When Deployment of compute nodes is not on all nodes (e.g.Total 5 nodes,but 3 compute nodes),The original method counts all nodes instead of compute nodes,This can result in less than 100% and the process will get stuck,this is a bug!
Change-Id: I39c5d2014146925afe7fd896123a705c19005ff9
When using a helm3 to deploy , it fails
Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can
support helm2 and helm3.
This change optimized deployment.
Change-Id: Id3dbbe721f4ded3c54d82852d9c155253d226867
The motivation is to remove 127.0.0.1 in connection_uri and so
can allow live migration in libvirtd.
Plus, realize tls on libvirt to secure.
Now /run is already mounted so it should work
Depends-On: https://review.opendev.org/752263
Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea
Bidirectional mount propagation doesn't work as expected,
HostToContainer does and is the safer option for now.
Change-Id: Ia0b0ab1a74991745cd74d3629d23f86bd8ff5296
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359
Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset
Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
IPC is used by the multipath processes, hostIPC should be set so
semaphore operations work between the nova-compute pod and the host.
Without this things like `multipath -f ...` stall until timeout.
Change-Id: Iaeb6dff2ae934eabf5faddf930ba2029c0698f90
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382
Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.
Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I10b12db8019beb42005764430711694a61c8d17b
This patch set adds the missing secret mount for nova-service-cleaner.
Change-Id: Ide9be4875c22bfd2a65a42ac8c0a6c6682f49f4d
Signed-off-by: Tin Lam <tin@irrational.io>
In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.
Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I3ba6fcf0cc6ff97a306866f2d2b408635519ff02
The current overrides do not function correctly, and should have
been setup with a multistring. This change corrects this to
deploy right in nova.
Change-Id: If709ea5d18399dc0d135351c2bdcdbd324663ad7
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.
The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.
This patchset doesn't have Heat-related changes,
they'll be added later.
Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
There is a reference error in the parameter "client_interface" in the "_
nova-console-compute-init.sh.tpl" file, now fix it.
Change-Id: I0b1bdd348e1f424afda9aa2183c0e876afd12968
Some nova settings for huge_page reservation can be needed when
deploying things like ovs-dpdk to avoid running out of memory.
This change adds in the values override for setting huge_page
reservations as an example to use when overriding nova values.
Change-Id: I9ee13d3a8bcaabf50a449cb2566cfb0fe8212484
This patch disables other placement service kubernetes resources.
Change-Id: I12c2627820975a44f639ff3c0a2508a5e292db47
Signed-off-by: Tin Lam <tin@irrational.io>
The cleanup script used for router, network, server, and flavor does not
account for the first column being the resource ID. Matching via
^[sc]_rally will always result in an empty return. This fix now correctly
matches the the name of the second column. This also fixes an issue where
rally creates flavor as "private", adding --all so it cleans up the
private flavors as well.
Change-Id: Id1a0e31e56b51fd92a95e8588d259ce21fa839d6
Signed-off-by: Tin Lam <tin@irrational.io>
This patch changes the default stein deployment to use a
separate placement service chart deployment, rather than
using nova.
Change-Id: I73fe9577468e28a129332a1415b877a505ac204e
Signed-off-by: Tin Lam <tin@irrational.io>
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch adds ability to unhardcode readiness/
liveness probes timings. Moreover it introduces
RPC_PROBE_TIMEOUT and RPC_PROBE_RETRIES variables
which are passed to health probe script and
allow to unhardcode RPCtest timeout and number of
retries
Change-Id: I2498a14e97557feafbd45c8df3c683f8500026e6