When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382
Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.
Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I10b12db8019beb42005764430711694a61c8d17b
In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.
Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I3ba6fcf0cc6ff97a306866f2d2b408635519ff02
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.
Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch adds ability to unhardcode readiness/
liveness probes timings. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest timeout and number of
retries
Change-Id: I2498a14e97557feafbd45c8df3c683f8500026e6
In this patchset, the iSCSI protocol support is added
to enable Cinder to use iSCSI based storage backends.
Bootable volumes are not supported, only VM attached
volumes are supported for this initial patchset.
Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0
This reverts commit 1c85fdc390.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
This patch set adds in a script that cleans up orphaned or
lingering rally helm test pods.
Depends-On: https://review.opendev.org/#/c/683759/
Change-Id: I94fc8d067b421248cf74fe40b2e8520f63d4417c
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in a capability for the user to defaultly use a
FQDN for the nova compute hostname and the hypervisor hostname when
the host is not explicitly specified in the .Values.conf override.
Change-Id: I3243068dfe91ebb97b3885002296a0f454822ec5
Co-authored-by: Drew Walters <andrew.walters@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This patchset adds the capability to the Nova chart to be able to wait
for a percentage of the compute nodes/hypervisors to become ready/available
before continuing on with the deployment. It will be disabled by default,
because this is a feature that may or may not be needed in production
deployments.
Change-Id: I971151a663afc87e7d62efa4ab3723c5472a3736
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the ceph-config-helper image for the ubuntu distro
based jobs to use an image that includes kubernetes 1.16.2
Change-Id: If063db5e6f0abfab10cd0195b3633c41d8ed560f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
In deployment-novncproxy.yaml, it set hostNetwork = true.
In some cases, we may want to let it use cluster network instead of
hostNetwork.
We'd better add a config item, so that client can override it to use
cluster network based on an operators preferences.
Story: 2006490
Task: 36439
Change-Id: Ia235d4e9542bd9242f9d2713ad1e67870f3016e2
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
Add capability for nova to send service token. Default to disabled.
Config setup is similar to keystone_authtoken.
Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
This PS provides a method to redact sectionf from the nova compute
configuration file. By default this is configured to redact the
db connection strings, and sections.
Change-Id: Ifb50b932155c166634bb8a88363f6c02fbde8389
Signed-off-by: Pete Birley <pete@port.direct>
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
This patch updates processes and threads accordingly for:
aodh
panko
nova
Related issue was fixed in different deployment tools like puppet
https://bugs.launchpad.net/puppet-keystone/+bug/1602530
Change-Id: Ia8eb4a1f3ed826e206edb94c680f40bcec44e9d7
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.
Depends-On: I5150a64bd29fa062e30496c1f2127de138322863
Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the nova metadata deps to permit operation without
and ingress controller and prevent a circular dep chain.
Change-Id: I265d488e8024967685c5587d7a7cd24281011f3b
Signed-off-by: Pete Birley <pete@port.direct>
Currently each service uses the same name for their helm test user,
"test". While this works when services are ran sequentially, when
multiple services are deployed and tested at the same time, it can
lead to a race condition where one service deletes the user before
the other is done testing, causing a failure.
This change makes it so that each service defines its own test user
in the form of [service]-test.
Change-Id: Idd7ad3bef78a039f23fb0dd79391e3588e94b73c
This patch make the db sync job template follows the same pattern
that other templates utilize the variables to make in a predictable
pattern.
Change-Id: Idbedd046c6b4fd001cf63004ffac792173a5778b
Story: 2005754
Task: 33457
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use, and updating the osh-images process or patching its
code has no impact on OSH.
This should fix it.
Change-Id: I672b8755bf9e182b15eff067479b662529a13477
With this patch we allow for a more easy way of overriding some of
the values that may be used in other distros while maintainting the
default values if those values are not overriden
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir
binary:
extra_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files for apache vhosts
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* extra_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set
to what they used to be
Change-Id: I4fcfde78c5c8fa65956aeae55108ffa1f10e6972
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the nova-api services.
This provides the ability to audit API requests for nova.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: Ic6df044d83f4dee581c9cc0405f61d926e45bcab
