This adds the force and recreate_pods upgrade options to the
rabbitmq chart in the armada manifest to allow for successful
rotation of user secrets on upgrades
Change-Id: I8268300845c665abc1b8b139a81f339e5d66a10c
This commit adds a helm chart to deploy panko.
The default deployment for panko is ocata.
Change-Id: I01f447fe0170be64e318885e307b013e30fd4762
Story: 2005021
Task: 29500
Signed-off-by: Angie Wang <angie.wang@windriver.com>
currently ironic chart is quite entangled with the presense of
other openstack services (Glance, Neutron, Swift).
Ironic is capable of running completely standalone, and while
the keystone and some neutron-related pieces are implemented as jobs
and can be turned off in manifests and dependencies sections of values,
others are scripts running as initContainers and are not the easy to
switch off.
This patch adds more key/values to the bootstrap key,
which allows to turn off Neutron-, Swift- and Glance-related pieces
while keeping possibility that some other networking, image or
object_store actions appropriate for standalone case may be needed.
Change-Id: Icccbdbce81ca350042f33f5e86bb942064839267
This PS extends the gate scripts to allow ceph to be deployed from
a workstation external to the k8s cluster.
Change-Id: I4940de18a53fb79c905fd307a04a1d19833e79b7
Signed-off-by: Pete Birley <pete@port.direct>
This PS allows rabbit compoents, eg other rabbit servers, tests, and jobs
to connect to rabbit.
Change-Id: I61cca52072940e31c093e4895a1c6406b15456bf
Signed-off-by: Pete Birley <pete@port.direct>
This adds the test timeout field to all charts with helm tests
defined in the OSH Armada manifest, and also updates the release
timeouts for releases known to take longer than usual
This also updates chart overrides to achieve parity between the
standard multinode job and the Armada periodic jobs to reduce the
potential for issues arising from configuration deltas
Change-Id: Id9ba223fbd35ee213db346bbc230a844632e15d2
The armada update password job was attempting to invoke a script
that didn't exist for sourcing the passwords. This updates the
path appropriately
Change-Id: Ieb0b85c18ed4f2a589ee3a3ba251317350dc4b81
To use RBD devices with CentOS system, multinode deployment script has
already been modifed.
Change-Id: I8a1ac13b0ec124b14b2bdd06ea3b0a9c081d468c
Story:2004640
Task:28577
the defaults in Python [0] and oslo.log [1] are such that when using
separate config file for logging configuration (log-config-append)
the log fomat of dates containes miliseconds twice (as in sec,ms.ms)
which is exactly what is currently seen in logs of OpenStack services
deployed by openstack-helm.
When not provided with datefmt log formatter option, Python effectively
uses '%Y-%m-%d %H:%M:%S,%f' [0] as a default time formatting string to
render `%(asctime)s`, but the defaults in oslo.log add another `.%f`
to it [1].
Since `log-date-format` oslo.log option has no effect when using
log-config-append, we need to explicitly set date format to avoid double
miliseconds rendering in date of log entries.
[0] 6ee41793d2/Lib/logging/__init__.py (L427-L428)
[1] http://git.openstack.org/cgit/openstack/oslo.log/tree/oslo_log/_options.py?id=7c5f8362b26313217b6c248e77be3dc8e2ef74a5#n148
Change-Id: I47aa7ce96770d94b905b56d6fe4abad428f01047
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: I6f2125f3505904c4714688e7a9900b8d6bea49b4
This adds wait timeouts to nova and neutron to circumvent timeout
issues with deploying those two releases
Change-Id: I3fcc9ef5f16ecbc6dc33fc52df22c2d5ff504fb7
This updates the openstack-helm Armada job to instead deploy
only Ceph, the OpenStack service charts, and their dependencies.
This is dependent on the addition of the Armada job for Ceph and
the LMA components to openstack-helm-infra. This also updates the
jobs definition to use the osh-gate-runner playbook instead, as
well as sets the job both to a periodic and experimental job
Depends-On: https://review.openstack.org/#/c/634676/
Depends-On: https://review.openstack.org/#/c/633067/
Change-Id: I7e191a153f123e04e123acc33fb691d8117062a9
This simply adds the release uuid value to the chart overrids in
the Armada manifests, which allows for validation that the release
uuid is appropriately added as an annotation to the resulting pods
Change-Id: I53dc31ed9849ea321064184817549c0e90c34378
1. Chart name : change from "ceph" to "ceph-rgw"
2. Postfix of environment variable's name
: change from "OPENSTACK" to "CEPH"
Change-Id: I03a4e12457cec1811b6fa03367811f74e4bb8b83
Signed-off-by: Deokjin Kim <deokjin81.kim@samsung.com>
This change adds a zuul check job to export any templated python
contained in the helm charts and scan it with bandit for any
potential security flaws.
