481 Commits

Author SHA1 Message Date
Thiago Brito
c63b1920d5 Fix nova-compute-ssh init to execute as runAsUser
On _ssh-init.sh.tpl, despite one change the runAsUser for the
nova-compute container on the securityContext, the ssh keys are always
being copied into the 'nova' user's folder. This change fixes it by
getting the correct user defined on the securityContext and copying the
keys to its correct folder.

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ia7883dc4626a295892eb4637ef717b0b1725ac89
2022-01-12 17:32:12 -03:00
Huy Tran
1d7f880c42 Add check for number of computes in cell-setup-init script
This PS further enhances [1] to handle case where present
computes are up, but the number of present computes is not
equal to total number of expected computes.

[1] https://review.opendev.org/c/openstack/openstack-helm/+/815086

Change-Id: Idb2a7aeb202fe29fc528ba0dde987e7e0ee65a95
2021-11-03 11:09:02 -05:00
Phil Sphicas
46692e21d9 Fix nova-bootstrap job labels
Similar to earlier changes [0] [1], this change ensures that the labels
for the nova-boostrap job are consistently applied under .metadata and
.spec.template.metadata.

Unfortunately, there was a conflict in the "application" label that was
unresolvable in a backwards-compatible way.

    metadata:
      labels:
        application: nova-bootstrap
    spec:
      template:
        metadata:
          labels:
            application: nova
            ...

The standard helm-toolkit labels are now applied in both places, and the
application: nova-bootstrap label is removed.

0: https://review.opendev.org/c/openstack/openstack-helm/+/812233
1: https://review.opendev.org/c/openstack/openstack-helm/+/813300

Change-Id: I72275f3cf59ca8c1677922ca3b6f2e10b5578ab0
Depends-On: I0c892be5aba7ccd6e3c378e4e45a79d2df03c06a
2021-11-02 14:38:19 +00:00
Huy Tran
6b785b16dc Add option to extend the wait for cell-setup-init
In some deployement environments, nova compute processes took a bit
longer to register on all hosts, and vm/server is instantiated almost
immediately before the process is registered on remaining hosts.
This PS enhances the cell-setup-init script to enable option to
extend the wait before performing discover hosts.

Change-Id: Ie9867e64c554d4f39fdc7432823a1869f0b4a520
2021-10-26 19:03:48 +00:00
Gage Hugo
c20c1e4400 Update htk requirements repo
As part of the move to helm v3, all the charts in the OSH repos
will no longer lint/build properly due to a lack of helm serve
in helm v3.

This change modifies the helm-toolkit repo location to the
osh-infra repo in order to account for the removal oh helm serve.

This work is part of the migration to helm v3 and will be utilized
in future changes.

Change-Id: I90d25943d69ad6c76455f7778a4894f00c525c46
2021-10-10 18:45:28 -05:00
Gage Hugo
1e651dc3c3 Helm 3 - Fix Job Labels
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies

Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.

[0]: https://github.com/helm/helm/pull/7649

Change-Id: Ib5a7eb494fb776d74e1edc767b9522b02453b19d
2021-10-06 13:54:58 -05:00
Gupta, Sangeet (sg774j)
a772a30f07 nova: Update script to true of grep does get anything.
Change-Id: I54addea00b4ab91d8fe4925f88cacd582888a7f3
2021-10-06 14:02:45 +00:00
Gupta, Sangeet (sg774j)
b75545d0c6 nova: Define service cleaner sleep time
This makes the service cleaner sleep time if any service is down
provisionable.

Change-Id: If55a22c4f22ff0a48767dae3d57aca6c3c8cccac
2021-10-05 14:34:13 +00:00
Gupta, Sangeet (sg774j)
0c80a415bf nova: Give service time to restore
nova-service-cleaner job deletes the service which are down. If the
database is down, the service will go down as well. When database comes
back up, all the services starts to come back to up status. If the
nova-service-cleaner is run in this interim time, the service that
were down gets deleted. These would have come up if the job had not
run. Adding sleep to this job to give service time to come back up
if recovering. The sleep is set to 2 times the report_interval.

Change-Id: Ia292d19508e9449ccb40d1100b1d56b1283e5d53
2021-10-05 05:10:39 +00:00
Thiago Brito
b4c58ca27b Fixing nova's helm.sh/hook disablement
It's impossible to disable the helm.sh/hook for the nova-ks-service
job since the hook is being added in duplicity to the job dictionary
before the check for Values.helm3_hook. This commit removes the
duplicity so we can disable it properly.

