With the update of openstack clients:
openstack client >= 4.0.0
neutron client >= 6.14.0
neturon lib >= 1.29.1
The command 'openstack network show ${network} -f value -c subnets'
returns '[]' instead of null string if no subnets found in the
specific network. This commit adds a check logic to avoid subsequent
command returns error by using '[]' as subnet input.
Change-Id: I7e7d5209227b0e34131b7715dbd3faa6066a94b7
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
This disables the keystone-auth single node job and all multinode
periodic and experimental jobs while standing issues with the
kubeadm-aio image deployment are sorted out
Change-Id: I4e1de001ddf17b3c035ca174b7ef8acec8f2bf2c
Signed-off-by: Steve Wilkerson <sw5822@att.com>
- Change all tests to support Nautilus,Mimic and Luminous releases
- Update ceph-config-helper image
Change-Id: I557b1efa12529d0ee51d4c5b9d4beb4abf1b0574
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patchset adds the capability to the Nova chart to be able to wait
for a percentage of the compute nodes/hypervisors to become ready/available
before continuing on with the deployment. It will be disabled by default,
because this is a feature that may or may not be needed in production
deployments.
Change-Id: I971151a663afc87e7d62efa4ab3723c5472a3736
This ps update neutron ovs agent to support properly:
- setting mtu on dpdk bond and nic interface port
- setting vhost-iommu-support on dpdk bond and nic interface port
- setting n_txq values on dpdk bond and nic interface port
Change-Id: I422fa21a622642ecb7c49914fef04073e4f984bc
This PS fixes the developer script for generating certs for use with
octavia.
Change-Id: I2dae5bc32dbbaa9055884a568cebeb27fe13ac74
Signed-off-by: Pete Birley <pete@port.direct>
This change removes the netpol values from the keystone/ldap script,
those are now part of the appropriate chart and can be deployed as such.
This also fixes the path to the ldap domain config override that was
pointing to a file that no longer exists.
Change-Id: Id01af23c5308edabf635ccd321721ff104fd58e3
This PS udpates the nova compute start script to account for cases where
there may be multiple default routes to the outside world.
Change-Id: Ibd051c2577a0ab67aa2a5284fc9ccab799c28953
Signed-off-by: Pete Birley <pete@port.direct>
Implement container security context for the following Nova resources:
- Neutron metadata_agent
- Neutron ovs_agent
Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
Add ubuntu bionic barbican images for Stein.
Also policy rules changes due to https://review.opendev.org/#/c/609606
Change-Id: I36957c859bf065541ac4ce07e03c01fc020ff4af
As network policy jobs in zuul are moved to be run by the feature gate,
usage of them in old scripts should be taken out to avoid confusion and
potential problem where netpol cause unexpected connection failure. This
patch set removes the remanant of these netpol's.
Change-Id: I1ce86d27ca4f708b17d848d742ba840156d4ef6c
Signed-off-by: Tin Lam <tin@irrational.io>
As all feature specific value overrides are moved into the component's
values_overrides folder to be used by zuul's feature gate, the old
overrides should be removed to reduce confusion as they are unused.
Change-Id: Ieaf35a8147061da356fdfa46c73673457af1f3d1
Signed-off-by: Tin Lam <tin@irrational.io>
Move Barbican Network Policies into a dedicated
override. Configure magnum to have the access to
Barbican.
Change-Id: Iad0f69666a28fabedd49b266c8a9de1ec3410dd6
For k8s 1.16+, the extensions/v1beta1 has been replaced by
apps/v1 for DaemonSet. This patch set updates documents in
the OpenStack-Helm repository.
Change-Id: I8512b9f3202b2bf56b77408aca8d239daab32add
Signed-off-by: Tin Lam <tin@irrational.io>
Pods for some of the CronJobs do not have correct
application and component labels applied, they are
unable to start if Network Policies are enabled.
Change-Id: Ie4eed0e9829419b4b2e40e9b712b73a86d6fc3d2
This change updates the tests container image
to one which installs python3.
The selenium-test.py template file has been refactored
to match the structure of the selenium tests in
openstack-helm-infra/tools/gate/selenium
Change-Id: I568bea8d715ea28b8e750215d166ba1b04e4172d
A recently introduced readiness probe for neutron-ovs-agent makes use of
an OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit. Thereby it does not
give any guarantees for older versions of OVS, but at least allows the
readiness probe to pass.
Change-Id: Ic77c6bdd60730c1a7c5e55fdb4afc6db938f0ddb
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Neutron plugins (for ex. TaaS) using their own rootwrap filters install
those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory.
Therefore this path should be added to neutron values.conf file to let
these plugins function correctly.
Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
Added new X-Content-Type-Options: nosniff header to make sure the browser
does not try to detect a different Content-Type than what is actually
sent (can lead to XSS)
Added new Header and set X-Permitted-Cross-Domain-Policies: "none"
Change-Id: I6f89ffb44ad805039c4074889a7c15fbef6fc95e
This updates the ceph-config-helper image for the ubuntu distro
based jobs to use an image that includes kubernetes 1.16.2
Change-Id: If063db5e6f0abfab10cd0195b3633c41d8ed560f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Some configuration when enable will explicitly set headers, for this
to work the header module should be enabled.
Change-Id: If549d4c6924c990d1a48bca193935ed9a2ed6864
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
This patch adds a deployment guide for installing Openstack Helm
with OVS-DPDK
Co-Authored-By: Georg Kunz <georg.kunz@ericsson.com>
Change-Id: Ic8078537a7317c4132e4b11494e0d827365109d9
