Armada is a tool for managing multiple helm charts with dependencies by
centralizing all configurations in a single Armada yaml. This yaml is
used for a full OpenStack deployment.
Co-Authored-By: Alexis Rivera <gardlt@tetrasol.org>
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I70b41f038c2819aeaa4b2c7bb617b7b2c38441d1
Use ClusterFirstWithHostNet DNS policy so osd pods can resolve mon address
through host network
Change-Id: I7aaeee1fc26cc1812c210bfe2c0f5b131c4cbd81
Closes-Bug: #1709439
This PS removes the licence header from rendered output from tiller,
significantly reducing the configmap size of charts deployed to the
cluster.
Change-Id: I5d1b246f2068f3b83bf59ba79fe8b88bbc9a6161
This PS allows the rendering of manifests to be controlled. It enables
both increased control over deployment when required but also makes
development of a feature easier to target.
Change-Id: I1716e8ee23fe5c53f935bd739ea283bc4a2a9963
This PS should make the multinode gate more reliable for ceph.
It's not perfect in that is uses the default route IPs in zuul, which
has a performance hit. The bash is also ugly as sin - but it gets us
moving again until somone has time to implement a more eligant solution
that works both in infra supplied nodes and other CI systems.
Change-Id: Ie1326f048c43d04a945ca155bde8824d17ddcbec
This PS adds labels to all jobs in OpenStack-Helm, allowing them to be
found by label searches. This makes management of large clusters using
tools like Armada easier.
Change-Id: I49b2cb7a94fab96958f187ca11e2c2a0c80ff843
While trying to regenerate the .conf files, the gen-oslo-openstack-helm
tool spits back an error because of the removal of log translations in
OpenStack [0]. This patch set replaces the removed _LW() with the default
_() so the tool does not error out unexpectedly.
[0] d5e3652d12
Change-Id: I665775ae075b6ce0d1aa74ca5732e9e6566ff174
ceph clean job tries to delete a secret. but if there's no the secret,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I863e43f576408fdcd24997bde9b658c50b0057c1
Closes-bug: 1708597
glance clean job tries to delete a image. but if there's no the image,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I3b9c3057b9da8780ca27f1cb18dcd5541f3bcabc
Closes-bug: 1708581
This PS fises a rendering erros in the joinListWithComma function
when used with values from the helm --set cli command.
From Kolla-Kubernetes: https://review.openstack.org/#/c/488513/
All Credit to: Serguei Bezverkhi
Change-Id: I013a37f5e6dec43232c6ee300be8f918f9ef554a
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
Glance bootstrap job fails due to missing 'paste_deploy' values.
This PS solves the issue by adding the values to glance chart.
Change-Id: I850863fe29c25aab9cf57eee62098e2b5d23a7f8
Closes-Bug: 1705421
Currently Ceph namespace job cleaner uses a fixed name. This leads to
helm delete fails to clean up Ceph package. This fix randomizes the job
name to avoid name conflicts.
DocImpact
Closes-Bug: #1707670
Change-Id: I7ac7b7482b945a9a836f6f69df0ef8cebc37bafb
This PS fix openstack endpoint show option at _ks-endpoint.sh
as job-ks-endpoint fails when endpoint needs updated.
Change-Id: I8aa05f3d40e7825410eace3ad7b44d36e3bb6434
This PS adds loopback device support to the gate scripts.
Rather than using simple loopback devices we use iscsi to
allow is to target the created devices via the bus they are
connected to. An arbitary number of devices of a desired size
can be created, and controlled via env vars.
Change-Id: I05fb7f3a1564bc36903aed2c46ed996bb8cc57c8
This PS updates the nova boostrap job, both bringing it inline with
other services and also adding the default flavours from Mitaka.
By setting the m1.tiny size to match the upstream it is expected
that the majority of gate failures will be solved - as many of the
VMs in nodepool do not have 20GB of free space on the rootfs.
Change-Id: I767795015422a1b326a6f34b5a3f50bf41a0ca4b
This PS updates the MariaDB start script remove templated values
from being directly inserted into the script. It also moves the
root connection params to a secret to prevent the root password
being exposed in logs.
Change-Id: I10977ef267877a5913bf265280ff5439c7bf268c
Fixes the reference to mariadb replicas used when adding pods to
the mariadb cluster. This was causing nodes to not be added to
the cluster properly
Change-Id: I9df586c8939e241ea58d933652c767542fd364ff
This PS allows an operator to change the service account password
though the values fed into a chart.
Change-Id: If3a859f0db84237c71303ef329573c7d6aafdae7
