Recently we fixed the libvirt.sh script
and removed the conditionals cgroup commands
which were introduced for smooth transition
to Jammy and cgroups v2
https://review.opendev.org/c/openstack/openstack-helm-infra/+/929401
But because we didn't have overrides for 2023.1
we used to run 2023.1 with the default libvirt image
openstackhelm/libvirt:latest-ubuntu_focal
which does not work with cgroups v2 on the host
system with this recent fix (see above).
So the 2023.1 Ubuntu Jammy compute-kit test jobs fails.
This PR fixes this job by means of introducing
explicit image overrides for 2023.1.
Change-Id: Ie81f8fb412362388274ea92ad7fa5d3d176c0441
- Use kubeadm configuration to not set taints
on control plain nodes (instead of removing them after
deployment).
- Fix ssh client key permissions.
- Update the Mariadb ingress test job so it is inherinted
from the plain compute-kit test job. And also remote
it from the check pipeline.
Change-Id: I92c73606ed9b9161f39ea1971b3a7db7593982ff
This PS bumps up ingress-nginx controller version
to v1.11.2 in mariadb chart due to CVE
vulnerability.
nginx.tmpl from mariadb chart has been updated to
match the latest 1.11.2 ingress-controller image.
Change-Id: Ie2fd811f8123515f567afde62bbbb290d58dd1b2
- Add 2024.1 overrides to those charts where
there are overrides for previous releases.
- Update some jobs to use 2024.1 overrides.
- Update default images in grafana, postgresql,
nagios, ceph-rgw, ceph-provisioners,
kubernetes-node-problem-detector
- Install tzdata package on K8s nodes. This
is necessary for kubernetes-node-problem-detector
chart which mounts /etc/localtime from hosts.
Change-Id: I343995c422b8d35fa902d22abf8fdd4d0f6f7334
At the moment the recommended way of managing Ceph clusters
is using Rook-Ceph operator. However some of the users
still utilize legacy OSH Ceph* charts. Since Ceph is
a critical part of the infrastructure we suggest a migration
procedure and this PR is to test it.
Change-Id: I837c8707b9fa45ff4350641920649188be1ce8da
- Do not deploy anything in the ceph namespace
- Prepare admin key secret in the openstack namespace.
Get admin key from the Ceph tools pod
- Prepare Ceph client config with the mon_host
taken from the rook-ceph-mon-endpoints configmap
as recommended in the Rook documentation.
Change-Id: Idd4134efab49de032a389283e611c4959a6cbf24
Chromedriver had strict version selection. This commit allows
it to pick the closest patch version to google-chrome-stable
Change-Id: I435985573f69ee4bb0f6009416452649f302c0fe
- Remove openstack-helm-infra-openstack-support* jobs.
Instead of these jobs we run compute-kit, cinder and tls
jobs defined in the openstack-helm repo.
- Remove all experimental jobs since they are outdated and
do not work. We will later add some of the test cases
including apparmor, network policy, tenant Ceph and others.
Change-Id: I8f3379c06b4595ed90de025d32c89de29614057d
Specifically we would like at least the following
deployments to be tested when helm-toolkit is updated
- compute-kit
- cinder
- tls
Change-Id: I3991d6984563813d5a3a776eabd52e2e89933bd8
Also
- Update default Heat image to 2023.2 used for
init and test jobs
- Add overrides for
- yoga-ubuntu_focal
- zed-ubuntu_focal
- zed-ubuntu_jammy
- 2023.1-ubuntu_focal
- 2023.1-ubuntu_jammy
- 2023.2-ubuntu_jammy
Change-Id: I516c655ea1937f9bd1d363ea86d35e05e3d54eed
- Make it less mixed. Each task file
deploys one feature.
- Deploy Metallb
- Deploy Openstack provider network gateway
Change-Id: I41f0353b286f817cb562b3bd59992e4baa473568
- OVN init script must be able to attach an interface
to the provider network bridge and migrate IP from the
interface to the bridge exactly like Neutron OVS agent
init script does it.
- OVN init script sets gateway option to those OVN controller
instances which are running on nodes with l3-agent=enabled
label.
Change-Id: I24345c1f85c1e75af6e804f09d35abf530ddd6b4
This PS switches mariadb to use primary service by
default instead of ingress based deployment. The
primary service that is getting created and
automatically updated based on the leader election
process in start.py entrypoint script.
Mariadb primary service was introduced by this PS:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/905797
Change-Id: I4992276d0902d277a7a81f2730c22635b15794b0
These two jobs openstack-helm-infra-aio-monitoring and
openstack-helm-infra-aio-logging were only needed for
backward compatibility.
