This patch set:
- allows options in the bootstrap job to load the proper TLS secret into
the proper envvar so the openstack client can connect properly to
perform bootstrap;
- adds in certificates to make rally work properly with TLS endpoints;
- adds methods to handle TLS secret volume and volumeMount;
- updates ingress to handle secure backends.
Change-Id: I322cda393f18bfeed0b9f8b1827d101f60d6bdeb
Signed-off-by: Tin Lam <tin@irrational.io>
Some updates to rgw config like zone or zonegroup changes that can
be done during bootstrap process require rgw restart.
Add restart job which when enabled will use
'kubectl rollout restart deployment'
in order to restart rgw
This will be more useful in greenfield scenarios where
we need to setup zone/zonegroups right after rgw svc up which
needs to restart rgw svc.
Change-Id: I6667237e92a8b87a06d2a59c65210c482f3b7302
Below enhancements are made to Mariadb backup:
1) Used new helm-toolkit function to send/retrieve Mariadb
backups to/from RGW via OpenStack Swift API.
2) Modified the backup script such that the database backup
tarball can be sent to RGW.
3) Added a keystone user for RGW access.
4) Added a secret for OpenStack Swift API access.
5) Changed the cronjob image and runAsUser
6) Modified the restore script so that archives stored remotely
on RGW can be used for the restore data source.
7) Added functions to the restore script to retrieve data
from an archive for tables, table rows and table schema of a databse
8) Added a secret containing all the backup/restore related
configuration needed for invoking the backup/restore operation
from a different application or namespace.
Change-Id: Iadb9438fe419cded374897b43337039609077e61
This PS fixes:
1) Removes printing of the word "Done" after the restore/list command
executes, which is not needed and clutters the output.
2) Fixes problem with list_tables related to command output.
3) Fixes parameter ordering problem with list_rows and list_schema
4) Adds the missing menu/parameter parsing code for list_schema
5) Fixes backup-restore secret and handling of PD_DUMPALL_OPTIONS.
6) Fixes single db restore, which wasn't dropping the database, and
ended up adding duplicate rows.
7) Fixes cronjob deficiencies - added security context and init containers,
fixed backup related service account related typos.
8) Fixes get_schema so that it only finds the table requested, rather
than other tables that also start with the same substring.
9) Fixes swift endpoint issue where it sometimes returns the wrong
endpoint, due to bad grep command.
Change-Id: I0e3ab81732db031cb6e162b622efaf77bbc7ec25
This patchset is required for the patch set https://review.opendev.org/#/c/737629.
The kuberntes python api requires these permissions, for this script to work properly.
Change-Id: I69f2ca40ab6068295a4cb2d85073183ca348af1e
This adds a chart for the node problem detector. This chart
will help provide additional insight into the status of the
underlying infrastructure of a deployment.
Updated the chart with new yamllint checks.
Change-Id: I21a24b67b121388107b20ab38ac7703c7a33f1c1
Signed-off-by: Steve Wilkerson <sw5822@att.com>
osh-infra currently has a duplicate linter playbook that is not
being used, since the other is used for both osh and osh-infra.
This change removes the duplicate entry and playbook.
Change-Id: If7040243a45f2166973dc5f0c8cd793431916942
Reverting this ps since we tried to solve the problem here for
the old clients prior to nautilus but nautilus clients thinks
its v2 port and try to communicate with server and getting some
warnings as shown below:
lets make v2 port as default and ovverride mon_host config for
old clients prior to nautilus as we did in this ps
(https://review.opendev.org/#/c/711648/).
better solution will be moving out of old ceph clients by changing
the images wherever old ceph clients are installed.
log:
+ ceph auth get-or-create client.cinder mon 'profile rbd' osd
'profile rbd' -o /tmp/tmp.k9PBzKOyCq.keyring
2020-06-19 15:56:13.100 7febee088700 -1 --2-
172.29.0.139:0/2835096817 >> v2:172.29.0.141:6790/0 conn(0x7febe816b4d0
0x7febe816b990 unknown :-1 s=BANNER_CONNECTING pgs=0 cs=0 l=0
rx=0 tx=0)._handle_peer_banner peer v2:172.29.0.141:6790/0 is using msgr V1 protocol
This reverts commit acde91c87d5e233d1180544df919cb6603e306a9.
