apex-tripleo-heat-templates.git
6 years agoAdd all services to container scenarios
Martin André [Thu, 7 Sep 2017 20:50:49 +0000 (22:50 +0200)]
Add all services to container scenarios

This commit brings the multinode containers scenario files closer to
their BM variants to add missing services and turning pacemaker on.
These require refactorings in OOOQ in order to support non-containerized
to containerized upgrade jobs across releases. Ceph-ansible is also
going to be switched separately.

Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Depends-On: Ie0e8de54794a9259c0aeb8c67ae0f6a908844093
Change-Id: Icb659509b38575534be27a1881dbe671c40a5436
Related-Bug: #1714905
Related-Bug: #1712070
(cherry picked from commit c504f83c28b986ceb2b92cc0077959158bd11df7)

6 years agoMerge "Disable MongoDB in scenario002" into stable/pike
Zuul [Thu, 2 Nov 2017 12:37:17 +0000 (12:37 +0000)]
Merge "Disable MongoDB in scenario002" into stable/pike

6 years agoMerge "Fix standalone ControllerOpenstack vars" into stable/pike
Zuul [Thu, 2 Nov 2017 11:00:14 +0000 (11:00 +0000)]
Merge "Fix standalone ControllerOpenstack vars" into stable/pike

6 years agoMerge "Switch RabbitFDLimit to a Puppet integer" into stable/pike
Zuul [Thu, 2 Nov 2017 08:42:20 +0000 (08:42 +0000)]
Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pike

6 years agoMerge "Force memcached container log to file" into stable/pike
Zuul [Thu, 2 Nov 2017 08:42:17 +0000 (08:42 +0000)]
Merge "Force memcached container log to file" into stable/pike

6 years agoMerge "Enable neutron-lbaasv2 UI in Horizon" into stable/pike
Zuul [Thu, 2 Nov 2017 07:53:12 +0000 (07:53 +0000)]
Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pike

6 years agoForce memcached container log to file
Juan Antonio Osorio Robles [Mon, 30 Oct 2017 08:04:18 +0000 (10:04 +0200)]
Force memcached container log to file

We were relying on the sysconfig options to set the memcached log file,
however, this is not happening, as the redirection is being taken as an
option and ends up being ignored by the memcached command. So instead,
we set the redirection in the container template.

Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a
Closes-Bug: #1720183
(cherry picked from commit ca1fc5848661aacbf14b52e33879190c133c8e48)

6 years agoMerge "Fix permissions for dockerized horizon" into stable/pike
Zuul [Wed, 1 Nov 2017 04:58:22 +0000 (04:58 +0000)]
Merge "Fix permissions for dockerized horizon" into stable/pike

6 years agoFix standalone ControllerOpenstack vars
Alex Schultz [Fri, 6 Oct 2017 21:04:35 +0000 (15:04 -0600)]
Fix standalone ControllerOpenstack vars

As we've moved to more dynamic generation of variables, the correct
variable names are *ControllerOpenstack* not *Controller* for the
example standalone environment.

Change-Id: Iaa39de9d8794a856e76cc9995d046484632cf604
Closes-Bug: #1721877
(cherry picked from commit 536d1c4af59dc22164666be5cb1826115fdfdeb9)

6 years agoMerge "Set verbosity by default for memcached" into stable/pike
Zuul [Tue, 31 Oct 2017 00:29:19 +0000 (00:29 +0000)]
Merge "Set verbosity by default for memcached" into stable/pike

6 years agopersist memcached logs in /var/log/containers/memcached/memcached.log
Juan Antonio Osorio Robles [Fri, 27 Oct 2017 07:22:01 +0000 (10:22 +0300)]
persist memcached logs in /var/log/containers/memcached/memcached.log

We used to bind-mount /var/log/memcached.log, but this resulted in the
file being createdin the memcached container as a directory, since this
file didn't exist.

This commit takes the approach of other containers and gets the logs to
a memcached directory in /var/log/containers.

Change-Id: I926b65fa557ad56b4faa2be34452b58f7b01247a
Closes-Bug: #1720183
(cherry picked from commit 5020f38301a9a0a70f34878196250e24fc639dec)

6 years agoSet verbosity by default for memcached
Juan Antonio Osorio Robles [Fri, 27 Oct 2017 07:32:20 +0000 (10:32 +0300)]
Set verbosity by default for memcached

This sets of one level of verbosity for memcached by default. This
allows us to see any errors or warnings in the logs.

Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241
Related-Bug: #1720183
(cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)

6 years agoDisable MongoDB in scenario002
Michele Baldessari [Thu, 19 Oct 2017 06:12:07 +0000 (08:12 +0200)]
Disable MongoDB in scenario002

We have disabled mongo by default in containers via:

Id2e6550fb7c319fc52469644ea022cf35757e0ce Disable mongodb by default
Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Containerized mongodb, disable by default, fix upgrade

Let's not use it in scenario002 either.

NB: Not entirely clean cherry-pick due to scenario002-multinode-containers.yaml
    having many more services in master than in pike.

