94 Commits

Author SHA1 Message Date
Zuul
124fabb8a8 Merge "Allow configuring cinder mount point for glance cinder store" 2021-03-01 20:41:48 +00:00
Zuul
a0ad81b0b6 Merge "Remove DefaultPasswords interface" 2021-02-16 08:00:59 +00:00
ramishra
7f195ff9a8 Remove DefaultPasswords interface
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30
PranaliD
4535e0f356 Enabling 'cinder_use_multipath' if cinder multipath is enabled
Currently,'cinder_use_multipath' parameters' is disabled in glance-api.conf,
when cinder multipath is enabled.

Enabling 'cinder_use_multipath' when multipath is enabled.

Depends-On: Ic2c86e6a890b58ca7703ea3a3147c8d4ecf13953
Change-Id: I03e042b9684e6bdd8c277066776df23d2eb84ecd
2021-02-11 07:09:21 +00:00
Pranali Deore
365f16e21d Allow configuring cinder mount point for glance cinder store
The new parameter CinderMountPointBase has been added which will be used
for mounting NFS volumes on glance nodes.
When glance uses cinder as store and cinder backend is NFS, the mount
point would be required to be set with this parameter.

Depends-On: Ib724f6e895716847827be48ed08b01a7a312338f
Change-Id: Ie84fa812c71ccff8328a0c43e023f98522dd80fb
2021-02-10 13:06:38 +05:30
Zuul
0538af2751 Merge "Glance: use the puppet parameter to enable image cache feature" 2021-01-13 08:06:25 +00:00
Francesco Pantano
79686663e8 Configure Ceph clients via tripleo-ceph-client (not ceph-ansible)
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.

Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.

Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.

Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
2021-01-04 15:16:11 +00:00
Takashi Kajinami
1c46f0a6cc Glance: use the puppet parameter to enable image cache feature
This change migrates the logic to include the required classes for
image cache feature from tripleo-heat-templates to puppet-tripleo, so
that we compose all required puppet classes in puppet-tripleo.

Depends-on: https://review.opendev.org/768796
Change-Id: I6fa9146746539e60b8ca08adadd839aa8c21fa4a
2020-12-31 12:30:33 +09:00
Zuul
4b3b7f6e36 Merge "Notification drivers need to be a list" 2020-12-22 19:42:16 +00:00
Michele Baldessari
48d0e4d9b6 Notification drivers need to be a list
Convert the NotificationDriver to a comma_delimited_list.
This will still not break existing templates because passing
a string is still completely valid. This is done so that the hiera keys
will be passed down as lists.

The oslo::messaging::notifications::driver expects a list anyway so this
won't break things and will allow us to actually specify multiple
notification drivers correctly. The change that allowed
oslo::notifications to use both strings and lists is
If65946412b42e0919456ed92fdd8e3788ad67872 (Messaging notifications
should be set as a list)

Related-Bug: #1851629

Change-Id: I24c860cd3121e5c307233864818ca86967ff6d72
2020-12-18 11:26:15 +00:00
Francesco Pantano
3663790bc0
Remove /etc/ceph dependency and add tripleo_ceph_client role
This change introduces a new CephConfigPath parameter that can be used
by all the OpenStack clients when looking for Ceph client related info
(ceph.conf and keyrings).
By overriding this parameter we can make the containers able to pull
data from different path than /etc/ceph wich was hardcoded.
On top of this change, a new bool is added to prevent the ceph-ansible
client role being executed.
When this boolean is true, the 'ceph_client' tag is added to the list
of tags that should be skipped in ceph-ansible.
By doing this, ceph-ansible won't run the client role [1] and the new,
tripleo_ceph_client role is imported and executed.

