With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
In order to ANSIBLE_INJECT_FACT_VARS=False we have to use ansible_facts
instead of ansible_* vars. This change switches our distribution and
hostname related items to use ansible_facts instead.
Change-Id: I49a2c42dcbb74671834f312798367f411c819813
Related-Bug: #1915761
Containers are restarted with new command lines during upgrade/updates
before the external_deploy_task are run that create a configuration file
that is used on the command line. This results in octavia services
failing to start.
Note: this was originally merged as:
https://review.opendev.org/#/c/750986/
but the OctaviaBase references in templates was incorrect so the
original patch was reverted through:
https://review.opendev.org/#/c/763561/
As the original patch had not been backported, it makes more sense to
revert and get a correct fix in place and backport that instead of
requiring backporting a series or backporting a squashed commit.
Change-Id: Ib3476e53f89b50bae72b9c95a5d3dec51ed3de7e
Related-Bug: #1863595
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
This change makes octavia services on unupgrade controller nodes get
stopped, because all services in the unupgrade controllers should be
stopped before we start the upgraded controller[1].
[1] 8529ce60da84d2aa1e1c9e6994303678261b09da
Change-Id: I51855841c269ec593933288af4135f5d06a139fe
Containers are restarted with new command lines during upgrade/updates
before the external_deploy_task are run that create a configuration file
that is used on the command line. This results in octavia services
failing to start.
Change-Id: I741059afad42d0aa1e17b5becd56cbbbb0003c82
Related-Bug: #1863595
Almost every single tripleo service creates a persistent directory. To
simplify the creation, a with_items structure was being used. In which
many times, the mode option was being set. However, that mode option
was not taken into account at the time of creating the file. As a
consequence, the directory was being created with its father directory
rights, instead of the ones being passed in the template.
Change-Id: I215db2bb79029c19ab8c62a7ae8d93cec50fb8dc
Closes-Bug: #1871231
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).
A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.
Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
Octavia worker, house-keeping and health-monitor serivices may use some
long taskflow's flows to handle load balancers and amphorae (launch VMs,
etc...). Those flows should not be interrupted when restarting those
services (i.e when updating an overcloud, or restarting services because
of certificates rotation), it might cause resource leaks that cannot be
fixed by an admin.
As default container stop timeout is defined to 10 seconds, this timeout
value needs to be increased for octavia services (except octavia api) to
ensure a graceful shutdown.
This new value has been set to 300 seconds according to the octavia
worker default configuration introduced in
https://review.opendev.org/#/c/684201/
Closes-Bug: #1855684
Change-Id: I8911a79328769c910d03168cfa5a421d0dd0f9b6
When podman parses such volume map it removes the slash
automatically and shows in inspection volumes w/o slash.
When comparing configurations it turns to be a difference and
it breaks idempotency of containers, causing them to be recreated.
Change-Id: Ifdebecc8c7975b6f5cfefb14b0133be247b7abf0
These tasks were incorrectly placed in post update and upgrade steps.
They need to be moved to tripleo-ansible.
See https://review.opendev.org/#/c/696727/
Closes-Bug: #1836074
Change-Id: I7da826200db1b6ac7d2a60cfa2577004d27aee17
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.
This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.
Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
We switched to containers a long time ago. This patch drops the
management of a /var/log/<service> directory and the creation of a
readme indicating that we've moved to containers which makes the logging
available under /var/log/containers/<service>
Change-Id: Ia4e991d5d937031ac3312f639b726a944743dd1e
We should ensure that the service folders are 0750. We're setting
/var/log/containers but we should also ensure the service folders also
have the correct permissions.
Change-Id: I28e8017edc7e30a60288adf846da722fd6ab310e
Moving all the container environments from lists to dicts, so they can
be consumed later by the podman_container ansible module which uses
dict.
Using a dict is also easier to parse, since it doesn't involve "=" for
each item in the environment to export.
Change-Id: I894f339cdf03bc2a93c588f826f738b0b851a3ad
Depends-On: I98c75e03d78885173d829fa850f35c52c625e6bb
Consolidate post deploy configurations in a single file. Octavia
controller services share many configurations. It is best to consolidate
them in the same configuration file. This fixes problems seen like
amphorae not having the controller_ip_port_list config value set on
failover triggered by the Health Manager service as that config was only
being loaded for the Worker service.
Closes-Bug: #1836074
Depends-On: https://review.opendev.org/#/c/687311/
Change-Id: I32524f85ef6a0ca3e87fa9acc8c9e12776225717
Octavia uses external deploy steps to complete configuration of the
support services, requiring a restart to pick these changes up if the
services are started in step 4. This patch moves the startup of these
services to step 5 avoiding the need for restarting.
This was actually causing an issue with healthchecks as the restart was
happening during the restart.
Change-Id: I4d7d322c2d64ed06b71ab0da049cf92f5a8e8d8a
Related-Bug: #1843981
This patch removes fluentd composable service in favor of rsyslog composable service
and modifies *LoggingSource configuration accordingly.
Change-Id: I1e12470b4eea86d8b7a971875d28a2a5e50d5e07
The tripleo-docker-rm role has been replaced by tripleo-container-rm [0].
This role will identify the docker engine via the container_cli variable
and perform a deletion of that container. However, these tasks inside the
post_upgrade_tasks section were thought to remove the old docker containers
after upgrading from rocky to stein, in which podman starts to be the
container engine by default.
For that reason, we need to ensure that the container engine in which the
containers are removed is docker, as otherwise we will be removing the
podman container and the deployment steps will fail.
Closes-Bug: #1836531
[0] - 2135446a35
Depends-On: https://review.opendev.org/#/c/671698/
Change-Id: Ib139a1d77f71fc32a49c9878d1b4a6d07564e9dc
This converts all Docker*Image parameter varients into
Container*Image varients.
The commit was autogenerated with the following shell commands:
for file in $(grep -lr Docker.*Image --include \*.yaml --exclude-dir releasenotes); do
sed -e "s|Docker\([^ ]*Image\)|Container\1|g" -i $file
done
Change-Id: Iab06efa5616975b99aa5772a65b415629f8d7882
Depends-On: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
Depends-On: Ib1dc0c08ce7971a03639acc42b1e738d93a52f98
podman doesn't like starting the "x_init_dirs" containers without some
kind of net parameter. These containers don't actually require a network
configuration so setting net to none does the job.
Change-Id: I6fd6add76e21e0b3d8b4ee0fbe5798a1f2a25205
This change combines the previous puppet and docker files into a single
file that performs the containerized service installation and configuration
for the octavia services.
With this patch the baremetal version of each respective octavia service
has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: Icf2856fd261b49a4da1f197c7190c9a18d21e30f