To build RPM packages for openSUSE in OBS infrastructure, it's
required for the services to have an init script compliant to LSB.
Change-Id: I59fa2f2e0a18de5a8e6a08d468ae09e8e3f9d91d
Story: 2005679
Task: 33677
Signed-off-by: Marcela Rosales <marcela.a.rosales.jimenez@intel.com>
Addresses several issues with deploying IPv6 based network deployments:
- kubelet node IP assignment for IP version detection
- calico upversion to fix router ID generation from hash
- calico configuration specific to IPv6
- multus configuration specific to IPv6
- ansible bootstrap playbook updates to wrap IPv6 addresses
- ansible bootstrap updated to use Jinja2 templates
- puppet configuration for platform services with IPv6 addresses
- IPv4 and IPv6 IP forwarding sysctl setup
- docker registry does not support URL encoded IPv6
- armada does not support IPv6 address binding
NOTE:
The Puppet ERB templates were updated to maintain config_controller
functionality, but the files moved to Jinja2 templates should be removed
once config_controller is completely removed.
Change-Id: I815035c679e61250099c74b1239f19bcc72733a0
Depends-On: https://review.opendev.org/662292
Closes-Bug: #1830779
Signed-off-by: Matt Peters <matt.peters@windriver.com>
This commit adds functionality for Docker registry to authenticate
using Keystone.
First, this commit contains puppet changes which are required to
manage the new token server required for Keystone authentication.
Second, with proper authentication now implemented, we are removing
the "insecure" flag for the controller registry in the "daemon.json"
file in "/etc/docker".
With the "insecure" flag removed, Docker will start complaining about
certificate issues. This commit also includes generation of default
certificates suitable for use by Docker registry as well as a sysinv
command "system certificate-install -m docker_registry" to update the
certificate.
Docker registry token server works only with PKCS1 style keys while we
would like to use PKCS8 keys by default. This is why our default
certificate and installed certificate create both a PKCS1 style key as
well as a PKCS8 style key. The keys are installed to
"/etc/ssl/private/" as registry-cert.crt, registry-cert.key, and
registry-cert-pkcs1.key.
Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/626354/
Change-Id: I0127bd5f10f3950739678929b92eb1b77e2119db
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
In order to avoid conflicts with containerized services
binding to standard HTTP (80) / HTTPS (443) port numbers,
the default port numbers are changed to 8080 and 8443.
Furthermore, CLI commands are provided to allow binding
to alternate port numbers.
List of changes:
. Add service parameters for HTTP and HTTPS port
. Configure the lighttpd ports via puppet and use port
8008 for platform horizon
. Add http port to platform.conf for the config scripts
. Support helm repo URL update
. Add helm-toolkit plugin for location override
. Override Armada manifest location
. Add installer base URL option to pxeboot-update
script
. Add a patching run time class to restart patch-agent
when the port config is changed
. Add a semantic check to block port config when a
patching operation is in progress or a host is not
in unlocked/enabled state
CLI commands for viewing and updating port numbers are:
system service-parameter-list --service http
system service-parameter-modify lighttpd port http=8090
system service-parameter-apply lighttpd
Tests Performed:
Non-containerized deployment installation and sanity
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+4+6 System: Sanity and Nightly automated test suite
Kubernetes deployment on VBox:
AIO-SX: application apply and launch instance
AIO-DX: application apply and launch instance
2+2 System: application apply and launch instance
HTTP/HTTPS port configuration
Enable/Disable https
Story: 2004642
Task: 28592
Change-Id: I65029e0c15aaf626acb56ab71e7bbde64c7e76a8
Signed-off-by: Tao Liu <tao.liu@windriver.com>
This update replaced the compute personality & subfunction
to worker, and updated internal and customer visible
references.
In addition, the compute-huge package has been renamed to
worker-utils as it contains various scripts/services that
used to affine running tasks or interface IRQ to specific CPUs.
The worker_reserved.conf is now installed to /etc/platform.
The cpu function 'VM' has also been renamed to 'Application'.
Tests Performed:
Non-containerized deployment
AIO-SX: Sanity and Nightly automated test suite
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+2 System: Horizon Patch Orchestration
Kubernetes deployment:
AIO-SX: Create, delete, reboot and rebuild instances
2+2+2 System: worker nodes are unlock enable and no alarms
Story: 2004022
Task: 27013
Change-Id: I0e0be6b3a6f25f7fb8edf64ea4326854513aa396
Signed-off-by: Tao Liu <tao.liu@windriver.com>
