10268 Commits

Author SHA1 Message Date
Zuul
4d6eeaee01 Merge "Add CephAnsibleEnvironmentVariables to nodes-uuid call" 2019-05-25 19:36:48 +00:00
Zuul
c06232fba2 Merge "Remove the iptables rules set via service_config_settings" 2019-05-24 15:20:16 +00:00
Dan Sneddon
68bfc26728 Fix run-os-net-config.sh to use ping6 for IPv6 hostnames
The run-os-net-config.sh script checks to see if an IP address is
IPv4 or IPv6, and uses ping or ping6 accordingly. This change also
resolves hostnames and submits the resolved IP to the same test.
If the hostname only resolves to an IPv6 address, then ping6 will
be used.

Change-Id: I9f37992157935b37cc9beb8a2f3b9d749a62bd1b
Closes-bug: 1830274
2019-05-23 12:38:00 -07:00
Zuul
5dd09273aa Merge "Add ability to specify dns search domains" 2019-05-23 17:34:11 +00:00
Zuul
c36eaa42d0 Merge "Fix IPA client when doing brownfield deployment of internal TLS" 2019-05-23 17:23:39 +00:00
Zuul
afdd75454f Merge "Set force_config_drive only when OVNMetadata is disabled" 2019-05-23 14:25:23 +00:00
John Fulton
6858ef4114 Add CephAnsibleEnvironmentVariables to nodes-uuid call
CephAnsibleEnvironmentVariables are also useful when running
the nodes-uuid playbook. Users may know ceph-ansible playbook
is run but may not know the nodes-uuid playbook is run too.
If additional Ansible environment variables are useful for
running ceph-ansible it is likely they will be needed for
the nodes-uuid playbook. The altnernative is to create another
parameter like NodesUuidAnsibleEnvironmentVariables.

Change-Id: I10ddb4f79f5c8b69b09622b96e96325ba19d62e0
2019-05-23 09:22:54 -05:00
Jakub Libosvar
7ac8e67d82 Set force_config_drive only when OVNMetadata is disabled
There are usecases when operator wants to talk to metadata API from
config-drive script (e.g. using curl to get data from metadata). That
means it makes sense to have OVN Metadata Agent deployed while forcing
config-drive to be used.

This patch sets force_config_drive to true only when OVNMetadataEnable
is set to false. If it's set to true then it doesn't touch
force_config_drive option, leaving it up to environment to define it.
(The default for force_config_drive is false.)

Closes-Bug: #1830179
Change-Id: Ib956ff2f521b9853c58eaa5500836c692dd9321d
2019-05-23 08:55:57 +00:00
Michele Baldessari
114e5778f9 Remove the iptables rules set via service_config_settings
This breaks the rules for the haproxy stats access because it
shadows them. Let's remove these rules and move the iptables
rules for haproxy in puppet-tripleo where they should have
been in the first place, like for all other services.

Depends-On: I1325171ef60d7a7e3b57373082fcdb5487be939b
Change-Id: I2f177c930567b3a45f0d95cec4140f478f14a074
Closes-Bug: #1829338
2019-05-23 05:14:05 +00:00
Zuul
e3ad34aece Merge "standalone/undercloud - post: use EndpointMap to fetch Keystone URL" 2019-05-23 00:30:49 +00:00
Zuul
612d1b9d99 Merge "OVS Revalidator and handler threads" 2019-05-23 00:22:01 +00:00
Zuul
aab5feed70 Merge "Try a timesync as part of first boot" 2019-05-22 15:26:46 +00:00
5e83eeda5b Override ovn::controller::hostname to use hiera:fqdn_canonical
ovn::controller::hostname defaults to ::fqdn,
hostname can differ based on how nova configures it, detected
when dhcp_domain name is removed in [1].
So it's good to rely on fqdn_canonical hiera key which
nova also relies on to set "host" in nova.conf.

