403 Commits

Author SHA1 Message Date
Luna Das
e606cf9754 Add init container to load apparmor profile for libvirt
Change-Id: Ie94e57725fefc8ef5584af9c1a66231c6bc2b91b
2019-03-15 14:11:54 +00:00
Tin Lam
d9af8205c0 Add init container to load apparmor profile
This patch place in a sample for an init container, generated by
helm toolkit, to load an apparmor profile included in the chart.

Change-Id: I309e3b550fd1d683745c319aa39bcfb96b77ea14
Signed-off-by: Tin Lam <tin@irrational.io>
2019-03-15 19:38:26 +05:30
Steve Wilkerson
588acdbf8c Elastic Curator: Add basic action overrides for deployment jobs
This adds configuration overrides for a very basic Curator action
that should effectively be a no-op. This is to address periodic
failures seen in the osh-infra-aio-logging job that appear when
the run times coincide with Elastic Curator's cron schedule (every
six hours). This ensures curator actions are defined in cases
where this occurs

Change-Id: Ia2255ada2f32f21888bd4ca96df88496720fd0a5
2019-03-15 13:20:55 +00:00
Pete Birley
d6a0e0b85c Gate: Permit ceph deployment from outside the cluster
This PS extends the gate scripts to allow ceph to be deployed from
a workstation external to the k8s cluster.

Change-Id: I09b9a11747bab32c19637d8dd076b8caa3b89445
Signed-off-by: Pete Birley <pete@port.direct>
2019-03-15 13:20:19 +00:00
Pete Birley
70ff2f3042 Gate: Minor shellcheck fixes
This PS makes some minor changes to the minikube k8s script to
make shellcheck happy

Change-Id: Ic5972d7de20b73aee0b019143ba778d6f1ff9271
Signed-off-by: Pete Birley <pete@port.direct>
2019-03-15 13:20:11 +00:00
Steve Wilkerson
3a1ad65d2d Use Luminous ceph repository temporarily
This uses the ceph luminous repository temporarily until the
issues seen recently with the mimic repository are sorted out and
addressed

Change-Id: Ic079fd2b3e948f37b9362bb221af45605230b19a
2019-03-13 15:12:46 -05:00
Pete Birley
a8fe949612 Mariadb: Support changing the root password
This PS udpates the mariadb chart to support changing the root password.

Additionally it moves to use three replicas in the gate

Change-Id: I286ad0b892e5ea2f85636a0c7af58598bcfdaec4
Signed-off-by: Pete Birley <pete@port.direct>
2019-03-12 20:03:27 +00:00
Steve Wilkerson
544805f99c Pin Docker version to 18.06.1
This pins the version of docker installed to a validated version
of docker for kubernetes 1.12.2.

Change-Id: If543dc4b84a6ea1224d4a8bb3af71cc9c20f28e4
2019-03-12 12:49:22 -05:00
Roman Gorshunov
31e3469d28 Update Helm to version 2.13.0
This updates Helm from version v2.12.3 to v2.13.0.
The `merge` function has changed behavior, and is now called
`mergeOverwrite`.

Change-Id: Ie3364256c8abb714b748b3bf3658bd6cd1e3ce35
2019-03-11 05:53:08 +00:00
Zuul
d6996b8004 Merge "Add ingress network policy to kube-state-metrics and openstack-exporter" 2019-03-10 21:13:55 +00:00
Zuul
90ad57dc4a Merge "Add ingress network policy to grafana" 2019-03-10 10:41:46 +00:00
Zuul
c205f6cba7 Merge "Add podsecuritypolicy test" 2019-03-07 22:33:20 +00:00
Meg Heisler
2d36d5f7ce Add ingress network policy to kube-state-metrics and openstack-exporter
This adds ingress network policies to kube-state-metrics and
openstack-exporter using the helm-toolikit template. It also
add openstack-exporter to the network policy jobs.

Change-Id: I3bfc2f1e8a35c09e577a046ebd52346de95e5745
2019-03-07 14:12:14 -06:00
MegHeisler
68a8725062 Add ingress network policy to grafana
This adds an ingress network policy to grafana
using the helm-toolit template

Change-Id: I21f096947817be11881546c91ac5f8b1b0ba77fa
2019-03-07 11:26:15 -06:00
Zuul
e836707ad0 Merge "Add east-west ingress network policy to Prometheus" 2019-03-07 04:44:10 +00:00
Zuul
6f6783bf23 Merge "Add ingress network policy for Nagios" 2019-03-07 04:36:14 +00:00
Meg Heisler
736af38c9c Add ingress network policy for Nagios
This adds the ingress network policy to Nagios
using the helm-toolkit template

Change-Id: If6cc66330b24c3f79f9b5c29a94ea904d1eb37d4
2019-03-06 12:42:29 -06:00
Meg Heisler
243f6c7608 Add east-west ingress network policy to Prometheus
This adds an ingress policy to Prometheus and utilizes
the helm-toolkit used in openstack-helm

