Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This PS looks to make a few small tweaks to the rabbitmq probes so
that its health and readiness is more reflective of what is actually
happening inside the container. We were previously seeing instances
of the pod marked as ready before it actually was.
Change-Id: If48ec02d4050f7385e71c2e6fe0fff8f59667af4
By default erlang VM determines a number of scheduler threads equal to a
number of CPU cores it detects [0]. Running rabbitmq in container makes
Erlang VM to think it has all host CPU power, making extra scheduler
threads competing for CPU time and, depending on a difference between
a number host CPU cores and container limits, causing CPU throttling even
while idle.
This commit limits a number of schedulers to a value actually available
to container via k8s resource limits (min 1) emulating the default
behavior.
[0] https://www.rabbitmq.com/runtime.html#scheduling
Change-Id: If36f63173de4c8035daf7aac4014c027c579b58f
This adds three new variables:
- skip_queues is for ability to skip metrics for some queues
- include_queues is the opposite parameter for presice setup
- rabbit_exporters is for ability to enable/disable exporter modules
Change-Id: Ia81a9921be6c14ec2035009fd164aab4c912f328
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
The currently defined RabbitMQ Exporter probes make a call to the
"/metrics" path of the exporter service, which downloads a huge file and
takes a very long time to download. An http probe should be based on a very
simple and short url response from the service. So this changes the
probes to just call the base path "/" of the url and set the timeout to
something reasonable like 5 seconds.
Change-Id: Ie106490b2fb8d61660663f39a992bf4dc1a61222
This patch set updates and tests the apiVersion for rbac.authorization.k8s.io
from v1beta1 to v1 in preparation for its removal in k8s 1.20.
Change-Id: I4e68db1f75ff72eee55ecec93bd59c68c179c627
Signed-off-by: Tin Lam <tin@irrational.io>
The patch fixes typo in PUBLISH_PORT and adds quotes for
PUBLISH_PORT because of the fact that it is string values
otherwise it leads to the error below:
error updating the release: rpc error: code = Unknown desc = release
rabbitmq failed: Deployment in version "v1" cannot be handled as
a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec:
v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value:
ReadString: expects " or n, but found 9, error found in #10 byte of ...|,"value":9095},{"nam|...,
bigger context ...|value":"no_sort"},{"name":"PUBLISH_PORT","value":9095},{"name":"LOG_LEVEL","value":"info"},{"name":"|...
Change-Id: I027c91ee48df8eb5b4b2bf3fd28036b8eca47238
This change replaces direct references to the exporter port
in values.yaml with calls to helm-toolkit lookup functions.
The referenced port number under the network key is removed,
as the helm-toolkit function will return the port number under
the endpoints key.
Change-Id: Ib6f533c49af5a88fca377920d28d5468d7387892
Trivial change. This patch set cleans up a python script.
- Move the comment to a helm-template comment so the python comments do
not get rendered by helm.
- Remove an unused python module.
Change-Id: Id287ddae8904d2cfa88725277bb97cf027a942c3
Signed-off-by: Tin Lam <tin@irrational.io>
The patch adds Network Policy ingress rules for RabbitMQ
and Prometheus RabbitMQ exporter.
It also fixes name generation for network policies,
to make sure they do not contain a prohibited '_' symbol,
which may appear in some label names.
Change-Id: I9821983b61d90e73e62c5ac669eefeb4ba9999d2
This change makes rabbitmq container run with the rabbitmq user
instead of the root user. As the rabbitmq user doesn't have write
access to '/run' directory, the templates are updated to use the
'/tmp' directory instead which the rabbitmq user has write access
to.
Change-Id: Ia35c3f741fefe3172c93bb042bf8d26bf7672cfc
This PS udpated the reset node function to leave the assets generated
via init containers in place when resetting the node.
Change-Id: Iac52ca82e95bb372dbcbca0eeea3b262215e9c12
Signed-off-by: Pete Birley <pete@port.direct>
When upgrading/reconfiguring a rabbit cluster its possible that the nodes
will not return the cluster status for some time, this ps allows us to
cope with this much more gracefully than simply crashing a few times, before
proceeding.
