As gnocchi is disabled by default on stx-openstack, this problem
didn't surfaced during the upversion of osh-i. This patch fixes
the chart version for gnocchi for the commit currently in use.
Story: 2009161
Task: 43151
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Idff4175d3952c0cb83ef346ee1b91a0c8cc6ae71
Openstack is not showing the buttons to Create / Delete / Edit a
Role when using the admin user with admin project, as a result
the admin user can only work with the default Roles created by
Openstack.
Horizon has some features that were rewritten with Angular, the
Role view is one that was rewritten with angular. According to
Horizon documentation, there are necessary configurations that
need to be supplied in Horizon configuration to allow the features
in Angular to work properly.
We found out that the Horizon
REST_API_REQUIRED_SETTINGS configuration key from
local_settings file is overriden in openstack-armada-app, but it
doesn't have the value OPENSTACK_KEYSTONE_BACKEND
that is necessary to the Role view to work properly.
This is fix has the goal to add the
OPENSTACK_KEYSTONE_BACKEND value in the
REST_API_REQUIRED_SETTINGS configuration key.
Closes-Bug: #1946384
Change-Id: I83563595ee30963ed506685cec24729d9a456268
Signed-off-by: Ricardo Sarto <Ricardo.SoaresSarto@windriver.com>
This review updates openstack-helm-infra to commit
8351fdd0f1228717342c2accc96977b0cdc36dc3 and removes patches that were
merged on osh-i; fixes the remaining patches to the current diffs and do
minor adaptations to make osh-i work on StarlingX.
Story: 2009161
Task: 43151
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I36159b0264a79c3727b20e6ff1b7831183e47c3a
The Help URL at user's dropdown located on the top right corner is
taking the user, by default, to the latest release documentation,
which changes over time and is not the current release used by
stx-openstack. Also this change allows the URL to be easily replaced
as desired via helm-overrides.
Closes-Bug: #1940318
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I74b7218356518ac1407091b010949ed90abd169d
Adding a certificate and ca_certificate using:
`certificate-install -m {openstack | openstack_ca}` ends up breaking
openstack application. OS-STX forces public endpoint and when such
endpoint has TLS enabled everything breaks, therefore based on the
implementation of tls support for openstack-helm that enables tls
for the openstack services we picked the trust cert code without
actually enabling tls backends
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I2dfc7c12defcc948fcdc353251301980e65f3011
Closes-Bug: 1937260
In a DX scenario, after lock-unlock a controller the remaining MariaDB
instance (lets say maria-server0) goes to a Non-Primary + Initializing
State (non-operational). After that it remains searching for the now
deleted pod (maria-server1) but using the old IP, the one before the
restart. maria-server0 flags the old IP as delayed and suspect for
eviction, however being a Non-Primary member it cannot in fact evict
the old node and start looking for new members. Setting a LivenessProbe
that detects nonoperational members and restart them fixes this, as the
recreated pod starts looking for a cluster to join.
Closes-Bug: #1938346
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I38d788f720cbd6bd13b6b6147db6f3d2a2ff9c92
When loading a custom theme, the current configuration also loads the
StarlingX theme which is not available on the Openstack Horizon image.
This fix removes the loading of the StarlingX theme and fixes the logic
so other themes are enabled when the custom one is not.
Closes-Bug: #1935859
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I14975ee07210875f0e5c49c13e3371a18c4b2261
execfile is python2.x only, therefore this code breaks any python3
installation that uses brandend platform horizon
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ide48191e970d0df4481a44b892ba0d15e9f44604
Closes-Bug: 1933667
overrides script to set 'ignore_lockout_failure_attempts' be true
in user option to avoid admin be locked due to authentication failure.
Partial-Bug: 1887755
Change-Id: I71505fabc51be839b60460cca9d5850dd49f0ade
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Currently, all of the stx-openstack services have the
replica count set to the number of the controllers.
If one of the controllers is locked their replicas
number will still be 2 which is incorrect.
We solve this by changing the number of replicas
to be equal to the number of the active controllers.
The rabbitmq and mariadb services cannot use this approach because
they are unable to work properly if their replica number
is decreased from 2 to 1. So a kubernetes toleration
is used here to allow the rabbitmq and mariadb pods to be
deployed on the locked controller.
