24 Commits

Author SHA1 Message Date
Bogdan Dobrelya (bogdando)
a1e580f039 Revert "Fix generating Apache configs by container-puppet"
fixes following issue coming on RHEL8 http://logs.rdoproject.org/openstack-periodic-master/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-rhel-8-standalone-master/11c7794/logs/undercloud/var/log/extra/podman/containers/keystone_db_sync/stdout.log.txt.gz

This reverts commit 80d12514d5cd3c20057bd01588e5d5d15d131ca9.

Change-Id: Ice566e90e468bc919872d0954d2d696f4554e00b
2019-08-02 13:54:35 +02:00
Chandan Kumar (raukadah)
c1269a6475 Revert "Wire-in Apache MPM module parameters and switch it"
This reverts commit 09cfcc1464dce0eb7c05caf42375290bbaae4199.

Change-Id: Ife71b124fa404050fcbcb2e041590a295076d6d9
2019-08-02 10:34:07 +00:00
Bogdan Dobrelya
09cfcc1464 Wire-in Apache MPM module parameters and switch it
Allow to configure Apache MPM module for the containerized API/WSGI'ish
services running Apache as a backend. Change the default from 'prefork'
to 'event', which is a low level change and should provide no sensible
upgrade impact. This alleviates the related heartbeats threading issue
arising with the monkey-patched eventlet.

Merge the missing ApacheServiceBase config settings for Octavia API,
Horizon and Ironix PXE. This is needed to apply the base Apache
service hiera settings, including MPM module switches, for those
as well.

Related-bug: #1829062

Change-Id: Ia65af7a9d6ae106a61ec52912bebba72830d5f28
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-07-31 10:18:46 +02:00
Bogdan Dobrelya
80d12514d5 Fix generating Apache configs by container-puppet
The changes listed below provide a single unit of work required to
configure Apache backend for WSGI-based OpenStack API services
w/o conflicts causing containers startup failures.

W/o this change /etc/httpd/conf.modules.d/00-mpm.conf shipped with RPM
or other conflicting httpd modules might remain in the containers
and cause startup failures. While puppet removes such conflicts from
the configuration, f.e. when switching MPM 'prefork' to 'event', and we
expect it never gets into container configs.

Make kolla extended start properly enforcing the wanted state of
/etc/httpd, including conf.d and conf.modules.d, and also any of the
removed by puppet files, like conflicting Apache MPM modules.

Add container-puppet tasks to ensure apache MPM configs generated
before the main config steps that require Apache started in the
service container.

Additionally, ensure consistent mirroring across config-data
paths for the container-puppet tool. Purge obsoleted/irrelevant files
in the destingation (puppet-generated) before rsyncing new contents
into it.

Closes-Bug: #1835414

Change-Id: I3e5b4372a01b29bf13179d8a16acc36da9c5caab
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-07-31 10:18:30 +02:00
Jose Luis Franco Arza
d1035703b7 Force removal of docker container in tripleo-docker-rm.
The tripleo-docker-rm role has been replaced by tripleo-container-rm [0].
This role will identify the docker engine via the container_cli variable
and perform a deletion of that container. However, these tasks inside the
post_upgrade_tasks section were thought to remove the old docker containers
after upgrading from rocky to stein, in which podman starts to be the
container engine by default.

For that reason, we need to ensure that the container engine in which the
containers are removed is docker, as otherwise we will be removing the
podman container and the deployment steps will fail.

Closes-Bug: #1836531
[0] - 2135446a35

Depends-On: https://review.opendev.org/#/c/671698/
Change-Id: Ib139a1d77f71fc32a49c9878d1b4a6d07564e9dc
2019-07-19 12:37:35 +00:00
a23aa80c40 Add swift_config puppet-tag for swift-ringbuilder
ConfigParser in python3 is not happy with the default
config(contain %%) shipped with swift package[1]. So while applying
puppet manifest for swift-ringbuilder default config from
package is used(as swift_config tag doesn't exist in puppet-tags),
this patch adds it, so swift-ringbuilder uses the generated config
instead of package defaults.

[1] https://github.com/rdo-packages/swift-distgit/blob/rpm-master/swift.conf

Closes-Bug: #1836572
Change-Id: I737b85393e9ce13bda279dc0388bf27bd979af42
2019-07-17 14:44:05 +05:30
Zuul
d61a720177 Merge "Support TLS deployments with KernelDisableIPv6 enabled" 2019-07-10 03:34:33 +00:00
Grzegorz Grasza
d48d1bdb37 Support TLS deployments with KernelDisableIPv6 enabled
Bind to 127.0.0.1 in case ipv6 is disabled. Set a hiera value
localhost_address, so that it can be used in tls_proxy.pp to
unambiguously connect to those services.

Change-Id: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
2019-07-09 16:14:43 +00:00
Emilien Macchi
58bf8a207b swift: ensure we get rsyslog state "--check" mode
Ensure that the logging forwarding tasks do not fail in ansible check
mode, and we make sure the rsyslog_config is actually defined.

Change-Id: Ifaf692643f21f2ae30557b251ae58a9b32fbb143
Closes-Bug: #1835415
2019-07-04 13:55:32 +00:00
Rabi Mishra
90d05216b9 Replace /var/log/containers/swift symlink with directories
Once we remove the symlinks in update_staks, host_prep_tasks
would create those directories.

