diff options
| -rw-r--r-- | apex/builders/undercloud_builder.py | 2 | ||||
| -rw-r--r-- | apex/common/constants.py | 2 | ||||
| -rw-r--r-- | apex/common/utils.py | 12 | ||||
| -rw-r--r-- | apex/deploy.py | 7 | ||||
| -rw-r--r-- | apex/network/network_data.py | 2 | ||||
| -rw-r--r-- | apex/overcloud/deploy.py | 5 | ||||
| -rw-r--r-- | apex/tests/config/98faaca.diff | 2 | ||||
| -rw-r--r-- | apex/tests/test_apex_common_utils.py | 5 | ||||
| -rw-r--r-- | apex/tests/test_apex_overcloud_deploy.py | 8 | ||||
| -rw-r--r-- | apex/undercloud/undercloud.py | 5 | ||||
| -rw-r--r-- | build/network-environment.yaml | 22 | ||||
| -rw-r--r-- | build/patches/neutron-patch-NSDriver.patch | 2 | ||||
| -rw-r--r-- | config/deploy/common-patches.yaml | 8 | ||||
| -rw-r--r-- | lib/ansible/playbooks/configure_undercloud.yml | 24 | ||||
| -rw-r--r-- | lib/ansible/playbooks/deploy_overcloud.yml | 31 | ||||
| -rw-r--r-- | lib/ansible/playbooks/patch_containers.yml | 6 | ||||
| -rw-r--r-- | lib/ansible/playbooks/post_deploy_overcloud.yml | 6 | ||||
| -rw-r--r-- | lib/ansible/playbooks/prepare_overcloud_containers.yml | 2 |
18 files changed, 112 insertions, 39 deletions
diff --git a/apex/builders/undercloud_builder.py b/apex/builders/undercloud_builder.py index 943c2525..47d2568d 100644 --- a/apex/builders/undercloud_builder.py +++ b/apex/builders/undercloud_builder.py @@ -28,14 +28,12 @@ def add_upstream_packages(image): pkgs = [ 'epel-release', 'openstack-utils', - 'ceph-common', 'python2-networking-sfc', 'openstack-ironic-inspector', 'subunit-filters', 'docker-distribution', 'openstack-tripleo-validations', 'libguestfs-tools', - 'ceph-ansible', 'python-tripleoclient', 'openstack-tripleo-heat-templates' ] diff --git a/apex/common/constants.py b/apex/common/constants.py index 4e48920e..59988f74 100644 --- a/apex/common/constants.py +++ b/apex/common/constants.py @@ -53,7 +53,7 @@ DEPLOY_TIMEOUT = 120 RDO_TAG = 'current-tripleo' UPSTREAM_RDO = "https://images.rdoproject.org/master/rdo_trunk/{}/".format( RDO_TAG) -OPENSTACK_GERRIT = 'https://review.openstack.org' +OPENSTACK_GERRIT = 'https://review.opendev.org' DOCKER_TAG = RDO_TAG # Maps regular service files to docker versions diff --git a/apex/common/utils.py b/apex/common/utils.py index aae821ef..72a66d10 100644 --- a/apex/common/utils.py +++ b/apex/common/utils.py @@ -310,3 +310,15 @@ def fetch_properties(url): logging.warning('Unable to fetch properties for: {}'.format(url)) raise exc.FetchException('Unable determine properties location: ' '{}'.format(url)) + + +def find_container_client(os_version): + """ + Determines whether to use docker or podman client + :param os_version: openstack version + :return: client name as string + """ + if os_version == 'rocky' or os_version == 'queens': + return 'docker' + else: + return 'podman' diff --git a/apex/deploy.py b/apex/deploy.py index f5d64820..d0c2b208 100644 --- a/apex/deploy.py +++ b/apex/deploy.py @@ -527,6 +527,8 @@ def main(): container_vars['os_version'] = os_version container_vars['aarch64'] = platform.machine() == 'aarch64' container_vars['sdn_env_file'] = sdn_env_files + container_vars['container_client'] = utils.find_container_client( + os_version) try: utils.run_ansible(container_vars, docker_playbook, host=undercloud.ip, user='stack', @@ -569,6 +571,8 @@ def main(): deploy_vars['http_proxy'] = net_settings.get('http_proxy', '') deploy_vars['https_proxy'] = net_settings.get('https_proxy', '') deploy_vars['vim'] = ds_opts['vim'] + deploy_vars['container_client'] = utils.find_container_client( + os_version) for dns_server in net_settings['dns_servers']: deploy_vars['dns_server_args'] += " --dns-nameserver {}".format( dns_server) @@ -733,6 +737,9 @@ def main(): deploy_vars['sriov'] = ds_opts.get('sriov') deploy_vars['tacker'] = ds_opts.get('tacker') deploy_vars['all_in_one'] = all_in_one + # TODO(trozet): need to set container client to docker until OOO + # migrates OC to podman. Remove this later. + deploy_vars['container_client'] = 'docker' # TODO(trozet): pull all logs and store in tmp dir in overcloud # playbook post_overcloud = os.path.join(args.lib_dir, constants.ANSIBLE_PATH, diff --git a/apex/network/network_data.py b/apex/network/network_data.py index 1177af09..6f330c50 100644 --- a/apex/network/network_data.py +++ b/apex/network/network_data.py @@ -83,7 +83,7 @@ def create_network_data(ns, target=None): "{}".format(net)) raise NetworkDataException("cidr is null for network {}".format( net)) - + tmp_net['mtu'] = network.get('mtu', 1500) network_data.append(copy.deepcopy(tmp_net)) # have to do this due to the aforementioned bug diff --git a/apex/overcloud/deploy.py b/apex/overcloud/deploy.py index 27263740..538f50a4 100644 --- a/apex/overcloud/deploy.py +++ b/apex/overcloud/deploy.py @@ -367,11 +367,12 @@ def prep_image(ds, ns, img, tmp_dir, root_pw=None, docker_tag=None, pw_op = "password:{}".format(root_pw) virt_cmds.append({con.VIRT_PW: pw_op}) - if dataplane == 'ovs': + # FIXME(trozet) ovs build is failing in CentOS 7.6 + # if dataplane == 'ovs': # FIXME(trozet) remove this after RDO is updated with fix for # https://bugzilla.redhat.com/show_bug.cgi?id=1544892 # https://review.rdoproject.org/r/#/c/13839/ - oc_builder.inject_ovs_nsh(tmp_oc_image, tmp_dir) + # oc_builder.inject_ovs_nsh(tmp_oc_image, tmp_dir) if dataplane == 'fdio': # Patch neutron with using OVS external interface for router diff --git a/apex/tests/config/98faaca.diff b/apex/tests/config/98faaca.diff index 68a66fbc..96462d5f 100644 --- a/apex/tests/config/98faaca.diff +++ b/apex/tests/config/98faaca.diff @@ -17,7 +17,7 @@ specified in environments/services-docker/update-odl.yaml. Upgrading ODL to the next major release (1.1->2) requires only the L2 steps. These are implemented as upgrade_tasks and -post_upgrade_tasks in https://review.openstack.org/489201. +post_upgrade_tasks in https://review.opendev.org/489201. Steps involved in level 2 update are 1. Block OVS instances to connect to ODL diff --git a/apex/tests/test_apex_common_utils.py b/apex/tests/test_apex_common_utils.py index f307990d..1ecb7df6 100644 --- a/apex/tests/test_apex_common_utils.py +++ b/apex/tests/test_apex_common_utils.py @@ -155,3 +155,8 @@ class TestCommonUtils: def test_unique(self): dummy_list = [1, 2, 1, 3, 4, 5, 5] assert_equal(utils.unique(dummy_list), [1, 2, 3, 4, 5]) + + def test_find_container_client(self): + for version in 'rocky', 'queens': + assert_equal(utils.find_container_client(version), 'docker') + assert_equal(utils.find_container_client('master'), 'podman') diff --git a/apex/tests/test_apex_overcloud_deploy.py b/apex/tests/test_apex_overcloud_deploy.py index d4d90835..79dbf54b 100644 --- a/apex/tests/test_apex_overcloud_deploy.py +++ b/apex/tests/test_apex_overcloud_deploy.py @@ -260,7 +260,7 @@ class TestOvercloudDeploy(unittest.TestCase): prep_image(ds, ns, 'undercloud.qcow2', '/tmp', root_pw='test') mock_virt_utils.virt_customize.assert_called() mock_inject_odl.assert_called() - mock_ovs_nsh.assert_called() + # mock_ovs_nsh.assert_called() @patch('apex.overcloud.deploy.c_builder') @patch('apex.overcloud.deploy.oc_builder') @@ -361,7 +361,7 @@ class TestOvercloudDeploy(unittest.TestCase): ns = MagicMock() prep_image(ds, ns, 'undercloud.qcow2', '/tmp', root_pw='test') mock_virt_utils.virt_customize.assert_called() - mock_ovs_nsh.assert_called() + # mock_ovs_nsh.assert_called() @patch('apex.builders.overcloud_builder.inject_ovs_nsh') @patch('apex.overcloud.deploy.utils.fetch_upstream_and_unpack') @@ -393,7 +393,7 @@ class