Change-Id: I15cf2a3f62525751435ddbe66760935f3ab21d2b
Closes-Bug: 1879018
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
the fqdn in nova-compute pod will be incorrect if expose service before
apply openstack.
for example:
in nova-compute pod, it will get the fqdn
[root@compute-0 /]# hostname -A
192-188-204-33.centos.kube-system.svc.cluster.local
compute-0-cluster-host compute-0 compute-0
This will cause nova readness failure
Closes-Bug: 1893908
Change-Id: I85c34873528cca8fabf10ad7ddcb8997b23c8008
Signed-off-by: Austin Sun <austin.sun@intel.com>
A follow-up commit of https://review.opendev.org/#/c/749624/
to update the requests from nova-api-proxy to nova
via ingress. This requires to enable jobs in nova
to create an additional ingress and ingress-service
for nova-api.
The created ingress for nova-api is called "nova-api-internal"
and nova-api-proxy configuration file is overrided to
listen on nova-api-internal.openstack.svc.cluster.local:80
Change-Id: I2275be8e9458addbf1aedb203a7960f5f8d0b0de
Partial-Bug: 1880777
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The requests to Openstack services hang/fail sometimes
due to message loss when connecting to internal service
endpoints. This issue was observed before and fixed in
commit https://review.opendev.org/#/c/683818/ by setting
net.ipv4.tcp_tw_reuse to 0, however, it's still being
seen on recent STX loads.
It has been tested and proved that requests go through
ingress pod do not have the issue. This commit updates
helm charts and manifest to make all requests sending
to openstack services go to ingress pod and then ingress
would forward requests to the corresponding api service.
Changes included:
- update helm-toolkit manifest job-ks-endpoint.yaml
to provide an ability to conditionally configure
all types of openstack endpoints with public endpoint
url when endpoints.identity.force_public_endpoint is
true. Same update for keystone and keystone-api-proxy.
With the update, for example, the admin,internal
and public endpoints for neutron will be
neutron.openstack.svc.cluster.local:80
- update armada manifest to make neccessary overrides
in openstack service configuration file to make
communications between services go through ingress
Change-Id: Icd646dd07d544da420a75f920bd7c3e8fc931327
Closes-Bug: 1880777
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The commit that we are reverting broke the normal lock/unlock
case when stx-openstack is applied. More specifically,
the mariadb pod failed to start when stx-openstack
was applied automatically after unlock.
This reverts commit 754a1d33de.
Change-Id: I0f1e5854d22ed54747d0237153ada3985f29ef96
with garbd's suspect_timeout
In openstack-helm-infra, it launch evs.suspect_timeout=PT30S
for mariadb-server in configmap, mariadb-etc. This setting is
for three mariadb-server pod deployment, every mariadb-server
with same setting suspect_timeout=30s. But after change to two
mariadb-server and one garbd arbitrator. Setting in configmap
mariadb-etc evs.suspect_timeout=PT30S, only takes effect for 2
mariadb-server, for garbd arbitrator, it use galera default
setting evs.suspect_timeout=PT5S. If mariadb-server-1 exit
abnormal, after 5s, garbd arbitrator suspects mariadb-server-1
is dead, but as not reach 30s, mariadb-server-0 thinks mariadb-server-1
is not dead. In this state, quorum fail, garbd arbitrator and
mariadb-server-0 both set to none primary component, service
down.
For fix solution, set value.conf.data.config_override to override
wsrep_provider_option in mariadb helm chart, which makes garbd
arbitrator and mariadb-server launch with same setting for
"evs.suspect_timeout=PT5S", default value. By this way, mariadb
server recovery time will also improve. To update setting for
"evs.suspect_timeout", it should both update override for mariadb
and garbd helm chart.
Setting for "gmcast.listen_addr=tcp://0.0.0.0:<port>", takes
effect for both ipv4 and ipv6. So keeps such setting.
Reference link for wsrep option and galera cluster quorum
https://mariadb.com/kb/en/wsrep_provider_options/https://galeracluster.com/library/documentation/weighted-quorum.html
Closes-Bug: 1888546
Change-Id: I06983cf0d91d4d9aa88f352e64b1e6571b816ec6
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
VM cannot be created due to non-admin user cannot retrieve resource
limits info. The reason is nova code since Ussuri has changed limits/
os-availability-zone's policy to any user. But the policy config in
openstack-helm is not updated yet, and cause the mismatch between
code and config.