Change-Id: I0d2df25ed797ffb8425ba81736526d3688e5de5c
Closes-Bug: #1724679
(cherry picked from commit 900416d9809bf4446c0c037128edb033ab9b3bcc)

6 years agoEnable neutron-lbaasv2 UI in Horizon
Cédric Jeanneret [Wed, 18 Oct 2017 08:58:21 +0000 (10:58 +0200)]
Enable neutron-lbaasv2 UI in Horizon

Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f
Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f
Partial-Bug: 1724471
(cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)

6 years agoMerge "ci-ovn: Disable Swift services in scenario 007 container job" into stable...
Zuul [Tue, 24 Oct 2017 20:03:15 +0000 (20:03 +0000)]
Merge "ci-ovn: Disable Swift services in scenario 007 container job" into stable/pike

6 years agoMerge "Create short lived ssh key for enable-ssh-admin.sh" into stable/pike
Zuul [Tue, 24 Oct 2017 19:46:07 +0000 (19:46 +0000)]
Merge "Create short lived ssh key for enable-ssh-admin.sh" into stable/pike

6 years agoMerge "Disable SwiftDispersion when using docker" into stable/pike
Zuul [Tue, 24 Oct 2017 10:16:14 +0000 (10:16 +0000)]
Merge "Disable SwiftDispersion when using docker" into stable/pike

6 years agoMerge "Support for Satellite Capsule in rhel-registration" into stable/pike
Zuul [Tue, 24 Oct 2017 10:03:13 +0000 (10:03 +0000)]
Merge "Support for Satellite Capsule in rhel-registration" into stable/pike

6 years agoDisable SwiftDispersion when using docker
Michele Baldessari [Tue, 17 Oct 2017 12:22:27 +0000 (14:22 +0200)]
Disable SwiftDispersion when using docker

We currently have the following in the registry:
OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml

Since this service is included by default in the Controller role
it will be installed on the host even on a containerized deployment.

Let's noop this in docker.yaml until a containerized version of it
gets merged.

Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4
Closes-Bug: #1723788
(cherry picked from commit 0c8ba9651734a0e6180ca443c87c8c8ca5169d6c)

6 years agoci-ovn: Disable Swift services in scenario 007 container job
Numan Siddique [Wed, 11 Oct 2017 09:56:02 +0000 (15:26 +0530)]
ci-ovn: Disable Swift services in scenario 007 container job

Closes-bug: #1722758
Change-Id: I0161c534807ca45e2d2b6fcace5fc3e26eb450a2
(cherry picked from commit 7e398bf18910e062415ce4e70236ce98577aed13)

6 years agoCreate short lived ssh key for enable-ssh-admin.sh
Jiri Stransky [Wed, 18 Oct 2017 13:19:44 +0000 (15:19 +0200)]
Create short lived ssh key for enable-ssh-admin.sh

Instead of using the key provided by user on the command line, create
a new short-lived key, give it to Mistral to create a tripleo-admin
user with it, and remove the short-lived key.

Co-Authored-By: John Fulton <fulton@redhat.com>
Change-Id: I6e6ed83fa62319d59d7289b16a1412a340ea6b26
Closes-Bug: #1724578
(cherry picked from commit b0e72c1413c9441aa592b56583e87715e7096152)

6 years agoRemove deprecation handling from custom roles
James Slagle [Mon, 16 Oct 2017 16:06:02 +0000 (12:06 -0400)]
Remove deprecation handling from custom roles

For deployed-server custom roles, the deprecation handlings are removed.
As these have always been custom roles with definitions generated from
role.role.j2.yaml, these original (now deprecated) param names were
never present for anyone using this deployed-server roles data file.

Specifically, deprecated_server_resource_name is quite troublesome as it
will cause the server resources to get replaced on upgrade as the
resource name changes.

These were all introduced in If4a8388634fb1dcbb47beeabbd3db005abc80d4e,
and this commit removes them.

Change-Id: I1c1267f19db972b55466f4649eda62dd7814b94a
Closes-Bug: #1723177
(cherry picked from commit 6e7a431df0b7790512eb1920500b8878701c691a)

6 years agoMerge "Also match config volumes for /var/lib/config-data/puppet-generated/" into...
Zuul [Mon, 23 Oct 2017 13:44:23 +0000 (13:44 +0000)]
Merge "Also match config volumes for /var/lib/config-data/puppet-generated/" into stable/pike

6 years agoMerge "Disable xinetd class when creating swift-storage puppet configuration" into...
Zuul [Mon, 23 Oct 2017 10:29:58 +0000 (10:29 +0000)]
Merge "Disable xinetd class when creating swift-storage puppet configuration" into stable/pike

6 years agoMerge "Remove Heat Cloudwatch API during upgrade and disable by default" into stable...
Zuul [Thu, 19 Oct 2017 09:11:27 +0000 (09:11 +0000)]
Merge "Remove Heat Cloudwatch API during upgrade and disable by default" into stable/pike

6 years agoMerge "Fix some missed hard-coded network references" into stable/pike
Zuul [Thu, 19 Oct 2017 04:54:09 +0000 (04:54 +0000)]
Merge "Fix some missed hard-coded network references" into stable/pike

6 years agoMerge "Remove monitor_interface from ceph-ansible parameters" into stable/pike
Zuul [Thu, 19 Oct 2017 03:35:09 +0000 (03:35 +0000)]
Merge "Remove monitor_interface from ceph-ansible parameters" into stable/pike

6 years agoDisable xinetd class when creating swift-storage puppet configuration
Michele Baldessari [Sat, 14 Oct 2017 18:12:58 +0000 (20:12 +0200)]
Disable xinetd class when creating swift-storage puppet configuration

Due to missing puppet invocation with --detailed-exitcodes we ignored
a large amount of puppet errors during deploy. Swift storage fails
during the puppet_config step with the following error:

Debug: /Stage[main]/Swift::Storage::Object/Swift::Storage::Generic[object]/Package[swift-object]: Not tagged with file, file_line, concat, augeas, cron, swif t_proxy_config, swift_config, swift_container_config, swift_container_sync_realms_config, swift_account_config, swift_object_config, swift_object_expirer_con fig, rsync::server
Debug: /Stage[main]/Swift::Storage::Object/Swift::Storage::Generic[object]/Package[swift-object]: Resource is being skipped, unscheduling all events
Debug: Executing: '/usr/bin/systemctl is-active xinetd'
Debug: Executing: '/usr/bin/systemctl is-enabled xinetd'
Debug: Executing: '/usr/bin/systemctl unmask xinetd'
Debug: Executing: '/usr/bin/systemctl start xinetd'
Debug: Runing journalctl command to get logs for systemd start failure: journalctl -n 50 --since '5 minutes ago' -u xinetd --no-pager
Debug: Executing: 'journalctl -n 50 --since '5 minutes ago' -u xinetd --no-pager'
Error: Systemd start for xinetd failed!

