Issue:
'rate_limit' error when executing openstack network commands.
Failure was tracked to a failure to satisfy the lower-constraints.txt
of openstacksdk, keystoneauth1==3.13.0. We currently only provide
python2-keystoneauth1-3.10.0-1.el7.noarch.rpm.
Solution:
Investigation showed that there is currently no centos rpm
providing python2-keystoneauth1-3.13.0 or better. Solution
is to build python2-keystoneauth1-3.13.1 from openstack's git.
We can revert to a downloaded rpm when one becomes available.
Note:
I'm taking this opportunity to clean up stale patches
that pre-date python2-keystoneauth1-3.10.0. None of these
where in use.
Closes-Bug: 1819020
Change-Id: Ie2300f352dffc2fc87fbc84a9fc98d2a4e9484d4
Depends-On: I715ee3f05dacaa320083dd40c2b23f0f599b910e
Signed-off-by: Scott Little <scott.little@windriver.com>
A patch was being carried in stx-upstream for the client
that was meant to be removed once the patch was merged
in the python-openstackclient git.
It merged, which meant attempts to build would fail as the
patch was being applied twice.
This fix is to remove the temporary patch.
Closed-Bug: 1819176
Change-Id: Ib638367361d411ccbca03e85e30e0b2931738956
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Support per-host overrides of auto_bridge_add, so we can set different
nic for ovs bridges.
This feature is already merged into openstack-helm. As we don't use
latest version of openstack-helm, so make this as a patch in
stx-upstream.
Change-Id: Ida085e8475ade6787aaaee77148d669248dd66c6
Story: 2004649
Task: 29867
Signed-off-by: chengli3 <cheng1.li@intel.com>
In the docker image for mariadb-ingress if there are many cores
the calculated value for worker_rlimit_nofile ends up being 1024
which is too small. This change sets the min to 2048.
Closes-Bug: 1816479
Change-Id: I4f198b703eda61d9a9531640ec01a2770f9ec172
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
In order to provide the secure management of secrets service
as a container in StarlingX we need to create Barbican Docker
image and include it into StarlingX repository.
Change-Id: I3b4483f74d233348ec49729deff11ba7776af01b
Story: 2003108
Task: 29579
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
cinderclient was showing 0.0.0 for cinder --version
Same problem for glance.
The pbr version needed to be set when building from
outside of a git tree.
All other clients had this set properly.
This bug was introduced when the new stein clients were
added.
The cinderclient also needed some BuildRequires updated.
These BuildRequires were for building wheels.
Closes-Bug: 1814573
Change-Id: I4afe783e25ab2172ae999787e6b0e3ec91f78419
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Upstream nova helm chart attempts to figure out the address for VM
consoles by running an init container that checks for ip routes and
addresses on a compute host. It then sets the appropriate nova config
options in a config file which it passes to nova-compute. However this
effectively overwrites the same config option that stx has already
set in nova.conf via per host overrides causing us to communicate over
the wrong network or not to connect at all.
This fix introduces an option to enable/disable passing of this
additional config file to nova-compute. Default upstream behaviour is
unchanged, but we will disable it in our overrides.
Partial-Bug: #1815490
Change-Id: I86eb80578b23fd89b7f9643b943ee759f26a15be
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
The functionality of local docker registry authentication will be
enabled in commit https://review.openstack.org/#/c/626355/. However,
the OSH doesn't support a way to pass credentials to kubernetes to
pull images from a registry with authentication turned on.
This commit adds a "imagePullSecrets" field in service account template
resource and references the well-known secret "default-registry-key"
which created in sysinv during application apply. With this change,
kubernetes will pull images from local registry using this secret.
Note:
- This is short-term solution. The long-term solution is to implement
the BP https://blueprints.launchpad.net/openstack-helm/+spec/support
-docker-registry-with-authentication-turned-on which creates the
secret in chart and pass the secret in service account conditionally.
- It works with an unauthed registry and non-existent or existent
secret "default-registry-key" as well.
Change-Id: Icdff8b385cee7f8b0311086ae892b3b1edacea37
Story: 2002840
Task: 28945
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This update must be reverted once the following commit
is merged upstream:
https://review.openstack.org/#/c/625544/11
Until then, this update includes it as a patch against the
python-openstackclient source.
Change-Id: I527f889e797259a5cf816e71f2ca2a7f5fd949a3
Story: 2004751
Task: 29417
Signed-off-by: Don Penney <don.penney@windriver.com>
When removing the mariadb release from the cluster, this upstream commit
produces mariadb-ingress pods that are stuck in the "Terminating" state
with the associated containers becoming hung. This ultimately impacts
certain docker operations leading to PLEG health issues in the cluster.
The root cause of this is that the ingress pod uses dumb-init to start
the nginx-ingress-controller process. When the mariadb-ingress pod
terminates (via kill -TERM 1) all child processes are terminated but the
docker-containerd-shim remains causing the hung container condition.
Temporarily reverting this commit. A fix will be introduced upstream
dealing with dumb-init and this commit will be pick up again on the next
full chart rebase.
Change-Id: I25ad9bc3213468a9060e741917d96d9ac5c01b40
Story: 2004520
Task: 29420
Signed-off-by: Robert Church <robert.church@windriver.com>
This update temporarily points the stx-neutron master build
to a forked neutron repo. This is necessary to pull in specific
commits that have not yet merged upstream. Once all required
commits are merged, this can revert back to the upstream repo.
Story: 2004751
Task: 29396
Change-Id: I7453ffe943ff735338a06246a08399f79d6918b7
Signed-off-by: Don Penney <don.penney@windriver.com>
The mariadb startup script was trying to optimize the single-replica
case but missed the fact that the variable it was checking was a
string rather than an int.
Converting it to an int before doing the comparison makes it work
as expected.
Change-Id: I0f920b52c5cc92672a71ee3db3d7f8e5700fb709
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Story: 2004712
Task: 29385
- pass new pool replication parameter to the storage init script
- set images pool replication in the storage init script
Change-Id: If0ecaeb12afd78caacdbb9b85cda8d6cfda00dea
Story: 2004520
Task: 29324
Depends-on: I120e196ec3acca1f57b717cc4548c7c549fac738
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
Update conf.py for release notes to include the project
variable, set to the project name. This is so the string
above the left nav renders the project name.
Story: 2004900
Task: 29234
Change-Id: Id6b86d8c14628c0e04729e3e54b1718a51fe178b
Signed-off-by: Kristal Dale <kristal.dale@intel.com>
The pike novaclient contains wrs extensions were being
imported by horizon during startup.
Those imports fail with a stein novaclient, and so the
horizon code will no longer import those files.
When Horizon is moved to Stein (story 2004765)
this change will end up being removed.
Story: 2004751
Task: 29356
Change-Id: Ia51e8b592c58eab0df09bf9b345cbae9dbf0a319
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Platform horizon (pike) needs ceilometerclient
to satisy python imports.
When Horizon is moved to Stein (story 2004765)
this can be reverted.
Story: 2004751
Task: 29288
Change-Id: I636296966f1c293fe8d3bbd1b3b1a335fb6a863a
Depends-On: Iee76e932383493aea7d9fa0d18425f01e2f6a65d
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
change platform horizon to bind to port 8008
Story: 2004642
Task: 29265
Depends-On: https://review.openstack.org/#/c/634237/
Change-Id: Id6890c8e62d31225969e4c0bb23c78ccb66a3517
Signed-off-by: Tao Liu <tao.liu@windriver.com>
neutron-sanity-check command triggers privsep code and produces the
following:
WARNING oslo.privsep.daemon [-] privsep log:
oslo_log.log.LogConfigError: Error loading logging config
/etc/neutron/logging.conf: [Errno 2] No such file or directory:
'/etc/neutron/logging.conf'
This will add log_config_append to neutron-etc and allow ovs-agent to
successfully deploy
Change-Id: I82dd56dc686e2efbd10921b248497955c37279f1
Story: 2004751
Task: 28894
Signed-off-by: Robert Church <robert.church@windriver.com>
During Stein the deprecated query_volume_filters config option was
removed. As a result, /etc/cinder/resource_filters.json is required to
allow volume display operations to function.
This adds the file to the configmap and provides the default values for
the filters.
Change-Id: I5b21949160430c72eb63db20475efa9f098e809f
Story: 2004751
Task: 28894
Signed-off-by: Robert Church <robert.church@windriver.com>
This removes the --skip-metering-database option from _db-sync.sh.tpl.
This option was removed with the deprecated storage drivers in
Queens.
Change-Id: I6c88f882c9e54841c9eeb97c5010cf0691804a62
Story: 2004751
Task: 28894
Signed-off-by: Robert Church <robert.church@windriver.com>
This commit updates the master docker image file for
ceilometer to specify install of panko-5.0.0 explicitly.
Depends-On: I854b75577b6dbc3f0a8171190f5a1aa839412dc8
Change-Id: I4db80c4bcaaa09046285e9ee0af34db1be54a606
Story: 2004520
Task: 29047
Signed-off-by: Don Penney <don.penney@windriver.com>
To enable cold migration, need to update nova charts in openstack-helm
and helm-toolkit chart in openstack-helm-infra. These changes build
on existing upstream components which attempt to add a second container
to the nova-compute pod which creates a sshd process listening on port
8022.
Nova chart changes include:
- Fix bug in ssh-config mapping so config file is generated properly in
/root/.ssh/config in nova-compute container.
- Move private key from sshd container to nova-compute container.
- Map private and public ssh keys to new configmap-ssh which will
default to acceptable file permissions (400) for ssh. Keys will be
provided in overrides.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides. This
is the same as what is done in nova puppet currently.
- Remove chmods from sshd bash script as they are failing. Function is
replaced by configmap-ssh.
To enable cold migration in nova helm chart, we need to allow multiple
containers within the same daemonset pod. This requires a patch to
the helm-toolkit _daemonset_overrides template to remove upstream
restriction. This issue is tracked upstream by storyboard 2003876.