[1] https://github.com/ceph/ceph-ansible/blob/master/site-container.yml.sample#L269

Depends-On: Iaabb66cd26f0246defe391a4e34f4eab3c3c5fee
Depends-On: Ia60bc6d5d1a04bd560f2fcb05a4b64078015ae9d

Change-Id: I36673367411cc8d68ffb9ec4a2fbff64ebf12f29
2020-12-04 18:19:14 +01:00
Takashi Kajinami
37548ddb40 Enforce internal api for token verification
This change enforces the usage of internal api for token verification,
so that internal requests to keystone uses internal endpoint instead
of admin endpoint which is deployed on provisioning network by default.

Change-Id: I8b5ac36ff1da46844d18fa73f835175e52719a63
Closes-Bug: #1899266
2020-10-11 15:46:08 +09:00
Zuul
480be85c10 Merge "Enable glance sparse image upload" 2020-10-05 17:18:21 +00:00
PranaliD
5c51ade11c Enable glance sparse image upload
To handle sparse image upload, new config parameters
``rbd_thin_provisioning`` and ``filesystem_thin_provisioning``
have been added in glance for rbd and filesystem backends
respectively with enabling image_conversion plugin for both
types of backends.

To make the above parameters enable, adding 'GlanceSparseUploadEnabled'
parameter in THT.

Depends-On: Ic95fa45af0f1db92d8425862c6267f466764fbbe
Depends-On: I90c8ea98a96fa57f5bf3bf0c6b2b37ec95474baf

Partially Implements: blueprint handle-sparse-image

Change-Id: I5a339e9850be3825540873736b9734178994ce21
2020-10-04 04:10:31 +00:00
Zuul
55d1945c97 Merge "Disable notification from services by default" 2020-10-02 09:06:42 +00:00
Takashi Kajinami
afc0b731e0 Disable notification from services by default
Currently we disable Telemetry services like Ceilometer by defaut,
which means that we don't have any consumers for notification messages.
So NotificationDriver should be set as noop by default so that we don't
have unconsumed messages in notification queues.

Change-Id: I1d05749c94bd58ad4badafa7d9755009cb4b64af
Closes-Bug: #1869355
2020-09-30 09:51:08 +09:00
Takashi Kajinami
4680c4439b Remove sync_db parameters
Currently initialization of db is implemented as an independent task
in tripleo-heat-templates and not triggered by puppet.
In puppet, all of sync db jobs are implemented by exec resources but
"exec" is not included in puppet_tags enabled, so these implementations
in puppet are never triggered.

This patch removes sync_db parameters from templates because they are
ineffective and misleading.

Change-Id: Id231c612d8ef0ebc27bf87e0b2acbb76d89c9801
2020-09-29 09:04:04 +09:00
Giulio Fidente
0d8231c169 Add support for Glance disk_formats configuration
The newly added GlanceDiskFormats parameter is meant to configure
a list of disk formats allowed in Glance; the service default is
used unless the list is explicitly set.

Depends-On: I0f343321d43efa5e4a4274f01a4592a8fcd92417
Change-Id: If38194902463557e184a8297a0a02f873d6a2a2d
2020-09-23 14:41:51 +00:00
Jose Luis Franco Arza
8783ec9c45 Remove ffwd-upgrade leftovers from THT.
Now that the FFU process relies on the upgrade_tasks and deployment
tasts there is no need to keep the old fast_forward_upgrade_tasks.

This patch removes all the fast_forward_upgrade_tasks section from
the services, as well as from the common structures.

Change-Id: I39b8a846145fdc2fb3d0f6853df541c773ee455e
2020-07-23 15:33:25 +00:00
Zuul
66600e6fd7 Merge "Use native YAML syntax in mount tasks" 2020-07-18 01:40:08 +00:00
Takashi Kajinami
3364256368 Use native YAML syntax in mount tasks
Generally it is recommended[1] to use native YAML syntax in ansible
instead of one line definition, because it brings some benefits like
clear difference detected in git.

This patch updates existing mount tasks to follow that recommendation.

[1] https://www.ansible.com/blog/ansible-best-practices-essentials

Change-Id: I42c55ee0f69234fd54003e9cc471570f668c17b6
2020-06-24 20:02:02 +09:00
Emilien Macchi
1a48fa61f4 Sync httpd conf.modules.d configs
For containers which run httpd, make sure conf.modules.d is also synced
into the container; so apache doesn't fail with:
AH00534: httpd: Configuration error: More than one MPM loaded.

