Armada manifest updates for chart rebase

Required manifest updates to maintain current behavior: - For the keystone API continue to run as root, but adjust to new security_context override. - Turn off AppArmor profile for nova - Turn off readiness/liveness probes for nova-scheduler - Turn off readiness/liveness probes for neutron agents - Disable nova hypervisor address search that dynamically sets my_ip in nova.conf. This will interfere with per host compute override settings. Change-Id: Ic8d68da7ddf30a3a1236f01dd4eb2531efbd2965 Depends-On: Ied38e5cbedbe06fd0b6f27612aa0bddf60064dea Story: 2004520 Task: 29966 Signed-off-by: Robert Church <robert.church@windriver.com>
2019-03-22 03:23:05 -04:00 · 2019-03-22 03:23:05 -04:00 · e923c53fa3
parent 25804f7658
commit e923c53fa3
2 changed files with 47 additions and 1 deletions
--- a/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data
+++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data
@ -1,3 +1,3 @@
 SRC_DIR="stx-openstack-helm"
 COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/rbd-provisioner $PKG_BASE/../../../helm-charts/garbd $PKG_BASE/../../../helm-charts/ceph-pools-audit"
-TIS_PATCH_VER=8
+TIS_PATCH_VER=9
--- a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
+++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
@ -413,6 +413,10 @@ data:
        anti:
          type:
            default: requiredDuringSchedulingIgnoredDuringExecution
+      security_context:
+        keystone:
+          pod:
+            runAsUser: 0
  source:
    type: tar
    location: http://172.17.0.1/helm_charts/keystone-0.1.0.tgz
@ -813,6 +817,12 @@ data:
        nova_spiceproxy_assets: docker.io/starlingx/stx-nova:master-centos-stable-latest
        nova_storage_init: docker.io/starlingx/stx-ceph-config-helper:master-centos-stable-latest
    pod:
+      # TODO(rchurch):
+      # Change-Id: I5a60efd133c156ce2ecac31d22e94b25e4e837bf broke armada apply
+      # of this manifest. Turning it off for now. Need to determine way forward
+      # here.
+      mandatory_access_control:
+        type: null
      replicas:
        api_metadata: 1
        placement: 1
@ -828,6 +838,17 @@ data:
      user:
        nova:
          uid: 0
+      # TODO:(rchurch) Change-Id: Ib8e4b93486588320fd2d562c3bc90b65844e52e5
+      # introduced readiness/liveness probes for nova. nova_scheduler probes
+      # fail and cause a long delay and eventual failure of the armada
+      # application apply. Need to determine the fix to re-enable this.
+      probes:
+        readiness:
+          nova_scheduler:
+            enabled: false
+        liveness:
+          nova_scheduler:
+            enabled: false
    conf:
      ceph:
        enabled: true
@ -913,6 +934,8 @@ data:
          required: false
        workarounds:
          enable_numa_live_migration: True
+      hypervisor:
+        address_search_enabled: false
    network:
      sshd:
        enabled: true
@ -1014,6 +1037,29 @@ data:
        anti:
          type:
            default: requiredDuringSchedulingIgnoredDuringExecution
+      # TODO:(rchurch) Change-Id: Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a
+      # introduced readiness/liveness probes for neutron. Four of the probes
+      # fail and cause a long delay and eventual failure of the armada
+      # application apply. Need to determine the fix to re-enable these.
+      probes:
+        readiness:
+          dhcp_agent:
+            enabled: false
+          l3_agent:
+            enabled: false
+          metadata_agent:
+            enabled: false
+          sriov_agent:
+            enabled: false
+        liveness:
+          dhcp_agent:
+            enabled: false
+          l3_agent:
+            enabled: false
+          metadata_agent:
+            enabled: false
+          sriov_agent:
+            enabled: false
    labels:
      agent:
        dhcp: