While trying to regenerate the .conf files, the gen-oslo-openstack-helm
tool spits back an error because of the removal of log translations in
OpenStack [0]. This patch set replaces the removed _LW() with the default
_() so the tool does not error out unexpectedly.
[0] d5e3652d12
Change-Id: I665775ae075b6ce0d1aa74ca5732e9e6566ff174
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
This PS adds loopback device support to the gate scripts.
Rather than using simple loopback devices we use iscsi to
allow is to target the created devices via the bus they are
connected to. An arbitary number of devices of a desired size
can be created, and controlled via env vars.
Change-Id: I05fb7f3a1564bc36903aed2c46ed996bb8cc57c8
Ceph's health when running in the single node gate currently
is 'HEALTH_WARN'. This PS adds an extra config option such that
the ceph cluster will not attempt to perform replication when deployed
on a single node, as well as introduces a mvp yaml file for ceph
deployments in the gate.
Change-Id: Ib2ec3345140f541c94da044ff9d77723ea3ee2bd
This enhances the stability and recovery of ceph by leveraging
hostNetworking for monitors as well as OSDs, and enables the
K8S_HOST_NETWORK variable within ceph-docker. This enhancement should
allow recovery of monitors from a complete downed cluster.
Additionally, ceph's generic "ceph-storage" node label has been
split out for mon, mds, and osd.
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I27efe5c41d04ab044dccb5f38db897cb041d4723
This PS adds a chart to setup the resolv.conf on hosts running
openstack-helm. The purpose of this is to reduce friction when
performing basic deployments of OS-H.
Change-Id: I6c6348afb01869cff9a90328ede795d92a91fb12
This patch set addresses an issue where the ``arp`` command cannot
be found by a non-root user due to path.
Change-Id: Ibfca30f38d72c5be0b98d92bd03ec40160196160
Signed-off-by: Tin Lam <tin@irrational.io>
This PS changes the basic_launch .sh script to use the local chart
dirs to launch services - making it much easier to rapidly develop
charts locally.
Change-Id: Ib62cb8373708457b892e75cd916942620ca24fb6
gen-oslo-openstack-helm generated configuration file templates in
incorrect form, causing setting mulitple values in Values.yaml to
produce something like:
foo=barfoo=baz
This commit fixes this in the generator and updates config file
templates to generate configs correctly:
foo=bar
foo=baz
Change-Id: Iea661dcf1710987b2e111d7141ba888f01c44a50
Closes-Bug: 1699581
This PS adds soft anti-affinity to all pods in OS-H. By doing so
resiliancy is improved by attempting to ensure that pods are created
on seperate nodes.
Change-Id: I0c1092498f7a1e44218ef785ca3f73fa9f49819c
This PS changes the services launched in the single and multinode
gates to reflect the resources avalible.
Change-Id: I6b2824ef98fefb5532ebaae315c3c5a4c6f730da
This PS organizes the installation document tree for easier navigation
and updating relevant content.
Change-Id: I51951d99dfc06bf441bd65ca817119cbca061851
Originally, the function to execute helm tests expected the helm
release to be in the openstack namespace. This changes the
function to get the namespace directly from the helm releases to
allow for the gathering of logs and removal of resources from the
namespace a release was installed to
Change-Id: Ic9d1215f363a6251bcc33bead311aba1ba67a658
This PS changes the install guide in order to have users pull our
custom kube-controller-manager image prior to initializing their
Kubernetes cluster. Also changes the reference in the gate to remove
redundant lines.
Change-Id: Ic32742b1df8145a99c8333a3d0711113e3cce30e
This PS disables debug logging for all services that had it on, and
removes the key from the default values.yaml. It does however ensure
that the mvp values has the appropriate key to make turning debugging
on simple.
Change-Id: I8ed84d531971cbd7984f029abbebb373af4c7311
This PS fixes some references to Helm v2.3.1, which has been
replaced by Helm v2.4.1 as the reference version.
Change-Id: I369f4846623932c2420fab2632ac1c0d8aad3cff
This PS updates the gate script to make multinode developer
deployment outside of zuul much clearer.
Change-Id: I25cc8c2f101dd0241d715ef7bf2e004cddf43c06
Add rally tests in cinder helm chart.
It only test create a volume because volume driver is fake_driver.
Change-Id: Iba5df74df427a414c70dda6baf9bc7e775b1716d
Partial-Implements: blueprint implement-helm-test-for-charts
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
This ps stops and removes the test VM after we have finished with it.
This frees up resources for the helm tests to use on the small machines
we have avalible in openstack-infra.
Change-Id: I743d8a9271bd349636ffc57e86255cc967633844
This PS adds 'helm test' functionality using Rally to Nova
Change-Id: Ie53c42636b58e36c22a9260c67a7981183d741d3
Partial-Implements: blueprint implement-helm-test-for-charts
External-Tracking-Id: OSH-89
This PS adds basic vm booting and functional testing to the single node
Zuul gates. Multinode testing will be once we have ceph running in zuul.
Change-Id: Ifcbdcaa4a30dee4088e369d4410dd737ef6f12cd
