As gnocchi is disabled by default on stx-openstack, this problem
didn't surfaced during the upversion of osh-i. This patch fixes
the chart version for gnocchi for the commit currently in use.
Story: 2009161
Task: 43151
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Idff4175d3952c0cb83ef346ee1b91a0c8cc6ae71
Openstack is not showing the buttons to Create / Delete / Edit a
Role when using the admin user with admin project, as a result
the admin user can only work with the default Roles created by
Openstack.
Horizon has some features that were rewritten with Angular, the
Role view is one that was rewritten with angular. According to
Horizon documentation, there are necessary configurations that
need to be supplied in Horizon configuration to allow the features
in Angular to work properly.
We found out that the Horizon
REST_API_REQUIRED_SETTINGS configuration key from
local_settings file is overriden in openstack-armada-app, but it
doesn't have the value OPENSTACK_KEYSTONE_BACKEND
that is necessary to the Role view to work properly.
This is fix has the goal to add the
OPENSTACK_KEYSTONE_BACKEND value in the
REST_API_REQUIRED_SETTINGS configuration key.
Closes-Bug: #1946384
Change-Id: I83563595ee30963ed506685cec24729d9a456268
Signed-off-by: Ricardo Sarto <Ricardo.SoaresSarto@windriver.com>
This review updates openstack-helm-infra to commit
8351fdd0f1228717342c2accc96977b0cdc36dc3 and removes patches that were
merged on osh-i; fixes the remaining patches to the current diffs and do
minor adaptations to make osh-i work on StarlingX.
Story: 2009161
Task: 43151
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I36159b0264a79c3727b20e6ff1b7831183e47c3a
Since the env option and fixtures depending on it were not in use
by any RBAC test anymore, they were removed from code.
Fixtures removed:
- env
Story: 2009156
Task: 43128
Signed-off-by: Rafael Fayan <RafaelShibana.Fayan@windriver.com>
Change-Id: I15c3758263c3ec00385e063cad03f82f92fbd21d
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.
Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046
Depends-On: https://review.opendev.org/c/starlingx/openstack-armada-app/+/809276
Story: 2009101
Task: 43091
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I957b905111d2710a3fda228f1659165dbb36a9ac
Re-enabling some of the disabled tox warnings present on
the pylint.rc file
Re-enabling:
W1646: invalid-str-codec
Story: 2006796
Task: 43329
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: I2fdb91154510e839cab4804a5ef223f2cdd58cec
A lot of work has gone into making sure that StarlingX is python3
compatible. To ensure future compatibility, enable the python3
portability checks. Disable the checks that are raising errors.
Another set of commits will address the offending code.
Add following suppress warnings in pylint.rc:
- W1618: no-absolute-import
- W1646: invalid-str-codec
Depends-On: https://review.opendev.org/c/starlingx/openstack-armada-app/+/808768
Story: 2006796
Task: 43190
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: Ib46f8a67042c40823ef870773cf7159763738e06
Remove unused import so the code complies with pylint and works with
zuul gates
Story: 2006796
Task: 43190
Signed-off-by: Fabricio Henrique Ramos <fabriciohenrique.ramos@windriver.com>
Change-Id: I1f8e80777340020c0f1671df46e098c500913045
The Help URL at user's dropdown located on the top right corner is
taking the user, by default, to the latest release documentation,
which changes over time and is not the current release used by
stx-openstack. Also this change allows the URL to be easily replaced
as desired via helm-overrides.
Closes-Bug: #1940318
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I74b7218356518ac1407091b010949ed90abd169d
Adding a certificate and ca_certificate using:
`certificate-install -m {openstack | openstack_ca}` ends up breaking
openstack application. OS-STX forces public endpoint and when such
endpoint has TLS enabled everything breaks, therefore based on the
implementation of tls support for openstack-helm that enables tls
for the openstack services we picked the trust cert code without
actually enabling tls backends
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I2dfc7c12defcc948fcdc353251301980e65f3011
Closes-Bug: 1937260
In a DX scenario, after lock-unlock a controller the remaining MariaDB
instance (lets say maria-server0) goes to a Non-Primary + Initializing
State (non-operational). After that it remains searching for the now
deleted pod (maria-server1) but using the old IP, the one before the
restart. maria-server0 flags the old IP as delayed and suspect for
eviction, however being a Non-Primary member it cannot in fact evict
the old node and start looking for new members. Setting a LivenessProbe
that detects nonoperational members and restart them fixes this, as the
recreated pod starts looking for a cluster to join.
Closes-Bug: #1938346
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I38d788f720cbd6bd13b6b6147db6f3d2a2ff9c92
In the event of an uncontrolled reboot on a Standard configuration,
we were seeing a behavior where the MariaDB pods kept trying to elect a
leader and restarting until the pods get to CrashLoopBackoff. After
checking the logs closely and reproducing the problem quite easily by
deleting both pods at the same time, we came to the conclusion that the
cluster wasn't having enough time to elect a new leader and recover from
the crash. This patch increases the timeout for the startup probe of the
mariadb statefulset with some slack to allow databases that are in
production to fully resync the data between the 2 pods.
