The memcached::listen_ip_uri key in hieradata is used to define value
of the different hieradata key so is not really necessary.
Change-Id: Idddd87459ee8723dd016fc024dad2fcc37337fa3
The parameter is deprecated in favor of the new listen parameter since
puppet-memcached 6.0.0[1].
[1] 0e99f8572d
Change-Id: Id1fb220c7a41eb03c7f0e5fca9eda5d3834d0388
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: If5ac88ffccc1bb800d8af33c8896294a57e9b5fb
When memcached is using IPv6 network, some parameters like
[keystone_authtoke] memcached_servers require each server name has
inet6 prefix, as is described in the following example.
inet6:[<hostname>]:<port>
This change introduces the global parameter so that puppet can detect
whether memcached is using IPv6 network.
Related-Bug: #1964824
Change-Id: I755cc96116a664f01622fcd30cdd0d82d184f0c7
The hiera CLI has been deprecated since hiera version 3 was deprecated.
This change replaces usage of the hiera CLI by native heat templating.
Change-Id: I550e508120fdb160448323e3ecf9fe412014ba4b
We may want to be able to specific different containers at a role level.
This requires switching the container image parameters to be role
specific too allow for role based overrides.
Change-Id: I4090e889a32abd51e7c11139737a7a18e27d18e7
This restores the previous behavior changed by recent refactoring about
the *Debug parameters, and ensures that the global Debug parameter also
affects memcached logging.
Closes-Bug: #1940303
Change-Id: I5b8c71793476dd7673015928254d8fa8b499351d
This simplifies the ServiceNetMap/VipSubnetMap interfaces
to use parameter merge strategy and removes the *Defaults
interfaces.
Change-Id: Ic73628a596e9051b5c02435b712643f9ef7425e3
The memcached_port parameter and the memcached_authtoken_port parameter
are used in each api service. Because memcached and each api services
are not always collocated, we should use global hieradata to ensure
the parameters defined in memcached service resource are propagated to
all nodes in the deployment.
Change-Id: I54d45bbb26a4a04cb3cf87b9bd8a2290998279fc
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
This changes all these parameters as heat would correctly
parse all values. Also, drops all yaql shenanigans
used for their handling and heat conditions.
Also fixes wrong usage of non-existent NeutronWrapperDebug
parameter in ovn-metadata-container-puppet.yaml.
We had converted all ``Debug`` parameters to boolean with
Ib6c3969d4dd75d5fb2cc274266c060acff8d5571.
Change-Id: Ia2bffffde34aa248a4cc60c3895464f1f9d1ded2
In 1ceb521805 we added these and
can be simplified as they are are boolean parameters to get
rid of the redundant heat intrinsic functions.
Change-Id: I3851187c83965db5ecafcc945bff1fe3a5aa9ff4
The conditions should have used map_merge, this simplifies
them a lot, by passing a list to dport key.
Change-Id: I15cb1f3bbc9e1be90265feab5bfed7f28c1cb1f3
Closes-Bug: #1918891
Co-authored-By: yatinkarel <ykarel@redhat.com>
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
Rename listen_addr to listen; drop notls_listen_addr and
notls_listen_port from version 5.0.0, as they never made it
in into puppet-memcached-6.0.0.
Change-Id: I18bda6b9219ab42543f83c46be7763f98e4dfd0e
Signed-off-by: Moiss Guimares de Medeiros <moguimar@redhat.com>
Co-authored-By: Moiss Guimares de Medeiros <moguimar@redhat.com>
This step is required in order to migrate services to use TLS one by
one. This config should go away once all services support TLS.
Change-Id: I7a38a01f498d350d065a7c312a6654832fe24e6a
Co-authored-By: Grzegorz Grasza <xek@redhat.com>
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
Adding the ability to specifies the private key size
used when creating the certificate. We have defined the
default value the same as we have before 2048 bits.
Also, it'll be able to override the key_size value
per service.
