This adds scripts using Selenium Webdriver to verify
the dashboards for Gafana, Nagios, and Prometheus are
reachable and functioning as expected. The scripts
create screenshots of each dashboard as well as
pages that can be navigated to.
It also adds the scripts to the gates for the single
and multinode deployments.
Change-Id: I1699e0ba8ff82ce8f59342cc71aad10cff7d2516
Change the release of Ceph from 12.2.3 (Luminous) to latest 13.2.2
(Mimic). Additionally use supported RHEL/Centos Images rather then
Ubuntu images, which are now considered deprecated by Redhat.
- Uplift all Ceph images to the latest 13.2.2 ceph-container images.
- RadosGW by default will now use the Beast backend.
- RadosGW has relaxed settings enabled for S3 naming conventions.
- Increased RadosGW resource limits due to backend change.
- All Luminous specific tests now test for both Luminous/Mimic.
- Gate scripts will remove all none required ceph packages. This is
required to not conflict with the pid/gid that the Redhat container
uses.
Change-Id: I9c00f3baa6c427e6223596ade95c65c331e763fb
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This adds a nonvoting check that will deploy two ceph clusters
and then deploy two radosgw instances, each one backed by a unique
ceph cluster. This allows us validate whether we can reliably
deploy multiple ceph clusters, as in the case of tenant-ceph outlined
in openstack-helm specs
Change-Id: I76a416eddcdb3ea2416d475ea8c8756925cd9580
Co-Authored-By: Meghan Heisler <mh783g@att.com>
This PS moves the single node gate to use a lightwight minikube
based env.
Change-Id: I285c4222795b66f3527f0daaf62a91973da5dca8
Co-authored-by: Krishna Venkata <kvenkata986@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds roles to kubernetes-keystone-webook policy
which has permissions similar to clusterrols cluster-admin,
edit and view present in kubernetes.
Check.sh script is also modified to test and verify the new
roles.
Change-Id: I43621d2e1036259064c805d97b340589a5b68c93
This adds basic charts for Elastic metricbeat, filebeat,
packetbeat, and elastic APM server. This also adds an experimental
job for deploying the elastic beats along with Elasticsearch and
Kibana
Change-Id: Idcdc1bfa75bcdcaa68801dbb8999f0853652af0f
Change deployment script for rgw to not use the docker
bridge for public and cluster network overrides. Instead,
calculate network values in same way as other ceph multinodes
deployment steps
Change-Id: I2bacd1af1cc331d76a5d61f3b589ca6ef80b1b2e
Currently the cronjob is broken due to syntax and
permission issues.
Additionally move the cronjob from once a month to
every 15 minutes, and automatically disable the job
unless explicitly enabled.
Change-Id: Id72bdb286c805ccb0ea4e9fcf65fabca94a180dd
If OSH_INFRA_PATH is never used in the openstack-helm-infra repository,
as all the references are using relative paths.
The keystone script is not using a relative path, and relies on
OSH_INFRA_PATH to be defined to work.
This is a problem, because when it is not defined, the expected path
for ldap chart is /ldap, which is an incorrect path.
This fixes the problem by ensuring the path is relative.
Change-Id: I04a8d5c074b7c1e6fa66617bbb907f2ad4dcb3af
This patch set cleans up the script to be consistent with other OSH
installation scripts.
Change-Id: I212cd0cf0e818f1fc924b9b690d18f5d107b850b
Signed-off-by: Tin Lam <tin@irrational.io>
OSH_PATH is not defined by default outside OpenStack's CI.
This is a problem if a user wants to run scripts manually on its
machine for local testing.
This fixes it by having, by default, the OSH_PATH defined
in the scripts using OSH relatively to current folder.
For user experience, the script returns to the same path after
running.
Change-Id: I915e7d3c945f2002a2008b2b033a2b7725320b17
This PS updates the MariaDB chart to better support clustering,
using a configmap to track cluster state.
