As new ceph clients expecting the ceph_mon config as shown below , this
ps will update the configmap.
mon_host = [v1:172.29.1.139:6789/0,v2:172.29.1.139:3300/0],
[v1:172.29.1.140:6789/0,v2:172.29.1.140:3300/0],
[v1:172.29.1.145:6789/0,v2:172.29.1.145:3300/0]
Change-Id: I6b96bf5bd4fb29bf1e004fc2ce8514979da706ed
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
1) Added to service account name insted of traditional pod name
to resolve for dynamic release names.
Change-Id: Ibf4c69415e69a7baca2e3b96bcb23851e68d07d8
1) Added to service account name insted of traditional pod name.
Change-Id: I1c7ba9081ccf396b037861b496110251f2248fd2
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
1) Changed the pod name and container name to pick name dynamically for
osd,mon,mgr and mds.
2) Added Init container for ceph-provisioners.
Change-Id: I3e27d51c055010cff982ddb0951d01ea8adac234
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Reverting this ps since we tried to solve the problem here for
the old clients prior to nautilus but nautilus clients thinks
its v2 port and try to communicate with server and getting some
warnings as shown below:
lets make v2 port as default and ovverride mon_host config for
old clients prior to nautilus as we did in this ps
(https://review.opendev.org/#/c/711648/).
better solution will be moving out of old ceph clients by changing
the images wherever old ceph clients are installed.
log:
+ ceph auth get-or-create client.cinder mon 'profile rbd' osd
'profile rbd' -o /tmp/tmp.k9PBzKOyCq.keyring
2020-06-19 15:56:13.100 7febee088700 -1 --2-
172.29.0.139:0/2835096817 >> v2:172.29.0.141:6790/0 conn(0x7febe816b4d0
0x7febe816b990 unknown :-1 s=BANNER_CONNECTING pgs=0 cs=0 l=0
rx=0 tx=0)._handle_peer_banner peer v2:172.29.0.141:6790/0 is using msgr V1 protocol
This reverts commit acde91c87d5e233d1180544df919cb6603e306a9.
Change-Id: I08ef968b3e80c80b973ae4ec1f80ba1618f0e0a5
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
The PS adds kubernetes tolerations for deployments from ceph-client,
ceph-mon, ceph-provisioners and ceph-rgw charts.
Change-Id: If96f5f2058fca6e145e537e95af39089f441ccbb
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
Cephfs tests were disabled in order to merge
https://review.opendev.org/695568 due to gate failures that were
blocking it. CephFS isn't used in openstack-helm-infra, so it
wasn't required for that work. This change re-enables the cephfs
tests so we can work through any issues that are causing further
failures.
Since the the issue got fixed in 14.2.8 , upgrading all daemons to 14.2.8.
(https://tracker.ceph.com/issues/43770)
Change-Id: I376d39b7ee00ccb1ab8046b58f92b19a822272e1
This is to redirect all the logs from daemons to stdout to avoid
accumulating large sized log files on filesystem.
NOTE: The ceph-osd daemon won't work this way and is addressed
separately in https://review.opendev.org/715295. All other Ceph
daemons are included here.
Change-Id: I3045d6e941791aba14979472fac1bca09776d3bf
This is to update all ceph daemons startup scripts as per msgr2 protocol and
also to update v2 port for mon_host config.
This also removes setting mon_addr config since we already have mon_host config.
v1 default port: 6789
V2 default port: 3300
Change-Id: I3d95edbd89f5ac8b40a34f41c1099311cee4f875
This is to upgrade ceph version from 14.2.5 from 14.2.7 and also
to update ceph provisioners to use latest code from quay.io
- rbd-provisioner: quay.io/external_storage/rbd-provisioner:v2.1.1-k8s1.11
- cephfs-provisioner: quay.io/external_storage/cephfs-provisioner:v2.1.0-k8s1.11
This also updates verbs for proivioner's clusterrole to support new code.
Change-Id: Ia94129574610bb5c800a6941804e58ca3aefce65
This patch set updates and tests the apiVersion for rbac.authorization.k8s.io
from v1beta1 to v1 in preparation for its removal in k8s 1.20.