Also use neutron_timeout instead of neutron_url_timeout
which was deprecated for long and is removed in [1].

[1] https://review.opendev.org/#/c/658400/

Related-Bug: #1829993
Change-Id: If52302b5a04b5e146ac53ccd3fc65a064b2df2fb
2019-05-22 14:48:21 +05:30
Zuul
45a94c8710 Merge "Add more settings for glance image cache" 2019-05-21 22:11:21 +00:00
Emilien Macchi
016279b71e standalone/undercloud - post: use EndpointMap to fetch Keystone URL
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.

This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.

Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
2019-05-21 08:41:22 -04:00
Alex Schultz
eafe390853 Try a timesync as part of first boot
We're running into issues where if someone creates a firstboot script
that touches a file that will eventually be mounted into a container, it
can fail if the time of the file ends up being in the future due to a
later timesync. Let's try a basic timesync bootstrap as part of
cloud-init to address the case of configuration changes occuring prior
to the host_prep_tasks where we traditionally configure chrony/ntp

Depends-On: https://review.opendev.org/#/c/659398
Change-Id: I294eba826b98c5793336815282f766e3d2e60a51
Related-Bug: #1776869
2019-05-20 21:34:50 +00:00
Zuul
719304d1af Merge "Add cinder credentials to nova conf" 2019-05-20 21:10:53 +00:00
Zuul
a4b4ae1f65 Merge "Ironic Inspector - use make_url for db connection" 2019-05-20 17:43:00 +00:00
Zuul
2f1ec04ad4 Merge "Configure nova_compute for vendordata" 2019-05-18 00:42:41 +00:00
Harald Jensås
cf6fc40c67 Ironic Inspector - use make_url for db connection
The current list_join implementation does not handle
IPv6 addresses properly. Switch to use the make_url
function.

Closes-Bug: #1829582
Change-Id: I9bd87fe94909107e7bfece0e7643cb48b6cf2355
2019-05-18 00:19:20 +02:00
Zuul
3a0683d646 Merge "Correct ceph configuration for scenario 10 environments" 2019-05-17 21:51:51 +00:00
Zuul
c33f8cb117 Merge "Remove NovaConsoleauth Service" 2019-05-17 16:21:03 +00:00
Rajesh Tailor
8f8b750e4f Add cinder credentials to nova conf
Added user/project CONF with admin role at cinder group,
and when determine context is_admin and without token, do
authenticaion with user/project info to call cinder api.

When set reclaim_instance_interval > 0, and then delete an
instance which booted from volume with `delete_on_termination`
set as true. After reclaim_instance_interval time pass,
all volumes boot instance with state: attached and in-use,
even when attached instances was deleted.

This happens because as admin context from
`nova.compute.manager._reclaim_queued_deletes` did not have
any token info, then call cinder api would be failed.

The corresponding nova changes merged in change
https://review.opendev.org/#/c/522112/

Also rephrased CinderPassword parameter description in
cinder service templates to make it generic.

Depends-On: https://review.opendev.org/#/c/657918/
Related-Bug: #1734025
Change-Id: If0f9e442e5ed3b2d94bc51e65c145519c51cbc86
2019-05-17 18:52:14 +05:30
Brent Eagles
6e150aeb02 Correct ceph configuration for scenario 10 environments
Sets ceph_mon to v2 protocol.

Change-Id: Ia111d03462d517a84be6fb6e277565d828eb6175
2019-05-17 11:43:23 +00:00
Zuul
54d48b591d Merge "Set configure_delegated_roles a parameter" 2019-05-16 18:53:08 +00:00
Zuul
d20f609334 Merge "Fix NovaNfs role parameter precedence in conditions" 2019-05-16 11:29:00 +00:00
Zuul
884ffe6d8c Merge "Remove HostEntryDeployment" 2019-05-16 10:42:45 +00:00
Zuul
2e03e36250 Merge "Remove InstanceIdDeployment" 2019-05-16 10:42:43 +00:00
Zuul
7a5103ef93 Merge "Ensure we aren't running some dry-run also for Pacemaker case" 2019-05-16 10:42:41 +00:00
Grzegorz Grasza
05f650d5da Fix IPA client when doing brownfield deployment of internal TLS
* Always use the FQDN supplied in the metadata.
* Read the metadata from network if hostname could not be determined.