The problem is that by using the rsync::server tag we end up including
the xinetd class automatically which will try to start a service inside
a container. By nooping the xinetd class, we're able avoid systemctl
calls and have a successfuly deployment. The resulting swift_rsync
container seems to work correctly:

[root@overcloud-controller-0 ~]# docker exec -it swift_rsync /bin/bash -c "ps -axuwf"
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root        10  0.0  0.0  47444  1624 pts/1    Rs+  18:16   0:00 ps -axuwf
root         1  0.0  0.0    188     4 ?        Ss   17:27   0:00 /usr/local/bin/dumb-init /bin/bash /usr/local/bin/kolla_start
root         6  0.0  0.0  11036   924 ?        Ss   17:27   0:00 /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf

[root@overcloud-controller-0 ~]# docker logs swift_rsync 2>&1|tail -n4
INFO:__main__:Deleting /etc/rsyncd.conf
INFO:__main__:Copying /var/lib/kolla/config_files/src/etc/rsyncd.conf to /etc/rsyncd.conf
INFO:__main__:Writing out command to execute
Running command: '/usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf'

Change-Id: I5e43e8fd61e002d2acc56a7de52e6aae64ab60be
Closes-Bug: #1723463
(cherry picked from commit b5eeeab73e12efecc86ea7deebc105eee0739510)

6 years agoSupport for Satellite Capsule in rhel-registration
Emilien Macchi [Tue, 12 Sep 2017 22:10:56 +0000 (16:10 -0600)]
Support for Satellite Capsule in rhel-registration

For deployments running on RHEL with Satellite 6 (or beyond) with
Capsule (Katello API enabled), the Katello API is available
on 8443 port, so the previous API ping didn't work for this case.

Capsule is now supported since we just check if katello-ca-consumer-latest
rpm is available to tell that Satellite version is 6 or beyond.

Closes-Bug: #1716777
Change-Id: If76763b367917fc15f609ad144679750602826eb
(cherry picked from commit ad3ea5bb7a2ee2cb1ae6b1d21b2f0b5a177c9fc6)

6 years agoSync deployed-server-roles-data and roles-data
Emilien Macchi [Thu, 12 Oct 2017 16:33:29 +0000 (09:33 -0700)]
Sync deployed-server-roles-data and roles-data

deployed-server-roles-data was out of sync and missing some parameters
introduced in Pike cycle:
This patch syncs the roles_data between 2 files.

Change-Id: If4a8388634fb1dcbb47beeabbd3db005abc80d4e
Closes-Bug: #1723177
(cherry picked from commit 0e6c86dc123e9f558c4d3d594ff50e85dd00171f)

6 years agoAlso match config volumes for /var/lib/config-data/puppet-generated/
Steven Hardy [Fri, 29 Sep 2017 08:55:55 +0000 (09:55 +0100)]
Also match config volumes for /var/lib/config-data/puppet-generated/

Some services only mount this directory, not /var/lib/config-data/$service
so handle this case in the docker-puppet code that maps the mounted
volumes to the services when adding the config hash to the container
environment.

Change-Id: I3bdb7609f322458584ac9597ffbfefb057b84646
Closes-Bug: #1720208
(cherry picked from commit 3a932b056914d148fa460b8890fc0e631c817a40)

6 years agoRemove Heat Cloudwatch API during upgrade and disable by default
marios [Fri, 6 Oct 2017 12:47:32 +0000 (15:47 +0300)]
Remove Heat Cloudwatch API during upgrade and disable by default

This adds a heat-api-cloudwatch-disabled.yaml and wires it up in
the resource registry. During the Ocata to Pike upgrade this service
will thus be stopped and disabled by default.

If you wish to keep the Heat Cloudwatch API then you should instead
use the provided heat-api-cloudwatch.yaml environment file.

Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6
Related-Bug: 1713531
(cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)

6 years agoMerge "Fix ConfigDebug for puppet host runs" into stable/pike
Zuul [Tue, 17 Oct 2017 14:04:05 +0000 (14:04 +0000)]
Merge "Fix ConfigDebug for puppet host runs" into stable/pike

6 years agoMerge "Fixes dynamic networks falling back to ctlplane" into stable/pike
Zuul [Mon, 16 Oct 2017 20:46:25 +0000 (20:46 +0000)]
Merge "Fixes dynamic networks falling back to ctlplane" into stable/pike

6 years agoFix ConfigDebug for puppet host runs
Michele Baldessari [Wed, 11 Oct 2017 10:47:01 +0000 (12:47 +0200)]
Fix ConfigDebug for puppet host runs

Before pike we used to be able to add -e environments/config-debug.yaml
and that would give us debug logs for puppet. With the move to ansible
running puppet we lost this feature.

Let's make sure that the old ConfigDebug variable still works with
the ansible playbook-based deploy steps. With this patch and ConfigDebug
set to true, we correctly get the puppet debug logs:

TASK [debug] *******************************************************************
ok: [localhost] => {
    "(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))": [
        "Warning: Undefined variable 'deploy_config_name'; ",
        "   (file & line not available)",
        "Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at [\"/etc/puppet/modules/ntp/manifests/init.pp\", 54]:[\"/etc/puppet/modules/tripleo/manifests/profile/base/time/ntp.pp\", 29]",
        "   (at /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:25:in `deprecation')",
        "Debug: Runtime environment: puppet_version=4.8.2, ruby_version=2.0.0, run_mode=user, default_encoding=UTF-8",
        "Debug: Loading external facts from /etc/puppet/modules/openstacklib/facts.d",
        "Debug: Loading external facts from /var/lib/puppet/facts.d",
....

