Currently, yaml-validate.py cannot detect trailing slashes under
"list_concat" and "if".
volumes:
- /example:/example/ # <======= detected
volumes:
list_concat:
- - /example1:/example1/ # <===== not detected
- /example2:/example2
- if:
- {get_param: TestValue}
- - /example3:/example3/ # <==== not detected
- /example4:/example4
This fix makes yaml-validate.py detect the these trailing slashes.
Because the current implementation digs "list" twice in one call to
check_volumes(), trailing slashes under "list_concat" are not detected.
Because the current implementation ignores "if", trailing slashes under
"if" are not deleted. check_volumes() doesn't have to ignore "if"
because non-volume-style value is ignored because of IndexError.
Change-Id: I4288738c2c95ab990024845fa43653854e790bd8
These services were deprecated during Xena cycle by [1]. Since we have
created the Zed release, now we can remove the features deprecated
before that.
[1] 18651160a9
Change-Id: Ib248ec4bec57a5d747a1cf35157084d2cb51b566
This change removes unreachable code from python scripts.
In placement_wait_for_service.py program control returns after
executing system.exit(0) hence `break` statement is unnecessary
there.
In yaml-validate.py control doesn't reach the last `return 0` statement
hence it is also unnecessary.
Change-Id: Ibdbecd796d18fce4a2750086ddb2209dd337e6c9
This change removes the following parameters, which were used by
undercloud Nova.
- KeyName
- Overcloud{{role.name}}Flavor
- {{role.name}}SchedulerHints
- {{role.name}}Image
This also removes the NodeUserData resource because it depends on
cloud-init and nova metadata and is no longer used since Nova was
removed from baremetal node provisioning.
Finally, this change makes deployed server method used by default, and
removes remaining implementation to keep the resource compatible with
OS::Nova::Server.
Change-Id: I571b401ab2ca3c77352f4849eb2b99de20292032
Removes the redundant conditions and the template complexity.
This won't have any backward incompatibility with templates
as the only allowed values for it are 'true/false'
Change-Id: Idc0872cee7de0b16531329e329d222bf661117c4
This change ensures that firewall rules for haproxy endpoints are
enabled properly even when haproxy and api services are running in
different nodes.
With this change, firewall rule for ssl endpoints are removed from base
firewall rules because these ports are used by haproxy and not used by
api services.
Also, the adhoc implementation to run firewall configurations first is
refactored by the new host_firewall_tasks key. This allows us to
implement tasks to configure firewall in the corresponding resource
template.
Closes-Bug: #1961799
Depends-on: https://review.opendev.org/831547
Change-Id: I07ceab077f9a900f7e2e35af8acd3e7a337ed01a
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: If5ac88ffccc1bb800d8af33c8896294a57e9b5fb
Podman is not always happy with bind-mounts ending
with / (See I094120f7f2f6bfcfc0cc5843aa1b23629cd90a23)
Follow up If951f9643d67574c1225301aab7c9e4b0d316b7f
with that YAML linter couldn't catch.
Improve linter to process all volumes in templates, including
common/logging services templates, and neither puppet, not ansible
ones, like deployment/deprecated/multipathd-container.yaml.
Change-Id: Ia517b34c9d633101502bd8788e7b8764e75bbe64
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This change adds the CephIngress resource that can be used on top
of CephNfs to deploy the ingress daemon through the orchestrator.
Depends-On: I7e337596b653cf635f07a36606e9f673044402a3
Change-Id: Ibd20627a8b110364e13c2bf26848ba6e3a8e4060
With the recent changes meant to allow deployment of Ganesha on the
"external" network, the CephNfs service can be added to more roles
than just ControllerStorageNfs.
Change-Id: Ic9010307c2aab7041c8ae30c72cc1bf99fdd22f6
Closes-Bug: 1961578
This new linter ensures we don't have any trailing "/" in the container
volume definitions.
Those trailing "/" may create issues with the containers, for instance
for specific mounts such as "/dev"[1].
