- Removes unused mistral actions
- All mistral workbooks
- Custom filter for undercloud nova
- mistral entry points as we don't have mistral
Depends-On: https://review.opendev.org/c/openstack/python-tripleoclient/+/775749
Change-Id: I7f826da829bbc7d7a4fcde8afcea3f61742a316a
This changes to move get network configs action to utils.
Need this changes for derive parameters ansible changes.
Change-Id: Ia18eab278b4d6c66b97eb6722ac196b2002e008c
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ia552f03378bfa2d6612718eeec02da0448d322bc
This was possibly written for tripleo-ui. Users can easily get the
current passwords from plan-environment.yaml
Change-Id: Ia584ff06e8fb22ee0372851af5ff731490f4babc
This moves functionality for some parameter related actions to
utils. So, we can use thise with mistral from ansible modules
and tripeloclient.
Change-Id: Ie1baf7454445ee95081c9bcdf06ae3c01f1a8a66
Moves the code for updating plan environment and parameter
caching related functionality to utils/plan.py.
Story: 2007212
Task: 38577
Task: 38578
Change-Id: I73407fdd6a1990e91ca2a8d8843901948ec256e3
The neutron-server-ovn image has been dropped by our upstream, kolla.
This change reacts to that development and pivots our ovn deployments
to use the "neutron-server" container image, where the OVN code base
has been relocated.
> Tests have been removed and updated to reflect the new image layout.
Depends-On: Ib2dbdd7e7d34f56985b7a5b2494c3b89034688cb
Change-Id: Ie48143ea33b21a8c9154d1c0552e8fc1272edfc4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Derive network config fails for a role when using
any interface routes with list_concat_unique in network
configuration and no user inputs provided.
Change-Id: I26bb26411f22c34ead1b2bfb2a616ddf65f69489
Closes-Bug: #1856124
We commented this out back in late 2017 since they reogranized the
containers. Since no one has picked up this effort, let's drop this dead
code.
Change-Id: I45f0787e92eca59ab7eec09b2b199c5b1dbc4855
Network config of stack preview result is parsed based on
single quote at the end. With the conversion of network
config to ansible, there are many single quotes on the
network config preview. It results in partial network
config, resulting in yaml load failure. Fix the end of
network config parsing with more relevant code in
run_os_net_config.sh
Change-Id: Ib9ace4eca95c68c9641f3cbbe9b5f868ea49d211
This review adds the grafana, prometheus, alertmanager
and node-exporter images to make them available as
parameters in the tht template. This also covers the
password generation for tht templates.
Depends-on: https://review.opendev.org/#/c/667837
Change-Id: I2927240638ad1a1d43450e2d94771436e2775637
This commit extends actions/parameters to generate
fencing parameters for nodes using staging-ovirt (fence_rhevm).
Given instackenv.json content like:
{
"nodes":[
{
"name":"ctrl01",
"pm_type":"staging-ovirt",
"mac": [
"56:6f:71:33:00:0d"
],
"arch": "x86_64",
"pm_user":"admin@internal",
"pm_password":"redhat",
"pm_addr":"10.0.0.141",
"pm_vm_name":"ctrl01"
}
...
Here the generated fence.yaml:
parameter_defaults:
EnableFencing: true
FencingConfig:
devices:
- agent: fence_rhevm
host_mac: 56:6f:71:33:00:0d
params:
ipaddr: 10.0.0.141
login: admin@internal
passwd: redhat
port: ctrl01
ssl: 1
ssl_insecure: 1
And the resulting pacemaker stonith resource:
stonith-fence_rhevm-566f7133000d (stonith:fence_rhevm:( Started overcloud-controller-1
To have this working 'out of the box' we assume the worst case
scenario of ovirt-engine using a self-signed certificate, so
we explicitly ssl_insecure=1.
Users/Operators should be aware of this and eventually adjust
the value accordingly.
Change-Id: I3b746eff8367133cec2c6ff03aad25993d26e90c
A recent change[1] to Octavia added a parameter named
server_certs_key_passphrase, which means that we should generate a
password for it to avoid using the default value.
This patch adds OctaviaServerCertsKeyPassphrase to the list of
generated password/secrets, similarly to this past change[2].
Closes-Bug: #1821756
Related-Bug: #1821751
[1] I06d329ca53bc36bd27f7870ae7c7ca0cf18575b2
[2] I1dd1873b646e8569ed0a85c5ee7eb3bec3a8b1fa
Change-Id: I9699961faf8b3430e4372e4ff3ae2bf7e7ceea18
We need this to be the same across all nodes in an ha environment,
so it has to be generated on the undercloud and passed in to the
deployment.
Change-Id: I469722466b93dfb97262211bb6f039cd78caa311
This commit adds worflows to allow deployers to change
passwords post-install. There are several options:
rotate_passwords: generates new passwords for all passwords
except those which need to be handled specially
rotate_passwords + password_list: generates only the
specified passwords
All data is stored in the plan. To be propagated, the
overcloud must then be re-deployed.
Change-Id: I0ef8be542c3e4969e1bd3193e2e4bf7d4be73f55
First, it still supports the pxe_ssh driver which was removed long ago.
Second, it expects driver names to contain _, which is not true even
for some classic drivers, and is never true for hardware types.
Finally, it supports the deprecated pxe_ilo and pxe_drac, but not
the newer ilo and idrac.
Also removes the leftover code handling pxe_ssh from nodes.py.
