"system prune -a -f" deletes unused container images, as well as
containers which are stopped. This removes useful HA containers
*_init_bundle and *_restart_bundle, which makes debugging more
complex. This also removes tags whose image id are used by
pacemaker HA container.
Reduce the effect of cleanup by keeping stopped containers, which
in effect ensures that we also keep the tags used by HA containers.
Note: keep the aggressive cleanup for upgrade_tasks, because
they are always followed by deployed tasks, which recreate the
missing containers.
Note2: This doesn't apply for podman containers, whose cleanup
looks similar but is not as aggressive.
Change-Id: I936fb965687b961602e677bcca72f403121cbb0d
Closes-Bug: #1846368
When using IPv6 for provisioning baremtal nodes ironic.conf
needs:
- [pxe]/ip_version must be set to '6'. Add parameter
IronicIpVersion.
- [deploy]/http_url must have the IPv6 address wrapped.
Use the $NETWORK_uri value from hiera which carries
an ip address fit for use in url.
Related-Bug: #1845746
Depends-On: Ib29adccc8378bd3e2a46b7d2ca3cfacba55e7674
Change-Id: I6384e11dd68cdbf2179545caae2c818fd1a6b23e
The logins json can be both a hash and a string, depending on how it is
being set by the deployer. To ensure that we're able to cover both cases
this change will test the initial data type and react accordingly.
Change-Id: I443bc36ca8808e1547da37f207b011031120067f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Names used in rsyslog-container-puppet.yaml, with "Docker"
were outdated. Correct names are with "Container" instead of
"Docker" and this commit updates that.
Change-Id: Id599d3d121926c66c190f299094b53b484175d35
Like other *Debug parameters, make it so we first look for
ContainerImagePrepareDebug to be set, otherwise we fallback to Debug;
like we already do in all other OpenStack services.
Change-Id: I0f18b475c69a8ba71b06f517e87caf0d5c209fbb
This change (with its dependent reviews) creates a separate VIP for the OVN DBS
service. A more detailed explanation can be found in https://bugs.launchpad.net/tripleo/+bug/1841811.
The short explanation is that the OVN DBS HA service puts some additional constraints on the VIP it
uses and that is problematic when that VIP is used by other services (e.g. a change in OVN DBS master
will move the VIP and will also reset all mysql connections. It also prevents us splitting OVN DBS from
where haproxy runs).
Tested as follows:
A) Deployed a mster environment with this review and all its dependencies and correctly obtained
an OVN DBS service with its own Vip and the OVN services
(controller/metadata) pointing to this separate Vip
B) Deployed a master environment as is and then applied this review +
dependencies and observed that a redeploy correctly created a new VIP,
reconfigured the services to point to the new VIP and that the old
obsolete constraints created around the per-network VIP were removed
Closes-Bug: #1841811
Depends-On: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
Change-Id: I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
This patch enables port_forwarding service plugin and L3 agent's
extension in case of ML2/OVS environment.
It don't enable it in ML2/OVN cases as networking-ovn don't support
port_forwarding yet.
This patch also adds NeutronL3AgentExtensions config option for
Neutron L3 agent.
This new option is used to enable "port_forwarding" extension on L3
agent.
Change-Id: I2417f9f6a436ae7a3820e16fdf6210099807b651
Use $NETWORK_uri for ironic::pxe::tftp_bind_host so that
the wrapped ip address is picked up from hieradata when
IPv6 is used.
Closes-Bug: #1844713
Change-Id: I874d5eb401113fb9a1664be0b3cd29e76756d970
Remove the z flag from glance-api's service directory. The service
directory does not need to be shared with other containers, and
podman fails to apply setting with glance is using NFS (i.e.
/var/lib/glance/images is a mount point).
Also update the NFS mount options to use svirt_sandbox_file_t, which
is consistent with the parent service directory.
Closes-Bug: #1834857
Closes-Bug: #1844465
Change-Id: I7e135615fb53815ce14a3bcfec42b28f86d6dbae
This patch adds three new parameters:
1. OctaviaConnectionMaxRetries
2. OctaviaBuildActiveRetries
3. OctaviaPortDetachTimeout
The default values are same as in octavia and puppet-octavia master
branches as of now.
Depends-On: https://review.opendev.org/#/c/682636/
Change-Id: Id5f7bb2160215170561f39015ddfdb93cba904b5
nova-compute-libvirt should be able to run on any CPU, as it launch VMs on
isolated CPUs (they are isolated to be dedicated to run vCPU).
This patch makes sure the right container configurations is applied with
Paunch.