This is now required since:
6425cc46a8

Change-Id: Ib315d10dbdbbad1628f536a74cd1fca371f018f5
Closes-Bug: #1884115
2020-06-24 03:32:02 +00:00
Zuul
9af096189b Merge "Enable glance cache prefetcher interval" 2020-05-31 23:13:54 +00:00
Zuul
8471fceb6c Merge "Include copy-image for GlanceEnabledImportMethods for dcn-hci" 2020-05-31 23:09:24 +00:00
Pranali Deore
13b06b5248 Enable glance cache prefetcher interval
As new periodic job added in glance which will run as per
interval set using 'cache_prefetcher_interval' configuration
option and fetch images which are queued for caching in cache
directory.

Added GlanceImagePrefetcherInterval to configure
'cache_prefetcher_interval' configuration option
in glance-api.conf when glance cache is enabled.

Depends-on: I8ece28a9b0c6f104130d817490e9ea4c2b4e7808
Change-Id: I5294f7b9984ef0b59f505819e2ce95c41e69d3c8
2020-05-21 11:07:39 +05:30
John Fulton
161071f2d8 Include copy-image for GlanceEnabledImportMethods for dcn-hci
If you are using environments/dcn-hci.yaml, then you very likely
have more than one Glance server and will want to use the copy-image
feature. Thus, enable it by default for deployments which use this
environment file.

Also because GlanceCacheEnabled defaults to False and because
GlanceImageCacheMaxSize defaults to 10737418240 we don't need
to explicitly set them in environments/dcn{,-hci}.yaml.

Change-Id: If745aa0824098950367525170eaf6cb4e3804482
2020-05-20 14:41:05 -04:00
Giulio Fidente
fe4253102a Make user value for GlanceImageImportPlugin prevail on logic
We used to *append* image_conversion to the list of enabled Glance
import plugins when both Glance and Nova were configured to use RBD
but we should instead make user input prevail on the logic, assuming
users who customize the THT param know what they are doing and
eventually include image_conversion only when they need it.

Change-Id: I5c0788bb361323f5a0e69e22d4bd42fa3c1e06ed
2020-05-19 16:17:20 +00:00
Takashi Kajinami
fffdcf0f30 Use absolute name to include puppet classes
Current puppet modules uses only absolute name to include classes,
so replace relative name by absolute name in template files so that
template description can be consistent with puppet implementation.

Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a
2020-04-11 08:13:23 +09:00
Emilien Macchi
38bad5283f Remove all ignore_errors to avoid confusion when debugging
- deploy-steps-tasks-step-1.yaml: Do not ignore errors when dealing
  with check-mode directories. The file module is resilient enough to
  not fail if the path is already absent.

- deploy-steps-tasks.yaml: Replace ignore_errors by another condition,
  "not ansible_check_mode"; this task is not needed in check mode.

- generate-config-tasks.yaml: Replace ignore_errors by another
  condition, "not ansible_check_mode"; this task is not needed in check mode.

- Neutron wrappers: use fail_key: False instead of ignore_errors: True
  if a key can't be found in /etc/passwd.

- All services with service checks: Replace "ignore_errors: true" by
  "failed_when: false". Since we don't care about whether or not the
  task returns 0, let's just make the task never fail. It will only
  improve UX when scrawling logs; no more failure will be shown for
  these tasks.

- Same as above for cibadmin commands, cluster resources show
  commands and keepalived container restart command; and all other shell
  or command or yum modules uses where we just don't care about their potential
  failures.

- Aodh/Gnocchi: Add pipefail so the task isn't support to fail

- tripleo-packages-baremetal-puppet and undercloud-upgrade: check shell
  rc instead of "succeeded", since the task will always succeed.