Change-Id: Ia726fb8ca4a6f7bbbd7a1284d76ff42df6825d01
Closes-Bug: #1722752
(cherry picked from commit ecc6ce340aea59faaee4c2a49cd6d6fb90d8ed35)

6 years agoSwitch RabbitFDLimit to a Puppet integer
Emilien Macchi [Sat, 14 Oct 2017 21:52:48 +0000 (14:52 -0700)]
Switch RabbitFDLimit to a Puppet integer

Type changed in:
https://github.com/voxpupuli/puppet-rabbitmq/commit/20d159dc6f08357bca4b01fdbe3521e4dc56f634

We need to update it otherwise we get a Puppet error.

Change-Id: If03b7363295f1f529b7acf4a008ff63da8fef173
Closes-Bug: #1723665
(cherry picked from commit 24c756616c7a489e9bf43b6c5974e400815462ea)

6 years agoMerge "Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers" into stable...
Jenkins [Sat, 14 Oct 2017 10:12:24 +0000 (10:12 +0000)]
Merge "Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers" into stable/pike

6 years agoRemove monitor_interface from ceph-ansible parameters
Giulio Fidente [Wed, 6 Sep 2017 06:47:40 +0000 (08:47 +0200)]
Remove monitor_interface from ceph-ansible parameters

We should not pass any hardcoded value for monitor_interface and
rely on monitor_address_block only instead.

Also removes journal_collocation which is not consumed by
newer (and stable) builds of ceph-ansible.

Change-Id: Idf213a1f43a66506f76d07102f122839b5096948
Closes-Bug: #1715246
(cherry picked from commit 3e90ae3df5a7c5491672254733ceac163b34a395)

6 years agoMerge "Revert "Fixes heat resource name for Internal API Network"" into stable/pike
Jenkins [Sat, 14 Oct 2017 01:09:45 +0000 (01:09 +0000)]
Merge "Revert "Fixes heat resource name for Internal API Network"" into stable/pike

6 years agoRevert "Fixes heat resource name for Internal API Network"
Tim Rozet [Thu, 12 Oct 2017 19:21:59 +0000 (19:21 +0000)]
Revert "Fixes heat resource name for Internal API Network"

This reverts commit 520be6bb4056ead8e6fad08ad96e99f7da5b341e.

This introduced a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1501515

where during upgrade, the previous heat resource would for the
InternalApi network would have the incorrect name "Internal" and the
upgrade would try to delete the resource in order to create
"InternalApi".  This needs to be reverted and a proper fix will be
submitted that accounts for this upgrade scenario.

Related-Bug: #1718764

Change-Id: Id906fac421db317ce48d5cecfcd43397a0f4ab3d

6 years agoFix permissions for dockerized horizon
Radomir Dopieralski [Tue, 26 Sep 2017 08:19:47 +0000 (10:19 +0200)]
Fix permissions for dockerized horizon

Horizon needs write access to its log file and read permissions for all
of its configuration files.

The code that was supposed to set the permissions did it in the wrong
directory.

Closes-Bug: #1719590
Co-Authored-By: Martin Andre <m.andre@redhat.com>
Change-Id: I0c125fac38cd186f98b9bc69bcc570f669eb6de1
(cherry picked from commit 960d7ff1025a568343aa5ae5ef95386306de8cab)

6 years agoHardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers
John Fulton [Wed, 11 Oct 2017 21:10:07 +0000 (17:10 -0400)]
Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers

Change-Id: I88f622c0b7a92ab75c2523fdc0d4d9ac1a2a2560
Closes-Bug: #1722908
(cherry picked from commit 06331a830e8923a9dc2ef8c15f2f1bf9d1d58ba1)

6 years agoFix some missed hard-coded network references
Steven Hardy [Mon, 2 Oct 2017 17:09:21 +0000 (18:09 +0100)]
Fix some missed hard-coded network references

These got missed in the refactoring to support composable networks.

Change-Id: I5c97df08ae84e9c383175687428fb00143d171ff
Closes-Bug: #1720849
(cherry picked from commit ef1768e40c3a6c58a22381a4546772f571bee5cc)

6 years agoFixes dynamic networks falling back to ctlplane
Tim Rozet [Thu, 5 Oct 2017 13:59:49 +0000 (09:59 -0400)]
Fixes dynamic networks falling back to ctlplane

Currently when a network in network_data is disabled it no port
definitions for that network will be created per role.  This results in
no fallback to the ctlplane IP because overriding a type in
network-isolation to noop.yaml does nothing when the port does not exist
for the role.

This patch changes the IPs when a network is disabled to be the same IPs
as ctlplane and fixes the issue, along with removing the need to use
noop.yaml override for ports (non-vip).

Closes-Bug: 1721542

Change-Id: I301370fbf47a71291614dd60e4c64adc7b5ebb42
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 9285cb5fc99331ca63ff09df59f26b6018bc781b)

6 years agoMerge "Add IronicPxe to the default controller" into stable/pike
Jenkins [Tue, 10 Oct 2017 14:28:29 +0000 (14:28 +0000)]
Merge "Add IronicPxe to the default controller" into stable/pike

6 years agoMerge "Remove package if service stopped and disabled" into stable/pike
Jenkins [Tue, 10 Oct 2017 04:38:29 +0000 (04:38 +0000)]
Merge "Remove package if service stopped and disabled" into stable/pike

6 years agoMerge "Adds pacemaker update_tasks for Pike minor update workflow" into stable/pike
Jenkins [Tue, 10 Oct 2017 04:38:12 +0000 (04:38 +0000)]
Merge "Adds pacemaker update_tasks for Pike minor update workflow" into stable/pike

6 years agoAdd IronicPxe to the default controller
Derek Higgins [Thu, 3 Aug 2017 15:01:37 +0000 (16:01 +0100)]
Add IronicPxe to the default controller

It doesn't exist in the non containerized openstack so leave it
stubbed out by default.