Change-Id: I9b8893e4812a7a3f71bd75f66004ed8d6f67b3d1
Fernet token does not require to be persisted in database, so we
don't need to run cron job to flush expired tokens.
Depends-on: https://review.opendev.org/#/c/682512/
Change-Id: I760d2b721a1dbb83c203f9192b7639193698fd66
Octavia uses external deploy steps to complete configuration of the
support services, requiring a restart to pick these changes up if the
services are started in step 4. This patch moves the startup of these
services to step 5 avoiding the need for restarting.
This was actually causing an issue with healthchecks as the restart was
happening during the restart.
Change-Id: I4d7d322c2d64ed06b71ab0da049cf92f5a8e8d8a
Related-Bug: #1843981
This change re-adds the local_address IPv6 condition to the kernel
template. This will ensure that the local address is always set using
our expected conditions.
Depends-On: I20e69315bacdded4bc2d5b47e18609f130f8abc5
Change-Id: I01d0f20f6f78d235f99f51f75bcefe675dc0dee5
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
The systemd healthcheck timer first triggers 120s after activation.
The initial value for ExecMainStatus is 0, resulting in false positives if we
check this too early.
This changes waits (up to 5 mins) for ExecMainPID to be set and the service to
return to an inactive/failed state.
Change-Id: Iad4ebb283a7a6559b6fffead4145cc9bbad45e4e
Depends-On: Ia2897a6be3e000a9594103502b716431baa615b1
Related-bug: #1843555
CinderPureBackendName is enhanced to support a list of backend names,
and a new CinderPureMultiConfig parameter provides a way to specify
parameter values for each backend. For example:
parameter_defaults:
CinderEnableIscsiBackend: false
CinderEnablePureBackend: true
CinderPureBackendName:
- tripleo_pure_1
- tripleo_pure_2
# These will be the default parameter values for each backend.
CinderPureStorageProtocol: 'iSCSI'
CinderPureUseChap: false
CinderPureMultipathXfer: true
CinderPureImageCache: true
# Use CinderPureMultiConfig to override values in specific backends.
CinderPureMultiConfig:
tripleo_pure_1:
CinderPureSanIp: '10.0.0.1'
CinderPureAPIToken: 'secret'
tripleo_pure_2:
CinderPureSanIp: '10.0.0.2'
CinderPureAPIToken: 'anothersecret'
# This will take precedence over the default value.
CinderPureUseChap: true
Co-Authored-By: Alan Bishop <abishop@redhat.com>
Depends-On: Ia7cc82f5eb4e228a43e47624d87e319ac5340268
Change-Id: I1083ef9893dede234b4cafd9888c898fa0e31077
With this commit we enable deep_compare by default, allowing stonith
resources to be updated via stack update.
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Depends-on: https://review.opendev.org/#/c/681778/
Depends-on: https://review.opendev.org/#/c/679407/
Change-Id: I330698f41cc092bdeb741c0b9c729264cf2cb28c
The validation tasks added in I2c044e3d2af7f747acde5ad3bf256386b8c550a3 are not
valid on docker. As it's now deprecated we can just skip them.
Change-Id: I4ff530af8ad7f864b8038e5e509ec38840096c5d
Related-bug: #1842687
We revert I0d9eb663405d1113ea84e3c12651a3f0dbdfc75d and we instead
export ovn_dbs_vip on all nodes so it can be used in cells. Reason for this
is that we want a separate VIP for OVN because a) composable roles and b)
we do not want to impose the extra promote master constraints on the internal_api
VIP which ends up being used by OVN.
In the same vein as I7ca94dff4acf0816708110b9fe6f78d19dcc7b4d
(Move redis_vip to all_nodes.j2) we will have the ovn_dbs_vip moved
to all nodes (via I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce).
Depends-On: I1d80587752ffca6c3eb5281aa89ea3d7cf5535ce
Change-Id: I4e4bf0a91751fb4f9e4c7233242cdc5649c421f8
Related-Bug: #1841811
The zaqar container is broken due to the log file being owned by root. When
the zaqar-server log file is unabnle to be written to by the zaqar process
it causes a traceback resulting in 500 errors. This change ensures that the
zaqar log directory has the proper permissions and that the log file within
the directory is created when the container is started. A sticky bit is
being used on the zaqar log directory to ensure all files created within
the directory retain group expected permissions in almost all circumstances.
Change-Id: I63442f0bdec11179c361f503906166f75c5e0355
Signed-off-by: Kevin Carter <kecarter@redhat.com>