The functionality of local docker registry authentication will be
enabled in commit https://review.openstack.org/#/c/626355/. However,
the OSH doesn't support a way to pass credentials to kubernetes to
pull images from a registry with authentication turned on.
This commit adds a "imagePullSecrets" field in service account template
resource and references the well-known secret "default-registry-key"
which created in sysinv during application apply. With this change,
kubernetes will pull images from local registry using this secret.
Note:
- This is short-term solution. The long-term solution is to implement
the BP https://blueprints.launchpad.net/openstack-helm/+spec/support
-docker-registry-with-authentication-turned-on which creates the
secret in chart and pass the secret in service account conditionally.
- It works with an unauthed registry and non-existent or existent
secret "default-registry-key" as well.
Change-Id: Icdff8b385cee7f8b0311086ae892b3b1edacea37
Story: 2002840
Task: 28945
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The mariadb startup script was trying to optimize the single-replica
case but missed the fact that the variable it was checking was a
string rather than an int.
Converting it to an int before doing the comparison makes it work
as expected.
Change-Id: I0f920b52c5cc92672a71ee3db3d7f8e5700fb709
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Story: 2004712
Task: 29385
- pass new pool replication parameter to the storage init script
- set images pool replication in the storage init script
Change-Id: If0ecaeb12afd78caacdbb9b85cda8d6cfda00dea
Story: 2004520
Task: 29324
Depends-on: I120e196ec3acca1f57b717cc4548c7c549fac738
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
Update conf.py for release notes to include the project
variable, set to the project name. This is so the string
above the left nav renders the project name.
Story: 2004900
Task: 29234
Change-Id: Id6b86d8c14628c0e04729e3e54b1718a51fe178b
Signed-off-by: Kristal Dale <kristal.dale@intel.com>
change platform horizon to bind to port 8008
Story: 2004642
Task: 29265
Depends-On: https://review.openstack.org/#/c/634237/
Change-Id: Id6890c8e62d31225969e4c0bb23c78ccb66a3517
Signed-off-by: Tao Liu <tao.liu@windriver.com>
This commit updates the master docker image file for
ceilometer to specify install of panko-5.0.0 explicitly.
Depends-On: I854b75577b6dbc3f0a8171190f5a1aa839412dc8
Change-Id: I4db80c4bcaaa09046285e9ee0af34db1be54a606
Story: 2004520
Task: 29047
Signed-off-by: Don Penney <don.penney@windriver.com>
To enable cold migration, need to update nova charts in openstack-helm
and helm-toolkit chart in openstack-helm-infra. These changes build
on existing upstream components which attempt to add a second container
to the nova-compute pod which creates a sshd process listening on port
8022.
Nova chart changes include:
- Fix bug in ssh-config mapping so config file is generated properly in
/root/.ssh/config in nova-compute container.
- Move private key from sshd container to nova-compute container.
- Map private and public ssh keys to new configmap-ssh which will
default to acceptable file permissions (400) for ssh. Keys will be
provided in overrides.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides. This
is the same as what is done in nova puppet currently.
- Remove chmods from sshd bash script as they are failing. Function is
replaced by configmap-ssh.
To enable cold migration in nova helm chart, we need to allow multiple
containers within the same daemonset pod. This requires a patch to
the helm-toolkit _daemonset_overrides template to remove upstream
restriction. This issue is tracked upstream by storyboard 2003876.
These changes should be upstreamed but may require further refinement.
Story: 2003909
Task: 28927
Change-Id: Id789ba051cec019e8b7564c713cf1b5296ecf9f6
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
This update adds e2fsprogs to the pike and master docker
image build directives files for stx-nova, to provide the
mkfs utilities required for ephemeral storage support.
Change-Id: If9b901696169d7d157a37d6b96f7b8c4db0a24a5
Closes-Bug: 1812432
Signed-off-by: Don Penney <don.penney@windriver.com>
The keystone-api pod gets stuck in CrashLoopBackOff on
AIO-SX lock/unlock attempt.
When Kubernetes decides to kill the keystone-api pod due to readiness
probe failure or other reasons, it calls the preStop hook immediately
before the container is terminated. This hook starts a graceful
shutdown process which includes removing pid, shared memory segment
and wsgi sock files. If the container is not terminated within the
grace period, a SIGKILL is sent, and the container is forced to shut
down.
When the container was forced to terminate without clean up, the
stale files were left behind. On the restart, the application
detected the file existed, and treated it as configuration failure,
hence the exit. As a result, the pod went into a crash loop.
This update removes any stale files when the pod starts.
Story: 2004520
Task: 28392
Change-Id: I613a0db674de9578b3f9d1fa781a1612d9caf214
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Until the ceph upgrade is complete, a forked gnocchi repo will
be used for the stx-gnocchi image to allow temporary changes
to the gnocchi source to support the older ceph version.