TestOvercloudDeploy(unittest.TestCase): mock_virt_utils.virt_customize.assert_called() mock_inject_odl.assert_called() mock_inject_quagga.assert_called() - mock_ovs_nsh.assert_called() + # mock_ovs_nsh.assert_called() @patch('apex.builders.overcloud_builder.inject_ovs_nsh') @patch('apex.builders.overcloud_builder.inject_opendaylight') @@ -421,7 +421,7 @@ class TestOvercloudDeploy(unittest.TestCase): prep_image(ds, ns, 'undercloud.qcow2', '/tmp', root_pw='test') mock_virt_utils.virt_customize.assert_called() mock_inject_odl.assert_called() - mock_inject_ovs_nsh.assert_called() + # mock_inject_ovs_nsh.assert_called() @patch('apex.overcloud.deploy.os.path.isfile') def test_prep_image_no_image(self, mock_isfile): diff --git a/apex/undercloud/undercloud.py b/apex/undercloud/undercloud.py index ccdcd168..5ee487c2 100644 --- a/apex/undercloud/undercloud.py +++ b/apex/undercloud/undercloud.py @@ -155,6 +155,8 @@ class Undercloud: ansible_vars['apex_temp_dir'] = apex_temp_dir ansible_vars['nat'] = self.detect_nat(net_settings) + ansible_vars['container_client'] = utils.find_container_client( + self.os_version) try: utils.run_ansible(ansible_vars, playbook, host=self.ip, user='stack') @@ -252,7 +254,8 @@ class Undercloud: "generate_service_certificate false", "undercloud_ntp_servers {}".format(str(ns['ntp'][0])), "container_images_file " - "/home/stack/containers-prepare-parameter.yaml" + "/home/stack/containers-prepare-parameter.yaml", + "undercloud_enable_selinux false" ] config['undercloud_network_config'] = [ diff --git a/build/network-environment.yaml b/build/network-environment.yaml index 3fd22e3d..1397a0c8 100644 --- a/build/network-environment.yaml +++ b/build/network-environment.yaml @@ -63,33 +63,53 @@ parameter_defaults: NeutronExternalNetworkBridge: 'br-ex' ServiceNetMap: + ApacheNetwork: internal_api NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api AodhApiNetwork: internal_api + PankoApiNetwork: internal_api + BarbicanApiNetwork: internal_api + GnocchiApiNetwork: internal_api OpendaylightApiNetwork: internal_api MongoDbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage GlanceApiNetwork: internal_api GlanceRegistryNetwork: internal_api + IronicApiNetwork: ctlplane + IronicNetwork: ctlplane + IronicInspectorNetwork: ctlplane KeystoneAdminApiNetwork: ctlplane KeystonePublicApiNetwork: internal_api NeutronApiNetwork: internal_api HeatApiNetwork: internal_api + HeatApiCfnNetwork: internal_api + HeatApiCloudwatchNetwork: internal_api + ManilaApiNetwork: internal_api + MetricsQdrNetwork: internal_api NovaApiNetwork: internal_api NovaMetadataNetwork: internal_api + NovaPlacementNetwork: internal_api NovaVncProxyNetwork: internal_api + NovaLibvirtNetwork: internal_api + NovajoinNetwork: internal_api + OctaviaApiNetwork: internal_api SwiftMgmtNetwork: storage SwiftProxyNetwork: storage TackerApiNetwork: internal_api CongressApiNetwork: internal_api HorizonNetwork: internal_api + OsloMessagingRpcNetwork: internal_api + OsloMessagingNotifyNetwork: internal_api MemcachedNetwork: internal_api RabbitMqNetwork: internal_api RedisNetwork: internal_api MysqlNetwork: internal_api CephClusterNetwork: storage - CephPublicNetwork: storage + CephMonNetwork: storage + PublicNetwork: external + OvnDbsNetwork: internal_api + DockerRegistryNetwork: ctlplane # Define which network will be used for hostname resolution ControllerHostnameResolveNetwork: internal_api ComputeHostnameResolveNetwork: internal_api diff --git a/build/patches/neutron-patch-NSDriver.patch b/build/patches/neutron-patch-NSDriver.patch index 84b4fb02..95ad58f9 100644 --- a/build/patches/neutron-patch-NSDriver.patch +++ b/build/patches/neutron-patch-NSDriver.patch @@ -139,7 +139,7 @@ index 88d6e67f31..c0fab604d1 100644 + + def _configure_mtu(self, ns_dev, mtu=None): + # Need to set MTU, after added to namespace. See review -+ # https://review.openstack.org/327651 ++ # https://review.opendev.org/327651 + try: + # Note: network_device_mtu will be deprecated in future + mtu_override = self.conf.network_device_mtu diff --git a/config/deploy/common-patches.yaml b/config/deploy/common-patches.yaml index 7eb3f975..bac6812c 100644 --- a/config/deploy/common-patches.yaml +++ b/config/deploy/common-patches.yaml @@ -15,8 +15,6 @@ patches: project: openstack/puppet-tripleo - change-id: I93e3d355625508fdc42f44bdd358f3ba86fbd8d7 project: openstack/puppet-tripleo - - change-id: Id68aa27a8ab08d9c00655e5ed6b48d194aa8e6f6 - project: openstack/nova rocky: undercloud: - change-id: I2e0a40d7902f592e4b7bd727f57048111e0bea36 @@ -36,9 +34,6 @@ patches: - change-id: I93e3d355625508fdc42f44bdd358f3ba86fbd8d7 project: openstack/puppet-tripleo branch: master - - change-id: Id68aa27a8ab08d9c00655e5ed6b48d194aa8e6f6 - project: openstack/nova - branch: master queens: undercloud: - change-id: I966bf7f6f8d1cbc656abfad59e8bb927e1aa53c2 @@ -48,6 +43,3 @@ patches: project: openstack/puppet-tripleo - change-id: I93e3d355625508fdc42f44bdd358f3ba86fbd8d7 project: openstack/puppet-tripleo - - change-id: Id68aa27a8ab08d9c00655e5ed6b48d194aa8e6f6 - project: openstack/nova - branch: master diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml index 80f3e67e..07b82c8e 100644 --- a/lib/ansible/playbooks/configure_undercloud.yml +++ b/lib/ansible/playbooks/configure_undercloud.yml @@ -73,12 +73,16 @@ src: /home/stack/apex-undercloud-install.log dest: "{{ apex_temp_dir }}/" flat: yes + - name: Install ceph-ansible + yum: + name: ceph-ansible + become: yes - name: openstack-configs nova shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }} become: yes with_items: "{{ nova_config }}" - name: restart nova services - shell: "docker restart {{ item }}" + shell: "{{ container_client }} restart {{ item }}" with_items: - nova_conductor - nova_compute @@ -90,7 +94,7 @@ become: yes with_items: "{{ neutron_config }}" - name: restart neutron services - shell: "docker restart {{ item }}" + shell: "{{ container_client }} restart {{ item }}" with_items: - neutron_api - neutron_dhcp @@ -100,7 +104,7 @@ become: yes with_items: "{{ ironic_config }}" - name: restart ironic services - shell: "docker restart {{ item }}" + shell: "{{ container_client }} restart {{ item }}" with_items: - ironic_api - ironic_conductor @@ -168,12 +172,22 @@ jump: ACCEPT source: "{{ nat_cidr }}" ctstate: ESTABLISHED,RELATED - - name: Undercloud NAT - Save iptables - shell: service iptables save become: yes when: - not nat_network_ipv6 - nat + - name: Allow SSH in iptables + iptables: + action: insert + chain: INPUT + rule_num: 1 + protocol: tcp + destination_port: 22 + jump: ACCEPT + become: yes + - name: Undercloud NAT - Save iptables + shell: service iptables save + become: yes - name: fetch storage environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml diff --git a/lib/ansible/playbooks/deploy_overcloud.yml b/lib/ansible/playbooks/deploy_overcloud.yml index e2e84d18..9a405814 100644 --- a/lib/ansible/playbooks/deploy_overcloud.yml +++ b/lib/ansible/playbooks/deploy_overcloud.yml @@ -73,6 +73,22 @@ owner: root group: root become: yes + - name: Insert External network into Compute role + shell: | + ruby -e ' + require "yaml" + data = YAML.load(File.read("/usr/share/openstack-tripleo-heat-templates/roles_data.yaml")) + if data[1]["networks"].is_a?(Array) + data[1]["networks"].push("External") + elsif data[1]["networks"].is_a?(Hash) + data[1]["networks"].merge!