We dropped train support a long time ago now, and our latest efforts
are to drop ussuri/bionic images. This change removes any leftover
train overrides as well as any ussuri overrides. This also changes
any image defaults to use wallaby.
Change-Id: I818a3a79faa631ec1b7de625f2113c6f19610760
This reverts commit d554d74bf0c6d61d63f92e1d8224881dd4fa726d.
This change is very problematic, because then the volumes will no longer be able to have API operations work on them, since the volumes are tied to a host, so when that host it down, things are bad.
We should keep this old (non-clean behaviour) and switch towards using Cinder clusters instead https://docs.openstack.org/cinder/latest/contributor/high_availability.html
This means configuring a few other things, but this is a really bad change and will break production deployments. I suggest we revert ASAP.
Change-Id: Iee54ef5feca5c8bee80aded75d2fd182a431adb3
Now `cinder-volume-worker` is set as DEFAULT.host. It results only
one host per volume service type registered regardless of replica
numbers.
To fix this, removed DEFAULT.host from default values so hostname
of pods will be used as host name.
It will produce garbage services with down state because pod name
changes every creation. To avoid this, added a cronjob for service
clean.
Change-Id: I9ec6f62105124f9088afdb231099b532fc83bb34
Now we need to add external ceph configuration in values as yaml
format, then it is converted to ini format and added in cinder-etc
configmap.
Instead, we can just specify the pre-existing configmap name.
Configmap name takes precedence over plain configuration.
Change-Id: Ica1973798223207f6a453613a600d121db25edea
This allows cinder to consume TLS openstack endpoints.
Jobs consume openstack endpoints, typically identity endpoints.
And cinder itself interact with other openstack services via
endpoints.
Change-Id: Id5668f9dde1f63fe472fef639571936de831e217
This change adds the overrides needed to run both the Xena and
Yoga releases in the OSH zuul jobs.
Change-Id: I65e016a4cb3fd52707ab29c37f025818fcb6c405
This is to add public/private visibility option
and project level access list to a volume type while creating.
Change-Id: Id33c8c9f10e60fcdb4b6c49e69f3b5d8f11850c6
THe cinder chart contains several values overrides for older
releases of openstack that are no longer supported by
openstack-helm. This change removes these overrides from the
cinder chart.
Change-Id: I9d506e2cc1eebaeb6d2eacff5bd47113d069dbb0
This change removes the cinder v1 and v2 endpoint definitions
from the default values in the cinder chart.
Change-Id: I0ee35ad71c76df157e2c670a7899e4b6c1b91e46
Defines compute kit and cinder jobs for new releases with
corresponding values overrides.
Disables compute agent list test for Wallaby since related API
is removed [0].
Since Wallaby with switch of osc to sdk '--id auto' is no longer
treated specially in 'openstack flavor create'. The same behavior
can be achieved w/o specifying --id flag for flavor creation [1].
Starting Wallaby 'nova-manage api_db version' returns init version
for empty database greater than 0 [2]. _db-sync.sh.tpl logic prior to
this commit does not work due to this. We need to either remove
(done in current commit) or justify and alter previous logic.
[0] https://review.opendev.org/749309
[1] https://review.opendev.org/750151
[2] https://opendev.org/openstack/nova/src/branch/stable/wallaby/nova/db/sqlalchemy/migration.py#L32
Change-Id: I361431d9aa8c1a06c5d59f479fb161ecd87e2ee2
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed
rabbitmq support should be added.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188
Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
Verification is added to Cinder volume type creation logic
under Values.bootstrap to make sure the volume_backend_name is
configured in Values.conf.backends.
Change-Id: I1b9b1eaac8df861d28d4121477de148dba6a2dbf
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359
Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
This patchset added the necessary hostPath, hostIpc and
hostNetwork to enable the volume backup for iSCSI based
Cinder volumes.
Change-Id: Ief3cc723650a6c42e24dfd6159c0de6f81e56fce
Example override yaml file is added to indicate how to
override the manifest for configure an additional externally
managed Ceph Cinder backend.
In ceph.conf, either "mon_host" or "mon host" can be used for
the same parameter. In order not to force the user to use it one
way or the other, "mon_host" is removed from default setting.
Change-Id: I179567d77196ab2fb82d7a78e3a08efb966ed68c
In this Patchset, Cinder configuration is added to values_overrides
for supporting PURE as one possible Cinder block storage backend.
Please note: updated images are needed for Cinder and Nova to
include package purestorage for the support of pure backend.
Change-Id: Ic0f1116045d74ec624449fbaf92858ccf8d4d936
Co-Authored by gage Hugo <gagehugo@gmail.com>.
This Patchset creates Zuul Gate Jobs for apparmor to support Cinder.
Change-Id: I7705512a3b50560b183e19f0868be40078241cdd
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
This PS adds checks for the Stein Release of OpenStack in Ubuntu Bionic
containers.
Depends-On: https://review.opendev.org/667726
Change-Id: Icfad3434ca496a841993b95adaf5d853728d920f
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for running the Rocky release of Openstack under
Python3 in Ubuntu Bionic containers.
Change-Id: I269cef9f8f157e22f6b857822df9a8960dac6ea8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Rocky Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: Ieed4a6a3afa6e3ebd9b2f72ba227aac891d65214
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Queens Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I0d4d427e43f06fa955dfd275859939d0adca113c
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Pike Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I402584bbcdd53a4a6bc21f370586b3498142bf81
Signed-off-by: Pete Birley <pete@port.direct>
There is currently no testing of the Leap 15 images in OSH.
This addresses it by:
- Using the values_overrides folder according to the multi-os
spec, creating value override files there for changes that
needs to happen on Leap 15 images.
- Point to the right images using the previously created folder,
to allow using those in CI easily.
- Change CI to use previously created overrides.
Depends-On: https://review.openstack.org/#/c/651501
Change-Id: I520d3676195c62b253a19397c86b0d0fbabee710
