Commit Graph

244 Commits

Author SHA1 Message Date
Gage Hugo
a8f1474d15 Update nova default image values
This change updates the default image values for nova from ocata
to ussuri to match the rest of the defaults.

Change-Id: I8c5c4e1cd743236b9403293e695e1c4ac096f879
2022-04-27 17:52:44 +00:00
Gage Hugo
d1b72aa35e Remove nova-placement from nova chart
nova-placement has been removed as of train, since we
do not support openstack releases before train, it
is no longer needed. This change removes nova-placement
from the nova chart and all the overrides, as well as
changes the compute-kit scripts to always deploy
the placement chart.

Change-Id: Ic8649371fe9e954806cbe4bf11c589fb58c7a88d
2022-04-07 14:50:29 -05:00
josebb
8b2ba7b029 Support TLS endpoints in nova
This allows nova to consume TLS openstack endpoints.
Jobs consume openstack endpoints, typically identity endpoints.
And nova itself interact with other openstack services via
endpoints.

Change-Id: Iff4422360ca51e94fd1b00854693e266cc202390
2022-04-01 19:05:59 +03:00
Thiago Brito
45ea26175b Enable taint toleration for nova
This changes use the helm-toolkit template for toleration
in openstack services

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: I72a4f6073eaf19c662ccd0b3e35ca62c5b88ad65
2022-03-28 10:44:19 -03:00
Gage Hugo
f3de6d808a Remove consoleauth in nova
Nova consoleauth was removes several releases ago and most of our
overrides were specifically needing to disable it in order to
deploy. Since it is no longer in nova, this change removes the
nova consoleauth support from the nova chart.

Change-Id: I0a27265330156a11f6049e9beaaa14a38d8a4a93
2022-03-26 18:49:30 -05:00
Gage Hugo
03d401970c Cleanup old releases in nova
This change removes several older openstack release overrides
that are no longer used for nova. Also updates the default
image values to use the ussuri release of openstack.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm/+/835112

Change-Id: I4798ead36de9b41e085796792dbcf5adc7f3c8d6
2022-03-24 19:48:27 +00:00
Anderson, Craig (ca846m)
d514395d81 Improve health probe logging for nova and neutron
1. Log specific compute services failing rabbitMQ socket tests in nova
   health probe
2. Log specific compute services failing Database socket tests in nova
   health probe
3. Make log level configurable for nova and neutron health probes

Change-Id: I5e5d909d598af734596eb1732ae42808c1f6cd12
2022-02-22 10:05:15 +00:00
Thiago Brito
c63b1920d5 Fix nova-compute-ssh init to execute as runAsUser
On _ssh-init.sh.tpl, despite one change the runAsUser for the
nova-compute container on the securityContext, the ssh keys are always
being copied into the 'nova' user's folder. This change fixes it by
getting the correct user defined on the securityContext and copying the
keys to its correct folder.

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ia7883dc4626a295892eb4637ef717b0b1725ac89
2022-01-12 17:32:12 -03:00
Huy Tran
1d7f880c42 Add check for number of computes in cell-setup-init script
This PS further enhances [1] to handle case where present
computes are up, but the number of present computes is not
equal to total number of expected computes.

[1] https://review.opendev.org/c/openstack/openstack-helm/+/815086

Change-Id: Idb2a7aeb202fe29fc528ba0dde987e7e0ee65a95
2021-11-03 11:09:02 -05:00
Huy Tran
6b785b16dc Add option to extend the wait for cell-setup-init
In some deployement environments, nova compute processes took a bit
longer to register on all hosts, and vm/server is instantiated almost
immediately before the process is registered on remaining hosts.
This PS enhances the cell-setup-init script to enable option to
extend the wait before performing discover hosts.

Change-Id: Ie9867e64c554d4f39fdc7432823a1869f0b4a520
2021-10-26 19:03:48 +00:00
Gupta, Sangeet (sg774j)
b75545d0c6 nova: Define service cleaner sleep time
This makes the service cleaner sleep time if any service is down
provisionable.

