This PS should make the multinode gate more reliable for ceph.
It's not perfect in that is uses the default route IPs in zuul, which
has a performance hit. The bash is also ugly as sin - but it gets us
moving again until somone has time to implement a more eligant solution
that works both in infra supplied nodes and other CI systems.
Change-Id: Ie1326f048c43d04a945ca155bde8824d17ddcbec
This PS adds labels to all jobs in OpenStack-Helm, allowing them to be
found by label searches. This makes management of large clusters using
tools like Armada easier.
Change-Id: I49b2cb7a94fab96958f187ca11e2c2a0c80ff843
While trying to regenerate the .conf files, the gen-oslo-openstack-helm
tool spits back an error because of the removal of log translations in
OpenStack [0]. This patch set replaces the removed _LW() with the default
_() so the tool does not error out unexpectedly.
[0] d5e3652d12
Change-Id: I665775ae075b6ce0d1aa74ca5732e9e6566ff174
ceph clean job tries to delete a secret. but if there's no the secret,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I863e43f576408fdcd24997bde9b658c50b0057c1
Closes-bug: 1708597
glance clean job tries to delete a image. but if there's no the image,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I3b9c3057b9da8780ca27f1cb18dcd5541f3bcabc
Closes-bug: 1708581
This PS fises a rendering erros in the joinListWithComma function
when used with values from the helm --set cli command.
From Kolla-Kubernetes: https://review.openstack.org/#/c/488513/
All Credit to: Serguei Bezverkhi
Change-Id: I013a37f5e6dec43232c6ee300be8f918f9ef554a
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
Glance bootstrap job fails due to missing 'paste_deploy' values.
This PS solves the issue by adding the values to glance chart.
Change-Id: I850863fe29c25aab9cf57eee62098e2b5d23a7f8
Closes-Bug: 1705421
Currently Ceph namespace job cleaner uses a fixed name. This leads to
helm delete fails to clean up Ceph package. This fix randomizes the job
name to avoid name conflicts.
DocImpact
Closes-Bug: #1707670
Change-Id: I7ac7b7482b945a9a836f6f69df0ef8cebc37bafb
This PS fix openstack endpoint show option at _ks-endpoint.sh
as job-ks-endpoint fails when endpoint needs updated.
Change-Id: I8aa05f3d40e7825410eace3ad7b44d36e3bb6434
This PS adds loopback device support to the gate scripts.
Rather than using simple loopback devices we use iscsi to
allow is to target the created devices via the bus they are
connected to. An arbitary number of devices of a desired size
can be created, and controlled via env vars.
Change-Id: I05fb7f3a1564bc36903aed2c46ed996bb8cc57c8
This PS updates the nova boostrap job, both bringing it inline with
other services and also adding the default flavours from Mitaka.
By setting the m1.tiny size to match the upstream it is expected
that the majority of gate failures will be solved - as many of the
VMs in nodepool do not have 20GB of free space on the rootfs.
Change-Id: I767795015422a1b326a6f34b5a3f50bf41a0ca4b
This PS updates the MariaDB start script remove templated values
from being directly inserted into the script. It also moves the
root connection params to a secret to prevent the root password
being exposed in logs.
Change-Id: I10977ef267877a5913bf265280ff5439c7bf268c
Fixes the reference to mariadb replicas used when adding pods to
the mariadb cluster. This was causing nodes to not be added to
the cluster properly
Change-Id: I9df586c8939e241ea58d933652c767542fd364ff
This PS allows an operator to change the service account password
though the values fed into a chart.
Change-Id: If3a859f0db84237c71303ef329573c7d6aafdae7
This PS updates the pod affinity function to allow customisation by
operators at the point of deployment.
Change-Id: I8b7b2f584e990e068051d9a6d5cc7b1e1adb5aa5
Adds the specs/ directory to openstack-helm for housing future
specifications for the project. It also includes an appropriate
README with directions for drafting specs, links to the openstack
resources for bp+spec lifecycle, and a template for use in
drafting specifications
Change-Id: Ice23447b358b520a8b4fb703fc836e8f09fa34d1
The issue was with type of upgrade strategy, which was rendered as empty.
It was due to wrong access to the pod_replacement_strategy, which was
out of modified scope:
daemonsets:
pod_replacement_strategy: RollingUpdate
dhcp_agent:
enabled: false
min_ready_seconds: 0
max_unavailable: 1
and the snippet was modifying the scope to daemonset.dhcp_agent, then
trying to access daemonsets.dhcpagent.pod_replacement_strategy, which was
not there:
{{- $upgradeMap := index $envAll.Values.pod.lifecycle.upgrades.daemonsets $component }}
updateStrategy:
type: {{ .pod_replacement_strategy }}
The fix is to evaluate the common variable before entering the scope
modification.
{{- $pod_replacement_strategy := $envAll.Values.pod.lifecycle.upgrades.daemonsets.pod_replacement_strategy -}}
type: {{ $pod_replacement_strategy }}
Change-Id: I78937b1bf1e0d50ca372de095582c71105d76331
Closes-Bug: 1705662
If you re-install glance chart with fixed bootstrap image id
in your own ceph environment, glance chart can't create bootstrap
image because of same object is exist in ceph.
This patch add job-clean that remove bootstrap image when you
delete glance chart.
Change-Id: I4ca55f0500479cbc48eff4133c7ac1683a76e60f
Closes-Bug: #1705386
Nginx's configuration has the underscore header value disabled.
When uploading image, glance api uses underscore header.
For example, x-image-meta-disk_format or x-image-meta_name.
Change-Id: I86e7f7d8d908904a4e45fa68f6bd613028d45801
When trying to re-install ceph chart, the
ceph-namespace-client-key-generator job is not working because of the
already created pvc-ceph-client-key secret.
So it needs to remove the secret when deleting ceph chart.
Closes-Bug: #1705177
Change-Id: I7338a516fe3b9f265953b8b1fddd3dbfb97bafd2
Ceph mon has been changed from a statefulset to a daemonset,
so the PodDisruptionBudget is no longer needed.
Change-Id: I86d46ed2e6377177eff9251d5e4f3bb433eaf250
