-agent service or
opendaylight-ovs-dpdk.

Changes Include:
 - Creates a common openvswitch service template, which in the future
   will migrate to be its own service.
 - Renames and fixes OVS DPDK configuration heat parameters in the
   openvswitch template.
 - neutron-ovs-dpdk-agent now inherits the common openvswitch template.
 - Adds opendaylight-ovs-dpdk template which also inherits common ovs
   template.
 - Uses OVS DPDK config script to allow configuring OVS DPDK in
   prenetwork config (before os-net-config runs).  This has an issue
   where hieradata is not present yet, so we have to redefine the heat
   parameters and pass them via bash.  In the future this should be
   corrected.
 - Adds opendaylight-dpdk environment file used to deploy an ODL + DPDK
   deployment.
 - Updates neutron-ovs-dpdk environment file.

Closes-Bug: 1656097
Partial-Bug: 1656096

Depends-On: I3227189691df85f265cf84bd4115d8d4c9f979f3

Change-Id: Ie80e38c2a9605d85cdf867a31b6888bfcae69e29
Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-06-23 09:31:53 -04:00
Saravanan KR
4e19c7a13e Enable DPDK on boot using PreNetworkConfig
DPDK has to be enabled on openvswitch on the boot before
configuring the network as when the network uses DPDK ports
OvS should be ready to handle DPDK. Enabled DPDK via
PreNetworkConfig by checking if ServiceNames contains
DPDK service.
Implements: blueprint ovs-2-6-dpdk
Closes-Bug: #1654975

Depends-On: I83a540336c01a696780621fb2b39486a6abf0917
Change-Id: I7af4534d91e67c94ba559b78b9ac6a001e639db3
2017-06-23 11:19:23 +05:30
Jenkins
7b60e56c0e Merge "Revert "Blacklist support for ExtraConfig"" 2017-06-22 21:22:02 +00:00
Alex Schultz
69936229f4 Revert "Blacklist support for ExtraConfig"
This reverts commit d6c0979eb3de79b8c3a79ea5798498f0241eb32d.

This seems to be causing issues in Heat in upgrades.

Change-Id: I379fb2133358ba9c3c989c98a2dd399ad064f706
Related-Bug: #1699463
2017-06-22 13:35:19 +00:00
Jenkins
27a92d279e Merge "Blacklist support for ExtraConfig" 2017-06-19 21:22:45 +00:00
James Slagle
d6c0979eb3 Blacklist support for ExtraConfig
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for
blacklisting servers from triggered Heat deployments.

This commit adds that functionality to the remaining Deployments in
tripleo-heat-templates for the ExtraConfig interfaces.

Since we can not (should not) change the interface to ExtraConfig, Heat
conditions are used on the actual <role>ExtraConfigPre and
NodeExtraConfig resources instead of using the actions approach on
Deployments.

Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
2017-06-16 11:13:25 -04:00
Alex Schultz
abf4444d90 Ignore case for bootstrap node checks
The bootstrap_nodeid can have capital letters while the hostname may
not. In puppet we use downcase for this comparison, so let's follow a
similar pattern for scripts from THT.

Change-Id: I8a0bec4a6f3ed0b4f2289cbe7023344fb284edf7
Closes-Bug: #16998201
2017-06-15 13:59:31 -06:00
Jenkins
cea62f129c Merge "Modify PreNetworkConfig config inline with role-specific parameters" 2017-06-15 13:05:28 +00:00
Saravanan KR
0c66118b10 Modify PreNetworkConfig config inline with role-specific parameters
Existing host_config_and_reboot.role.j2.yaml is done in ocata to
configure kernel args. This can be enhanced with use of role-specific
parameters, which is done in the current patch. The earlier method is
deprecated and will be removed in Q releae.
Implements: blueprint ovs-2-6-dpdk

Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-13 11:02:33 +05:30
Carlos Camacho
834fe9cde3 Moving *postconfig where it was *postpuppet
We need to ensure that the pacemaker cluster restarts
in the end of the deployment.

Due to the resources renaming we added the
postconfig resource not in the end of the
deployment as it was *postpuppet.

Closes-bug: 1695904

Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12 19:17:21 +02:00
Flavio Percoco
d27c778e3c Don't create networks if neutron is not enabled
With the composable undercloud installer, it's possible to disable
services.  The extraconfig script assumes both, neutron and nova, are
installed and fails if they aren't.

This patch checks if those services are available before.

Change-Id: Idcc2b9809fcfa92649a0a1f45175ce417dc0e608
2017-06-07 13:45:37 +02:00
Carlos Camacho
0a0e2ee629 Update the template_version alias for all the templates to pike.
Master is now the development branch for pike
changing the release alias name.

Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-19 09:58:07 +02:00
Jenkins
edc29bc068 Merge "Use the make_url function to build URLs" 2017-05-06 19:51:02 +00:00
Jenkins
5fc8d234dd Merge "Fix up pacemaker_status test in yum_update.sh" 2017-05-05 20:16:19 +00:00
Zane Bitter
b26fe7d164 Use the make_url function to build URLs
Change-Id: I2b23d92c85d5ecc889a7ee597b90e930bde9028e
Depends-On: I72f84e737b042ecfaabf5639c6164d46a072b423
2017-05-05 14:43:11 -04:00
Jenkins
8af47c20f3 Merge "[N->O] Add openstack-nova-migration to compute nodes." 2017-05-04 23:05:16 +00:00
Michele Baldessari
2244290424 Fix up pacemaker_status test in yum_update.sh
In change I2aae4e2fdfec526c835f8967b54e1db3757bca17 we did the
following:
-pacemaker_status=$(systemctl is-active pacemaker || :)
+pacemaker_status=""
+if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker;
then
+ pacemaker_status=$(systemctl is-active pacemaker)
+fi

we did that so due to LP#1668266: we did not want systemctl is-active to
fail on non pacemaker nodes. The problem with the above hiera check is
that it will match on pacemaker_remote nodes as well.

We cannot piggyback the pacemaker_enabled hiera key because that is true
on all nodes. So let's make the test check only for pacemaker service
without matching pacemaker remote. Tested with:
1) Test on a controller node with pacemaker service enabled
[root@overcloud-controller-0 ~]# hiera -c /etc/puppet/hiera.yaml -a service_names |grep '\bpacemaker\b'
"pacemaker",
[root@overcloud-controller-0 ~]# echo $?
0

2) Test on a compute node without pacemaker:
[root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker\b'
[root@overcloud-novacompute-0 puppet]# echo $?
1

3) Test on a node with pacemaker_remote in the service_names key:
[root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker\b'
[root@overcloud-novacompute-0 puppet]# echo $?
1

[root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker_remote\b'
 "pacemaker_remote"]
[root@overcloud-novacompute-0 puppet]# echo $?
0

Change-Id: I54c5756ba6dea791aef89a79bc0b538ba02ae48a
Closes-Bug: #1688214
2017-05-04 13:54:04 +02:00
Jenkins
cc6663a5b7 Merge "Initial VIP ipv6 minor update code" 2017-05-04 10:04:06 +00:00
Sofer Athlan-Guyot
29a8a46d98 [N->O] Add openstack-nova-migration to compute nodes.
This add openstack-nova-migration on the compute during the upgrade.

Closes-Bug: #1687081

Depends-on: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: I02dc8934521340f42ac44a7d16889f6d79620c33

Change-Id: I3db2a3188e538eeaef61769d38f0166545444cfe
2017-05-03 20:21:44 +00:00
Jenkins
c6ee1f7a70 Merge "Fix for the resource ControllerPostPuppetMaintenanceModeDeployment" 2017-05-02 19:02:26 +00:00
Michele Baldessari
4923f5c499 Initial VIP ipv6 minor update code
To test this change we deployed a stock master with ipv6 which created a bunch
of ipv6 with /64 netmask:
[root@overcloud-controller-0 ~]# pcs resource show ip-fd00.fd00.fd00.2000..18
 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2)
  Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=64
  Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s)
              stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s)
              monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s)

Then we update the THT folder with this patch and upload the new scripts on the undercloud via:
openstack overcloud deploy --update-plan-only ....

Then we kick off the minor update workflow:
openstack overcloud update stack -i overcloud

Once the controller-0 node (bootstrap node for pacemaker) is completed we have the
correct VIP configuration:
[root@overcloud-controller-0 heat-config-script]# pcs resource show ip-fd00.fd00.fd00.2000..18
 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2)
  Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=128 nic=vlan20 lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99
  Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s)
              stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s)
              monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s)

Also verified that running the script a second time does not alter the
(already fixed) VIPs.

Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>

Change-Id: I765cd5c9b57134dff61f67ce726bf88af90f8090
2017-05-02 20:01:21 +02:00
Carlos Camacho
77b4bd53da Fix for the resource ControllerPostPuppetMaintenanceModeDeployment
Closes-Bug:1686619

Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34
2017-05-02 14:41:37 +02:00
Michele Baldessari
61d1905da4 Remove deprecated minor update pcs code
We fixed pcs resources start/stop timeouts via
I587136d8d045d213875c657ea5a405074f80c8ad in Nov 2015.for mitaka.