Change-Id: If55a22c4f22ff0a48767dae3d57aca6c3c8cccac
2021-10-05 14:34:13 +00:00
Gupta, Sangeet (sg774j)
0c80a415bf nova: Give service time to restore
nova-service-cleaner job deletes the service which are down. If the
database is down, the service will go down as well. When database comes
back up, all the services starts to come back to up status. If the
nova-service-cleaner is run in this interim time, the service that
were down gets deleted. These would have come up if the job had not
run. Adding sleep to this job to give service time to come back up
if recovering. The sleep is set to 2 times the report_interval.

Change-Id: Ia292d19508e9449ccb40d1100b1d56b1283e5d53
2021-10-05 05:10:39 +00:00
xuxant02@gmail.com
a33ea84f91 Removed policies from values file
Removing the hardcoded policy document from the values file of helm chart in favor of policy in code.

Change-Id: I5c3c4699cafc76d3aa7d9c94f6e15eeff3f22b6c
2021-09-24 15:18:20 +05:45
Susanta Gautam
bd825495a4 Added helm.sh/hook annotations for nova chart
Chart upgrading was failing due to some immutable fields are needed to be upgraded before the jobs can be upgraded. For solving this issue, helm.sh/hook annotations with post-install and post-upgrade has been added. As for hook-weight annotations, we have added these to control the flow of the jobs with hook creation as the jobs are dependent. Like, db-init jobs need to run before db-sync and so on. Also, helm3_hook value is added in values.yaml file in case hooks needs to be disabled if needed.

Change-Id: I4d489f5ded94f19dd3fcf58dafde00b18ff5bcae
2021-08-17 21:10:38 +05:45
Andrii Ostapenko
3ac3caa013 Add support for Victoria and Wallaby
Defines compute kit and cinder jobs for new releases with
corresponding values overrides.

Disables compute agent list test for Wallaby since related API
is removed [0].

Since Wallaby with switch of osc to sdk '--id auto' is no longer
treated specially in 'openstack flavor create'. The same behavior
can be achieved w/o specifying --id flag for flavor creation [1].

Starting Wallaby 'nova-manage api_db version' returns init version
for empty database greater than 0 [2]. _db-sync.sh.tpl logic prior to
this commit does not work due to this. We need to either remove
(done in current commit) or justify and alter previous logic.

[0] https://review.opendev.org/749309
[1] https://review.opendev.org/750151
[2] https://opendev.org/openstack/nova/src/branch/stable/wallaby/nova/db/sqlalchemy/migration.py#L32

Change-Id: I361431d9aa8c1a06c5d59f479fb161ecd87e2ee2
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-08-02 15:46:07 +00:00
Gupta, Sangeet (sg774j)
7d3cd164ab nova: Add image clean up to rally test
Clean any images created by rally after the test is complete.

Change-Id: I266d0c94959971d259742958802ffce25448eaa7
2021-07-06 12:20:17 +00:00
xuxant02@gmail.com
f3d361d2f7 Added cronjob for nova which will be cleaning the databases.
Script has been created with archve_deleted_rows which will run as
cronjob to move the deleted rows from production table to shadow table.

Change-Id: I1cd3e523301b1aaeb3366288d128e23aae5e0780
2021-06-24 15:49:35 +05:45
Gage Hugo
c775184bdd Set reasonable default probe timeouts
This change modifies the default values for all of the readiness
and liveness probes to something a bit less aggressive, namely
the default timeout of 1 second.

Change-Id: Ib389aebb2450f8ed134ef8f75110b559d1a4f2ee
2021-06-18 19:12:15 -05:00
zhen
5bb9b20112 Replace deprecated configuration
``[vnc]/vncserver_proxyclient_address`` was deprecated, so we replace it with ``server_proxyclient_address``

Change-Id: I142710ffab2aa407a09318e4b8517938ed28f3c8
2021-05-27 10:05:34 +08:00
Haider, Nafiz (nh532m)
c900712f30 feat(tls): Make openstack services compatible with rabbitmq TLS
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/770678

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: I11e9ad3f4079b0e12e498f9ed57e5b87ae9dc66a
2021-05-21 01:27:18 +00:00
jinyuan
7137a71700 Host resource scale adjustment about ironic
Ironic does not need to reserve system resources, otherwise it will cause flavor to be unable to schedule.