Change-Id: I08ef968b3e80c80b973ae4ec1f80ba1618f0e0a5
With the latest infra update, the images used no longer contain
python by default and projects are expected to use the new
ensure roles to use packages as needed.
This change adds some of the ensure roles to a few playbooks,
additional cleanup can be done using these in future changes.
Change-Id: Ie14ab297e71195d4fee070af253edf4d25ee5d27
Currently there are conditions that can prevent Bluestore OSDs
from deploying correctly if the disk used was previously deployed
as an OSD in another Ceph cluster. This change fixes the
ceph-volume OSD init script so it can handle these situations
correctly if OSD_FORCE_REPAIR is set.
Additionally, there is a race condition that may occur which
causes logical volumes to not get tagged with all of the
necessary metadata for OSDs to function. This change fixes
that issue as well.
Change-Id: I869ba97d2224081c99ed1728b1aaa1b893d47c87
This change modifies the linting job to not run when a patchset
only modifies openstack-helm documentation.
Change-Id: I0ed0fd5fff10d81dd34351b7da930d1a340b10d8
Currently OSDs are added by the ceph-osd chart with zero weight
and they get reweighted to proper weights in the ceph-client chart
after all OSDs have been deployed. This causes a problem when a
deployment is partially completed and additional OSDs are added
later. In this case the ceph-client chart has already run and the
new OSDs don't ever get weighted correctly. This change weights
OSDs properly as they are deployed instead. As noted in the
script, the noin flag may be set during the deployment to prevent
rebalancing as OSDs are added if necessary.
Added the ability to set and unset Ceph cluster flags in the
ceph-client chart.
Change-Id: Ic9a3d8d5625af49b093976a855dd66e5705d2c29
This updates the ceph-mon chart to include the pod
security context on the pod template
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I4c9e292eaf3d76ee80f50553d1cbc8cdc6f57cac
Zuul updated ansible to 2.9 and broke one of the playbooks
that had the old sudo keyword, which is no longer valid in 2.9.
This change updates the offending file to use "become" instead,
which is the valid keyword instead of sudo.
Change-Id: I2057de7470d65a60c4c984cb99d0715c9d43b3a8
For the scripts in the ceph-osd daemonset that source common.sh (i.e.
those that run in the osd-init and ceph-osd-default containers), updates
the PS4 prompt so that the script name, line number, and function are
included in xtrace output.
Change-Id: Ieebbb82b64db4cf363ed4396289c823744d4a860
The PS adds comparison of releases of Daemonsets. If there is
more than one release we need run post-apply job.
Change-Id: If0c55aba4e6450815972586701f0611505d41af5
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
This change optimizes the creation of symlinks in udev_settle by
only looking at the disks related to the OSD being
deployed/started and skipping the ln command for existing symlinks.
A second "udevadm settle" command is also added after the creation
of the symlinks in order to allow any logical volumes related to
new symlinks to become established.
Change-Id: I3283021fd80c8a05f0aa0c9917bb7ba0ea144303
This change defines the 32GB node option to be used in rare cases
when a particular check requires more resources than a normal
run can provide.
Change-Id: I9ff79f98a0f1874411c0df19cb07b5473d82992a
Using a subset of the characters in the hostname to determine the
failure domain is not always possible, and using overrides based on
hostnames is in some ways overkill.
This change provides a simple way to map hostnames to failure domains.
It is used only when 'failure_domain' is set other than 'host', and when
'failure_domain_by_hostname' is 'false'. Any hosts not referenced in the
map will be given the default treatment (root=default host=hostname)
Example usage:
conf:
storage:
failure_domain: rack
failure_domain_by_hostname_map:
hostfoo: rack1
hostbar: rack1
hostbaz: rack2
hostqux: rack2
Change-Id: Ia98fec8c623486f80054877e40e0753e4b939e8e
