It may be required to use some dynamic options such as IP address
from interface where to bind service. This patch adds ability to
use dynamic logic in option detection and fill it in the configuration
file later.
Co-Authored-By: dbiletskiy <dbiletskiy@mirantis.com>
Change-Id: I8cc7da4935c11c50165a75b466d41f7d0da3e77c
The helm-toolkit.utils.daemonset_overrides function have some limitations:
* it allows to override only conf values specifid in configmap-etc
* it doesn't allow to override values for daemonsets passed via env variables
or via damoenset definition. As result it is impossible to have mixed
deployment when one compute is configured with dpdk while other not.
* it is impossible to override interface names/other information stored in
<service>-bin configmap
* It allows to schedule on both hosts and labels, which adds some
uncertainty
This implementation is intended to handle those limitations:
* it allows to schedule only based on labels
* it creates <service>-bin per daemonset override
* it allows to override values when rendering daemonsets
It picks data from the following structure:
.Values:
overrides:
mychart_mydaemonset:
labels:
label::value:
values:
override_root_option: override_root_value
conf:
ovs_dpdk:
enabled: true
neutron:
DEFAULT:
foo: bar
Change-Id: I5ff0f5deb34c74ca95c141f2402f375f6d926533
This patch removes trailing slash in endpoint address
in case the path is empty.
Co-Authored-By: Vasyl Saienko vsaienko@mirantis.com
Change-Id: I11ace7d434b7c43f519d7ec6ac847ef94916202f
For memcache we should set specify all hosts directly in the config
as client do key spreading based on what hosts are alive, when LB
address is used memcached can't work effectively.
This patch updates endpoint_host_lookup to handle this scenario
Change-Id: I8c70f8e9e82bf18d04499a132ef9a016d02cea31
Openstack policies can be applied without service restart
keep all policies in single configmap to have ability to
do not restart services on policy changes.
This patch adds a snippet of configmap that will later be used
in other helm charts.
Change-Id: I41d06df2fedb7f6cf0274c886dc9b94134507aca
Add init-modules libvirt container which allows to initialize
libvirt modules during start. The script is provided via
.Values.init_modules.script data structure
Change-Id: I9d5c48448b23b6b6cc18d273c9187a0a79db4af9
The tests is useless as libvirt is not running in the pod
cgroup so pod settings are not applied to it.
Change-Id: Ice3957c800e29a0885a341103c453c4d6c921fd3
The list of default kernel cgroup controllers may be changed
an example is kernel upgrade from 5.4.x to 5.15.x where misc controller
is enabled by default. Unhardcode list of controllers to have ability
to override them for never kernel version and allow to do not kill
qemu processes with container restart.
Change-Id: Ic4f895096a3ad2228c31f19ba1190e44f562f2a0
Deploy exporter as a sidecar to provide correct mysql metrics.
Co-Authored-By: Oleh Hryhorov <ohryhorov@mirantis.com>
Change-Id: I25cfeaf7f95f772d2b3c07a6a91220d0154b4eea
Switch to namespaced based endpoints to remove requirement
configure kubernetes internal cluster domain name which can't
be get from kubernetes API.
Change-Id: I8808153a83e3cec588765797d66d728bb6133a5c
Use the following structure in values to define addtional service
parameters:
Values: network:
memcached:
service:
type: loadBalancer
loadBalancerIP: 1.1.1.1
Change-Id: I94c87e530d90f603949ccacbf0602273feec741a
This patch adds mairadb controller that is responsible to mark one
ready pod as mariadb_role: primary to forward all traffic to it.
This will allow to drop nginx ingress controller which adds extra
hops between client and server and uses heavy customized nginx templates.
Change-Id: I3b29bc2029bfd39754516e73a09e4e14c52ccc99
Allows to add custom parameters to services, and ingress services
from values as is.
Co-Authored-By: Mykyta Karpin <mkarpin@mirantis.com>
Change-Id: I42b8d07126de2cf12ddc3a934d1fd4e3a2ee0051
etcd database need to be periodically compacted and defrag
This patch adds jobs to perform required maintenance actions
automatically.
Co-Authored-By: Oleh Hryhorov <ohryhorov@mirantis.com>
Change-Id: I31b48bb198f7322c343c7d0171322759893e374f
* Switch etcd to statefulset
* Allow to use persistant volumes to store etcd data
* Allow to deploy in clustered mode
Change-Id: I2baf5bdd05c280067991bb8b7f00c887ffd95c20
The patch switches rabbitmq to use short node names, this will
allow to do not care about internal domain name as it is can't
be get from k8s API.
