63 Commits

Author SHA1 Message Date
Pedro Almeida
91a24ad864 Fixing series file after removing helm3 patches
Since some patches were deleted on [1], they also need to be removed
from the series file.

[1] I6a1cb3832be8dc15930edc226e09a55f6f89951b

Test Plan:

PASS - Build openstack-helm and openstack-helm-infra debian packages

Story: 2009138
Task: 45716

Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Change-Id: Ie3e4f204b10025778338b622bf9165fdc5368c9f
2022-08-04 20:29:43 +00:00
Pedro Almeida
3dbfd56429 Removing helm3 patches from osh(-i) on armada
We are removing the patches that disables the helm3-hook which are
used by osh(-i) to build an armada app as these patches are not
necessary when building the fluxcd app.

By removing the patches and changing the manifest.yaml, these hooks
will only be disabled for the armada app, and the fluxcd app can be
built as it is with [1].

There's also a small change on Patch #16 so it can be applied as it
was created on top of a change made on Patch #8 (which is being
removed).

Test Plan:

PASS - Build all the packages necessary for the openstack app
PASS - Create openstack tarball
PASS - Apply/remove/delete openstack

[1] I97402f9d4cacb2130118f49589b13b686d04e13b

Story: 2009138
Task: 45716

Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Change-Id: I6a1cb3832be8dc15930edc226e09a55f6f89951b
2022-08-04 13:58:12 -03:00
Thales Elero Cervi
b87a47d070 Update openstack Ingress for networking api v1
This change patches the correct apiVersion for Ingress resources created
by the openstack ingress chart to work correctly when stx-openstack is
applied on stx with kubernetes 1.22+ running.

Same applies to spec changes that need to be done according to
io.k8s.api.networking.v1.IngressBackend [1] and
rbac.authorization.k8s.io.v1 [2] documentations.

Test Plan:
PASS - Build stx-openstack armada tarball (CentOS)
PASS - Upload stx-openstack on Stx7.0/master build
PASS - Apply stx-openstck on a Stx7.0/master build
PASS - Ensure openstack ingress pod is up

NOTE:
It could be done by upversioning openstack-helm-infra and
openstack-helm to its latest commits (currently
1147988b8eba6ab7d1e7af262843f641be6657ff and
18fdc309615f335fe16ad27ab27bb91972aac75a respectively)
but this upversion has a different series of complications
that are being discussed in [3].

[1] https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22
[2] https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122
[3] https://review.opendev.org/c/starlingx/openstack-armada-app/+/848336

Closes-Bug: 1980397

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Co-authored-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: I0bbecc097fdafdf5ebbc3a164b80ba903b5623f2
2022-07-20 18:50:27 +00:00
rferraz
b5b4cc562a Network Resources Cleanup before OpenStack Removal
A new job is introduced for the purpose to cleanup
network resources before OpenStack removal.

TESTS                                                       STATUS

- After a fresh deployment of existing stx-openstack app,   PASSED
  check that VMs can be launched successfully

- Delete VMs and remove OpenStack, without a cleanup of     PASSED
  network resources. After re-deploying OpenStack, verify
  that an error scenario arises where new VMs can not be
  launched, with the following error message:
  "nova.exception.VirtualInterfaceCreateException ...
  Failed to allocate the network(s), not rescheduling".

- Load the updated charts in a fresh OpenStack re-install.  PASSED
  Assert that OpenStack is deployed successfully, and that
  VMs can be launched successfully.

- Delete VMs and remove OpenStack, without a cleanup of     PASSED
  network resources. After re-deploying OpenStack, verify
  that the previous error scenario does not show up and
  that new VMs can be launched successfully.

- Verify that the OpenStack charts deployment-sequence      PASSED
  is unchanged, compared to existing codebase.

- Verify that, for all OpenStack charts, except the ones    PASSED
  under the compute-kit group, the removal sequence is
  the reverse of deployment-sequence.

- Verify that the charts under the compute-kit group are    PASSED
  deployed in parallel but removed in sequence.
  The removal sequence is the reverse deployment-sequence
  from the OpenStack Armada App manifest.

- Verify that, within the OpenStack compute-kit group,      PASSED
  the Neutron chart is the first one to be removed.

Partial-Bug: 1892659

Explanatory text: this is a system improvement which aims
to prevent from similar bugs as the one above.

Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I268ab75a849734874646b5f23b0bcdbe5faae1ef
2022-06-22 11:08:10 -03:00
Davlet Panech
afc2fe2a4c debian: make all packages arch-independent
All debian packages in this repo are architecture-independent (ie don't
include any arch-specific binaries). Declare them as such in debian
control files. This is inline with their centos versions.

TESTS
====================================
Rebuild packages in debian

Story: 2009897
Task: 45278

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I25a41dc96565caa62767ab3c302967cec3b96fb5
2022-05-04 22:26:05 -04:00
Arthur Luz de Avila
fff6c25952 Decrease terminationGracePeriodSeconds on glance-api
The glance-api pod has a terminationGracePeriodSeconds
of 600s(10min) and the others services has 30s. This high
terminationGracePeriodSeconds may cause timeout in some
cases and there is no reason for this high
terminationGracePeriodSeconds.
The terminationGracePeriodSeconds has been introduced on
https://review.opendev.org/c/openstack/openstack-helm/+/469974
but there is no explanation why it is too high.
the Glance don't gracefully terminate due to a authenticate
with kube-apiserver  with the error: "Unable to authenticate
the request" err="[invalid bearer token, Token has been invalidated]"
Looking after it I saw that it can be a timing error between the
communication of the kube-apiserver and the glance-api when is in
terminating state. Normally, the glance api terminate gracefully
before 30sec, but if the error of Unable to authenticate appear, it
kill faster to keep the things working like the other services does.

Test Plan:
PASS: Build on centOS
PASS: Build on Debian
PASS: Apply chart

Story: 2009959
Task: 44927

Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: Id4ef301c9ee1fce9f78ee09b3ce7f896d59a5a96
2022-04-08 13:15:42 -03:00
Thiago Brito
a801776a41 Adding tolerations to disabled charts
On the previous work to add tolerations for the openstack-helm charts,
we missed adding those tolerations to disabled charts like the charts
for the telemetry services, ironic, gnocchi and ceph-rgw. This commit
will fix it.

This is a cherry-pick with minor removals from [1] and [2]and should
be removed from the openstack-armada-app tree on the next osh/osh-i
upversion.

NOTE: Since ironic/gnocchi/ceph-rgw charts are not proven to work with
stx-openstack, we will not validate those on the test plan.

[1] https://review.opendev.org/c/openstack/openstack-helm-infra/+/812753
[2] https://review.opendev.org/c/openstack/openstack-helm/+/812734

TEST PLAN
PASS build stx-openstack and install on SX
PASS enable telemetry charts

REGRESSION PLAN
PASS debian build

LOG: https://paste.opendev.org/show/bV3bgChLHxro3caaRC7q/

Story: 2009232
Task: 44572
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0b35e2cb531cf54fc5a319c35e0a058603790af1
2022-03-10 14:04:42 +00:00
Lucas Cavalcante
b06eb5f63a Debian reenable opentack-helm/openstack-helm-infra
Change Ifb7946e9a289234047934b52d200b951a59c1a3f was rebased wrong
and intends to use an old method of building openstack-armada-app
openstack-helm and openstack-helm-infrafor debian.

This patch correctly applies the new patch changes.

Test Plan:

PASS: Centos Build (build-pkgs openstack-helm-infra openstack-helm)
PASS: Debian Build (build-pkgs -p openstack-helm-infra
                    build-pkgs -p openstack-helm)

Closes-bug: 1960968
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ica08158dbba5a10ec7b6266b6808d22d53244095
2022-02-15 20:18:04 -03:00
Lucas Cavalcante
27c4d562c8 Fixes Application Apply failing when HTTPS enabled
Openstack-helm provides the option to terminate TLS at the services.
However, at Starlingx TLS termination is done at the reverse
proxy (ingress) and therefore is unecessary for the OpenStack itself
be HTTPS and terminate tls a second time. Furthermore,  it is not
possible to have https enabled on openstack services with the
current centos based containers that we have, openstack-helm only
supports tls using debian based containers.

Manually working arroud this creates a cumbersome override file, so
to diminish this overrides this patch 0020 and 0013(osh-i) disables
https at the backend, thus maitaining the same behaviour as stx 5.0

Mariadb and RabbitMQ tls does not seem to be working very well within
Starlingx, so we also disable TLS for them. I am not confident that
current openstack-helm and openstack-helm-infra supports production level
openstack with mariadb in TLS mode. Furthermore, from the way everything
is redirected in StarlingX I do see too many performance and stability
issues using both of them with tls enabled.

Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.

Test Plan:

PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f
Partial-bug: 1960354
Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815
2022-02-11 16:59:37 +00:00
Iago Estrela
1623a2bc72 Rename VNC deprecated opts
vncserver_listen and vncserver_proxyclient_address were deprecated,
this change aims to replace them with the versioned name.

Test plan:
PASS: Verify that vncserver_listen was changed to server_listen inside
      nova openstack manifest (system helm-override-show).

Story: 2009783
Task: 44273

Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I7bc9087bce8926595fd1f0dbc82d722fd26b45a0
2022-01-25 18:59:45 -03:00
Yue Tao
da84f84ecb openstack-helm: remove dl_hook
Add "dl_path" to download the source tarball.

Add "src_files" to copy local files to build directory.

Copy patches to deb_folder/patches, and remove the patching commands
from rules.

Remove dl_hook.

Test Plan:

Pass: successfully build openstack-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43801

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I5686cdab4869f5627422c8e7f99a0ce1bdeac9a7
2022-01-17 13:41:36 +08:00
Lucas Cavalcante
4e3157bf4c Fix nova-compute-ssh
On stx-openstack, we run the nova-compute containers as user 0 (root) to
get privileged access to some of the host resources. During the latest
upversion of openstack-helm, we got in some commits that were
incompatible with our usage of the root user since the keys for ssh
access to a different compute were always placed under the 'nova' user's
folder. This commit fixes that behavior while we don't merge a
definitive fix on openstack-helm and go through a new upversion.

Test Plan:

PASS - nova-compute-ssh starting correctly after change
the sshd->ssh parameter
PASS - migrate/resize vm

Closes-Bug: #1956229

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ic90e8e64670b8314b9a2f38b93a59361dcb7ecc9
2022-01-13 22:59:54 -03:00
Tracey Bogue
dec8d50061 Add Debian packaging for openstack app
Create Debian packages for openstack-helm,
openstack-helm-infra, python-k8sapp-openstack and
stx-openstack-helm packages.

Story: 2009101
Task: 43801

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: I24dcedf8e9181ab38c27c2e117b1487f0feb614c
2021-12-06 12:59:32 -06:00
Lucas Cavalcante
de4ac1007a Add tolerations to openstack services
Adds patches from openstack-helm and openstack-helm-infra that
enables openstack services, jobs, and friends (libvirt, memcached
mariadb, openvswitch, rabbitmq, ingress) to support taint toleration

Also adds tolerations for nova-api-proxy, stx-ks-user and
nova-ephemeral-pool

Taint toleration `node-role.kubernetes.io/master:NoSchedule` is also
enabled by default as seen in `manifest.yaml`

deleted:
  - file: 0014-Add-tolerations-to-rabbitmq-chart.patch
    reason: deprecated by 0017 (also was not working for rabbit jobs)
  - file: 0015-Add-tolerations-to-mariadb-chart.patch
    reason: deprecated by 0017 (also was not working for maria jobs)

Test Plan:

PASS: After controller node taint application is applied
PASS: If controller has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: Other taint is added to controller and after user overrides apply
succceeds

Notes:
 - Tested in AIO-SX (Both Virt. and Physical Machine)
 - Tested with taint node-role.kubernetes.io/master:NoSchedule
 - Tested with taint openstack-compute-node:NoSchedule
 - Apply fails -> pods pending untolarated taints

Story: 2009232
Task: 43345

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I6bd0d28cdc31f07d18b3cdfda3b0282a4d3117a4
2021-12-03 08:35:21 -03:00
Thiago Brito
0a50ff4f89 Retire Panko
With the openstack-helm upversion, we noticed that the Panko project was
retired [1][2]. Since this chart is currently disabled by default, we
didn't notice it, but we need to take action to remove the chart
references from stx-openstack.

[1] 160529ef90
[2] http://lists.openstack.org/pipermail/openstack-discuss/2021-May/022337.html

TEST PLAN

PASS Build and install stx-openstack with the change
PASS Verified no override namespaces were generated to Panko via `system
     helm-override-list` and `system helm-override-show wr-openstack
     panko openstack`
FAIL (expected) Tried to enable the Panko chart using `system
     helm-chart-attribute-modify --enabled true wr-openstack panko
     openstack
PASS Enabled aodh, ceilometer, gnocchi and re-appplied

Story: 2009161
Task: 44072
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2dc99a5d86933b36cc635124aca779e3bb20a7d0
2021-11-30 15:12:07 +00:00
rferraz
aa7bf02e6b PCI IRQ affinity mask metadata
This patch introduces the hw:pci_irq_affinity_mask metadata.

