Removing redundant py36 Zuul jobs since we now have py39 Zuul jobs in
place with the debian nodeset
Story: 2006796
Task: 43491
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: I1e1297e029741736cc355c472acc842270fccc97
A toleration needs to be added to all resources that create pods since
the node-role.kubernetes.io/master taint will be restored to all master
nodes. This ensures that the pods will run on the master node.
Tested in an AIO-SX by enabling the taint and:
- Deleting pods
- Performing an application update
- Removing and reinstalling the application
- Deleting the ValidatingWebhookConfiguration and reapplying the app
In every case mentioned the resources would come up again.
Story: 2009232
Task: 43343
Change-Id: Ide2ce4ac66f01da412822f6fc7d658da80de4f32
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.
Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046
Story: 2009101
Task: 43091
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I2b3260d086fb84595de38d5d71be3a44f22d6fb3
During backup it is required deleting the Nginx Ingress Controller
admission webhook configuration so that it doesn't block pods creation
during restore phase when the application is not fully up and running.
This is already being done automatically, but the webhook is not being
recreated.
The proposed solution is to use the lifecycle operator to set the nginx
ingress controller override and reapply the application, and with that
recreate the validating webhook after the backup and after the restore.
Note that if the validating webhook is not present before, it won't be
recreated. Also note that the override flag may be already populated
before, so this does a backup of it before setting a new value.
Tested on an AIO-SX by and backing up and restoring the system
(with and without the validating webhook).
Closes-Bug: 1943835
Depends-on: https://review.opendev.org/c/starlingx/config/+/810434
Change-Id: If477b41a2fc94d8aa4e8d820b42aeb5644312f78
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
A lot of work has gone into making sure that StarlingX is python3
compatible. To ensure future compatibility, enable the python3
portability checks. Disable the checks that are raising errors.
Another set of commits will address the offending code.
Add following suppress warnings in pylint.rc:
- W1618: no-absolute-import
Story: 2006796
Task: 43226
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: I38b67515849b692e0b27cba217f2ef2eedc43940
Added python3.9 gate, tested by running tox locally and running
the zuul gate.
Story: 2009101
Task: 43162
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I4946d9b7b1657fc2e5b3657763ac0501d361892d
The pylint gate fails because the nodeset is not set,
set it to "ubuntu-xenial" since it runs on python2.7.
Story: 2009101
Task: 43164
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I79d97afa17866dd589176a5d6cbaaac49827bda9
Adds a lifecycle hook to migrate the user overrides
from the old chart name (nginx-ingress) into the new
one (ingress-nginx). The chart name was changed upstream
as part of a major refactor.
The lifecycle hook will listen to the pre apply event and
query the database for the overrides of the newest inactive
app (i.e. the previous version).
If it finds overrides and the version being installed do
not have overrides, the old ones will be migrated to the
new chart name.
Tested by performing an application-update from a version
before the chart name change to a version built with this hook.
Also tested a fresh install and upgrading from r4 to
master for SX and DX.
Closes-Bug: 1927003
Signed-off-by: Isac Souza <IsacSacchi.Souza@windriver.com>
Change-Id: Id328dd3bff79290d249d25e0875214c463cf76c1
This reverts commit 9189e5bc0ac06d44f0bda8ab70ba151b05349dca.
Reason for revert: Causes an ansible failure on fresh system install
Change-Id: I4f1263c2cf0957d3bb5e324b9ac7fdd8d5beda69
Adds a lifecycle hook to migrate the user overrides
from the old chart name (nginx-ingress) into the new
one (ingress-nginx). The chart name was changed upstream
as part of a major refactor.
The lifecycle hook will listen to the pre apply event and
query the database for the overrides of the newest inactive
app (i.e. the previous version).
If it finds overrides and the version being installed do
not have overrides, the old ones will be migrated to the
new chart name.
Tested by performing an application-update from a version
before the chart name change to a version built with this hook.
Also tested upgrading from r4 to master for SX and DX.
Closes-Bug: 1927003
Signed-off-by: Isac Souza <IsacSacchi.Souza@windriver.com>
Change-Id: I53083555868eac48143f4e744df73aa28ab03f85
Adds the required configuration to run Zuul on
reviews, including flake8, pylint, bandit and
unit tests.
Tested by running tox locally.
Partial-Bug: 1927003
Signed-off-by: Isac Souza <IsacSacchi.Souza@windriver.com>
Change-Id: I7906dbadc00693736dedc2f5ea88ed24f74345f7
The recent upversion of the nginx app
(https://review.opendev.org/c/starlingx/nginx-ingress-controller-armada-app/+/782326)
enabled the nginx admissionWebhook and this introduced an
issue in the restore procedure.
The proposed solution is to use the lifecycle operator to delete
the nginx admissionWebhook before the backup.
If we do this, the backup of the etcd database
will not have the nginx webhook and the restore will succeed.
Note that the solution implies a
deletion of a resource in the nginx app.
