This patch set adds in two additional parameters to:
a. establish ownership between certificate and secret so secrets can be
cleaned up when the certificate is deleted as part of a helm release
b. add the ability to always issue new tls.key as part of the key
rotation when the secret gets regenerated for any reason.
This also adds linebreaks for readability.
Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the cert-manager.io version from v1alpha2 to
v1alpha3.
Change-Id: Ib9904f9f2c1f3fa426c852b012307cf7aed266e7
Signed-off-by: Tin Lam <tin@irrational.io>
All the Dockerfiles have been moved to openstack-helm-images project
where it is better supported. The old Dockerfiles in the tools/images
folder should be removed to reduce confusion. Users should be using
the ones in openstack-helm-images project.
Change-Id: Ife430a54806885220d25f426bac68ef87b9035d3
Signed-off-by: Tin Lam <tin@irrational.io>
This patch changes the default stein deployment to use a
separate placement service chart deployment, rather than
using nova.
Change-Id: I73fe9577468e28a129332a1415b877a505ac204e
Signed-off-by: Tin Lam <tin@irrational.io>
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch set moves pip/2 to pip/3. This also removed a cap of
cmd2 package.
Change-Id: Ia0e377092d71416e96926215fe109cfbf54bc4ed
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds ingress network policy testcases for mariadb
in openstack namespace.
Depends-On: https://review.opendev.org/#/c/687162/
Change-Id: Ia2bc596baf623ef3f747fbd0534c8e058e1571f8
This commit is to deploy placement service as a part
of nova chart for stein release. This also enables
seperate placement chart deployment for train release.
Change-Id: Ie22dbf85a3ed42bc0cd13579218e03d5912e67ea
This adds network policy testcases for memcached in openstack
namespace.
Depends-On: https://review.opendev.org/#/c/685755/
Change-Id: I99a0598172453692817420ddefd8653f292124d9
This ps overrides the ceph-mon in the ceph-ns-activate script
to fix a current issue with the cinder gates.
Change-Id: I29a69fd7bbf19a7a4890c76366592a44528e3cc1
setup-client.sh is the script which setups the openstack client.
This script is referenced in the installation guide and many CI
jobs. More than installing the openstack client, the script builds
all the charts by calling `make all`. This script is also called in
openstack-helm-infra project CI job[1]. The `make all` may break the
CI at some situations. For example in the following case:
We make some changes of helm-toolkit to enhancement a tool function.
In the enhancement the function parameters are changed. At this
moment, we can't build some up-layer charts, because they call the
function with old parameters.
Actually, we don't have to make all in the setup-client.sh as we
build every single chart when we install the component. We just need
to build the helm-toolkit here. So this patch is to replace the
`make all` with `make helm-toolkit`
[1] https://github.com/openstack/openstack-helm-infra/blob/master/zuul.d/jobs.yaml#L314
Story: 2007291
Task: 38822
Change-Id: If5efb1a108a36281f2459594ba6424491d909580
Signed-off-by: songgongjun <gongjun.song@intel.com>
This commit adds a helm chart to deploy placement.
Related test pass on simplex and multi-node setup
Story: 2005799
Task: 33532
Depends-On: https://review.opendev.org/#/c/672678/
Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
This change adds in the mapping for LDAP groups to be mapped
to groups within keystone. Also adds a group list check to make
sure that groups are correctly mapped.
Change-Id: Ib3b00d3f801ba975202a921643510fcb642e0a90
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.
Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
This patch set adds in a script that cleans up orphaned or
lingering rally helm test pods.
Depends-On: https://review.opendev.org/#/c/683759/
Change-Id: I94fc8d067b421248cf74fe40b2e8520f63d4417c
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates the gateway setup script to support deployments where
multiple default routes may be present, eg when connecting to a vpn.
Change-Id: I5fe86e9471ecb6a9c80e1e4f942822cac00da669
Signed-off-by: Pete Birley <pete@port.direct>
This patch set adds in a capability for the user to defaultly use a
FQDN for the nova compute hostname and the hypervisor hostname when
the host is not explicitly specified in the .Values.conf override.
Change-Id: I3243068dfe91ebb97b3885002296a0f454822ec5
Co-authored-by: Drew Walters <andrew.walters@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patchset adds the capability to the Nova chart to be able to wait
for a percentage of the compute nodes/hypervisors to become ready/available
before continuing on with the deployment. It will be disabled by default,
because this is a feature that may or may not be needed in production
deployments.
Change-Id: I971151a663afc87e7d62efa4ab3723c5472a3736
This PS fixes the developer script for generating certs for use with
octavia.
Change-Id: I2dae5bc32dbbaa9055884a568cebeb27fe13ac74
Signed-off-by: Pete Birley <pete@port.direct>
This change removes the netpol values from the keystone/ldap script,
those are now part of the appropriate chart and can be deployed as such.
This also fixes the path to the ldap domain config override that was
pointing to a file that no longer exists.
Change-Id: Id01af23c5308edabf635ccd321721ff104fd58e3
As network policy jobs in zuul are moved to be run by the feature gate,
usage of them in old scripts should be taken out to avoid confusion and
potential problem where netpol cause unexpected connection failure. This
patch set removes the remanant of these netpol's.
Change-Id: I1ce86d27ca4f708b17d848d742ba840156d4ef6c
Signed-off-by: Tin Lam <tin@irrational.io>
As all feature specific value overrides are moved into the component's
values_overrides folder to be used by zuul's feature gate, the old
overrides should be removed to reduce confusion as they are unused.
Change-Id: Ieaf35a8147061da356fdfa46c73673457af1f3d1
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
For simplification of deployment and maintenance, reduce the number
of scripts that do usually the same.
The important part is that when user wants to do multinode deployment,
OSH_DEPLOY_MULTINODE variable must be set before executing the script.
For now multinone script still stays, only to invoke the common one,
but in future it would be better to remove multinode scripts completely
and let user call the common script with the right argument.
Change-Id: I4dca159827581cbe8d6ded3be85e732acbf60ed1