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ie72a13afc81bce4424b10bbc542dc7c44dd38975
2021-10-01 15:46:00 -03:00
xuxant02@gmail.com
a33ea84f91 Removed policies from values file
Removing the hardcoded policy document from the values file of helm chart in favor of policy in code.

Change-Id: I5c3c4699cafc76d3aa7d9c94f6e15eeff3f22b6c
2021-09-24 15:18:20 +05:45
xuxant02@gmail.com
e4fffb30e5 Fix for before option in archive_deleted_rows
Script fails with too many arguments when provided command like "$(date -d 'now - 2 days')" as the value for --before option. Addition of quotes fix the issue.

Change-Id: I0639d8aea368988976d5990c42e960de44844f61
2021-09-21 11:42:24 +05:45
Susanta Gautam
bd825495a4 Added helm.sh/hook annotations for nova chart
Chart upgrading was failing due to some immutable fields are needed to be upgraded before the jobs can be upgraded. For solving this issue, helm.sh/hook annotations with post-install and post-upgrade has been added. As for hook-weight annotations, we have added these to control the flow of the jobs with hook creation as the jobs are dependent. Like, db-init jobs need to run before db-sync and so on. Also, helm3_hook value is added in values.yaml file in case hooks needs to be disabled if needed.

Change-Id: I4d489f5ded94f19dd3fcf58dafde00b18ff5bcae
2021-08-17 21:10:38 +05:45
Chris Wedgwood
3a5c7afba1 [nova] add missing 'runlock' hostMount when enable_scsi
Change-Id: Ia6c9b50ae81bec238c4cabc422fe7140347a50a6
2021-08-06 12:51:42 -05:00
DeJaeger, Darren (dd118r)
9a8a476d9f Nova bootstrap job efficiency
This PS attempts to make the Nova bootstrap job a little speedier.
It's been noticed that flavor check/creation on initial deployment
are rather slow, so this backgrounds the creation of each flavor,
so that the defined flavors can be checked/create in parallel,
rather than one at a time. Waits for the jobs to finish at the end.

Change-Id: Ib9ab345e5aee697a41414e927910335dd286072f
2021-08-02 21:19:30 -04:00
Andrii Ostapenko
3ac3caa013 Add support for Victoria and Wallaby
Defines compute kit and cinder jobs for new releases with
corresponding values overrides.

Disables compute agent list test for Wallaby since related API
is removed [0].

Since Wallaby with switch of osc to sdk '--id auto' is no longer
treated specially in 'openstack flavor create'. The same behavior
can be achieved w/o specifying --id flag for flavor creation [1].

Starting Wallaby 'nova-manage api_db version' returns init version
for empty database greater than 0 [2]. _db-sync.sh.tpl logic prior to
this commit does not work due to this. We need to either remove
(done in current commit) or justify and alter previous logic.

[0] https://review.opendev.org/749309
[1] https://review.opendev.org/750151
[2] https://opendev.org/openstack/nova/src/branch/stable/wallaby/nova/db/sqlalchemy/migration.py#L32

Change-Id: I361431d9aa8c1a06c5d59f479fb161ecd87e2ee2
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-08-02 15:46:07 +00:00
Haider, Nafiz (nh532m)
2065ccd523 Mount rabbitmq tls cert for nova-novnc communication
Change-Id: I80b2515c2f36d0167ee9ef8049bf6b167a5e399d
2021-07-28 17:07:29 +00:00
Gupta, Sangeet (sg774j)
7d3cd164ab nova: Add image clean up to rally test
Clean any images created by rally after the test is complete.

Change-Id: I266d0c94959971d259742958802ffce25448eaa7
2021-07-06 12:20:17 +00:00
xuxant02@gmail.com
c050456bdb Fix for the values in archive_delete_rows script
There was a mistake in the script for the archive_delete_rows cron for
rendering the values from the values files. Fix for taking the values
from the values file for --max-rows and --before options when enabled
using the values.yaml file.

Change-Id: Ib63920c497bbf9ac74e41bdfd0b2e580b95bebb0
2021-07-02 19:12:04 +05:45
Kabanov, Dmitrii
b1abce9a75 Add Ussuri release support
The PS adds the set of overrides for Ussuri release.