Overwrite nova's policy config to align with the code.
Here is upstream's patch for this policy change:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
Patch is uploaded in openstack-helm also, and we could abandon this
overwrite later when we upgrade openstack-helm to include the fix:
https://review.opendev.org/744392
Closes-Bug: 1887589
Change-Id: If637c40fb6b887cdc017aa70c4c5ba145eb5bec3
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Currently, all of the stx-openstack services have the
replica count set to the number of the controllers.
If one of the controllers is locked their replicas
number will still be 2 which is incorrect.
We solve this by changing the number of replicas
to be equal to the number of the active controllers.
The rabbitmq service cannot use this approach because
it is unable to work properly if its replicas number
is decreasaed from 2 to 1. So a kubernetes toleration
is used here to allow the second rabbitmq pod to be
deployed on the locked controller.
Change-Id: Ie979c7b5f2755ad673bd180e38b68e0d53c5f9b2
Closes-Bug: 1879018
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
To support upgrade code in the pike version of stx-nova in, we had to
disable nova config upgrade_levels. This was set by default to
compute=auto in openstack-helm.
Now, we should revert to upstream default which should allow for more
flexibility during upgrades.
Closes-Bug: 1835563
Change-Id: Ic4a338fc20eac9f72a4cb7177fa498d374287bf1
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
After using python3 to build image, need to change related
wsgi profile like we did for other openstack service.
Test pass for openstack apply with 4 additonal services enabled
Closes-Bug: 1886819
Depends-on: https://review.opendev.org/#/c/740390/
Change-Id: Ic7345760a0a387c87f79b78e7949df920da83044
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
The current implementation of the application framework requires that
plugin names are unique across all applications loaded on the system.
This adjusts the PSP RoleBinding and Helm Toolkit plugins so they don't
conflict with other applications.
Change-Id: Ia5e301d869a4e7200e92010e30f0ee93f2590472
Story: 2006537
Task: 40154
Signed-off-by: Robert Church <robert.church@windriver.com>
Due to upgrade of openstack-helm, we need to update related
manifest items.
Story: 2007474
Task: 39505
Depends-on: https://review.opendev.org/#/c/720158/
Change-Id: I3710f4f58b888f70846bbfd40dc2cda1158952dc
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
This commit adds a helm chart that deploys a rolebinding to the openstack
application to allow deployments to the openstack namespace after
PodSecurityPolicy plugin is enabled on the Kubernetes cluster.
Change-Id: I57d3a31c9fcc7e03499e605d6d722fdb36004339
Partial-bug: 1878900
Depends-On: https://review.opendev.org/#/c/734408/
Depends-On: https://review.opendev.org/#/c/735998/
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Update static override in manifest for ussuri upgrde
As ussuri support only python3, we have to add WSGISocketPrefix
and specify python-home and socket-usr for WSGIDaemonProcess,
otherwise python3 wsgi could not work.
story: 2007638
task: 39694
Depends-on: https://review.opendev.org/#/c/712880/
Change-Id: I45c895d09002e3a898d4c01b10dca6acb8ceb415
Signed-off-by: Yu Chengde <yu.chengde@99cloud.com>
This adds support for Helm v3.
- 'helm init' and initialization is no longer required
- 'chartmuseum' is used as a drop-in replacement for 'helm serv'
- all Charts require the tag: apiVersion: v1 (or v2)
This updates ingress chart to specify apiVersion.
Change-Id: Ie41cde4ad450b63a78a0a677995e9c28eefd9798
Story: 2007000
Task: 39327
Depends-On: https://review.opendev.org/719962
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
If no interface is set, the default is the admin interface.
In a normal deployment both openstack-keystone admin and internal
endpoints are exposed on the same URL.
In case of Distributed Cloud openstack-keystone URL for admin is
overriden to something different than internal URL.
Due to lack of interface, the default `admin` is used, yet the URL is
set to the interal one. The config doesn't point to a valid Keystone
service. Thus Cinder, Nova and Nova-api-proxy cannot validate tokens.
Modify configs for services to point to the internal keystone service.