Closes-Bug: #1721212

Change-Id: I5fcb1f0b9958ac90f034a12f1ee733dae6571f9c
(cherry picked from commit a850d8059fbc1c36efb18773e40bb600e5da5005)

6 years agoMerge "Make containerized galera use mysql_network everywhere" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:13:58 +0000 (01:13 +0000)]
Merge "Make containerized galera use mysql_network everywhere" into stable/pike

6 years agoMerge "Fix cold/live migration network config" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:12:03 +0000 (01:12 +0000)]
Merge "Fix cold/live migration network config" into stable/pike

6 years agoMerge "Create mysql user for non-ha deployments" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:50 +0000 (01:11 +0000)]
Merge "Create mysql user for non-ha deployments" into stable/pike

6 years agoMerge "List all unhealthy containers" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:40 +0000 (01:11 +0000)]
Merge "List all unhealthy containers" into stable/pike

6 years agoMerge "Special treatment for os-net-config upgrade." into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:32 +0000 (01:11 +0000)]
Merge "Special treatment for os-net-config upgrade." into stable/pike

6 years agoRemove package if service stopped and disabled
marios [Mon, 3 Jul 2017 16:20:30 +0000 (19:20 +0300)]
Remove package if service stopped and disabled

Adds a UpgradeRemoveUnusedPackages param to use
in the ansible when conditional for the removal

Adds package removal to step2 right after a service
is stopped and disabled on step2. Package updates
happen in step3 so ideally remove before that.

The package removal task has ignore_errors true
so dependencies or other issue removing packages will
not fail the upgrade workflow.

Also adds this to the upgrade environment files
for visibility and defaulting false

Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca
Related-Bug: 1701501
(cherry picked from commit ce0ef2fa207698c1ae61c1620fe3c5e8d1c7bfca)

6 years agoAdds pacemaker update_tasks for Pike minor update workflow
marios [Mon, 24 Jul 2017 11:01:06 +0000 (14:01 +0300)]
Adds pacemaker update_tasks for Pike minor update workflow

Adds update_tasks for the minor update workflow. These will be
collected into playbooks during an initial 'update init' heat
stack update and then invoked later by the operator as ansible
playbooks.

Current understanding/workflow:
 Step=1: stop the cluster on the updated node
 Step=2: Pull the latest image and retag the it pcmklatest
 Step=3: yum upgrade happens on the host
 Step=4: Restart the cluster on the node
 Step=5: Verification: test pacemaker services are running.

https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades

Related-Bug: 1715557
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806
(cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)

6 years agoMerge "docker: add logging(source & groups)" into stable/pike
Jenkins [Mon, 9 Oct 2017 15:32:18 +0000 (15:32 +0000)]
Merge "docker: add logging(source & groups)" into stable/pike

6 years agoSpecial treatment for os-net-config upgrade.
Sofer Athlan-Guyot [Tue, 3 Oct 2017 15:59:19 +0000 (17:59 +0200)]
Special treatment for os-net-config upgrade.

We make sure to run upgrade and run os-net-config on its own.  Running
os-net-config with the no-activate option will
 - prevent the restart of the interface
 - adjust the network files to the expected configuration so that next
 run won't restart the network.

Eventually at next reboot the change will be taken into account.
Currently we have no change that are required to be taken live during
the upgrade so it safe to ignore the new parameters.

Closes-Bug: #1721073
Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb
(cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)

6 years agoList all unhealthy containers
Martin Mágr [Tue, 3 Oct 2017 08:43:23 +0000 (10:43 +0200)]
List all unhealthy containers

Currently the default Sensu check defined in docker/services/sensu-client.yaml
reports only first unhealthy container. This patch changes the check output
to contain list of all unhealthy containers.

Change-Id: I0a934367ef22984d9091d160ec7105092edc8149
Closes-Bug: #1720972
(cherry picked from commit 9b016c9f3fbe9552497737974b9928d1dff4d299)

6 years agoCreate mysql user for non-ha deployments
Martin Mágr [Fri, 29 Sep 2017 12:07:46 +0000 (14:07 +0200)]
Create mysql user for non-ha deployments

Currently health check for mysql container reports unhealthy container
because there is no 'mysql' user created. This patch creates the user
during mysql_bootstrap without any permission, just to allow health
check to connect to DB and run 'select 1'.

Change-Id: Iab26da0d30939b219189d4e7beb2a61d456ab7c3
Closes-Bug: #1718944
(cherry picked from commit 3a9cfaa992e92423461d64f84d701336322bdd10)

6 years agoFix cold/live migration network config
Oliver Walsh [Wed, 30 Aug 2017 23:13:15 +0000 (00:13 +0100)]
Fix cold/live migration network config

Cold migration network is determined by the value of my_ip in nova.conf.
If this isn't set then the network with the default gateway will be used.

This patch sets my_ip and the whitelisted IP for cold migation over SSH to the
NovaApiNetwork.

Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control
the network used for live migration over SSH. It is determined by hostname
resolution.
This patch sets the whitelisted IP for live migration over SSH to the hostname
resolution network for the role - which is typically the same as NovaApiNetwork.
(NB The puppet manifest will remove duplicates).