The metadata hw:pci_irq_affinity_mask specifies which CPU cores are
interrupted due to PCI IRQ requests. It can be set as a compute flavor
extra spec, as well as a compute image or volume metadata.

Test Plan                                                         Status
1. New metadata is added to the supported metadata list           PASSED
   on compute flavor, compute image and volume metadata
2. New metadata can be set to a value                             PASSED
   on compute flavor, compute image and/or volume metadata
3. New metadata can be changed value and/or deleted               PASSED
   on compute flavor, compute image and/or volume metadata
4. New metadata persists when re-applying OpenStack               PASSED

Regression
1. New metadata is added to the supported metadata list           PASSED
   on compute flavor, compute image and volume metadata
2. New metadata can be set a value, changed valued and deleted    PASSED
   on compute flavor, compute image and volume metadata

Story: 2009299
Task: 43861

Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I0f94e8cddcff744306a01ce275c697cb39f8c5e7
2021-11-26 03:41:45 -03:00
Arthur Luz de Avila
aedbb8aa0c Update openstack-helm commit
This commit is rebasing on upstream commit
7803000a545687ec40b0ddc41d46a6b377dea45f
and also remove some patches that were already
merged.
This change depends on the rebase of openstack-helm-infra made at
01f6571912

Patch 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
This patch was dropped because a feature that add this support was
implemented in 2020. It can be found on commit
af4e2aaadd

Patch 0007-Allow-more-generic-overrides-for-placeme.patch
Changes that this patch applies were already applied on commit
bdbea96326

Patch 0009-Disabling-helm3_hook.patch
Adding a helm3_hook in values.yaml file in case hooks needs
to be disabled

Patch 0011-Trust-public-ingress-certificate.patch
Removed in favor of using the openstack-helm implementation of tls
support. As we are dropping this patch we moved the changes to the
patch where the job is created. Commits can be found on
https://opendev.org/openstack/openstack-helm/commits/branch/master/search?q=feat%28tls%29

Patch 0012-Update-helm-tookit-dependencies-to-0.2.19.patch
Changes that this patch applies were already applied on commit
20b6b9a236

Due to changes implemented on 054affa290 (diff-9bd79f0fd832cb30fa4f4b6242b9059fbc0c81b30541b4243ff29cdf39bce621R63)
python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py
needed to be modified so the system overrides for the ceph client matches
the name of the internal ceph cluster we that StarlingX creates and the
deployment-cinder.yaml renders without issues.

We've change the endpoints on nova-api-proxy/templates/deployment.yaml
as in upstream openstack-helm deals with TLS internally, however in
starlingx there is a workaround that forces public endpoint for openstack
services. Although after some changes on openstack-helm that came with
this rebase and using cert-manager to generate all tls internal secrets
we dont need to do this anymore.

The volume mounts for dev-pts at
python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/nova.py
were removed since this problem was fixed upstream on 04d600c5b0

Story: 2009161
Task: 43150

Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0

Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0
2021-11-09 17:15:54 +00:00
Thiago Brito
01f6571912 Update openstack-helm-infra commit
This review updates openstack-helm-infra to commit
8351fdd0f1228717342c2accc96977b0cdc36dc3 and removes patches that were
merged on osh-i; fixes the remaining patches to the current diffs and do
minor adaptations to make osh-i work on StarlingX.

Story: 2009161
Task: 43151
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I36159b0264a79c3727b20e6ff1b7831183e47c3a
2021-10-07 10:06:05 -03:00
Lucas Cavalcante
4fa28660d3 Add support for trust public ingress
Adding a certificate and ca_certificate using:
`certificate-install -m {openstack | openstack_ca}` ends up breaking
openstack application. OS-STX forces public endpoint and when such
endpoint has TLS enabled everything breaks, therefore based on the
implementation of tls support for openstack-helm that enables tls
for the openstack services we picked the trust cert code without
actually enabling tls backends

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I2dfc7c12defcc948fcdc353251301980e65f3011
Closes-Bug: 1937260
2021-08-05 11:21:09 -03:00
Don Penney
0c30ffc410 Add auto-version for remaining stx/openstack-armada-app packages
Update remaining StarlingX packages with hardcoded TIS_PATCH_VER to
use PKG_GITREVCOUNT where possible, with offsets as needed to ensure
the version is incremented above the hardcoded version.