These changes fix issues with deploying internal TLS after initialy
deploying without it (also known as a "brownfield deployment").

Change-Id: I9d1b4174dd349c29dc92079202176a11d3f85fe3
Co-Authored-By: Ade Lee <alee@redhat.com>
2019-05-15 17:43:13 +02:00
Zuul
c609599fe5 Merge "placement: Add nova_api data extraction step during deployment" 2019-05-15 12:12:51 +00:00
Zuul
2e48eebc3a Merge "Re-add undercloud-aodh.yaml" 2019-05-15 08:38:32 +00:00
hakhande
3c5ad2aab9 OVS Revalidator and handler threads
Revalidator and handler threads are not coherent with lcore
Configure these threads accoding to confgiure lcores

Change-Id: Idc3328658a4c5c21fd011c6c4f791e7993559f1a
Closes-Bug: #1822571
Depends-On: https://review.openstack.org/650626
2019-05-15 12:54:05 +05:30
Steve Baker
3778e6121b Configure nova_compute for vendordata
The next change in this series turns off the nova_metadata service,
which means nova_compute needs to have the same vendordata
configuration so that it can populate the config-drive data with the
same vendordata served by nova_metadata.

Change-Id: I2dc1d120d0bd7cc91bde767097945598148d3e9b
Blueprint: nova-less-deploy
2019-05-15 16:40:00 +12:00
Zuul
35ea92178d Merge "Default CephAnsibleDisksConfig to bluestore" 2019-05-14 20:43:57 +00:00
James Slagle
bb95ce8439 Remove HostEntryDeployment
This deployment was for getting the hostname of pre-provisioned nodes.
This is no longer required with config-download since a HostnameMap is
required to be used with config-download.

Change-Id: I35d7d03c5373a251dfe96c2f71c4915ee52f113a
implements: reduce-deployment-resources
2019-05-14 15:48:05 -04:00
James Slagle
3a1948390d Remove InstanceIdDeployment
This deployment is no longer needed as it was only setting metadata that
was used by os-collect-config. Now that config-download is used,
os-collect-config is no longer used, we can get rid of this deployment.

Change-Id: Icd45f7299c4053373b3161d90ad32135c9f40e5a
implements: reduce-deployment-resources
2019-05-14 15:48:05 -04:00
Zuul
80c3546402 Merge "Modified the way fluentd configures rsyslog" 2019-05-14 16:44:53 +00:00
Oliver Walsh
32bf12e20e Fix NovaNfs role parameter precedence in conditions
I2702a022565a130ab339d165cb2252ad67d1162e changed the Nova NFS params to be
role specific, however the global param still takes precedence in the
enable_live_migration_tunnelled condition.
With this change the the global param is only considered when the role
specific param is not set.

Change-Id: I3d1a0f632e8a7e4924ebabdc795c0ef5d53cdd6d
Related-Bug: 1823712
2019-05-14 17:10:29 +01:00
Juan Badia Payno
bbbca8d65d Modified the way fluentd configures rsyslog
Fluentd makes rsyslog to send the logs to fluentd locally.
This configuration was create within the puppet-tripleo,
mounting the /etc/rsyslog.d/ directory on the fluentd
container. This generates an issue when is deployed on
RHEL BZ #1701726.

This patch aim to fix it.
 - The /etc/rsyslog.d directory is no longer mounted
 on the fluentd container.
 - The rsyslog configuration was moved to the host_prep_tasks.

