This is follow-up of 743c5fa0cd and
ensures the roles_data_standalone.yaml file is synced with the latest
contents in the roles directory.
Change-Id: I9d939b72827aff24de4dd8f496ff01b6df028cfa
Currently, yaml-validate.py cannot detect trailing slashes under
"list_concat" and "if".
volumes:
- /example:/example/ # <======= detected
volumes:
list_concat:
- - /example1:/example1/ # <===== not detected
- /example2:/example2
- if:
- {get_param: TestValue}
- - /example3:/example3/ # <==== not detected
- /example4:/example4
This fix makes yaml-validate.py detect the these trailing slashes.
Because the current implementation digs "list" twice in one call to
check_volumes(), trailing slashes under "list_concat" are not detected.
Because the current implementation ignores "if", trailing slashes under
"if" are not deleted. check_volumes() doesn't have to ignore "if"
because non-volume-style value is ignored because of IndexError.
Change-Id: I4288738c2c95ab990024845fa43653854e790bd8
These services were deprecated during Xena cycle by [1]. Since we have
created the Zed release, now we can remove the features deprecated
before that.
[1] 18651160a9
Change-Id: Ib248ec4bec57a5d747a1cf35157084d2cb51b566
Function of these scripts is now carried out by ansible roles,
making them unnecessary.
Removed scripts:
tools/convert_nic_config.py
tools/merge-new-params-nic-config-script.py
Depends-On: https://review.opendev.org/c/openstack/tripleo-upgrade/+/861710
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: Ie6dfbc7fef03b6738d3c2b61eab2b18fbe76d49d
... because the resource can't be used in networking v2. Also this
change removes the deprecated_nic_config_name property from roles data
because it is no longer used.
Depends-on: https://review.opendev.org/848953
Change-Id: I27be59299262a8bc3a45979b30569fde84011676
These old example files no longer work with TripleO. Thus, this
change is removing them to avoid confusion for our users. We can
instead rely on the files here:
1a1fb27275/network-data-samples
Change-Id: I46ed94253802b8f748a320e609fa7244be51ed59
This change removes unreachable code from python scripts.
In placement_wait_for_service.py program control returns after
executing system.exit(0) hence `break` statement is unnecessary
there.
In yaml-validate.py control doesn't reach the last `return 0` statement
hence it is also unnecessary.
Change-Id: Ibdbecd796d18fce4a2750086ddb2209dd337e6c9
This change removes the following parameters, which were used by
undercloud Nova.
- KeyName
- Overcloud{{role.name}}Flavor
- {{role.name}}SchedulerHints
- {{role.name}}Image
This also removes the NodeUserData resource because it depends on
cloud-init and nova metadata and is no longer used since Nova was
removed from baremetal node provisioning.
Finally, this change makes deployed server method used by default, and
removes remaining implementation to keep the resource compatible with
OS::Nova::Server.
Change-Id: I571b401ab2ca3c77352f4849eb2b99de20292032
Removes the redundant conditions and the template complexity.
This won't have any backward incompatibility with templates
as the only allowed values for it are 'true/false'
Change-Id: Idc0872cee7de0b16531329e329d222bf661117c4
This change ensures that firewall rules for haproxy endpoints are
enabled properly even when haproxy and api services are running in
different nodes.
With this change, firewall rule for ssl endpoints are removed from base
firewall rules because these ports are used by haproxy and not used by
api services.
Also, the adhoc implementation to run firewall configurations first is
refactored by the new host_firewall_tasks key. This allows us to
implement tasks to configure firewall in the corresponding resource
template.
Closes-Bug: #1961799
Depends-on: https://review.opendev.org/831547
Change-Id: I07ceab077f9a900f7e2e35af8acd3e7a337ed01a
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].
[1] https://puppet.com/docs/puppet/7/hiera_automatic.html
With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.
example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])
Change-Id: If5ac88ffccc1bb800d8af33c8896294a57e9b5fb
Podman is not always happy with bind-mounts ending
with / (See I094120f7f2f6bfcfc0cc5843aa1b23629cd90a23)
Follow up If951f9643d67574c1225301aab7c9e4b0d316b7f
with that YAML linter couldn't catch.
Improve linter to process all volumes in templates, including
common/logging services templates, and neither puppet, not ansible
ones, like deployment/deprecated/multipathd-container.yaml.
Change-Id: Ia517b34c9d633101502bd8788e7b8764e75bbe64
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This change adds the CephIngress resource that can be used on top
of CephNfs to deploy the ingress daemon through the orchestrator.
