472 Commits

Author SHA1 Message Date
Flavio Percoco
c0cf926b65 Refactor the inventory generation
Avoid using templates and allow for easier manipulation of host groups.
This patch is a starting point for the scaleup patch that adds new
nodes (masters and workers) to the the inventory and requires a more
flexible node groups management.

Change-Id: Ib3d6c580d81dae648c5828582e24d20fc3668099
2018-07-03 14:13:42 +02:00
Martin André
4e30f51470 Update for openshift 3.9
This commit updates the openshift templates to deploy openshift 3.9
instead of 3.7.

Update the default playbook path to the one expected by
openshift-ansible 3.9.

Update the default openshift-ansible variables and move them in the
template where they belong. They can be overridden individually via the
OpenShiftGlobalVariables heat parameter.

Disable unbound on the openshift nodes in CI as it is listening on port
53 and is preventing openshift to start its own DNS service.

Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Depends-On: I6f123cd71a23fb15aaa2005f7397fc98fdaf187a
Depends-On: I27ad9d168af575da8c4f5094152c94e2fa03987c
Change-Id: Ifc3d25fa590cfba1fa64ed0266c76c9342a7aa4f
2018-07-03 14:13:42 +02:00
Zuul
62f308fa70 Merge "Deprecate templates replaced with config-download" 2018-06-28 06:16:04 +00:00
Zuul
a83a792eb5 Merge "Run dispatch script for all unmanaged devices" 2018-06-20 03:57:10 +00:00
Zuul
2075455dde Merge "Do not fail on non existent ansible group" 2018-06-15 11:36:21 +00:00
Flavio Percoco
0f344494ed Run dispatch script for all unmanaged devices
Instead of parsing os-net-config, we should be running this script for
all the unmanaged devices. The 99-origin-dns.sh script doesn't care
whether the device is managed by NM or not, what it cares about is
whether the device is the one used for the default route.

Change-Id: I2cc0bc8179c51222616706aceaa99112af4c3fd8
2018-06-15 09:55:48 +02:00
Zuul
305d83ec7c Merge "Upload validations to swift on undercloud install" 2018-06-14 17:32:45 +00:00
Saravanan KR
46a5b2a497 Fix error in the role-specific parameter merging in rhsm service
RhsmVars should be used as the value to be replaced for the global
values, instead of using 'vars'.
Closes-Bug: #1776597

Change-Id: I480b3c51787547b9dd4e1401363a5da7c40798a8
2018-06-13 11:19:00 +05:30
Zuul
6fe012cdd0 Merge "Use wait_for_connection module instead of local action for reboot wait" 2018-06-12 16:29:16 +00:00
Zuul
a2c8a130db Merge "undercloud: set OS_CACERT when TLS is used" 2018-06-11 16:29:17 +00:00
Martin André
cc046a757c Do not fail on non existent ansible group
When a role is defined but this role has a host count of 0, the ansible
tasks to generate the openshift inventory for the service would fail
with an undefined variable error.

Setting the value for non existent groups to empty array should get us
past the error.

Change-Id: Ib42708c095d28827f5decdb885ceb4f2a67b3a8b
2018-06-11 11:31:12 +02:00
Saravanan KR
bd9646c2ec Use wait_for_connection module instead of local action for reboot wait
Module wait_for_connection provides a better way of waiting to
continue deployment after a reboot, instead of local action.

Change-Id: I95623658f06b1a3122d78bb4d54feabe89ad3569
2018-06-05 14:53:05 +05:30
Steven Hardy
487e0617d6 Decouple OpenShiftGlusterDisks from openshift-master.yaml
In the event you have different disks in nodes assigned to each role
you may need to pass role specific parameters, e.g like:

parameter_defaults:
  OpenShiftMasterParameters:
    OpenShiftGlusterDisks:
      - /dev/vdc
  OpenShiftWorkerParameters:
    OpenShiftGlusterDisks:
      - /dev/vdd

To enable that we create an inventory file per role, and pass the directory
of files to ansible.

Change-Id: I8b4d8698405ffb004b081e1f097f300216edfa77
2018-06-05 09:45:52 +01:00
James Slagle
07528b07b2 Deprecate templates replaced with config-download
The templates at extraconfig/pre_network/host_config_and_reboot.yaml
(replaced with extraconfig/pre_network/boot-params-service.yaml) and
extraconfig/tasks/ssh/host_public_key.yaml (replaced with the
tripleo-ssh-known-hosts role) are deprecated as they do not
work with config-download. They will be removed in the Stein release.

