65 Commits

Author SHA1 Message Date
Zuul
a5420b6d5d Merge "Fixing cloudformation overrides" 2022-03-28 22:49:31 +00:00
Thiago Brito
02e769a833 Fixing cloudformation overrides
The cloudformation secrets overrides were misplaced inside the
orchestration key.

Reference:
https://github.com/openstack/openstack-helm/blob/master/heat/values.yaml#L803

Story: 2009891
Task: 44673

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I05126f1f47dd9152cb2b2102018c50f5640c31ce
2022-03-21 11:06:29 -03:00
Maik Catrinque
65abd8df6a Evaluate lifecycle reapply for https configuration
Ensure that https configuration overrides are only applied when
https_enabled=True and openstack certificates are installed.

Test plan:

PASS: Host-unlock on system with https_enabled=False and
no certificates triggers a reapply.
PASS: Setting https_enabled=True doesn't trigger reapply
if there are no certificates installed.
PASS: Host-unlock on system with https_enabled=True and
no certificates doesn't trigger a reapply.
PASS: Setting https_enabled=False triggers reapply independent
of certificates installed.
PASS: Setting https_enabled=True triggers reapply if
certificates are installed.

Regression:
PASS: OpenStack can be built successfully
PASS: OpenStack can be applied successfully

Signed-off-by: Maik Catrinque
<maik.wandercatrinqueandrade@windriver.com>
Co-authored-by: Rafael Falcão <Rafael.VieiraFalcao@windriver.com>
Change-Id: I0768cb9c062a3e98c4fdadfc70940582cbeb65d3
2022-03-18 18:11:52 -03:00
Thiago Brito
ff526496d1 Auto-configure https through system overrides
This commit gives the application plugins the ability to generate the
TLS overrides so users doesn't have to enable the certificates using
helm overrides.

I also included some overrides/tests in this patch for the telemetry
charts, although they still miss the base functionality to enable tls
on openstack-helm/-infra. This is meant to be used as basis in a
future work to enable those charts on stx-openstack properly.

TEST PLAN
PASS Installed stx-openstack without any https overrides or params
PASS Added certificates, apps remained http
PASS Modified system's https_enabled parameter, app was reapplied
     with https enabled
PASS Set https_enabled=False, app was reapplied without https
PASS Reenabled https, app was reapplied with https
PASS Remove, delete, re-upload and reapply app with certs and https
     already enabled on the platform
PASS Created heat stacks with https enabled

Story: 2009891
Task: 44673
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I7fed324c2d2f702cc386864aa61664a8807f9b72
2022-03-14 19:30:55 -03:00
Zuul
e1735fe05a Merge "Add method to check if OpenStack is HTTPS ready" 2022-03-01 00:13:28 +00:00
Zuul
a6f16c975d Merge "Add py27 and py36 tox jobs to Zuul" 2022-03-01 00:10:24 +00:00
Gustavo Santos
cbd4ac8f4c Add method to check if OpenStack is HTTPS ready
This change adds a _is_openstack_https_ready function to the
openstack.py plugin. It verifies if the platform has https_enabled set
to true and checks if three certificates are present: openstack,
openstack_ca and ssl_ca. If both conditions are met, it returns True.

Test Plan
PASS: Build OpenStack and verify that the generated tarball contains the
added code.
PASS: Apply the built tarball.

Signed-off-by: Gustavo Santos <gustavofaganello.santos@windriver.com>
Change-Id: I28e4bdb0785ae453830a426a731f14a0b80a0d47
2022-02-25 13:48:22 -03:00
Gustavo Santos
298fc4ae6a Add py27 and py36 tox jobs to Zuul
This change adds the k8sapp-openstack-tox-py27 and
k8sapp-openstack-tox-py36 jobs to Zuul, also adding them to the check
and gate jobs.

That way, both CentOS (py27, py36) and Debian (py39) environments will
be included in the tests ran by Zuul.

Signed-off-by: Gustavo Santos <gustavofaganello.santos@windriver.com>
Change-Id: I0ed931e24db85d668ee26210324c895f3d0ad65e
2022-02-23 12:58:51 -03:00
Thales Elero Cervi
592db6b301 Removing pci-irq-affinity lifecycle hooks
This code is being removed as part of an effort to move the
pci-irq-affinity-agent into a openstack application container, instead
of a platform service.

