This patch provides terraform infra-driver with several unit and
functional tests and is build an environment for terraform. The
supported version of terraform is v1.4.0 or later.
To build the terraform environment that need to install as follow
components:
- awscli
- docker
- localstack or moto server
- terraform
Implements: blueprint terraform-infra-driver
Change-Id: I14414c42229dcdb8e0083d7c51d6be6b5f2fc841
For fine-grained access control based on user and VNF information
for API resources, this patch does the following things:
1.Add three comparison attributes of area, vendor, and tenant
for the enhanced Tacker policy.
2.Convert special roles to API attributes in context.
3.Modify the API process to support Tacker policy authorize.
4.Add the Tacker policy filter to the list API processes.
Implements: blueprint enhance-api-policy
Change-Id: I5b4c39387860133a3bcf4544f18a6353c80773f6
Provide the option to verify the SSL certificate when accessing an
external server from Tacker. Several parameters have been added to
config to allow verification of SSL certificates when accessing
external NFVO servers, heat servers, and notification endpoints from
Tacker.
Implements: blueprint enhance-http-client
Change-Id: I55b2b53cfe0dc794040d0e46ac13a20524b1d9f0
This patch enables availability zone reselected by stack retry
when "instantiate" "scale" "heal" operations in v2 API fails
due to availability zone is unavailable.
Note that precondition of using these functions is to use
StandardUserData as UserData class.
Implements: blueprint enhance-placement
Change-Id: Icc9eb7a8fffbf35d2e005a9703dcefe66f097584
This patch updates the k8s version to 1.25.2 and helm version to 3.10.1.
The following changes have been made in kubernetes 1.24, so this patch
supports them.
- Dockershim Removed from kubelet
-> Changed from Dockershim to CRIO
- Service account tokens are no longer auto-generated
for every ServiceAccount
-> Changed secrets to be created manually
Also fixes the following API versions that have already been removed
in kubernetes 1.25.
- autoscaling/v2beta1
- extensions/v1beta1
Implements: blueprint update-k8s-helm-prometheus
Change-Id: Ic9c2f66251c5d11a652184be5908d91e0ee3fb7d
Support container based VNF AutoHeal and AutoScale operation with
External Monitoring Tools.
Add the Fault Management interfaces and CLI to support AutoHeal.
Add the Performance Management interfaces and CLI to support
AutoScale. The Fault Management and Performance Management
interfaces are based on ETSI NFV-SOL 002 v3.3.1 and ETSI NFV-SOL
003 v3.3.1, which are Version "2.0.0" API of Tacker. Add the
Prometheus Plugin that has a interface between tacker and Prometheus
as a sample of External Monitoring Tool.
Implements: blueprint support-auto-lcm
Change-Id: Ib74305f0b1da4eb8d996ebae400e75902aaa1321
This patch adds openid token auth support when calling k8s APIs.
Openid token auth of k8s relies on an external openid provider,
and Keycloak acts as the openid provider in this implementation.
Implements: blueprint support-openid-k8s-vim
Change-Id: Ie5e080a20cba3ba0ed514ede7955eb16729d797c
setup-multi-tenant-vim role is needed for only multi tenant
jobs and for existing jobs we do not need to run this role.
Current way run it for all the jobs, this commit makes it
configurable and multi tenant job will configure it to true.
Change-Id: I6ab577232b93bbb6ab8a21fe7ad5876b5a7ab7bc
To validate functional test cases in Zuul environment this
patch adds a new Ansible playbook. This playbook helps in
creating two different OpenStack projects, users to
validate multi tenant policy in Lifecycle Management.
In current design, tacker uses an administrator role user
"nfv_user" to execute functional test cases. Whereas this
patch adds member role (non administrator user) to newly
created users.
Generates OpenStack VIM config files using helper script and
register default VIMs to respective tenants.
Additionally copies newly generated VIM config files to
"tacker/tacker/tests/etc/samples" folder as these are required
in functional test cases.
Partial Implement: blueprint multi-tenant-policy
Change-Id: I20491eb294e5653bcdc2864885f55d04b21696a1
This patch changes the following to support helm chart spec and
to test instantiate/terminate cnf with helm chart.
* Add `extra` field to vims db.
* Add `setup-helm` task to ansible-playbook roles.
[On controller-k8s node]
* Create and setup helm user for executing helm command.