These changes should be upstreamed but may require further refinement.
Story: 2003909
Task: 28927
Change-Id: Id789ba051cec019e8b7564c713cf1b5296ecf9f6
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
This update adds e2fsprogs to the pike and master docker
image build directives files for stx-nova, to provide the
mkfs utilities required for ephemeral storage support.
Change-Id: If9b901696169d7d157a37d6b96f7b8c4db0a24a5
Closes-Bug: 1812432
Signed-off-by: Don Penney <don.penney@windriver.com>
python-aodhclient spec file is based off 1.1.1 (rocky)
python-barbicanclient spec file is based off 4.7.1 (rocky)
python-cinderclient spec file is based off 4.0.1 (rocky)
python-glanceclient spec file is based off 2.13.1 (rocky)
- docs disabled
python-gnocchiclient spec file is based off 7.0.4 (rocky)
python-heatclient spec file is based off 1.16.1 (rocky)
- docs disabled
python-ironicclient spec file is based off 2.5.0 (rocky)
python-keystoneclient spec file is based off 3.17.0 (rocky)
python-magnumclient spec file is based off 2.10.0 (rocky)
python-muranoclient spec file is based off 1.1.1 (rocky)
python-neutronclient spec file is based off 6.9.1 (rocky)
python-novaclient spec file is based off 11.0.0 (rocky)
- docs disabled
python-openstackclient spec file is based off 3.16.2 (rocky)
- docs disabled
- unit tests disabled
python-openstacksdk spec file is based of 0.17.2 (rocky)
- unit tests disabled
python-pankoclient spec file is based off 0.5.0 (rocky)
The primary changes to each spec files are
1) version has tis extension
2) sdk package added
3) wheels package added
Disable building:
- openstack-aodh
- python-osc-lib
ceilometerclient no longer exists.
openstack-heat no longer requires ceilometerclient
Story: 2004751
Task: 28864
Change-Id: Ifa905bea2e95ded72a327f8ff43667c8c5429363
Depends-On: Iea58cb9484c75cf757397d53d7d1576a2f436d81
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The keystone-api pod gets stuck in CrashLoopBackOff on
AIO-SX lock/unlock attempt.
When Kubernetes decides to kill the keystone-api pod due to readiness
probe failure or other reasons, it calls the preStop hook immediately
before the container is terminated. This hook starts a graceful
shutdown process which includes removing pid, shared memory segment
and wsgi sock files. If the container is not terminated within the
grace period, a SIGKILL is sent, and the container is forced to shut
down.
When the container was forced to terminate without clean up, the
stale files were left behind. On the restart, the application
detected the file existed, and treated it as configuration failure,
hence the exit. As a result, the pod went into a crash loop.
This update removes any stale files when the pod starts.
Story: 2004520
Task: 28392
Change-Id: I613a0db674de9578b3f9d1fa781a1612d9caf214
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Until the ceph upgrade is complete, a forked gnocchi repo will
be used for the stx-gnocchi image to allow temporary changes
to the gnocchi source to support the older ceph version.
Change-Id: I370086ca01e95e8b4907951328f29d833847b6b7
Story: 2004520
Task: 28912
Signed-off-by: Don Penney <don.penney@windriver.com>
The spec files for openstack-helm-infra and openstack-helm
have been updated to not require networking, and therefore
can be built the same as other std targets rather than as
a container target.
helm init --client-only was using networking and DNS lookup.
This commit sets up helm without running that command.
Story: 2004005
Task: 28793
Change-Id: I35c9b547a98fac559793bc2ec00012f6eded8ffa
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Update the stx-horizon.master image build directives file to include
starlingx-dashboard module in the image, and to add a customization
hook to copy the themes to a common location.
Depends-On: I5339c875ff7bec8a1b516b54819b7a7667895cee
Change-Id: I563a7bf68f9c125fffd35bc857c8853d5efaa3b9
Story: 2004520
Task: 28728
Signed-off-by: Don Penney <don.penney@windriver.com>
doc index.rst:
1. Update intro sentence to read as a complete sentence
2. Remove unused toctree
3. Correct heading levels (impacting side nav and correct rendering of content)
4. Remove "Indices and Tables" section: genindex page not used, search searches
only index (not useful here)
releasenotes index.rst:
1. Standardize page title reST markup
2. Remove search (make consistent with other openstack release note pages)
Change-Id: I4847f655f72c3ce4fe1f0d197b00167e499dd658
Signed-off-by: Kristal Dale <kristal.dale@intel.com>
Use rabbitmq-server-config package to package config files for
rabbitmq-server package. We can remove related patches of it.
Install custom ocf script and let SM call this one instead of
default one.
Deployment test and ping test between VMs pass
Config files check pass.
Story: 2003768
Task: 28042
Depends-on: https://review.openstack.org/#/c/621510
Change-Id: I64281b5601b7e457c724747f81e58cc1e42936dd
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