Since now the service will no longer run on the platform but on a
container instead, there is no need to update the platform service
config file after the application apply and remove actions.

TEST PLAN:
PASS: Successfully build the stx-openstack application
PASS: Successfully apply the stx-openstack application

Story: 2009299
Task: 44569

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: Ic711a2e9d7c32e6e217de936b5b1c141f85e1128
2022-02-22 17:58:13 -03:00
Iago Estrela
ccca420496 Modify VNC server global bind address to the host cluster IP
VNC server is bound on all interfaces, this can be a security risk.
This change configure VNC to listen on the host cluster address. We
cannot use the loopback address because the VNC server proxy runs
on controllers while the VNC server runs on hypervisors.

Test plan:
PASS: Verify that vncserver_listen was changed to server_listen inside
      nova openstack manifest (system helm-override-show)
PASS: Verify that nova-vnc.ini inside nova pod was overwritten with
         server_listen=cluster_host_ip
PASS: Test live and cold migration with VNC Server binding to host
         cluster ip verify that VM VNC console still works after
         migrate.

Story: 2009783
Task: 44274

Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I0d60cfc7ade945734b8cd33dca800090a5d34b1f
2022-01-25 19:00:17 -03:00
Iago Estrela
1623a2bc72 Rename VNC deprecated opts
vncserver_listen and vncserver_proxyclient_address were deprecated,
this change aims to replace them with the versioned name.

Test plan:
PASS: Verify that vncserver_listen was changed to server_listen inside
      nova openstack manifest (system helm-override-show).

Story: 2009783
Task: 44273

Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I7bc9087bce8926595fd1f0dbc82d722fd26b45a0
2022-01-25 18:59:45 -03:00
Lucas Cavalcante
4e3157bf4c Fix nova-compute-ssh
On stx-openstack, we run the nova-compute containers as user 0 (root) to
get privileged access to some of the host resources. During the latest
upversion of openstack-helm, we got in some commits that were
incompatible with our usage of the root user since the keys for ssh
access to a different compute were always placed under the 'nova' user's
folder. This commit fixes that behavior while we don't merge a
definitive fix on openstack-helm and go through a new upversion.

Test Plan:

PASS - nova-compute-ssh starting correctly after change
the sshd->ssh parameter
PASS - migrate/resize vm

Closes-Bug: #1956229

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ic90e8e64670b8314b9a2f38b93a59361dcb7ecc9
2022-01-13 22:59:54 -03:00
Thiago Brito
173b33d3e5 Refactoring helm plugins class hierarchy
This change will help remove some replicated code across the helm plugin
classes and reduce the amount of code under maintenance.

REGRESSION PLAN
PASS install and remove stx-openstack on StarlingX master

TEST PLAN
PASS create network segment ranges
PASS create networks/subnets
PASS create routers
PASS create images
PASS boot vm with cirros image
PASS remove vm
PASS delete images
PASS delete routers
PASS delete networks/subnets
PASS delete network segment ranges

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I8927e8bd897628fb3bd7eef3df1d5c58805f6fb9
2021-12-14 19:23:19 +00:00
Tracey Bogue
dec8d50061 Add Debian packaging for openstack app
Create Debian packages for openstack-helm,
openstack-helm-infra, python-k8sapp-openstack and
stx-openstack-helm packages.

Story: 2009101
Task: 43801

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: I24dcedf8e9181ab38c27c2e117b1487f0feb614c
2021-12-06 12:59:32 -06:00
Thiago Brito
0a50ff4f89 Retire Panko
With the openstack-helm upversion, we noticed that the Panko project was
retired [1][2]. Since this chart is currently disabled by default, we
didn't notice it, but we need to take action to remove the chart
references from stx-openstack.