* Install helm.
* Create folder for putting local helm chart.
* Enable password authentication in sshd_config and restart sshd.
[On controller node]
* Update Vims DB of vim-kubernetes to modify extra field that include
helm access information.
Implements: blueprint helmchart-k8s-vim
Change-Id: Iaf7c11c5bedb77e9cd21074be2b4f73528aa2ce7
The number of required plugins has increased to the extent that
controller on Zuul FT infrastructure almost runs out of memory [1].
This potentially induces various problems such as FT failure noises
or POST_FAILURE at the ansible task 'export-devstack-journal'.
To request expanded images such as ubuntu-focal-expanded (16GB) or
ubuntu-focal-32GB would be an option, but it turns out that would
lead us to another problematic situation. [2]
This patch, instead, addresses the issue by subdividing the memory
load. As a first step, introduce a new subnode 'tacker-controller',
on which both tacker-server and tacker-conductor are located.
Note:
* when we re-locate some other components to this new subnode, it might
better to rename it.
* `devstack_local_conf: {}` in .zuul.yaml is to cancel out the global
job.vars devstack_local_conf.post-config.$NEUTRON_DHCP_CONF, which
is not present on 'tacker-controller' in the first place.
* TACKER_MODE is set to 'standalone'. 'all-in-one' supposes core
services like nova, neutron, keystone, etc. api servers are located
on the same host as tacker-server.
* in devstack/lib/tacker:create_tacker_accounts, SERVICE_HOST should
have been TACKER_HOST. this minor fix is included.
* in roles/setup-default-vim/tasks/main.yaml, the same where conditions
were scattered but all tasks in it just needed to run on 'controller'
only. so let us wrap them all in a block.
* renamed devstack/plugin.sh:tacker_register_default_vim for clarity.
* policy file modification for Heat is now done by an ansible task.
it frees us from the co-location requirements for Tacker and Heat.
* drop devstack/lib/tacker:is_tacker_enabled as it's no longer needed.
[1]: we investigated how severe the memory load on 'controller' was
on Zuul FT infrastructure:
* The highest memory-consuming processes in desc order:
808.70MB (9.87%) 828112 /usr/sbin/mysqld
179.81MB (2.19%) 184124 ... /usr/local/bin/tacker-server ...
152.57MB (1.86%) 156232 ... /usr/local/bin/tacker-conductor .
146.67MB (1.79%) 150188 ... /usr/local/bin/neutron-server ...
132.96MB (1.62%) 136148 ... /usr/local/bin/neutron-server ...
129.08MB (1.58%) 132180 ... /usr/local/bin/heat-engine ...
127.48MB (1.56%) 130544 ... /usr/local/bin/heat-engine ...
122.16MB (1.49%) 125092 nova-apiuWSGI worker 1
121.00MB (1.48%) 123900 neutron-openvswitch-agent ...
119.50MB (1.46%) 122368 cinder-apiuWSGI worker 1
---(snip)---
* `free -m` output
total used free shared buff/cache available
Mem: 7955 7427 196 16 331 219
Swap: 1022 1019 3
[2]: http://eavesdrop.openstack.org/irclogs/%23openstack-infra/
%23openstack-infra.2020-11-25.log.html
Change-Id: I030ffd5fd11b7ca9abca56e85e449ed4c4d709bd
Add devstack multinode job.
This job installs nova in a single cell as "late anti-affinity
[1] doesn't work in multi-cells environment.
[1] : https://docs.openstack.org/nova/latest/user/cellsv2-layout.html#operations-requiring-upcalls
Co-Author: tpatil <tushar.vitthal.patil@gmail.com>
Co-Author: yong sheng gong <gong.yongsheng@99cloud.net>
Change-Id: I56a9cf4bb553c8026eec73212a3742d5eab17420
We have consolidated the fetch output roles into one
fetch-subunit-output, replace useage of old roles with new one.
Depends-On: I0cdfc66ee8b046affeb0b071fef38c21cb7a4948
Change-Id: Ia86360456c5c301cee11c8d9dd515e364aad2c82
Its functionality has been merged into the tox role, so is no longer
needed.
Depends-On: Id61ae52d48b28cfc2221cb556a1c1f7c6dfd60dd
Change-Id: Iec14ffd5d6bf7bd3faefd250b0cf2f1563ec3521