Commit Graph

35 Commits

Author SHA1 Message Date
josebb
1e49055cea Add helm hook annotation in placement db-sync and db-migrate jobs
Change-Id: I9e64a9e8f5082f23f29ebb831b1ad9cab1975165
2022-04-06 12:17:08 +03:00
Thiago Brito
2846d79e49 Enable taint toleration for placement
This changes use the helm-toolkit template for toleration
in openstack services

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Change-Id: I8f63c285cb53090cd7eb0b663bb94fc892dc1a3f
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
2022-03-22 15:39:41 -03:00
Gage Hugo
c20c1e4400 Update htk requirements repo
As part of the move to helm v3, all the charts in the OSH repos
will no longer lint/build properly due to a lack of helm serve
in helm v3.

This change modifies the helm-toolkit repo location to the
osh-infra repo in order to account for the removal oh helm serve.

This work is part of the migration to helm v3 and will be utilized
in future changes.

Change-Id: I90d25943d69ad6c76455f7778a4894f00c525c46
2021-10-10 18:45:28 -05:00
Gage Hugo
1e651dc3c3 Helm 3 - Fix Job Labels
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies

Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.

[0]: https://github.com/helm/helm/pull/7649

Change-Id: Ib5a7eb494fb776d74e1edc767b9522b02453b19d
2021-10-06 13:54:58 -05:00
Susanta Gautam
7ca67915a3 Added helm.sh/hook annotations for placement chart jobs
Chart upgrade fails as some immutable fields in job are needed to be applied earlier then the job manifests. To solve the problem, helm.sh/hook annotations with post-install and post-upgrade values can be used so that the jobs are the last one to be applied after all the manifests. As jobs are dependent one services, hook weight is used to maintain the job creation order.

Change-Id: I7551977599d376e4d240fff5cb9d002fc918d9fe
2021-08-27 18:09:42 +05:45
Andrii Ostapenko
3ac3caa013 Add support for Victoria and Wallaby
Defines compute kit and cinder jobs for new releases with
corresponding values overrides.

Disables compute agent list test for Wallaby since related API
is removed [0].

Since Wallaby with switch of osc to sdk '--id auto' is no longer
treated specially in 'openstack flavor create'. The same behavior
can be achieved w/o specifying --id flag for flavor creation [1].

Starting Wallaby 'nova-manage api_db version' returns init version
for empty database greater than 0 [2]. _db-sync.sh.tpl logic prior to
this commit does not work due to this. We need to either remove
(done in current commit) or justify and alter previous logic.

[0] https://review.opendev.org/749309
[1] https://review.opendev.org/750151
[2] https://opendev.org/openstack/nova/src/branch/stable/wallaby/nova/db/sqlalchemy/migration.py#L32

Change-Id: I361431d9aa8c1a06c5d59f479fb161ecd87e2ee2
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-08-02 15:46:07 +00:00
Kabanov, Dmitrii
b1abce9a75 Add Ussuri release support
The PS adds the set of overrides for Ussuri release.

Change-Id: I6b3055e376aa14d0c2ecbea638e6e9ba3b03bde5
2021-06-30 16:47:22 -07:00
Gage Hugo
5233582991 Remove support for openstack releases older than T
This change bumps each openstack chart version up to the next
greatest minor version of 0.2.0, signifying that openstack-helm
will no longer support older, EOL releases for each chart.

Change-Id: I7ce80c7bdc779c1de4472079f18102f506bfbb90
2021-04-29 12:04:34 -05:00
Nafiz Haider
ca47e3c974 Re-enable "feat(tls): Change Issuer to ClusterIssuer""
This reverts commit 2ec17153c6.

Reason for revert: resolved bug with cluster issuer versioning

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21
2021-02-26 02:43:09 +00:00
Tin Lam
2ec17153c6 Revert "feat(tls): Change Issuer to ClusterIssuer"
This reverts commit 43e75eaa83.

Reason for revert: Doing this as part of the revert here - https://review.opendev.org/c/openstack/openstack-helm-infra/+/772733

Change-Id: I9c04a35c179d23ec1b7612b4f87d9d16352985cc
2021-01-27 17:09:42 -06:00
sgupta
43e75eaa83 feat(tls): Change Issuer to ClusterIssuer
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359

Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
2021-01-19 13:47:09 +00:00
okozachenko
d5882e97ff Add null check condition in placement deployment manifest
Checking log_config_append vaule is missing in deloyment template
for Placement.

Change-Id: I0f2a0ca7d26320d599fac69ee091ca34b455c481
2020-11-25 21:12:15 +02:00
Andrii Ostapenko
b50ea497b5 Use proper default placement image
Change-Id: Ia7404d29fd7353b75550e25859f3aa1897989671
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-10-05 19:23:36 +00:00
Hemachandra Reddy
766ce51ba9 Establish Nova/Placement dependencies
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382

Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.

Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
2020-09-30 16:41:54 +00:00
Andrii Ostapenko
20b6b9a236
Change helm-toolkit dependency version to ">= 0.1.0"
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0

Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-09-24 12:20:13 -05:00
Zuul
c8d85cc5e2 Merge "Implement missing security context for placement container" 2020-09-17 19:38:42 +00:00
PrateekDodda
22c1c5310c Implement missing security context for placement container
This change adds security context template at pod/container level

Change-Id: I47e1076a33deb5493ec5562466d00f2bfa62ae0a
2020-09-17 11:13:26 -05:00
Zuul
28669f8854 Merge "Sync logging values with upstream repos" 2020-09-17 04:08:40 +00:00
Mohammed Naser
89969ade3a Add chart-testing linter
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.

Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
2020-09-16 21:12:17 +03:00
okozachenko
a8fc28696d Sync logging values with upstream repos
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.

Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
2020-09-15 19:15:05 +03:00
diwakar thyagaraj
2ae6f9200a Enable Apparmor to Placement db-migrate Jobs
Change-Id: I15141ff74cbc731238d634fb11995d21234327ba
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-08-14 00:40:27 +00:00
Andrii Ostapenko
08ea8ec314
feat(tls): added mariadb certs to placement and nova-metadata
Change-Id: I9a26d3db41e745a35209d531ec707734dd33659d
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-08-11 15:39:23 -05:00
Hemachandra Reddy
610159a4fd Adds apparmor profile to Placement pods
Change-Id: I075ec8351faa44b3d133b4bc1182213bd6527588
2020-08-07 19:49:10 +00:00
sgupta
702c17eb78 feat(tls): Make openstack services compatible with mariadb with TLS
Depends-on: https://review.opendev.org/#/c/741037/
Change-Id: I21f4ede3bd18c0af8da1eba60cd0b7b932a31410
2020-07-14 23:32:03 +00:00
Andrii Ostapenko
44d263b2bf Enable templates linting
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates

with corresponding code changes.

Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.

* Unrestrict octal values rule since benefits of file modes readability
  exceed possible issues with yaml 1.2 adoption in future k8s versions.
  These issues will be addressed when/if they occur.

Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-11 00:52:51 +00:00
Tin Lam
918a307427 feat(tls): add tls support to openstack services
This patch set enables TLS for the following OpenStack services: keystone,
horizon, glance, cinder, heat, nova, placement and neutron for s- (stein)
and t- (train) release. This serves as a consolidation and clean up patch
for the following patches:

[0] https://review.opendev.org/#/c/733291
[1] https://review.opendev.org/#/c/735202
[2] https://review.opendev.org/#/c/733962
[3] https://review.opendev.org/#/c/733404
[4] https://review.opendev.org/#/c/734896

This also addresses comments mentioned in previous patches.

Co-authored-by: Gage Hugo <gagehugo@gmail.com>
Co-authored-by: sgupta <sg774j@att.com>

Depends-on: https://review.opendev.org/#/c/737194/

Change-Id: Id34ace54298660b4b151522916e929a29f5731be
Signed-off-by: Tin Lam <tin@irrational.io>
2020-07-10 09:36:31 -05:00
Andrii Ostapenko
8cfa2aa390 Enable yamllint checks
- brackets
- braces
- colon
- commas
- comments
- document-end
- document-start
- empty-lines
- hyphens
- indentation
- new-line-at-end-of-file
- new-lines
- octal-values
- trailing-spaces

with corresponding code adjustment.

Also add yamllint.conf under the check.

Change-Id: Ie6251c9063c9c99ebe7c6db54c65d45d6ee7a1d4
2020-05-27 19:16:34 -05:00
Tin Lam
03d7871896 feat(placement): add mysql migration script
This patch set places in a placement database migration script to
upgrade an installation from one without the placement service to one
with the placement service.

Change-Id: I1a9abb4999beac26b140a8302665f5c63901e71d
Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-21 06:19:46 +00:00
Tin Lam
a99046654a fix(policy): update the default policy
This updates the policy.yaml file with the latest rules generated by
tox -egenpolicy in openstack/placement project.

Change-Id: I43a2fb00121eb7addd5b07378eb51aeb273aedfb
Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-20 00:02:35 -05:00
Zhipeng Liu
bdbea96326 Allow more generic overrides for placement
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.

The following values are introduced to be overriden:
conf:
  security:
  software:
    apache2:
      binary:
      start_flags:
      a2enmod:
      a2dismod:

On which:
 * binary: the binary to use for launching apache
 * start_flags: any flags that will be passed to the apache binary call
 * a2enmod: mods to enable
 * a2dismod: mods to disable

Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.

Change-Id: I77940ff847fc5785178ee5cf84cb77bed9f1ec71
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
2020-05-12 02:14:01 +00:00
Tin Lam
18d381260d chore(images): update placement images
This patch set brings all the placement images to stein, so they are
inline with other services. Also, this updates the dep_check to use one
in the airshipit repo instead of stackanetes repo.

Change-Id: Ie4bd8142fcf37ba7a296109a720c4412ebb7fd01
Signed-off-by: Tin Lam <tin@irrational.io>
2020-04-30 14:46:13 -05:00
rajesh.kudaka
78d1624ad3 Add netpol value overrides for placement chart
Change-Id: Iea52d94a1b5cf1db41ce694349e49e6311a47333
2020-03-19 16:53:37 +00:00
Tin Lam
661ea06142 Fix the correct image
This patch set fixes the images for train placement service that were
previously unavailable in dockerhub.

Change-Id: If280455a9bb74a25f1d465d09b4ca2eaf19b1d48
Signed-off-by: Tin Lam <tin@irrational.io>
2020-03-13 04:19:14 +00:00
Tin Lam
2aa32665b4 Add train release support
This patch set adds in job to test the OpenStack train releases.

Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
2020-02-28 20:19:58 +00:00
zhipengl
4925e1c47e Add placement chart
This commit adds a helm chart to deploy placement.

Related test pass on simplex and multi-node setup

Story: 2005799
Task: 33532

Depends-On: https://review.opendev.org/#/c/672678/

Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
2020-02-20 08:27:51 +00:00