This also adds two nosec comments on the instances of subprocess
used as they currently do not appear to be malicious, as well
as changing the endpoint_update python code to prevent sql
injection, which satisfies bandit code B608.
Change-Id: I2212d26514c3510353d16a4592893dd2e85cb369
This parameter has been deprecated in Newton and removed [1]
in Ocata.
[1] https://review.openstack.org/#/c/385604/
Change-Id: Ib80cc6634d0fba8ddd2a8e5c9d26a6a0524164b8
This updates the Armada LMA manifest to include overrides for
recent changes to the LMA services in osh-infra
Change-Id: Ib1ec2c23570a86d63df35a9f0d690d9e625f1dd0
- Change all tests to support Mimic and Luminous releases
- Update ceph-config-helper dockerfile to use Mimic Ceph binaries
Change-Id: I06a545c1964eaa5b983c58db48b6ad4ccaaa3b8b
Since rally 1.0, rally has been a platform for testing, and rally for
openstack has been separated by rally-openstack. The current version
of rally in openstack-helm is version 0.8 which corresponds to ocata.
This patch tests with the latest version of rally-openstack, version
1.3.0, and removes scenarios that are no longer in use.
Change-Id: I380a976c0f48c4af0796c9d866fc8787025ce548
This patchset updates the chart configuration overrides to account
for functionality supported with the move to Ocata over Newton.
This includes updating the OpenStack service logging configuration
to leverage the fluent handler/formatter that was introduced in the
Ocata release, updating Fluentd's configuration to filter out
duplicate logs, tagging logged events with their log level, and
creating separate indexes for the different log types created by
the elasticsearch templates. This also adds support for leveraging
ceph-radosgw's s3 API for Elasticsearch snapshots.
This also removes the barbican chart deployment from the
armada gate, to help alleviate resource consumption.
Change-Id: I45128bf102909e1762b832fc16ad04bedcfe4f00
This PS is enable the Egress policies
and enforces them in Openstack-helm.
Depends-On: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
Change-Id: I6ef3cd157749fd562acb2f89ad44e63be4f7e975
This disables the deployment of gnocchi, ceilometer and mongodb
from the multinode job until we can determine the root cause of
the failures in these charts
Change-Id: I8c936cae0b814841da12aabd6d3f95e902912bda
Without this patch it is not possible to have an override of
the helm values for the ingress controllers.
This is a problem, as this is inconsistent with other components
and this has reduced flexibility.
This patch solves the problem by exposing two extra overrides
for ingress: $OSH_EXTRA_HELM_ARGS_INGRESS_ceph and
$OSH_EXTRA_HELM_ARGS_INGRESS_openstack, next to the usual
$OSH_EXTRA_HELM_ARGS
Change-Id: I5b56941a6e9a585b9398099c632df349414112fa
This updates the upgrade host playbook in openstack-helm to match
the playbook used in openstack-helm-infra. The recent addition of
adding an apparmor profile to the calico chart requires us to
do the same setup on hosts in the openstack-helm jobs before
attempting to deploy calico
Change-Id: I264ba4ee8a2f24ffcbb36e28f6b91bbc114b406d
This updates the single node jobs to use the recently
added minikube deployment, with the intent to reduce
overall runtime for the single node jobs
Change-Id: I6efdbf890d86bf916cef2d1a3b7eba1f6132c2f9
This begins the reordering of the openstack-helm gates. This
deprecates the single node checks/gates that deployed the entire
stack in favor of single node checks/gates that are focused on
deploying charts with only their dependencies to reduce the
number of checks/gates required for a particular change. This also
moves the armada check to experimental, and moves the multinode
checks/gates to run as periodics. This will be followed up by
additional efforts to streamline these changes and incorporate
previous work targeting the same.
Change-Id: I63b87aceefc79a7a42c325669f2b4e3abb0c961c
This PS removes the vmbc image from osh, and also fixes some linting
issues with the ironic gate setup script.
Depends-On: https://review.openstack.org/608689
Change-Id: I2f95445a49dfaced19cab058f94966f11c4a8877
Signed-off-by: Pete Birley <pete@port.direct>
This patch set updates the gate to by default uses network policy
for all components and enforces them in Openstack-helm.
Change-Id: I70c90b5808075797f02670f21481a4f968205325
Depends-On: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set moves the default deployment to ocata from newton.
Newton zuul job is now moved into its separate job.
Change-Id: Ic534c8ee02179f23c7855d93a4707e5a2fd77354
Signed-off-by: Tin Lam <tin@irrational.io>
This adds the Elasticsearch admin password to the nagios chart
document overrides to account for the Elasticsearch plugin for
alerting on queries to Elasticsearch for particular logged events
Change-Id: I589fabf94a537730c3bfe86a6aa2af2c6fc3c88a