Closes-Bug: 1875914
Change-Id: I19385f1fe27cf8f20f5ee7b43abf86b220c9d8d6
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
This creates a new package spec called python-k8sapp-openstack that will
hold all the stevedore plugins needed to support the application. This
spec will build two packages python-k8sapp-openstack and
python-k8sapp-openstack-wheels.
These packages are included in the build dependencies for the
stx-openstack-helm application package build where the wheels file is
included in the application tarball.
The helm and armada plugins have been relocated to this repo and
provided in a k8sapp_openstack python module. This module will be
extracted from the wheels and installed on the platform via the sysinv
application framework. The module will be made available when the
application is enabled.
Change-Id: I342308fbff23d29bfdf64a07dbded4bae01b79fd
Depends-On: https://review.opendev.org/#/c/688191/
Story: 2006537
Task: 36978
Signed-off-by: Robert Church <robert.church@windriver.com>
Since nginx-ingress-controller app was removed for external facing
ingress (https://review.opendev.org/#/c/724385/), updating the app
version to mark the change.
Story: 2007360
Task: 39596
Change-Id: Ied28669dd10fc19549812848f4aa28b147fb6245
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
nginx ingress controller is now deployed as a standalone app
(nginx-ingres-controller-armada-app). This commit removes the external
facing ingress controller in stx-openstack.
Story: 2007360
Task: 39596
Tested by checking external REST APIs are served as expected.
Change-Id: I28c56de4b2c4c31b1e0188f47973ba9851430a39
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
Currently dcdbsync instance for openstack is listening on port 8220.
With the admin endpoint of dcdbsync instance for platform has https
enabled and uses port 8220, the port of dcdbsync instance for
openstack is updated to use 8229.
Change-Id: I37edfe3b5813386b087f13997f4ce312a4766f70
Story: 2007347
Task: 39408
Depends-On: https://review.opendev.org/#/c/720009/
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Need to set bind_host to :: instead of "0.0.0.0" and host listen
ip to ::
Otherwise it will only bind to port to ipv4 address.
Partial-Bug: 1859641
Test pass on both ipv4 and ipv6 simplex setup
Depends-on: https://review.opendev.org/714898
Change-Id: I51bd1a65d7728c74f6c69b87e57e3fc42e8adc15
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
Adding probes parameters for armada overriding them in duplex AIO and
multi-node deployment. Specifically, there are 2 mariadb-servers in
the DB cluster for OpenStack services at duplex or multi-node cases.
These 2 mariadb-server pods are placed on Controller-0 and Controller-1
respectively (manipulated by anti-affinity). Whenever one Controller is
rebooted on purpose or even worse accidiently shutdown for any reasons
mariadb-server pod on that controller is gone together. To keep mariadb
cluster still working even with only one instance, we have to adjust
the default probe behaviors. Upon this request, we have to export probe
parameters for "startupProbe" and "readinessProbe" so that StarlingX
Armada application could set these parameters accordingly and thereby
mariadb server can still work as expected with even only one pod in the
cases of Controller node rebooting or shutdown.
Closes-bug: 1855474
Change-Id: I3a8a99edd44d7ac4257ddf79b6baba5c52714324
Signed-off-by: Hu, Yong <yong.hu@intel.com>
Co-Authored-By: Zhipeng, Liu <zhipengs.liu@intel.com>
When we use Armada to deploy openstack service for ipv6, rabbitmq
pod could not start listen on [::]:5672 and [::]:15672.
For ipv6, we need an override for configuration file.
Upstream patch link is:
https://review.opendev.org/#/c/714027/
Partial-Bug: 1859641
Depends-on: https://review.opendev.org/#/c/714034/
Change-Id: I34e92afe291c4b7f31f53f1b974ad5fdc47b9560
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
Current config "concurrent_disk_operations" is not used anymore.
Change it to "max_concurrent_disk_ops" as related patch already
merged since stein.
https://review.opendev.org/#/c/609180/
Closes-Bug: #1835559
Change-Id: I98ce7cee6ef133dbbe70f7af89494ee6e6c021f9
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
This update changed dcdbsync endpoint to be created in subcloud
from internal to admin. The admin endpoint will be used by dcorch to
access dcdbsync service in subcloud.