Change-Id: I454d0468ae3424cc92d470c15a40ad96c01cf311
2021-04-20 14:32:12 +08:00
jinyuanliu
aa5e622b47 BUG for deploying multiple compute nodes
When Deployment of compute nodes is not on all nodes (e.g.Total 5 nodes,but 3 compute nodes),The original method counts all nodes instead of compute nodes,This can result in less than 100%  and the process will get stuck,this is a bug!

Change-Id: I39c5d2014146925afe7fd896123a705c19005ff9
2021-02-27 09:32:27 +08:00
okozachenko
20a1208b20 Use unix socket to connect libvirt in nova
The motivation is to remove 127.0.0.1 in connection_uri and so
can allow live migration in libvirtd.
Plus, realize tls on libvirt to secure.
Now /run is already mounted so it should work

Depends-On: https://review.opendev.org/752263
Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea
2021-02-18 04:48:41 +02:00
Hemachandra Reddy
766ce51ba9 Establish Nova/Placement dependencies
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382

Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.

Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
2020-09-30 16:41:54 +00:00
okozachenko
74b119db35 Add nova-compute-ssh
Change-Id: Ia555bb69182441d5f17040504efc7d1d524e59ec
2020-09-25 17:39:05 +03:00
okozachenko
a8fc28696d Sync logging values with upstream repos
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.

Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
2020-09-15 19:15:05 +03:00
Gupta, Sangeet (sg774j)
94642833dd [nova] fix cell0 database connection
This patchset sets/updates the Database Connection for cell0 to
correct value in the database.

Change-Id: I4d445023691b748a7de0d256433bd17c7958cc04
2020-08-13 20:55:40 +00:00
Zuul
b6365afc93 Merge "Add missing security context to Nova pods/containers" 2020-08-06 05:39:50 +00:00
PrateekDodda
27dac1d2c1 Add missing security context to Nova pods/containers
This updates the Nova chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I10b12db8019beb42005764430711694a61c8d17b
2020-08-05 20:07:15 +00:00
Shuicheng Lin
67eefcf381 Correct limits and os-availability-zone's policy setting
In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.

Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-08-03 13:48:58 +08:00
Gage Hugo
44882d60e2 Update xrally version to 2.0.0
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.

Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
2020-07-31 20:00:24 +00:00
sgupta
702c17eb78 feat(tls): Make openstack services compatible with mariadb with TLS
Depends-on: https://review.opendev.org/#/c/741037/
Change-Id: I21f4ede3bd18c0af8da1eba60cd0b7b932a31410
2020-07-14 23:32:03 +00:00
Zuul
861da9e355 Merge "Add missing security context to Nova pods/containers" 2020-07-13 18:33:57 +00:00
Andrii Ostapenko
44d263b2bf Enable templates linting
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates

with corresponding code changes.

Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.

* Unrestrict octal values rule since benefits of file modes readability
  exceed possible issues with yaml 1.2 adoption in future k8s versions.
  These issues will be addressed when/if they occur.

Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-11 00:52:51 +00:00
Andrii Ostapenko
0807ecb354 Add security context from snippet for tungstenfabric container
Change-Id: I4db982e8f600288ec954d4c019f096bd8dcd7e52
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-11 00:52:46 +00:00
Tin Lam
918a307427 feat(tls): add tls support to openstack services
This patch set enables TLS for the following OpenStack services: keystone,
horizon, glance, cinder, heat, nova, placement and neutron for s- (stein)
and t- (train) release. This serves as a consolidation and clean up patch
for the following patches:

[0] https://review.opendev.org/#/c/733291
[1] https://review.opendev.org/#/c/735202
[2] https://review.opendev.org/#/c/733962
[3] https://review.opendev.org/#/c/733404
[4] https://review.opendev.org/#/c/734896

This also addresses comments mentioned in previous patches.