("External"=> { "subnet" => "external_subnet" }) + else + raise "Unable to determine data to modify in roles_data.yaml" + end + data[1]["default_route_networks"] = Array.new(["External"]) + File.open("/usr/share/openstack-tripleo-heat-templates/roles_data.yaml", "w") { |f| f.write(data.to_yaml) } + ' + become: yes - name: Upload glance images shell: "{{ stackrc }} && openstack overcloud image upload" become: yes @@ -92,11 +108,6 @@ - baremetal - control - compute - - name: Downgrade ceph - yum: - allow_downgrade: yes - name: ceph-ansible-3.1.6 - become: yes - name: Re-enable ceph config for aarch64 replace: path: "/usr/share/ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml" @@ -106,6 +117,16 @@ when: aarch64 - name: Configure DNS server for ctlplane network shell: "{{ stackrc }} && openstack subnet set ctlplane-subnet {{ dns_server_args }}" + - name: Update NIC templates before deployment + shell: > + /usr/share/openstack-tripleo-heat-templates/tools/merge-new-params-nic-config-script.py + -n /home/stack/network_data.yaml -t /home/stack/nics/{{ item }}.yaml --discard-comments True + --role-name Controller + become: yes + become_user: stack + with_items: + - controller + - compute - block: - name: Execute Overcloud Deployment shell: "{{ stackrc }} && bash deploy_command" diff --git a/lib/ansible/playbooks/patch_containers.yml b/lib/ansible/playbooks/patch_containers.yml index bc4899ba..1ef05810 100644 --- a/lib/ansible/playbooks/patch_containers.yml +++ b/lib/ansible/playbooks/patch_containers.yml @@ -1,13 +1,13 @@ --- - name: "Pull docker image to ensure it exists locally: {{ item }}" - shell: docker pull {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo + shell: "{{ container_client }} pull {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo" - name: "Find docker image user {{ item }}" shell: > - docker inspect --format='{{ '{{' }}.ContainerConfig.User{{ '}}' }}' + {{ container_client }} inspect --format='{{ '{{' }}.ContainerConfig.User{{ '}}' }}' {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo register: user_result - name: "Patch docker image {{ item }}" shell: > - cd /home/stack/containers/{{ item }} && docker build + cd /home/stack/containers/{{ item }} && {{ container_client }} build --build-arg REAL_USER={{ user_result.stdout }} -t {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex . diff --git a/lib/ansible/playbooks/post_deploy_overcloud.yml b/lib/ansible/playbooks/post_deploy_overcloud.yml index f3dbfbd2..2b90ab1f 100644 --- a/lib/ansible/playbooks/post_deploy_overcloud.yml +++ b/lib/ansible/playbooks/post_deploy_overcloud.yml @@ -55,11 +55,11 @@ - openstack-nova-scheduler - openstack-nova-conductor - name: Restart Compute Nova Compute (workaround for NFS) - shell: "docker restart nova_compute" + shell: "{{ container_client }} restart nova_compute" become: yes when: "'compute' in ansible_hostname or all_in_one" - name: Update ODL container restart policy to always - shell: "docker update --restart=always opendaylight_api" + shell: "{{ container_client }} update --restart=always opendaylight_api" become: yes when: - sdn == 'opendaylight' @@ -88,7 +88,7 @@ - "'controller' in ansible_hostname" - sdn != 'ovn' - name: Restart metadata service - shell: "docker restart neutron_metadata_agent" + shell: "{{ container_client }} restart neutron_metadata_agent" become: yes when: - "'controller' in ansible_hostname" diff --git a/lib/ansible/playbooks/prepare_overcloud_containers.yml b/lib/ansible/playbooks/prepare_overcloud_containers.yml index db1bff89..ebf081dc 100644 --- a/lib/ansible/playbooks/prepare_overcloud_containers.yml +++ b/lib/ansible/playbooks/prepare_overcloud_containers.yml @@ -36,7 +36,7 @@ - patched_docker_services|length > 0 - item in (response.json)['repositories']|join(" ") - name: Push patched docker images to local registry - shell: docker push {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex + shell: "{{ container_client }} push {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex" when: - patched_docker_services|length > 0 - item in (response.json)['repositories']|join(" ") |