This PS refactors the endpoint functions to reduce code repetition
and improve readability.
Change-Id: I4a280d0645206ca74794fc4e69ec374bde4c4633
Signed-off-by: Pete Birley <pete@port.direct>
This pins the version of ansible deployed via the makefile
dev-deploy directives to the version used in zuul. This was
causing issues with docker, as make dev-deploy setup-host was
deploying ansible 2.6. Ansible 2.6 introduces a new flag to the
docker_container module (init) that is incompatible with our
current roles, which resulted in observed failures in osh-infra
and osh
Change-Id: Ibc885b53bce77eb36817024b21efb0e99865f690
This PS updates Helm-Toolkit to accept both a simple string (previous
operation) and a dict containing host and potentially tls params for
public endpoints.
Change-Id: Ia95e9f008098ef3eb110d651fd06141774ceb8b7
Signed-off-by: Pete Birley <pete@port.direct>
We only need keep one of osh-infra-deploy-docker.yaml and
osh-infra-docker.yaml, because the content is almost the same.
Change-Id: I27854c0b9492853f7c4edf130b6533c33292dc89
This updates the TLS secret templates to include the backend
service in the dict supplied to the manifest template, as it is
required for the TLS secret to render correctly.
This also removes the readiness probe from the nagios container in
the deployment for the nagios chart, as it wasn't functioning as
intended due to the port not being available for the probe
Change-Id: Iabcfd40c74938e0497d08ffeeebc98ab722fa660
This PS updates the comments for endpoint lookup functions
Change-Id: Ifdc96acaac6972c10f6a580eaf37629910a955a5
Signed-off-by: Pete Birley <pete@port.direct>
Adds support for TLS on overriden fqdns for public endpoints for
the services that have them in openstack-helm-infra. Currently this
implementation is limited, in that it does not provide support for
dynamically loading CAs into the containers, or specifying them manually
via configuration. As a result only well known or CA's added manually
to containers will be recognised.
Change-Id: I4ab4bbe24b6544b64cd365467e8efb2a421ac3f4
This moves to define the datasources provisioned by grafana via
a template defined in the values.yaml. This allows us to define
multiple datasource types that can be mapped directly to the
corresponding entries in endpoints, which enables us to generate
the data source urls via endpoint lookups rather than hardcoding
this. This is the first step to support multiple data sources in
a singular grafana deployment
Change-Id: Iac7f4b1e07aaf83ae4d2a0c923cd06817f0d8c0d
This updates the LDAP configuration for grafana, using a template
defined in the values.yaml file. Using the template allows us to
dynamically define LDAP configuration values, such as the bind dn,
search base and group search base paths, the password, and the
LDAP fqdn. This also updates the volume mount for the
provisioning directory to be defined by the configuration value in
the values.yaml file
Change-Id: I1e4866d1189cf40b08b3443dc725646a1b76094c
This adds missing readiness probes to the following charts in
openstack-helm-infra: elasticsearch, fluent-logging, kibana,
nagios, prometheus-kube-state-metrics, prometheus-node-exporter,
and prometheus-openstack-exporter
Change-Id: I6a2635b08667c31eadb1b05ba848c658935a17e5
This PS updates the tls functions to be yaml safe for the service
name.
Change-Id: I535f38a8d92c01280d79926a1f0acd06984aabbf
Signed-off-by: Pete Birley <pete@port.direct>
This updates the ordering of the basic auth providers in the
elasticsearch and nagios chart to check the file provider first
before going out to check the configured ldap server.
Change-Id: I47ff8a1c7b2cefa8425914c5d4d7a76aa8d43216
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This changes the keystone webhook check back to voting once the
helm-toolkit manifest changes are merged in, and depends on the
openstack-helm patchset that introduces the changes the manifest
change required for this check to pass
Depends-On: https://review.openstack.org/576001
Change-Id: I337fe6d57a978e5b92d5bb5ae844e16bb8082609
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This modifies the manifest files to include volume mounts for
the logging configuration file, which is required for the jobs
in the charts to function
This also makes the keystone-webhook job nonvting, as the htk
changes will break the osh-charts required for the keystone
webhook job. The change to add the required fixes can be found
here: https://review.openstack.org/#/c/576001/.
Needed-By: https://review.openstack.org/576001
Change-Id: I543c01c5560570fd67c42fe2f9a060e888532935
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This patch set cleans up inflight patch [1] by moving helm-toolkit
changes to OSH-infra per [0].
[0] https://review.openstack.org/#/c/558065/
[1] https://review.openstack.org/#/c/566350/
Change-Id: Ifdf3a1d11f2a7cb424476d57d407a224b1ab80eb
Needed-by: I8f1b699af29cbed2d83ad91bb6840dccce8c5146
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Pete Birley <pete@port.direct>
With the latest change to keystone regarding default roles, this
change moves all instances of the member role to be set as
"member", from any deviations in casing or characters.
Change-Id: I9f49fb562239047763c88fcb09a13d891b80d60a
This PS adds support for testing fqdn over-rides in zuul gates.
When enabled it will direct requests to a configurable domain to
the default ip of the primary node.
Change-Id: I3d9a4a0bf06532caf0f544d44027493622f4ae5b
Signed-off-by: Pete Birley <pete@port.direct>
Upgrades the kubernetes version to v1.10.5 from v1.10.4.
Change-Id: Ic2a1f73c935136135e587945180e67ac928f8178
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set loads the proxy environment variable when executing helm
init as it attempts to reach out to an external address to load the
stable repo. If this is executed with in a corporate environment that
requires a proxy, this would fail without the needed envvars.
Change-Id: I8b1b1efb15352934eb8f2a0b0214e486eea80d46
Signed-off-by: Tin Lam <tin@irrational.io>
This reverts commit ad5d4259c45940bf4ddd150aad37c5b8d1aabba6.
We need to revert this - as until the charts are updated OSH is broken.
Change-Id: I58db4c0bf7bdccd8ba7cd1e63af00ff1f01c343a
This modifies the manifest files to include volume mounts for
the logging configuration file, which is required for the jobs
in the charts to function
This also makes the keystone-webhook job nonvting, as the htk
changes will break the osh-charts required for the keystone
webhook job. The change to add the required fixes can be found
here: https://review.openstack.org/#/c/576001/.
Once that change is merged, we can move the keystone-webhook job
back to a voting job
Change-Id: I6ae59e2736624fff5b072e89b6043b23bc8b7f5d
This PS updates the openrc functions to use the internal interface by
default for keystone actions performed within the cluster.
Change-Id: I491618d9fd473917e2034a315f292db746f0d7cc
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the rally test runner script to allow the keystone
endpoint interface to be defined.
Change-Id: I88d7446c6bbb85090929be1728a308886cb41a74
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the use of the `quote and truncate` approach to
suppress output from gotpl actions in templates and replaces it
with the recommended practice of defining `$_` instead.
Change-Id: I5fedc3471dcbecef37d2fe1302bf9760b3163467
Signed-off-by: Pete Birley <pete@port.direct>
This PS udpate the dependency mixin function to permit cases where
the mixin is disabled by passing a null value as the key to use
for resolution.
Change-Id: Idcade7eebed317852b70392431ed02a352241c9b
Signed-off-by: Pete Birley <pete@port.direct>
This changes the default image for kube-state-metrics to use the
bitnami image instead of the coreos image. This allows us to
override the image entrypoint, as the Alpine based image used
previously did not easily allow us to do so. Adding this also
makes creating a common prometheus exporter deployment template
easier, as it reduces the functional differences between exporter
charts and templates
Change-Id: I6c4aac36f563fcb15f52640bc6f9913b45b4358a