Change-Id: I6d80bc4db4e497f7485fb5416818e0b61f821741
Related-Prod: PRODX-3456
Guest account is enabled by default and has access to all
vhosts. Allow to change guest password during rabbitmq
configuration.
Change-Id: If23ab8d5587b13e628bce5bcb135a367324dca80
Prepare rabbitmq to be running in non clustered mode, in which
it may be useful to bootstrap cluster with fresh data each time
since we do not use durable queues in openstack that are stored
on filesystem.
The two new data strucutre in rabbitmq Values are added:
users:
auth:
keystone_service:
username: keystone
password: password
path: /keystone
aux_conf:
policies:
- vhost: "keystone"
name: "ha_ttl_keystone"
definition:
ha-mode: "all"
ha-sync-mode: "automatic"
message-ttl: 70000
priority: 0
apply-to: all
pattern: '^(?!amq\.).*'
Change-Id: Ia0dd1a8afe7b6e894bcbeafedf75131de0023df0
Pick up UID from .Values.pod.security_context.server.pod.runAsUser as this is
user that we are using to run service.
Change-Id: Id4c53b0a882b027e320b08ed766cb473ab9ab535
Use lightweigh rabbitmqctl ping command to check readiness and liveness probe.
check_port_connectivity - is not suatable for liveness as it does not check
that instance of rabbitmq is actually running and we can authenticate.
Change-Id: I6f157e9aef3450dba1ad7e0cb19491a41f700bbc
Resolve that access fails when the Rabbitmq password contains special characters by the changes below.
6c5cc2fdf0
story: 2011222
task: 50999
Change-Id: I0cfc6e2228bc4b1327efb7da293849d6d1bbff19
The Ceph defragosds cronjob script used to
connect to OSD pods not explicitly specifying
the ceph-osd-default container and eventually
tried to run the defrag script in the log-runner
container where the defrag script is mounted with
0644 permissions and shell fails to run it.
Change-Id: I4ffc6653070dbbc6f0766b278acf0ebe2b4ae1e1
- Use kubeadm configuration to not set taints
on control plain nodes (instead of removing them after
deployment).
- Fix ssh client key permissions.
- Update the Mariadb ingress test job so it is inherinted
from the plain compute-kit test job. And also remote
it from the check pipeline.
Change-Id: I92c73606ed9b9161f39ea1971b3a7db7593982ff
+ run tests in a read-only file system
+ change google-chrome data directory from ~/.config/google-chrome
(which is immutable) to /tmp/google-chrome (writable), otherwise
Chrome fails to launch
+ activate new headless mode as the old one will be soon removed
https://developer.chrome.com/docs/chromium/new-headless
Change-Id: I7d183b3f3d2fdc3086a5db5fa62473f777b9eb7a
This PS bumps up ingress-nginx controller version
to v1.11.2 in mariadb chart due to CVE
vulnerability.
nginx.tmpl from mariadb chart has been updated to
match the latest 1.11.2 ingress-controller image.
Change-Id: Ie2fd811f8123515f567afde62bbbb290d58dd1b2
- Re-add the retry logic back to the index creation script.
- Fixed small regex bug.
- Also added function to lookup the id of a view, because the new
views API requires an id to set the default view.
- Set noglob to make sure the asterisks in the view names aren't
expanded.
Change-Id: Idfd56f09a739731f2ce3153b8fc284bb499a91d4
The legacy RBD provisioner and the CephFS provisioner haven't been
used in some time. This change removes them.
Change-Id: I313774627fcbaed34445ebe803adf4861a0f3db5
- Add 2024.1 overrides to those charts where
there are overrides for previous releases.
- Update some jobs to use 2024.1 overrides.
- Update default images in grafana, postgresql,
nagios, ceph-rgw, ceph-provisioners,
kubernetes-node-problem-detector
- Install tzdata package on K8s nodes. This
is necessary for kubernetes-node-problem-detector
chart which mounts /etc/localtime from hosts.
Change-Id: I343995c422b8d35fa902d22abf8fdd4d0f6f7334
When generating keys and sharing them between nodes
in a multinode env it is important that task which
generates keys is finished before trying to use these
keys on another node.
The PR splits the Ansible block into two blocks and
makes sure the playbook deploy-env is run with the linear
strategy. Thus we can be sure that keys are first generated
on all affected nodes and only then are used to setup
tunnels and passwordless ssh.
Change-Id: I9985855d7909aa5365876a24e2a806ab6be1dd7c