[1] 160529ef90
[2] http://lists.openstack.org/pipermail/openstack-discuss/2021-May/022337.html

TEST PLAN

PASS Build and install stx-openstack with the change
PASS Verified no override namespaces were generated to Panko via `system
     helm-override-list` and `system helm-override-show wr-openstack
     panko openstack`
FAIL (expected) Tried to enable the Panko chart using `system
     helm-chart-attribute-modify --enabled true wr-openstack panko
     openstack
PASS Enabled aodh, ceilometer, gnocchi and re-appplied

Story: 2009161
Task: 44072
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2dc99a5d86933b36cc635124aca779e3bb20a7d0
2021-11-30 15:12:07 +00:00
Thiago Brito
147f1cfb7f Using general naming for app openstack
To make a downstream release of stx-openstack, we often have to also
rename all the app's helm and puppet plugins namespace and also change
code on sysinv. This change decouples the name of the openstack
application from its plugins in order to ease downstream development
and release.

Tests report: https://paste.opendev.org/show/810225/

Story: 2009669
Task: 43900

Depends-On: https://review.opendev.org/c/starlingx/config/+/814670
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2bce2416c613bde374a86854c746ba4ded52a842
2021-11-24 14:04:02 +00:00
Heitor Matsui
2755a00457 Get admin password and use it on config template
The pci-irq-affinity-agent uses the platform keyring file to
fetch the admin password to communicate with OpenStack services,
but now that the agent is raised during the application apply it
can use the same approach the other helm charts use to get the
credentials, using it's plugin to capture the information and
generate the system overrides with the values.

This commit:
- Changes the plugin to get the credentials
- Changes the pci-irq-affinity-agent helm chart to include the
password on the chart values and use it on the agent config file
template
- Adds an init container with dependencies on libvirt and nova
compute pods, so that the agent pod is only create when those
are available
- Removes the keyring mount on the container, which will not be
needed anymore with the previous changes and is causing failure
when raising the pod
- Removes additional keyring tools

Depends-On: https://review.opendev.org/c/starlingx/utilities/+/818620
Closes-Bug: 1951245
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I26f993146b8a17b7602a45f0cd5d983c1d93b0c1
2021-11-20 13:27:36 -03:00
Zuul
bf60464454 Merge "Decouple pci-irq-affinity-agent service" 2021-11-16 14:44:25 +00:00
Delfino Curado
c28605b14f Fix ceph pool creation during stx-openstack apply
Previously the helm overrides for nova, cinder and glance respectively
defined 512, 256 and 256 as the PG_NUM for their Ceph pools. Until
Mimic, ceph would just issue a warning message if this number was
bigger than the number OSD * 100, now Nautilus returns an error message
and asks for expected_num_objects parameter or --yes-i-really-mean-it.
Neither of these options is supported by openstack-helm.

The pool creation is adjusted to take into account the number of OSDs
available to choose the PG_NUM.
The steps are:
Number of OSD times 100 minus 1;
Get the nearest power of two numbers below this result;
Limit PG_NUM to the previous defaults, as they are already high
numbers.
This logic roughly results in the same values described here:
https://docs.ceph.com/en/nautilus/rados/operations/placement-groups/#a-preselection-of-pg-num

This was done to solve an error message which demands a
expected_num_objects when PG_NUM is considered too high by ceph.

Test plan:
StarlingX builds successfully
stx-openstack is built successfully
stx-openstack is applied successfully and ceph pools are created
accordingly
It is possible to override PG_NUM on ceph pools by changing chunk_size
value through helm overrides

Closes-Bug: #1949360
Depends-On: I222bee29bcaa09a95a3706c72dd21b8ed3efbe60
Signed-off-by: Delfino Curado <delfinogomes.curadofilho@windriver.com>
Change-Id: Ia1416e64afcdf91b86afdf750bf5b3a1727db985
2021-11-12 10:26:33 -05:00
Heitor Matsui
7f9029b21f Decouple pci-irq-affinity-agent service
This change is part of an initiative to decouple the pci-irq-affinity
agent process from the platform by converting it into a resource to
be deployed along with stx-openstack application.