Change-Id: Ia89d42a5305c94da26337aaf716978c1defae503
2019-03-06 11:56:13 -06:00
Zuul
07c005909b Merge "ceph-rgw: Add network policy for ceph-rgw pods" 2019-03-06 15:21:22 +00:00
Zuul
8fb2c7f07c Merge "Fix wrong command for validation check" 2019-03-06 04:03:32 +00:00
Chinasubbareddy M
babe91b75e ceph-rgw: Add network policy for ceph-rgw pods
This is to add ingress network policy for ceph-rgw pods

Change-Id: I32a5d3d9a05b920bc69d5b5bb5a2d27cf6f55542
2019-03-06 03:08:34 +00:00
Matt McEuen
84333745e2 Add podsecuritypolicy test
This adds a test for the podsecuritypolicy chart, as well as a script
to reconfigure minikube with PodSecurityPolity enabled when appropriate.

This change doesn't add the PSP chart to the existing tests, because
the psp chart will have secure defaults in the future, which may
interfere with other charts by default; and it doesn't enable the
admission controller broadly, because turning the AC on without
providing a podsecuritypolicy will break k8s functionality.

Change-Id: I9fd14bb118189cd4ead177b79e39aadbc2096b4a
2019-02-28 16:40:24 -06:00
Zuul
6ea80fa151 Merge "Create Helm test for redis chart" 2019-02-26 15:57:43 +00:00
John Haan
ff5ce99911 Fix wrong command for validation check
We need to change from osh-infra to openstack
because ceph-openstack-config release runs in openstack namespace.

Change-Id: I28b57abf02d2437569c7c7c8d75ec8ba19d84311
2019-02-21 10:08:01 +09:00
John Haan
b7a96ca8c9 Fix for absent link packages in ceph deployment shell
There is no "make {package}" line in 030-ceph.sh file.
It causes a failure to execute the shell script.

Change-Id: If787abd7711a02313b6a2acae8a888b5609f27df
2019-02-19 02:27:21 +09:00
Zuul
4a00d79bee Merge "Add radosgateway to openstack support job" 2019-02-16 14:08:40 +00:00
Zuul
d968613da3 Merge "Revert "Update kubeadm kubernetes version to 1.12.2"" 2019-02-16 07:44:39 +00:00
Zuul
4caf6220fc Merge "Update network policy test executed in osh-infra job" 2019-02-16 02:46:47 +00:00
Zuul
164e9125c2 Merge "RabbitMQ: Improve robustness of readyness checks" 2019-02-16 02:37:39 +00:00
Steve Wilkerson
75b9802c4e Add radosgateway to openstack support job
This adds the required services to the openstack-support job to
deploy ceph radosgateway with keystone auth enabled. This expands
coverage for radosgateway helm tests in the openstack-helm-infra
repository

Change-Id: I3a5505ad3d3400563694ef063b4e6777ba34c414
2019-02-16 01:38:34 +00:00
Zuul
0d4970087e Merge "Grafana: Add job to update admin password" 2019-02-16 01:10:44 +00:00
Pete Birley
69cf377fd6 RabbitMQ: Improve robustness of readyness checks
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.

Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-15 18:17:55 -06:00
Steve Wilkerson
be5ac2d4cc Revert "Update kubeadm kubernetes version to 1.12.2"
This reverts commit 8e8193f9e1631ffd34de32336b041ee9c58a0973.

Change-Id: I69c4d8716389d17dc806bd56f6afc14233f003af
2019-02-15 19:19:30 +00:00
Steve Wilkerson
8e8193f9e1 Update kubeadm kubernetes version to 1.12.2
This updates the kubernetes version used when deploying via
kubeadm to v1.12.2, which matches what is deployed via minikube
for the single node jobs

This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely

Change-Id: I26573de35529ce44e91e6d4d4530f608b8cee476
2019-02-15 10:42:57 -06:00
Steve Wilkerson
a03d047e07 Update network policy test executed in osh-infra job
This updates the network policy test that gets executed at the
conclusion of the network-policy job. As long as nsenter is used,
we need to account for situations where nsenter executing wget
fails due to invalid credentials. Since this validates the policy
successfully allows ingress traffic while still exiting with an
error code (6 for invalid credentials vs 4 for connection
timeouts), we should consider those scenarios successes.

This also updates the flags used for wget. Instead of using spider
mode, this enables flags for: recursive mode, not creating
directories, and deleting results after execution. This allows for
the testing of exporter endpoint paths explicitly.