Change-Id: I6b3055e376aa14d0c2ecbea638e6e9ba3b03bde5
2021-06-30 16:47:22 -07:00
xuxant02@gmail.com
f3d361d2f7 Added cronjob for nova which will be cleaning the databases.
Script has been created with archve_deleted_rows which will run as
cronjob to move the deleted rows from production table to shadow table.

Change-Id: I1cd3e523301b1aaeb3366288d128e23aae5e0780
2021-06-24 15:49:35 +05:45
Gage Hugo
c775184bdd Set reasonable default probe timeouts
This change modifies the default values for all of the readiness
and liveness probes to something a bit less aggressive, namely
the default timeout of 1 second.

Change-Id: Ib389aebb2450f8ed134ef8f75110b559d1a4f2ee
2021-06-18 19:12:15 -05:00
Gupta, Sangeet (sg774j)
5028aa8de1 Mount rabbitmq TLS secret
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed 
rabbitmq support should be added.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188

Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
2021-06-10 14:12:57 +00:00
zhen
5bb9b20112 Replace deprecated configuration
``[vnc]/vncserver_proxyclient_address`` was deprecated, so we replace it with ``server_proxyclient_address``

Change-Id: I142710ffab2aa407a09318e4b8517938ed28f3c8
2021-05-27 10:05:34 +08:00
Haider, Nafiz (nh532m)
c900712f30 feat(tls): Make openstack services compatible with rabbitmq TLS
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/770678

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: I11e9ad3f4079b0e12e498f9ed57e5b87ae9dc66a
2021-05-21 01:27:18 +00:00
Tin
f5a70102b2 fix(perm): fixes template permission
Some nova gotpl files have +x permission. This changes it so they are
consistent with the other gotpl files.

Change-Id: Ifcd4c1032b41363ea8b1d43407315d68d7e9eec8
Signed-off-by: Tin <tin@irrational.io>
2021-05-17 11:26:01 -05:00
Gage Hugo
5233582991 Remove support for openstack releases older than T
This change bumps each openstack chart version up to the next
greatest minor version of 0.2.0, signifying that openstack-helm
will no longer support older, EOL releases for each chart.

Change-Id: I7ce80c7bdc779c1de4472079f18102f506bfbb90
2021-04-29 12:04:34 -05:00
jinyuan
7137a71700 Host resource scale adjustment about ironic
Ironic does not need to reserve system resources, otherwise it will cause flavor to be unable to schedule.

Change-Id: I454d0468ae3424cc92d470c15a40ad96c01cf311
2021-04-20 14:32:12 +08:00
jinyuan
1fda67d9cd Fix the nova-compute-ironic label issue
The nova-compute-ironic label is "compute", but the label chosen by affinity is "compute-ironic", which results in multiple replicas on the same node.

Change-Id: If947be6cd400e32d3455f07a85f4263c4b17cb87
2021-04-19 15:21:37 +08:00
Karl Kloppenborg
d2e2d58a5f Add ISCSI Multipath support when enable_iscsi true
When using iscsi in both cinder and nova multipath tooling access is not
currently available. This commit provides the host system access to
configure and control multipath.
This commit has been tested in our own production systems however this
is my first commit into Openstack-Helm so please review carefully and
provide me guidance on what I might be able to do better.

Change-Id: I4f017f67a5d80b9c931e2ee1653062aa503a7fd9
2021-04-12 08:28:56 +00:00
Mohammed Naser
fdd6b4507d Use first IP address for interface
It is possible than an interface has multiple IP addresses, for
simplicity of this change, use the first one so that the service
can start.

We can look later into improving it to accept some sort of index
for the IP address.

Change-Id: Ie856f54331d689a51bfd6de45db5820b765797ef
2021-03-10 15:47:24 -05:00
okozachenko
04d600c5b0 Mount /dev/pts in nova-compute container
Nova will check if pty device exist or not under /dev/pts
when get console log.
If it does not exist, cannot get console log.
ref: https://review.opendev.org/c/starlingx/config/+/660268

Change-Id: I2793d1f51c18e81a4271b8b0c50bfe1a2dab8a09
2021-03-01 17:43:42 +02:00
jinyuanliu
aa5e622b47 BUG for deploying multiple compute nodes
When Deployment of compute nodes is not on all nodes (e.g.Total 5 nodes,but 3 compute nodes),The original method counts all nodes instead of compute nodes,This can result in less than 100%  and the process will get stuck,this is a bug!

