When specific roles are deployed, for example CephStorage,
then the parameters for UpgradeLeappDevelSkip are different
to all other roles.
This change makes UpgradeLeappDevelSkip a per-role parameter.
Included in this is the appropriate tagging for the other
parameters which had the same work done in:
- https://review.opendev.org/779522
- https://review.opendev.org/774537
Release notes are included for all of the above too.
Related-Bug: rhbz#1962365
Change-Id: I522951cc7ec6034bb6287dd144a9fc433c0090e0
Previously this was required which lead to folks defining invalid empty
data that actually gets ignored later in the process. Since you don't
have to have a puppet_config, let's say it needs to be defined but skip
validation if it is an empty.
Change-Id: I7310c340a1e2b48cdbc378ab4fe3944bd7e89112
This simplifies the ServiceNetMap/VipSubnetMap interfaces
to use parameter merge strategy and removes the *Defaults
interfaces.
Change-Id: Ic73628a596e9051b5c02435b712643f9ef7425e3
The Keepalived service was deprecated during the Ussuri cycle[1], so
can be removed now.
[1] c712355e4b
Related-Bug: #1926314
Depends-on: https://review.opendev.org/788200
Change-Id: I02a2612c7e08576c7c5df85e73702a5678a18b99
The SkipRhelEnforcement parameter is supposed to take boolean value,
thus should be typed as boolean so that its type is validated as part
of template validations.
Change-Id: If93deb5c522f541de69ff6fc5e23a83fd42b625a
As we've disabled swift on the undercloud, migrate
introspection data from swift to database when doing
undercloud upgrade.
Change-Id: Ia1b4fda4a15e6f3a2fc75661420a561078b18a59
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
To ensure we get the right package versions we need to
make sure the right stream is configured for the
container-tools module.
This patch leverages the dnf module, which when passing as name
the @ identifier allows us to enable a stream for some specific
module [0], configuring the stream passed in DnfStreams heat parameter
in updates/upgrades task for step0.
If the stream passed in such parameter is alredy set, then the
module won't do anything else. On the contrary, it will disable
the current stream, enable the ones from DnfStreams and synchronize
the content.
By default the new Heat parameter defaults to empty list and it is
in the environment files where we set the right values depending
on the operation to perform (undercloud upgrade, overcloud update
or overcloud upgrade).
*****************************************************************
*BACKPORT NOTE: Add DNF module stream virt:8.2 in the overcloud *
*upgrade/update environment files. *
*****************************************************************
[0] - https://docs.ansible.com/ansible/latest/modules/dnf_module.html#examples
Closes-Bug: #1890631
Resolves: rhbz#1866479
Change-Id: Ib388af0a06bbb6172593dc2fd19748b770b2e335
In some cases such as RHEL7>RHEL8 upgrade leapp or NetworkManager may
change resolv.conf. This patch invokes os-net-config on step3 to ensure
that network parts are configured properly (interfaces, resolv.conf).
Since os-net-config is idempotant it causes no harm or packet loss to
undercloud.
Change-Id: I0b2f28cd3d92795802e51c69d975826af0ee86ee
Resolves: rhbz#1870617
Keepalived was deprecated and the VIPs are now deployed by
os-net-config.
When Keepalived is stopped, it brings down the VIPs which is
problematic since it'll remove the resources created by os-net-config
so let's teardown keepalived in the upgrade tasks here and later
during the deploy the os-net-config tool will re-create the VIPs.
Doing it at step 5 so upgrade steps which need API access still work.
Change-Id: Iee46d0394ad0b2b31da93d0a93dcfa53766fa246
Related-Bug: #1888411
Openvswitch package update can be disruptive during update too. So we
factor out the code used for upgrade to re-use for update and
undercloud update.
We also fix a issue where yum/yumdownloader is not available anymore.
This cause the special treatment to not happen anymore what not matter
what.
Instead of duplicating the ansible sequence, this has been ported to a
ansible module that replicate the action defined in the templates.
We also make sure to not try to restart the openvswitch service if
nothing has been changed during the ovs upgrade task. This cover two
cases. First, it's an optimization, if nothing has been done, we
don't need to check the service. Second, and most importantly, if ovs
isn't installed (this can happen on some minimal installation) then we
don't try to restart the non-existent service.
