This adds the deployment of heat to the compute kit and apparmor
job in order to provide a simple mechanism for booting vms to
validate a functional cloud deployment
Change-Id: I1a0b0fd4fd708a045e82781cfe3990e23d2af581
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: I6f2125f3505904c4714688e7a9900b8d6bea49b4
This updates the openstack-helm Armada job to instead deploy
only Ceph, the OpenStack service charts, and their dependencies.
This is dependent on the addition of the Armada job for Ceph and
the LMA components to openstack-helm-infra. This also updates the
jobs definition to use the osh-gate-runner playbook instead, as
well as sets the job both to a periodic and experimental job
Depends-On: https://review.openstack.org/#/c/634676/
Depends-On: https://review.openstack.org/#/c/633067/
Change-Id: I7e191a153f123e04e123acc33fb691d8117062a9
This change adds a zuul check job to export any templated python
contained in the helm charts and scan it with bandit for any
potential security flaws.
This also adds two nosec comments on the instances of subprocess
used as they currently do not appear to be malicious, as well
as changing the endpoint_update python code to prevent sql
injection, which satisfies bandit code B608.
Change-Id: I2212d26514c3510353d16a4592893dd2e85cb369
This patchset updates the chart configuration overrides to account
for functionality supported with the move to Ocata over Newton.
This includes updating the OpenStack service logging configuration
to leverage the fluent handler/formatter that was introduced in the
Ocata release, updating Fluentd's configuration to filter out
duplicate logs, tagging logged events with their log level, and
creating separate indexes for the different log types created by
the elasticsearch templates. This also adds support for leveraging
ceph-radosgw's s3 API for Elasticsearch snapshots.
This also removes the barbican chart deployment from the
armada gate, to help alleviate resource consumption.
Change-Id: I45128bf102909e1762b832fc16ad04bedcfe4f00
This disables the deployment of gnocchi, ceilometer and mongodb
from the multinode job until we can determine the root cause of
the failures in these charts
Change-Id: I8c936cae0b814841da12aabd6d3f95e902912bda
This updates the upgrade host playbook in openstack-helm to match
the playbook used in openstack-helm-infra. The recent addition of
adding an apparmor profile to the calico chart requires us to
do the same setup on hosts in the openstack-helm jobs before
attempting to deploy calico
Change-Id: I264ba4ee8a2f24ffcbb36e28f6b91bbc114b406d
This begins the reordering of the openstack-helm gates. This
deprecates the single node checks/gates that deployed the entire
stack in favor of single node checks/gates that are focused on
deploying charts with only their dependencies to reduce the
number of checks/gates required for a particular change. This also
moves the armada check to experimental, and moves the multinode
checks/gates to run as periodics. This will be followed up by
additional efforts to streamline these changes and incorporate
previous work targeting the same.
Change-Id: I63b87aceefc79a7a42c325669f2b4e3abb0c961c
This patch set updates the gate to by default uses network policy
for all components and enforces them in Openstack-helm.
Change-Id: I70c90b5808075797f02670f21481a4f968205325
Depends-On: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates the gate playbooks to both be slightly more
uniform in their instantiation, and also exposes the targeted
openstack release as an env var in scripts ran.
Change-Id: I4a2ab99bd3b1586703bf53e54231b0f08623a7d8
Signed-off-by: Pete Birley <pete@port.direct>
We should replace role name from deploy-yq to deploy-jq.
Depends-On: https://review.openstack.org/578703
Change-Id: I5deb4fecbee9f70e6be63189d4afa81e5c71ad4b
The task names in the dev deploy playbooks for deploying k8s
were mistakenly named after the previous tasks. This fixes them
appropriately
Change-Id: Ifc9c1ceda5b62532a44b83733aad9755165f5b55
This PS enables API access from VMs in the gate and development env
Change-Id: I0639e43dc88cbe8bf4cfe102320e2a8bf9025073
Depends-On: I32c8e752675b037610f77c8baee1c1636d5a032e
Signed-off-by: Pete Birley <pete@port.direct>
This PS uses the defaults contained within the roles used in the
gate.
Depends-On: I5ad1b593a711ffe353b012394d54044dede0691d
Change-Id: I52730474cefb917a23b679f4ff0703afd2b44989
This PS updates the cephs config to deploy radosgw with greater
swift compatibility. Allowing clients to use RGW as though it
were a real swift deployment.
