Commit Graph

78 Commits

Author SHA1 Message Date
Zuul
5a11226cb0 Merge "Adjust rabbitmq probes to better reflect its actual state" 2020-07-10 17:18:12 +00:00
Andrii Ostapenko
824f168efc Undo octal-values restriction together with corresponding code
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.

Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.

Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-07 15:42:53 +00:00
DeJaeger, Darren (dd118r)
64cd0faf6a Adjust rabbitmq probes to better reflect its actual state
This PS looks to make a few small tweaks to the rabbitmq probes so
that its health and readiness is more reflective of what is actually
happening inside the container. We were previously seeing instances
of the pod marked as ready before it actually was.

Change-Id: If48ec02d4050f7385e71c2e6fe0fff8f59667af4
2020-06-26 05:10:04 +00:00
Chris Wedgwood
6d032c3971 [rabbitmq] Upgrade to 3.7.26
Staying current.  Many bugfixes.

Change-Id: Ib95c30380d89c336774d5c74e02ce5cbd9efb5d7
2020-06-25 23:32:50 +00:00
Andrii Ostapenko
83e27e600c Enable key-duplicates and octal-values yamllint checks
With corresponding code changes.

Change-Id: I11cde8971b3effbb6eb2b69a7d31ecf12140434e
2020-06-17 13:14:30 -05:00
Andrii Ostapenko
dfb32ccf60 Enable yamllint rules for templates
- braces
- brackets
- colons
- commas
- comments
- comments-indentation
- document-start
- hyphens
- indentation

With corresponding code changes.

Also idempotency fix for lint script.

Change-Id: Ibe5281cbb4ad7970e92f3d1f921abb1efc89dc3b
2020-06-17 13:13:53 -05:00
Andrii Ostapenko
8f24a74bc7 Introduces templates linting
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.

Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.

Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
2020-06-11 23:29:42 -05:00
Zuul
75dfc47176 Merge "Remove retired congress" 2020-06-05 04:29:20 +00:00
Zuul
bcdfed53d0 Merge "Add extra settings for rabbitmq_exporter" 2020-06-03 07:28:51 +00:00
gugug
0d56e729b7 Remove retired congress
Congress has been retired, remove the congress chart

See https://review.opendev.org/721742

Change-Id: I0e12ab3b27beefbcdbcce135a6a53b509a527dfa
2020-05-31 14:01:34 +00:00
Zuul
934d7946be Merge "Enable yamllint checks" 2020-05-29 23:27:32 +00:00
Andrii Ostapenko
731a6b4cfa Enable yamllint checks
- document-end
- document-start
- empty-lines
- hyphens
- indentation
- key-duplicates
- new-line-at-end-of-file
- new-lines
- octal-values

with corresponding code adjustment.

Change-Id: I92d6aa20df82aa0fe198f8ccd535cfcaf613f43a
2020-05-29 19:49:05 +00:00
Andrii Ostapenko
1a8536fd5d Explicitly set number of schedulers for Erlang VM
By default erlang VM determines a number of scheduler threads equal to a
number of CPU cores it detects [0]. Running rabbitmq in container makes
Erlang VM to think it has all host CPU power, making extra scheduler
threads competing for CPU time and, depending on a difference between
a number host CPU cores and container limits, causing CPU throttling even
while idle.

This commit limits a number of schedulers to a value actually available
to container via k8s resource limits (min 1) emulating the default
behavior.

[0] https://www.rabbitmq.com/runtime.html#scheduling

Change-Id: If36f63173de4c8035daf7aac4014c027c579b58f
2020-05-29 14:26:00 -05:00
Dmitry Kalashnik
cf2fe6793e Add extra settings for rabbitmq_exporter
This adds three new variables:
- skip_queues is for ability to skip metrics for some queues
- include_queues is the opposite parameter for presice setup
- rabbit_exporters is for ability to enable/disable exporter modules

Change-Id: Ia81a9921be6c14ec2035009fd164aab4c912f328
2020-05-21 06:21:23 +00:00
DODDA, PRATEEK
d964bff1bf Enable Apparmor to all rabbitmq test pods
Change-Id: I60499c39e1cdd1e0657e7ff9241a835cd0b0a266
2020-05-18 21:33:27 +00:00
Tin Lam
3dd6d0e7a0 chore(images): update to stein bionic images
Some infra charts still have old ocata xenial images as default. This
should bring them up to date with the OSH charts.

