Composable service templates can now define scale_tasks. They are
meant for scale down/up logic of services which need to be
stopped/started during the scaling procedure. All happens within a single
playbook and the down/up Ansible tags are required to differenciate them
during the run.
blueprint scale-down-tasks
Change-Id: I29835c2724b5de884e9825e084780c36837bff84
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
In the same way deploy_steps_playbook is split into different
plays per task, this patch does the same for the upgrade_steps_playbook,
this way we obtain more control on the tasks we want to execute by
using a specific tag or set of tags (upgrade_stepX) and at the same
time improve the readability and understanding on what the playbook does.
Also, I4d864f374d6f840585fafef2c7678e55c154898e allows us to run a single
play with all the tasks for a specific step, instead of running them all
passing a step value each time. This will make the upgrades faster and
more legible, removing all those annoying 'skipping' tasks for steps that
didn't match the step variable value.
Change-Id: I29477ebefd256e34eb689cb3b72a539ff83233a3
A new parameter, ContainerHealthcheckDisabled allows an operator to
disable the container healthcheck when Podman is enabled.
Depends-On: Ic3dd492405b11ec482ff86e1513149c3eceb370f
Change-Id: Id8d7e21d58cf5ab155404db597d96665b94d7c2a
Now that we've dropped docker-toool we no longer have use
for the /var/lib/container-startup-configs.json file to be laid
down on disk.
As part of this change we now check for the step 1 tasks instead
of the combined startup configs when determining whether to
re-run the common startup ansible tasks.
Change-Id: I3c50d8364823073341b5f39ecce20a512e4a82e1
Prior this commit, SELinux was configured by puppet, and this
happens way too late. Here we should get a proper SELinux configuration
at the right time.
SELinux management is also removed from puppet with this commit:
https://review.openstack.org/#/c/645477/
We just keep the "semodule" and "sebool" part within puppet. For now.
Related-Bug: #1821025
Closes-Bug: #1821178
Change-Id: Ibd7b80b2cc0b09b63b17f1ba3a9b9cc2de728c57
Adds a tag specific to the external post deployment tasks as it's often
useful to just re-run these tasks.
Change-Id: I3d509fab0d1105f4c097338d6f39febd897e6582
The plan is:
- Docker is deprecated in Stein
- Podman is the default in Stein
- Docker will be removed in Train
Change-Id: I8f00d3e539abc4a169d6b48b8ce697e54aa2eae9
All the config-download steps can be run using a `stepX` tag with
ansible-playbook, except step 0. This patch adds the tag.
Change-Id: Ida335e7b7efef6c2a5a8b7a23b09f13588c7695a
These tasks output the contents of the things being copied which can be
extra verbose and not beneficial to the overall process. These files can
be retrieved off the disk if necessary.
Change-Id: I2def6c41a1df345d055b6db26130cb6faf93be53
Related-Bug: #1819226
The /var/lib/docker-puppet is deprecated and can now be found under
/var/lib/container-puppet. We don't have Docker anymore so we try to avoid
confusion in the directories. The directory still exists but a readme
file points to the right directory.
Change-Id: Ie3d05d18e2471d25c0c4ddaba4feece840b34196
This is now a prerequisite so that we can run external update/upgrade
with --tags parameter and have it do something. (I don't recall this
being necessary before, i suspect the change may have become necessary
with a bump in Ansible version, or some refactoring in t-h-t.)
Change-Id: I10356e49ad6fb200e6a419ab5dc562f274ae6f8d
Implements: blueprint upgrades-with-os
Ansible 2.6 fix didn't properly selct bootstrap node. Also
new ansible changed mysql backend library making it unable
to read misformated my.cnf. This library also needs to have
socket specified if it's going to connect to local server.
Change-Id: I31b38eaf66bb899e72b1bfeca8795e5d1007eee5
Resolves: rhbz#1678235
Closes-bug: #1816422
With this change we add an ansible variable called
'tripleo_minor_update' set to true only during the update_steps_playbook
which get run during a minor update.
Then inside common/deploy-steps-tasks when starting containers with
paunch we export this 'tripleo_minor_update' ansible variable and
push it inside the 'TRIPLEO_MINOR_UPDATE' environment variable.
Inside change Id1d671506d3ec827bc311b47d9363952e1239ce3 we will then
use the env variable and export it to the restart_bundles in order
to detect if we're inside a minor update workflow (as opposed to
a redeploy - aka stack update). The testing that has been done is
described in the above change.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ib3562adbd83f7162c2aeb450329b7cc4ab200fc2
Hi, with ansible 2.6 we cannot access the groups variable using the
previous idiom anymore. Use a more robust way to access that
variable.
Co-Authored-By: "Lukas Bezdicka <lbezdick@redhat.com>"
Change-Id: I26f97e7fc4da0dd19e1e8a19b3f6a1c1160f7466
Closes-bug: #1816422
This is used in order to point where podman must push its logs.
Two scripts are using it:
- docker-puppet.py
- paunch (near future - see https://review.openstack.org/#/c/635438/)
This will allow to get the stdout for all containers, even when they
are removed before we can actually run "podman logs container_name".
Related-Bug: #1814897
Change-Id: Idc220047d56ce0eb41ac43903877177c4f7b75c2
Now that config-download is the default, RoleConfig and the associated
deployment isn't used anymore, let's remove it.
Change-Id: I0fbaccfea8f583101b03c6ee645ff01dac11b7af
We should support arbitrary tags in upgrade tasks, update the
validation accordingly.
Change-Id: I3ebeb06b18306a8d1de11b3519e62b90a9cd6a78
Implements: blueprint upgrades-with-os
Implicit defaults hide issues with overring ansible variables as we
pass values in from deploy-steps.j2.