Change-Id: I2d51e8ed5a153c2a6796e0df9b3fe5f710a947f9
2019-02-15 09:28:00 -06:00
Nikos Mimigiannis
7afe5189a0 Create Helm test for redis chart
Task: 21711
Story: 2002201

This patch creates Helm test for redis chart

Change-Id: Ifac407b5544484f2626ba7ffdbd2e96fca6e51ef
Signed-off-by: Nikos Mimigiannis <nmimi@intracom-telecom.com>
2019-02-15 07:55:07 -05:00
Steve Wilkerson
65ce9c73d7 Grafana: Add job to update admin password
This change adds a job to the Grafana chart that  allows for the
changing of the grafana admin user password if required, as
Grafana only allows the changing of this password via the
grafana-admin CLI or via an http call that requires both the old
and new password

Change-Id: I59a5d26edc4aa4da16e80c5454ecdebbae3a1d15
2019-02-12 09:59:45 -06:00
Steve Wilkerson
ef3adc4d0e Execute helm tests in osh-infra single node jobs
This executes the helm tests for the single node jobs in
openstack-helm-infra for rabbitmq, elasticsearch, fluent-logging,
prometheus, and grafana.

Change-Id: I0109cfbe6adeb9e24d513c8313d964323634b8da
2019-02-11 14:16:06 +00:00
Steve Wilkerson
cf0ed142f6 Ceph-RGW: Support rotation of s3 key pairs
This updates the helm-toolkit script for creating rgw s3 users
to first check if a user exists, then create the user if it does
not exist or modify the user's keys if it does exist. This is
accomplished by using jq to identify all existing access keys for
the specified user, removing those key pairs using the access key,
then modifies the existing user with the supplied access/secret
key pair for the given user

This also updates the ceph-rgw chart to use the helm-toolkit s3
user script for creating the admin s3 user instead of using a
similar script defined directly in the ceph-rgw chart

Change-Id: I575b66415d44db7bb752102e45595305d86e623b
2019-02-07 10:33:49 -06:00
Pete Birley
87de515727 Ceph-OSD: Restore bootstrap job
At some point the bootrap job was partially removed from the ceph
osd chart, this PS resores it.

Change-Id: I2f51deda64b299fe980e1f191b860bfe173e6aca
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-05 21:54:06 -06:00
Steve Wilkerson
cb021c2124 Add Armada job for testing update of chart passwords
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate new
passphrases for the LMA components, render an updated manifest for
the LMA components including the new passphrases, then applies the
updated LMA manifest to validate the ability for all deployed
charts to update those passphrases successfully

Change-Id: I966ebeadd3823a087239aa7d198444a084e5d242
2019-02-04 22:44:52 +00:00
Zuul
ada418f756 Merge "Add Armada job for testing update of release uuids" 2019-02-04 22:42:25 +00:00
Zuul
2aceca1e29 Merge "[CEPH] Extend RadosGW S3 configuration support" 2019-02-04 22:27:13 +00:00
Steve Wilkerson
8361b74926 Add Armada job for testing update of release uuids
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation

Change-Id: Ic1eed1bd949279f4630fb3964fbb03788536213c
2019-02-04 21:14:02 +00:00
Matthew Heler
ff18dbe5fd [CEPH] Extend RadosGW S3 configuration support
- Support using custom client params for S3 configurations
- Move common tuning for S3 and Keystone into there own
configuration option
- Cleanup the rgw helm tests, since copying the ceph admin key is
no longer required
- Cleanup duplicate portions of the code for configuring the RGW
backend and frontend port
- Add an rgw helm test check for the osh-infra-logging gates

Change-Id: I46dbb4c45b0b96f5cf555077e49d2e09a1171424
2019-02-04 14:08:09 -06:00
Zuul
eceacafbba Merge "Add Armada deployment job to openstack-helm-infra" 2019-02-04 19:21:48 +00:00
Steve Wilkerson
9422e970a7 Add Armada deployment job to openstack-helm-infra
This adds both a periodic and experimental job for deplying Ceph
and the LMA components via Armada to openstack-helm-infra

Change-Id: Ia3b557801d4f4b667d82eb47a6ef1825394ee526
2019-02-04 14:07:07 +00:00
Steve Wilkerson
6e2ea01ae0 Mariadb: Use correct credentials for exporter in secret
This updates the mariadb chart to use the correct auth values for
the mariadb prometheus exporter. The correct credentials to use
are the credentials in the oslo_db endpoint

Change-Id: I2d325167d7ffdf911a56fe97b879cb13b0d4c195
2019-02-04 06:23:33 -06:00
Steve Wilkerson
44b5c008f1 Monitoring job: Remove nagios file mount check
This removes the elasticsearch query clause json file check from
the single node monitoring job, as it's become a bit unreliable.
Instead, we'll rely on the periodic multinode job to validate this
works as intended

Change-Id: I8d33a2625d5d666af280467dc21d76ed0302f837
2019-02-01 15:20:03 -06:00
Steve Wilkerson
25e4e5662e Update network-policy ldap deployment and test
This updates the script for deploying ldap in the network policy
job to accept ingress traffic from prometheus pods.

This also updates the network policy test to account for return
values with more than one result when checking for a pod to use,
as well as selecting pods by application and component labels
instead of simply grepping for a name (as this could cause issues
with grepping for 'fluentd', when that could return both fluentd
and fluentd-exporter pods, for example)

Change-Id: I12a4029f574ea7d5b250709adef21b07d8cf0220
2019-01-31 21:29:40 +00:00