Change-Id: If8454b6d0fe52387bf6327501ee4ff87f56e87b8
Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-14 07:21:41 -05:00
Gage Hugo
d14d826b26 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
2020-05-07 02:11:15 +00:00
Dodda, Prateek
da58791418 Enabling Apparmor fo rabbimq Init conatiners
Change-Id: I7b8306288503d066113a2bf410ef4a77a64c553c
2020-05-04 17:10:25 +00:00
Cliff Parsons
72afe093aa Adjust RabbitMQ Exporter Probes
The currently defined RabbitMQ Exporter probes make a call to the
"/metrics" path of the exporter service, which downloads a huge file and
takes a very long time to download. An http probe should be based on a very
simple and short url response from the service. So this changes the
probes to just call the base path "/" of the url and set the timeout to
something reasonable like 5 seconds.

Change-Id: Ie106490b2fb8d61660663f39a992bf4dc1a61222
2020-03-18 16:58:14 +00:00
Tin Lam
6d849acf93 Remove duplicate key
There is a duplicate network_policy: key (one for ingress and one for
egress). This patch set fixes the netpol override yaml so it is correct.

Change-Id: I0df65ce248c010b5cf6e54515cfa10206436fa6c
Signed-off-by: Tin Lam <tin@irrational.io>
2020-03-14 04:26:33 +00:00
Zuul
d3b3ba7c84 Merge "Add Docker default AppArmor profile to rabbitmq exporter chart" 2020-02-20 17:37:52 +00:00
Zuul
832718629f Merge "Add liveness and readiness probes for RabbitMQ exporter" 2020-02-20 15:18:28 +00:00
Prateek Dodda
b84f536ebd Add Docker default AppArmor profile to rabbitmq exporter chart
Change-Id: If1b420f91d1d23cc454a9ca8eff95a88a7e0b414
2020-02-19 12:40:08 -06:00
Prateek Dodda
47df9fa6b4 Add Docker default AppArmor profile to rabbitmq
Change-Id: I177554ff5bd9c5b61f9c5ad3fea9e6519c3b94bf
2020-02-19 01:05:12 +00:00
Evgeny L
749e2be9f5 Add liveness and readiness probes for RabbitMQ exporter
Allow to configure liveness and readiness probes for
RabbitMQ exporter.

Change-Id: I80748276d20f688659c4ea2752c1941f9cfcaac4
2020-02-18 16:33:28 +00:00
Tin Lam
c199addf3c Update apiVersion
This patch set updates and tests the apiVersion for rbac.authorization.k8s.io
from v1beta1 to v1 in preparation for its removal in k8s 1.20.

Change-Id: I4e68db1f75ff72eee55ecec93bd59c68c179c627
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-09 08:59:48 +00:00
Tin Lam
ac18e6acf9 Fix feature gate envvar overriding
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.

Change-Id: I9d3d630b53a2f3d828866229a5072bb04440ae15
Signed-off-by: Tin Lam <tin@irrational.io>
2019-12-07 12:22:16 -06:00
Oleh Hryhorov
9492a8cde0 Fixing typo in exporter-deployment.yaml PUBLISH_PORT
The patch fixes typo in PUBLISH_PORT and adds quotes for
PUBLISH_PORT because of the fact that it is string values
otherwise it leads to the error below:

error updating the release: rpc error: code = Unknown desc = release
rabbitmq failed: Deployment in version "v1" cannot be handled as
a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec:
v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value:
ReadString: expects " or n, but found 9, error found in #10 byte of ...|,"value":9095},{"nam|...,
bigger context ...|value":"no_sort"},{"name":"PUBLISH_PORT","value":9095},{"name":"LOG_LEVEL","value":"info"},{"name":"|...

