458 Commits

Author SHA1 Message Date
zhen
5bb9b20112 Replace deprecated configuration
``[vnc]/vncserver_proxyclient_address`` was deprecated, so we replace it with ``server_proxyclient_address``

Change-Id: I142710ffab2aa407a09318e4b8517938ed28f3c8
2021-05-27 10:05:34 +08:00
Haider, Nafiz (nh532m)
c900712f30 feat(tls): Make openstack services compatible with rabbitmq TLS
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/770678

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: I11e9ad3f4079b0e12e498f9ed57e5b87ae9dc66a
2021-05-21 01:27:18 +00:00
Tin
f5a70102b2 fix(perm): fixes template permission
Some nova gotpl files have +x permission. This changes it so they are
consistent with the other gotpl files.

Change-Id: Ifcd4c1032b41363ea8b1d43407315d68d7e9eec8
Signed-off-by: Tin <tin@irrational.io>
2021-05-17 11:26:01 -05:00
Gage Hugo
5233582991 Remove support for openstack releases older than T
This change bumps each openstack chart version up to the next
greatest minor version of 0.2.0, signifying that openstack-helm
will no longer support older, EOL releases for each chart.

Change-Id: I7ce80c7bdc779c1de4472079f18102f506bfbb90
2021-04-29 12:04:34 -05:00
jinyuan
7137a71700 Host resource scale adjustment about ironic
Ironic does not need to reserve system resources, otherwise it will cause flavor to be unable to schedule.

Change-Id: I454d0468ae3424cc92d470c15a40ad96c01cf311
2021-04-20 14:32:12 +08:00
jinyuan
1fda67d9cd Fix the nova-compute-ironic label issue
The nova-compute-ironic label is "compute", but the label chosen by affinity is "compute-ironic", which results in multiple replicas on the same node.

Change-Id: If947be6cd400e32d3455f07a85f4263c4b17cb87
2021-04-19 15:21:37 +08:00
Karl Kloppenborg
d2e2d58a5f Add ISCSI Multipath support when enable_iscsi true
When using iscsi in both cinder and nova multipath tooling access is not
currently available. This commit provides the host system access to
configure and control multipath.
This commit has been tested in our own production systems however this
is my first commit into Openstack-Helm so please review carefully and
provide me guidance on what I might be able to do better.

Change-Id: I4f017f67a5d80b9c931e2ee1653062aa503a7fd9
2021-04-12 08:28:56 +00:00
Mohammed Naser
fdd6b4507d Use first IP address for interface
It is possible than an interface has multiple IP addresses, for
simplicity of this change, use the first one so that the service
can start.

We can look later into improving it to accept some sort of index
for the IP address.

Change-Id: Ie856f54331d689a51bfd6de45db5820b765797ef
2021-03-10 15:47:24 -05:00
okozachenko
04d600c5b0 Mount /dev/pts in nova-compute container
Nova will check if pty device exist or not under /dev/pts
when get console log.
If it does not exist, cannot get console log.
ref: https://review.opendev.org/c/starlingx/config/+/660268

Change-Id: I2793d1f51c18e81a4271b8b0c50bfe1a2dab8a09
2021-03-01 17:43:42 +02:00
jinyuanliu
aa5e622b47 BUG for deploying multiple compute nodes
When Deployment of compute nodes is not on all nodes (e.g.Total 5 nodes,but 3 compute nodes),The original method counts all nodes instead of compute nodes,This can result in less than 100%  and the process will get stuck,this is a bug!

Change-Id: I39c5d2014146925afe7fd896123a705c19005ff9
2021-02-27 09:32:27 +08:00
Nafiz Haider
ca47e3c974 Re-enable "feat(tls): Change Issuer to ClusterIssuer""
This reverts commit 2ec17153c6cb918dd357f71824ec59dd0d74dfba.

Reason for revert: resolved bug with cluster issuer versioning

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21
2021-02-26 02:43:09 +00:00
jinyuan
3a05f5c3f9 Update rbac api version for nova
When using a helm3 to deploy , it fails
Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can
support helm2 and helm3.

This change optimized deployment.

Change-Id: Id3dbbe721f4ded3c54d82852d9c155253d226867
2021-02-19 09:01:25 +08:00
okozachenko
20a1208b20 Use unix socket to connect libvirt in nova
The motivation is to remove 127.0.0.1 in connection_uri and so
can allow live migration in libvirtd.
Plus, realize tls on libvirt to secure.
Now /run is already mounted so it should work

Depends-On: https://review.opendev.org/752263
Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea
2021-02-18 04:48:41 +02:00
Chris Wedgwood
61c167d359 [nova,cinder] Use HostToContainer mount propagation
Bidirectional mount propagation doesn't work as expected,
HostToContainer does and is the safer option for now.