Change-Id: Ifd9c3d63353a9b587384b6f13c0863ecc4fbd956
Signed-off-by: Pete Birley <pete@port.direct>
This patch set addresses a cross-repo conflict with the enablement of
network policy in gate script override.
Change-Id: I284d6b04940424a87e5b239ccc9d30ae01075f38
Signed-off-by: Tin Lam <tin@irrational.io>
Use the 'docker-nfs' namespace to back the docker registry. This
means we can delete the registry namespace without causing IO lockups.
Change-Id: I1706dd96653598dcfbb81904fde8c0bf92294b06
Having storage (backend) components in their own namespace means we
can delete the namespaces containing the openstack without causing
system hangs which occur when storage is remove whilst in use.
Change-Id: Ie489709b08929f25cf0e626a8541620a06506b8b
By default use rbd-nbd (librbd) instead of krbd.
Applying this change on existing nodes will
require reboots.
Change-Id: I81829fb8666541e856ab402128a5192984b6fe05
This updates the fluentd buffer output configurations to account
for the restraints of the jobs deploying fluentd. This also
renames the fluentd configuration key from td_agent to fluentd to
reflect the fact we're no longer deploying td-agent
This also updates the Elasticsearch default replicas and overrides
the replica counts in each Elasticsearch deployment to account for
resource constraints
Change-Id: I55dee410eced99c3e1645f7452e4306ad646e601
This organizes the single node gates for osh-infra by function.
This organization aims to improve the single node gates in the
following ways:
1. Reduce number of services deployed in single node jobs
2. Only deploy Ceph for logging job, as Elasticsearch requires
RGW for snapshot repositories.
3. Use NFS for storage for monitoring job, as Ceph is not a
requirement for any of the services here.
4. Remove duplicate services deployed to multiple single node jobs
5. Remove storage from openstack-support job, as the only service
requiring storage is rabbitmq. Rabbitmq is deployed with
storage enabled in the openstack-helm checks/gates.
This also removes the documentation for the single node deployments,
as those deployments do not make sense with this change. This should
be revisited as a follow-on once we have a clear path forward for
the larger gate refactoring work
Change-Id: I46951f76904fa2ab245a202d55f76019b7503362
This patch set changes the keystone in the k8s-keystone-auth to
be backed by LDAP. It also updates the test to use the LDAP users
instead of created users in the database.
Co-Authored-By: Samuel Pilla <sp516w@att.com>
Change-Id: Ia34dac51b36a300068ad5fd936c48b0f30821a52
Signed-off-by: Tin Lam <tin@irrational.io>
This PS resores the kubeadm-aio image to a functioning state, by
updating the requests package.
Change-Id: I706a8ca5661a8e773386c8d82c049e2a9a04e94e
Signed-off-by: Pete Birley <pete@port.direct>
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS cleans up the scripts for the k8s k8s keystone auth gate.
Change-Id: I248439f9b8ffa372dfaba5acba0c8c587231d901
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates and moves the vmbc image to osh infra.
Change-Id: I9f8d21df8974d1484d9f087ee296fede2a87e545
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the libvirt image, buy removing the ubuntu-cloud
archive repo and pinning to a good version.
Change-Id: I5097d8893b92d020f7a5a1cb5925dec0b01d4da2
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds falco daemonset of the node for behavioral activity
monitor designed to detect anomalous activity.
Change-Id: I783a2acc03592471c81a8a54e1dc0df140b34a42
This PS moves to use k8s 1.10.8, which includes a couple of fixes
for PVC mounts.
* https://github.com/kubernetes/kubernetes/pull/66863
Change-Id: Ica30950a8200f5755897b51fd2b4d24c69a10e61
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the unused helm chart deployment role and playbook.
Change-Id: I01c58a628589ec35af2557c8cc93ea47fe084089
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to run the Libvirt process as a transient unit
on the host, free fom k8s controlled cgroups. In addition it
also uses the cloud archive provided libvirt/qemu packages.
Change-Id: Idfe9ae6f072acd86f877df0c3dfe3db4c20902d6
Signed-off-by: Pete Birley <pete@port.direct>