Live migration over TLS is not affected. It can control the network used so it
configurable via NovaLibvirtNetwork.

Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f
Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd
(cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)

6 years agodocker: add logging(source & groups)
Juan Badia Payno [Thu, 31 Aug 2017 09:07:11 +0000 (11:07 +0200)]
docker: add logging(source & groups)

The services that docker depends on, have logging_sources and logging_groups;
but those are not set on the docker outputs so they are not used when dockers
are deployed.

Added logging_source & logging_groups as docker optional parameters in
tools/yaml-validate.py

Closes-Bug: #1718110
Change-Id: I8795eaf4bd06051e9b94aa50450dee0d8761e526
(cherry picked from commit 5dbe1121e98a794ec6a6387ff56ee34314177567)

6 years agoContainerized Fluentd client
Juan Badia Payno [Tue, 23 May 2017 07:36:15 +0000 (09:36 +0200)]
Containerized Fluentd client

Change-Id: Ia350e4899aa499cf27efffd9d2243e7e95fa1d65
Depends-On: I60796063fa9ebe0d98030fb982d22dabe2593ea0
Depends-On: I585b6877074353b5de62e5efaabfbe62432c473d
(cherry picked from commit f37fe4f903f429b43d22b485c29547f576ec7269)

6 years agoMake containerized galera use mysql_network everywhere
Damien Ciabrini [Tue, 26 Sep 2017 13:23:11 +0000 (15:23 +0200)]
Make containerized galera use mysql_network everywhere

The containerized galera service generates a galera.cnf which uses
short hostname to identify itself rather than the fqdn from the
mysql_network (e.g. overcloud-x.internalapi.cloudname).

This breaks when internal TLS is in use, because the mysql certificate
does not reference this short hostname.

Fix the appropriate hiera parameter to make it behave like the
non-containerized galera service.

Change-Id: I904cde38f2baeddab5178e8ad48d34a0c73629af
Closes-Bug: #1719599
(cherry picked from commit e10aa591dc9155a2746df01279c4ba4f2133fd17)

6 years agoMerge "Remove extra noop.yaml ports from network-isolation files." into stable/pike
Jenkins [Sat, 7 Oct 2017 06:11:18 +0000 (06:11 +0000)]
Merge "Remove extra noop.yaml ports from network-isolation files." into stable/pike

6 years agoMerge "Default Ceph pg_num and pgp_num to 128" into stable/pike
Jenkins [Sat, 7 Oct 2017 06:07:37 +0000 (06:07 +0000)]
Merge "Default Ceph pg_num and pgp_num to 128" into stable/pike

6 years agoMerge "Support for Ocata-Pike live-migration over ssh" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:38:24 +0000 (05:38 +0000)]
Merge "Support for Ocata-Pike live-migration over ssh" into stable/pike

6 years agoMerge "Fixes missing type for heat param TenantNetName" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:05:25 +0000 (05:05 +0000)]
Merge "Fixes missing type for heat param TenantNetName" into stable/pike

6 years agoMerge "Use sub_nodes_private instead of node_private" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:00:33 +0000 (05:00 +0000)]
Merge "Use sub_nodes_private instead of node_private" into stable/pike

6 years agoMerge "Update panko port in env ssl yaml files to correct one" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:44 +0000 (03:46 +0000)]
Merge "Update panko port in env ssl yaml files to correct one" into stable/pike

6 years agoMerge "Bump fs.inotify.max_user_instances for scale" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:38 +0000 (03:46 +0000)]
Merge "Bump fs.inotify.max_user_instances for scale" into stable/pike

6 years agoMerge "Drop extraconfig for nova-nuage" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:24 +0000 (03:46 +0000)]
Merge "Drop extraconfig for nova-nuage" into stable/pike

6 years agoMerge "Fixes heat resource name for Internal API Network" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:37:35 +0000 (03:37 +0000)]
Merge "Fixes heat resource name for Internal API Network" into stable/pike

6 years agoRemove extra noop.yaml ports from network-isolation files.
Dan Sneddon [Thu, 14 Sep 2017 19:26:53 +0000 (13:26 -0600)]
Remove extra noop.yaml ports from network-isolation files.

The environments/network-isolation[-v6].yaml files have an
unneeded reference to network/ports/noop.yaml for unused
networks.

This introduces a regression where environment files that
define the networks and ports on a per-role basis can
cancel out other environment files. See bug # 1717322.

The overcloud-resource-registry.j2.yaml already uses noop.yaml
for every network on every role (whether or not the networks
are enabled, or whether the particular network is supposed
to be on a role. So having noop.yaml specified for every
role in network-isolation[-v6].yaml is not needed and can
cause issues with upgrades if the environments are not
included in a specific order.

Change-Id: If06407e5235587af090ede44674bf9c7e08e340e
Closes-bug: 1717322
(cherry picked from commit 9b08df3733257ac0fbc150a4071aec051e073ef7)

6 years agoSupport for Ocata-Pike live-migration over ssh
Oliver Walsh [Wed, 6 Sep 2017 10:35:07 +0000 (11:35 +0100)]
Support for Ocata-Pike live-migration over ssh

In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.

To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.

This also changes the default port to 2022 for baremetal computes in Pike to
enable live-migration between baremetal and containerized computes.

Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1
Depends-On: I0b80b81711f683be539939e7d084365ff63546d3
Closes-Bug: 1714171
(cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)

6 years agoDefault Ceph pg_num and pgp_num to 128
Giulio Fidente [Thu, 21 Sep 2017 19:18:01 +0000 (21:18 +0200)]
Default Ceph pg_num and pgp_num to 128

As per Ceph docs [1] we should default pg_num and pgp_num to 128 when
using less than 5 OSDs.