Change-Id: I027c91ee48df8eb5b4b2bf3fd28036b8eca47238
2019-11-28 17:26:27 +02:00
Tin Lam
3121fc24c5 Update egress HTK method
This patch set places logic to generate kubernetes egress network policy
rule based on the dependencies specified in values.yaml. This also sets
up the necessary default network policy for the OSH gate.

Change-Id: I1ac649cc9debb5d1f4ea0a32f506dcda4d8b8536
Signed-off-by: Tin Lam <tin@irrational.io>
2019-11-21 20:05:34 +00:00
Steven Fitzpatrick
ca6ad711a4 RabbitMQ Exporter: Replace Direct Values w/ HTK
This change replaces direct references to the exporter port
in values.yaml with calls to helm-toolkit lookup functions.

The referenced port number under the network key is removed,
as the helm-toolkit function will return the port number under
the endpoints key.

Change-Id: Ib6f533c49af5a88fca377920d28d5468d7387892
2019-11-21 12:52:55 +00:00
Zuul
84596d5eba Merge "Add RabbitMQ ingress Network Policy rules" 2019-11-17 07:18:12 +00:00
Tin Lam
b4a422a798 Clean up python script
Trivial change. This patch set cleans up a python script.

- Move the comment to a helm-template comment so the python comments do
not get rendered by helm.
- Remove an unused python module.

Change-Id: Id287ddae8904d2cfa88725277bb97cf027a942c3
Signed-off-by: Tin Lam <tin@irrational.io>
2019-11-11 22:45:38 +00:00
Evgeny L
762dc76b5c Add RabbitMQ ingress Network Policy rules
The patch adds Network Policy ingress rules for RabbitMQ
and Prometheus RabbitMQ exporter.

It also fixes name generation for network policies,
to make sure they do not contain a prohibited '_' symbol,
which may appear in some label names.

Change-Id: I9821983b61d90e73e62c5ac669eefeb4ba9999d2
2019-11-04 18:22:16 +00:00
Steve Wilkerson
b50fae62a4 Update kubernetes-entrypoint image reference
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained

Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-10-18 18:20:11 +00:00
Gage Hugo
f0779e2825 Add network policy value overrides
This change adds network policy overrides for multiple infra
services for the openstack-helm network policy gate.

Change-Id: If051ec1749cb9ed1e289f0cf82a8876371e36531
2019-09-24 13:48:10 +00:00
Gage Hugo
ab3ab66bcb Add open egress rules to multiple infra charts
This change adds egress rules to the following charts:
- ingress
- memcache
- libvirt
- rabbitmq

These rules will be tightend down in future changes

Change-Id: I6f297d50ca4c06234c7c79986a12cccf3beb5efb
2019-09-12 13:07:19 -05:00
Pete Birley
c5428a9429 RabbitMQ: Add liveness probe to check ampq port open
This PS adds a check that the ampq port is open.

Change-Id: I79c298f50c67f4b7293e6767fc9c10a66aa7dcf8
Signed-off-by: Pete Birley <pete@port.direct>
2019-08-28 13:22:22 -05:00
sg774j
87afa2fb8c Rabbitmq: Correct reset_rabbit function
Made correction to this function to not attempt to delete
/var/lib/rabbitmq/

Change-Id: Ied16be1ec83d528f2660ef96389c3f236983aa79
2019-08-15 18:22:01 +00:00
BARTRA, RICK
f5df62d836 Run rabbitmq container with rabbitmq user
This change makes rabbitmq container run with the rabbitmq user
instead of the root user. As the rabbitmq user doesn't have write
access to '/run' directory, the templates are updated to use the
'/tmp' directory instead which the rabbitmq user has write access
to.

