407 Commits

Author SHA1 Message Date
OlegBravo
4f2eb8cac6 Add TungstenFabric compatibility to charts
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.

The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.

This patchset doesn't have Heat-related changes,
they'll be added later.

Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
2020-06-26 10:39:20 +03:00
Zuul
35a794ccc8 Merge "[neutron] Unhardcode probes timings" 2020-06-03 07:36:05 +00:00
Zuul
08e652a06f Merge "Allow neutron sriov agent to set num_queues per vf" 2020-06-02 15:18:25 +00:00
diwakar thyagaraj
477602f2e7 Enable Apparmor to osh test Pods
Change-Id: I0a67f66cc4ed8a1e3a5c3c458b7c1521f9169160
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-06-01 18:32:51 +00:00
Roy Tang
da47437f32 Allow neutron sriov agent to set num_queues per vf
Change-Id: I465c882ab2939e5c0297c889fddc6c93bf5a7b91
2020-05-28 21:36:24 +00:00
Andrii Ostapenko
8cfa2aa390 Enable yamllint checks
- brackets
- braces
- colon
- commas
- comments
- document-end
- document-start
- empty-lines
- hyphens
- indentation
- new-line-at-end-of-file
- new-lines
- octal-values
- trailing-spaces

with corresponding code adjustment.

Also add yamllint.conf under the check.

Change-Id: Ie6251c9063c9c99ebe7c6db54c65d45d6ee7a1d4
2020-05-27 19:16:34 -05:00
John Haan
63556c3de3 bugfix for systax error
neutron-ironic-agent script has syntax error.
This patch is for resolving the error.

Change-Id: I4a4e0bbab5ce1f9ce45c0723b92a2af647212592
2020-05-21 06:20:55 +00:00
Tin Lam
6d35251cf1 fix(rally): update cleanup
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.

Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-10 22:07:52 +00:00
Zuul
87e9387b38 Merge "Enable Apparmor to init container for neutron" 2020-05-07 18:31:39 +00:00
diwakar thyagaraj
3d4b2630c1 Enable Apparmor to init container for neutron
Change-Id: I5df5f5ba36209d48a5a70975823ae73e1ca5c028
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-05-06 22:51:22 +00:00
Roy Tang
8b59f26ae4 Minor fix to neutron sriov agent init script
Change-Id: I618b2974923b298bdd66c79398868f06c963f393
2020-05-05 07:51:54 -07:00
Roy Tang
03a43cb91e Add support to set ovs module log level
Change-Id: I1fcd5b49cb2af4c76ed32b332f83ca8fa783a3c6
2020-04-17 11:02:19 -07:00
Gage Hugo
db79e79788 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
2020-04-03 20:53:32 +00:00
Oleksii Grudev
6969a5d596 [neutron] Unhardcode probes timings
This patch adds ability to unhardcode readiness/
liveness probes timings for those probes which still
were hardcoded. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest  timeout and number of
retries

Change-Id: I2e48eed26abb82208a4ac4ae596d27ca8db99c90
2020-04-01 14:57:11 +03:00
Roy Tang
6142f32c02 Update neutron ovs-agent init
There is a bug with the Intel i40e driver version 2.11.21 or earlier
where the interface VF spoof check must be toggle on and off after bond
is created (TODO: insert release note or bug here)

Change-Id: I9723e52fc87291f5e90df29a154c04180cbfe955
2020-03-18 18:37:15 +00:00
Zuul
3c093d2dea Merge "Revert "Modify files related to overrides."" 2020-03-13 22:41:15 +00:00
diwakar thyagaraj
9b21a7d1f0 [FIX] Apparmor for missing neutron components
Change-Id: I78618832e9c980bb8af4c8818c8fdc12c459cb06
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-03-13 15:16:07 +00:00
Pete Birley
728b3739cf Revert "Modify files related to overrides."
This reverts commit 0389b54578dc9efb670fcacb1097daf008d7cdcc.

Change-Id: I91f2c87f51978fe0a35143757c19fe789f7e0669
see: https://review.opendev.org/#/c/712959/1
2020-03-13 14:08:31 +00:00
Zuul
5763f146c9 Merge "Revert "Add neutron-ovs-cleanup to neutron charts"" 2020-03-10 00:52:42 +00:00
Hemachandra Reddy
9abf057340 Revert "Add neutron-ovs-cleanup to neutron charts"
This reverts commit 09d6a3e68c3d95e27ce7a7395735d058062e9d17.