This same change was applied to the ceph-ansible profiles with [2].

Also updates the CI environment files to continue using 32 where we
deploy a single OSD.

1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
2. Ibd9fb23e04576e95e24af58f856663397886a947

Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93
Closes-Bug: #1718756
(cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)

6 years agoUse sub_nodes_private instead of node_private
Sagi Shnaidman [Mon, 2 Oct 2017 12:33:38 +0000 (15:33 +0300)]
Use sub_nodes_private instead of node_private

node_private file doesn't exist anymore, use sub_nodes_private
instead

Change-Id: Ifb3af18733c0e1fd6895c270bb39199acaa98968

6 years agoFixes missing type for heat param TenantNetName
Tim Rozet [Mon, 2 Oct 2017 15:52:56 +0000 (11:52 -0400)]
Fixes missing type for heat param TenantNetName

Closes-Bug: 1720823

Change-Id: I239cc9f827fe99a553f9c18b80336bc6ce0b1d14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit ba5436099d37898e418406f8b4376923e14f4c89)

6 years agoMerge "Pin scenario001-multinode-containers to earlier ceph docker container" into...
Jenkins [Fri, 6 Oct 2017 14:09:17 +0000 (14:09 +0000)]
Merge "Pin scenario001-multinode-containers to earlier ceph docker container" into stable/pike

6 years agoPin scenario001-multinode-containers to earlier ceph docker container
John Fulton [Wed, 4 Oct 2017 17:31:09 +0000 (13:31 -0400)]
Pin scenario001-multinode-containers to earlier ceph docker container

Change-Id: I122a246a559e07ed74c69e3eb172a4bbb801aeb7
Closes-Bug: #1721239
(cherry picked from commit 3e8de70bd5a8c43389432d484189d4de5fc0ae2f)

6 years agoFixes heat resource name for Internal API Network
Tim Rozet [Thu, 21 Sep 2017 19:47:44 +0000 (15:47 -0400)]
Fixes heat resource name for Internal API Network

With the dynamic Jinja2 rendering for networks, the heat resource for
Internal API network was accidentally being renamed to:
OS::TripleO::Network::Internal

when it should be the same as previous versions:
OS::TripleO::Network::InternalApi

This patch removes the 'compat_name' which was overriding the network
name for rendering the resource. This patch also removes the
compat_name functionality from the network/networks.j2.yaml file
since it is no longer needed.

Closes-Bug: 1718764

Change-Id: If756cddd91933edb303cc056515d98b941a3eb14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 97244b942d29d2b5acd7a3eb07acdba0d9b99677)

6 years agoBump fs.inotify.max_user_instances for scale
Sai Sindhur Malleni [Tue, 19 Sep 2017 19:12:35 +0000 (15:12 -0400)]
Bump fs.inotify.max_user_instances for scale

Since each dnsmasq process consumes one inotify socket, the default
value of fs.inotify.max_user_instances which is 128 lets us scale to
only around a 116 neutron subnets (a few other sockets are used by other
processes on the system). Since, we need to provide better defaults,
this patch proposes to bump this value to 1024 by default, while giving
the user a way to cahnge it. Based on
https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of
memory and we have fs.inotify.max_user_watches set to 8192 by default.
This means that even in the worst case we won't be using more than 8MB
of memory. Bumping the fs.inotify.max_user_instances value to 1024 is
safe because there is fs.inotify.max_user_watches which caps the total
number of files that can be watched by all the inotify instances a user
has.

Related Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1474515
https://bugzilla.redhat.com/show_bug.cgi?id=1491505

Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad
Closes-Bug: 1718266
(cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)

6 years agoDisable role host_prep_tasks on controlplane upgrade
marios [Tue, 26 Sep 2017 12:33:13 +0000 (15:33 +0300)]
Disable role host_prep_tasks on controlplane upgrade

During the controlplane upgrade the host_prep_tasks are being
executed on the disable_upgrade_deployment roles too.

This sets the role specific host_prep_tasks to an empty list for
those roles during an upgrade, as executing them during the
controlplane upgrade (during -e
major-upgrade-composable-steps-docker.yaml) causes problems.

They will be executed as part of the non controller upgrade as they
are written to the stack outputs to be used as ansible playbooks
(see bug 1708115 for more info on this)

Change-Id: I42c963440b9b1e8222097c3d4e83ffcbe820886c
Closes-Bug: 1719604
(cherry picked from commit 684267a7a4fbff489f6324020289afbdcaaca8f5)

6 years agoMake CephConfigOverrides append to ceph.conf[global]
Giulio Fidente [Wed, 27 Sep 2017 14:39:19 +0000 (16:39 +0200)]
Make CephConfigOverrides append to ceph.conf[global]

Previously it was mistakenly replacing the contents because we
do not do deep merge.

Change-Id: I145feb0208f135da7c71694ebcecd937244d66b1
Closes-Bug: #1719919
(cherry picked from commit 17416dcfc56c5148ccc9ab40297f99adfdcd085b)

6 years agoMerge "Stop mapping docker to OS::Heat::None in scenarios" into stable/pike
Jenkins [Wed, 27 Sep 2017 20:54:34 +0000 (20:54 +0000)]
Merge "Stop mapping docker to OS::Heat::None in scenarios" into stable/pike

6 years agoMerge "Add all services to scenario004-containers" into stable/pike
Jenkins [Wed, 27 Sep 2017 20:38:23 +0000 (20:38 +0000)]
Merge "Add all services to scenario004-containers" into stable/pike

6 years agoMerge "Add a lightweight UC template/role data for deployed-servers" into stable...
Jenkins [Wed, 27 Sep 2017 18:17:28 +0000 (18:17 +0000)]
Merge "Add a lightweight UC template/role data for deployed-servers" into stable/pike

6 years agoMerge "Fix upgrades that use Management network" into stable/pike
Jenkins [Wed, 27 Sep 2017 17:42:37 +0000 (17:42 +0000)]
Merge "Fix upgrades that use Management network" into stable/pike

6 years agoStop mapping docker to OS::Heat::None in scenarios
Jiri Stransky [Wed, 27 Sep 2017 09:15:35 +0000 (11:15 +0200)]
Stop mapping docker to OS::Heat::None in scenarios

This was needed to make the upgrade job on Ocata->Pike passing, and we
now need to remove this to improve the argument order in OOOQ for
deployments with scenarios.