Depends-on: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
Change-Id: Ic2edabb7f1bd0caf4a5550d03f60fab7c8354d65
Added MemcachedMaxConnections to allow max connection override as
actually the limit is 8192 connections but in some cases the environment
will create more than 8192 connections to each memcached server.
Change-Id: Iaef7c01127327f709577bef3d2e96db840ba2b80
Even though we're setting memcached::logfile:
'/var/log/memcached/memcached.log' there are no logs created in
/var/log/containers/memcached.
The reason for this is that memcached::logfile in puppet-memcached
simply adds a shell redirect to a file. These redirecs are
passed by tht and kolla to the memcached process invocation as parameters
of memcached and so are not read being read by the shell process
and nothing gets redirected. That is why we observe that on a broken
container the redirections are arguments to memcached:
[root@controller-0 ~]# ps aux | grep memcache | grep -v containers
42457 358189 0.0 0.0 744088 10960 ? Sl 15:21 0:00 /usr/bin/memcached -p 11211 -u memcached -m 16000 -c 8192 -vv -l 172.17.1.138 -U 0 -X -t 8 >> /var/log/memcached/memcached.log 2>&1
Fix this by forcing memcached to log on stdout and at the same
time creating the redirect on the shell parameters that invoke
memcached.
Tested on a Train environment and I correctly get:
1) Proper logging
[root@controller-0 ~]# ls -l /var/log/containers/memcached/memcached.log
-rw-r--r--. 1 42457 42457 29086 Nov 4 18:00 /var/log/containers/memcached/memcached.log
2) No unused redirections inside the memcached process:
[root@controller-0 ~]# podman exec -it -uroot memcached ps -ef
UID PID PPID C STIME TTY TIME CMD
memcach+ 1 0 0 18:47 ? 00:00:00 dumb-init --single-child -- kolla_start
memcach+ 6 1 0 18:47 ? 00:00:00 /usr/bin/memcached -p 11211 -u memcached -m 9953 -c 8192 -vv -l 172.17.1.50 -U 0 -X -t 4
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Resolves: #1902922
Change-Id: If5487c9be745ebd6bc3ebe172e28dc59e6855188
Currently memcache only listens to the internal_api IP. We want to
make it listen to both localhost and internal_api IP because in the
future some services on some roles may want to just use the localhost
memcached instance instead of the using multiple memcached servers
over the network as it is the case currently.
As suggested by Takashi we check the ip version in MemcachedNetwork
in order to decide if we should listen to ::1 or 127.0.0.1
Change-Id: I6ea989ae546ef344a9b3d2dd6c86a49822efc6e2
Now that the FFU process relies on the upgrade_tasks and deployment
tasts there is no need to keep the old fast_forward_upgrade_tasks.
This patch removes all the fast_forward_upgrade_tasks section from
the services, as well as from the common structures.
Change-Id: I39b8a846145fdc2fb3d0f6853df541c773ee455e
This fixes a bug in the Service Telemetry Framework where all collectd
plugins report the host by URI except for the memcached plugin, causing
the appearance of more nodes than exist in the dashboards.
Change-Id: Ie653deb69d9d72f811c3238d64437f6542cd2a4d
Current puppet modules uses only absolute name to include classes,
so replace relative name by absolute name in template files so that
template description can be consistent with puppet implementation.
Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a
This change updates the memcached service to leverage the kolla
configuration to configure and launch the memcached service. This is the
same pattern we use for the other services.
Related-Bug: #1871734
Change-Id: Ib0bfc3e9009357f0aed28c0a10b927c5ca2e53a7
- deploy-steps-tasks-step-1.yaml: Do not ignore errors when dealing
with check-mode directories. The file module is resilient enough to
not fail if the path is already absent.
- deploy-steps-tasks.yaml: Replace ignore_errors by another condition,
"not ansible_check_mode"; this task is not needed in check mode.
- generate-config-tasks.yaml: Replace ignore_errors by another
condition, "not ansible_check_mode"; this task is not needed in check mode.
- Neutron wrappers: use fail_key: False instead of ignore_errors: True
if a key can't be found in /etc/passwd.
