- Removes unused mistral actions
- All mistral workbooks
- Custom filter for undercloud nova
- mistral entry points as we don't have mistral
Depends-On: https://review.opendev.org/c/openstack/python-tripleoclient/+/775749
Change-Id: I7f826da829bbc7d7a4fcde8afcea3f61742a316a
This changes to move get network configs action to utils.
Need this changes for derive parameters ansible changes.
Change-Id: Ia18eab278b4d6c66b97eb6722ac196b2002e008c
This was possibly written for tripleo-ui. Users can easily get the
current passwords from plan-environment.yaml
Change-Id: Ia584ff06e8fb22ee0372851af5ff731490f4babc
This moves functionality for some parameter related actions to
utils. So, we can use thise with mistral from ansible modules
and tripeloclient.
Change-Id: Ie1baf7454445ee95081c9bcdf06ae3c01f1a8a66
Moves the code for updating plan environment and parameter
caching related functionality to utils/plan.py.
Story: 2007212
Task: 38577
Task: 38578
Change-Id: I73407fdd6a1990e91ca2a8d8843901948ec256e3
Derive network config fails for a role when using
any interface routes with list_concat_unique in network
configuration and no user inputs provided.
Change-Id: I26bb26411f22c34ead1b2bfb2a616ddf65f69489
Closes-Bug: #1856124
Network config of stack preview result is parsed based on
single quote at the end. With the conversion of network
config to ansible, there are many single quotes on the
network config preview. It results in partial network
config, resulting in yaml load failure. Fix the end of
network config parsing with more relevant code in
run_os_net_config.sh
Change-Id: Ib9ace4eca95c68c9641f3cbbe9b5f868ea49d211
This commit extends actions/parameters to generate
fencing parameters for nodes using staging-ovirt (fence_rhevm).
Given instackenv.json content like:
{
"nodes":[
{
"name":"ctrl01",
"pm_type":"staging-ovirt",
"mac": [
"56:6f:71:33:00:0d"
],
"arch": "x86_64",
"pm_user":"admin@internal",
"pm_password":"redhat",
"pm_addr":"10.0.0.141",
"pm_vm_name":"ctrl01"
}
...
Here the generated fence.yaml:
parameter_defaults:
EnableFencing: true
FencingConfig:
devices:
- agent: fence_rhevm
host_mac: 56:6f:71:33:00:0d
params:
ipaddr: 10.0.0.141
login: admin@internal
passwd: redhat
port: ctrl01
ssl: 1
ssl_insecure: 1
And the resulting pacemaker stonith resource:
stonith-fence_rhevm-566f7133000d (stonith:fence_rhevm:( Started overcloud-controller-1
To have this working 'out of the box' we assume the worst case
scenario of ovirt-engine using a self-signed certificate, so
we explicitly ssl_insecure=1.
Users/Operators should be aware of this and eventually adjust
the value accordingly.
Change-Id: I3b746eff8367133cec2c6ff03aad25993d26e90c
A number of actions still use ProcessTemplatesAction as a base class.
This doesn't make sense in most cases. This is an attempt to decouple
these classes.
Change-Id: I93106288c3f085034efb79a89e01b705f70db6ee
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
There are certain cases we add parameters to plan environment
when creating and updating a plan. As part of that action we
aslo try to validate the stack/template. However, validation
would fail, if we've resource mappings in user-environment that
are not merged/added to the plan yet.
This adds new input flag to plan create and update workflows which
can then be changed in python-tripleoclient, so as not to imapct the
UI workflows.
Change-Id: I9c54379925339eaaa9a0ee61cb823bddc95737c7
Partial-Bug: #1817539
When template validation fails, we don't need to call
ProcessTemplatesAction.run all over again, we can just call
_process_custom_roles which will take care of regenerating the env
properly.
Change-Id: Id7e0c7df7b63645058b8ecb1efcae186678fcb7c
Closes-Bug: #1805439
Because the ports are stored in lower case, we need to use lower case
MACs as our search key.
Change-Id: I7e3727987265ef5222c95678c69cc4a50176dd16
Closes-Bug: #1800504
This commit adds worflows to allow deployers to change
passwords post-install. There are several options:
rotate_passwords: generates new passwords for all passwords
except those which need to be handled specially
rotate_passwords + password_list: generates only the
specified passwords
All data is stored in the plan. To be propagated, the
overcloud must then be re-deployed.
Change-Id: I0ef8be542c3e4969e1bd3193e2e4bf7d4be73f55
First, it still supports the pxe_ssh driver which was removed long ago.
Second, it expects driver names to contain _, which is not true even
for some classic drivers, and is never true for hardware types.
Finally, it supports the deprecated pxe_ilo and pxe_drac, but not
the newer ilo and idrac.
Also removes the leftover code handling pxe_ssh from nodes.py.
