OpenStack services already moved to use policy in code.
No need to have policy file at this point, at least no need to put
default policy rule to policy.yaml file anymore.
To put in duplicate rules, will cause unnecessay logs and process.
Also not healthy for policy in code maintain as the `default` rules in
openstack-helm might override actual default rules in code which we
might not even mean to change it at all.
Change-Id: I29ea57aa80444ed64673818e597c9ca346ba7b2f
When the placement chart was originally written, there was a
need to migrate from an existing nova-placement setup.
Now that nova and placement have been separated for several
releases, there's not much use in maintaining this job. This
change removes the db-migrate functionality in the placement
chart due to issues with it in newer releases.
The chart version has been bumped to 0.3.0 to signify a
non-trivial change in functionality as well.
Change-Id: I6ff802ab8356deb5e927f414500c52b663cfa30b
This allows placement to consume TLS openstack endpoints.
Jobs consume openstack endpoints, typically identity endpoints.
And placement itself interact with other openstack services via
endpoints.
Change-Id: I1a44844826eec4f6238f9b37064ccadcdcc7336a
port number in placement
Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.
I added `service` section in endpoint items apart from admin,public
,internal and default.
Change-Id: I0bfd05bd419dd55b986ab6c1f706a5fcfbe19bbe
Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142
Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Change-Id: I8f63c285cb53090cd7eb0b663bb94fc892dc1a3f
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Chart upgrade fails as some immutable fields in job are needed to be applied earlier then the job manifests. To solve the problem, helm.sh/hook annotations with post-install and post-upgrade values can be used so that the jobs are the last one to be applied after all the manifests. As jobs are dependent one services, hook weight is used to maintain the job creation order.
Change-Id: I7551977599d376e4d240fff5cb9d002fc918d9fe
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382
Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.
Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This patch set places in a placement database migration script to
upgrade an installation from one without the placement service to one
with the placement service.
Change-Id: I1a9abb4999beac26b140a8302665f5c63901e71d
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the policy.yaml file with the latest rules generated by
tox -egenpolicy in openstack/placement project.
Change-Id: I43a2fb00121eb7addd5b07378eb51aeb273aedfb
Signed-off-by: Tin Lam <tin@irrational.io>
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
binary:
start_flags:
a2enmod:
a2dismod:
On which:
* binary: the binary to use for launching apache
* start_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.
Change-Id: I77940ff847fc5785178ee5cf84cb77bed9f1ec71
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
This patch set brings all the placement images to stein, so they are
inline with other services. Also, this updates the dep_check to use one
in the airshipit repo instead of stackanetes repo.
Change-Id: Ie4bd8142fcf37ba7a296109a720c4412ebb7fd01
Signed-off-by: Tin Lam <tin@irrational.io>
This commit adds a helm chart to deploy placement.
Related test pass on simplex and multi-node setup
Story: 2005799
Task: 33532
Depends-On: https://review.opendev.org/#/c/672678/
Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
