OpenStack services already moved to use policy in code.
No need to have policy file at this point, at least no need to put
default policy rule to policy.yaml file anymore.
To put in duplicate rules, will cause unnecessay logs and process.
Also not healthy for policy in code maintain as the `default` rules in
openstack-helm might override actual default rules in code which we
might not even mean to change it at all.
Change-Id: I29ea57aa80444ed64673818e597c9ca346ba7b2f
port number in neutron
Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.
I added `service` section in endpoint items apart from admin,public
,internal and default.
Change-Id: I38dca50a8462faa4e9a7eeed56839b1b996eae06
This allows neutron to consume TLS openstack endpoints.
Jobs consume openstack endpoints, typically identity endpoints.
And neutron itself interact with other openstack services via
endpoints.
Change-Id: I204b8a1a5a1fb253ea4207f5f5d76d47fac41bef
Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142
Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: Ib33118af841b3273f146d94c6499c232b793a0be
1. Log specific compute services failing rabbitMQ socket tests in nova
health probe
2. Log specific compute services failing Database socket tests in nova
health probe
3. Make log level configurable for nova and neutron health probes
Change-Id: I5e5d909d598af734596eb1732ae42808c1f6cd12
Adding a helm3_hook in values.yaml file in case hooks needs
to be disabled (e.g. on Helm v2).
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I1c03ea9ee88d1306283ce577b100c9864bec5d1b
As dnsmasq.conf data in configmap-etc secret was empty, there was no option
to override it. Added the section in the values.yaml file where the dnsmasq.conf
config can be added which will be reflected in dhcp-agent.
Change-Id: If11c33f6f837dbf0d16e54cc92cabf399e773968
This patch allow Neutron to start taking advantage of the rootwrap
daemon which should significantly increase performance.
Change-Id: I9d4f8dd8f9d36dc558e5e280b8f8193212345f34
In the Victoria cycle oslo.policy decided to change all default policies
to yaml format. Today on openstack-helm we have a mix of json and yaml
on projects and, after having a bad time debugging policies that should
have beeing mounted somewhere but was being mounted elsewhere, I'm
proposing this change so we can unify the delivery method for all
policies across components on yaml (that is supported for quite some
time). This will also avoid having problems in the future as the
services move from json to yaml.
[1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f
The PS updates Rally tests and removes "name" parameter. According to
Rally documentation [0] this parameter was always ignored. Latest version of Rally (2.1.0) is failing with a message: "Scenario plugin
'NeutronNetworks.<...>' doesn't pass restricted_parameters@default
validation. Details: You can't specify parameters 'name' in
'network_update_args/port_update_args/router_update_args/subnet_update_args'"
[0] https://github.com/openstack/rally-openstack/blob/2.1.0/CHANGELOG.rst
Change-Id: If4e80dfcb56a6e1daa1a055285329f9fc2d58332
Updated neutron to use an Nginx sidecar to terminate internal TLS rather
than using Apache with a separate RPC servers. Multiple RPC servers (in
sidecar) causes communication issues with RabbitMQ causing expected
errors.
Change-Id: Iaa6d3d64b730a54b1b85a338517bcb5be1842bda
Signed-off-by: Tin Lam <tin@irrational.io>
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This commit enables user to update dpdk bond config
only when required using the flag UPDATE_DPDK_BOND_CONFIG.
This helps in avoiding disruption in ovs dpdk during ovs
agent restart or when there is a update in bond config.
Setting UPDATE_DPDK_BOND_CONFIG to true will have default
behavior.
Setting UPDATE_DPDK_BOND_CONFIG to false will disable
configuration of bonds after the first run and can be
set to true when required.
Change-Id: I4c8ec145c8f1c1c1b5f7a5201f792e040fdd89a2
jq is not a part of xrally-openstack container, so using something worse
for the same instead of producing an extra image.
Change-Id: I0f22488fcb9f0247e6279e6754393f22b2dd0251
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Passing config files from other agents result in
incorrent loading of extensions.
Value metadata_proxy_socket should be set in neutron.conf
Change-Id: If22168ccc77c918f7cfcb5d9d0d548f02d2a09e9
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
This updates the Neutron chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I50ccec785eb3b18d6c00df2ad5f566a72db4604d
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.
Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch adds ability to unhardcode readiness/
liveness probes timings for those probes which still
were hardcoded. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest timeout and number of
retries
Change-Id: I2e48eed26abb82208a4ac4ae596d27ca8db99c90
This reverts commit 09d6a3e68c3d95e27ce7a7395735d058062e9d17.
It causes failures during brown field upgrade.
Change-Id: Ie619358bd0ae046bfb94b9e9d811251b54d2897e
For OVS-DPDK deployments, where tunnel interface is bound to DPDK, there
should be support to transport the tunnel traffic over a VLAN network.
Change-Id: I1e63c9a6eb03a3f78a8592244d7c4b4928164fa5
Rally can leave behind rally-generated network and router in the neutron
helm test. This patch set adds in a clean up script to clean up these
rally-generated resources.
Change-Id: If7dc9e4e5a659657e8a7e32f6d94703992dcd193
Signed-off-by: Tin Lam <tin@irrational.io>
Changed Nova and Neutron health-probe script to exit if previous
probe process is still running.
The health-probe has RPC call timeout of 60 seconds and has 2
retries. In worst case scenario the probe process can run a little
over 180 seconds. Changing the periodSeconds so that probe starts
after previous one is complete. Also changing timeoutSeconds value
a little to give little more extra time for the probe to finish.
Increasing the liveness probe periods as they are not do critical
which will reduce the resource usage for the probes.
Co-authored-by: Randeep Jalli <rj2083@att.com>
Change-Id: Ife1c381d663c1e271a5099bdc6d0dfefb00d8d73
This reverts commit 1c85fdc390e05eb578874e77fad9d4ec942da791.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
Removes stale DHCP and L3 namespaces. The cron runs once in 12 hours.
Network namespace cleanup is implemented as a daemonset as Kubernetes
does not have a cronjob that works like daemonset-cronjob.
Network namespace cleanup should run on all nodes where DHCP and L3
agents run.
Change-Id: I7525e493067669026e0d57889a3e3238a2bd1308