Story: 2008455
Task: 41455
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: Icdc9d71d1268a4d3dd9e569c8642717bceadda5e
2020-12-17 13:23:11 -05:00
Shuicheng Lin
ed82abff0f Create stx_admin account for flock service to communicate with openstack
admin account is used before, but if admin password is changed, flock
service cannot be notified and cannot get the new password, so flock
service like nfv-vim cannot fetch openstack vm info ever.
stx_admin account is created for this case.

Depends-On: https://review.opendev.org/753971
Closes-Bug: 1887755

Change-Id: I36f2442036bf6c98fbb0af727fddf1dd50e58330
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-12-01 12:55:22 +08:00
Elena Taivan
a643665af4 Change default pg_num values for ceph pools:
- cinder-volumes
    - cinder.backups
    - images
    - ephemeral

Pg_num values were increased to avoid ceph health warning
that occurs on larger systems due to the default
pg_num settings not being large enough.

Change-Id: I23feffe613c37b12dff51c73e7ced9a9c7663089
Closes-bug: 1899128
Signed-off-by: Elena Taivan <elena.taivan@windriver.com>
2020-10-13 06:10:47 +00:00
Angie Wang
c14bed0043 Update openstack requests to go through ingress
The requests to Openstack services hang/fail sometimes
due to message loss when connecting to internal service
endpoints. This issue was observed before and fixed in
commit https://review.opendev.org/#/c/683818/ by setting
net.ipv4.tcp_tw_reuse to 0, however, it's still being
seen on recent STX loads.

It has been tested and proved that requests go through
ingress pod do not have the issue. This commit updates
helm charts and manifest to make all requests sending
to openstack services go to ingress pod and then ingress
would forward requests to the corresponding api service.

Changes included:
- update helm-toolkit manifest job-ks-endpoint.yaml
  to provide an ability to conditionally configure
  all types of openstack endpoints with public endpoint
  url when endpoints.identity.force_public_endpoint is
  true. Same update for keystone and keystone-api-proxy.
  With the update, for example, the admin,internal
  and public endpoints for neutron will be
  neutron.openstack.svc.cluster.local:80
- update armada manifest to make neccessary overrides
  in openstack service configuration file to make
  communications between services go through ingress

Change-Id: Icd646dd07d544da420a75f920bd7c3e8fc931327
Closes-Bug: 1880777
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2020-09-03 13:49:33 -04:00
Zhipeng Liu
5b18dcc50e Upgrade openstack-helm
Upgrade openstack-helm to below version.
commit 34a7533b6484a157c8725889d0d68e792e13fc8d
Author: Andreas Jaeger <aj@suse.com>
Date:   Sat Apr 11 15:33:05 2020 +0200
Cleanup py27 support and docs

1) 2 patches removed as they are already merged
0006-Add-Placement-Chart.patch
0008-Check-return-value-of-get-subnets-before-iterate-for.patch
2) 1 patch added
0007-Allow-more-generic-overrides-for-placeme.patch
upstream patch: https://github.com/openstack/openstack-helm/commit/
                bdbea96326828f2655f6a9a4f580e01ef9db7c1a
Story: 2007474
Task:  39418

Depends-on: https://review.opendev.org/#/c/720135/
Change-Id: I4bfb9cd578a8fd6141eb008aa6622855d42a8979
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
2020-06-17 22:13:32 +08:00
Jim Gauld
c00ff664f1 Add support for Helm v3
This adds support for Helm v3.
- 'helm init' and initialization is no longer required
- 'chartmuseum' is used as a drop-in replacement for 'helm serv'
- all Charts require the tag: apiVersion: v1 (or v2)

This updates ingress chart to specify apiVersion.

Change-Id: Ie41cde4ad450b63a78a0a677995e9c28eefd9798
Story: 2007000
Task: 39327
Depends-On: https://review.opendev.org/719962
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
2020-06-11 16:51:41 -04:00
Mingyuan Qi
a4503a28ac Check return value of get subnets before iterate for ironic
With the update of openstack clients within heat image:
openstack client >= 4.0.0
neutron client >= 6.14.0
neturon lib >= 1.29.1

The command 'openstack network show ${network} -f value -c subnets'
returns '[]' instead of null string if no subnets found in the
specific network. This commit adds a check logic to avoid subsequent
command returns error by using '[]' as subnet input.