Change-Id: Ibf525df9e3a9362282f70e5dbb136430734181fd
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the cluster wait job to prune any extra nodes from
the cluster if scaling down.
Change-Id: I58d22121a07cd99448add62502582a6873776622
Signed-off-by: Pete Birley <pete@port.direct>
This PS extends the rabbit startup locgic to ensure nodes have
actually joined the cluster on startup.
Change-Id: Ib876d9abd89209d0a7972983bdf4daacf5f8f582
Signed-off-by: Pete Birley <pete@port.direct>
This works well for python2, but things will become
messy when py3 will be the default.
This, at the same time, ensures the KeyErrors are
properly logged, with a way to debug them.
Change-Id: If5d8007bece9ccbff481187e757968e7d1b6f651
This PS updates the rabbitmq chart, to allow clients to connect directly
to backend servers, and also introduces a htk function to produce
the appropriate transport_url used by oslo.messaging to take advantage
of this functionaility.
Change-Id: I5150a64bd29fa062e30496c1f2127de138322863
Signed-off-by: Pete Birley <pete@port.direct>
In an Edge environment without a distributed storage environment, it
should be able to store rabbitmq data in the local path as well.
This patch added an option to use it in a more diverse environment.
Change-Id: Ia3c0dfaa58c237e424197f1406bd66fb991bea18
Story: 2005753
Task: 33455
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
This adds a job that will query the Elasticsearch HTTP cat API to
determine whether the desired number of nodes have been discovered
via the Zen discovery mechanism to be included in the cluster.
This aims to address issues seen when upgrading Elasticsearch,
where the snapshot repository job may trigger due to endpoints
from older pods being present. This new job will be the dependency
required by the snapshot repository job to ensure the ES cluster
has the desired number of nodes before attempting to register a
snapshot repository or interact with the cluster
Change-Id: I94fbbfdec7ca66d04acca9558e56dca3b2bc7d52
This PS updates the rabbitmq chart to make cluster formation
more robust, with the previous implementation it was possible
to form multiple descrete clusters within a single deployment
of the chart (eg if a network partition existed during formation)
Change-Id: Ie241d29230419ff829d9fbb22fa1a01275926903
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the dependency checks tor the tests and wait job.
Change-Id: I09301083bfc2d0218298a8c5e0dd4957bef11c42
Signed-off-by: Pete Birley <pete@port.direct>
Now that we explicity declare there is no need to define the default
username and password.
Change-Id: I95e41c411c2a86ae527283d5dc13b8a1f65b513a
Signed-off-by: Pete Birley <pete@port.direct>
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
This PS adds the ability to change the admin user credentials
and erlang session cookie. To do so requires `--recreate-pods` to
be passed to helm on a release upgrade.
Change-Id: Ib04ad43a7c303a8ddc31fd0de288a2f7f3294a12
Signed-off-by: Pete Birley <pete@port.direct>
This PS improves the robustnes of the RabbitMQ clustering logic
to support reforming the cluster following recreation of all pods,
and wait for the cluster to fully form before continuing in case
of an upgrade.
This ability was lost with the introduction of the following PS,
which prevented reformation of the cluster from scratch.
* https://review.openstack.org/#/c/637337/
Change-Id: I99d32fbd3c56dde492717a7850b61001fa8f7fb5
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds a test to ensure the correct number of members in a
cluster.
Change-Id: I52d0fcc473322fb9a754e95a2977a5c2cfad6b45
Signed-off-by: Pete Birley <pete@port.direct>
This PS increases the feedback give by the rabbitmq test pod
Change-Id: If8aa713017eccaf100c6186cd569a6a0f4b021e9
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.
Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the helm test pod templates in the charts with helm
tests defined. This change includes the addition of:
- Generate test pod cluster roles and role bindings
- Generate service accounts for test pods
- Add node selectors to the test pods
- Add service accounts to the test pods
- Addition of entrypoint container to the test pods
- Indentation fix for rabbitmq test pod template
Change-Id: I9a0dd8a1a87bfe5eaf1362e92b37bc004f9c2cdb
