Avoid using templates and allow for easier manipulation of host groups.
This patch is a starting point for the scaleup patch that adds new
nodes (masters and workers) to the the inventory and requires a more
flexible node groups management.
Change-Id: Ib3d6c580d81dae648c5828582e24d20fc3668099
This commit updates the openshift templates to deploy openshift 3.9
instead of 3.7.
Update the default playbook path to the one expected by
openshift-ansible 3.9.
Update the default openshift-ansible variables and move them in the
template where they belong. They can be overridden individually via the
OpenShiftGlobalVariables heat parameter.
Disable unbound on the openshift nodes in CI as it is listening on port
53 and is preventing openshift to start its own DNS service.
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Depends-On: I6f123cd71a23fb15aaa2005f7397fc98fdaf187a
Depends-On: I27ad9d168af575da8c4f5094152c94e2fa03987c
Change-Id: Ifc3d25fa590cfba1fa64ed0266c76c9342a7aa4f
Instead of parsing os-net-config, we should be running this script for
all the unmanaged devices. The 99-origin-dns.sh script doesn't care
whether the device is managed by NM or not, what it cares about is
whether the device is the one used for the default route.
Change-Id: I2cc0bc8179c51222616706aceaa99112af4c3fd8
RhsmVars should be used as the value to be replaced for the global
values, instead of using 'vars'.
Closes-Bug: #1776597
Change-Id: I480b3c51787547b9dd4e1401363a5da7c40798a8
When a role is defined but this role has a host count of 0, the ansible
tasks to generate the openshift inventory for the service would fail
with an undefined variable error.
Setting the value for non existent groups to empty array should get us
past the error.
Change-Id: Ib42708c095d28827f5decdb885ceb4f2a67b3a8b
Module wait_for_connection provides a better way of waiting to
continue deployment after a reboot, instead of local action.
Change-Id: I95623658f06b1a3122d78bb4d54feabe89ad3569
In the event you have different disks in nodes assigned to each role
you may need to pass role specific parameters, e.g like:
parameter_defaults:
OpenShiftMasterParameters:
OpenShiftGlusterDisks:
- /dev/vdc
OpenShiftWorkerParameters:
OpenShiftGlusterDisks:
- /dev/vdd
To enable that we create an inventory file per role, and pass the directory
of files to ansible.
Change-Id: I8b4d8698405ffb004b081e1f097f300216edfa77
The templates at extraconfig/pre_network/host_config_and_reboot.yaml
(replaced with extraconfig/pre_network/boot-params-service.yaml) and
extraconfig/tasks/ssh/host_public_key.yaml (replaced with the
tripleo-ssh-known-hosts role) are deprecated as they do not
work with config-download. They will be removed in the Stein release.
Change-Id: Ib66873ea4b0d86f12024ec16d788247c071cf3b5
https://review.openstack.org/#/c/564024/ used
/bin/python as the shebang but this can be different
for different platforms, switch to /usr/bin/env to
handle it.
Also update undercloud_ctlplane_network.py to use
/usr/bin/env for consistency, although this file
is not executable.
Change-Id: Id915ded03ae5a471ffa2dca13e2da90021279f63
There was an extra | that was missed. It's not tested in Master but is
in <= Queens.
Change-Id: If7a4c6f3581bed270f478b98b8da8fe010acbbc1
Closes-Bug: #1772071
There is a limit to how long input data can be for the heat script hook.
It turns out that data longer than 131072, will return an Argument list
to long error. To get around this, we need to pass this data in a
different way so that the heat script hook will work.
Change-Id: Ie3bd17ca9863e7687721e8c2628e485ea1849321
Closes-Bug: #1772071
crudini is not installed by default on Red Hat derivitive OS's, so we
shouldn't rely on it. We probably can't just install it since this
script is the rhel-registration script, so there are likely no repos
enabled when we need it.
Instead just use grep/cut/sed to get the value we need.
Change-Id: I78fce8b6c7f1d3528f9d8c02772f95cb8ad3b3c8
Closes-Bug: #1771830
This reverts commit 8e104b3c549118727b53c9825a438e799715b7f9.
https://review.openstack.org/#/c/559926/ introduced requiring CloudName.
This broke the documented deployment process. I also don't see how
CloudName can be required, but CloudDomain can not.
I don't see a technical reason why we can't keep the default as
localdomain. If necessary, we can instead add a parameter
validation instead of requiring the parameter.
Closes-Bug: #1771627
Depends-On: Ia86842b0b1f42512f25390d6bdb695e0f8133c6d
Change-Id: I2c5b511df50f29c63aa613899c2bebb506360bf4
This fixes TLS errors when anything using python-requests is run
from a virtualenv.
Change-Id: Icf659e54e8887dc9759cd4d8f732982ce3e0ae5f
Closes-Bug: #1771565
For NFV deployments, specific kernel args should be applied and
the nodes should be restarted before running the NetworkDeployment.
It is supported in the heat deployment via PreNetworkConfig. In the
config-download mechanism, ansible steps need to be improved
to handle the reboot and wait for the node.