Change-Id: Ib66873ea4b0d86f12024ec16d788247c071cf3b5
2018-06-04 15:04:34 -04:00
Zuul
161156d750 Merge "NFV: Support for config-download to deploy node with kernel args" 2018-05-29 18:52:58 +00:00
247438dd5a Use /usr/bin/env python to autodetect python
https://review.openstack.org/#/c/564024/ used
/bin/python as the shebang but this can be different
for different platforms, switch to /usr/bin/env to
handle it.

Also update undercloud_ctlplane_network.py to use
/usr/bin/env for consistency, although this file
is not executable.

Change-Id: Id915ded03ae5a471ffa2dca13e2da90021279f63
2018-05-24 10:22:39 +05:30
Alex Schultz
75d8605005 Fix known hosts config script value
There was an extra | that was missed. It's not tested in Master but is
in <= Queens.

Change-Id: If7a4c6f3581bed270f478b98b8da8fe010acbbc1
Closes-Bug: #1772071
2018-05-22 13:22:17 -06:00
Alex Schultz
7c97320334 Use str_replace for known_hosts
There is a limit to how long input data can be for the heat script hook.
It turns out that data longer than 131072, will return an Argument list
to long error. To get around this, we need to pass this data in a
different way so that the heat script hook will work.

Change-Id: Ie3bd17ca9863e7687721e8c2628e485ea1849321
Closes-Bug: #1772071
2018-05-21 14:32:49 +00:00
Zuul
1b35f35954 Merge "Don't use crudini to get rhn server" 2018-05-17 21:59:39 +00:00
Zuul
a7857d6dfc Merge "Revert "Switch public endpoints to use FQDNs by default"" 2018-05-17 21:56:29 +00:00
James Slagle
b4ff453f87 Don't use crudini to get rhn server
crudini is not installed by default on Red Hat derivitive OS's, so we
shouldn't rely on it. We probably can't just install it since this
script is the rhel-registration script, so there are likely no repos
enabled when we need it.

Instead just use grep/cut/sed to get the value we need.

Change-Id: I78fce8b6c7f1d3528f9d8c02772f95cb8ad3b3c8
Closes-Bug: #1771830
2018-05-17 10:35:56 -04:00
James Slagle
f254a2169d Revert "Switch public endpoints to use FQDNs by default"
This reverts commit 8e104b3c549118727b53c9825a438e799715b7f9.

https://review.openstack.org/#/c/559926/ introduced requiring CloudName.
This broke the documented deployment process. I also don't see how
CloudName can be required, but CloudDomain can not.

I don't see a technical reason why we can't keep the default as
localdomain. If necessary, we can instead add a parameter
validation instead of requiring the parameter.

Closes-Bug: #1771627
Depends-On: Ia86842b0b1f42512f25390d6bdb695e0f8133c6d
Change-Id: I2c5b511df50f29c63aa613899c2bebb506360bf4
2018-05-16 21:45:42 +00:00
Dmitry Tantsur
28be1058f6 undercloud: set OS_CACERT when TLS is used
This fixes TLS errors when anything using python-requests is run
from a virtualenv.

Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f
Closes-Bug: #1771565
2018-05-16 18:40:14 +02:00
Saravanan KR
a3e4a90636 NFV: Support for config-download to deploy node with kernel args
For NFV deployments, specific kernel args should be applied and
the nodes should be restarted before running the NetworkDeployment.
It is supported in the heat deployment via PreNetworkConfig. In the
config-download mechanism, ansible steps need to be improved
to handle the reboot and wait for the node.

Change-Id: I43b383ad0e04b8be6c321f8c5b05e628b2520141
2018-05-15 11:01:06 +05:30
Zuul
f5152da976 Merge "Switch public endpoints to use FQDNs by default" 2018-05-14 23:27:04 +00:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Juan Antonio Osorio Robles
8e104b3c54 Switch public endpoints to use FQDNs by default
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.

Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
2018-05-08 18:16:27 +03:00
Damien Ciabrini
9602a9bafc Instance HA: prevent compute to start on a host being evacuated
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.

To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.

[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd

Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>

Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
2018-05-03 07:05:39 +02:00
Zuul
7eb4eafae6 Merge "Add an openshift-cns service" 2018-05-01 09:25:09 +00:00
Zuul
c2b6211f6c Merge "Run the dispatch script for vlans as well" 2018-04-26 23:12:08 +00:00
Ana Krivokapic
ccb7fed471 Upload validations to swift on undercloud install
Change-Id: I98eaa817f598f7ddae03258bf59e9adb6c67e1b1
Implements: blueprint store-validations-in-swift
Depends-On: Ia08d5eea17450db94279c95078453831c0017a67
2018-04-25 17:29:41 +02:00
Zuul
fea5bfbcc8 Merge "Remove todo as mistral tag filtering is fixed" 2018-04-21 10:02:58 +00:00
Flavio Percoco
e200974421 Add an openshift-cns service
This service file allows for enabling CNS in an OpenShift deployment.
It works as a tagging service and the rest of the configs are applied in
the openshift-master service file.

