By default use rbd-nbd (librbd) instead of krbd.
Applying this change on existing nodes will
require reboots.
Change-Id: I81829fb8666541e856ab402128a5192984b6fe05
This updates the fluentd buffer output configurations to account
for the restraints of the jobs deploying fluentd. This also
renames the fluentd configuration key from td_agent to fluentd to
reflect the fact we're no longer deploying td-agent
This also updates the Elasticsearch default replicas and overrides
the replica counts in each Elasticsearch deployment to account for
resource constraints
Change-Id: I55dee410eced99c3e1645f7452e4306ad646e601
This organizes the single node gates for osh-infra by function.
This organization aims to improve the single node gates in the
following ways:
1. Reduce number of services deployed in single node jobs
2. Only deploy Ceph for logging job, as Elasticsearch requires
RGW for snapshot repositories.
3. Use NFS for storage for monitoring job, as Ceph is not a
requirement for any of the services here.
4. Remove duplicate services deployed to multiple single node jobs
5. Remove storage from openstack-support job, as the only service
requiring storage is rabbitmq. Rabbitmq is deployed with
storage enabled in the openstack-helm checks/gates.
This also removes the documentation for the single node deployments,
as those deployments do not make sense with this change. This should
be revisited as a follow-on once we have a clear path forward for
the larger gate refactoring work
Change-Id: I46951f76904fa2ab245a202d55f76019b7503362
This patch set changes the keystone in the k8s-keystone-auth to
be backed by LDAP. It also updates the test to use the LDAP users
instead of created users in the database.
Co-Authored-By: Samuel Pilla <sp516w@att.com>
Change-Id: Ia34dac51b36a300068ad5fd936c48b0f30821a52
Signed-off-by: Tin Lam <tin@irrational.io>
This PS resores the kubeadm-aio image to a functioning state, by
updating the requests package.
Change-Id: I706a8ca5661a8e773386c8d82c049e2a9a04e94e
Signed-off-by: Pete Birley <pete@port.direct>
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS cleans up the scripts for the k8s k8s keystone auth gate.
Change-Id: I248439f9b8ffa372dfaba5acba0c8c587231d901
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates and moves the vmbc image to osh infra.
Change-Id: I9f8d21df8974d1484d9f087ee296fede2a87e545
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the libvirt image, buy removing the ubuntu-cloud
archive repo and pinning to a good version.
Change-Id: I5097d8893b92d020f7a5a1cb5925dec0b01d4da2
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds falco daemonset of the node for behavioral activity
monitor designed to detect anomalous activity.
Change-Id: I783a2acc03592471c81a8a54e1dc0df140b34a42
This PS moves to use k8s 1.10.8, which includes a couple of fixes
for PVC mounts.
* https://github.com/kubernetes/kubernetes/pull/66863
Change-Id: Ica30950a8200f5755897b51fd2b4d24c69a10e61
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the unused helm chart deployment role and playbook.
Change-Id: I01c58a628589ec35af2557c8cc93ea47fe084089
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to run the Libvirt process as a transient unit
on the host, free fom k8s controlled cgroups. In addition it
also uses the cloud archive provided libvirt/qemu packages.
Change-Id: Idfe9ae6f072acd86f877df0c3dfe3db4c20902d6
Signed-off-by: Pete Birley <pete@port.direct>
This adds inputs for kernel logs on the host, as well as dockerd
and kubelet logs via the systemd plugin. This also adds a filter
for adding the hostname to the kernel log events, for renaming the
fields for systemd logs as kibana can not visualize fields that
begin with an underscore, and adds elasticsearch indexes for both
kernel and systemd logs
Change-Id: I026470dd45a971047f1e5bd1cd49bd0889589d12
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots
Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
This PS fixes the permissions for the upstream resolv.conf used by the
dns redirector.
Change-Id: Ieef113a6e7b72767318516c63cf48dcac202cf4d
Signed-off-by: Pete Birley <pete@port.direct>
This attempts to trim down the dev-deploy gates until further
gate refactoring is complete. This disables the elasticsearch and
fluentd exporters and removes the openstack exporter from the
single node deployment gates to ease the load on nodepool vms
Change-Id: If211511e8f52fe39d293966abbd7e62b45b65970
We only need to restart network manager if disabling dns management.
Change-Id: Idfdf68678a68c2808527de4226ff91e9ea5f8d67
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the dns redirect pod deployment to support a persistant
set of customised upstream nameservers to be used.
Change-Id: Ib163f8ed9ceadca69b56cd5f146ffd194d98cdc3
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the gate to permit running on the current LTS ubuntu
release.
Change-Id: I7e32a4ab0dc79e4b5f7a16f8a8cb5e9ee182ee08
Signed-off-by: Pete Birley <pete@port.direct>
This moves the libvirt chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories
Change-Id: I02ce197f8d100da74c086d84e2f9d2b902a69e97
Story: 2002204
Task: 21723
This moves the openvswitch chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories
Change-Id: I6e00231b8de54c01bc9bb31e0433753a9f281542
Story: 2002204
Task: 21730
This moves the mariadb chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: Ife56e28de46c536108cebb4f4cdf6bad2a415289
Story: 2002204
Task: 21725
As part of the effort to move the supporting infrastructure
services to openstack-helm-infra, this adds a gate that will be
used for those services specifically
Change-Id: Id7c5649330eb41a0017a740ade9465fd66abb32f
This adds the process exporter to both the developer and multinode
gates, along with adding the relevant deployment steps to the docs
Change-Id: I85d5c398fbbb62145c9bb4e3a885e9a774725e5a
This PS adds a function to generate tls certificates from a
CA. It also adds a script to generate a snakeoil ca for dev
and future gating work.
Change-Id: Ic94a9ab5fa3ebb912b507008a6b2f78e16dade67
Signed-off-by: Pete Birley <pete@port.direct>
This adds a ceph developer gate to openstack-helm-infra, which
depends on ceph moving to openstack-helm-infra. This also replaces
the NFS backed storage for the multinode gate with ceph instead
Change-Id: I11268463aa037a2e037217a2dbc89c7432c0d277
This PS bumps the k8s version to that of the current release.
Change-Id: Ife6edac83f6e7639d6142d64aff458450a2e58ff
Signed-off-by: Pete Birley <pete@port.direct>
Helm now tries to update the stable repo when running helm init
by default. This ps adds the flag to prevent this, which is required
when running in airgapped, and some corporate, environments.
Change-Id: I38c487f88d17e9429c30cb03bf2d0f3652f1db99
Signed-off-by: Pete Birley <pete@port.direct>