... and move the services into the deployment directory.
The extraconfig/services directory was initially created for
experimental services using an interface that was work in progress but
is now stable enough, so the services can live among the others for
simplification.
Change-Id: I2bd0b169ed18ea2fccfea4475402dd73076924c8
This converts all Docker*Image parameter varients into
Container*Image varients.
The commit was autogenerated with the following shell commands:
for file in $(grep -lr Docker.*Image --include \*.yaml --exclude-dir releasenotes); do
sed -e "s|Docker\([^ ]*Image\)|Container\1|g" -i $file
done
Change-Id: Iab06efa5616975b99aa5772a65b415629f8d7882
Depends-On: I7d62a3424ccb7b01dc101329018ebda896ea8ff3
Depends-On: Ib1dc0c08ce7971a03639acc42b1e738d93a52f98
The openshift-ansible tasks are now invoked with the tripleo-admin
user, which doesn't by default have write access to /var/lib/mistral,
but it does have sudo access.
This change makes /var/lib/mistral/<stack>/openshift be owned by the
tripleo-admin user so that subsequent tasks can write to that
directory.
Change-Id: I7762af7b824ae0c7303438d48fc35c9f24a00c9c
Related-Bug: #1813832
This simplifies the tripleo-heat-templates interface to only offer the
OpenShiftAnsiblePath parameter instead of the myriad of
OpenShift*Playbook parameters, since all of these would very likely be
in the same openshift-ansible directory.
Change-Id: I367a25ae1b03d8bdb712277bd8ade30e53b8af11
It could cause issue when being on inventory containing nodes marked as
new.
Specifically, it caused an undefined ansible variable error when
re-running the deploy playbook on an inventory that contained nodes in
the new_masters group.
Closes-Bug: #1812962
Change-Id: Iaf9403b5f60f06769d94317d261de8cad94274ab
This allows to run custom openshift-ansible playbooks with an inventory
that reflects the deployment status.
Related-Bug: #1812962
Change-Id: I94b6ae04a3e31fe0b7951df2446cc91b5842cd77
Re-using the same variable for each role was not very clean and forced
us to re-check which master nodes were new in the deployment. Instead,
use a dict for `role_nodes` and `new_role_nodes` with keys being the
role name.
This will allow us to re-generate updated inventory in later step
without needing to set the facts once again.
Related-Bug: #1812962
Change-Id: I21ed56a1c4d43a3e0945c8b74dd94ccf89dc05b0
I4aa8055fe800723b3e140f8232c9e41e769e11f3 wrongly replaced 'include'
with 'include_tasks' in openshift and kubernetes templates and broke
their deployment, resulting in an ansible error:
ERROR! 'include_tasks' is not a valid attribute for a Play
Use import_playbook instead.
Change-Id: I0bb9bfabeb06dc9d602ad173ce2d12d1771b6b1f
Closes-Bug: #1812983
The openshift/global_gluster_vars.yml file was not removed on re-deploy
and caused issue when reploying openshift without CNS after deploying
openshift a first time with CNS.
Change-Id: I0eedca7d53f7d3801f163ab9dd901bfb8651dd2c
Closes-Bug: #1811664
For some configs changes, such as the identity providers, it is
necessary to restart the master services in order for them to take
effect.
Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
Closes-Bug: #1807668
The `prerequisites.yml` playbook should only be explicitly run on
initial deployment to prepare the nodes. It is already included in the
scaleup playbooks for the new nodes so there is no need to include it
again. Re-running the `prerequisites.yml` playbook reconfigures the
container runtime and may cause outage, it is supposed to be run only
once.
Make update and upgrade playbooks exclusive. There is no need to run
both of them.
Add comments to clarify the intent for each playbooks.
Change-Id: I30278360fcc1ffa9bd7ce7cb77d023629fb6fa47
Closes-Bug: #1804790
Wire in the new openshift 3.11 images with tripleo, so that any
customization applied either via heat param with the integrated image
preparation workflow gets passed to openshift-ansible.
