- Docker isn't supported anymore.
- Clients are now installed by Ansible, not Puppet
- Neutron SRIOV host isn't supported and operators should deploy with
sriov_pf network object in nic configs.
- firewall is now managed by Ansible, not Puppet
Change-Id: I2b6068a719563a53bc255dcce72a92465e7df468
Docker is deprecated in Stein and will be removed in Train.
It is being replaced by Podman and Buildah.
blueprint podman-support
Change-Id: Id9ec9cbe9f879c2f437b234742118763d6d0f535
This file will be used until we really get Podman everywhere (so when
CentOS 8 is out).
We still need Docker around for when Pacemaker is used. So this patch
will mainly be used by TripleO CI OVB jobs, so Docker can still be
deployed on the Overcloud, and not Podman.
blueprint podman-support
Change-Id: I80b07c83aae752b2b327a4570bc3df230f6a6319
Default resource registry points to containerized services too, we
shouldn't use docker.yaml anymore.
Change-Id: I6106e223d9c1e399d396d745ad28274107074b06
* it will help to update the tempest container and reuse it in CI
when it is gated against a changeset.
Change-Id: I1386ce743e1a8cc38ccf7dbfb30735e78c6dc67a
Mark regular non-containerized services with FIXME
to be switched, once it is containerized
Do not mark yet an external/backend/plugin/host-config
related puppet services templates with that FIXME
Mark puppet/services/ceph- related templates as TODO
switch it to containerized ceph-ansible eventually, maybe.
Change-Id: Ib9fbad05eeb57dc641499fbf411cb5870da7a8e9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
We currently have the following in the registry:
OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml
Since this service is included by default in the Controller role
it will be installed on the host even on a containerized deployment.
Let's noop this in docker.yaml until a containerized version of it
gets merged.
Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4
Closes-Bug: #1723788
In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.
To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.
This also changes the default port to 2022 for baremetal computes in Pike to
enable live-migration between baremetal and containerized computes.
Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1
Depends-On: I0b80b81711f683be539939e7d084365ff63546d3
Closes-Bug: 1714171
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
Add the qdrouterd container as an infrastructure component
that provides a messaging backend for olso.messaging. Currently
the qdr role aliases the rabbitmq service.
This patch:
* Add qdrouterd to docker services
* Update environments docker file
* Add global_config_settings to yaml validate
Change-Id: Ief8c09a2728b6e1a1127a53b6df2affecc0ce3c4
This change removes the entry to containerise docker by default
because it should now be disabled since the change
Id2e6550fb7c319fc52469644ea022cf35757e0ce.
Removing the entry means the default mapping to mongodb-disabled.yaml
takes effect.
This change also modifies the upgrade_tasks so that the mongod service
is only disabled when the service exists. There appears to be upgrade
scenarios which fail because mongodb was never installed in the first
place.
Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324
Closes-Bug: #1715031
Add a docker service template to provide containerized services
logs rotation with a crond job.
Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers
and to all environments among with generic services like Ntp or Kernel.
Set it to OS::Heat::None for non containerized environments and
only enable it to the environments/docker.yaml.
Closes-bug: #1700912
Change-Id: Ic94373f0a0758e9959e1f896481780674437147d
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from
eventlet, however we need to continue running the eventlet service as
it is required for the nova metadata api.
However this should be tied to the OS::TripleO::Services::NovaMetadata
service, so duplicate the required config in nova-metadata.yaml.
Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd
Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727
Closes-bug: #1711425
Previously what we've been doing with setup_docker_host.sh can now be
achieved with host_prep_tasks, and we can free up the NodeUserData
interface for other use cases.
Closes-Bug: #1711387
Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
If we consolidate these we can focus on one implementation (the new ansible
based one used for docker-steps)
Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546
Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
Services that access database have to read an extra MySQL configuration file
/etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind
address and SSL configuration. The configuration file is thus used by
containerized services, but also by non-containerized services that still
run on the host.
In order to generate that client configuration file appropriately both on the
host and for containers, 1) the MySQLClient service must be included by the
role; 2) every containerized service which uses the database must include the
mysql::client profile in the docker-puppet config generation step.
By including the mysql::client profile in each containerized service, we ensure
that any change in configuration file will be reflected in the service's
/var/lib/config-data/{service}, and that paunch will restart the service's
container automatically.
We now only rely on MySQLClient from puppet/services, to make it possible to
generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that
drive the generation of that config file in containers via docker-puppet.