Change-Id: I695e504518e1c884c7d66ecc94c9fa8787ce9752
Closes-Bug: 1855319
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
2020-02-03 07:56:40 +00:00
Andy Ning
b7d7c7d63a Support ingress creation for keystone admin endpoint
This update patched openstack keystone helm chart to support ingress
creation for custom admin endpoint. It will be used in DC subcloud
deployment to expose keystone admin endpoint to System Controller.

The change has been submitted to upstream openstack-helm for review:
https://review.opendev.org/#/c/697525/

Change-Id: I5792f3f9031470ab97a4dea8f47eff244160f8ee
Story: 2006588
Task: 37747
Signed-off-by: Andy Ning <andy.ning@windriver.com>
2019-12-17 13:16:56 -05:00
zhipengl
64eab01514 Upgrade openstack-helm
Upgrade openstack-helm to below version.
commit 82c72367c85ca94270f702661c7b984899c1ae38
Date:   Sat Sep 14 06:40:03 2019 +0000
    Merge "Add a config item for novncproxy"

Basic deployment test on AIO/Duplex/Multi virtual setup pass
and VM creation pass.

Story:2006544
Task: 36623

Depends-on: https://review.opendev.org/#/c/683910
Change-Id: I691a9feef856d83d82709a428afabd01abdef2ea
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2019-11-12 19:03:16 +08:00
zhipengl
2e63d41e5c Add a network config item for novncproxy
In deployment-novncproxy.yaml, it set hostNetwork = true.
We want to let it use cluster network instead of hostNetwork.
This patch will add a config item, so that we can override it
to use cluster network. Then no need to enable 6080 port in
local network firewall for novncproxy access.

Upstream patch submitted as below.
https://review.opendev.org/#/c/679891

Below test pass!
Access to VM console through horizon works!

Closes-bug: 1827246

Change-Id: Icb0cfa39839e151d5869c64bc8f0151d0d9faf49
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2019-09-16 03:33:20 +00:00
Zuul
5bd1ec86b1 Merge "Change cinder bootstrap script" 2019-07-17 19:53:58 +00:00
Teresa Ho
a570937580 Change cinder bootstrap script
When https is enabled, the cinder helm chart would fail
to apply due to a failure in cinder bootstrap script.
The cinder client which uses the public endpoint to query
the volume types cannot resolve the dns name locally.
This commit changes the cinder template bootstrap script
to use the openstack client instead of the cinder client
to list volume types.

Upstream (openstack-helm) review:
https://review.opendev.org/#/c/671024/

Partial-Bug: 1826583

Change-Id: I63bf1d557c1dd4c93a0063cc9ec1624584079917
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
2019-07-16 09:22:41 -04:00
Teresa Ho
c89d718248 Fix secret tls for placement helm chart
When HTTPS is enabled, the public endpoint of placement service
is set with https and fqdn. The placement helm chart would fail
to apply.
This commit is to correct the syntax of the secret tls section
in the values.yaml and secret-ingress-tls.yaml.

Upstream (openstack-helm) review:
https://review.opendev.org/#/c/662229

Partial-Bug: 1826583

Change-Id: I64e7c1ff1972b0640145d18cafe2ea4e505db465
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
2019-07-12 14:18:27 -04:00
Angie Wang
e03692c512 Add TLS support for telemetry service public endpoints
This commit adds the capability for Aodh, Panko and Gnocchi
charts to support TLS on overriden fqdn for public endpoints.

Upstream(openstack-helm/openstack-helm-infra) reviews:
https://review.opendev.org/#/c/670121/
https://review.opendev.org/#/c/670123/

Change-Id: I3011a9f0f07c9cf1b30694c97f3c02db6cdef56e
Partial-Bug: 1826583
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2019-07-10 13:18:59 -04:00
Gerry Kopec
56a56693b5 Update nova chart to support service token
Add capability for nova to send service token.  Default to disabled.
Config setup is similar to keystone_authtoken.

