Some nova gotpl files have +x permission. This changes it so they are
consistent with the other gotpl files.
Change-Id: Ifcd4c1032b41363ea8b1d43407315d68d7e9eec8
Signed-off-by: Tin <tin@irrational.io>
This change bumps each openstack chart version up to the next
greatest minor version of 0.2.0, signifying that openstack-helm
will no longer support older, EOL releases for each chart.
Change-Id: I7ce80c7bdc779c1de4472079f18102f506bfbb90
Ironic does not need to reserve system resources, otherwise it will cause flavor to be unable to schedule.
Change-Id: I454d0468ae3424cc92d470c15a40ad96c01cf311
The nova-compute-ironic label is "compute", but the label chosen by affinity is "compute-ironic", which results in multiple replicas on the same node.
Change-Id: If947be6cd400e32d3455f07a85f4263c4b17cb87
When using iscsi in both cinder and nova multipath tooling access is not
currently available. This commit provides the host system access to
configure and control multipath.
This commit has been tested in our own production systems however this
is my first commit into Openstack-Helm so please review carefully and
provide me guidance on what I might be able to do better.
Change-Id: I4f017f67a5d80b9c931e2ee1653062aa503a7fd9
It is possible than an interface has multiple IP addresses, for
simplicity of this change, use the first one so that the service
can start.
We can look later into improving it to accept some sort of index
for the IP address.
Change-Id: Ie856f54331d689a51bfd6de45db5820b765797ef
Nova will check if pty device exist or not under /dev/pts
when get console log.
If it does not exist, cannot get console log.
ref: https://review.opendev.org/c/starlingx/config/+/660268
Change-Id: I2793d1f51c18e81a4271b8b0c50bfe1a2dab8a09
When Deployment of compute nodes is not on all nodes (e.g.Total 5 nodes,but 3 compute nodes),The original method counts all nodes instead of compute nodes,This can result in less than 100% and the process will get stuck,this is a bug!
Change-Id: I39c5d2014146925afe7fd896123a705c19005ff9
When using a helm3 to deploy , it fails
Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can
support helm2 and helm3.
This change optimized deployment.
Change-Id: Id3dbbe721f4ded3c54d82852d9c155253d226867
The motivation is to remove 127.0.0.1 in connection_uri and so
can allow live migration in libvirtd.
Plus, realize tls on libvirt to secure.
Now /run is already mounted so it should work
Depends-On: https://review.opendev.org/752263
Change-Id: I911abb8b1ee1e300d02a373e083a404574cc3fea
Bidirectional mount propagation doesn't work as expected,
HostToContainer does and is the safer option for now.
Change-Id: Ia0b0ab1a74991745cd74d3629d23f86bd8ff5296
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359
Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset
Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
IPC is used by the multipath processes, hostIPC should be set so
semaphore operations work between the nova-compute pod and the host.
Without this things like `multipath -f ...` stall until timeout.
Change-Id: Iaeb6dff2ae934eabf5faddf930ba2029c0698f90
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382
Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.
Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I10b12db8019beb42005764430711694a61c8d17b
This patch set adds the missing secret mount for nova-service-cleaner.
Change-Id: Ide9be4875c22bfd2a65a42ac8c0a6c6682f49f4d
Signed-off-by: Tin Lam <tin@irrational.io>
In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.
Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Nova chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I3ba6fcf0cc6ff97a306866f2d2b408635519ff02
The current overrides do not function correctly, and should have
been setup with a multistring. This change corrects this to
deploy right in nova.
Change-Id: If709ea5d18399dc0d135351c2bdcdbd324663ad7
The charts changes are required for deployment
of various clouds based on Tungsten Fabric SDN.
Right now it's tested for Airship-in-a-bottle.
The code cannot be tested currently in
OpenStack Helm project because of absence of
tests and platform for that.
This patchset doesn't have Heat-related changes,
they'll be added later.
Change-Id: I73f2ced2b09dbb93146334b59fe4571fa13dbfb0
Depends-On: https://review.opendev.org/#/c/734635/
There is a reference error in the parameter "client_interface" in the "_
nova-console-compute-init.sh.tpl" file, now fix it.
Change-Id: I0b1bdd348e1f424afda9aa2183c0e876afd12968
Some nova settings for huge_page reservation can be needed when
deploying things like ovs-dpdk to avoid running out of memory.
This change adds in the values override for setting huge_page
reservations as an example to use when overriding nova values.
Change-Id: I9ee13d3a8bcaabf50a449cb2566cfb0fe8212484