The ceph external deploy tasks is using validation modules via
mistral.
We need to setup the correct new path for mistral in order to
get the module. (warn.py)
Change-Id: Ide21daaac9a558561d0943cc0a380952cf7e29b3
Resolves: rhbz#1885828
Currently we set poll interval in ansible to 0.05 which means it'll wait
50ms. The default is 0.001 which at scale is too cpu intensive. That
being said, waiting 50ms for each task across all hosts increases
overall execution time. Let's lower it to 0.01 as a middle ground
between the current 0.05 and the 0.001 default.
Change-Id: Ie4268fcc8c1a8031eaf7c33e9c137c198017ee18
Similar to aef369e7b4d38e4ca7eb158d2878e84a4b93e603 however this only
affects the ansible-playbook execution. By default openstack cli sets
verbosity to 1 so we are always running ansible-playbook with a -v. This
can a consequence on the information returned during execution as we may
get extra result data in the output.
Change-Id: I4e1cb6658172a7da5ae5198ba55d47de33282975
Using a multiple of 10 can be excessive on resource usage. It has now
been lowered to 4. The default maximum will also no longer exceed 100.
Change-Id: I57345d5b100efce143fa940b56c81f5e6bc6c390
Signed-off-by: Luke Short <ekultails@gmail.com>
/usr/lib/python3.6/site-packages/tripleo_common/actions/ansible.py:154:
DeprecationWarning: This method will be removed in future versions. Use
'parser.read_file()' instead.
config.readfp(sio_cfg)
Change-Id: Ibd33a26feae03e4f0d46370346b7a950d1f6b02c
From now, limit_hosts will take precedence over the blacklisted_hostnames.
And therefore Ansible won't be run with two --limit if both limit hosts
and blacklisted hostnames are in use. When we want to run Ansible on
specific hosts, we will ignore the blacklisted nodes and assume we know
what we do. In the case of the scale-down scenario, the unreachable nodes
are ignored.
Note: adding unit tests coverage for both parameters.
Change-Id: I2e9fc7b9e9005fce7d956f1b936054e540b39849
Closes-Bug: #1857298
tripleo_states will be a useful callback to print out informations about
a deployment state (e.g. if a node failed but was ignored because of
max_failed_percentage).
Depends-On: https://review.opendev.org/735962
Change-Id: I82f4945bf1178fad1ff511c994518008f308d12e
Mistral context.security auth attributes are not same as the
keystone auth plugins. Use the attributes directly in
generate_ansible_inventory() function.
This will help us to move to using ansible module.
Change-Id: I83856119ea53e39d1891c3f7d94a4d5645da0046
For the jsonfile plugin, the path should be a local directory. This
directory needs to be readable by any user that would execute the
playbook. Since /var/lib/mistral may not be world readable, we should
use something in the user's home dir instead. This changes it to
~/.ansible/fact_cache
Change-Id: I8fa7127cf9ebb51ce4f090670ec2a45bcfcf77e8
Closes-Bug: #1873480
- Removes the incorrect swift_url lookup
- Removes the usage of session object
- Removes os_auth_token for undercloud
- Moves the code to inventory module for it to be used in ansible
module
Change-Id: I3cdce51764a27a389e008832ed366b6346c4f0e0
This addresses an issue in CI where 'Controller!' is being passed as
the --limit host in the job:
tripleo-ci-centos-8-scenario000-multinode-oooq-container-updates
Change-Id: I0056fdbe3d9807e6baf4a1645a632ab9eb1b2668
To avoid the warning "sftp transfer mechanism failed" during Ansible
run (also reported here:
https://github.com/ansible/ansible/issues/22127); let's set scp_if_ssh
to True.
The default is False; which means it'll first try sftp (which fails
since we use pipeline) and fallback on scp. To avoid the warning, let's
set it to True directly, so we use scp.
Change-Id: I637d850d0de75e60835d229b36b85e699b037543
Closes-Bug: #1869735
This change extends the module path found within the the `package_update`
workflow so that we can ensure proper access to modules when ansible commands
are run from within the mistral container.
Change-Id: Id912a0786451825f48822b209400f0f72758dfc8
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The timeout command defaults to using TERM which does
not always ensure that it will end soon enough. The
ansible-playbook command should end as soon as possible.
Change-Id: I0f97772434040f04f9495239b9a432c1ac062555
Closes-Bug: #1867968
Signed-off-by: Luke Short <ekultails@gmail.com>
Currently it is set to 0 by default which results in a summary not
being printed at the end of the ansible playbook run. It would
greatly benefit operators if we printed out the top 50 time consuming
tasks at the end of the playbook run.
Change-Id: I140fe66091d4e7a710f04da15cc93b7e6bf5742c
Signed-off-by: Sai Sindhur Malleni <smalleni@redhat.com>
This change will update our ansible configuration to ensure we're getting the best
possible performance when running ansible playbooks via mistral.
- sets the ansible option internal_poll_interval so that we lower overall cpu
consumption.
- sets the ssh option PreferredAuthentications so that we're only offering
pubkeys when connecting to remote hosts which, in most cases, will save us
from attempting a PTR lookup.
Change-Id: I421183abd0982f9f57f8719d72fd2cbf2e3d4d04
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This will allow additional arguments to be passed directly
to the ansible-playbook command.
