overcloud generate fencing command cannot be run before the actual deployment
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Fix Released
|
Medium
|
Michele Baldessari | ||
Bug Description
Currently 'openstack overcloud generate fencing instackenv.json --output /tmp/fence.yaml' needs to run after the actual deployment and then you need to run another deploy command with the added /tmp/fence.yaml environment file. While this used to be necessary in environments without IPMI, this
is not strictly necessary since we've moved to VBMC (and in real life IPMI was the reality anyway).
The reason we typically could not generate this fencing information before hand was that before the deployment we did not have the correspondence between ironic and the actual nova node name before deployment.
The way this can be solved is by simply using the mac address and then let puppet::tripleo match its own node and stonith info by looking up its mac addresses during deploy and matching them to its hostname.
| tags: | added: queens-backport-potential |
| Changed in tripleo: | |
| status: | Triaged → In Progress |
| Changed in tripleo: | |
| milestone: | rocky-1 → rocky-2 |
| OpenStack Infra (hudson-openstack) wrote Fix merged to tripleo-common (master) | #1 |
| Changed in tripleo: | |
| status: | In Progress → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to tripleo-common (stable/queens) | #2 |
| OpenStack Infra (hudson-openstack) wrote Fix merged to tripleo-common (stable/queens) | #3 |
| tags: | added: in-stable-queens |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tripleo-common 8.6.2 | #4 |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tripleo-common 9.1.0 | #5 |
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit 19f3e7a325696cf
Author: Chris Jones <email address hidden>
Date: Thu Oct 12 09:35:59 2017 +0100
Allow fencing config generation before deployment.
With this commit we are able to generate the fencing configuration for
IPMI hosts before deployment, and thus use it as part of the initial
deployment run.
The reason we can generate it before hand is the following:
puppet::tripleo is capable of matching its own host via
https:/
and by doing that each node will create its own stonith device.
It does so by looking at the macaddress<->IPMI table and if it detects
it's own macaddress it will create the IPMI stonith device
for its own hostname.
Concurrent stonith resource creation from different nodes is possible
in puppet-pacemaker since change I8be5d5d1a9894b
got merged.
Tested as follows on a virtual vbmc environment:
1. Before deployment:
$ openstack overcloud generate fencing instackenv.json --output fence.yaml
2. Deployed overcloud adding "fence.yaml"
3. Verified stonith configuration:
[root@
stonith-
stonith-
stonith-
[root@
stonith-
4. Verified the fencing of a specific node:
[root@
Node: controller-1 fenced
<indeed controller-1 has been fenced>
Same test run on BM:
1. Before deployment:
$ openstack overcloud generate fencing instackenv.json --output fence.yaml
2. Deployed overcloud adding "fence.yaml"
3. Verified stonith configuration:
[root@
stonith-
stonith-
stonith-
stonith-
stonith-
[root@
stonith-
4. Verified the fencing of a specific node:
[root@
[1] 168504
PING overcloud-
64 bytes from ove...