Assuming that minor update runs before upgrades, this should
take care of upgrades too.

Change-Id: Idabfec5f568a4e02900d103d23f4cb3c199e84c9
Related-Bug: #1833690
2019-06-24 16:18:06 +05:30
Rabi Mishra
d3a9614d8a Don't create symlink for swift container logs
logrotate 3.14.0 silently ignores all files when
there is a broken symlink in the container.

Change-Id: I52a74c7b5473340e2afd240d7d6af9ad5bc97544
Closes-Bug: #1833690
2019-06-21 16:59:21 +05:30
Zuul
14998e6a5d Merge "Convert Docker*Image parameters" 2019-06-18 08:01:14 +00:00
Alan Bishop
06d6fb3bde Remove extraneous references to RpcXXX parameters
Remove references to RpcPort, RpcUserName, RpcPassword and
RpcUseSSL from all templates that do not actually use the parameter.

Change-Id: I295a7ae93feda24a179a53158ecfc633721bcd59
2019-06-14 08:12:32 -04:00
Dan Prince
a68151d02a Convert Docker*Image parameters
This converts all Docker*Image parameter varients into
Container*Image varients.

The commit was autogenerated with the following shell commands:

for file in $(grep -lr Docker.*Image --include \*.yaml --exclude-dir releasenotes); do
  sed -e "s|Docker\([^ ]*Image\)|Container\1|g" -i $file
done

Change-Id: Iab06efa5616975b99aa5772a65b415629f8d7882
Depends-On: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
Depends-On: Ib1dc0c08ce7971a03639acc42b1e738d93a52f98
2019-06-05 14:33:44 -06:00
Dan Prince
3ae00015e4 Move masq-nets, swift-external, and validations to deployment
Change-Id: I4000381a48f21263935518aca38cedcb792094d9
Related-Blueprint: services-yaml-flattening
2019-05-30 20:37:30 +00:00
Emilien Macchi
7e73fac11a Evaluating ansible_check_mode as a boolean
Evaluating ansible_check_mode as a bare variable is deprecated in
Ansible 2.8 and its support will be removed in 2.12.

Change-Id: I4d566bf8b7b3085d693fe94b53384e667f81b092
2019-04-17 16:55:40 -04:00
Dan Prince
a52498ab4d Move containers-common.yaml into deployment
Change-Id: I8cc27cd8ed76a1e124cbb54c938bb86332956ac2
Related-Blueprint: services-yaml-flattening
2019-04-14 18:15:12 -04:00
Andrew Smith
405366fa32 Deprecate messaging params replaced by global oslo params
Depends-On: I03900b39ab257a9563db37e403254b54f846c056
Change-Id: Ib55c72c0bab9aa0ffc05752a680f573cc351ae17
2019-03-28 12:13:07 -06:00
Emilien Macchi
860333cf31 Rename /var/lib/docker-config-scripts to /var/lib/container-config-scripts
We don't have Docker anymore so let's avoid confusion and rename this
directory.

Change-Id: I79fca28ef8e5396fee78bef992fd800918f05b88
2019-03-26 21:21:57 +00:00
Sergii Golovatiuk
2a8fcc4ddf Remove UpgradeRemoveUnusedPackages
UpgradeRemoveUnusedPackages is not used anymore. All packages are
supposed to be removed on undercloud upgrade to 14.

Change-Id: Ie6b739390ec0ae0c5773a5a6c63b49422195623a
2019-03-19 13:40:02 +00:00
Cédric Jeanneret
c55cf61c99 Avoid "-a" cp option in order to avoid SELinux AVC
Using "cp -a" in a container might lead to SELinux failures, since this option
is a shortcut for "-dR --preserve=all". The "all" has the context, and we do
not allow SELinux relabelling within containers.

Splitting the "-a" to "-dR --preserve" will provide the same end results, but
without the relabelling, preventing audit.log to fill up during the deploy.

Closes-Bug: #1819459
Change-Id: Ic280ad8e95fcc32986987f5abaa524f171d7c13b
2019-03-14 08:48:24 +01:00
Emilien Macchi
160cddda3f Rename docker_config_scripts to container_config_scripts
Change-Id: Iabd65560c2fc28b3aeca07a21efa861c4c583c01
2019-03-06 09:05:50 -05:00
Jose Luis Franco Arza
dca57f51bc Remove the use of tests as filters as it will be deprecated.
As of Ansible 2.5, using an Ansible provided jinja test with filter syntax,
will display a deprecation error, they should be switched into using 'is' [0].

[0] - https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.5.html#id17

Change-Id: I46912d6cff8b8332bbe875166636523f02a8088b
2019-02-07 16:29:52 +01:00
Dan Prince
f0aecdd362 flatten the swift service configurations
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all swift services.

With this patch the baremetal version of each swift service has been removed
except for swift-dispersion which only exists in baremetal form.

Related-Blueprint: services-yaml-flattening

Change-Id: I7986efed381a2149bdff42526048ae72e0bf36c0
2019-01-26 17:10:27 -05:00