Depends-On: Ibbd5ff9d3597f5add440b92a27a2f2f669f7bdbe
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2cb6eac9136f4c24bfc2881ff0aa1ddec7a35fe4
The `openshift_master_cluster_hostname` and
`openshift_master_cluster_public_hostname` variables are set to IP
addresses by tripleo, but were wrongly combined with the
openshift_global_vars dictionnary in a way that prevented customization
via the OpenShiftGlobalVariables heat parameter.
Reverse the order of the combine to make customization possible as they
should.
Change-Id: I47805608b90d8fda7d8357d3cb55f6372e746da1
Closes-Bug: #1806736
This commit remove variables passed to openshift-ansible in order to
stay more inline with openshift-ansible defaults.
The removed variables are:
- `openshift_enable_excluders`: use default value from
openshift-ansible.
- `openshift_use_dnsmasq`: removed from openshift-ansible.
- `openshift_docker_selinux_enabled`: use default value from
openshift-ansible.
- `containerized`: removed from openshift-ansible.
- `skip_version`: removed from openshift-ansible.
- `debug_level`: use default value from openshift-ansible.
- `osm_controller_args`: use default value from openshift-ansible. The
provided experimental-cluster-signing-duration setting had an
extremely low period and could cause nodes to become unreachable in
the event of cert renewal during the master node failover. See [1] for
details.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1648493
Closes-Bug: #1806726
Change-Id: I4d9ae4f4745393aa817f07a542f06faa0c6a5eb9
Tripleo should rely on openshift-ansible defaults as much as possible,
especially concerning the services which are enabled.
This removes the setting that explicitly disabled the service catalog
and template service broker, and wire in the ansible-service-broker
from heat parameters. The service-catalog and template-service-broker
images do not need to be specified since they're derived from the
oreg_url in openshift-ansible.
Change-Id: Ie09696a54ba01f23003366a9f221d2f32f4b0270
Depends-On: Ic358ed27d63015d297f50c10f553fc1c470ea6a5
Closes-Bug: #1806353
According to the inventory examples[1] openshift_master_cluster_hostname
points to an internal hostname/address set on the loadbalancer while
openshift_master_cluster_public_hostname points to the external.
This change sets openshift_master_cluster_hostname to use the InternalApi
network instead of the External network as it is at this moment.
[1] https://docs.openshift.com/container-platform/3.11/install/example_inventories.html
Change-Id: I9efab5b07682efd6b03da433801d636e7d324619
We're collocating the etcd and master nodes, we should also be run the
etcd scaleup playbook when adding new master nodes to the cluster.
However, this needs to happen in a separate ansible run as the master
node scale up and etcd scale up use different inventory files.
Change-Id: I523ed32681818112b7570aeab3ede32ed4ec322b
Closes-Bug: #1802319
Openshift-ansible expects that on initial deployment the nodes belong
to a <host_type> group, while on scale up, it expects the new nodes to
belong to a new_<host_type> group and not be part of the <host_type>
one.
Change-Id: Ibe461b4a7948813b69a0f85642e01aebb0531043
The openshift-master service will fail any time it is used with a
stack update. This is because the openshift_upgrade var is not
defined, but is checked whenever tripleo_stack_action == 'UPDATE'.
This patch adds a check for openshift_upgrade being defined before
checking if it is True.
Closes-Bug: 1794824
Change-Id: I3a598724154a3242b777eefed9304300c45d8c29
Openshift-ansible gives us a friendly error when we do:
"Please run playbooks/openshift-master/scaleup.yml if you need to scale
up both masters and nodes. This playbook is only needed if you are only
adding new nodes and not new masters"
Change-Id: Ibf52b9dbabc9a4f86c11b7de345c3b73e157435c
Closes-Bug: #1802324
This update the variables to reference v3.11 instead of 3.10 and rework
how to compute the oreg_url osa var due to DockerOpenShiftBaseImage
being deprecated.