The reason why admin endpoint is used for dcorch access is, public
endpoint is intended for end users and its domain name can be
overrided by "system service-parameter-add openstack helm
endpoint_domain=<public domain>", internal endpoint is used by services
running within the subcloud cluster with listening port on 5000, which
is not accessible from outside the subcloud cluster even its fqdn is
overriden. admin endpoint is a good fit for DC orchestration and
adminstration.
Change-Id: I70784385e6e4572cccc10ef18bdf103def4ca570
Story: 2006588
Task: 37792
Signed-off-by: Andy Ning <andy.ning@windriver.com>
The configuration item "conf.neutron.DEFAULT.lock_path" is not
used anymore, we need to override
"conf.neutron.oslo_concurrency.lock_path" to
/var/run/neutron/lock
Verified that in neutron-l3-agent-controller-0
and nova-compute-controller-0, not see lots of errors anymore.
Router update finished in neutron.agent.l3.agent
closes-Bug: #1841660
Change-Id: I9c62872d86ba8f92cb8380181bf91389767cba09
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Due to upgrade of openstack-helm, we need to update related
manifest items whose structure changed.
Basic deployment test on AIO/Duplex/Multi virtual setup pass
and VM creation pass.
Story: 2006544
Task: 36623
Depends-on:https://review.opendev.org/#/c/683886/
Change-Id: I62cc2a723ff1c6ef68b2d27f2b538254825d3835
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This update contains changes to deploy and config the dcdbsync instance
for containerized openstack services, including:
- Added helm charts to create dcdbsync identities in containerized
keystone, including user, endpoint, project-role assignment etc.
The overall procedure is, during stx-openstack app application,
dcdbsync identities will be created in containerized keystone. After
stx-openstack is successfully applied the dcdbsync runtime puppet is
called to generate the configuration file for openstack dcdbsync
instance with some information retrieved from helm (particularly
keystone passwords). Finally sm runtime is called to bring up the
dcdbsync service into running. When stx-openstack app is removed,
openstack dcdbsync instance will be cleanup with configuration file
removed and service deprovisioned and stopped.
Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1
Story: 2004766
Task: 36104
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This update added "identity_openstack" as sync_endpoint into
containerized keystone-api-proxy configuration file. The sync_endpoint
will be used as endpoint type to enqueue job for dcorch.
Change-Id: Iebe9a209f6f8bc63871aa024f7014638e5deeb05
Story: 2004766
Task: 36155
Depends-On: https://review.opendev.org/#/c/674927/
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This change allows to deploy the fm-rest-api helm
chart with armada system.
Change-Id: I382c896f4e211b5344ef694a014438beab7cf4ed
Story: 2004008
Task: 36502
Depends-On: https://review.opendev.org/642925/
The helm charts contain references to images for all
configurations, however some of those configurations
are not being enabled, and so the docker images are never
used.
This change prevents armada from downloading docker images
that are not being used by the armada manifest.
It requires an enhancement in sysinv to handle the null
reference.
The following images are unused and have been replaced
in the manifest with null (or the appropriate reference)
- kolla/ubuntu-source-nova-novncproxy: referenced by
novnc_assets and must point to the nova image.
- xrally/xrally-openstack: used when "test" is enabled,
referenced by cinder, ceilometer, glance, heat, keystone,
nova, neutron, panko.
- openstackhelm/ceph-daemon: referenced by ceph_rgw.
- openstackhelm/neutron: referenced by openstack-ingress.
- osixia/keepalived: referenced by openstack-ingress.
- prom/memcached-exporter: referenced by openstack-memcached.
- docker: referenced by image_repo_sync image tags in almost
every chart.
- kbudde/rabbitmq-exporter: referenced by openstack-rabbitmq.
- prom/mysqld-exporter: referenced by openstack-mariadb
Change-Id: Ide26ddaf3537b8b9595104a683339554aea71b48
Closes-Bug: 1841611
Depends-On: https://review.opendev.org/#/c/680067/
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
In deployment-novncproxy.yaml, it set hostNetwork = true.
We want to let it use cluster network instead of hostNetwork.
This patch will add a config item, so that we can override it
to use cluster network. Then no need to enable 6080 port in
local network firewall for novncproxy access.
Upstream patch submitted as below.
https://review.opendev.org/#/c/679891
Below test pass!