And there we stated:
  This can be removed once updates from deployments made prior to
  I6fc18f1ad876c5a25723710a3b20d8ec9519dcba are no longer supported.

We can now safely remove these updates as they are useless and cost time
anyway.

Change-Id: Ibad2b3eed0d08560d52d5ebe700746b61e5b8f51
2017-04-27 21:46:40 +02:00
Carlos Camacho
258c6ce52d Merge pre|post puppet resources into pre|post config.
The [Pre|Post]Puppet resources were renamed in
https://review.openstack.org/#/c/365763.
This was intended for having a pre/post deployment
steps using an agnostic name instead of
being attached to a technology.

The renaming was unintentionally reverted in
https://review.openstack.org/#/c/393644/ and
https://review.openstack.org/#/c/434451.

This submission merge both resources into one,
and remove the old pre|post hooks.

Closes-bug: #1669756
Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
2017-04-24 12:56:49 +02:00
Sofer Athlan-Guyot
79c2d0f3d4 N->O Manual puppet commands have the right modulepath.
In two places during upgrade we manually trigger puppet.

There can be a problem when new puppet modules are added, and their
corresponding symlinks in /etc/puppet/modules are not created during
the installation as their are installed in
/usr/share/openstack-puppet/modules.  To prevent the issue tripleo set
modulepath in the templates.

We must use the same modulepath to make sure that we don't fail
because of missing module in the manual puppet run.

This particulary happens when you upgrade from M->N->O, as the base
image in Mitaka doesn't have the proper symlinks and they are not
created during the installation of the package.

Closes-Bug: #1684587

Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
2017-04-20 13:20:41 +02:00
Jenkins
ff2ca16ba4 Merge "SSH known_hosts config" 2017-04-18 22:53:25 +00:00
Jenkins
f9ba863198 Merge "Allow for update after RHEL registration" 2017-04-14 15:27:48 +00:00
Oliver Walsh
7d3552a105 SSH known_hosts config
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
 verification is vulnerable to a MITM attack.

Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-13 21:53:59 +01:00
Jenkins
c89fe8da72 Merge "yum_update.sh - Use the yum parameter: check-update" 2017-04-12 18:04:48 +00:00
Jenkins
74684af1ad Merge "Decouple Swift ringbuilding logic" 2017-04-11 11:03:13 +00:00
Juan Antonio Osorio Robles
99855339f7 metadatahook: Use coalesce to handle null values
This uses the coalesce function to take null values into account, else
these resources will fail validation.

Change-Id: Iaf4218dd731826f80b76ff8f7a902adc8c865be5
Closes-Bug: #1681332
2017-04-10 13:53:13 +03:00
Christian Schwede
76c1c0cbba Decouple Swift ringbuilding logic
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses
the new logic in puppet-tripleo (see Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
), basically doing the same.

Closes-Bug: 1665641
Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139
2017-04-10 07:23:27 +00:00
Alex Schultz
c4fd828676 Allow for update after RHEL registration
Adds the ability to perform a yum update after performing the RHEL
registration.

Change-Id: Id84d156cd28413309981d5943242292a3a6fa807
Partial-Bug: #1640894
2017-04-07 09:05:09 -06:00
Jenkins
161b2b4427 Merge "Don't disable satellite repo after registration" 2017-04-06 12:44:21 +00:00
Matthew Flusche
9e4375d276 yum_update.sh - Use the yum parameter: check-update
The current check tends to produce a false positive causing unnecessary
service restarts.  yum check-update will exit with return code 100 if
updated packages are available.

Change-Id: I8bd89f2b24bafc6c991382b9eb484cfa9a2f8968
2017-04-05 20:49:51 +00:00
Jenkins
b07b4cc1a1 Merge "Add special case upgrade from openvswitch 2.5.0-14" 2017-04-01 16:28:20 +00:00
marios
25983882c2 Add special case upgrade from openvswitch 2.5.0-14
In [1] we removed the previously used special case upgrade code.
However we have since discovered that for openvswitch 2.5.0-14
the special case is still required with an extra flag to prevent
the restart.  This adds the upgrade code back into the minor
update and 'manual upgrade' scripts for compute/swift. The
review at If998704b3c4199bbae8a1d068c31a71763f5c8a2 is adding
this logic for the ansible upgrade steps.

Related-Bug: 1669714
[1] https://review.openstack.org/#/q/59e5f9597eb37f69045e470eb457b878728477d7
Change-Id: I3e5899e2d831b89745b2f37e61ff69dbf83ff595
2017-03-31 18:38:33 +03:00