- All services with service checks: Replace "ignore_errors: true" by
"failed_when: false". Since we don't care about whether or not the
task returns 0, let's just make the task never fail. It will only
improve UX when scrawling logs; no more failure will be shown for
these tasks.
- Same as above for cibadmin commands, cluster resources show
commands and keepalived container restart command; and all other shell
or command or yum modules uses where we just don't care about their potential
failures.
- Aodh/Gnocchi: Add pipefail so the task isn't support to fail
- tripleo-packages-baremetal-puppet and undercloud-upgrade: check shell
rc instead of "succeeded", since the task will always succeed.
Change-Id: I0c44db40e1b9a935e7dde115bb0c9affa15c42bf
The next iteration of fast-forward-upgrade will be
from queens through to train, so we update the names
accordingly.
Change-Id: Ia6d73c33774218b70c1ed7fa9eaad882fde2eefe
Ansible has decided that roles with hypens in them are no longer supported
by not including support for them in collections. This change renames all
the roles we use to the new role name.
Depends-On: Ie899714aca49781ccd240bb259901d76f177d2ae
Change-Id: I4d41b2678a0f340792dd5c601342541ade771c26
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This change converts our filewall deployment practice to use
the tripleo-ansible firewall role. This change creates a new
"firewall_rules" object which is queried using YAQL from the
"FirewallRules" resource.
A new parameter has been added allowing users to input
additional firewall rules as needed. The new parameter is
`ExtraFirewallRules` and will be merged on top of the YAQL
interface.
Depends-On: Ie5d0f51d7efccd112847d3f1edf5fd9cdb1edeed
Change-Id: I1be209a04f599d1d018e730c92f1fc8dd9bf884b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.
This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.
Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
We switched to containers a long time ago. This patch drops the
management of a /var/log/<service> directory and the creation of a
readme indicating that we've moved to containers which makes the logging
available under /var/log/containers/<service>
Change-Id: Ia4e991d5d937031ac3312f639b726a944743dd1e
memcached is run from a bash script that sources various
environment variables from config file. If the container
doesn't use dumb-init, bash is run as pid 1, but in
such case it is unable to catch SIGTERM.
Make the bash script exec into memcached rather than just
spawning memcached as a child. This way, memcached becomes
the pid 1 when dumb-init is not in used. This ensures
that a SIGTERM can be caught when issuing docker/podman
stop.
Change-Id: I15677fcf5ffc3913c1818bae691cc7548be0af0e
Closes-Bug: #1848710
Before we start services on upgraded bootstrap
controller (usually controller-0), we need to
stop services on unupgraded controllers
(usually controller-1 and controller-2).
Also we need to move the mysql data transfer
to the step 2 as we need to first stop the
services.
Depends-On: I4fcc0858cac8f59d797d62f6de18c02e4b1819dc
Change-Id: Ib4af5b4a92b3b516b8e2fc1ae12c8d5abe40327f
The tripleo-docker-rm role has been replaced by tripleo-container-rm [0].
This role will identify the docker engine via the container_cli variable
and perform a deletion of that container. However, these tasks inside the
post_upgrade_tasks section were thought to remove the old docker containers
after upgrading from rocky to stein, in which podman starts to be the
container engine by default.
For that reason, we need to ensure that the container engine in which the
containers are removed is docker, as otherwise we will be removing the
podman container and the deployment steps will fail.
Closes-Bug: #1836531
[0] - 2135446a35
Depends-On: https://review.opendev.org/#/c/671698/
Change-Id: Ib139a1d77f71fc32a49c9878d1b4a6d07564e9dc
This converts all Docker*Image parameter varients into
Container*Image varients.
The commit was autogenerated with the following shell commands:
for file in $(grep -lr Docker.*Image --include \*.yaml --exclude-dir releasenotes); do
sed -e "s|Docker\([^ ]*Image\)|Container\1|g" -i $file
done
Change-Id: Iab06efa5616975b99aa5772a65b415629f8d7882
Depends-On: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
Depends-On: Ib1dc0c08ce7971a03639acc42b1e738d93a52f98