Upstream openstack-helm review: https://review.opendev.org/#/c/667690

Story: 2003909
Task: 34311
Change-Id: I9f217a4c98298a861f2ade03a620895697e79122
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
2019-06-26 13:44:27 -04:00
Daniel Badea
875feb0307 Cinder support for multiple Ceph backends
Wrap code making the assumption there is only one Ceph backend
(using is_ceph_volume_configured) in a "range" and use ceph_backend_list
helper to iterate all available Ceph backends.

Move Ceph pool application name in values.yaml from
conf.software.rbd.rbd_pool_app_name* to conf.ceph.pools.*.app_name

Change-Id: Ib62407a876b8e679a15d6b9293b8e1e03e149788
Depends-On: I2d3e7d5440b55e0e9e3d053f645fc162736bbde6
Story: 2003909
Task: 30351
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
2019-06-20 13:02:28 +00:00
zhipengl
f608f08309 Add placement chart patch to openstack-helm
This commit adds helm charts of placement to openstack-helm
Related openstack-helm upstream change is
https://review.opendev.org/#/c/662229/

Below test pass on both AIO and multi setup
1) Openstack Application apply and reapply
2) VM creation and delete
3) Active controller switch and create vm after that

Story: 2005750
Task: 33418

Change-Id: I68ec2325af6b37393267d5898a49e75623728349
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2019-06-16 19:14:59 +08:00
Robert Church
ea876f584e Cinder chart updates for volume backup and image caching
Pull in the two upstream changes since the last chart rebase and cherry
pick the newly proposed changes for enabling Cinder volume backups.

The following changes will be dropped on the next chart rebase:
 - Adding a cinder internal tenant to support image-volume caching
 - Allow configuring the RBD application name for volumes and backups

Change-Id: I2d3e7d5440b55e0e9e3d053f645fc162736bbde6
Story: 2004520
Task: 33631
Signed-off-by: Robert Church <robert.church@windriver.com>
2019-06-13 15:43:18 -04:00
Martin, Chen
1deefb044e Fixed exceptions in nova pods
There are exceptions in nova pods looking like

ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
ERROR oslo_messaging.rpc.server   File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
ERROR oslo_messaging.rpc.server     res = self.dispatcher.dispatch(message)
ERROR oslo_messaging.rpc.server   File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
ERROR oslo_messaging.rpc.server     raise UnsupportedVersion(version, method=method)
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors

Merged fix from openstack-helm community

Change-Id: Ic1ce9fb30424beb78ed604d9ae340fe838815bb5
Closes-Bug: 1829793
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-06-04 14:45:47 +08:00
Mingyuan Qi
954210460e Ironic: Add pxe boot support for centos image
Current script does not consider centos distro as base image.
Different folder was checked to copy pxe files to tftpboot folder.

Story: 2004760
Task: 30280

Change-Id: I288d7e6bc0e3570f6a6bb7a9587e120ab4501736
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
2019-05-08 14:27:12 +08:00
Daniel Badea
5b4c8e5d38 openstack-helm remove Ceph Jewel support
Remove patches that were added on top of upstream to adapt helm to Ceph
Jewel.

Change-Id: I29a2154c662f1a223265e7710a5f7976bc922939
Depends-On: I4d05a05ad116e33ee7c24432219c176c8a0b8d61
Co-Authored-By: Robert Church <robert.church@windriver.com>
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
2019-04-23 06:48:45 +00:00
Robert Church
f32827ca61 openstack-helm chart rebase
Each patch included in this commit contains a commit message that
describes the required purpose of the patch.

Change-Id: Ied38e5cbedbe06fd0b6f27612aa0bddf60064dea
Depends-On: Ic788a2c86edfbceca1f1ff18dd0344472546c81b
Story: 2004520
Task: 29966
Signed-off-by: Robert Church <robert.church@windriver.com>
2019-04-09 12:26:30 -04:00
Scott Little
9736550f9b Defuzz openstack-helm patch
Fuzzy openstack-helm patches are causing intermittent
build failures when .orig files are found by the linter.

==> Linting neutron
[ERROR] templates/daemonset-lb-agent.yaml.orig: file extension '.orig'
not valid. Valid extensions are .yaml, .yml, .tpl, or .txt
[ERROR] templates/daemonset-ovs-agent.yaml.orig: file extension '.orig'
not valid. Valid extensions are .yaml, .yml, .tpl, or .txt
BUILDSTDERR: Error: 1 chart(s) linted, 1 chart(s) failed
BUILDSTDERR: make[1]: *** [lint-neutron] Error 1
make[1]: Leaving directory `/builddir/build/BUILD/openstack-helm'
BUILDSTDERR: make: *** [neutron] Error 2
BUILDSTDERR: error: Bad exit status from /var/tmp/rpm-tmp.Sd6TYe
(%build)
BUILDSTDERR:     Bad exit status from /var/tmp/rpm-tmp.Sd6TYe (%build)
RPM build errors:

This update attacks the problem in two ways.
1) Defuzz the patches
2) Add patch options to avoid creation of .orig and .rej files
   in a location that will be linted.

