Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It will allow to configure keystone event notifications
using CADF, as documented on:
https://docs.openstack.org/developer/keystone/event_notifications.html
CADF events provide auditing capabilities for compliance with
security.
Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
|
|
This aligns the docker based services with the new composable upgrades
architecture we landed for ocata, and does a first-pass adding upgrade_tasks
for the services (these may change, atm we only disable the service on
the host).
To run the upgrade workflow you basically do two steps:
openstack overcloud deploy --templates \
-e environments/major-upgrade-composable-steps-docker.yaml
This will run the ansible upgrade steps we define via upgrade_tasks
then run the normal docker PostDeploySteps to bring up the containers.
For the puppet workflow there's then an operator driven step where
compute nodes (and potentially storage nodes) are upgrades in batches
and finally you do:
openstack overcloud deploy --templates \
-e environments/major-upgrade-converge-docker.yaml
In the puppet case this re-applies puppet to unpin the nova RPC API
so I guess it'll restart the nova containers this affects but otherwise
will be a no-op (we also disable the ansible steps at this point.
Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1
Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
|
|
This uses a puppet-tripleo profile to configure and start docker
in step1 of the deployment, which is before we attempt to deploy
any containers (see docker/services/README.rst#docker-steps)
This enables existing environments on upgrade to configure things
correctly, without using the docker/firstboot/setup_docker_host.sh
- the firstboot approach may still be needed for atomic, but for
environments where we can run puppet on the host this integrates
more cleanly with our existing architecture I think.
Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b
|
|
|
|
|
|
It doesn't work downstream, so the httpd command was recommended.
Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
|
|
|
|
|
|
|
|
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e
was added to most of the tripleo-heat-templates in
Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
The new hook is installed by default if you use tripleo-common
Ia1864933235152b7e899c4442534879f8e22240d and will be installed
as part of the Newton to Ocata upgrades workflow in
I0c7a32194c0069b63a501a913c17907b47c9cc16
In order to use the new hiera data as part of the upgrade we
need to remove the old hieradata which will break anyone still
defining and using it. This change updates the remaining vendor
plugin manifests to use the new hiera hook. The pre-requisite
is that the new hook is installed on their overcloud (as above
it comes if you follow the N..O upgrade)
Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
|
|
|
|
|
|
|
|
ODL-l3 env file was removed in commit 7163746
manage-firewall was removed in commit 2064ab8 as this was enabled
by default
Change-Id: I8ed8d4ed5bf709f2ac581adfaacc24a7582f13bd
|
|
In cases where /var/log/httpd already exists, this exits with error
code 1.
$ sudo docker logs keystone-init-log
mkdir: cannot create directory '/var/log/httpd': File exists
Change-Id: I62bf08d9fc9e02d5f3016bd14bb0a090b76ac837
|
|
|
|
|
|
The puppet facts will be removed soon and using the hiera value is
adviced instead.
Change-Id: I318f81abaac997370e950780993dc95cae088327
|
|
The puppet facts will be removed soon and using the hiera value is
adviced instead.
Change-Id: I3ba89dd9bd471c5723325efc9041ca6da937ccc5
|
|
Upgrade process wasn't consistent and correct.
Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
|
|
|
|
This updates kolla config to overwrite the stock
version with the puppet-nova generated mock.
Depends-On: Ie16a60c604ecf9f4012b0630f91e6ece2b6855db
Change-Id: I320f024adc88102ea24c0212702fe2dce826874f
Closes-bug: #440612
|
|
This enables the IronicPxe services which are split out
into separate templates for the containerized undercloud.
Change-Id: I0ec3cefec9b47ef3c59de6972541ef9b560aacb7
|
|
|
|
The opencontrail environment file was removed in commit da91bb6
so this is no longer required
Change-Id: I835dc665ede7fdb50d5be2c3251b8acf20c3ce37
|
|
|
|
|
|
Change-Id: Icc5fbf99301ae47344e1582767e1e7a4687f491b
|
|
|
|
|
|
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the
following changes:
- tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6
- puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084
We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420
With the move to the ansible-based composable upgrades we left this change out.
And now an upgraded environment has the following policy:
- Upgraded environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"
- New environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"
We need to add this pcs resource change to the our upgrade scripts.
Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692
Closes-Bug: #1668600
|
|
|
|
This approach removes the need for the yaql zip to build the
docker-puppet data by building the data in a puppet_config dict.
This allows a future change to make docker-puppet.py only accept dict
data.
Currently the step_config is left where it is and referenced inside
puppet_config, but feedback is welcome whether this is necessary or
desirable.
Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
|
|
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
Change-Id: I189edaf69c0e97a3399e6af939595f98322d7c03
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.
This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.
Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.
Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
|
|
This allows to run a containerized neutron on the overcloud.
Co-Authored-By: Martin André <m.andre@redhat.com>
Depends-On: Iaf6536b1c4d0b2b118af92295136378cdfeee9d1
Change-Id: I86a12248d4f28f4dbe7708be928bcd8a45968d01
|
|
Otherwise the containerized nova running in the overcloud fails with
"Host 'overcloud-novacompute-0' is not mapped to any cell, Code: 400".
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I9ff77f25bfd1f37167b0638a32fe5049951bc5b4
|
|
|
|
|
|
This file is needed for plan import and export features. We want to enable the
user to store the selection of environment options, so that it can be
re-imported, and it does not have to be perfmed manually multiple times.
The plan create workflow will look into the Swift
container for this file, and import its contents into the Mistral
environment. Conversely, plan export will create this file from the Mistral
environment contents, so that it can later be re-imported.
For more information, see the related blueprint, and the spec at
https://specs.openstack.org/openstack/tripleo-specs/specs/ocata/gui-plan-import-export.html
Partially implements: blueprint enhance-plan-creation-with-plan-environment
Change-Id: I95e3e3a25104623d6fcf38e99403cebbd591b92d
|
|
|