This is to fix the sync between ceph osds when they are using shared
disk for metadata as they are having conflict while preparing the metadata disk.
we are adding a lock when first osd preparing the sahred metadata disk so that
other osd will wait for the lock, also adding udev settle in few places to get
latest tags on lvm devices.
Change-Id: I018bd12a3f02cf8cd3486b9c97e14b138b5dac76
Adds ubuntu-bionic-expanded nodeset based on ubuntu-bionic-expanded-vexxhost
that is 16c/~32GB
Switches long running support job to new nodeset to reduce build time.
Change-Id: Iec27c00bf54efa7d686b3176998fc8ad6c9f287e
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
To safeguard postgres from clogging up wal files
in pg_xlog directory, This change does the following:
1) adding postgres archiving to move the WAL file to different directory
2) Makes sure that archive is in different Persistent volume.
Change-Id: I59bc76f27384d4f3836ef609855afcc33a7b99d0
Example values_overrides file is added to indicate how to
override the Libvirt manifest for configure an additional
externally managed Ceph Cinder backend.
Change-Id: I8e7a294059a2d98fb7854a281a29dcff80530d2b
This reverts commit fb7fc87d23.
I first submitted that as a way to add dynamic capability to the
prometheus rules (they infamously don't support ENV variable
substitution there). However this be done easily with another solution,
and would clean up the prometheus chart values significantly.
Change-Id: Ibec512d92490798ae5522468b915b49e7746806a
This addresses an issue that can prevent some OSDs from being able
to restart properly after they have been deployed. Some OSDs try to
prepare their disks again on restart and end up crash looping. This
change fixes that.
Change-Id: I9edc1326c3544d9f3e8b6e3ff83529930a28dfc6
Alertmanager is configured similarly to Prometheus. This change
brings the utils.command_line_flags template from the osh-infra
prometheus chart to Alertmanager, allowing these flags to be
configured in Values.yaml
Change-Id: Ieca94c09881bc52b62500efa4c6f8730b9208d3b
The existing metacontroller chart conditionally only renders the CRDs if
the metacontroller does not exist.
This creates an oscillatory effect every time the chart is upgraded - if
CRDs are present, then they will be removed, and if they are absent,
they will be installed.
This change removes the metacontroller.k8s.io/v1alpha1 capabilities
check, and relies on the values.yaml option 'manifests.crds' only to
decide whether or not to render the CRDs. In an upgrade, tiller should
do the right thing based on whether the CRDs need updating.
Change-Id: I683c9e5695b7fcdddc8b6ef8622cddb96797111c
Enabling ability to automate testing and auto promotion.
Unpinning ovs, mariadb and node-problem-detector images.
Change-Id: I6256452d575d23f84f4fd5c728437b0e4e9423f3
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
When multiple users are granted access to a database, the
MariaDB backup script failed to retrieve the grants for that
database, which caused the backup job to fail. This patchset
updates the script.
Change-Id: I9076b2e7363ae0ec216d4e822f385fa949df8f54
The existing search for logical volumes to determine if an OSD data
is already being used is incomplete and can yield false positives in
some cases. This change makes the search more correct and specific in
order to avoid those.
Change-Id: Ic2d06f7539567f0948efef563c1942b71e0293ff
This enables ability to continuously update and test an image with
osh-infra gate and periodic pipeline.
Change-Id: I34ad5f8033038216129955b049d3ed09dfc0c140
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This PS fixes the CRD spec validation errors seen in k8s 1.18.6,
the errors were not seen in the previous k8s version.
Change-Id: Iec1381eca2a21268d40827dbce105899b8d129b3
This commit ensures the below mariadb settings with reference to [0]:
- 'local_infile' Is Disabled
- 'have_symlink' Is Disabled
- 'secure_file_priv' Is Not Empty
- 'sql_mode' Contains 'STRICT_ALL_TABLES'
[0] https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/general-security-issues.html
Change-Id: I701b9bc2bdfb91d67aef91e88f953a09ac72d8be
This PS fixes a problem with the main backup script in the helm-toolkit,
which tries to create a swift container using the SWIFT_URL. The problem
is that the SWIFT_URL is malformed because the call to openstack get
catalog list has a different format in Train than it did in Stein. So a
solution that works for both Train and Stein is needed. This patch will
use openstack catalog show instead and will extract the public URL from
that output.
Change-Id: Ic326b0b4717951525e6b17ab015577f28e1d321a
Switch from using images from defined in docker_images to provided as
zuul artifacts. Currently to be used in conjunction with [0] in
openstack-helm-images pipelines.
[0] https://review.opendev.org/741551
Change-Id: I43dbd38906e8854c87a361f2e5e479f57850252f
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Motivation: libvirt 127.0.0.1 listen is terrible for live migration.
To resolve that, we can use 0.0.0.0 but it is not secure so tried
to realize SSL.
Once create secrets for cacert, client&server cert and keys then it will
mounted on libvirt daemonset.
It means all instances use the same key and cert. This is not ideal
but can be considered as the first stage.
Change-Id: Ic3407e484039afaf98495e0f6028254c4c2a0a78
The existing helm-toolkit function "helm-toolkit.manifests.ingress"
will create namespace-fqdn and cluster-fqdn Ingress objects when the
host_fqdn_override parameter is used, but only for a single hostname.
This change allows additional FQDNs to be associated with the same
Ingress, including the names defined in the list:
endpoints.$service.host_fqdn_override.$endpoint.tls.dnsNames
For example:
endpoints:
grafana:
host_fqdn_override:
public:
host: grafana.openstackhelm.example
tls:
dnsNames:
- grafana-alt.openstackhelm.example
Will produce the following:
spec:
tls:
- secretName: grafana-tls-public
hosts:
- grafana.openstackhelm.example
- grafana-alt.openstackhelm.example
rules:
- host: grafana.openstackhelm.example
http:
# ...
- host: grafana-alt.openstackhelm.example
http:
# ...
Change-Id: I9b068f10d25923bf61220112da98d6fbfdf7ef8a
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
The default value of the kubernetes keystone authorization webhook is
grossly outdated (v0.2). This patch set brings the default up to the
latest of this patch set (v1.19).
Change-Id: Idbf8d027ad6d5f4fb8bdedaf3047c06c66eef27d
Signed-off-by: Tin Lam <tin@irrational.io>
The task was missed which was causing the post pipeline to fail, this
patch should fix it by adding the missing task.
Change-Id: I13955b1c9ac3899325f7397da6bf5379b3991241
This corrects an issue in the create_pool function with checking
if the pg autoscaler should be enabled.
Change-Id: Id9be162fd59cc452477f5cc5c5698de7ae5bb141
This patchset adds a libvirt secret for the Cinder uuid of external
ceph backend when Cinder externally managed ceph backend is
enabled.
Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
At the moment, we are using --all which means run the linting on all of
the charts. However, the problem with using --all is that it disables
version checking which means we can't enforce version changes on Helm
charts.
This patch drops it which means the chart-testing logic will go over the
changed files and make sure that it lints those charts which have
undergone changes.
Because we use a mdoel of 1 commit per merge within Gerrit, this should
still give us the exact coverage that we need without potentially
missing any linting changes.
Change-Id: I64c7896b25c1f3daaa4f61723de8a6c722aaf3a6
