This change updates the default libvirt image value and removes
several unused values overrides for the libvirt chart.
Change-Id: I0a0b81de017f33c2cabf5311f5288c8f46191d8b
This adds taint toleration support for openstack jobs
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I8e1a719235b364907491df25ce7e32133163ecf9
With "hostPid: true" we want the entrypoint process to be libvirtd not a wrapper so that process lifecycle management works as expected.
The fix for now is
* start libvirtd
* create secrets (libvirtd needs to be running for this)
* kill it
then start it again using exec so libvirtd is the entrypoint pid
and container lifecycle should work as expected.
Change-Id: I9ef8a66da0fba70e8db4be3301833263de0617e8
This change updates the helm-toolkit path in each chart as part
of the move to helm v3. This is due to a lack of helm serve.
Change-Id: I011e282616bf0b5a5c72c1db185c70d8c721695e
This PS enables overriding liveness/readiness probes configurations
for libvirt pods via values.yaml. In addition, updating the values
for some of the fields of the probes as the default values seem to
be too aggresive.
Change-Id: I64033a1d67461851d8f2d86905ef7068c2ec43b6
Co-authored-by: Huy Tran <ht095u@att.com>
Change-Id: Ib10379829e2989d3de385ad6d1944565b2f9953f
This will ease mirroring capabilities for the docker official images.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
We are gonna use libvirt unix socket in nova.
We are trying to realize live migration in libvirt while guarantee
secure. To realize this, replaced 127.0.0.1 with 0.0.0.0 for listen
address and plus enabled tls instead bare tcp.
And in the nova, used libvirt unix socket to connect instead of tcp
127.0.0.1 connection.
fyi, https://review.opendev.org/752108/
and https://review.opendev.org/752125/
Change-Id: Idb7d3a0d90be84d96b541c41fb90abdd33b7de94
Example values_overrides file is added to indicate how to
override the Libvirt manifest for configure an additional
externally managed Ceph Cinder backend.
Change-Id: I8e7a294059a2d98fb7854a281a29dcff80530d2b
Motivation: libvirt 127.0.0.1 listen is terrible for live migration.
To resolve that, we can use 0.0.0.0 but it is not secure so tried
to realize SSL.
Once create secrets for cacert, client&server cert and keys then it will
mounted on libvirt daemonset.
It means all instances use the same key and cert. This is not ideal
but can be considered as the first stage.
Change-Id: Ic3407e484039afaf98495e0f6028254c4c2a0a78
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This patchset adds a libvirt secret for the Cinder uuid of external
ceph backend when Cinder externally managed ceph backend is
enabled.
Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Change-Id: I51b36c1972ff3ee8d4366bf2d5027e433721d740
this means the chart works 'as-is' (with the rest of the currently
released components) in most cases without the explicit need for an
image override.
Change-Id: Id11079b5ce3a8d1010e604300f457e4060aee582
This is to update two of init containers to use ceph confighelper image as
they are executing ceph based scripts and the image also will have latest
clients installed for ceph activities.
Change-Id: Ie4fbd8af2645d5bc5b7e4f0fd22874987a0f55f6
The work of enable dpdk in starlingx needs to achieve the overrides
of parameters such as images, tags, labels, and pods. This function
is being implemented through the support of ovs per-host overrides.
In order to transfer the parameters such as images after overrides
to the daemonset file to achieve the corresponding functions, the
functions of overrides need to be upgraded. Move the $daemonset_yaml
parameter in the daemonset file to the overrides file, so that
daemonset file uses parameters after overrides.This patch and
https://review.opendev.org/#/c/707775/ depend on each other.
Change-Id: I210e54b28e32ba1b8e281659fee8e6eda38d79d0
Story: 2007291
Task: 38754
Depends-on: https://review.opendev.org/#/c/708894/
Signed-off-by: songgongjun <gongjun.song@intel.com>
This patch set adds in needed override to support OpenStack Train
release by moving the libvirt version to > 3.0.0.
Change-Id: I36097544024df5c6dfc87a032bd8383be98f1a3a
Signed-off-by: Tin Lam <tin@irrational.io>
This updates charts that consume images built from osh-images to
use tags other than the :latest tags. This will be followed up
with the definition of jobs to allow for vetting out of updated
images, as reliance on :latest tags assumes any change merged into
osh-images will result in functionally correct behavior (which has
shown to not be the case traditionally)
Change-Id: I181aa56ed187604dc7583d8081e53cc69eb27310
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
In the startup script of libvirtd, existing libvirt process,
if any, is killed before new process is created.
Change-Id: If0276353e38896962697a3f451d25d4930745c53
This change adds network policy overrides for multiple infra
services for the openstack-helm network policy gate.
Change-Id: If051ec1749cb9ed1e289f0cf82a8876371e36531
This change adds egress rules to the following charts:
- ingress
- memcache
- libvirt
- rabbitmq
These rules will be tightend down in future changes
Change-Id: I6f297d50ca4c06234c7c79986a12cccf3beb5efb
This PS adds a libvirt image based on Ubuntu Bionic for
use with the stein release of nova.
Change-Id: I8a0c524feadd79bc0632b3c4cff2f692b10633de
Signed-off-by: Pete Birley <pete@port.direct>
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use (and completely opaque to deployers), and updating the
osh-images process or patching its code has no impact on OSH.
This should fix it.
Change-Id: Ic00bd98c151669dc2485cd88e0e8c2ab05445959
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.
Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds support for per-node overrides to the libvirt chart.
For example, to enable a relaxed ACS check on one host, but not another,
one may have the following in the override values file:
conf:
overrides:
libvirt_libvirt:
hosts:
- name: host1.fqdn
conf:
qemu:
relaxed_acs_check: 1
- name: host2.fqdn
conf:
qemu:
relaxed_acs_check: 0
Story: 2005283
Task: 30140
Change-Id: Ia3431db6b78692ec0140cce1bab9bae5937318a4
Signed-off-by: Steven Webster <steven.webster@windriver.com>
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
