Use a utility container for ipcalc on all platforms; this avoids
having to find the package on platforms where it's not easily
available and we avoid argument differences.
Change-Id: I6c6e719f8eeb8d4214ebb0111e9d8f8b659db396
With the recent changes to the AIO guide[0] the link in the readme
now sends to a non-existing page. This change updates the link and
removes an extra comma in the link text.
[0] https://review.openstack.org/534408
Change-Id: I0269842c60ba0a1466306aaabc61fb6619471b01
Closes-Bug: #1744793
This PS simply fixes a few typos in an all-in-one code block
example dedicated to setting up the gateway. It also adds
additional information about how to set up auth information
to use the python-openstackclient.
Change-Id: Ie9cc63d3d435c474c3cbda90964f2eababa81139
As with the rbd_provisioner deployment, cephfs_provisioner should
only be deployed to the ceph namespace. This change just disables
that deployment in the openstack namespace.
Change-Id: Idfec8fbdd9408bd292d8770a3690b1b77de2b22d
Add some clarifications to the AIO dev guide, based on real-world
points of confusion that have arisen:
- Do I *have* to use Ubuntu 16.04?
- What docker should I use?
- Should I run the scripts as root?
Change-Id: I8affdde16b63cc078aa496bf168154c93c39b3bf
This PS removes references to out of date versions in the
multinode install guide and also RBAC rules, which was causing
confusion with new developers.
Change-Id: I89ae35896367c17e0d43c1d5b7a9183109aa61df
This PS adds a warning for the CIDRs consumed by Calico and K8s.
It should be replaced by better documentation and/or a sanity
checking chart/script when possible.
Change-Id: Ib87b773b7c19ed65330a54546c4613c16aa9ab75
init osd: Ceph luminous release init osd differently. This fix detects
ceph releases and use the right process to init osd directory
mgr: Set mgr daemonset that is in Luminous
Change-Id: I99a102f24c4a8ba18a0bba873e9f752368bea594
Signed-off-by: Huamin Chen <hchen@redhat.com>
Depends-On: I17359df62a720cbd0b3ff79b1d642f99b3e81b3f
This PS updates the developer documentation to make use
of the openstack-helm-infra repo and new developer
environment.
Implements: blueprint developer-environment
Change-Id: I45b627f78b9504dc0abfbe7d0061ea3475ee4748
This patch set is part of the documentation update. This patch set
removes hard application version numbers from documents to avoid
needing frequent update to keep the documents accurate and up-to-date.
Change-Id: I81160ca24453e8eeed974a0d1d9e1470e28ffd6d
Libvirt uses ceph to back pvcs by default. To minimalize the
requirements for a development all in one installation, include
flags for disabling ceph for libvirt
Change-Id: I3aba5deb9a972111bf5dde8b8f97a4ac40cd842b
According to "code conventions" [1], do not use "-y" option.
Instead, use apt-get install package, yum install package,
or zypper install package.
[1] https://docs.openstack.org/doc-contrib-guide/writing-style/
code-conventions.html
Change-Id: I002607baadb90c8b0da4332a9eb7ca8e6f598f9f
A few doc edits so that they're in sync with the OSH
mission statement, helm-toolkit conventions,
and project doc location.
Change-Id: I33ccc39cd84fab3b537ad93970c21cf9065044e9
One line in the glance installation command in the
multinode docs is missing the \ character at the end
Change-Id: Ice0ca01c9a00499e8ddc4da28add15bb102dd819
Update Kubernetes AIO install guide fixing nova
install examples. Also add language around
pulling the AIO container versus building.
Change-Id: Ib9d1c21f1a75e00b5f0ddaafd73e1741193b8717
Added an example resolv.conf file to the multinode doc, along
with descriptions and instuctions for persistence across reboots.
Change-Id: If1eb71ff1862f2662f297ccac8b75fedd46cf89c
Implemented Kubernetes jobs to drop a database for an OpenStack service
on deletion of Helm chart. This job is configurable to be enabled or
disabled in the values.yaml file for each chart.
Change-Id: Ia1a0834cb43c7e883aaf507a7c7683fa1cf4e838
This PS enables the following backends for glance:
* PVC
* RBD
* RadosGW (direct)
* Swift
It also moves the creation of the RBD pool when required to a storage
init job. This job also creates credentials as required for glance to
use when accessing the required backend, rather than using the admin
keyring.
Change-Id: I90fead961ff73a9263826acc794128fa73ead2e1
This PS implements the ceph radosgw and also provides keystone
intergration, allowing ceph to provide a swift like service if
desired for object storage.
In addtion it updates the endpoint lookups to use valid yaml when
dealing with keystone services with a '-' in their name.
Change-Id: I9162ad657df2f77c1bc1afa93a8b999894b1b470
Creation of one source of truth for kubeadm-aio docs. The kubeadm-aio
README now links to developer all-in-one document.
Change-Id: I9e405036e50cfd5336e0e6ce901d5e5d6850fae4
Closes-Bug: #1711727
This PS moves OpenVSwitch into its own chart - decoupling it from neutron,
both making it easier to deploy and use seperately and permitting
use of other network backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: Ifd637136b950ddf1ba1c26ce76c9bbdeafc232c3
This PS moves libvirt into its own chart - decoupling it from nova,
both making it easier to deploy and use seperately and permitting
use of other compute backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: I06237157244c3cdb5503eafa01229d061b1614f0
This patch set removes the "local/CHART" references in the documentation
and replaces it with a reference to a local path. This was already
updated in gate script.
Change-Id: I1753cb500cbe448a43ede85168d71596de4e08b8
Closes-Bug: #1711733
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
This enhances the stability and recovery of ceph by leveraging
hostNetworking for monitors as well as OSDs, and enables the
K8S_HOST_NETWORK variable within ceph-docker. This enhancement should
allow recovery of monitors from a complete downed cluster.
Additionally, ceph's generic "ceph-storage" node label has been
split out for mon, mds, and osd.
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I27efe5c41d04ab044dccb5f38db897cb041d4723
This PS move s the replicas key to be under the pod key in the values.
It brings further consolation of related configuration params to be
nested under common keys across all charts.
Change-Id: I420b06debd0a62ba5d83497be43ff6c49c49d339