Closes-Bug: #1770700
Change-Id: Iecb9ed779f311a9cf17006902732fe63bfb0713a
With this commit we are able to generate the fencing configuration for
IPMI hosts before deployment, and thus use it as part of the initial
deployment run.
The reason we can generate it before hand is the following:
puppet::tripleo is capable of matching its own host via
https://github.com/openstack/puppet-tripleo/blob/master/manifests/fencing.pp#L73
and by doing that each node will create its own stonith device.
It does so by looking at the macaddress<->IPMI table and if it detects
it's own macaddress it will create the IPMI stonith device
for its own hostname.
Concurrent stonith resource creation from different nodes is possible
in puppet-pacemaker since change I8be5d5d1a9894b0e2915459b10ea2feed703ba8e
got merged.
Tested as follows on a virtual vbmc environment:
1. Before deployment:
$ openstack overcloud generate fencing instackenv.json --output fence.yaml
2. Deployed overcloud adding "fence.yaml"
3. Verified stonith configuration:
[root@controller-0 ~]# pcs status |grep stonith
stonith-fence_ipmilan-525400c36fc9 (stonith:fence_ipmilan): Started controller-0
stonith-fence_ipmilan-5254005c160d (stonith:fence_ipmilan): Started controller-2
stonith-fence_ipmilan-525400ed3293 (stonith:fence_ipmilan): Started controller-1
[root@controller-0 ~]# pcs property |grep stonith
stonith-enabled: true
4. Verified the fencing of a specific node:
[root@controller-0 ~]# pcs stonith fence controller-1
Node: controller-1 fenced
<indeed controller-1 has been fenced>
Same test run on BM:
1. Before deployment:
$ openstack overcloud generate fencing instackenv.json --output fence.yaml
2. Deployed overcloud adding "fence.yaml"
3. Verified stonith configuration:
[root@controller-0 ~]# pcs status |grep stonith
stonith-fence_ipmilan-1866da6126a0 (stonith:fence_ipmilan): Started overcloud-controller-0
stonith-fence_ipmilan-1866da612109 (stonith:fence_ipmilan): Started overcloud-controller-1
stonith-fence_ipmilan-1866da5faed8 (stonith:fence_ipmilan): Started overcloud-controller-2
stonith-fence_ipmilan-1866da612373 (stonith:fence_ipmilan): Started overcloud-controller-2
stonith-fence_ipmilan-1866da612295 (stonith:fence_ipmilan): Started overcloud-controller-0
[root@overcloud-controller-0 ~]# pcs property |grep stonith
stonith-enabled: true
4. Verified the fencing of a specific node:
[root@overcloud-controller-0 ~]# pcs stonith fence overcloud-controller-1 & ping overcloud-controller-1
[1] 168504
PING overcloud-controller-1.localdomain (172.17.0.14) 56(84) bytes of data.
64 bytes from overcloud-controller-1.localdomain (172.17.0.14): icmp_seq=1 ttl=64 time=0.139 ms
64 bytes from overcloud-controller-1.localdomain (172.17.0.14): icmp_seq=2 ttl=64 time=0.135 ms
64 bytes from overcloud-controller-1.localdomain (172.17.0.14): icmp_seq=3 ttl=64 time=0.132 ms
64 bytes from overcloud-controller-1.localdomain (172.17.0.14): icmp_seq=4 ttl=64 time=0.150 ms
64 bytes from overcloud-controller-1.localdomain (172.17.0.14): icmp_seq=5 ttl=64 time=0.161 ms
<timeout>
Closes-Bug: #1765727
Change-Id: I41f81dc9d68bcf23e6171e35bb053a3943f50c01
Introduce separate RPC and Notify user/passwords for distinct
messaging transports. Also make both the following services
point to the same DockerRabbitmq* imagename by default:
OS::TripleO::Services::OsloMessagingRpc
OS::TripleO::Services::OsloMessagingNotify
Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I03e99d35ed043cf11bea9b7462058bd80f4d99da
The mac key in nodes_json is deprecated, replaced with
"ports" key. New ports key is list of dicts holding a
richer data set matching the properties of ports in the
Bare Metal service api. In addition to mac address the
physical_network and local_link_connection can be
defined for Bare Metal ports when registering nodes.
* address: (mandatory)
The physical address (mac address) of the port.
* physical_network: (otional)
Defaults to: ctlplane
* local_link_connection: (optional)
This data enables the possibility for automatic
configuration of switches via neutron plugins. e.g
ML2 vendor plugins. Defaults to: None
Implements: enrich-ironic-networking-integration
Change-Id: I74d4178dbb0cfe8c934ce15e3e7c9bb1c469de10
We no longer accept a fence_action parameter - it was a mistake to add
it in the first place (it overrides all actions used with Pacemaker, so
even simple status requests can reboot/poweroff a node) and has now been
officially deprecated by Pacemaker, which causes deployments to fail.