Make no implicit defaults for variables passed into deploy steps via
ansible vars. Only expect those take the values defined in the caller
deploy-steps.j2 playbook template. Add missing params and vars for
templates to propagate ansible values for external deploy/upgrade,
upgrade/update and post upgrade steps playbooks.
Make DockerPuppetDebug boolean to align with other booleans we pass
into deploy steps via ansible vars. Fix its processing in
docker-puppet.py, which is defaults for DockerPuppetDebug: ''
converted into 'false' in deploy steps tasks playbook, and then
that becomes always True in docker-puppet.py.
Related-Bug: #1799914
Change-Id: Ia630f08f553bd53656c76e5c8059f15d314a17c0
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
When docker was used, its "create host directory tree" feature was
used. It apparently created directories with "container_var_lib_t"
type, and this prevents podman container to access the content with
AVC errors (permission denied).
The following patch ensures we get a recursive chcon running.
We're using "command" instead of "file" module because ansible doesn't
like broken symlink (in fact, they are symlink with relative path
within containers).
Change-Id: I20d00c79fc898b0c4e535662ee6a70472e075b36
When a role count is 0, we can create the deployment resources
conditionally.
Closes-Bug: #1671859
Change-Id: I467b9ded1a1b33d520cb69aa86b253a0552643f7
We use update_identifier ansible variable to check if we need to
re-run deployment tasks. Though there is no bug as we use
DeployIdentifier heat param for it, it's little confusing
(UpdateIdentifier was meant for package updates).
This also removes usage of UpdateIdentifier/update_identifier in
all_nodes_config.j2.yaml. We can deprecate/remove the heat param in a
subsequent patch.
Change-Id: I36ed62ae605a2d8f8f139b50646144b143d5e5f4
Because we call ansible to run heat to execute ansible for the HostPrep
and RoleConfig, we need to be able to pass the
ansible_python_interpreter to be used for the ansible-playbook execution
via the ansible heat hook. This change adds an PythonInterpreter
heat configuration than can be used to config it from the default
/usr/bin/python to something like /usr/bin/python3
Change-Id: Idfefe1959e5b95b7d54ce8cb5c2a569225d50847
Related-Blueprint: python3-support
HostPrepConfig was using the old way (Heat) to run Ansible. We don't
need it anymore thanks to config-download.
It removes some technical debt and reduce our number of interfaces to
configure software.
Change-Id: I2041e6892de76b0ed04d7497e3f9064bfaf58270
This can be used to control whether puppet modules are consumed
from the baremetal host or from the container. Our default
is to consume these from the host so that deployment
archive tarballs can be used to extra puppet modules from
the host.
Since I61e35d8118c1de4c2976f496e8a6c9c529f3d91f we've had
puppet-tripleo in our containers however so using this
location would be possible as well.
Change-Id: I73026e66bcfafd1c582916141b5b1cf0ce0dc36c
There was also a special flag for FFU that triggered repo setup only
on the bootstrap node, so switch this to use the per-service bootstrap
name instead.
Change-Id: I32f963a002399af4911acbf507312f378aac3599
Partial-Bug: #1792613
When we were upgrading multiple nodes at the same time,
e.g. controllers, and a taks on one of the nodes failed, the other
nodes would keep upgrading. This is undersirable and can be fixed by
adding any_errors_fatal to the Ansible plays.
Change-Id: Iad2b5e32e955da41af4d2b8dd8ad8aa1eb5dffa9
Closes-Bug: #1804468
To continue the work that was done in
I711dbb00a9c34dbd96ef179ef41bff281b0001d1, we also need to skip the common
deploy tasks if --skip-deploy-identifier is passed by the operator.
When using --skip-deploy-identifier, the UpdateIdentifier is set to
None.
Ansible doesn't see None as "", so we really need to test if the
variable is defined or not. That patches changes the logic to test that.
We also support the case where the variable is set to "", and consider
is as empty which means we want to skip the deploy/updates.
It is also doing it for the update playbooks which includes tasks from
commont deploy.
It is not replicating the exact condition as in deploy_steps_playbook.
There is no need to also check if /var/lib/docker-container-startup-configs.json
file is here because it has been created during the initial deployment.
This fix the bug where --skip-deploy-identifier wasn't honored during
stack updates.
Co-Authored-By: Thomas Hervé <therve@redhat.com>
Co-Authored-By: Sam Doran <sdoran@redhat.com>
Change-Id: Ibab17dcaeebea65135fca4f40562109c90f36c27
Related-Bug: #1796924
container_cli will be used later by update, upgrade and post upgrade tasks.
This patch is separated from actual tasks, so we can quickly iterate in
multiple patches.
Change-Id: I1ed7dec0019113f1259bce986f354723237f6a25
We should pass in the common vars to all the common plays in
deploy-steps.j2 so that tasks will have them available. Some of these
parameter driven variables were never actually wired up, so they didn't
work to begin with (such as enable_puppet/enable_debug).
Change-Id: I830e1ae21fe3e278a5f7591065d066c0a6883a9a
Closes-Bug: #1785635
To match the previous functionality when not using config-download, the
common deploy step tasks should be skipped for already deployed nodes
when using --skip-deploy-identifier.
This patch adds a task to check if one of the json configuration files
created by the common tasks already exists. If it does, and
--skip-deploy-identifier has caused an empty DeployIdentifier parameter
value, the tasks will be skipped for that node.
Change-Id: I711dbb00a9c34dbd96ef179ef41bff281b0001d1
Closes-Bug: #1796924