Closes-Bug: #1938346
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I19e49dab55f3a8661fa71be315093029adb0947e
Setting custom domain for ingress endpoints breaks apply.
osh-nova and osh-nova-api-proxy are trying to use the same domain,
both starting with 'nova'. This causes a kubernetes error.
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Closes-bug: 1938342
Change-Id: Ic284b83425917102a652330f8349aed38731f9df
Stx-openstack app is not a RPM installed app which
doesn't support auto-update.
Change-Id: Iec0233910c9e7725c12767138e25b3bd314f82b0
Story: 2007960
Task: 42833
Depends-On: https://review.opendev.org/c/starlingx/config/+/800821/
Signed-off-by: Angie Wang <angie.wang@windriver.com>
When loading a custom theme, the current configuration also loads the
StarlingX theme which is not available on the Openstack Horizon image.
This fix removes the loading of the StarlingX theme and fixes the logic
so other themes are enabled when the custom one is not.
Closes-Bug: #1935859
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I14975ee07210875f0e5c49c13e3371a18c4b2261
execfile is python2.x only, therefore this code breaks any python3
installation that uses brandend platform horizon
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ide48191e970d0df4481a44b892ba0d15e9f44604
Closes-Bug: 1933667
This fix is specific for AIO-SX because when node is unlocked/enabled/
available the vim_progress_status could still be services-disabled.
The status need a few more seconds to become services-enabled.
Add a pre-check in openstack-armada-app/lifecycle_openstack.py to check
AIO-SX node stable state before perform_app_apply. It prevents
stx-openstack apply being triggered manually during initialization
stage after node unlock.
Closes-bug: 1929775
Signed-off-by: Yvonne Ding <yvonne.ding@windriver.com>
Change-Id: I563f77f617a68092b59f6cb38f5fb436a7933498
This patch chain aims to suggest a set of default policies for user
management on stx-openstack. We suggest the creation of the project_admin
and project_readonly roles and provide some policies to fine tune the
access control over the Openstack services to those roles, as described
on README.md.
Also, we provide a set of tests to ensure the policies and permissions
are all working as expected on site for the cloud administrators.
This commit includes Nova related tests and functions
Story: 2008910
Task: 42501
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Co-authored-by: Miriam Yumi Peixoto <miriam.yumipeixoto@windriver.com>
Co-authored-by: Leonardo Zaccarias <leonardo.zaccarias@windriver.com>
Co-authored-by: Rogerio Oliveira Ferraz <rogeriooliveira.ferraz@windriver.com>
Change-Id: Ic1b10381e789751d655e35560c119876029f8fd7
This patch chain aims to suggest a set of default policies for user
management on stx-openstack. We suggest the creation of the project_admin
and project_readonly roles and provide some policies to fine tune the
access control over the Openstack services to those roles, as described
on README.md.
Also, we provide a set of tests to ensure the policies and permissions
are all working as expected on site for the cloud administrators.
This commit includes Neutron related tests and functions.
Story: 2008910
Task: 42501
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Co-authored-by: Miriam Yumi Peixoto <miriam.yumipeixoto@windriver.com>
Co-authored-by: Leonardo Zaccarias <leonardo.zaccarias@windriver.com>
Co-authored-by: Rogerio Oliveira Ferraz <rogeriooliveira.ferraz@windriver.com>
Change-Id: I4d8d487ba8623b7817d88920742a4c465d85a135
This patch chain aims to suggest a set of default policies for user
management on stx-openstack. We suggest the creation of the project_admin
and project_readonly roles and provide some policies to fine tune the
access control over the Openstack services to those roles, as described
on README.md.
Also, we provide a set of tests to ensure the policies and permissions
are all working as expected on site for the cloud administrators.
This commit includes Glance related tests and functions.
Story: 2008910
Task: 42501
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Co-authored-by: Miriam Yumi Peixoto <miriam.yumipeixoto@windriver.com>
Co-authored-by: Leonardo Zaccarias <leonardo.zaccarias@windriver.com>
Co-authored-by: Rogerio Oliveira Ferraz <rogeriooliveira.ferraz@windriver.com>
Change-Id: I2738b6d99a59fbbd2fd65a96a3ddd31167b9d13f
This patch chain aims to suggest a set of default policies for user
management on stx-openstack. We suggest the creation of the project_admin
and project_readonly roles and provide some policies to fine tune the
access control over the Openstack services to those roles, as described
on README.md.
Also, we provide a set of tests to ensure the policies and permissions
are all working as expected on site for the cloud administrators.