Change-Id: I0c44db40e1b9a935e7dde115bb0c9affa15c42bf
2020-03-05 09:22:04 -05:00
Zuul
b5ef03c9c9 Merge "Add support for glance multistore" 2020-02-27 05:18:25 +00:00
Zuul
b130f78076 Merge "Replace svirt_sandbox_file_t by container_file_t" 2020-02-10 13:58:31 +00:00
Zuul
c48ccacf74 Merge "Remove deprecated authtoken::auth_uri" 2020-02-07 17:43:51 +00:00
Cédric Jeanneret
0875895553 Replace svirt_sandbox_file_t by container_file_t
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).

A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.

Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
2020-02-07 13:33:20 +01:00
Zuul
a3916383d3 Merge "Update ffwd-upgrade branch names" 2020-02-01 21:51:45 +00:00
Zuul
a5f1d5c6e2 Merge "Add DeployIdentifier to extra config containers" 2020-01-29 14:44:14 +00:00
Alan Bishop
96937674a7 Add support for glance multistore
Add parameters to support deploying multiple glance-api backends. The
existing GlanceBackend parameter specifies the first backend, and it's
the default backend when multiple backends are defined. Additional backends
are defined using a new GlanceMultistoreConfig parameter. The data is
a hash where the keys are the glance backend identifier and the data is
the glance settings for that backend. A new GlanceStoreDescription lets
the user to provide a description for each backend.

The configuration can specify any combination of supported backend types.
Multiple rbd backends can be specified, but cinder, file and swift
backends are limited to one each.

Change-Id: Ifc538250815f0ce0e534cae443037e143309ca56
Depends-On: I41ab9b3593bf3d078c5bbd1826df8308e3f5e7af
2020-01-28 07:39:15 -08:00
Jesse Pretorius (odyssey4me)
2092b1303f Update ffwd-upgrade branch names
The next iteration of fast-forward-upgrade will be
from queens through to train, so we update the names
accordingly.

Change-Id: Ia6d73c33774218b70c1ed7fa9eaad882fde2eefe
2020-01-27 19:42:40 +00:00
Takashi Kajinami
8cc62c5f14 Remove deprecated authtoken::auth_uri
auth_uri parameter in authtoken was already removed from puppet modules[1],
so remove it from hieradata.

Also, some service templates missed www_authenticate_uri, which was
introduced as a replacement of auth_uri, so add it to make sure that
we have a correct parameter confugured.

[1] I12b4049e4942911c8d1d8027c579eb4c0d1a53eb

Change-Id: I1e8378f58662377344194916e8bc336df02d0591
2020-01-26 09:26:50 +09:00
Brent Eagles
714e1b5d31 Add DeployIdentifier to extra config containers
Certain config containers might need to be replaced and re-run
regardless of whether configuration changes on update and upgrade.
Adding the DeployIdentifier to the env will ensure that they are.

Change-Id: I150212ebac3fed471ffb4e7ed7b6eb6c7af3fad9
Closes-Bug: #1860571
2020-01-22 15:16:12 -03:30
Kevin Carter
9a2a36437d
Update all roles to use the new role name
Ansible has decided that roles with hypens in them are no longer supported
by not including support for them in collections. This change renames all
the roles we use to the new role name.

Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae
Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-01-20 10:32:23 -06:00
Emilien Macchi
7f40baabcd Manage all Keystone resources with Ansible
Depends-On: I557d8f33c9c699aed14b3b6fc1d1c0407365cd08
Depends-On: Ia68f8852662fb4abbd194954a246afb740bf3f71

Change-Id: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e
2020-01-06 22:33:05 +00:00
Sagi Shnaidman
016f7c6002 Remove unnecessary slash volume maps
When podman parses such volume map it removes the slash
automatically and shows in inspection volumes w/o slash.
When comparing configurations it turns to be a difference and
it breaks idempotency of containers, causing them to be recreated.

Change-Id: Ifdebecc8c7975b6f5cfefb14b0133be247b7abf0
2019-12-04 20:32:14 +02:00
Michele Baldessari
f22dce4477 Make sure glance_api_tls_proxy logs are persisted on the host
The logs for the glance_api_tls_proxy containers are not persisted on
the host and hence get lost at the restart of the container.  Said
container has httpd inside of it so we need to make sure that the httpd
logs are persisted on the host just like the other containers that use
httpd.

Tested this review and I correctly get the logs persisted on a
TLS-everywhere environment:
[root@controller-0 ~]# ls -l /var/log/containers/httpd/glance/
total 1040
-rw-r--r--. 1 root root   5864 Nov 28 10:07 error_log
-rw-r--r--. 1 root root 544043 Nov 28 11:17 glance-api-proxy_access_ssl.log
-rw-r--r--. 1 root root   4360 Nov 28 10:07 glance-api-proxy_error_ssl.log

Change-Id: Id4f24e171867adc445eca55b3908360c8f3f6f30
Closes-Bug: #1854343
2019-11-28 12:17:51 +01:00
Kevin Carter
50367fbe35 Convert firewall rules to use TripleO-Ansible
This change converts our filewall deployment practice to use
the tripleo-ansible firewall role. This change creates a new
"firewall_rules" object which is queried using YAQL from the
"FirewallRules" resource.

A new parameter has been added allowing users to input
additional firewall rules as needed. The new parameter is
`ExtraFirewallRules` and will be merged on top of the YAQL
interface.

Depends-On: Ie5d0f51d7efccd112847d3f1edf5fd9cdb1edeed
Change-Id: I1be209a04f599d1d018e730c92f1fc8dd9bf884b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-11-18 15:40:22 -06:00
Jose Luis Franco Arza
4cbae84c75 Get rid of docker removing in post_upgrade tasks.
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.

This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.

Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
2019-11-12 16:33:38 +01:00
Zuul
814ca5ed32 Merge "Add SQLAlchemy-collectd support" 2019-10-21 19:38:56 +00:00
Emilien Macchi
81258ae551 Convert container environment from a list to a dict
Moving all the container environments from lists to dicts, so they can
be consumed later by the podman_container ansible module which uses
dict.

Using a dict is also easier to parse, since it doesn't involve "=" for
each item in the environment to export.

Change-Id: I894f339cdf03bc2a93c588f826f738b0b851a3ad
Depends-On: I98c75e03d78885173d829fa850f35c52c625e6bb
2019-10-16 01:29:31 +00:00
Mike Bayer
4bee12fea1 Add SQLAlchemy-collectd support
The SQLAlchemy-collectd plugin is now shipped in podman
containers under Kolla, this allows heat templates
to pull the plugin into the collectd configuration when
the collectd templates are being used.

A corresponding change in puppet-tripleo under the same change-id
adds support to enable the plugin on the puppet side.

The feature can be enabled for an overcloud by adding:

    EnableSQLAlchemyCollectd: true

to the heat configuration while also including one of the
collectd templates from environments/metrics.

The implementation requires that Openstack services which make
use of SQLAlchemy include directives for the plugin within
the SQLAlchemy URL, so this incurs a change in all templates
that include a MySQL database URL.

Change-Id: If598da717653a383a2d3b3373c56517f8bca832f
2019-10-11 10:16:30 -04:00
Alan Bishop
aa1f4bf621 Fix selinux context for glance-api
Remove the z flag from glance-api's service directory. The service
directory does not need to be shared with other containers, and
podman fails to apply setting with glance is using NFS (i.e.
/var/lib/glance/images is a mount point).

Also update the NFS mount options to use svirt_sandbox_file_t, which
is consistent with the parent service directory.

Closes-Bug: #1834857
Closes-Bug: #1844465
Change-Id: I7e135615fb53815ce14a3bcfec42b28f86d6dbae
2019-09-18 05:47:56 -07:00
Zuul
d514437721 Merge "Revert "Do not forcibly enable Glance multiple locations for RBD backend"" 2019-09-06 11:07:03 +00:00