Change-Id: I370086ca01e95e8b4907951328f29d833847b6b7
Story: 2004520
Task: 28912
Signed-off-by: Don Penney <don.penney@windriver.com>
The spec files for openstack-helm-infra and openstack-helm
have been updated to not require networking, and therefore
can be built the same as other std targets rather than as
a container target.
helm init --client-only was using networking and DNS lookup.
This commit sets up helm without running that command.
Story: 2004005
Task: 28793
Change-Id: I35c9b547a98fac559793bc2ec00012f6eded8ffa
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Update the stx-horizon.master image build directives file to include
starlingx-dashboard module in the image, and to add a customization
hook to copy the themes to a common location.
Depends-On: I5339c875ff7bec8a1b516b54819b7a7667895cee
Change-Id: I563a7bf68f9c125fffd35bc857c8853d5efaa3b9
Story: 2004520
Task: 28728
Signed-off-by: Don Penney <don.penney@windriver.com>
doc index.rst:
1. Update intro sentence to read as a complete sentence
2. Remove unused toctree
3. Correct heading levels (impacting side nav and correct rendering of content)
4. Remove "Indices and Tables" section: genindex page not used, search searches
only index (not useful here)
releasenotes index.rst:
1. Standardize page title reST markup
2. Remove search (make consistent with other openstack release note pages)
Change-Id: I4847f655f72c3ce4fe1f0d197b00167e499dd658
Signed-off-by: Kristal Dale <kristal.dale@intel.com>
Use rabbitmq-server-config package to package config files for
rabbitmq-server package. We can remove related patches of it.
Install custom ocf script and let SM call this one instead of
default one.
Deployment test and ping test between VMs pass
Config files check pass.
Story: 2003768
Task: 28042
Depends-on: https://review.openstack.org/#/c/621510
Change-Id: I64281b5601b7e457c724747f81e58cc1e42936dd
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Modify the python-django-openstack-auth spec to add steps
to build the python wheel, as well as include it in the pike
wheels tarball.
Change-Id: Idfe6de304b41d3a08cbfd8435f9191e9fefd8ed0
Story: 2004520
Task: 28587
Signed-off-by: Don Penney <don.penney@windriver.com>
Update the stx-horizon image build directives file to include
starlingx-dashboard module in the image, and to add a customization
hook to copy the themes to a common location.
Change-Id: I1684eebc31e977ee02c95d8ba7ec6cd11f3244cb
Story: 2004520
Task: 28588
Signed-off-by: Don Penney <don.penney@windriver.com>
Customizations to the pam package were refactored to
a new pam-config package. This update installs this
package in the stx-nova image.
Story: 2004520
Task: 28589
Change-Id: Ia21fdb30fa3bff6d123ebaa3d057190d05d4913d
Signed-off-by: Don Penney <don.penney@windriver.com>
Use openstack-panko-config package to package config file for
openstack-panko package.
The StarlingX common logrotate config file includes panko log files.
To avoid conflict with the logrotate config file from openstack-panko,
we're overwriting this file with just a comment to clear its config.
Deployment test pass and config file check pass!
Story: 2003768
Task: 28362
Change-Id: I09b0f6ae93b915e10ff3d8cdf6fc9cbd5fe9426e
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Update misc compute references to worker
Tests Performed:
Non-containerized deployment
AIO-SX: Sanity and Nightly automated test suite
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+2 System: Horizon Patch Orchestration
Kubernetes deployment:
AIO-SX: Create, delete, reboot and rebuild instances
2+2+2 System: worker nodes are unlock enable and no alarms
Story: 2004022
Task: 27013
Depends-On: https://review.openstack.org/#/c/624452/
Change-Id: I158394e5fb37367a0ba11e2236fdea64db3cc186
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Deleted the STX local_settings.py file. The generic
local_settings.py.example file will now be used and STX
customization will be located in stx-gui under
local_settings.d.
Story: 2004552
Task: 28394
Depends-On: https://review.openstack.org/#/c/624764
Change-Id: I092040eae3ca4c6f41026e2e98cea8a74ecdabff
Signed-off-by: Kristine Bujold <kristine.bujold@windriver.com>
Upstream master has some fixes for the mariadb chart that we hope will improve
behaviour under fault scenarios so import them into our load.
When we update the repo to the latest upstream we should pick these up and
the patches can be dropped.
Change-Id: I5bb367db76b6d00d9922a4b1bb32d87aaa37cf91
Story: 2004520
Task: 28388
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
IPMI device should be mounted from host to ceilometer-ipmi pod
in order to enable pulling of ipmi samples.
Change-Id: Ic8c31c825e406ab4f3fd7bdad5c9dd104120230c
Story: 2003909
Task: 27083
Signed-off-by: Angie Wang <angie.wang@windriver.com>