We include a new YAML validation step to ensure that any service which depends
on MySQL will initialize the mysql::client profile during the docker-puppet
step.
Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
The introduction of I90253412a5e2cd8e56e74cce3548064c06d022b1 broke the HAproxy
service due to some HAproxy-specific iptables rules being executed during the
puppet config step.
Ensure that no iptables call is performed during the generation of configuration
files. Move those calls to step 1, as implemented in the pacemaker-based
HAproxy service (Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23).
Depends-On: I2d6274d061039a9793ad162ed8e750bd87bf71e9
Closes-Bug: #1697921
Change-Id: Ica3a432ff4a9e7a46df22cddba9ad96e1390b665
Updates hieradata for changes in https://review.openstack.org/471950.
Creates a new service - NovaMigrationTarget. On baremetal this just configures
live/cold-migration. On docker is includes a container running a second sshd
services on an alternative port.
Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd
containers.
Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427
Implements: blueprint tripleo-cold-migration
Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc
Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
The containerized cinder service was merged a bit too soon and it
caused several issues in CI. Disable it temporarily to unblock CI until
it matures.
Change-Id: I8c6c0ce0011fddfec1e2de798d4fc6f34ae78de2
Related-Bug: #1700333
It was removed by mistake from the docker.yaml environment file in
I76f188438bfc6449b152c2861d99738e6eb3c61b.
Change-Id: If8df98e1ddd0961ab0c9e5df917fef8200db65e6
Closes-Bug: #1698749
The previous fix Ib10e4f18d967d356a15b97f58c488f8402a73356 made
multinode CI pass, but there was still an error during volume
scheduling on OVB:
OSError: [Errno 13] Permission denied: '/var/lib/cinder/conversion'
This was most likely due to cinder-volume was running on host and used
host's cinder user, while we still deployed containerized
cinder-backup and it chowned /var/lib/cinder under kolla's cinder user
whose UID doesn't match the baremetal one.
We didn't hit this issue in the multinode job because it doesn't
presently deploy cinder-backup service at all.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I9ac74d6717533f59945694b4a43fe56d7ca768c6
Closes-Bug: #1698136
CI was stuck on collecting logs. The collect-logs playbook, which
normally takes just a few minutes, took more than an hour and was
eventually killed.
The playbook was stuck on collecting LVM info on the overcloud node,
which runs this command:
(vgs; pvs; lvs) &> /var/log/extra/lvm.txt
Therefore it's very likely that the problematic part is the LVM setup
in the containerized cinder-volume service, and falling back to
non-contianerized for the time being should get the CI going
again.
Change-Id: Ib10e4f18d967d356a15b97f58c488f8402a73356
Closes-Bug: #1698136
This service generates the /etc/my.cnf.d/tripleo.cnf file which is
being used to configured MySQL clients (e.g. client bind address,
client SSL configuration...)
We generate the config file in this service and let containerized MySQL clients
mount /var/lib/config-data/mysql_client/etc/my.cnf.d/tripleo.cnf it in their
own container. This way, when this MySQLClient service is updated, the other
containers will automatically pick the updated configuration at next restart.
Partial-Bug: #1692317
Change-Id: Idc56d27fb9645ad3b07df8ef08b7e2ce29e6d499
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged
containerized HAProxy setup, but because of a typo in resource
registry, CI kept using the non-containerized variant and it went
unnoticed that the containerized HAProxy doesn't work yet.
We merged a resource registry fix in
Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI,
which now used the non-working HAProxy.
After putting in the missing haproxy container image to tripleo-common
in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the
CI still fails on HAProxy related problem, so we should revert back to
using non-containerized HAProxy for the time being.
Change-Id: If73bf28288de10812f430619115814494618860f
Closes-Bug: #1697645
Adds docker service for Cinder Volume
Co-Authored-By: Jon Bernard <jobernar@redhat.com>
Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f
Partial-bug: #1668920
Change-Id: Ifadb007897f3455b90de6800751a0d08991ebca2
Adds docker services for Cinder Backup
Co-Authored-By: Gorka Eguileor <geguileo@redhat.com>
Co-Authored-By: Jon Bernard <jobernar@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Alan Bishop <abishop@redhat.com>
Partial-bug: #1668920
Change-Id: I26fc31e59b28da017f0b028b74bde40aaac53ad5
Emilien Macchi