-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refined orchestration procedure #621
base: main
Are you sure you want to change the base?
refined orchestration procedure #621
Conversation
|
||
. A {OpenStackPreviousInstaller} environment (the source Cloud) is running on one side; | ||
. A {rhocp_long} environment is running on the other side. | ||
After you complete the adoption process, you have CRs for `Heat`, `HeatAPI`, `HeatEngine`, and `HeatCFNAPI`, and endpoints within the {identity_service_first_ref} to facilitate these services. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do we mean by the endpoints “facilitate” the services? Connect to the services?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe: "After you complete the adoption process, you have CRs and endpoints within the {identity_service_first_ref} for Heat
, HeatAPI
, HeatEngine
, and HeatCFNAPI
." ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bshephar What do we mean by the endpoints “facilitate” the services? Connect to the services?
|
||
.Procedure | ||
ifeval::["{build}" != "downstream"] | ||
As already done for https://github.com/openstack-k8s-operators/data-plane-adoption/blob/main/keystone_adoption.md[Keystone], the Heat Adoption follows a similar pattern. | ||
endif::[] | ||
|
||
. Patch the `osp-secret` to update the `HeatAuthEncryptionKey` and `HeatPassword`. This needs to match what you have configured in the existing {OpenStackPreviousInstaller} {orchestration} configuration. | ||
You can retrieve and verify the existing `auth_encryption_key` and `service` passwords via: | ||
. Retrieve the existing `auth_encryption_key` and `service` passwords. You use these passwords to patch the `osp-secret`: | ||
+ | ||
---- | ||
[stack@rhosp17 ~]$ grep -E 'HeatPassword|HeatAuth' ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | ||
HeatAuthEncryptionKey: Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2 | ||
HeatPassword: dU2N0Vr2bdelYH7eQonAwPfI3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this step say, "Retrieve the existing HeatAuthEncryptionKey
and HeatPassword
..." so that it matches the code below it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bshephar Can you address the question above?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one small change to avoid confusion for users.
10bcd00
to
9574e05
Compare
+ | ||
---- | ||
[stack@rhosp17 ~]$ ansible -i overcloud-deploy/overcloud/config-download/overcloud/tripleo-ansible-inventory.yaml overcloud-controller-0 -m shell -a "grep auth_encryption_key /var/lib/config-data/puppet-generated/heat/etc/heat/heat.conf | grep -Ev '^#|^$'" -b | ||
overcloud-controller-0 | CHANGED | rc=0 >> | ||
auth_encryption_key=Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2 | ||
---- | ||
|
||
. This password needs to be base64 encoded and added to the `osp-secret` | ||
. Base64 encode the password: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
. Base64 encode the password: | |
. Encode the password to Base64 format: |
This is something very minor, maybe I'm being too pedantic here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not pedantic, I wouldn't say "Base64 encode" either. Why was "and added to the osp-secret
" dropped?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I split this step into 2 steps. Step 3 is converting to base64 format, and step 4 is patching the osp-secret.
* The source {OpenStackPreviousInstaller} environment is running. | ||
* The target {rhocp_long} environment is running. | ||
* You adopted MariaDB and the {identity_service}. | ||
* If your existing {orchestration} stacks contain resources from other services such as {networking_first_ref}, {compute_service_first_ref}, {object_storage_first_ref}, and so on, adopt those sevices before adopting the {orchestration}. | ||
|
||
.Procedure | ||
ifeval::["{build}" != "downstream"] | ||
As already done for https://github.com/openstack-k8s-operators/data-plane-adoption/blob/main/keystone_adoption.md[Keystone], the Heat Adoption follows a similar pattern. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe: "The Heat Adoption is a similar workflow to https://github.com/openstack-k8s-operators/data-plane-adoption/blob/main/keystone_adoption.md[Keystone]."
|
||
.Procedure | ||
ifeval::["{build}" != "downstream"] | ||
As already done for https://github.com/openstack-k8s-operators/data-plane-adoption/blob/main/keystone_adoption.md[Keystone], the Heat Adoption follows a similar pattern. | ||
endif::[] | ||
|
||
. Patch the `osp-secret` to update the `HeatAuthEncryptionKey` and `HeatPassword`. This needs to match what you have configured in the existing {OpenStackPreviousInstaller} {orchestration} configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
was this line deleted and not replaced?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was moved to step 4.
@@ -78,10 +71,10 @@ spec: | |||
|
|||
.Verification | |||
|
|||
. Ensure all of the CRs reach the "Setup Complete" state: | |||
. Ensure that the status of all the CRs is `Setup complete`: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe "statuses"? Could also say "Ensure that the STATUS
of all the CRs is Setup complete
:" to match the output? Although judging by the output, the STATUS
is True
and the MESSAGE
is Setup complete
...
@@ -132,10 +125,10 @@ heatcfnapi.heat.openstack.org/heat-cfnapi True Setup complete | |||
URL: http://heat-api-internal.openstack-operators.svc:8004/v1/%(tenant_id)s | |||
---- | |||
|
|||
. Check the {orchestration} engine services are up: | |||
. Check that the {orchestration} engine services are up: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe "running" instead of "up"
https://issues.redhat.com/browse/RHOSPDOC-2027