Change-Id: Ia0b0ab1a74991745cd74d3629d23f86bd8ff5296
2021-02-02 12:19:57 +00:00
Tin Lam
2ec17153c6 Revert "feat(tls): Change Issuer to ClusterIssuer"
This reverts commit 43e75eaa83cc6958fa0a6af55783cbe2645cfde7.

Reason for revert: Doing this as part of the revert here - https://review.opendev.org/c/openstack/openstack-helm-infra/+/772733

Change-Id: I9c04a35c179d23ec1b7612b4f87d9d16352985cc
2021-01-27 17:09:42 -06:00
sgupta
43e75eaa83 feat(tls): Change Issuer to ClusterIssuer
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359

Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
2021-01-19 13:47:09 +00:00
Sphicas, Phil (ps3910)
c7c19e85c0 Use HostToContainer mountPropagation
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.

Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset

Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
2021-01-07 20:27:08 +00:00
Hemachandra Reddy
35f55106c0 Swap SSH key names to reflect the correct key
Change-Id: Ic43f7b3113942d296728b06f1fcb82bd9fbd3e44
2021-01-04 15:15:38 -06:00
Chris Wedgwood
097632ebbf [nova-compute] Enable hostIPC
IPC is used by the multipath processes, hostIPC should be set so
semaphore operations work between the nova-compute pod and the host.

Without this things like `multipath -f ...` stall until timeout.

Change-Id: Iaeb6dff2ae934eabf5faddf930ba2029c0698f90
2020-12-22 17:23:08 -06:00
okozachenko
0b1ed76014 Remove deprecated os_region_name for placement
Change-Id: I0ef2ac278ce2d6f7f05683f68c1541bae8013361
2020-11-09 23:14:49 +00:00
Hemachandra Reddy
766ce51ba9 Establish Nova/Placement dependencies
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382

Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.

Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
2020-09-30 16:41:54 +00:00
okozachenko
74b119db35 Add nova-compute-ssh
Change-Id: Ia555bb69182441d5f17040504efc7d1d524e59ec
2020-09-25 17:39:05 +03:00
Andrii Ostapenko
20b6b9a236
Change helm-toolkit dependency version to ">= 0.1.0"
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0

Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-09-24 12:20:13 -05:00
Zuul
28669f8854 Merge "Sync logging values with upstream repos" 2020-09-17 04:08:40 +00:00
Mohammed Naser
89969ade3a Add chart-testing linter
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.

Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
2020-09-16 21:12:17 +03:00
okozachenko
a8fc28696d Sync logging values with upstream repos
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.

Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
2020-09-15 19:15:05 +03:00
Gupta, Sangeet (sg774j)
94642833dd [nova] fix cell0 database connection
This patchset sets/updates the Database Connection for cell0 to
correct value in the database.

Change-Id: I4d445023691b748a7de0d256433bd17c7958cc04
2020-08-13 20:55:40 +00:00
Andrii Ostapenko
08ea8ec314
feat(tls): added mariadb certs to placement and nova-metadata
Change-Id: I9a26d3db41e745a35209d531ec707734dd33659d
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-08-11 15:39:23 -05:00
Zuul
b6365afc93 Merge "Add missing security context to Nova pods/containers" 2020-08-06 05:39:50 +00:00
PrateekDodda
27dac1d2c1 Add missing security context to Nova pods/containers
This updates the Nova chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I10b12db8019beb42005764430711694a61c8d17b
2020-08-05 20:07:15 +00:00
Gupta, Sangeet (sg774j)
2c031b882b feat(tls): added mariadb certs to nova-placement
This patchset add maraibd certs to the nova-placement for it
to connect securley with mariadb.

Change-Id: Icece0c108cb8bacfaae187d183afa56a8cdfc492
2020-08-05 19:18:27 +00:00
Zuul
0b79db10a9 Merge "fix(tls): mounts missing secret" 2020-08-03 20:37:18 +00:00
Tin Lam
945d0828c7 fix(tls): mounts missing secret
This patch set adds the missing secret mount for nova-service-cleaner.