Depends-on: https://review.opendev.org/c/starlingx/utilities/+/814031
Story: 2009299
Task: 43656

Change-Id: Iefc1106e01cbfc874119e16b610e48a629771db1
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2021-11-10 15:41:58 -03:00
Arthur Luz de Avila
aedbb8aa0c Update openstack-helm commit
This commit is rebasing on upstream commit
7803000a545687ec40b0ddc41d46a6b377dea45f
and also remove some patches that were already
merged.
This change depends on the rebase of openstack-helm-infra made at
01f6571912

Patch 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
This patch was dropped because a feature that add this support was
implemented in 2020. It can be found on commit
af4e2aaadd

Patch 0007-Allow-more-generic-overrides-for-placeme.patch
Changes that this patch applies were already applied on commit
bdbea96326

Patch 0009-Disabling-helm3_hook.patch
Adding a helm3_hook in values.yaml file in case hooks needs
to be disabled

Patch 0011-Trust-public-ingress-certificate.patch
Removed in favor of using the openstack-helm implementation of tls
support. As we are dropping this patch we moved the changes to the
patch where the job is created. Commits can be found on
https://opendev.org/openstack/openstack-helm/commits/branch/master/search?q=feat%28tls%29

Patch 0012-Update-helm-tookit-dependencies-to-0.2.19.patch
Changes that this patch applies were already applied on commit
20b6b9a236

Due to changes implemented on 054affa290 (diff-9bd79f0fd832cb30fa4f4b6242b9059fbc0c81b30541b4243ff29cdf39bce621R63)
python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py
needed to be modified so the system overrides for the ceph client matches
the name of the internal ceph cluster we that StarlingX creates and the
deployment-cinder.yaml renders without issues.

We've change the endpoints on nova-api-proxy/templates/deployment.yaml
as in upstream openstack-helm deals with TLS internally, however in
starlingx there is a workaround that forces public endpoint for openstack
services. Although after some changes on openstack-helm that came with
this rebase and using cert-manager to generate all tls internal secrets
we dont need to do this anymore.

The volume mounts for dev-pts at
python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/nova.py
were removed since this problem was fixed upstream on 04d600c5b0

Story: 2009161
Task: 43150

Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0

Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0
2021-11-09 17:15:54 +00:00
Zuul
15a60658bc Merge "Fix unit tests" 2021-09-29 20:54:35 +00:00
Charles Short
b20ec93944 Fix unit tests
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.

Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046
Depends-On: https://review.opendev.org/c/starlingx/openstack-armada-app/+/809276

Story: 2009101
Task: 43091

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I957b905111d2710a3fda228f1659165dbb36a9ac
2021-09-28 17:19:17 -04:00
Bernardo Decco
9b7979d5d1 Re-enable important py3k checks for openstack-armada-app
Re-enabling some of the disabled tox warnings present on
the pylint.rc file
Re-enabling:
W1646: invalid-str-codec

Story: 2006796
Task: 43329
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: I2fdb91154510e839cab4804a5ef223f2cdd58cec
2021-09-28 19:57:01 +00:00
Bernardo Decco
a7f3a058fe Add pylint py3 portability checks for the openstack-armada-app repo
A lot of work has gone into making sure that StarlingX is python3
compatible. To ensure future compatibility, enable the python3
portability checks. Disable the checks that are raising errors.
Another set of commits will address the offending code.

Add following suppress warnings in pylint.rc:
- W1618: no-absolute-import
- W1646: invalid-str-codec

Depends-On: https://review.opendev.org/c/starlingx/openstack-armada-app/+/808768
Story: 2006796
Task: 43190
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: Ib46f8a67042c40823ef870773cf7159763738e06
2021-09-13 15:22:34 -03:00
Fabricio Henrique Ramos
f0e8b89acf Remove unused import
Remove unused import so the code complies with pylint and works with
zuul gates

Story: 2006796
Task: 43190
Signed-off-by: Fabricio Henrique Ramos <fabriciohenrique.ramos@windriver.com>
Change-Id: I1f8e80777340020c0f1671df46e098c500913045
2021-09-13 15:17:53 -03:00
Charles Short
79fdbd4dde Add python3.9 support
Add python3.9 support, tested locally by running tox.

Story: 2071901
Task: 43189

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I18071e9fd8d57636ec3637465ef90a7380fb5371
2021-09-09 11:27:54 -04:00
Lucas Cavalcante
31c4390122 Fix nova plugin fqdn override
Setting custom domain for ingress endpoints breaks apply.
osh-nova and osh-nova-api-proxy are trying to use the same domain,
both starting with 'nova'. This causes a kubernetes error.