Co-authored-by: Gage Hugo <gagehugo@gmail.com>
Co-authored-by: sgupta <sg774j@att.com>

Depends-on: https://review.opendev.org/#/c/737194/

Change-Id: Id34ace54298660b4b151522916e929a29f5731be
Signed-off-by: Tin Lam <tin@irrational.io>
2020-07-10 09:36:31 -05:00
DODDA, PRATEEK REDDY (PD2839)
a955108d1a Add missing security context to Nova pods/containers
This updates the Nova chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I3ba6fcf0cc6ff97a306866f2d2b408635519ff02
2020-07-06 23:25:54 +00:00
Zuul
8c073c5767 Merge "[nova] Unhardcode readiness/liveness probe timings" 2020-06-03 07:36:07 +00:00
Andrii Ostapenko
8cfa2aa390 Enable yamllint checks
- brackets
- braces
- colon
- commas
- comments
- document-end
- document-start
- empty-lines
- hyphens
- indentation
- new-line-at-end-of-file
- new-lines
- octal-values
- trailing-spaces

with corresponding code adjustment.

Also add yamllint.conf under the check.

Change-Id: Ie6251c9063c9c99ebe7c6db54c65d45d6ee7a1d4
2020-05-27 19:16:34 -05:00
Tin Lam
6d35251cf1 fix(rally): update cleanup
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.

Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-10 22:07:52 +00:00
Gage Hugo
db79e79788 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
2020-04-03 20:53:32 +00:00
Oleksii Grudev
af4e2aaadd [nova] Unhardcode readiness/liveness probe timings
This patch adds ability to unhardcode readiness/
liveness probes timings. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest  timeout and number of
retries

Change-Id: I2498a14e97557feafbd45c8df3c683f8500026e6
2020-04-01 14:54:57 +03:00
Huang, Sophie (sh879n)
8a7b7ba086 Enable Cinder backends to use iSCSI for data traffic
In this patchset, the iSCSI protocol support is added
to enable Cinder to use iSCSI based storage backends.

Bootable volumes are not supported, only VM attached
volumes are supported for this initial patchset.

Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0
2020-03-16 14:23:23 +00:00
Gage Hugo
f9dbba7043 Revert "Revert "Keystone Authtoken Cache: allow universal secret key to be set""
This reverts commit 90d070390d.

Change-Id: I017c6e9676b872e1aab21f9dc8aa2f93db58d49f
2020-02-21 11:16:55 -06:00
Vasyl Saienko
90d070390d Revert "Keystone Authtoken Cache: allow universal secret key to be set"
This reverts commit 1c85fdc390.

Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.

Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
2020-02-12 11:18:06 +00:00
Tin Lam
b17b378390 Add rally clean up script
This patch set adds in a script that cleans up orphaned or
lingering rally helm test pods.

Depends-On: https://review.opendev.org/#/c/683759/

Change-Id: I94fc8d067b421248cf74fe40b2e8520f63d4417c
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-31 19:18:01 +00:00
Tin Lam
12bee1bb97 Migrate default release to Stein
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.

Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-09 10:00:31 -06:00
Tin Lam
bf434ffd67 Add capability for using FQDN in nova compute
This patch set adds in a capability for the user to defaultly use a
FQDN for the nova compute hostname and the hypervisor hostname when
the host is not explicitly specified in the .Values.conf override.

Change-Id: I3243068dfe91ebb97b3885002296a0f454822ec5
Co-authored-by: Drew Walters <andrew.walters@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-01 20:01:25 +00:00
Cliff Parsons
58291db1a6 Add capability to wait on compute nodes
This patchset adds the capability to the Nova chart to be able to wait
for a percentage of the compute nodes/hypervisors to become ready/available
before continuing on with the deployment. It will be disabled by default,
because this is a feature that may or may not be needed in production
deployments.

Change-Id: I971151a663afc87e7d62efa4ab3723c5472a3736
2019-12-17 02:48:49 +00:00
Prateek Dodda
4fdbf3c07a Implement Security Context for Nova
Implement container security context for the following Nova resources:
 - Nova server deployment

Change-Id: Ide4f413d4b27bfbffd4e941ff4f87aefe5a319a8
2019-11-27 15:30:32 -06:00