As the functions of overrides are upgraded,the
files that depend on the functions of overrides
need to be modified synchronously.This patch and
https://review.opendev.org/#/c/707788/ depend on
each other.
Story: 2007291
Task: 38753
Depends-on: https://review.opendev.org/#/c/707788/
Change-Id: I048c8fe73f8f85df465f2c829812b75be1e4f130
Signed-off-by: songgongjun <gongjun.song@intel.com>
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
For OVS-DPDK deployments, where tunnel interface is bound to DPDK, there
should be support to transport the tunnel traffic over a VLAN network.
Change-Id: I1e63c9a6eb03a3f78a8592244d7c4b4928164fa5
Rally can leave behind rally-generated network and router in the neutron
helm test. This patch set adds in a clean up script to clean up these
rally-generated resources.
Change-Id: If7dc9e4e5a659657e8a7e32f6d94703992dcd193
Signed-off-by: Tin Lam <tin@irrational.io>
Changed Nova and Neutron health-probe script to exit if previous
probe process is still running.
The health-probe has RPC call timeout of 60 seconds and has 2
retries. In worst case scenario the probe process can run a little
over 180 seconds. Changing the periodSeconds so that probe starts
after previous one is complete. Also changing timeoutSeconds value
a little to give little more extra time for the probe to finish.
Increasing the liveness probe periods as they are not do critical
which will reduce the resource usage for the probes.
Co-authored-by: Randeep Jalli <rj2083@att.com>
Change-Id: Ife1c381d663c1e271a5099bdc6d0dfefb00d8d73
This reverts commit 1c85fdc390e05eb578874e77fad9d4ec942da791.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
Removes stale DHCP and L3 namespaces. The cron runs once in 12 hours.
Network namespace cleanup is implemented as a daemonset as Kubernetes
does not have a cronjob that works like daemonset-cronjob.
Network namespace cleanup should run on all nodes where DHCP and L3
agents run.
Change-Id: I7525e493067669026e0d57889a3e3238a2bd1308
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.
Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
The 'options' keyword for setting mtu in 'set interface' does not
set mtu and it seems to ignore/fail the request silently.
Change-Id: Icec98c5166611a8c538f93e6326cf7d20b545ecd
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This ps update neutron ovs agent to support properly:
- setting mtu on dpdk bond and nic interface port
- setting vhost-iommu-support on dpdk bond and nic interface port
- setting n_txq values on dpdk bond and nic interface port
Change-Id: I422fa21a622642ecb7c49914fef04073e4f984bc
Implement container security context for the following Nova resources:
- Neutron metadata_agent
- Neutron ovs_agent
Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
A recently introduced readiness probe for neutron-ovs-agent makes use of
an OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit. Thereby it does not
give any guarantees for older versions of OVS, but at least allows the
readiness probe to pass.
Change-Id: Ic77c6bdd60730c1a7c5e55fdb4afc6db938f0ddb
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Neutron plugins (for ex. TaaS) using their own rootwrap filters install
those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory.
Therefore this path should be added to neutron values.conf file to let
these plugins function correctly.
Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
This patch set is one of many to migrate existing code/script to be
python-3 compatible as python-2 is sunsetting in January of 2020.
Change-Id: I337069203a3273e9aba6a37294ee3c25e5b4870a
Signed-off-by: Tin Lam <tin@irrational.io>
The current configuration expects VF & bonding info by default. This patch
set removes the need to configure them for every deployment.
Change-Id: Id546c113b2d3c42591a0326ee8cd442cccc73578
Python psutil library has not been consistent in behavior
a. gives trucated process names at times
b. the truncated names sometimes contain path to Python instead
of the program name Python runs
Change-Id: I99b77a4c28761a2187e59be4e562d5893ef3caa9
This PS adds octavia chart and its deployment scripts.
Blueprint name : openstack-helm-octavia
- Deployments : api, worker, housekeeping
- Daemonset : health-manager
- health-manager daemonset creates o-hm device on each controller node.
- This is for multi node deployment.
- 180-create-resource-for-octavia.sh : Create openstack resources
(network, sec groups, flavor, keypair, image for development)
- 190-create-octavia-certs.sh : Create certificates to use Octavia
(the certs is passed into pod using secret and volume for development)
- 200-octavia.sh : Deploy Octavia chart
Note: This chart doesn't include amphora image itself and its build.
Change-Id: I0bb7dfc7c15d77287c05a8542347e19fc269aba4
Signed-off-by: hagun.kim <hagun.kim@samsung.com>
This PS updates the test project purge script to target specificly
the desired project by its id.
Change-Id: I54bfaa7727fdad781bdecc31251c1fe53f912c18
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the os purge of the test project to be an optional
operator driven choice, as they will also need to ensure
the project is unique to neutron testing.
Additionally this updates the purge image to be driven by the
charts values.yaml, as with every other image in OSH.
Change-Id: I46807f7c4922a1b411386641eddbd8957ab56f05
Signed-off-by: Pete Birley <pete@port.direct>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
This commit adds readiness checks to neutron ovs agent
to check if the ovs and dpdk configurations are working
without errors.
Change-Id: I48277bdbd91ec8121e5fec300aeb646a80a65d29
Rally usually cleans up all its resources in normal executions - normal
test success cases and normal test failure cases. But the generic cleanup
does not work well for out of the system failures like process
interruptions, pod failures, disaster cleanup etc.
This is a known issue in rally-openstack. -
"Current generic mechanism is nice but it doesn't work enough well in real life.
And in cases of existing users, persistence context
and disaster cleanups it doesn't work well."
Hence, if we shall face above such issues, it is becoming impossible
to run "helm test neutron" again because of the stale data
and different quota limits mentioned in the values.yaml.
Hence we need to purge the stale data from the "test"
project as well as reset the quota limit for such scenarios.
For the normal executions, this patch has to do nothing,
but for unexpected failures, this patch will purge the stale data
from test project and reset the quota as defined in
values.yaml for the next run.
Change-Id: I3f6851582e2ac1aa1d375fcd13c07f4f57f45dc8
Python 2 is sunsetting in Jan 2020. We should not be finding python 2
explicitly. This patch removes those calls.
Change-Id: Ie6c9ad77097e662393c5fdd26490ebef25bdc3de
Signed-off-by: Tin Lam <tin@irrational.io>