Change-Id: Ide9be4875c22bfd2a65a42ac8c0a6c6682f49f4d
Signed-off-by: Tin Lam <tin@irrational.io>
2020-08-03 16:38:37 +00:00
Shuicheng Lin
67eefcf381 Correct limits and os-availability-zone's policy setting
In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.

Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-08-03 13:48:58 +08:00
Gage Hugo
44882d60e2 Update xrally version to 2.0.0
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.

Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
2020-07-31 20:00:24 +00:00
sgupta
702c17eb78 feat(tls): Make openstack services compatible with mariadb with TLS
Depends-on: https://review.opendev.org/#/c/741037/
Change-Id: I21f4ede3bd18c0af8da1eba60cd0b7b932a31410
2020-07-14 23:32:03 +00:00
Zuul
861da9e355 Merge "Add missing security context to Nova pods/containers" 2020-07-13 18:33:57 +00:00
Andrii Ostapenko
44d263b2bf Enable templates linting
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates

with corresponding code changes.

Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.

* Unrestrict octal values rule since benefits of file modes readability
  exceed possible issues with yaml 1.2 adoption in future k8s versions.
  These issues will be addressed when/if they occur.

Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-11 00:52:51 +00:00
Andrii Ostapenko
0807ecb354 Add security context from snippet for tungstenfabric container
Change-Id: I4db982e8f600288ec954d4c019f096bd8dcd7e52
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-11 00:52:46 +00:00
Tin Lam
918a307427 feat(tls): add tls support to openstack services
This patch set enables TLS for the following OpenStack services: keystone,
horizon, glance, cinder, heat, nova, placement and neutron for s- (stein)
and t- (train) release. This serves as a consolidation and clean up patch
for the following patches:

[0] https://review.opendev.org/#/c/733291
[1] https://review.opendev.org/#/c/735202
[2] https://review.opendev.org/#/c/733962
[3] https://review.opendev.org/#/c/733404
[4] https://review.opendev.org/#/c/734896

This also addresses comments mentioned in previous patches.

Co-authored-by: Gage Hugo <gagehugo@gmail.com>
Co-authored-by: sgupta <sg774j@att.com>

Depends-on: https://review.opendev.org/#/c/737194/

Change-Id: Id34ace54298660b4b151522916e929a29f5731be
Signed-off-by: Tin Lam <tin@irrational.io>
2020-07-10 09:36:31 -05:00
Zuul
135e2c8b64 Merge "Add TungstenFabric compatibility to charts" 2020-07-08 13:47:49 +00:00
DODDA, PRATEEK REDDY (PD2839)
a955108d1a Add missing security context to Nova pods/containers
This updates the Nova chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I3ba6fcf0cc6ff97a306866f2d2b408635519ff02
2020-07-06 23:25:54 +00:00
Gage Hugo
72b3a855c5 Fix nova overrides
The current overrides do not function correctly, and should have
been setup with a multistring. This change corrects this to
deploy right in nova.

Change-Id: If709ea5d18399dc0d135351c2bdcdbd324663ad7
2020-06-28 21:16:11 +00:00
OlegBravo
4f2eb8cac6 Add TungstenFabric compatibility to charts
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.

The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.

This patchset doesn't have Heat-related changes,
they'll be added later.

Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
2020-06-26 10:39:20 +03:00
Zuul
1fb8310770 Merge "Fix wrong parameter reference" 2020-06-09 19:36:21 +00:00
Zuul
8c073c5767 Merge "[nova] Unhardcode readiness/liveness probe timings" 2020-06-03 07:36:07 +00:00
Zuul
bab51777c9 Merge "Enable Apparmor to osh test Pods" 2020-06-01 22:55:17 +00:00
diwakar thyagaraj
477602f2e7 Enable Apparmor to osh test Pods
Change-Id: I0a67f66cc4ed8a1e3a5c3c458b7c1521f9169160
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-06-01 18:32:51 +00:00
zhen
ceac208357 Fix wrong parameter reference
There is a reference error in the parameter "client_interface" in the "_
nova-console-compute-init.sh.tpl" file, now fix it.

Change-Id: I0b1bdd348e1f424afda9aa2183c0e876afd12968
2020-05-30 16:58:00 +08:00
Gage Hugo
4e1cf47626 Add override for huge_pages configrations in nova
Some nova settings for huge_page reservation can be needed when
deploying things like ovs-dpdk to avoid running out of memory.

This change adds in the values override for setting huge_page
reservations as an example to use when overriding nova values.

Change-Id: I9ee13d3a8bcaabf50a449cb2566cfb0fe8212484
2020-05-29 21:30:28 +00:00