Change-Id: Ia35c3f741fefe3172c93bb042bf8d26bf7672cfc
2019-08-14 17:48:40 +00:00
Pete Birley
eef8ea131a RabbitMQ: Dont remove definitions.json and erlang cookie when resetting
This PS udpated the reset node function to leave the assets generated
via init containers in place when resetting the node.

Change-Id: Iac52ca82e95bb372dbcbca0eeea3b262215e9c12
Signed-off-by: Pete Birley <pete@port.direct>
2019-08-02 02:05:00 +00:00
Pete Birley
af270934d4 Rabbit: Eradicate potential crashes in wait job while upgrading cluster
When upgrading/reconfiguring a rabbit cluster its possible that the nodes
will not return the cluster status for some time, this ps allows us to
cope with this much more gracefully than simply crashing a few times, before
proceeding.

Change-Id: Ibf525df9e3a9362282f70e5dbb136430734181fd
Signed-off-by: Pete Birley <pete@port.direct>
2019-07-18 23:07:32 +00:00
Pete Birley
af17153627 RabbitMQ: prune any extra nodes from cluster if scaling down
This PS updates the cluster wait job to prune any extra nodes from
the cluster if scaling down.

Change-Id: I58d22121a07cd99448add62502582a6873776622
Signed-off-by: Pete Birley <pete@port.direct>
2019-07-18 17:21:37 +00:00
Pete Birley
9b5b901104 Rabbit: Ensure node has joined cluster on initial startup
This PS extends the rabbit startup locgic to ensure nodes have
actually joined the cluster on startup.

Change-Id: Ib876d9abd89209d0a7972983bdf4daacf5f8f582
Signed-off-by: Pete Birley <pete@port.direct>
2019-07-05 13:11:18 +00:00
Jean-Philippe Evrard
8ee35e896f Adapt rabbitmq test for py2 and py3 support
This works well for python2, but things will become
messy when py3 will be the default.

This, at the same time, ensures the KeyErrors are
properly logged, with a way to debug them.

Change-Id: If5d8007bece9ccbff481187e757968e7d1b6f651
2019-06-19 03:19:08 +00:00
Pete Birley
0925f50e2a RabbitMQ: Allow clients to directly connect to servers
This PS updates the rabbitmq chart, to allow clients to connect directly
to backend servers, and also introduces a htk function to produce
the appropriate transport_url used by oslo.messaging to take advantage
of this functionaility.

Change-Id: I5150a64bd29fa062e30496c1f2127de138322863
Signed-off-by: Pete Birley <pete@port.direct>
2019-06-18 15:10:26 +00:00
Zuul
b2f47aabb1 Merge "rabbitmq: set hostPath for rabbitmq-data" 2019-06-18 14:46:15 +00:00
Zuul
8957db85db Merge "Rabbitmq: Add pod/container security context" 2019-06-15 00:03:48 +00:00
RAHUL KHIYANI
7f47169f80 Rabbitmq: Add pod/container security context
This updates the rabbitmq chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem to true

Change-Id: I68aa4b49bf6301e1b1004a526151fa0ab4b197b4
2019-06-10 18:50:59 +00:00
Jaesang Lee
9ddc98746c rabbitmq: set hostPath for rabbitmq-data
In an Edge environment without a distributed storage environment, it
should be able to store rabbitmq data in the local path as well.

This patch added an option to use it in a more diverse environment.

Change-Id: Ia3c0dfaa58c237e424197f1406bd66fb991bea18
Story: 2005753
Task: 33455
2019-05-23 01:04:54 +00:00
Jean-Philippe Evrard
5f5e988fb3 Point to OSH-images images
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.

Without this, the osh-images build process is completely not
in use (and completely opaque to deployers), and updating the
osh-images process or patching its code has no impact on OSH.

This should fix it.

Change-Id: Ic00bd98c151669dc2485cd88e0e8c2ab05445959
2019-05-17 08:17:32 +00:00