Depends-On: I7e337596b653cf635f07a36606e9f673044402a3
Change-Id: Ibd20627a8b110364e13c2bf26848ba6e3a8e4060
With the recent changes meant to allow deployment of Ganesha on the
"external" network, the CephNfs service can be added to more roles
than just ControllerStorageNfs.
Change-Id: Ic9010307c2aab7041c8ae30c72cc1bf99fdd22f6
Closes-Bug: 1961578
The current script requires the orchestration (Heat)
be available. This change will allow the script to convert
existing templates provided without the orchestration
service present.
Change-Id: Ie94de5841617cd8dc87ee7dccc5d4ece5b908cb9
Set +x permission on files:
* tools/convert_heat_nic_config_to_ansible_j2.py
* tools/convert_v1_net_data.py
Other python scripts have the executable permission set.
Align the two scripts with the rest.
Change-Id: I0a0bd4a353bdc35698444b72f093cce176bbe5a0
This new linter ensures we don't have any trailing "/" in the container
volume definitions.
Those trailing "/" may create issues with the containers, for instance
for specific mounts such as "/dev"[1].
This patch also takes the opportunity to fix those trailing "/" for the
affected files, in order to start on a clean basis.
[1] https://launchpad.net/bugs/1950176
Change-Id: If951f9643d67574c1225301aab7c9e4b0d316b7f
Related-Bug: #1950176
Ensure the ipv6 property is at the network level.
Previously the key would be converted in at the
subnet level, which is incorrect.
Closes-Bug: #1951308
Change-Id: Iab58ff31b4434785376ae3c553c0e7c89c6b7ff5
The six library was used to bridge the py2 > py3
gap. This library is longer required on branches
that do not support Python2.
Change-Id: I40cb90bc6bc058dcbf3659b97dbb489b53adb9d3
This commit adds a tool that parses a directory of service.yaml policy
files and then converts them to the appropriate THT structure, using the
necessary service variables and templating.
The enable-secure-rbac.yaml is simply the current defaults generated
from code. First, generate all the policy files for each OpenStack
service:
$ oslopolicy-sample-generator --namespace $SERVICE --output-file $DEST/$SERVICE.yaml
Next, uncomment all the default policies as a starting point for making
policy changes:
$ sed -i 's/^#"/"/g' $DEST/$SERVICE.yaml
Next you can make changes to the policy files to reflect the changes you
want in your deployment.
Finally, you can generate the necessary heat template:
$ ./convert_policy_yaml_to_heat_template.py -d $DEST
The tool outputs to stdout. It's up to the user to redirect to a file if
they wish to save results.
The enable-secure-rbac.yaml environment will be updated in subsequent
patches to implement project personas.
Change-Id: I9957243d307758f56b84cde3a408006d8161fa41
Since PyYAML 5.1, yaml.load without specifying the Loader option is
deprecated and shows the following warning.
YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated,
as the default Loader is unsafe.
Please read https://msg.pyyaml.org/load for full details.
This change replaces yaml.load by yaml.safe_load (which is effectively
same as adding Loader=yaml.SafeLoader) to get rid of that warning
message. Also, existing all usage of yaml.load with the Loader option
are also replaced so that we to make all implementation to load yaml
files consistent.
Change-Id: Id44fa2354429b944fbc0809f63db558bb7de23f7
Currently yaml validation is executed against almost all .yaml files
in tht repo, but this makes releasenote files and zuul job definitions
tested by yaml-validate.py.
This patch addes the new --skip-dir option to yaml-validate.py and
exclude these directories (and .tox which was already excluded) so that
we can ignore files which are not valid deployment templates.
Change-Id: If6fce493151ef17bfba26f8b80fc267d09408a9b
This new tool will convert the old v1 net-data format to v2. This tool
will create a backup of the older net-data file so that its possible to
recover data should anything go wrong in the conversion. Upon completion
the tool will create the v2 file using the existing file format name.
Change-Id: I4b4d79b0f68287921fedb3ad7b29b50df5ae3f02
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Adding a --details switch to have a bit more information about the
differences between yaml files.
This is pretty much leveraging the difflib to get at most 2 levels of
differences in the yaml structure.
Change-Id: If300a5f5d351404dbcf73d02822cdccf8e9f68df
ceph-ansible is not used anymore in master and both ceph
deployment and day2 ops are managed by the new cephadm tool.
This change aligns the tripleo-heat-templates tree to make sure
only cephadm is used to deploy Ceph (see [1]).
[1] https://blueprints.launchpad.net/tripleo/+spec/tripleo-ceph
Change-Id: Ib87615112264bd65e38ed7fb4440cca62f067de5