This patch also takes the opportunity to fix those trailing "/" for the
affected files, in order to start on a clean basis.
[1] https://launchpad.net/bugs/1950176
Change-Id: If951f9643d67574c1225301aab7c9e4b0d316b7f
Related-Bug: #1950176
The six library was used to bridge the py2 > py3
gap. This library is longer required on branches
that do not support Python2.
Change-Id: I40cb90bc6bc058dcbf3659b97dbb489b53adb9d3
Since PyYAML 5.1, yaml.load without specifying the Loader option is
deprecated and shows the following warning.
YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated,
as the default Loader is unsafe.
Please read https://msg.pyyaml.org/load for full details.
This change replaces yaml.load by yaml.safe_load (which is effectively
same as adding Loader=yaml.SafeLoader) to get rid of that warning
message. Also, existing all usage of yaml.load with the Loader option
are also replaced so that we to make all implementation to load yaml
files consistent.
Change-Id: Id44fa2354429b944fbc0809f63db558bb7de23f7
Currently yaml validation is executed against almost all .yaml files
in tht repo, but this makes releasenote files and zuul job definitions
tested by yaml-validate.py.
This patch addes the new --skip-dir option to yaml-validate.py and
exclude these directories (and .tox which was already excluded) so that
we can ignore files which are not valid deployment templates.
Change-Id: If6fce493151ef17bfba26f8b80fc267d09408a9b
ceph-ansible is not used anymore in master and both ceph
deployment and day2 ops are managed by the new cephadm tool.
This change aligns the tripleo-heat-templates tree to make sure
only cephadm is used to deploy Ceph (see [1]).
[1] https://blueprints.launchpad.net/tripleo/+spec/tripleo-ceph
Change-Id: Ib87615112264bd65e38ed7fb4440cca62f067de5
Add a default file for network data and vip data to
use with network-data-v2.
The network data is an empty list, i.e no network
isolation is the default.
The default vip data file keeps one entry for the
ctlplane network, which is the only Virtual IP in
the no network isolation scenarios.
Related-Blueprint: blueprint network-data-v2-ports
Change-Id: Ia50435c0560ed76791d1859612f625a1b776a8b2
Previously this was required which lead to folks defining invalid empty
data that actually gets ignored later in the process. Since you don't
have to have a puppet_config, let's say it needs to be defined but skip
validation if it is an empty.
Change-Id: I7310c340a1e2b48cdbc378ab4fe3944bd7e89112
The bind pool information is now automatically generated and the
variables and sample config files are no longer needed. Matching bind9
and rndc key configuration is also generated.
Note: this patch also removes the use of puppet-dns which is problematic
when bind and the worker aren't on the same host and is awkward to use
with respect to rndc keys. It also modifies yaml-validate.py to correct
a rule changed with respect rndc_allowed_addresses.
Depends-On: Ib121888061b8bfcc4155528a8a209c7e274fafcb
Depends-On: I3383c19f80e70553ae71e644a01dda0f250d19da
Depends-On: I1b6674acbd6f999474cd66cb44357cf6b756a7d0
Change-Id: Ib89bcafe9f65431aee5756a32b2a82adc3d384dc
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added
a new template version for wallaby. This would allow us to use
2-argument variant of the ``if`` function that would allow for
e.g. conditional definition of resource properties and help
cleanup templates. If only two arguments are passed to ``if``
function, the entire enclosing item is removed when the condition
is false.
Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
During the overcloud deployment phase, some operations should still be
performed on the provisioned Ceph cluster.
When Ceph is TripleO deployed, cephadm doesn't provide any firewall
configuration (–-skip-firewalld is provided), as well as any HA
configuration for the Ceph Dashboard.
This change introduces a new cephadm/ branch containing all the services
that should be configured in the TripleO context.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Co-Authored-By: John Fulton <fulton@redhat.com>
Depends-On: I35e57abddc64310a6422174fe191bd328588d7cd
Change-Id: Ie9537471924d1d60f7642699e58e734511b91a2b
This is using linux-system-roles.certificate ansible role,
which replaces puppet-certmonger for submitting certificate
requests to certmonger. Each service is configured through
it's heat template.
