This PS adds a functional test of heat in the OSH gates, it also moves
most params to a seperate file - making config of the gate in non-zuul
environments simpler.
Change-Id: I37a1bc0dcc8000c5da8067a8d376c78f7cd6f7ab
This PS adds heat to the single node and Armada based deployment
checks in the gate scripts. Additionally it moves the client calls
in the check scripts to use the heat engine pod.
Change-Id: Iccc996fb2b2140ed19c6708d6033b4a9dd1bfc46
This patch set adds basic barbican test using the OpenStack Client. This
patch set also addressed an issue where the href contains a duplicate
version in the path, e.g. http://URL:xxxx/v1/v1/secrets in secret path.
Change-Id: Ie66d00d5a0b02721ba41e6bf4b5e784fb49adce8
Armada is a tool for managing multiple helm charts with dependencies by
centralizing all configurations in a single Armada yaml. This yaml is
used for a full OpenStack deployment.
Co-Authored-By: Alexis Rivera <gardlt@tetrasol.org>
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I70b41f038c2819aeaa4b2c7bb617b7b2c38441d1
Use ClusterFirstWithHostNet DNS policy so osd pods can resolve mon address
through host network
Change-Id: I7aaeee1fc26cc1812c210bfe2c0f5b131c4cbd81
Closes-Bug: #1709439
Management port exposes a HTTP REST API which can be used to
add virtual hosts and users, gather statistics and other data
about the running cluster. This also turns on the web interface
available on the management port.
Change-Id: I5e4c902d780d99e96fdd160c58227676d4676e87
Partial-Implements: blueprint service-rabbitmq-registration
This PS removes the licence header from rendered output from tiller,
significantly reducing the configmap size of charts deployed to the
cluster.
Change-Id: I5d1b246f2068f3b83bf59ba79fe8b88bbc9a6161
This PS allows the rendering of manifests to be controlled. It enables
both increased control over deployment when required but also makes
development of a feature easier to target.
Change-Id: I1716e8ee23fe5c53f935bd739ea283bc4a2a9963
This PS should make the multinode gate more reliable for ceph.
It's not perfect in that is uses the default route IPs in zuul, which
has a performance hit. The bash is also ugly as sin - but it gets us
moving again until somone has time to implement a more eligant solution
that works both in infra supplied nodes and other CI systems.
Change-Id: Ie1326f048c43d04a945ca155bde8824d17ddcbec
This PS adds labels to all jobs in OpenStack-Helm, allowing them to be
found by label searches. This makes management of large clusters using
tools like Armada easier.
Change-Id: I49b2cb7a94fab96958f187ca11e2c2a0c80ff843
While trying to regenerate the .conf files, the gen-oslo-openstack-helm
tool spits back an error because of the removal of log translations in
OpenStack [0]. This patch set replaces the removed _LW() with the default
_() so the tool does not error out unexpectedly.
[0] d5e3652d12
Change-Id: I665775ae075b6ce0d1aa74ca5732e9e6566ff174
ceph clean job tries to delete a secret. but if there's no the secret,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I863e43f576408fdcd24997bde9b658c50b0057c1
Closes-bug: 1708597
glance clean job tries to delete a image. but if there's no the image,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I3b9c3057b9da8780ca27f1cb18dcd5541f3bcabc
Closes-bug: 1708581
This PS fises a rendering erros in the joinListWithComma function
when used with values from the helm --set cli command.
From Kolla-Kubernetes: https://review.openstack.org/#/c/488513/
All Credit to: Serguei Bezverkhi
Change-Id: I013a37f5e6dec43232c6ee300be8f918f9ef554a
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
Glance bootstrap job fails due to missing 'paste_deploy' values.
This PS solves the issue by adding the values to glance chart.
Change-Id: I850863fe29c25aab9cf57eee62098e2b5d23a7f8
Closes-Bug: 1705421