It causes failures during brown field upgrade.

Change-Id: Ie619358bd0ae046bfb94b9e9d811251b54d2897e
2020-03-09 17:49:17 +00:00
dt241s@att.com
8ec1ba0d5d Enable Apparmor Docker default to neutron
This enabled for neutron-server

Change-Id: I395c69c420ff8bdeb68847cf3edd3bde18241aa8
2020-03-05 04:05:19 +00:00
Zuul
75af494206 Merge "[Rally] Add clean up script to neutron" 2020-03-04 02:01:20 +00:00
songgongjun
0389b54578 Modify files related to overrides.
As the functions of overrides are upgraded,the
files that depend on the functions of overrides
need to be modified synchronously.This patch and
https://review.opendev.org/#/c/707788/ depend on
each other.

Story: 2007291
Task: 38753
Depends-on: https://review.opendev.org/#/c/707788/
Change-Id: I048c8fe73f8f85df465f2c829812b75be1e4f130
Signed-off-by: songgongjun <gongjun.song@intel.com>
2020-03-03 20:06:45 +08:00
Zuul
e06f53a66d Merge "OVS-DPDK: support for VLAN underlay for tunnel traffic" 2020-03-02 17:47:42 +00:00
Tin Lam
2aa32665b4 Add train release support
This patch set adds in job to test the OpenStack train releases.

Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
2020-02-28 20:19:58 +00:00
Deepak Tiwari
a101959321 OVS-DPDK: support for VLAN underlay for tunnel traffic
For OVS-DPDK deployments, where tunnel interface is bound to DPDK, there
should be support to transport the tunnel traffic over a VLAN network.

Change-Id: I1e63c9a6eb03a3f78a8592244d7c4b4928164fa5
2020-02-26 08:42:38 +00:00
Tin Lam
0b994a9c08 [Rally] Add clean up script to neutron
Rally can leave behind rally-generated network and router in the neutron
helm test. This patch set adds in a clean up script to clean up these
rally-generated resources.

Change-Id: If7dc9e4e5a659657e8a7e32f6d94703992dcd193
Signed-off-by: Tin Lam <tin@irrational.io>
2020-02-25 17:43:12 +00:00
Gage Hugo
f9dbba7043 Revert "Revert "Keystone Authtoken Cache: allow universal secret key to be set""
This reverts commit 90d070390db08abf9da42a2bac54397112bbcd48.

Change-Id: I017c6e9676b872e1aab21f9dc8aa2f93db58d49f
2020-02-21 11:16:55 -06:00
Zuul
8c6269f719 Merge "Fix health-probe concurrency and timings" 2020-02-20 22:04:40 +00:00
Zuul
7d34ef85e9 Merge "Add network namespace cleanup" 2020-02-20 19:02:55 +00:00
Sangeet Gupta
414b10fab0 Fix health-probe concurrency and timings
Changed Nova and Neutron health-probe script to exit if previous
probe process is still running.
The health-probe has RPC call timeout of 60 seconds and has 2
retries. In worst case scenario the probe process can run a little
over 180 seconds. Changing the periodSeconds so that probe starts
after previous one is complete. Also changing timeoutSeconds value
a little to give little more extra time for the probe to finish.
Increasing the liveness probe periods as they are not do critical
which will reduce the resource usage for the probes.

Co-authored-by: Randeep Jalli <rj2083@att.com>

Change-Id: Ife1c381d663c1e271a5099bdc6d0dfefb00d8d73
2020-02-18 17:24:23 +00:00
Deepak Tiwari
09d6a3e68c Add neutron-ovs-cleanup to neutron charts
neutron-ovs-cleanup needs to be run at the startup once

Change-Id: I0160bb0377082026af4aa90413196ce65cfd23c9
2020-02-18 05:11:24 +00:00
Vasyl Saienko
90d070390d Revert "Keystone Authtoken Cache: allow universal secret key to be set"
This reverts commit 1c85fdc390e05eb578874e77fad9d4ec942da791.

Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.

Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
2020-02-12 11:18:06 +00:00
Hemachandra Reddy
62db99d1d1 Add network namespace cleanup
Removes stale DHCP and L3 namespaces. The cron runs once in 12 hours.

