It's not clear to me why the 'Team and repository tags' is heading 1,
but it is clear to me that it takes away from the 'TripleO Validations'
heading.
A quick review of keystone and nova repositories tells me that the
extra heading is not required, so it is replaced with something more
useful.
Change-Id: I4e889d36e9503a75ce8b079f79f20879def402e3
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.
Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.
To avoid similar gate break in future, we need to bump the hacking min
version.
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html
Change-Id: I63f6be6a68e5e8277e11d5cc6a71c14660d2d792
This reverts commit c899d97120.
It merged too early, we need a promotion before.
Closes-Bug: #1895507
Change-Id: I0f6b7a6353fd8f99744c3b3be08d5f71c6ab1a39
This reverts commit ea550f80ac.
Revert due to promotion blocker, we need latest changes from
validations-libs, which is pinned to 1.0.3 and won't get the
last change.
Closes-Bug: #1895056
Change-Id: I2bcfa11ac766de844e81cfbf740231ed7632a6e3
This patch changes the lower-constraint requirements to make them
py3.8 compatible. See https://bugs.launchpad.net/nova/+bug/1886298
cffi==1.14.0
greenlet==0.4.15
MarkupSafe==1.1.0
paramiko==2.7.1
PyYAML==3.13
Change-Id: I826cbbf8072c5b7d533c1e96c9e7ce132a0d9f7e
Closes-Bug: #1895056
The imp module is deprecated[1] since version 3.4, use importlib to
instead
[1]: https://docs.python.org/3/library/imp.html
Change-Id: I80880417abc8955a53fdfcab93f27b4bef2ddb11
Move Ansible files from share/openstack/tripleo-validation
to share/ansible like tripleo-ansible project
Depends-On: https://review.opendev.org/749385
Change-Id: I62e36f4ab7a77b5120e014dc61168a1ccc9fc6e0
The latest changes to tls-e require certain permissions and ACIs
to be added to the IPA server in order to successfully add DNS entries
and to issue certs with IP SANs (for cinder A/A).
These changes cannot be automated as they require IPA admin or DS
credentials. This adds a validation to make sure the required
permissions and ACLs are present before starting an install.
Change-Id: I03575a5717456ad647cb10825b8d5646a55a6378
This validation takes a list of dict describing the packages we want to
verify.
The main goal is to ensure we are avoiding issues at some point with
particularly sensitive packages, such as podman.
We can't use the "package_facts" ansible module, since we're allowing to
check available packages - i.e. versions that aren't installed on the
system.
With the current default, we ensure we get podman 1.6.4 on every nodes
(overcloud and undercloud).
This can be used during an upgrade in order to ensure we're not using
the wrong podman version - either as an inflight validation, or as a
manual step.
Also, it supports the full version number, with the release itself.
This means you can pass "1.6.4-15" for podman, in order to ensure you
get the precise version you want.
Please check the molecule tests in order to see how this validation can
be used.
Please note, the "yum list" part is slow since it will check on the
remote repositories for the available versions!
Last note, we're using "yum" here since the validation might be needed
on pre-dnf releases (namely, centos-7 or rhel-7).
Change-Id: I021a7ad03902ca506885769c1cadc4a449bebbfb
Previously, the error messages provided no information as to what the
settings should be, they just reported the current value with no
indication of any change that needed to be made. This patch makes them
clearer.
Change-Id: I654df90091e12b9b85ad704312e4ae6c2740ad70
It makes no sense to lump vif_plugging_timeout and vif_plugging_fatal
into the same tasks. One is a numeric value validated to be larger
than a minimum, the other is a boolean value validated to be set to
True. Split them into separate tasks, and clarify the failure error
messages.
Change-Id: I7a28f6014c55293d018d5fbc3223a26a10550f1c
The tripleo-ansible-inventory script uses the role names in order to
group the different hosts.
Since we can use custom roles, the fixed "Controller" and others aren't
relevant in such cases.
Ansible allows to use parameter for the "hosts" value in playbooks,
allowing us to call the validations using this command:
openstack tripleo validator run --validation haproxy \
--extra-vars '{"controller_rolename": "MyCustomController"}'
(or use the --extra-vars-file in order to avoid in-line JSON)
This patch also correct a non-existent group call, Database. The closest
we have is the "mysql" group in the inventory - let's reflect it in
order to avoid useless warning(s).
Change-Id: I3bec039283fe5df56771d84fff5bd5940fd149d8
the /var/log/validations directory doesn't exist on the overcloud, since
we don't install the validations there.
Change-Id: Ib125ca44f7e3d7fed1d19d2b1847b5bbe64226ed
This module is needed by the "xml" ansible module, used in the new
nova_svirt role intruduced here:
https://review.opendev.org/744835
Change-Id: I9694ab3fde1248a25e1b1736a3351abde5d619ca
Also ensure we don't collect facts by default.
Also ensure we get the right name for the playbook itself.
Change-Id: I1dfafed5ac75b0c52d6fd6ec48a43fbd4666c124
Previously validator failed running on neutron_api as the
neutron-sanity-check binary requires additional capabilities, causing it
to alway fail [0]. In addition, in some cases a race condition in
oslo_privsep can cause the validator to hang indefinitely [1].
This fixes it if the overcloud uses ML2/OVS, using the neutron_ovs_agent
container as we already did on the undercloud, and skipping the check if
it cannot be found (ML2/OVN deployments typically).
Additional fixes to the validator:
* skip gather_facts step
* fix output parsing
* call neutron-sanity-check only once, with all configuration files
passed to it
* drop redundant default values in playbook itself
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1783195
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1862364
Change-Id: Ifacbbd6a493019e606105f45f0302bf1a88bed62
Co-Authored-By: Cédric Jeanneret <cjeanner@redhat.com>
On upgrades we're using validations (from train) against controller that
are still on queens. On queens jq package is <1.5 and the "try" keyword
is not available.
This purpose of this change is to fix this validations getting rid of
"try-catch" in favour of "if-else" which works for 1.3+ < jq < 1.5.
Change-Id: Id16ccf69888ceb03cc33e0627de5270f9c8f4b95
Closes-Bug: #1889279
I don't know how to explain how it happens, but we have had several
customers case[1], for example, different local for writing to the database
and reading. What causes an error during minor update, the keystone
client calls the command to list the openstack projects. So we have a
python unicode error. For rabbitmq we force the utf-8 local, so we
decided that we assume that we must be in utf-8 everywhere. Add this
validation to ensure the local system is configure with the good local.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1824513
Change-Id: I8b8f2a17a4963af46dd2c5407fb089414a804247
Jesse Pretorius (odyssey4me)
Zuul
Mathieu Bultel
Ade Lee
zhoulinhui
Cédric Jeanneret (Tengu)
Gael Chamoulaud (Strider)
gugug
Artom Lifshitz
Jose Luis Franco Arza
Bernard Cafarelli
Francesco Pantano
Daniel Bengtsson