In the ovs agent code, some of the secret ref are hardcoded, and
it breaks the host/label overrides mechanism. This patchset
fixes it.
Change-Id: Icf3ffc86fde77b1948e86cfd62e83fbdfe16ad8e
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359
Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset
Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
Since metadata server is accessed via dhcp namespace, dhcp relies on
conf.OVS.datapath_type for [0] logic to disable checksum offloading
that is not supported with ovs-dpdk, making metadata server not available.
[0] https://opendev.org/openstack/neutron/src/branch/stable/train/neutron/agent/linux/interface.py#L444-L446
Change-Id: I382af9d9e83b39fd9a616351e7cd5a752a603e77
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
neutron-rpc-server container was removed and nginx container
was added here in this commit https://review.opendev.org/#/c/758919/4
Change-Id: Ie7b3a23ea8d7a5d3b1788bce1c1419fe1f627b75
Updated neutron to use an Nginx sidecar to terminate internal TLS rather
than using Apache with a separate RPC servers. Multiple RPC servers (in
sidecar) causes communication issues with RabbitMQ causing expected
errors.
Change-Id: Iaa6d3d64b730a54b1b85a338517bcb5be1842bda
Signed-off-by: Tin Lam <tin@irrational.io>
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
The lack of quotes means if it defaults to nothing, Kubernetes is not
happy because it is trying to set a nil value instead of an empty
string.
Change-Id: I7af08b93a4df92acd9d428266aaa7922a66cf599
This commit enables user to update dpdk bond config
only when required using the flag UPDATE_DPDK_BOND_CONFIG.
This helps in avoiding disruption in ovs dpdk during ovs
agent restart or when there is a update in bond config.
Setting UPDATE_DPDK_BOND_CONFIG to true will have default
behavior.
Setting UPDATE_DPDK_BOND_CONFIG to false will disable
configuration of bonds after the first run and can be
set to true when required.
Change-Id: I4c8ec145c8f1c1c1b5f7a5201f792e040fdd89a2
jq is not a part of xrally-openstack container, so using something worse
for the same instead of producing an extra image.
Change-Id: I0f22488fcb9f0247e6279e6754393f22b2dd0251
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit removes 'del-port' commands in neutron ovs
agent init script. Since, 'add-bond' command allows
modification of the existing options, the commands
being removed are not required. This also allows to
avoid disruptions in ovs caused by deleting ports on
restart.
Change-Id: I7201b87da7b20e1ca8efedf5d86a23123ccfa150
Passing config files from other agents result in
incorrent loading of extensions.
Value metadata_proxy_socket should be set in neutron.conf
Change-Id: If22168ccc77c918f7cfcb5d9d0d548f02d2a09e9
This patch set puts in the missing certificates to the test-pod.
It also corrects the path of sriov_agent.ini file
Change-Id: Ice2124f92a36d545726243fff60db25fbb2ea9c0
OVS_CTL file is required by other parts of the init
script.
This reverts commit a9693843d77525decefc8a0ba0528624f9e11350.
Change-Id: Ia11dc18e0b13d5fe01918a4c7febb82b19303527
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Neutron chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I50ccec785eb3b18d6c00df2ad5f566a72db4604d
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.
The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.
This patchset doesn't have Heat-related changes,
they'll be added later.
Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.
Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