Closes-Bug: #1770700
Change-Id: Iecb9ed779f311a9cf17006902732fe63bfb0713a
Introduce separate RPC and Notify user/passwords for distinct
messaging transports. Also make both the following services
point to the same DockerRabbitmq* imagename by default:
OS::TripleO::Services::OsloMessagingRpc
OS::TripleO::Services::OsloMessagingNotify
Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I03e99d35ed043cf11bea9b7462058bd80f4d99da
We no longer accept a fence_action parameter - it was a mistake to add
it in the first place (it overrides all actions used with Pacemaker, so
even simple status requests can reboot/poweroff a node) and has now been
officially deprecated by Pacemaker, which causes deployments to fail.
Change-Id: I45e08964b69552eb5b7954278cfe72a5a59e2f8d
Closes-Bug: #1753728
This mistral workflow is written in order to run octavia post
deployment (ansible based playbook) from the undercloud machine
while deploying overcloud by heat.
The workflow should be triggered by heat engine in a step
which is after completing octavia deployment (currently step 5).
Change-Id: If07ded033be9f44b7c7a7e09214032fa89a02e77
Instead of generated OS::TripleO::RandomString from the Heat Template,
make the password generated among other passwords so we can re-use the
data across undercloud-container re-install or updates, when Heat and
environments are re-generated.
Note: it keeps the same password constraints as it was in THT.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I9da2220ce5635d06c2ca9a21bd07eb2b6ee50aaa
Related-Bug: #1736779
When updating parameters we save the old env try updating it
and test if that works and validates. If it doesn't the old env is
restored. The update params also now returns the flattened params
saving the ui from having to make another call after the update.
Change-Id: I9aa18c4152ff9bf896729ace0d9481af50fd7802
Closes-Bug: #1638598
This change is to fail the action and provide validation message
when get_network_config action is unable to determine the network
config for any role.
Change-Id: Ieeaf6e74360b782990633385771cd3d3a46152c8
Closes-Bug: #1714474
The KEK is used in a fernet.Fernet encryptor so it needs to be a
32 byte base64 encoded string - just like the keystone Fernet
credentials.
Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
Change-Id: I192e9bc30d808d9d9b664f8d0d33966f98f5768b
This change is to fix stack already exists issue in the
environment where overcloud with same name is already
deployed. get_network_config action is failing and
error message is stack already exists if overcloud is
deployed already.
Change-Id: If917ae93691540b525d9e1eddcf0c0885ccc5f5e
Closes-Bug: #1714471
This change is specific to DPDK and Host derive parameters
to apply the DPDK and Host specific formulas. this change
also updates the derive parameters in the plan
environment once derived.
Implements: blueprint tripleo-derive-parameters
Change-Id: I8c94f6d576ddd1c98729a70107f48871c40aba53
The keystone utils for getting project endpoints is the last reason that
we import directly from Mistral. This change copies over the relevant
code that we need.
Removing the dep also discovered two dependancies that we had but didn't
explicitly state previously.
Change-Id: If4cb4ac4ca75ea0f165196b4a0a08ea3d3a16e25
When fernet key rotations are done via the mistral action, the action
will check the KeystoneFernetMaxActiveKeys and and purge the excess keys
from the mistral environment or swift container. If the parameter is not
present, a default value of 5 is taken. And if for some reason the user
gives a smaller value, a minimum of 3 is taken into account.
bp keystone-fernet-rotation
Depends-On: I9c6b0708c2c03ad9918222599f8b6aad397d8089
Change-Id: I4a28073c93c210703871daa8fe660fc1914464e8
This grabs the fernet keys from the passwords environment variable and
performs a rotation based on those keys. Subsequently, this parameter
will be passed to t-h-t in order for puppet to persist the rotation on a
stack update. Also, further work will be done in order for the deployer
to be able to do this without having to do a full stack update.
bp keystone-fernet-rotation
Change-Id: I18a3669e04021ad499973073a91e6bf78741ed20
This will eventually be used instead of KeystoneFernetKey0 and 1, and
will allow us to do rotations with mistral.
bp keystone-fernet-rotation
Change-Id: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
This initial workflow which starts the derive parameters workflow is
responsible to get the list of role names from the flattened heat
resource tree. Once the role names list is obtained, derive parameters
per role workflow is invoked to get introspection data of first
matching node for all role names.
Implements: blueprint tripleo-derive-parameters
Co-Authored-By: Jaganathan Palanisamy <jpalanis@redhat.com>
Co-Authored-By: Alan Bishop <abishop@redhat.com>
Change-Id: I113f3e6f67c7dbdad74264afb17dfca0612008c4
Start using the plan environment file in Swift for plan environment
storage instead of Mistral.
Add util functions to get/update environment data.
Remove CreatePlanAction and UpdatePlanAction as all they did was
sync between Mistral and Swift environments. Amend the corresponding
workflows to account for removal of these actions.
Implements: blueprint stop-using-mistral-env
Co-Authored-By: Julie Pichon <jpichon@redhat.com>
Depends-On: I3bcef27413e685c498165b43a8b59c8c9cc5cf5e
Change-Id: Ieedecf92113142e43925131dcbccc4c0cd5b1a18
mistral_lib base TripleoAction has a context in the run method
signature. These changes remove the mistral.context and make use
of the one provide by the default executor
Change-Id: Ib1a5aa8d5735b05f5308dc943ac088b5eeeec253
tripleo.parameters.get action provides the heat tree and the
parameters as nested stack. In order to easily consume it, the
nested stack should be flattened. Added a new action which will
flatten it as it is done in tripleo-ui, so that it can be common
between ui and cli.
Implements: blueprint tripleo-derive-parameters
Change-Id: I8931a1c2daef53180bb97a58f4cfb7a257496060
This caching in swift changes the time for the GetParametersAction from
15s to 3s
Added tests for plan.UpdatePlanAction as there were none there.
Change-Id: I0b543e082a3b02a35e3e979339698ae237b32ce4
Closes-Bug: #1647301
ramishra