Network namespace cleanup is implemented as a daemonset as Kubernetes
does not have a cronjob that works like daemonset-cronjob.
Network namespace cleanup should run on all nodes where DHCP and L3
agents run.

Change-Id: I7525e493067669026e0d57889a3e3238a2bd1308
2020-02-11 05:01:36 +00:00
Gage Hugo
a1fc694ae9 Move apparmor to use feature gates
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.

Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.

Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
2020-01-31 22:24:55 +00:00
Hemachandra Reddy
f00777e57d Make sure requested mtu is set
The 'options' keyword for setting mtu in 'set interface' does not
set mtu and it seems to ignore/fail the request silently.

Change-Id: Icec98c5166611a8c538f93e6326cf7d20b545ecd
2020-01-28 18:28:25 +00:00
Roy Tang
fdce0e46d9 Add QOS support for neutron sriov
Change-Id: I5a1df5d7f6cf179e8cd26a288b5749340b8827dd
2020-01-27 14:36:49 +00:00
Zuul
ff094ff354 Merge "Add functionality to specify FQDN" 2020-01-10 00:27:02 +00:00
Tin Lam
def68865a2 Add functionality to specify FQDN
Patch set to allow for FQDN for neutron agents.

Change-Id: Idde7ba35e940de59e0def35507ce2506cad672ed
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-09 16:10:37 -06:00
Tin Lam
12bee1bb97 Migrate default release to Stein
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.

Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-09 10:00:31 -06:00
Tin Lam
5057052c70 Fix feature gate envvar overriding
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.

This is to achieve parity with OSH-infra patch in [0].

[0] https://review.opendev.org/#/c/697749/

Depends-On: https://review.opendev.org/#/c/697749

Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
2019-12-17 09:49:38 +00:00
Roy Tang
97ac0575ba Update neutron ovs agent for ovs-dpdk
This ps update neutron ovs agent to support properly:
- setting mtu on dpdk bond and nic interface port
- setting vhost-iommu-support on dpdk bond and nic interface port
- setting n_txq values on dpdk bond and nic interface port

Change-Id: I422fa21a622642ecb7c49914fef04073e4f984bc
2019-12-13 10:37:10 -06:00
Prateek Dodda
bea5c63d4d Implement Security Context for Neutron
Implement container security context for the following Nova resources:
 - Neutron metadata_agent
 - Neutron ovs_agent

Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
2019-11-26 20:32:28 +00:00
Tin Lam
a25eccb7cb Implements egress network policy
This patch set adds in the egress policy for core OpenStack Services.

Depends-On: https://review.opendev.org/#/c/679853/

Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
2019-11-22 01:16:49 +00:00
Zuul
3784a3fe2f Merge "Fix readiness probe of neutron-ovs-agent for OVS<2.10.0" 2019-10-29 16:06:46 +00:00
Sphicas, Phil (ps3910)
e83f50633d neutron-ovs-agent-init: remove neutron-sanity-check
This change removes neutron-sanity-check from neutron-ovs-agent-init.
Proper dependencies now exist, as outlined in the original issue [0],
and the check is no longer required.

[0] https://github.com/att-comdev/openstack-helm/issues/88#issuecomment-270829530]

Depends-On: https://review.opendev.org/691035/
Change-Id: I6f8849ea519da76ac5289e86dbc7beb57cc9baba
Related-Bug: #1842517
2019-10-24 14:49:09 -07:00
Georg Kunz
dddbf37c0e Fix readiness probe of neutron-ovs-agent for OVS<2.10.0
A recently introduced readiness probe for neutron-ovs-agent makes use of
an OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit. Thereby it does not
give any guarantees for older versions of OVS, but at least allows the
readiness probe to pass.

Change-Id: Ic77c6bdd60730c1a7c5e55fdb4afc6db938f0ddb
2019-10-21 16:16:21 +02:00
Steve Wilkerson
9736f5f544 Update kubernetes-entrypoint image reference
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy

Depends-On: https://review.opendev.org/688435

Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-10-21 13:58:22 +00:00
Deepak Tiwari
adee9c4fe4 Include additional filters_path in rootwrap.conf
Neutron plugins (for ex. TaaS) using their own rootwrap filters install
those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory.
Therefore this path should be added to neutron values.conf file to let
these plugins function correctly.

Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
2019-10-19 16:00:56 +00:00
Zuul
083ae1d515 Merge "Remove need to configure VF during DPDK deployment" 2019-10-16 12:48:04 +00:00