Change-Id: I43b383ad0e04b8be6c321f8c5b05e628b2520141
The new master branch should point now to rocky.
So, HOT templates should specify that they might contain features
for rocky release [1]
Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.
[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
When the evacuation of a nova-compute is in progress on a compute node,
starting the nova-compute service on that node would cause a race in
setting task_state [1] and could ultimately lead failures with all
future evacuation attempts on the compute node.
To avoid triggering that situation, introduce a startup wrapper when
Instance HA is enabled. The wrapper loops until the force-down flag is
clear and all evacuation finished, and then starts nova_compute.
[1] If71727cde51c29231dbb9a51c5babbcdfc802bdd
Partial-Bug: #1764883
Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>
Change-Id: Id1fc820b42fb72fc861fda82b04f6a3fa2b6b6f6
This service file allows for enabling CNS in an OpenShift deployment.
It works as a tagging service and the rest of the configs are applied in
the openshift-master service file.
Note that the disks used can be specified as follows:
parameter_defaults:
OpenShiftGlusterDisks:
- /dev/sdb
Or per-role like:
parameter_defaults:
OpenShiftMasterParameters:
OpenShiftGlusterDisks:
- /dev/sdb
OpenShiftWorkerParameters:
OpenShiftGlusterDisks:
- /dev/sdc
Change-Id: I92972d89ee7edf2ff211e88c6e0758628c3018a2
Fixed tag filtering in mistral so it is safe to remove the workaround
to delete workflows
Change-Id: I543c58047fa2113fa2d39e7f06d3697e9cedee11
Depends-On: Ie082901fd7eb8b61a6306da1275a79aeb6c4a6de
If available, we should be using the external_ip for the public hostname
and public ip variables. This way, the webconsole and other APIs will be
made available through the external network rather than just using the
internal, non public, one
Change-Id: I1d17ea8f9a14736593df56d288eb0147a58bb957
The dispatch script is only executed for interfaces managed by
os-net-config but not for their vlans. This patch gets the vlans
that belong to every interface and adds them to the list of interfaces
to scan.
Change-Id: I44517d2fda0f6252634aa76d41e7a5bb3622456b
* Add a new post install software deployment which runs
a python script to configure the undercloud control
plane network. Replaces section in post shell script.
Change-Id: I1cd594564d1628a6e1fccb9eadf18b716ccc5c72
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the tripleo_upgrade_node.sh
script, both of which are no longer used and have no effect on
the upgrade.
Related reviews
I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient
Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
Stdin does not work for the 'openstack keypair create' command
used in extraconfig/post_deploy/undercloud_post.sh, when installed
via Heat templates.
This ends up with different keys created for underlcoud admin and
the default nova keypair, which is configured by Ironic for
overcloud nodes. So those can not be contacted by undercloud
admin via SSH.
The deployed-server/scripts/enable-ssh-admin.sh fails w/o
that fix and makes not possible to deploy BM/OVB overcloud on top
of UC installed with Heat.
Change-Id: Ifb9c2d5eef731c41999d4ef5daa447edf74fd262
Co-authored-by: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
openshift-ansible allows for passing boot time arguments to the
openshift nodes as well as other variables through the inventory. By
adding the OpenShift(Master|Worker)NodeVars variable, we'll allow for
these variables to be set and customized per deployment.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Ifc8d26fab314a89bf1855fd9035c2ad9be23c28a
Since Pike, minor updates are done via the composable services
framework. The old shell script approach hasn't been used/tested for 2
releases now, and should be dropped.
Also drop the UpdateWorkflow interface. Before we started doing
upgrades via Ansible, we used this pluggable resource interface to
perform oneshot operations like migrations to WSGI or AODH
services. Nowadays this interface is not referenced from anywhere and
we'd probably rather do similar operations via Ansible tasks.
Change-Id: I6c5eafe76eb53bc38d100a9ba132dd8fe6dd2d5f
Instead of disabling openvswitch managed by TripleO when deploying
OpenShift, we should tell OpenShift to let TripleO manage it. We're
going down this path on the openshift-ansible path so we'll stop
disabling openvswitch in t-h-t.
Change-Id: I51226fc363f1c15deb6e33cc7ce15ffe3ac7e9c7
- Replicate what has been done in _post_config_mistral
(instack-undercloud)
- Cleanup cron triggers before cleaning workflows.
- Re-create publish-ui-logs-hourly cron trigger.
- If validations are enabled, execute copy_ssh_key workflow.
Depends-On: I10abed7f1514e9d72d5ebac0c85bad11cdf3210f
Depends-On: I01c4497324b2c8666d9f749147693d580c0a5e20
Change-Id: If641a9f91c85a0dcc5fcd8d89784ff4258123ea7
When upgrading to a containerized undercloud, the stackrc needs to be
overriden so we don't rely on hiera CLI anymore to get the admin
password.
Change-Id: Ie2579bf83d709838557c56d952e61656b84acf31
Expose the configuration of net.ipv4.ip_forward via the kernel service.
Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255
Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1
Related-Bug: #1750194