This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
This ps update neutron ovs agent to support properly:
- setting mtu on dpdk bond and nic interface port
- setting vhost-iommu-support on dpdk bond and nic interface port
- setting n_txq values on dpdk bond and nic interface port
Change-Id: I422fa21a622642ecb7c49914fef04073e4f984bc
Implement container security context for the following Nova resources:
- Neutron metadata_agent
- Neutron ovs_agent
Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Neutron plugins (for ex. TaaS) using their own rootwrap filters install
those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory.
Therefore this path should be added to neutron values.conf file to let
these plugins function correctly.
Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
This PS adds octavia chart and its deployment scripts.
Blueprint name : openstack-helm-octavia
- Deployments : api, worker, housekeeping
- Daemonset : health-manager
- health-manager daemonset creates o-hm device on each controller node.
- This is for multi node deployment.
- 180-create-resource-for-octavia.sh : Create openstack resources
(network, sec groups, flavor, keypair, image for development)
- 190-create-octavia-certs.sh : Create certificates to use Octavia
(the certs is passed into pod using secret and volume for development)
- 200-octavia.sh : Deploy Octavia chart
Note: This chart doesn't include amphora image itself and its build.
Change-Id: I0bb7dfc7c15d77287c05a8542347e19fc269aba4
Signed-off-by: hagun.kim <hagun.kim@samsung.com>
This PS updates the os purge of the test project to be an optional
operator driven choice, as they will also need to ensure
the project is unique to neutron testing.
Additionally this updates the purge image to be driven by the
charts values.yaml, as with every other image in OSH.
Change-Id: I46807f7c4922a1b411386641eddbd8957ab56f05
Signed-off-by: Pete Birley <pete@port.direct>
Enhance the Neutron charts to support configuration parameters for
following additional configurations for deploying OVS with DPDK:-
1. Bonding support
2. Jumbo Frame support
3. Number of Rx Queue and Rx and Tx Queue sizes
Change-Id: I4ee7c8465825cf7d66d175446c4145a8a26b6381
Extending the Neutron with configuration parameters and scripts for
deploying OVS with DPDK support enabled. The new functionality takes
care of binding NICs to DPDK and adding those to OVS bridges of type
'netdev'.
Co-Authored-By: Rihab Banday <rihab.banday@ericsson.com>
Change-Id: I9932123986a0b723d7523136940d325bcfde983d
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
BGP-MPLS VPN extension allows attachment of Neutron networks and/or
routers to VPNs built in carrier provided WANs using these standard
protocols.
Change-Id: Ib0ec8cb22e9c113d4be1c992d895b565db5e30b0
This PS fixes a typo in the security context settings for neutrons
sriov agent.
Change-Id: I8cd255969b0f47d541cd5df68dbddde0b1fcf898
Signed-off-by: Pete Birley <pete@port.direct>
This updates the values used for generating the pod and container
security contexts for the components of the neutron chart. This
moves to using a unique application key for each neutron service
instead of a single 'neutron' key that maps to every pod
This also removes the .pod.user.neutron.uid key in favor of using
the user key in the security_context values tree
Change-Id: I1c87a5b4b74e2a2d17b8913dd34f40dc1c38fbe0
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This PS allows the probes in containers/pods to be tuned via values
overrides.
Depends-On: https://review.opendev.org/#/c/631597/
Change-Id: I439dce38a1b7df8c798f10f7fad406f9b0dfe3e6
Signed-off-by: Pete Birley <pete@port.direct>
L2 Gateway (L2GW) is an API framework that offers bridging 2+
networks together to make them look as a single broadcast domain.
A typical use case is bridging the virtual with the physical networks.
Change-Id: I95ff59ce024747f7af40c6bef0661bb3743b0af1
Implement container security context for the following Neutron resources:
- Neutron server deployment
Change-Id: Ic2600c2301bd9d7c91bc72c22a7813d07e3a8ef6
There are the changes here
1. extend current kill_metadata filter for python3 versions
2. add kill_keepalived_monitor filters (introduced for neutron with
https://review.opendev.org/#/c/636710/ )
Change-Id: If82db83bdb3bd8bebeb15382079b538fd8019376
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.
Depends-On: I5150a64bd29fa062e30496c1f2127de138322863
Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
Currently each service uses the same name for their helm test user,
"test". While this works when services are ran sequentially, when
multiple services are deployed and tested at the same time, it can
lead to a race condition where one service deletes the user before
the other is done testing, causing a failure.
This change makes it so that each service defines its own test user
in the form of [service]-test.
Change-Id: Idd7ad3bef78a039f23fb0dd79391e3588e94b73c
This patch make the db sync job template follows the same pattern
that other templates utilize the variables to make in a predictable
pattern.
Change-Id: Idbedd046c6b4fd001cf63004ffac792173a5778b
Story: 2005754
Task: 33457
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use, and updating the osh-images process or patching its
code has no impact on OSH.
This should fix it.
Change-Id: I672b8755bf9e182b15eff067479b662529a13477
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the neutron-server service.
This provides the ability to audit API requests for neutron.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I86b4df1436ae59bc9a151c28337af7c06c83e45f
to set local_ip in osh, you have to use nic name.
but some devices can have different nic name.
so I add new option for getting tunnel device by cidr.
Added value:
network:
interface:
tunnel: null
tunnel_network_cidr: "0/0"
Change-Id: I8bffae640dfe0086de0b5274bb8c3cdce9754160
Signed-off-by: Hyunkook Cho <hk0713.cho@samsung.com>
This PS tells neutron to make rabbitmq queues ha when available.
Change-Id: I708d354224a14e9b49be3faf1589f5a4791f5de9
Signed-off-by: Pete Birley <pete@port.direct>