Partial-Implements: blueprint ansible-certmonger
Depends-On: https://review.rdoproject.org/r/31713
Change-Id: Ib868465c20d97c62cbcb214bfc62d949bd6efc62
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.
Reduces a number of heat resources.
Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
Default CephAnsibleSkipClient to True and CephConfigPath to
/var/lib/tripleo-config/ceph (instead of /etc/ceph) and set
these paramters explicitly in scenario00{1,4}. This will
result in all Ceph client configuration being done not by
ceph-ansible but by the new tripleo-ceph-client role from
tripleo-ansible.
Add the CephClient service to all Controller* roles which will
use Ceph. The service could have always been there as there are
Ceph clients on the these controllers, but it was not because
ceph-ansible configured clients as a side effect. With new
CephConfigPath default they no longer overlap so the service
is required.
Add support for CephExternalMultiConfig via tripleo-ceph-client
by looping on the contents of the CephExternalMultiConfig list
and passing each map as the dcn variable while including the
tripleo-ceph-client role each time.
Related-Bug: #1708302
Depends-On: I938ab604859fda88f3491399444841a3a373d162
Change-Id: I784e6a476752ed701192b3a0155c42edd4836d97
Add a script that does a best effort conversion of
a heat network-config tempalte to an ansible j2
network-config template.
The script uses a networks data file as input to
genereta a map of Heat Parameters to ansible vars.
For parameters not in the generated map the stack
environment is used, parameter values from the
stack environment is hard-coded in the j2 template.
A j2 comment is added whenever a value was hard coded,
in a header comment and also an inline comment if
possible.
NOTE: The j2 reference files in the unit tests was
created by converting heat templates.
Change-Id: I8165a077b87307ca3c2ebee54703a939517dc9bf
Since 20.09, OVN supports VXLAN type for inter-chassis communication.
This patch also gets rid of no longer needed override for
NeutronNetworkType for OVN, moving the constraints into generic ML2
definition list. The constraints list is extended to include vxlan.
Depends-On: I81c016ba9c91282d1bebb40a282077e14ce4bd6b
Change-Id: I447458c344a8817f3cfacba06f3410d500ed1f59
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
Sahara support was deprecated during previous Ussuri cycle[1], so we
can remove it completely now.
[1] f1d9b15c85
Change-Id: Id047221cb912c09984cc3bf864196a26fd36736f
With the switch to Ubuntu Focal for tox jobs via https://review.opendev.org/#/c/738322/
our 1.1.0 version of hacking pulls in old modules that are not compatible
with python3.8:
https://github.com/openstack/hacking/blob/1.1.0/requirements.txt#L6
Let's upgrade hacking to >= 3.0.1 and < 3.1.0 so that it supports python3.8
correctly. The newer hacking also triggered new errors which are
fixed in this review as well:
./tools/render-ansible-tasks.py:113:25: F841 local variable 'e' is assigned to but never used
./tools/yaml-validate.py:541:19: F999 '...'.format(...) has unused arguments at position(s): 2
./tools/render-ansible-tasks.py:126:1: E305 expected 2 blank lines after class or function definition, found 1
./tools/yaml-validate.py:33:1: E305 expected 2 blank lines after class or function definition, found 1
./container_config_scripts/tests/test_nova_statedir_ownership.py:35:1: E305 expected 2 blank lines after class or function definition, found 0
Also make sure we exclude .tox and __pycache__ from flake8 as well
We also need to change the lower-constraint requirements to make them
py3.8 compatible. See https://bugs.launchpad.net/nova/+bug/1886298
cffi==1.14.0
greenlet==0.4.15
MarkupSafe==1.1.0
paramiko==2.7.1
Suggested-By: Yatin Karel <ykarel@redhat.com>
Change-Id: Ic280ce9a51f26d165d4e93ba0dc0c47cdf8d7961
Closes-Bug: #1895093
Ghanshyam Mann