We keep the tasks at step 3 that make sure again that the openvswitch
service is started. This is a failsafe and as such we ignore any
error there. This also support the overcloud-minimal type of
installation.
Depends-On: https://review.opendev.org/742968
Change-Id: I4fde50e353ab7b2e6b03d963f585f6abe35ca32d
Closes-Bug: #1888651
Related-Bug: #1888821
The current regex will match more than one package if the
openvswitchX.YZ-test package is installed.
eg:
rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-|openvswitch-2)/'
openvswitch2.11-test-2.11.0-35.el7fdp.noarch
openvswitch2.11-2.11.0-35.el7fdp.x86_64
The right package to find has the form: openvswitchA.BC-A.BC.D-
So we change the regex to only match if it has that form.
rhbz#1826367
Change-Id: I2f9456395b19c26d20917f8ca9183741566635c3
This add an import of the tripleo_redhat_enforce role[1] at the
beginning of undercloud upgrade tasks (which are used for update and
upgrade) and overcloud update.
The code upstream won't do anything even with SkipRhelEnforcement set
to 'false' as the role itself only activate the checks for RedHat
distribution. This variable is only there to support use case where we
deploy on Red Hat and for /some/ reason, the checks shouldn't
enabled (mainly CI).
[1] in tripleo-ansible
Depends-On: https://review.opendev.org/721292
Change-Id: I076bebf6bbd5f45d5ecb372a3b83e8cc279946b8
- deploy-steps-tasks-step-1.yaml: Do not ignore errors when dealing
with check-mode directories. The file module is resilient enough to
not fail if the path is already absent.
- deploy-steps-tasks.yaml: Replace ignore_errors by another condition,
"not ansible_check_mode"; this task is not needed in check mode.
- generate-config-tasks.yaml: Replace ignore_errors by another
condition, "not ansible_check_mode"; this task is not needed in check mode.
- Neutron wrappers: use fail_key: False instead of ignore_errors: True
if a key can't be found in /etc/passwd.
- All services with service checks: Replace "ignore_errors: true" by
"failed_when: false". Since we don't care about whether or not the
task returns 0, let's just make the task never fail. It will only
improve UX when scrawling logs; no more failure will be shown for
these tasks.
- Same as above for cibadmin commands, cluster resources show
commands and keepalived container restart command; and all other shell
or command or yum modules uses where we just don't care about their potential
failures.
- Aodh/Gnocchi: Add pipefail so the task isn't support to fail
- tripleo-packages-baremetal-puppet and undercloud-upgrade: check shell
rc instead of "succeeded", since the task will always succeed.
Change-Id: I0c44db40e1b9a935e7dde115bb0c9affa15c42bf
The nuage integration uses a different package name for openvswitch,
breaking the update steps. This patch bypasses the update logic if the
expected packages are not present allowing nuage deployments to manage
the openvswitch package some other other way.
Closes-Bug: #1858640
Change-Id: I8c116aba50cc7f1cb7cd3fd32cf8aec868e074ec
Package update for Ansible breaks[1] with:
Ansible 2.7 crashes on apt upgrade
because it upgrades itself to 2.8:
"fragment_class is None"
[1]: https://github.com/ansible/ansible/issues/56636
Change-Id: I1dabe448edfb118440b9ef1ee59c2e080d16ccf8
Closes-Bug: 1831589
As done for the overcloud in [0], we need to include the
same special package handling in the tasks in charge of
upgrading the undercloud.
This patch adds special handling for the rhosp-openvswitch
layered product package to ensure that openvswitch networking
remains available during the upgrade.
[0] - 1773afb068
Change-Id: Ib115e70ce0ce53a8638ccbe6c9fe6ed6a421e09b
Closes-Bug: #1830627
Problem: RHEL and CentOS8 will deprecate the usage of Yum.
From DNF release note:
DNF is the next upcoming major version of yum, a package
manager for RPM-based Linux distributions.
It roughly maintains CLI compatibility with YUM and defines a strict API for
extensions.
Solution: Use "package" Ansible module instead of "yum".
"package" module is smarter when it comes to detect with package manager
runs on the system. The goal of this patch is to support both yum/dnf
(dnf will be the default in rhel/centos 8) from a single ansible module.
Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
1) Rename the neutron DB at step 2 so Neutron has time to stop (during
step 1) and right after we stop mariadb, so no chance for any app to
access to old db.
2) Upgrade all rpms at step 3 like we do for other services. Step 1 was
way too early.
Change-Id: I34bdc0a9d575e5d1b8f3ce1e09c145cc34563a85
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.
Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
Use deploy_steps_tasks instead of external_deploy_tasks so we execute
the playbook on nodes that match "overcloud" group, which is the case of
the containerized undercloud.
Also add deploy_steps_tasks to tools/yaml-validate.py part of
OPTIONAL_DOCKER_SECTIONS.
Change-Id: Iaa6a05bf864cdb54a000ef74e6c5ab8e627ab0cf
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
Step config is only required within the puppet_configs section
of docker/services/*. This patch drops the top level 'step_config'
and updates the unit tests accordingly.
Change-Id: I7dc7cfae3ef1965ec95b1d9ef23e7f162418c034
Using the service_ prefix seems incoherent with its use in
service_config_settings (vs config_settings).
Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f
Add docker profiles to deploy Ceph in containers via ceph-ansible. This is
implemented by triggering a Mistral workflow during one of the overcloud
deployment steps, as provided by [1].
Some new service-specific parameters are available to determine the workflow to
execute and the ansible playbook to use. A new `CephAnsibleExtraConfig`
parameter can be used to provide arbitrary config variables consumed by `ceph-ansible`.
The pre-existing template params consumed up until the Pike release to
drive `puppet-ceph` continue to work and are translated, when possible, into
the equivalent `ceph-ansible` variable.
A new environment file is added to enable use of ceph-ansible;
the pre-existing puppet-ceph implementation remains unchanged and usable
for non-containerized deployments.
1. https://review.openstack.org/#/c/463324/
Change-Id: I81d44a1e198c83a4ef8b109b4eb6c611555dcdc5
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.
Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).
Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
When a service is enabled on multiple roles, the parameters for the
service will be global. This change enables an option to provide
role specific parameter to services and other templates.
Two new parameters - RoleName and RoleParameters, are added to the
service template. RoleName provides the role name of on which the
current instance of the service is being applied on. RoleParameters
provides the list of parameters which are configured specific to the
role in the environment file, like below:
parameters_default:
# Default value for applied to all roles
NovaReservedHostMemory: 2048
ComputeDpdkParameters:
# Applied only to ComputeDpdk role
NovaReservedHostMemory: 4096
In above sample, the cluster contains 2 roles - Compute, ComputeDpdk.
The values of ComputeDpdkParameters will be passed on to the templates
as RoleParameters while creating the stack for ComputeDpdk role. The
parameter which supports role specific configuration, should find the
parameter first in in the RoleParameters list, if not found, then the
default (for all roles) should be used.
Implements: blueprint tripleo-derive-parameters
Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).
Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.
Change-Id: I4f21603c58a169a093962594e860933306879e3f
This will be needed to pick the network where the service has
to bind to from within the service template.
Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api. To enable dynamic generation of
this data, we need the service name in underscore format.
Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.
This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.
Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
By passing the MysqlVirtualIP via the EndpointMap we won't need it
to be provided as a parameter to the services.
This follows what is already happening for the glance registry
service with I9186e56cd4746a60e65dc5ac12e6595ac56505f0.
Change-Id: Iad2ab389bf64d0fc8b06eb0e7d29b5370ff27dff
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Deploy loadbalancer service using puppet-tripleo, and drop puppet code.
Implements: blueprint refactor-puppet-manifests
Depends-On: I9b106dcc1a4d446ab5dea8430ed295e6ec209cbd
Change-Id: I9ca50a4bc822ec17d89988894af9bdf07e4bd1a9
Jesse Pretorius (odyssey4me)
Alex Schultz
ramishra
Takashi Kajinami
Jose Luis Franco Arza
Sergii Golovatiuk
Emilien Macchi
Sofer Athlan-Guyot
Jesse Pretorius (odyssey4me)
Brent Eagles
Carlos Camacho
Dan Prince
Giulio Fidente
Saravanan KR
Steven Hardy
Martin Mágr
marios