This patch set addresses a failure in the compute-kit network
policy failing as some application:nova to application:nova
pods communication is blocked.
Change-Id: I29cc044e0d4f10198c23c7c3e132ab0093f91e21
Signed-off-by: Tin Lam <tin@irrational.io>
When the default release was switched from ocata to stein, some of the
policies were duplicated. This moves the ocata overrides back to where
they belong, and adds overrides for pike, queens, and rocky.
Change-Id: I342d69e721b2692987951055e41ed5e153a91d6c
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates the gateway setup script to support deployments where
multiple default routes may be present, eg when connecting to a vpn.
Change-Id: I5fe86e9471ecb6a9c80e1e4f942822cac00da669
Signed-off-by: Pete Birley <pete@port.direct>
This patch set adds in a capability for the user to defaultly use a
FQDN for the nova compute hostname and the hypervisor hostname when
the host is not explicitly specified in the .Values.conf override.
Change-Id: I3243068dfe91ebb97b3885002296a0f454822ec5
Co-authored-by: Drew Walters <andrew.walters@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
Because it's almost time for expiring on some python version, OpenStack client
running on that version generates some messages for warning. Two scripts on
nova Fixed by this PS get version information using the OpenStack client
without any protection for this kinds of messages. This PS gives a little
more sophisticated way of it.
Change-Id: I2896c76e012b9acbf1e725276ba9c0b74789fa54
This patch set specifies the barbican egress in the override to be
inline with other services.
Change-Id: Ie4997a5bb476a21253e98e4c69a77e58b8498f4f
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This disables the keystone-auth single node job and all multinode
periodic and experimental jobs while standing issues with the
kubeadm-aio image deployment are sorted out
Change-Id: I4e1de001ddf17b3c035ca174b7ef8acec8f2bf2c
Signed-off-by: Steve Wilkerson <sw5822@att.com>
- Change all tests to support Nautilus,Mimic and Luminous releases
- Update ceph-config-helper image
Change-Id: I557b1efa12529d0ee51d4c5b9d4beb4abf1b0574
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patchset adds the capability to the Nova chart to be able to wait
for a percentage of the compute nodes/hypervisors to become ready/available
before continuing on with the deployment. It will be disabled by default,
because this is a feature that may or may not be needed in production
deployments.
Change-Id: I971151a663afc87e7d62efa4ab3723c5472a3736
This ps update neutron ovs agent to support properly:
- setting mtu on dpdk bond and nic interface port
- setting vhost-iommu-support on dpdk bond and nic interface port
- setting n_txq values on dpdk bond and nic interface port
Change-Id: I422fa21a622642ecb7c49914fef04073e4f984bc
This change adds in information about overriding the dns entries
that can end up overwriting the existing ones in resolv.conf
and resulting in a lack of network connectivity when deploying
AIO behind a proxy.
Change-Id: I9faab36a114e28fe8f4c312e7cd64a582333033b
This PS fixes the developer script for generating certs for use with
octavia.
Change-Id: I2dae5bc32dbbaa9055884a568cebeb27fe13ac74
Signed-off-by: Pete Birley <pete@port.direct>
This change removes the netpol values from the keystone/ldap script,
those are now part of the appropriate chart and can be deployed as such.
This also fixes the path to the ldap domain config override that was
pointing to a file that no longer exists.
Change-Id: Id01af23c5308edabf635ccd321721ff104fd58e3
This PS udpates the nova compute start script to account for cases where
there may be multiple default routes to the outside world.
Change-Id: Ibd051c2577a0ab67aa2a5284fc9ccab799c28953
Signed-off-by: Pete Birley <pete@port.direct>
Implement container security context for the following Nova resources:
- Neutron metadata_agent
- Neutron ovs_agent
Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
Add ubuntu bionic barbican images for Stein.
Also policy rules changes due to https://review.opendev.org/#/c/609606
Change-Id: I36957c859bf065541ac4ce07e03c01fc020ff4af
As network policy jobs in zuul are moved to be run by the feature gate,
usage of them in old scripts should be taken out to avoid confusion and
potential problem where netpol cause unexpected connection failure. This
patch set removes the remanant of these netpol's.
Change-Id: I1ce86d27ca4f708b17d848d742ba840156d4ef6c
Signed-off-by: Tin Lam <tin@irrational.io>
As all feature specific value overrides are moved into the component's
values_overrides folder to be used by zuul's feature gate, the old
overrides should be removed to reduce confusion as they are unused.
Change-Id: Ieaf35a8147061da356fdfa46c73673457af1f3d1
Signed-off-by: Tin Lam <tin@irrational.io>
Move Barbican Network Policies into a dedicated
override. Configure magnum to have the access to
Barbican.
Change-Id: Iad0f69666a28fabedd49b266c8a9de1ec3410dd6