Access to VM console through horizon works!
Closes-bug: 1827246
Change-Id: Icb0cfa39839e151d5869c64bc8f0151d0d9faf49
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Relocation of helm charts required some modifications to
the spec and relocation of the makefile..
Story: 2006166
Task: 35687
Depends-On: I5c34bf66a3631e86e22684412e01c02980e9ae30
Change-Id: If27d138708c580df168797a3878e349fde2c6d19
Signed-off-by: Scott Little <scott.little@windriver.com>
Upgrading from kubernetes 1.13.5 to 1.15.0 meant the config
needed to be updated to handle whatever was deprecated or dropped
in 1.14 and 1.15.
1) Removed "ConfigMapAndSecretChangeDetectionStrategy = Watch"
reported by https://github.com/kubernetes/kubernetes/issues/74412
because this was a golang deficiency, and is fixed by the newer
version of golang.
2) Enforced the kubernetes 1.15.3 version
3) Updated v1alpha3 to v1beta2, since alpha3 was dropped in 1.14
changed fields for beta1 and beta2 are mentioned in these docs:
https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2
4) cgroup validation checking now includes the pids subfolder.
5) Update ceph-config-helper to v1.15 kubernetes compatable
This means that the stx-openstack version check needed to be increased
Change-Id: Ibe3d5960c5dee1d217d01fbb56c785581dd1b42c
Story: 2005860
Task: 35841
Depends-On: https://review.opendev.org/#/c/671150
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
To reduce cpu usage on platform cores (especially on AIO), reduce the
frequency of the rabbitmq readiness and liveness probes from every 10s
to 30s. These probes both run the command "rabbitmqctl status" which
seems to have significant cpu impact.
For reference, the platform rabbitmq process status check runs every
20s.
Partial-Bug: 1837426
Depends-On: https://review.opendev.org/#/c/677041
Change-Id: Ie8eea35b9ed268f4156d1cdc884a6d5004e87018
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
Affinity weigher is required to support soft-anti-affinity and
soft-affinity server group policies in nova. Set to a relatively high
mulitplier of 20 to ensure that this criteria predominates the host
selection.
Adjust other weigher multipliers accordingly:
io_ops: remove override to let it use default value of -1. Old -5
setting was related to discontinued stx-nova patch in previous
stx release.
cpu & build_failure: disable similar to ram, disk & pci.
Also enable shuffle_best_same_weighed_hosts to randomize host selection
where weights are equal across multiple hosts.
Change-Id: I28f92a7c703d1b78d5cab93418359ce164e61066
Closes-Bug: 1834255
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
radosgw is a now an optional platform service which is provisioned via a
system service parameter. To align with this optionality, the ceph-rgw
chart which is used to enable the containerized swift endpoints also
becomes optional.
Changes include:
- Update the stx-openstack application disabled_charts setting in the
application metadata.yaml to include the ceph-rgw chart. This sets the
initial chart state to disabled.
- Optimize ceph.pp puppet manifests to provide two runtime classes: one
for setting up the platform radosgw configuration which will set the
haproxy configuration and the other for updating the keystone
information in the ceph configuration based on if the ceph-rgw chart
is enabled.
- Update the sm.pp manifest to dynamically provision/deprovision the
radosgw based on if it's enabled in the service parameters
- Rename the SWIFT service parameters to RADOSGW as this is the platform
service being enabled.
- Restructure ceph.py/ceph.pp to generate and use hieradata such that
_revert_cephrgw_config() and _update_cephrgw_config() can be combined
into a single function for runtime updates.
Change-Id: Id8d5c6b1159881d44810fc3622990456f1e54e75
Depends-On: If284f622ceac48c4ffd74e7022fdd390971d0fd8
Partial-Bug: #1833738
Signed-off-by: Robert Church <robert.church@windriver.com>
Thiago Brito
Ricardo Sarto
Heitor Matsui
Lucas Cavalcante
Chen, Haochuan Z
Dan Voiculeasa
Shuicheng Lin
Mihnea Saracin
Austin Sun
Angie Wang
Zhipeng Liu
Robert Church
Jerry Sun
yuchengde
Jim Gauld
Sabeel Ansari
Andy Ning
Hu, Yong
SidneyAn
Al Bailey
Scott Little
Gerry Kopec