Depends-On: I388180dc991926ff30f8bbc556f61447152f8dc9
Change-Id: Iae610832c12d63bde1eb507ba4bb89f2e3cfa24b
2019-05-14 09:15:48 +02:00
Alex Schultz
aeb91c34f8 Re-add undercloud-aodh.yaml
https://review.opendev.org/#/c/611188/ incorrectly removed the
undercloud-aodh.yaml environment file as we still reference it in
python-tripleoclient.

Change-Id: I458dd389ef8a953d5ec8f2bcb0fa454fe0ffffcb
Closes-Bug: #1828893
2019-05-13 15:29:05 -06:00
Zuul
9f7fbe0678 Merge "Fix haproxy firewall rules" 2019-05-13 17:59:50 +00:00
Cédric Jeanneret
cc95b17edb Ensure we aren't running some dry-run also for Pacemaker case
I5851dc7820fdcc4f5790980d94b81622ce3b0c8d corrected the dry-run case
only for non-HA setup.

The HA case was overlooked since it doesn't inherits from the non-HA.

Change-Id: Id678bbc2127bc3742d3c254ff4f62fc1b0e27daa
Related-Bug: #1823841
2019-05-13 09:52:08 +02:00
Zuul
08ead26e66 Merge "Remove OVNTunnelEncapType" 2019-05-11 01:54:52 +00:00
Zuul
f5ba43ea21 Merge "Add DPDK support for OVN" 2019-05-10 21:03:53 +00:00
Zuul
ab8b64c56a Merge "[ipaclient] Fix type of MakeHomeDir heat param" 2019-05-10 18:53:38 +00:00
Michele Baldessari
ef6c23ef64 Fix haproxy firewall rules
The problem we want to selve is that the change
https://review.opendev.org/#/c/631486/ (moving iptables creation to the
host) never really worked.

The reason it never worked and we never noticed is two-fold:
A) It ran: -e include ::tripleo::profile::base::haproxy
the problem is that without quoting puppet basically does a noop

B) Once the quoting is fixed it breaks because 'export FACTER_step'
exports a custom fact but does not export a hiera key per-se (so calls
to hiera('step') would fail

So we add proper quoting only on the variables that are arguments to a
parameter so that there is no risk of ansible doing the wrong thing and
puppet gets the correct arguments.

We also explicitely set the step for hiera in the deploy_steps_tasks.
The reason we need it is because in non-HA the iptables rules would
be created at step 1. But since the deploy_steps_tasks run before the
actual tasks that set the step hieradata.we would get the following
error:
Error: Function lookup() did not find a value for the name 'step'

We can just write out the step hiera key during the deploy_steps_tasks,
it will be enforced again shortly afterwards once the
common/deploy-steps-tasks.yaml gets invoked.

We also switch back to puppet_execute: ::tripleo::profile::base::haproxy
even for the pacemaker profile. This was broken by the flattening of the
haproxy service (Id55ae44a7b1b5f08b40170f7406e14973fa93639)

Co-Authored-By: Luca Miccini <lmiccini@redhat.com>

Change-Id: Iab310207ca17a6c596470dda30a39e029c4fe09c
Closes-Bug: #1828250
2019-05-10 17:42:39 +02:00
Lee Yarwood
967d42b543 placement: Add nova_api data extraction step during deployment
This change adds an additional deployment step that will attempt to
extract all Placement data from the nova_api database ahead of db syncs
being preformed. For the time being this is a noop as there should be no
data to move across. Eventually this will be used during upgrades and
actually used to migrate data between the nova_api and placement
database.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>

Change-Id: Ifaa1101d05b835529730002ef985990c6469a449
2019-05-10 17:15:23 +02:00
Zuul
546ca82416 Merge "Propagate AdditionalArchitectures to container image prepare" 2019-05-10 10:53:13 +00:00
Zuul
eeb609a89d Merge "Use RpcPort for container healthchecks" 2019-05-10 09:31:16 +00:00