We were using a deprecated interfce to set this value. This uses the
correct one.
Closes-Bug: #1793665
Change-Id: Ib7717911aba3267f855ac6682b0144bfe92034fb
The CLI commands running Ansible can crash if we send too much
single-line log output their way. This was happening on upgrades, when
we run Ansible with verbosity level 1.
The fix is twofold:
* If ceph-ansible finishes successfully, we don't print the
ceph-ansible output into the main log.
* If ceph-ansible fails, we do print the output, but we print it
line-by-line, which should give us much better readability than
before, and we shouldn't break the limits of the Mistral-Zaqar-CLI
message passing.
Change-Id: I6e0fc36749e74fce25f414c2547e49e2a20437ab
Closes-Bug: #1795689
We have the following code in docker-puppet.py:
service.get('prigileged', False),
This typo will prevent privileged true to work. This typo was added via
If70da9804d8a26fff594f7282f64318fd6b79e2c
Change-Id: Id85145656dbb82338c2a73915abdb64114bfc1fb
Closes-Bug: #1795558
We want to enable podman on the undercloud first, this patch just
install the rpm and configure the insecure registry if needed.
Change-Id: If469e584e2905a002931277bbe2f7301f7b8fd93
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.
For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.
Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
Deactivating selinux separation for now will allow haproxy to access
its certificate without any issue.
Change-Id: Ia00219337737dca87f745af5519effc04ce0a620
This will allow proper access from the containers without any
new SELinux policy
Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: I284126db5dcf9dc31ee5ee640b2684643ef3a066
with_dict is replaced by ansible's loop:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#with-dict
This migrates tasks using with_dict over to use loop instead.
Additionally, when using loop (or with_dict), the entire loop item is
logged by default. This makes these tasks very verbose since we're
looping over large json/yaml files. Instead, use loop_control and label
ot only log the item key. The entire data structure already exists in
the config-download directory anyway, so there's no need to log the
whole thing to the console.
Change-Id: I1fc7431dfc662212b6ca64f4f738760f25b0c30b
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22
uses RPCUseSSL only and misses the NotifyUseSSL variable.
The reason this is a problem is that commands/services that will kick
off a notification are likely to hang due to this. Imagine the
following scenario:
1. TLS configured everywhere
2. keystone-manage bootstrap actually hangs
The reason for this is that the messaging string in the keystone container will look like the following:
[oslo_messaging_notifications]
transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0
By gdb-ing on to the keystone-manage process (thanks Damien, for the
idea) we can see that we are stuck in oslo calls connecting to rabbit
without tls
Closes-Bug: #1795462
Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8
Currently it is not possible to do per-node customization inside
docker-puppet.py because it overrides the fact 'uuid'.
This change adds a dedicated docker_puppet entry in hiera.yaml so that
docker-puppet.py needs to do nothing special for
/etc/puppet/hieradata/docker_puppet.json to be included in the hiera
merge.
Change-Id: Icf37dcd63e0152ee15e9f0079b45e31a4f8d9fbb
Depends-On: https://review.openstack.org/#/c/605478/
Closes-Bug: #1761624
NeutronEnableDHCPAgent is no longer consumed anywhere in OpenStack so
this patch is removing all occurrences of it in the environment files.
Change-Id: I042944c3f24d22fa60d4ed13fd9a56c5b93f465f
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
The undercloud needs to be able to run the playbooks shipping with
ceph-ansible so we mount them from the hosting node in undercloud.yaml
Change-Id: I8d1db69d520da069099f919f286e6a553dd645a5
Closes-Bug: 1794027
This sets the mysql connect timeout in the containerized undercloud
case. It mirrors Ia3799cdaf171892431151e4f2f7d2095081b8242.
Related-Bug: #1783995
Change-Id: I727a38eb537f83accadca9ee7f38bd7ace62500e
The main purpose of this file is to enable the zaqar service
but, unlike the environments/services/zaqar.yaml file it explicitely
disables the redis service as this is meant to be used with
swift/sqlalchemy.
The main use case here being the containerized undercloud
Change-Id: Ic11b4790a1a2c2336cd432784f19922e76e028ad
Partial-Bug: #1795027
It isn't useful for much of anything in a production deployment
and it conflicts with the local DNS server in CI.
Change-Id: Ied3ecdc71bfdf9bb6439e2c9464aa01346e69226
Closes-Bug: 1795043
Before this patch, we weren't configuring the 'https' protocol
for OVN Metadata agent to talk to Nova so when EnableInternalTLS
is set to True, http was still used. This patch fixes it by
configuring the metadata_protocol correctly.
Closes-Bug: 1794510
Change-Id: If3e3642038aecfa2b71de4b46d89d9c2c4f8be01
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
When running the process-templates script with both the -o OUTPUT_DIR and
-p BASE_PATH options the output files were not being written to the output
directory. This fix splits out the file path from the base path to properly
write the files.
Change-Id: I845e8a2cbd2b12a4a1552b2cfa3ac013466da6bd
Closes-Bug: #1794769
Juan Antonio Osorio Robles