Age | Commit message (Collapse) | Author | Files | Lines |
|
So far we've been using virtlogd running on the host, we should now be
using virtlogd from a container.
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I998c69ea1f7480ebb90afb44d6006953a84a1c04
|
|
After 483293 commit is merged, major-upgrade-composable-steps.yaml file
is pointing to the wrong location deployment, which is now under
common/ folder.
Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Splitting by colon using native str_split function did not work well
because we needed a right split.
This change replaces the str_split calls with yaql rightSplit().
Change-Id: Iab2f69a5fadc6b02e2eacf3c9d1a9024b0212ac6
|
|
The ip address which clients and other nodes use to connect to the
monitors is derived from the monitor_interface parameter unless
a monitor_address or monitor_address_block is given (to set mon_host
into ceph.conf); this change adds setting for monitor_address_block to
match the public_network so that clients attempt to connect to the mons
on the appropriate network.
Change-Id: I7187e739e9f777eab724fbc09e8b2c8ddedc552d
Closes-Bug: #1709485
|
|
This enables either deploying without configuring any services, or
temporarily disabling the deploy steps such as will be required
for minor updates where we want to re-run the rolling update outside
of heat.
To deploy directly via ansible-playbook you can do e.g:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-6b02U7-config
ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml
Which will run the same ansible steps as we normally run via heat.
Change-Id: I59947b67523dfcc43d454d4ac7d82b06804cf71d
|
|
These work the same way as upgrade_tasks *but* they use a step variable
instead of tags, so we can iterate over a count/sequence which isn't
possibly via a wrapper playbook with tags (we may want to align upgrade
tasks with the same approach if this works out well).
Note the tasks can be run via ansible-playbook on the undercloud, like:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-HCrDA6-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit controller
The above will do a rolling update for the Controller role (note the inconsistent
capitalization, we probably need to fix the group naming in tripleo-ansible-inventory)
because we specify serial: 1 in the playbook.
You can also trigger an update explicitly on one node like this, which is useful for debugging:
ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit overcloud-controller-0
Change-Id: I20bb3e26ab9d9cadf1a31fd304de8a014a901aa9
|
|
This exposes the deploy workflow for all roles from deploy-steps
via overcloud.j2.yaml - which means we can write it via the new
openstack overcloud config download command and/or run the workflow
outside of heat via mistral
With https://review.openstack.org/#/c/485732/ applied to
tripleoclient it becomes possible to do:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-EvEZk0-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml
This runs the deploy steps, exactly the same as normally run via heat
via ansible-playbook for all overcloud nodes (--limit can be used to restrict
to specific nodes/roles).
Change-Id: I96ec09bc788836584c4b39dcce5bf9b80e914c71
|
|
This isn't set unless the playbook is run via heat, so default it to false
to enable easier use via ansible-playbook combined with tripleo-ansible-inventory
Change-Id: I9705e4533831a019dd0051e5522d4b7958682506
|
|
So that we can more easily iterate over an include in an output
Change-Id: Idd5bb47589e5c37123caafcded1afbff8881aa33
|
|
|
|
|
|
|
|
|
|
It looks like this was added recently and it doesn't appear to be a
parameter we want in the sample environments.
Change-Id: I0ac433553e7ad9b0a54c011b66c54b4692b44be0
|
|
|
|
|
|
After merging commit 488796, single quotation marks
were missed. This causes the upgrade to fail as the
flag --sacks-number is considered a su command flag.
Also mounts Ceph config data into the container which
seems needed for the gnocchi-upgrade command when
configured to use Ceph.
Also move the gnocchi db sync to step 4, so ceph is
ready. Add a retry loop to ceilometer-upgrade cmd so
it doesnt fail while apache is restarted.
Closes-Bug: #1709322
Change-Id: I62f3a5fa2d43a2cd579f72286661d503e9f08b90
|
|
|
|
If we consolidate these we can focus on one implementation (the new ansible
based one used for docker-steps)
Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546
Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
|
|
Add some special-casing for backwards compatibility, such that the
CephStorage role can be rendered via j2 for support of composable networks.
Change-Id: Iee92bb6ee94963717d3a8ef400e7970f62576a0d
Partially-Implements: blueprint composable-networks
|
|
Add some special-casing for backwards compatibility, such that the
BlockStorage role can be rendered via j2 for support of composable networks.
Change-Id: Ia5fb5ff6dbe218710e95a69583ac289cf7b4af9e
Partially-Implements: blueprint composable-networks
|
|
Add some special-casing for backwards compatibility, such that the
ObjectStorage role can be rendered via j2 for support of composable networks.
Change-Id: I52abbefe2f5035059ccbed925990faab020c6c89
Partially-Implements: blueprint composable-networks
|
|
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
|
|
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.
Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
|
|
This bind mounts the necessary files for the mongodb container to serve
TLS in the internal network.
bp tls-via-certmonger-containers
Change-Id: Ieef2a456a397f7d5df368ddd5003273cb0bb7259
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
It wasn't being configured, thus making mongodb fail.
Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #1710162
|
|
|
|
|
|
|
|
With these two services running over httpd in the containers, we can now
enable TLS for them.
bp tls-via-certmonger-containers
Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21
|
|
The non-containerized version will run over httpd [1], and for the
containerized TLS work, it is needed in the container version as well.
[1] Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
bp tls-via-certmonger-containers
Depends-On: I1c5f13039414f17312f91a5e0fd02019aa08e00e
Change-Id: I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7
|
|
In non-containerized deployments, Galera can be configured to use TLS
for gcomm group communication when enable_internal_tls is set to true.
Fix the metadata service definition and update the Kolla configuration
to make gcomm use TLS in containers, if configured.
bp tls-via-certmonger-containers
Change-Id: Ibead27be81910f946d64b8e5421bcc41210d7430
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Closes-Bug: #1708135
Depends-On: If845baa7b0a437c28148c817b7f94d540ca15814
|
|
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
|
|
|
|
|
|
|
|
I forgot to remove the existing entry in
I11232fc412adcc18087928c281ba82546388376e.
Change-Id: I40b12e857dc40881f5fe9cf73963ac90caacb17d
|
|
After creating glance image successfully, share location
was remaining empty because the NFS volume on controller was
not mounted to docker container.
Now, connecting NFS volume to the docker container.
Change-Id: Ib45f117cbbf2b7b2c0faf024e9a8b049c440d872
Closes-Bug: 1708629
|
|
|
|
In non-containerized deployments, HAProxy can be configured to use TLS for
proxying internal services.
Fix the creation of the of the haproxy bundle resource to enable TLS when
configured. The keys and certs files are all passed as configuration files and
must be copied by Kolla at container startup.
For the time being, disable the use of the CRL file until we find a means
of restarting the containerized HAProxy service when that file expires.
Change-Id: If307e3357dccb7e96bdb80c9c06d66a09b55f3bd
Depends-On: I4b72739446c63f0f0ac9f859314a4d6746e20255
Closes-Bug: #1709563
|
|
|
|
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #1709583
|