Change-Id: I45e08964b69552eb5b7954278cfe72a5a59e2f8d
Closes-Bug: #1753728
This patch adds a workflow to update the parameters in a given
deployment plan so the tripleo.parameters.update action does not
need to be called directly. This patch also makes a small change
to the parameters.py file to mitigate a import overshadowing.
Change-Id: I4be0edabad934db6cc203dd45be98a0a3b5fc6e0
Partial-Bug: 1640436
Instead of generated OS::TripleO::RandomString from the Heat Template,
make the password generated among other passwords so we can re-use the
data across undercloud-container re-install or updates, when Heat and
environments are re-generated.
Note: it keeps the same password constraints as it was in THT.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I9da2220ce5635d06c2ca9a21bd07eb2b6ee50aaa
Related-Bug: #1736779
When updating parameters we save the old env try updating it
and test if that works and validates. If it doesn't the old env is
restored. The update params also now returns the flattened params
saving the ui from having to make another call after the update.
Change-Id: I9aa18c4152ff9bf896729ace0d9481af50fd7802
Closes-Bug: #1638598
This change is to fail the action and provide validation message
when get_network_config action is unable to determine the network
config for any role.
Change-Id: Ieeaf6e74360b782990633385771cd3d3a46152c8
Closes-Bug: #1714474
This change is to fix stack already exists issue in the
environment where overcloud with same name is already
deployed. get_network_config action is failing and
error message is stack already exists if overcloud is
deployed already.
Change-Id: If917ae93691540b525d9e1eddcf0c0885ccc5f5e
Closes-Bug: #1714471
This change is specific to DPDK and Host derive parameters
to apply the DPDK and Host specific formulas. this change
also updates the derive parameters in the plan
environment once derived.
Implements: blueprint tripleo-derive-parameters
Change-Id: I8c94f6d576ddd1c98729a70107f48871c40aba53
This is part of the ongoing change to remove the mistral
dependency from tripleo-common and use mistral_lib instead
In order to do that we are using the Result class from mistral_lib
Change-Id: I59ce8c6d68de9e9719d84cbaa82462fbd8d647e2
Depends-on: Icc0036bae3c969112f2f67c4a8264bae18f3cc73
When fernet key rotations are done via the mistral action, the action
will check the KeystoneFernetMaxActiveKeys and and purge the excess keys
from the mistral environment or swift container. If the parameter is not
present, a default value of 5 is taken. And if for some reason the user
gives a smaller value, a minimum of 3 is taken into account.
bp keystone-fernet-rotation
Depends-On: I9c6b0708c2c03ad9918222599f8b6aad397d8089
Change-Id: I4a28073c93c210703871daa8fe660fc1914464e8
Templates can have parameter_groups with label as deprecated to
specific the list of deprecated parameters. This workflow will
return the list all the deprecated parameters including nested
stacks. The sample output will look like -
[
{
"deprecated": true,
"parameter": "ServiceNetMapDeprecatedMapping",
"user_defined": false
},
{
"deprecated": true,
"parameter": "NeutronL3HA",
"user_defined": true
}
]
Depends-On: I032144733bde916f8de8644121b9fb1ef29baef2
Change-Id: I18430b7d7bca7c58b75569e3d296e315227e6f61
This grabs the fernet keys from the passwords environment variable and
performs a rotation based on those keys. Subsequently, this parameter
will be passed to t-h-t in order for puppet to persist the rotation on a
stack update. Also, further work will be done in order for the deployer
to be able to do this without having to do a full stack update.
bp keystone-fernet-rotation
Change-Id: I18a3669e04021ad499973073a91e6bf78741ed20
This initial workflow which starts the derive parameters workflow is
responsible to get the list of role names from the flattened heat
resource tree. Once the role names list is obtained, derive parameters
per role workflow is invoked to get introspection data of first
matching node for all role names.
Implements: blueprint tripleo-derive-parameters
Co-Authored-By: Jaganathan Palanisamy <jpalanis@redhat.com>
Co-Authored-By: Alan Bishop <abishop@redhat.com>
Change-Id: I113f3e6f67c7dbdad74264afb17dfca0612008c4
Start using the plan environment file in Swift for plan environment
storage instead of Mistral.
Add util functions to get/update environment data.
Remove CreatePlanAction and UpdatePlanAction as all they did was
sync between Mistral and Swift environments. Amend the corresponding
workflows to account for removal of these actions.
Implements: blueprint stop-using-mistral-env
Co-Authored-By: Julie Pichon <jpichon@redhat.com>
Depends-On: I3bcef27413e685c498165b43a8b59c8c9cc5cf5e
Change-Id: Ieedecf92113142e43925131dcbccc4c0cd5b1a18