Co-Authored-By: Martin André <m.andre@redhat.com>
Depends-On: Ibbd5ff9d3597f5add440b92a27a2f2f669f7bdbe
Depends-On: I764944bda6534f6b799fa0f4fb2e7980c22b1d67
Change-Id: I569f9da7ba9312a726360a3543b920413f445cbe
This prevents hardcoding it in the template and allows to check for the
right service name during new node detection as origin and
openshift-enterprise deployment types use differnt prefixes for the
services.
Change-Id: Id5cf7d6f7888b759eec7c969275fe15779b7b775
This variable is used in the docker_image_availability check to
determine how to query the registries for image availability. Setting
this variable allows us to enable the docker_image_availability check
in the gate.
Change-Id: Ia1da542d342228bb28ad487371fad8d3ffc62d0b
The `openshift_examples_modify_imagestreams` ansible variable controls
whether openshift-ansible changes the imagestream registry hosts to be
the same as where the openshift images are pulled. In our case this
points to the container image registry on the undercloud by default.
However, due to how this feature was implemented in openshift-ansible
[1], the imagestreams are only modified when the original value is
registry.redhat.com, i.e. when deploying openshift-enterprise,
explaining why this issue remained unnoticed until now.
[1] 95bc2d2e61/roles/openshift_examples/tasks/main.yml (L52-L55)
Change-Id: I4949f53e966872f775833b8d36d96ef72cf13845
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.
Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.
Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
With the default setting, the keepalived that we deploy on the master
node collides with the one that is setup on the undercloud. We simply
need to use a different virtual_router_id_base to prevent
virtual_router_id collision.
Change-Id: I92ef081a111f93ddce4ec42400bcb648b7f7def0
While introducing the openshift-node service in 7373adc72e, some code
was moved around and that broke the OpenShift external_deploy_task
playbook in the case of a stack update due to undefined ansible
variable.
Rename the new_masters var into new_master_nodes and introduce the
has_new_nodes boolean var that indicates there is at least one new node
in the deployment.
Related-Bug: 1794824
Change-Id: I2f386b5507836deda0816616dd7add8a0b53dfd3
This allows us to deploy openshift without the need to install
openshift-ansible in the mistral container image or in the undercloud.
Co-Authored-By: Martin André <m.andre@redhat.com>
Depends-On: Ied75bfbeed71aca83962e60bfc801a2527f5dfba
Change-Id: I1e28e63c8a3a30dfe1e95924f9b4086fcf9513fb
Previously we were only deploying a master node. This commit adds the
worker and infra service to the deployed node and configures it as an
all-in-one node. In order to do so, we need to disable HAproxy when
deploying in all-in-one as the HAproxy instance Openshift deploys on
the infra node conflicts with the one we normally set up. They both
bind ports 80 and 443.
Also removes the useless ComputeServices parameter that only makes
sense in a multinode environment.
Change-Id: I6c7d1b3f2fa5c7b1d9cf695c9e021a4192e5d23a
Depends-On: Ibc98e699d34dc6ab9ff6dce0d41f275b6403d983
Depends-On: I0aa878db62e28340d019cd92769f477189886571
Previously the path to the openshift-ansible's prerequisites playbook
was hardcoded to
/usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml. This
commit introduces the `OpenShiftPrerequisitesPlaybook` heat parameter
to make it configurable.
Also add more explicit description for the other playbook path
parameters and update the default path for OpenShiftUpgradePlaybook
that was broken since the move to openshift-ansible 3.10.
Change-Id: I2260cb8b0cef9650c707d4db917a3281a697912d
So far the tasks for external update/upgrade were not using the step
mechanism as other tasks, we had a single step. As external
deploy/update/upgrade tasks are being used for more things nowadays,
it's likely that we'll need to go towards a similar model like we have
for deploy/update/upgrade tasks -- proper usage of steps.
For now we have just 2:
* Step 0 for setting global facts, and performing validations.
* Step 1 for actual update/upgrade tasks. (There's an upcoming change
to run online data migrations in step 1).
Change-Id: I1933bd0eedab71caab56c0e5d93ba7927fb7c20f
Partial-Bug: #1793332
Emilien Macchi