This shouldn't be backported to Ocata (at least not before we make the
split between deploy scenario and upgrade scenario).

Change-Id: Ie08bbe08530bd48a0ca58667f0704f360e0a4dd7
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #1714905
Related-Bug: #1712070
(cherry picked from commit 31550b42027588d82f01db6956c1efaf02d58558)

6 years agoAdd all services to scenario004-containers
Jiri Stransky [Tue, 26 Sep 2017 16:31:59 +0000 (18:31 +0200)]
Add all services to scenario004-containers

This commit brings the scenario004 file closer to its BM pendant.  We
need to start with this one to address a chicken-and-egg issue with
featureset files.

Change-Id: Ia5c0cefb7051ca42b4d470f5a000eb446d18be30
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #1714905
Related-Bug: #1712070
(cherry picked from commit b4d0a81e55ad51ecdaf2e923f794418ac77cfc57)

6 years agoFixes missing keystone authtoken pw for Tacker
Tim Rozet [Fri, 22 Sep 2017 19:10:42 +0000 (15:10 -0400)]
Fixes missing keystone authtoken pw for Tacker

Closes-Bug: 1718997

Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)

6 years agoMerge "Move neutron api services to ControllerOpenstack" into stable/pike
Jenkins [Mon, 25 Sep 2017 17:21:00 +0000 (17:21 +0000)]
Merge "Move neutron api services to ControllerOpenstack" into stable/pike

6 years agoMerge "Fix issue where 2 Redis VIPs are assigned, but only one used." into stable...
Jenkins [Mon, 25 Sep 2017 17:20:42 +0000 (17:20 +0000)]
Merge "Fix issue where 2 Redis VIPs are assigned, but only one used." into stable/pike

6 years agoMerge "Fixed resource registry path in neutron-lbaasv2.yaml" into stable/pike
Jenkins [Mon, 25 Sep 2017 17:01:22 +0000 (17:01 +0000)]
Merge "Fixed resource registry path in neutron-lbaasv2.yaml" into stable/pike

6 years agoMerge "Rename service_workflow_tasks into workflow_tasks" into stable/pike
Jenkins [Mon, 25 Sep 2017 14:44:28 +0000 (14:44 +0000)]
Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pike

6 years agoMerge "Remove deploy_steps_tasks.yaml from upgrade_steps_playbook" into stable/pike
Jenkins [Mon, 25 Sep 2017 08:48:30 +0000 (08:48 +0000)]
Merge "Remove deploy_steps_tasks.yaml from upgrade_steps_playbook" into stable/pike

6 years agoFix upgrades that use Management network
Dan Sneddon [Wed, 13 Sep 2017 23:53:36 +0000 (17:53 -0600)]
Fix upgrades that use Management network

Upgrades from older versions using Management network fail.
This patch enables the management network even though it is not
enabled in any of the role definitions. This will allow upgrades
to complete using existing network environment files, without
requiring operators to switch to the new method for defining
which networks are attached to roles. Eventually these older
environment files will be removed.

Change-Id: Iadd12a559f0ad6918958a1355f189187fd327363
Closes-bug: 1717123
(cherry picked from commit 5b9fbc2b2bfa00de2fe0f437f21e05e3fc09a53d)

6 years agoFix issue where 2 Redis VIPs are assigned, but only one used.
Dan Sneddon [Thu, 14 Sep 2017 17:20:54 +0000 (11:20 -0600)]
Fix issue where 2 Redis VIPs are assigned, but only one used.

There is an extra RedisVipPort defined in network-isolation.j2.yaml
which is unused. This will waste an IP address, and can lead to
confusion if there are multiple ports named RedisVipPort.

This patch removes the extra (unneeded) instance of the VIP.

Change-Id: I222873859af1b4ed1050cfffe55687b2f8d4c528
Closes-bug: 1717017
(cherry picked from commit f543752da6e1df3537ffa68d86806e11ac380375)

6 years agoFixed resource registry path in neutron-lbaasv2.yaml
Aneesh Puttur [Wed, 20 Sep 2017 15:13:32 +0000 (11:13 -0400)]
Fixed resource registry path in neutron-lbaasv2.yaml

Change-Id: Icb58d47a3911e83e2650b2c74b33eae522c84651
Closes-Bug: #1718451
(cherry picked from commit edc02b3352d53bdf460a495f689db55944eab432)

6 years agoMerge "Create network-isolation-no-tunneling.yaml using jinja2" into stable/pike
Jenkins [Fri, 22 Sep 2017 21:32:55 +0000 (21:32 +0000)]
Merge "Create network-isolation-no-tunneling.yaml using jinja2" into stable/pike

6 years agoMove neutron api services to ControllerOpenstack
Alex Schultz [Tue, 19 Sep 2017 21:36:43 +0000 (15:36 -0600)]
Move neutron api services to ControllerOpenstack

The Networker role should not have the api services run on it. Instead
these services should run as part of the ControllerOpenstack role that
should be used with this role.

Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9
Closes-Bug: #1718299
(cherry picked from commit 964a5d738b8dbb6beb077d76448c6f3a84be2500)