Change-Id: I0637f5c2b149017ae5630c3a93e46c45d7662786
Signed-off-by: Luke Short <ekultails@gmail.com>
Because our usage of Ansible is CPU-bound, the recommended
value is 10 x CPU_CORES.
Change-Id: If6d2b22e20c66e5ebdef952746c8aba7c2d54537
Signed-off-by: Luke Short <ekultails@gmail.com>
This action has never been used in TripleO and was only included for
historical reasons. Originally the Ansible actions were intended to be
moved to the Mistral project and were generic. However, that work has
stalled and over time the Ansible actions in TripleO have become more
TripleO specific. We have been diligently updating both actions, while
only using one. Removing the one we don't use will make things a little
simpler for everyone.
Change-Id: I1a008aa88cea4366203c102443552bc07644d54d
Current default mode for the python interpreter discover inansible 2.8 is
auto_legacy. This patch changes the mode to auto, the biggest difference
respecting auto_legacy is 'If no entry is found, or the listed Python is
not present on the target host, searches a list of common Python interpreter
paths and uses the first one found' [0].
Currently, it has been observed some issues with the
discovered_python_interpreter fact not getting updated on specific scenarios
(for example, when upgrading the node from RHEL7 to RHEL8). This change is
expected to improve this situation.
[0] - https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html#
Related-Bug: #1856313
Change-Id: Iaef4839bb15ec398537b5c57a441c8e28a552bc0
If an error happens during the cleaning of the work directory, we now
catch the error and return the error to Mistral.
Change-Id: Id037525650c9976cd88a8ba2a02b206ec03855aa
During the initial Overcloud deployment, tasks will be ran on 50
hosts at a time now instead of 25. This allows for a faster
deployment of a large number of Overcloud nodes.
Change-Id: Idf0351dbc05bb63ae180e61beb9e7f933dc6fa31
Signed-off-by: Luke Short <ekultails@gmail.com>
Up to now, in some cases, you might see the "persistent" workdir being
removed, for instance after a scale-down run.
This patch intends to drop only temporary workdirs, so that we shouldn't
see the /var/lib/mistral/<stackname> disapearing.
Change-Id: I4516648c9281becffe8f31b76db22da84caf3ca8
Co-Authored-By: "Dougal Matthews <dougal@redhat.com>"
Closes-Bug: #1856061
This aligns with how TripleO currently stores all Ansible data
in /var/lib/mistral/. Our documentation already recommends
running setfacl on that directory if an end-user wants to
access the files there.
Change-Id: I29d0a353cd0a0d28f36460a8e81003378884a5bd
Closes-Bug: #1850916
Signed-off-by: Luke Short <ekultails@gmail.com>
display_skipped_hosts=no has the unfortunate side effect of not showing
the running task name until the task has returned. The reason is b/c the
task name won't be shown at all if all hosts are skipped, but that won't
be known until the task returns.
For long running tasks, this can be quite misleading as the running task
name is not seen until it returns. This makes debugging difficult, and users
don't know what task is actually running until it's completed.
There is an option to show the task name as soon as it starts executing,
but it was not added until ansible-2.9:
https://github.com/ansible/ansible/pull/53819
See also https://github.com/ansible/ansible/issues/51042
This reverts commit 403535c572.
Change-Id: Ia9e291d476d3143b194ce06002a0c1745cf3ef94
Most of the playbooks executed by Mistral gather facts which, by default,
are stored in memory until the conclusion of the playbook execution. This
means that for every new playbook run the facts for each host are gathered
again. Fact gathering can take a long time, especially when the target host
has a lot of devices, which is often the case for compute hosts (many
network devices and many storage devices) and for controller hosts (many
network devices).
To optimise fact gathering, we set the default behaviour for Mistral's
Ansible execution to store gathered facts using the jsonfile format in a
temporary location, and we tell it to use smart gathering so that it will
only gather new facts when a new playbook executes.
The validations are run using the 'validations' user, it cannot share the
same fact cache because the /var/tmp/ansible_fact_cache folder will be owned
by the 'mistral' user, and is therefore not writable by the 'validations'
user. We therefore set the validations to use a different path.
This should cut down the deployment time a bit, which saves a little time in
CI and saves a lot of time in production environments.
Related: rhbz#1749406
Change-Id: Ie7adf41cef0fafde646f840b2bf3e01ba42a17d5
Previously, trash_output was not honored if a queue was not being used
to post messages.
This patch changes the behavior so that trash_output will be honored
even if a queue is not being used, and all stdout/stderr will be
discarded.
Change-Id: I4fccfa0cb2a5382a52d63598f66dae446ff29c25
Closes-Bug: #1842102
Custom filter plugins are required for certain roles (like
tripleo-ovs-dpdk), adding the path to the generated ansible.cfg
file.
Change-Id: Ic2144aac86df5498062a039562b79f01def7da49
The tripleo-ansible project will now install it's contents into a
namespaced directory. This was done to ensure we can smoothly
transition to using tripleo-ansible without having to worry about
conflicting files. To ensure our services are able to access this
namespace the configuration PATH has been updated to include the
new namespace.
Depends-On: Iedbf9d1034ee3396d6cb064c64169c21ebcf3e18
Change-Id: I128646937b02902f92c22259e97c9e6024769234
Signed-off-by: Kevin Carter <kecarter@redhat.com>