Change-Id: Ifc42988984fab5225bc041704c5631ac6cd8043d
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-03-22 11:45:07 -04:00
chengli3
c5db307937 'up' interfaces added via ovs auto_bridge_add
We should up the interfaces added to ovs bridges, otherwise packets can
not go through the nic interfaces.

Story: 2004649
Task: 29999

Change-Id: Ib1b8577edc7f0d15e1f20479da7740eba127935b
Signed-off-by: chengli3 <cheng1.li@intel.com>
2019-03-15 15:02:43 +08:00
Irina Mihai
391b7019f6 Nova chart: Add ephemeral pool creation
Add new job to create the required ephemeral pool(s).

Tests performed:
- application apply
- launch of instance without ephemeral storage
- launch of instance with remote ephemeral storage
- cold migration of instance with remote ephemeral storage

Change-Id: Iac31bb5ae2dc32913addc8ab9b5182391515c0ea
Story: 2005074
Task: 29648
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
Depends-on: I9850663fc86c62ed759714f1297cfdaa8183183f
2019-03-11 15:59:03 +02:00
chengli3
9587d6c2d2 Support per-host overrides of auto_bridge_add
Support per-host overrides of auto_bridge_add, so we can set different
nic for ovs bridges.
This feature is already merged into openstack-helm. As we don't use
latest version of openstack-helm, so make this as a patch in
stx-upstream.

Change-Id: Ida085e8475ade6787aaaee77148d669248dd66c6
Story: 2004649
Task: 29867
Signed-off-by: chengli3 <cheng1.li@intel.com>
2019-03-08 09:49:45 +08:00
Gerry Kopec
3667add296 Update nova helm chart to fix console addressing
Upstream nova helm chart attempts to figure out the address for VM
consoles by running an init container that checks for ip routes and
addresses on a compute host.  It then sets the appropriate nova config
options in a config file which it passes to nova-compute.  However this
effectively overwrites the same config option that stx has already
set in nova.conf via per host overrides causing us to communicate over
the wrong network or not to connect at all.

This fix introduces an option to enable/disable passing of this
additional config file to nova-compute.  Default upstream behaviour is
unchanged, but we will disable it in our overrides.

Partial-Bug: #1815490
Change-Id: I86eb80578b23fd89b7f9643b943ee759f26a15be
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
2019-02-15 19:34:40 -05:00
Scott Little
0b1c854442 Merge remote-tracking branch starlingx/master into HEAD
Change-Id: I8d92254d50994cf68f477c287d15a8342c548db2
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-02-11 14:42:27 -05:00
Irina Mihai
5035a2dced Glance chart: add images pool replication
- pass new pool replication parameter to the storage init script
- set images pool replication in the storage init script

Change-Id: If0ecaeb12afd78caacdbb9b85cda8d6cfda00dea
Story: 2004520
Task: 29324
Depends-on: I120e196ec3acca1f57b717cc4548c7c549fac738
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
2019-02-06 20:04:08 +00:00
Scott Little
46e9086d1e Merge remote-tracking branch 'starlingx/master' into HEAD
Change-Id: Iaf611b4be300467ed0c3bee5ba1af4a06bb98230
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-01-23 16:10:26 -05:00
Robert Church
39d788578a Stein: Update neutron's daemonset-ovs-agent.yaml
neutron-sanity-check command triggers privsep code and produces the
following:

WARNING oslo.privsep.daemon [-] privsep log:
oslo_log.log.LogConfigError: Error loading logging config
/etc/neutron/logging.conf: [Errno 2] No such file or directory:
'/etc/neutron/logging.conf'

This will add log_config_append to neutron-etc and allow ovs-agent to
successfully deploy

Change-Id: I82dd56dc686e2efbd10921b248497955c37279f1
Story: 2004751
Task: 28894
Signed-off-by: Robert Church <robert.church@windriver.com>
2019-01-23 13:59:38 -05:00