This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
Rally usually cleans up all its resources in normal executions - normal
test success cases and normal test failure cases. But the generic cleanup
does not work well for out of the system failures like process
interruptions, pod failures, disaster cleanup etc.
This is a known issue in rally-openstack. -
"Current generic mechanism is nice but it doesn't work enough well in real life.
And in cases of existing users, persistence context
and disaster cleanups it doesn't work well."
Hence, if we shall face above such issues, it is becoming impossible
to run "helm test neutron" again because of the stale data
and different quota limits mentioned in the values.yaml.
Hence we need to purge the stale data from the "test"
project as well as reset the quota limit for such scenarios.
For the normal executions, this patch has to do nothing,
but for unexpected failures, this patch will purge the stale data
from test project and reset the quota as defined in
values.yaml for the next run.
Change-Id: I3f6851582e2ac1aa1d375fcd13c07f4f57f45dc8
As agreed on the weekly meeting, its time to enable the jobs
so we dont break them with new changes
Change-Id: I567a19b81a6d780f8a461d62a5d17531f9c1be1b
Using the direct / path for the keystone probes can lead to the
probes receiving an http 300. We want to have an http 200 so there
is no warning from the probes. Use the full v3 path so the probes
are stable
Change-Id: If8b45801bb053778bd2e1691ff8556aa73cb434d
We can configure custom volumes and volumeMounts in the helm chart for ironic conductor and these are now mounted in the ironic-conductor container.
Change-Id: I717920cb0b75951175019bb991c8d948916a9db3
Signed-off-by: Radu Viorel Cosnita <radu.cosnita@gmail.com>
Story: 2006458
Task: 36380
In deployment-novncproxy.yaml, it set hostNetwork = true.
In some cases, we may want to let it use cluster network instead of
hostNetwork.
We'd better add a config item, so that client can override it to use
cluster network based on an operators preferences.
Story: 2006490
Task: 36439
Change-Id: Ia235d4e9542bd9242f9d2713ad1e67870f3016e2
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Designate is a multi-tenant DNSaaS service. It can be configured
to auto-generate records based on Nova and Neutron actions and
supports a variety of DNS servers including Bind9 and PowerDNS.
Implements: blueprint designate-chart
Change-Id: I0bb29197e5b47861eaed7815ca39e1f35acadc63
Depends-On: Iffa68d8b2c70799a2013b99d15c9fd55e858babb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Enhance the Neutron charts to support configuration parameters for
following additional configurations for deploying OVS with DPDK:-
1. Bonding support
2. Jumbo Frame support
3. Number of Rx Queue and Rx and Tx Queue sizes
Change-Id: I4ee7c8465825cf7d66d175446c4145a8a26b6381
Several sriov drivers (i.e. TaaS, Trunking) require the write permissions
to files in /sys/class/net/ and /sys/devices.
This patchset mounts the host's above mentioned sys-fs folders for the
neutron-sriov-agent container.
Change-Id: I87f51d1ad46bb272beb9401f2b428c81c3dc6f69
Extending the Neutron with configuration parameters and scripts for
deploying OVS with DPDK support enabled. The new functionality takes
care of binding NICs to DPDK and adding those to OVS bridges of type
'netdev'.
Co-Authored-By: Rihab Banday <rihab.banday@ericsson.com>
Change-Id: I9932123986a0b723d7523136940d325bcfde983d
This change removes the network policy overrides that are set in
the common memcache setup script. These override will be implemented
in a future change as part of the rest of the network policy work.
Change-Id: I8954b6d88a650a576208e33b6e6e6ef00bdbef66
In cases where mariadb is not accessable, either from being deleted
prior to deleting keystone, or some other reason, it is preferred
to fail and move on with the keystone-credential-cleanup.
This change adds hook-failed to the "hook-delete-policy" for the
keystone-credential-cleanup job. This is address cases where deleting
keystone would cause the delete task to hang while the cleanup hook
would fail to connect to mariadb, often due to mariadb being already
deleted.
Change-Id: Ice7187fe6329c8b12333f508351bd5f9e2cdc8e2
Python 3 renamed ConfigParser module to configparser.
This patch fixes compatibility with Python 3 for the
keystone-credential-cleanup job.
Change-Id: I6e34ba995d7a02f94b12162f0e5f8f326dfa8108
this job is actually trying to create a role in Keystone,
and thus needs it running to complete.
Without such dependency depending on cluster performance it may fail
by exhausting retry attempts.
Also depend on this bootstrap job in all Heat services so that they
are actually able to work and create arbitrary stacks once finished deploying.
Change-Id: I94ce96591b1f02d64d15c38686e9bc8bae31ddbb
This adds the rabbitmq statefulset name override to the values
for each openstack service chart in the Armada manifest, as this
is required to support communicating with the rabbitmq backends
directly
Change-Id: I4a2fabf491c6607bec80f37a8d1236c55ec8430a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