This commit includes Cinder related tests and functions, along with
common test functions used by multiple OpenStack services.
Story: 2008910
Task: 42501
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Co-authored-by: Miriam Yumi Peixoto <miriam.yumipeixoto@windriver.com>
Co-authored-by: Leonardo Zaccarias <leonardo.zaccarias@windriver.com>
Co-authored-by: Rogerio Oliveira Ferraz <rogeriooliveira.ferraz@windriver.com>
Change-Id: I6b43bc584e470f022fb08a8a4cf741c188dfe80d
This commit aims to suggest a set of default policies for user
management on stx-openstack. We suggest the creation of the project_admin
and project_readonly roles and provide some policies to fine tune the
access control over the Openstack services to those roles, as described
on README.md.
Also, we provide a set of tests to ensure the policies and permissions
are all working as expected on site for the cloud administrators.
Story: 2008910
Task: 42501
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Co-authored-by: Miriam Yumi Peixoto <miriam.yumipeixoto@windriver.com>
Co-authored-by: Leonardo Zaccarias <leonardo.zaccarias@windriver.com>
Co-authored-by: Rogerio Oliveira Ferraz <rogeriooliveira.ferraz@windriver.com>
Change-Id: I4040fe9f7be94ea7e0eb208579b2d5aa7579a8b1
Change I61514389b616db754b0d2f35deb0101f90dbdd02 removed the deprecated
property vcpu_pin_set in favor of the newer cpu_shared_set and
cpu_dedicated_set, but those new configs are placed under the [compute]
section of nova.conf instead of [DEFAULT]. This is causing VMs to be
scheduled on platform reserved cores. This commit will fix it.
Closes-Bug: #1928683
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I541760619f4c79c66a2bf22715afdc873b8343ce
The current network.dashboard.ingress.annotations in horizon's
values.yaml helm charts do not include the kubernetes property
'proxy-body-size'. This makes the resulting nginx.conf file in ingress
add the default rule 'max_body_size 1m' to the horizon servers,
which limits all http requests' size inside horizon to 1MiB, making it
impossible to upload images larger than that to glance using the
horizon GUI, for example.
This change adds said property to the horizon overrides, making
horizon's servers in nginx.conf include a 'max_body_size' of 2500MiB,
which makes uploading images up to that size possible again.
Story: 2008692
Task: 41996
Change-Id: I91888ce238d5304c08eb1e97918989b8f93ee34f
Deploy with rook-ceph, without "system storage-backend-add ceph"
there is no object storage-ceph in database. As current openstack
helm plugin fixed on object storage-ceph, in rook-ceph case
use a fixed override setting
Story: 2005527
Task: 39914
Depends-On: https://review.opendev.org/#/c/713084/
Change-Id: Ied852d60e8b15d55865747e0b6f4b54f2392d6df
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
A big chunk of logic is moved from sysinv conductor to application
itself.
Following hooks were necessary:
pre-apply, post-apply, pre-manifest-apply, pre-apply-rbd,
pre-apply-resource, post-remove-rbd, post-remove-resource, post-remove
Change-Id: I41858c831a4af564dbdf38934d51d34489bf8a9a
Story: 2007960
Task: 41293
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
This patch increases the proxy-connect-timeout from 5 to 30 seconds,
avoiding the Bad Gateway 502 error when CLI commands are executed.
Closes-bug: 1908720
Change-Id: I557456e9d0550a906b6d849d682de7ea3f0f42ad
Signed-off-by: hbrito <hugo.brito@windriver.com>
Packages defined in a spec with no files do not result in an RPM
produced by the build. On a rebuild, the build tools scan the spec and
sees the package defined but does not find a corresponding RPM, and so
flags the package for a rebuild as a result.
This commit removes the empty package definition from the spec.
Partial-Bug: 1910439
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: Ie1f18b1592f8187900624d993434ba04b23cbcff
Starting from Ussuri, OpenStack is deprecating vcpu_pin_set
in favor of cpu_dedicated_set and cpu_shared_set. These
overriders must be supported to be generated via Starlingx
system commands.
Closes-Bug: 1904729
Change-Id: I61514389b616db754b0d2f35deb0101f90dbdd02
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
Update remaining StarlingX packages with hardcoded TIS_PATCH_VER to
use PKG_GITREVCOUNT where possible, with offsets as needed to ensure
the version is incremented above the hardcoded version.
Story: 2008455
Task: 41455
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: Icdc9d71d1268a4d3dd9e569c8642717bceadda5e
admin account is used before, but if admin password is changed, flock
service cannot be notified and cannot get the new password, so flock
service like nfv-vim cannot fetch openstack vm info ever.
stx_admin account is created for this case.
Depends-On: https://review.opendev.org/753971
Closes-Bug: 1887755
Change-Id: I36f2442036bf6c98fbb0af727fddf1dd50e58330
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Thiago Brito