Change-Id: Id0a27b42b7f9c0c9e4b5a197ef50feb612e6adfc
This PS moves to use the infra mirrors for kubeadm-aio when built
in openstack-infra.
Depends-On: Id9a4bf2b13051dfcf5aea688511da24cd245de9c
Change-Id: I26a728fda937900406192be8a7301c3874abc934
Add basic functioning tempest chart for testing of
OpenStack services. This also adds an experimental
gate for running a multinode deployment with tempest
Change-Id: Id4bb3447345719133e5862514dfd5bc5bac5677d
This patch set updates the paths so OSH-addons gate
can take advantage of the paths set up here.
Change-Id: I4f0f6ebb19042d035bd70deb26b557814cc0d2d1
Signed-off-by: Tin Lam <tin@irrational.io>
This moves to consume the roles from openstack-helm-infra
in the openstack-helm gates
Depends-On: https://review.openstack.org/559836
Change-Id: I3ed721333b899f8dde812f1843a9fcb074c63121
This PS updates the heat templates, reducing the size of the
launched vm. In addition cinder is enabled in the ceph dev
pipeline, this is possible due to the resources no longer
consumed by the test vm.
Change-Id: I9efe6fe643c636b660dd54b60dfe7c8785d7fec2
This PS allows to test rbd storage backend when apply glance. Currently,
only radosgw is verified after ceph distribution.
Change-Id: Ia3c2c915a2e9a65b09123b8e1c47892069c9ae1b
Blueprint: add-rbd-gate
This patch set adds a nv-gating with an OpenLDAP server with some sample
data loaded for development or testing use using a bootstrap job.
This patch set also adds confirming authentication works using domain-
specific configuration for keystone.
Consolidated change from: https://review.openstack.org/#/c/552976/
Co-Authored-By: Gage Hugo <gagehugo@gmail.com>
Change-Id: I1aeccffc018d0fcefc8e2b15a4ac6b83cb2be8b6
Signed-off-by: Tin Lam <tin@irrational.io>
This PS allows the neutron and nova charts to dynamicly adapt to
various backends.
Depends-On: I0ec13f45fd4561fec59d08b08eb78390a3866156
Change-Id: I1891af4b0e49237e229ff5e61e907dc3e413cf87
Splits the armada fullstack deploy playbook out to put each armada
action into its own script, and includes the validation action to
the tasks performed on each manifest
Change-Id: I600d74e3d44d0c0ea0432b20204bfdf4d97baa7a
This PS moves the DNS nameservers used in the smoketest heat
template to use the k8s DNS on the dev host.
Change-Id: I3a5f9eb2689f01ee2ef216843b80fbe2607eb5bc
Use a utility container for ipcalc on all platforms; this avoids
having to find the package on platforms where it's not easily
available and we avoid argument differences.
Change-Id: I6c6e719f8eeb8d4214ebb0111e9d8f8b659db396
This PS moves the default image in OSH for most services to use LOCI
and also provides a Kolla gate for newton openstack.
Change-Id: Ice6cb9f89bc3ce6e8280e580d215aedda9e71904
This adds a check to openstack-helm for deploying the full osh +
lma stack with armada. It deploys a manifest that will install
a rabbitmq and memcached per openstack service
Depends-On: Id58f85f150054d82c047bd360258ebe9e571360f
Change-Id: Ie2cb29279a7e47570b7faee82828f7ec753ab73f
This PS updates the heat template to output the Floating IP, which
makes the gate scripts compatible with the current master clients
when used with newton images.
Change-Id: I8e429b504ede521612c91d7563a8c5e4953bdbb4
This PS adds a 5 node basic gate for OSH, using the same format as the
dev-deploy guide. Follow on commits will:
* Remove redundant gate scripts
* Add documentation, in the same format as the AIO guide
* Add all remaining services in OSH
* Enable Helm test for all services
Change-Id: I7b72dc4777e88cae2b8a4d842c41a17a526079a2
Depends-On: Ie9b23174fade3df4a87f2b771ea654e2081b4f4e
As with the rbd_provisioner deployment, cephfs_provisioner should
only be deployed to the ceph namespace. This change just disables
that deployment in the openstack namespace.
Change-Id: Idfec8fbdd9408bd292d8770a3690b1b77de2b22d
