Switch osh fuctional jobs to osh-infra-job-runner playbook inheriting
from openstack-helm-infra-functional.
Specify gate_scripts_relative_path var for each job to support the
case when corresponding jobs defined in osh are invoked from another
project to allow playbook know where to look for gate scripts.
Depends-On: https://review.opendev.org/740557
Change-Id: I315f04ef7bdf5bf97d09843de8f878e2d15377dc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This change moves the tungsten fabric check down to the periodic
checks with the other feature overrides, removes several duplicate
checks that are currently non-functional, and moves the rest to
experimental.
Also moves the compute-kit jobs back to using the default
single-node nodeset due to cloudedge going down and not
enough available 32gb nodes as a result
Change-Id: Ib4f314d5246af8756611346ed4919492d98510a5
- This is to make use of loopback devices for ceph osds since
support for directory backed osds going to depricate.
- Move to bluestore from filestore for ceph-osds.
Change-Id: Ia95c9ceb81f7d253dd582a2e753a6ed8fe60a04d
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.
The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.
This patchset doesn't have Heat-related changes,
they'll be added later.
Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
We're running compute kit jobs on the edge of current flavor
capabilities and actually exceeding it with TLS enabled.
With this change compute kit TLS commit successfully pass check
jobs.
Change-Id: Ide1a1600f2e19fcb91ec7d90c8f316283b2d9697
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This patch set cleans up and moves some jobs to experimental and
periodic to reduce the resources need on infra.
Change-Id: I7567b57521a36e7da6490c4e65522b32eccf5a51
Signed-off-by: Tin Lam <tin@irrational.io>
Co-Authored by gage Hugo <gagehugo@gmail.com>.
This Patchset creates Zuul Gate Jobs for apparmor to support Cinder.
Change-Id: I7705512a3b50560b183e19f0868be40078241cdd
This change sets the files attribute for the zuul job that runs
the horizon check to only run that check when a file change is made
under the horizon chart directory.
Change-Id: I3703b39216d6139f28d00b7fc0bf098514bdbe6d
This patch set addresses an issue with the placement component of nova
breaking the network policy job.
Also, make the network policy jobs voting to ensure things do not break.
Change-Id: I41dfa6a335a915dbaf08114c2e14e906c76e85ba
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.
Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in a capability for the user to defaultly use a
FQDN for the nova compute hostname and the hypervisor hostname when
the host is not explicitly specified in the .Values.conf override.
Change-Id: I3243068dfe91ebb97b3885002296a0f454822ec5
Co-authored-by: Drew Walters <andrew.walters@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This disables the keystone-auth single node job and all multinode
periodic and experimental jobs while standing issues with the
kubeadm-aio image deployment are sorted out
Change-Id: I4e1de001ddf17b3c035ca174b7ef8acec8f2bf2c
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
As agreed on the weekly meeting, its time to enable the jobs
so we dont break them with new changes
Change-Id: I567a19b81a6d780f8a461d62a5d17531f9c1be1b
This removes the service specific job definitions that currently
run periodically, as they add no value (as they're currently part
of the compute kit jobs). This helps ensure we have a workable
history of our multinode periodic jobs, as the current number of
periodic jobs limits us to ~2 days of history with no added value
Change-Id: Id525ca4895de2673bed2b638b816834bcf34e131
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This PS adds checks for the Stein Release of OpenStack in Ubuntu Bionic
containers.
Depends-On: https://review.opendev.org/667726
Change-Id: Icfad3434ca496a841993b95adaf5d853728d920f
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for running the Rocky release of Openstack under
Python3 in Ubuntu Bionic containers.
Change-Id: I269cef9f8f157e22f6b857822df9a8960dac6ea8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Rocky Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: Ieed4a6a3afa6e3ebd9b2f72ba227aac891d65214
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Queens Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I0d4d427e43f06fa955dfd275859939d0adca113c
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the gates we have with duplicated coverage to
periodics, reducing the load we place on -infra with each ps
Change-Id: I03086d05abc8e14dab60494d1126e849f97ee375
Signed-off-by: Pete Birley <pete@port.direct>
This PS indroduces a simpler way to incorp over-rides into gate
runs, and also ensures that they are scoped to a single chart, rather
than all of the charts deployed within a gate run.
Depends-On: https://review.opendev.org/666957
Change-Id: I49edf52cc1fc5ec60ee9754c28880c9c0c54492e
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Pike Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I402584bbcdd53a4a6bc21f370586b3498142bf81
Signed-off-by: Pete Birley <pete@port.direct>
This adds a helm test for Horizon, the helm test
runs a selenium webdriver check to verify the dashboard
is up
Change-Id: I3616c05596b2bd94931c39fb774333bf65453d52
Signed-off-by: Steve Wilkerson <sw5822@att.com>
There is currently no testing of the Leap 15 images in OSH.
This addresses it by:
- Using the values_overrides folder according to the multi-os
spec, creating value override files there for changes that
needs to happen on Leap 15 images.
- Point to the right images using the previously created folder,
to allow using those in CI easily.
- Change CI to use previously created overrides.
Depends-On: https://review.openstack.org/#/c/651501
Change-Id: I520d3676195c62b253a19397c86b0d0fbabee710
This adds the deployment of heat to the compute kit and apparmor
job in order to provide a simple mechanism for booting vms to
validate a functional cloud deployment
Change-Id: I1a0b0fd4fd708a045e82781cfe3990e23d2af581
This adds a nonvoting apparmor check job to openstack-helm, which
allows for the removal of default apparmor profiles from the nova
chart. This job also includes overrides for using the default
docker apparmor profile for the neutron chart
Change-Id: I8f407f24b7f10c5d7cf10f21f73671f7e6c72767
This changes the gate check for bandit to only run when either python
or templated python files are edited. This will cause the check
to only be ran when those specific file types are edited, and to
skip the check when not needed.
Change-Id: I149ef6827ca10e32492f2b05beb8a13af5a03fc5
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: I6f2125f3505904c4714688e7a9900b8d6bea49b4
This updates the openstack-helm Armada job to instead deploy
only Ceph, the OpenStack service charts, and their dependencies.
This is dependent on the addition of the Armada job for Ceph and
the LMA components to openstack-helm-infra. This also updates the
jobs definition to use the osh-gate-runner playbook instead, as
well as sets the job both to a periodic and experimental job
Depends-On: https://review.openstack.org/#/c/634676/
Depends-On: https://review.openstack.org/#/c/633067/
Change-Id: I7e191a153f123e04e123acc33fb691d8117062a9
This change adds a zuul check job to export any templated python
contained in the helm charts and scan it with bandit for any
potential security flaws.
This also adds two nosec comments on the instances of subprocess
used as they currently do not appear to be malicious, as well
as changing the endpoint_update python code to prevent sql
injection, which satisfies bandit code B608.
Change-Id: I2212d26514c3510353d16a4592893dd2e85cb369
A change was merged that had commented out the check jobs. This
simply uncomments them so checks run against changes to
openstack-helm
The change can be found here: https://review.openstack.org/#/c/591808/48
Change-Id: Ia100f1248ebe783d154420c543a9b19fb1ba4ccc