Note that the disks used can be specified as follows:

parameter_defaults:
  OpenShiftGlusterDisks:
    - /dev/sdb

Or per-role like:

parameter_defaults:
  OpenShiftMasterParameters:
    OpenShiftGlusterDisks:
      - /dev/sdb
  OpenShiftWorkerParameters:
    OpenShiftGlusterDisks:
      - /dev/sdc

Change-Id: I92972d89ee7edf2ff211e88c6e0758628c3018a2
2018-04-20 17:27:14 +02:00
Adriano Petrich
af8f06b07e Remove todo as mistral tag filtering is fixed
Fixed tag filtering in mistral so it is safe to remove the workaround
to delete workflows

Change-Id: I543c58047fa2113fa2d39e7f06d3697e9cedee11
Depends-On: Ie082901fd7eb8b61a6306da1275a79aeb6c4a6de
2018-04-17 12:40:31 +00:00
Flavio Percoco
f64e4719f3 Use external IP for public interfaces
If available, we should be using the external_ip for the public hostname
and public ip variables. This way, the webconsole and other APIs will be
made available through the external network rather than just using the
internal, non public, one

Change-Id: I1d17ea8f9a14736593df56d288eb0147a58bb957
2018-04-12 13:46:22 +02:00
Flavio Percoco
b7fe99e172 Run the dispatch script for vlans as well
The dispatch script is only executed for interfaces managed by
os-net-config but not for their vlans. This patch gets the vlans
that belong to every interface and adds them to the list of interfaces
to scan.

Change-Id: I44517d2fda0f6252634aa76d41e7a5bb3622456b
2018-04-09 14:26:34 +02:00
Zuul
8fd00675e8 Merge "Remove no longer used disable_upgrade_deployment flag" 2018-04-03 05:30:26 +00:00
Harald Jensas
e947c7e610 Add ctlplane networking for routed networks
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.

Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
2018-03-29 23:32:45 +00:00
mandreou
66df6bdb46 Remove no longer used disable_upgrade_deployment flag
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the tripleo_upgrade_node.sh
script, both of which are no longer used and have no effect on
the upgrade.

Related reviews
    I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
    I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient

Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
2018-03-29 15:27:30 +03:00
Zuul
14af18e393 Merge "Allow for passing boot-time vars/args to OC nodes" 2018-03-29 07:02:09 +00:00
Bogdan Dobrelya
e14ecb1114 Fix undercloud key upload to nova keypairs UC post
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/undercloud_post.sh, when installed
via Heat templates.

This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.

The deployed-server/scripts/enable-ssh-admin.sh fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.

Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-03-23 16:46:44 +01:00
Bogdan Dobrelya
70b3d1d844 Fix ssh keys validation workflow trigger UC post
Additional: fix bashisms to make checkbashisms happy.

Change-Id: I8943f0dcd21acf77a91fa4bcb82facb2d51eaffb
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-03-23 16:30:24 +01:00
Flavio Percoco
de39f8a3eb Allow for passing boot-time vars/args to OC nodes
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
2018-03-22 09:12:59 +01:00
Zuul
3eb0c62e47 Merge "Remove unused minor update code" 2018-03-19 12:34:21 +00:00
Zuul
2f2f22e76c Merge "Don't stop openvswitch when deploying OpenShift" 2018-03-19 07:48:54 +00:00
Jiri Stransky
a782462a1a Remove unused minor update code
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.

Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.

Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
2018-03-15 18:27:14 +01:00
Flavio Percoco
fd740a409e Don't stop openvswitch when deploying OpenShift
Instead of disabling openvswitch managed by TripleO when deploying
OpenShift, we should tell OpenShift to let TripleO manage it. We're
going down this path on the openshift-ansible path so we'll stop
disabling openvswitch in t-h-t.

Change-Id: I51226fc363f1c15deb6e33cc7ce15ffe3ac7e9c7
2018-03-14 14:06:30 +00:00
Emilien Macchi
33abdba533 undercloud_post: manage post mistral config
- Replicate what has been done in _post_config_mistral
  (instack-undercloud)
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.

Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
2018-03-13 14:35:23 +01:00
Emilien Macchi
0acc40d36b undercloud_post: override stackrc
When upgrading to a containerized undercloud, the stackrc needs to be
overriden so we don't rely on hiera CLI anymore to get the admin
password.

Change-Id: Ie2579bf83d709838557c56d952e61656b84acf31
2018-03-09 09:31:22 +00:00
Alex Schultz
75ee85b1e4 Add KernelIpForward configuration
Expose the configuration of net.ipv4.ip_forward via the kernel service.

Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255
Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1
Related-Bug: #1750194
2018-03-07 08:28:13 +00:00