Because of this, there are some
procedural changes to the backup and restore
that the user must do:
- After backup completes the following steps must be done:
1. $ system helm-override-update nginx-ingress-controller ingress-nginx
kube-system --set controller.admissionWebhooks.enabled=true
2. reapply the nginx app to restore the admissionWebhook:
$ system application-apply nginx-ingress-controller
- After the whole restore procedure (i.e after all the nodes are
restored and unlocked, apps are in applied state
and 'system restore-complete' was executed)
the user must do the same steps as above to restore the nginx webhook:
1. $ system helm-override-update nginx-ingress-controller ingress-nginx
kube-system --set controller.admissionWebhooks.enabled=true
2. $ system application-apply nginx-ingress-controller
Depends-On: I61156db05970aa03c96ddc8533fdd4f4a680b334
Depends-On: I0ebab45f4846cbcd25fecac6bf99195d9047eb8a
Depends-On: I648e940f8104307e111213afd511f8fca19e39ab
Closes-Bug: 1923185
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
Change-Id: I9ca56329cfa353e7938a9fd8e94c50295c6a0778
This update includes removing the deprecated helm repo and previous
patches. This version is the last one that supports helm v2, and
implements nginx admission controller on port 5443 - avoiding conflict
with lighttpd.
Tested new version with cert-manager and Nodeinfo, making sure that new
routes were created when the application was manually updated, including
Openstack endpoints. Also tested with Platform Upgrade in Simplex and
Duplex deployments.
Story: 2008542
Task: 41636
Closes-Bug: #1902534
Signed-off-by: Regiani Iago <Lago.RodriguezRegiani@windriver.com>
Change-Id: I439ae16f0eb44b25c109d2a275121a60ae62c449
This reverts commit 437db6f68af305a1667a5ac5ec722d96a1c44c9c.
Reason for revert: This new version implements an admission controller that uses port 8443, conflicting with lighttpd. Reverting in order to change this port
Change-Id: I0a2c4d6ca5dddac30a0508b844dc40ab96d2a0ad
This update includes removing the deprecated helm repo and previous
patches. This version is the last one that supports helm v2.
Tested new version with cert-manager and Nodeinfo, making sure that new
routes were created when the application was manually updated, including
Openstack endpoints. Also tested with Platform Upgrade in Simplex and
Duplex deployments.
Story: 2008542
Task: 41636
Closes-Bug: #1902534
Signed-off-by: Regiani Iago <Lago.RodriguezRegiani@windriver.com>
Change-Id: I9e022ae58d75f179fce66829117d475e435c169c
Critical apps like this are prevented from being deleted or
removed.
Story: 2007960
Task: 42038
Depends-On: I93821965184d95a00fddd3398a1c214e3d730efa
Signed-off-by: Suvro Ghosh <suvrojeet.ghosh@windriver.com>
Change-Id: If6cd2967e3912d2aaf5e155f868b9417ed199457
This metadata will forbid this app from deletion.
Story: 2007960
Task: 41765
Signed-off-by: Suvro Ghosh <suvrojeet.ghosh@windriver.com>
Change-Id: I68ec80ba8cfffec4aac86560571036f31d9eb593
Update remaining StarlingX packages with hardcoded TIS_PATCH_VER to
use PKG_GITREVCOUNT where possible, with offsets as needed to ensure
the version is incremented above the hardcoded version.
Story: 2008455
Task: 41454
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: I48adf5627e6259b93efa6dfb98f51600104fccd9
This adds support for Helm v3.
- 'helm init' and initialization is no longer required
- 'chartmuseum' is used as a drop-in replacement for 'helm serv'
- all Charts require the tag: apiVersion: v1 (or v2)
This updates nginx-ingress chart to specify apiVersion.
Change-Id: Ic8d4454913fc4c65d1e17adb971f08200631f4d0
Story: 2007000
Task: 39713
Depends-On: https://review.opendev.org/719962
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
During backup & restore it was noted that Armada apply would timeout
even though the nginx-ingress-controller did come up to Running state.
Increasing the timeout to 1800 to give more time before Armada times
out.
Closes-Bug: 1875664
Change-Id: I886f37feb559cfb5391dd0dd51f606a2bf207ac6
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
The nginx-ingress-controller app was missing a build requirement
check for the 'helm' package, which was causing the layered build to
fail. This commit adds the dependency check.
Closes-Bug: 1873603
Change-Id: If6792f5d4348d4f257fcf93a4d32760cb110bd97
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
This commit introduces nginx as a separate armada app as part of
support for cert-manager (to handle incoming cert challenges). In
future, the scope of nginx-ingress-controller is expected to be
broader. Spec for this feature is available here:
https://opendev.org/starlingx/specs/src/branch/master/doc/source/specs/stx-4.0/approved/security-2007360-cert-manager.rst
Story: 2007360
Task: 39221
Change-Id: I42e4dc47d2b65da807edf0ea8b7af93457e027b8
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
