This patch makes a change to the Helm chart so that it migrates the
IP addresse assigned to an interface to `br-ex`. It's assumed that
if the operator put an IP address on that interface, they likely
need it, and if they just had no IP address then it's there for L2
connectivity so nothing won't happen anyways.
Change-Id: I17dc2e532dc8b472a5c5c16ff2ec2bdcfb5bfac5
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: Ib33118af841b3273f146d94c6499c232b793a0be
When, for some reason, the neutron netns agent is misconfigured and is
producing errors, this infinite recursion is generating a deadlock on
cpu usage since it repeats with no interval. This fix adds some shorter
sleeps to work around it.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Icf840ea965d0652d6118a1b840168df95ba95fac
1. Log specific compute services failing rabbitMQ socket tests in nova
health probe
2. Log specific compute services failing Database socket tests in nova
health probe
3. Make log level configurable for nova and neutron health probes
Change-Id: I5e5d909d598af734596eb1732ae42808c1f6cd12
Adding a helm3_hook in values.yaml file in case hooks needs
to be disabled (e.g. on Helm v2).
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I1c03ea9ee88d1306283ce577b100c9864bec5d1b
As dnsmasq.conf data in configmap-etc secret was empty, there was no option
to override it. Added the section in the values.yaml file where the dnsmasq.conf
config can be added which will be reflected in dhcp-agent.
Change-Id: If11c33f6f837dbf0d16e54cc92cabf399e773968
Using local variables outside of function is not allowed
in bash. During adding route it tries to delete cached
route and fails with "Not found" because it can delete only
user created routes, so we need to omit Cached routes
in ovs/route/show listing.
Change-Id: Ifc8da7fc36206f7ebd2e6198dbf192a5a40261af
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed
rabbitmq support should be added.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188
Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
In the Victoria cycle oslo.policy decided to change all default policies
to yaml format. Today on openstack-helm we have a mix of json and yaml
on projects and, after having a bad time debugging policies that should
have beeing mounted somewhere but was being mounted elsewhere, I'm
proposing this change so we can unify the delivery method for all
policies across components on yaml (that is supported for quite some
time). This will also avoid having problems in the future as the
services move from json to yaml.
[1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f
Chart upgrading was failing due to some immutable fields in job are needed to upgrade. So, we thought using the post-install and post-upgrade
helm hook for job to force the job resource to execute after all resources are created. And as some jobs are dependent on each other i.e.
some jobs needs to run in order for helm hook to be successful. For that we used hook-weight to control resource creation order.
Change-Id: I26881324d101a986b7367d4682e9adcd07a24b13
In the ovs agent code, some of the secret ref are hardcoded, and
it breaks the host/label overrides mechanism. This patchset
fixes it.
Change-Id: Icf3ffc86fde77b1948e86cfd62e83fbdfe16ad8e
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset
Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
Since metadata server is accessed via dhcp namespace, dhcp relies on
conf.OVS.datapath_type for [0] logic to disable checksum offloading
that is not supported with ovs-dpdk, making metadata server not available.
[0] https://opendev.org/openstack/neutron/src/branch/stable/train/neutron/agent/linux/interface.py#L444-L446
Change-Id: I382af9d9e83b39fd9a616351e7cd5a752a603e77
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
neutron-rpc-server container was removed and nginx container
was added here in this commit https://review.opendev.org/#/c/758919/4
Change-Id: Ie7b3a23ea8d7a5d3b1788bce1c1419fe1f627b75
Updated neutron to use an Nginx sidecar to terminate internal TLS rather
than using Apache with a separate RPC servers. Multiple RPC servers (in
sidecar) causes communication issues with RabbitMQ causing expected
errors.
Change-Id: Iaa6d3d64b730a54b1b85a338517bcb5be1842bda
Signed-off-by: Tin Lam <tin@irrational.io>
The lack of quotes means if it defaults to nothing, Kubernetes is not
happy because it is trying to set a nil value instead of an empty
string.
Change-Id: I7af08b93a4df92acd9d428266aaa7922a66cf599
This commit enables user to update dpdk bond config
only when required using the flag UPDATE_DPDK_BOND_CONFIG.
This helps in avoiding disruption in ovs dpdk during ovs
agent restart or when there is a update in bond config.
Setting UPDATE_DPDK_BOND_CONFIG to true will have default
behavior.
Setting UPDATE_DPDK_BOND_CONFIG to false will disable
configuration of bonds after the first run and can be
set to true when required.
Change-Id: I4c8ec145c8f1c1c1b5f7a5201f792e040fdd89a2
This commit removes 'del-port' commands in neutron ovs
agent init script. Since, 'add-bond' command allows
modification of the existing options, the commands
being removed are not required. This also allows to
avoid disruptions in ovs caused by deleting ports on
restart.
Change-Id: I7201b87da7b20e1ca8efedf5d86a23123ccfa150
Passing config files from other agents result in
incorrent loading of extensions.
Value metadata_proxy_socket should be set in neutron.conf
Change-Id: If22168ccc77c918f7cfcb5d9d0d548f02d2a09e9
This patch set puts in the missing certificates to the test-pod.
It also corrects the path of sriov_agent.ini file
Change-Id: Ice2124f92a36d545726243fff60db25fbb2ea9c0
OVS_CTL file is required by other parts of the init
script.
This reverts commit a9693843d77525decefc8a0ba0528624f9e11350.
Change-Id: Ia11dc18e0b13d5fe01918a4c7febb82b19303527
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Neutron chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I50ccec785eb3b18d6c00df2ad5f566a72db4604d
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.
The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.
This patchset doesn't have Heat-related changes,
they'll be added later.
Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch adds ability to unhardcode readiness/
liveness probes timings for those probes which still
were hardcoded. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest timeout and number of
retries
Change-Id: I2e48eed26abb82208a4ac4ae596d27ca8db99c90
There is a bug with the Intel i40e driver version 2.11.21 or earlier
where the interface VF spoof check must be toggle on and off after bond
is created (TODO: insert release note or bug here)
Change-Id: I9723e52fc87291f5e90df29a154c04180cbfe955