Depends-On: I9c3b8cd18178aa57ce44564490ef1b61f275ae29
Change-Id: I09d0e48128a3fd98fa9148b8e520df75d6e5be50
Recently we added a jpg file to OSH documentation
but the lint job didn't run due to the job configuration.
But then for the next PR link job did run and failed
due to trailing whitespace in the jpg file.
Change-Id: I9abf8f93a4566411076190965f282375846dc5db
This PS adds mariadb-server-primary service that is getting created
and automatically updated based on the leader election process in
start.py entrypoint script.
Change-Id: I1d8a8db0ce8102e5e23f7efdeedd139726ffff28
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
When using Rook for managing Ceph clusters we have
to provision a minimal set of assets (keys, endpoints, etc.)
to make Openstack-Helm charts work with these Ceph clusters.
Rook provides CRDs that can be used for managing Ceph assets
like pools/keyrings/buckets etc. but Openstack-Helm can not
utilize these CRDs. To support these CRDs in OSH would
require having lots of conditionals in OSH templates since
we still want OSH to work with OSH ceph-* charts.
Change-Id: If7fe29052640e48c37b653e13a74d95e360a6d16
This PS adds mariadb-cluster chart based on mariadb-operator. Also for
some backward compartibility this PS adds mariadb-backup chart and
prometheus-mysql-exporter chart as a separate ones.
Change-Id: I3f652375cce2e3b45e095e08d2e6f4ae73b8d8f0
When using Rook for managing Ceph we can use
Rook CRDs to create S3 buckets and users.
This PR adds bucket claim template to the
elasticsearch chart. Rook creates a bucket for
a bucket claim and also creates a secret
containing the credentials to get access to this
bucket. So we also add a snippet to expose
these credentials via environment variables to
containers where they are needed.
Change-Id: Ic5cd35a5c64a914af97d2b3cfec21dbe399c0f14
- In case we deploy Ceph on a multi-node env we have
to prepare the loop devices on all nodes. For this
we moved loop devices setup to the deploy-env
Ansible role.
For simplicity we need the same device on all nodes,
so we create a loop device with a big
minor number (/dev/loop100 by default) hoping
that only low minor numbers could be busy.
- For test jobs we don't need to use different devices
for OSD data and metadata. There is no
any benefit from this for the test environment.
So let's keep it simple and put both OSD data and metadata
on the same device.
- On multi-node env Ceph cluster needs cluster members
see each other, so let's use pod network CIDR.
Change-Id: I493b6c31d97ff2fc4992c6bb1994d0c73320cd7b
The motivation is to reduce the code base and get rid
of unnecessary duplications. This PR is moves bandit
tasks from the osh-infra-bandit.yaml playbook
to the osh-bandit role. Then we can use this role for the
same job in OSH.
Change-Id: I9489a8c414e6679186e6c399243a7c0838df812a
This PS mounts extra 80Gb volume if available and mounts it to
/opt/ext_vol. It also alters docker and containerd configs to move their
root folder to that extra volume. This helps zuul gates to succeed when
a node with 40Gb volume is assigned to a zuul gate.
Change-Id: I1c91b13c233bac5ebfe6e3cb16d4288df2c2fe80
This change adds an openstack-support-rook zuul job to test
deploying Ceph using the upstream Rook helm charts found in the
https://charts.rook.io/release repository. Minor changes to the
storage keyring manager job and the mon discovery service in the
ceph-mon chart are also included to allow the ceph-mon chart to be
used to generate auth keys and deploy the mon discovery service
necessary for OpenStack.
Change-Id: Iee4174dc54b6a7aac6520c448a54adb1325cccab
To make it easier to maintain the jobs all experimental
jobs (those which are not run in check and gate pipelines)
are moved to a separate file. They will be revised later
to use the same deploy-env role.
Also many charts use Openstack images for testing this
PR adds 2023.1 Ubuntu Focal overrides for all these charts.
Change-Id: I4a6fb998c7eb1026b3c05ddd69f62531137b6e51
The current zuul jobs definitions still use an older release and
distro version of ubuntu. This change modifies the versions to run
ubuntu focal and the Xena release of openstack.
Change-Id: I653fd9ed42972c7bba5fa94519cd413c0d15b2c9
The kubernetes-keystone-auth check job has not been ran in a long
time and has not been maintained. This change removes it from the
list of jobs defined and jobs ran in the osh-infra project.
Change-Id: If0275524fda92d8fd8baa689521e2e841210ce51