Change-Id: I4e68db1f75ff72eee55ecec93bd59c68c179c627
Signed-off-by: Tin Lam <tin@irrational.io>
This change updates the Ceph charts to use Ceph Nautilus images
built on Ubuntu Bionic instead of Xenial. The mirror that hosts
Ceph packages only provides Nautilus packages for Bionic at
present, so this is necessary for Nautilus deployment.
There are also several configuration and scripting changes
included to provide compatibility with Ceph Nautilus. Most of
these simply allow existing logic to execute for Nautilus
deployments, but some logical changes are required to support
Nautilus as well.
NOTE: The cephfs test has been disabled because it was failing
the gate. This test has passed in multiple dev environments, and
since cephfs isn't used by any openstack-helm-infra components we
don't want this to block getting this change merged. The gate
issue will be investigated and addressed in a subsequent patch
set.
Change-Id: Id2d9d7b35d4dc66e93a0aacc9ea514e85ae13467
This updates charts that consume images built from osh-images to
use tags other than the :latest tags. This will be followed up
with the definition of jobs to allow for vetting out of updated
images, as reliance on :latest tags assumes any change merged into
osh-images will result in functionally correct behavior (which has
shown to not be the case traditionally)
Change-Id: I181aa56ed187604dc7583d8081e53cc69eb27310
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
The PS updates helm tests for Ceph-RGW and Ceph-provisioners:
- Checking several randomly generated objects instead of one static object.
- Improved the output of the tests.
Change-Id: I0733d7c47a2a8bdf30b0d6a97c1a0331eb5030c8
This mvoes the default timeout for the ceph provisioners helm test
pod to 600 seconds, as 120 seconds is fairly aggressive. This
also adds the required --timeout flag to the helm test command in
each job for the ceph provisioners, as well as adding the required
helm test configuration to the armada-lma manifest
Change-Id: I5a3b98de9132fe83cf09b1e5b3fcc513bd496650
Signed-off-by: Steve Wilkerson <sw5822@att.com>
for upgrade strategy for ceph components
This PS uses HelmToolKit function to add
upgrade strategy parameters to ceph Components
Change-Id: I54e71d2a52bd639b3e93fc899c1bf2cd075b5396
- Adding helm tests for Ceph provisioner chart
- Helm test should only executed when deploying chart with
client_secrets: true.
Co-Authored-By: Chinasubbareddy Mallavarapu <cr3938@att.com>
Change-Id: I33421249246dfaf6ea4f835e76a74813dfb3b595
This is to update correct user id in security context for
cephfs provisoner pod as there is no user with 99 exist
in the container.
Change-Id: I1bbe46df555b35b8afe636327fa83015fd784db0
This is to remove invalid key "userSecretName" for
cephfs storageclass as we are having toruble to provision
a pvc with cephfs storageclass with "userSecretName" key .
Failed to provision volume with StorageClass
"cephfs": invalid option "userSecretName"
Change-Id: Ide52987c9f8ef8fc2327bf30747395e70dc05f99
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.
Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
This PS updates the ceph charts to make /etc/ceph an emptydir
uniformly across all charts, both ensuring no default config is loaded,
and also permitting read-only filesystems to back the containers.
Additionally /run is uniformly applied across all long running pods
as a memory backed emptydir.
Change-Id: I00d1b15758b7eb4476fb950ddcb38db9a5149ad0
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
This updates the ceph-provisioners chart to include the pod
security context on the pod template
This also adds the container security context to set allowPrivilegeEscalation
to false and readOnlyRootFilesystem to true
Change-Id: Iee49ffe17f2cd08fc978461269b654d3b2cb4406
This addresses slight issues with the ceph-osd, ceph-provisioners,
and ceph-rgw charts. Those issues include:
- Remove duplicate test: key in ceph-osd dependencies
- Add missing image repo sync job to ceph-provisioner and rgw
- Use correct job name for image repo sync dependencies in charts
- Remove incorrect keystone service dependency for ceph-rgw, as
the keystone jobs are dependent on the keystone service
This also updates the ceph-rgw chart to use dynamic dependencies
based on whether keystone auth or s3 auth is used
Change-Id: Id3b3f289bdd4ca4d1b2e9b6267b12427e422a08d