Change-Id: I39c5d2014146925afe7fd896123a705c19005ff9
2021-02-27 09:32:27 +08:00
Nafiz Haider
ca47e3c974 Re-enable "feat(tls): Change Issuer to ClusterIssuer""
This reverts commit 2ec17153c6cb918dd357f71824ec59dd0d74dfba.

Reason for revert: resolved bug with cluster issuer versioning

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814

Co-authored-by: Sangeet Gupta <sg774j@att.com>

Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21
2021-02-26 02:43:09 +00:00
jinyuan
3a05f5c3f9 Update rbac api version for nova
When using a helm3 to deploy , it fails
Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can
support helm2 and helm3.

This change optimized deployment.

Change-Id: Id3dbbe721f4ded3c54d82852d9c155253d226867
2021-02-19 09:01:25 +08:00
okozachenko
20a1208b20 Use unix socket to connect libvirt in nova
The motivation is to remove 127.0.0.1 in connection_uri and so
can allow live migration in libvirtd.
Plus, realize tls on libvirt to secure.
Now /run is already mounted so it should work

Depends-On: https://review.opendev.org/752263
Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea
2021-02-18 04:48:41 +02:00
Chris Wedgwood
61c167d359 [nova,cinder] Use HostToContainer mount propagation
Bidirectional mount propagation doesn't work as expected,
HostToContainer does and is the safer option for now.

Change-Id: Ia0b0ab1a74991745cd74d3629d23f86bd8ff5296
2021-02-02 12:19:57 +00:00
Tin Lam
2ec17153c6 Revert "feat(tls): Change Issuer to ClusterIssuer"
This reverts commit 43e75eaa83cc6958fa0a6af55783cbe2645cfde7.

Reason for revert: Doing this as part of the revert here - https://review.opendev.org/c/openstack/openstack-helm-infra/+/772733

Change-Id: I9c04a35c179d23ec1b7612b4f87d9d16352985cc
2021-01-27 17:09:42 -06:00
sgupta
43e75eaa83 feat(tls): Change Issuer to ClusterIssuer
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359

Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
2021-01-19 13:47:09 +00:00
Sphicas, Phil (ps3910)
c7c19e85c0 Use HostToContainer mountPropagation
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.

Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset

Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
2021-01-07 20:27:08 +00:00
Hemachandra Reddy
35f55106c0 Swap SSH key names to reflect the correct key
Change-Id: Ic43f7b3113942d296728b06f1fcb82bd9fbd3e44
2021-01-04 15:15:38 -06:00
Chris Wedgwood
097632ebbf [nova-compute] Enable hostIPC
IPC is used by the multipath processes, hostIPC should be set so
semaphore operations work between the nova-compute pod and the host.

Without this things like `multipath -f ...` stall until timeout.

Change-Id: Iaeb6dff2ae934eabf5faddf930ba2029c0698f90
2020-12-22 17:23:08 -06:00
okozachenko
0b1ed76014 Remove deprecated os_region_name for placement
Change-Id: I0ef2ac278ce2d6f7f05683f68c1541bae8013361
2020-11-09 23:14:49 +00:00
Hemachandra Reddy
766ce51ba9 Establish Nova/Placement dependencies
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382

Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.

Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
2020-09-30 16:41:54 +00:00
okozachenko
74b119db35 Add nova-compute-ssh
Change-Id: Ia555bb69182441d5f17040504efc7d1d524e59ec
2020-09-25 17:39:05 +03:00
Andrii Ostapenko
20b6b9a236
Change helm-toolkit dependency version to ">= 0.1.0"
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0

Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-09-24 12:20:13 -05:00
Zuul
28669f8854 Merge "Sync logging values with upstream repos" 2020-09-17 04:08:40 +00:00
Mohammed Naser
89969ade3a Add chart-testing linter
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.

Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
2020-09-16 21:12:17 +03:00
okozachenko
a8fc28696d Sync logging values with upstream repos
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.

Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
2020-09-15 19:15:05 +03:00
Gupta, Sangeet (sg774j)
94642833dd [nova] fix cell0 database connection
This patchset sets/updates the Database Connection for cell0 to
correct value in the database.

Change-Id: I4d445023691b748a7de0d256433bd17c7958cc04
2020-08-13 20:55:40 +00:00