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Closes-bug: 1938342
Change-Id: Ic284b83425917102a652330f8349aed38731f9df
2021-07-28 18:30:14 -03:00
Angie Wang
eec60f8b48 Add lifecycle semantic check for auto update
Stx-openstack app is not a RPM installed app which
doesn't support auto-update.

Change-Id: Iec0233910c9e7725c12767138e25b3bd314f82b0
Story: 2007960
Task: 42833
Depends-On: https://review.opendev.org/c/starlingx/config/+/800821/
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2021-07-16 13:20:10 -04:00
Yvonne Ding
4379649008 Disallow application-apply when vim_progress_status is not enabled
This fix is specific for AIO-SX because when node is unlocked/enabled/
available the vim_progress_status could still be services-disabled.
The status need a few more seconds to become services-enabled.

Add a pre-check in openstack-armada-app/lifecycle_openstack.py to check
AIO-SX node stable state before perform_app_apply. It prevents
stx-openstack apply being triggered manually during initialization
stage after node unlock.

Closes-bug: 1929775
Signed-off-by: Yvonne Ding <yvonne.ding@windriver.com>
Change-Id: I563f77f617a68092b59f6cb38f5fb436a7933498
2021-06-08 09:26:21 -04:00
Thiago Brito
963e63cd55 Fix cpu_shared/dedicated_set config location
Change I61514389b616db754b0d2f35deb0101f90dbdd02 removed the deprecated
property vcpu_pin_set in favor of the newer cpu_shared_set and
cpu_dedicated_set, but those new configs are placed under the [compute]
section of nova.conf instead of [DEFAULT]. This is causing VMs to be
scheduled on platform reserved cores. This commit will fix it.

Closes-Bug: #1928683

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I541760619f4c79c66a2bf22715afdc873b8343ce
2021-05-17 18:26:12 +00:00
Zuul
38470c8045 Merge "Update cpu_shared_set and cpu_dedicated_set in nova config" 2021-04-09 14:40:07 +00:00
Gustavo Santos
58f4d9ffca Add k8s proxy-body-size to horizon overrides
The current network.dashboard.ingress.annotations in horizon's
values.yaml helm charts do not include the kubernetes property
'proxy-body-size'. This makes the resulting nginx.conf file in ingress
add the default rule 'max_body_size 1m' to the horizon servers,
which limits all http requests' size inside horizon to 1MiB, making it
impossible to upload images larger than that to glance using the
horizon GUI, for example.

This change adds said property to the horizon overrides, making
horizon's servers in nginx.conf include a 'max_body_size' of 2500MiB,
which makes uploading images up to that size possible again.

Story: 2008692
Task: 41996
Change-Id: I91888ce238d5304c08eb1e97918989b8f93ee34f
2021-03-08 14:56:55 -03:00
Dan Voiculeasa
b5c1f62088 Introduce metadata for app behavior control
Keep existing behavior when evaluating app reapplies.

Story: 2007960
Task: 41755
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ie02743cdf056dda3feb66911c74f9dabe69d98dd
2021-02-25 10:34:57 +02:00
Martin, Chen
eab750b7ff Add override setting in openstack helm plugin for rook-ceph
Deploy with rook-ceph, without "system storage-backend-add ceph"
there is no object storage-ceph in database. As current openstack
helm plugin fixed on object storage-ceph, in rook-ceph case
use a fixed override setting

Story: 2005527
Task: 39914

Depends-On: https://review.opendev.org/#/c/713084/

Change-Id: Ied852d60e8b15d55865747e0b6f4b54f2392d6df
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2021-01-27 14:29:20 +00:00
Zuul
591f5aa40d Merge "Fix apply of stx-openstack when host is locked" 2021-01-22 23:00:35 +00:00
Dan Voiculeasa
852d8d61db Introduce lifecycle operator to openstack app
A big chunk of logic is moved from sysinv conductor to application
itself.

Following hooks were necessary:
pre-apply, post-apply, pre-manifest-apply, pre-apply-rbd,
pre-apply-resource, post-remove-rbd, post-remove-resource, post-remove

Change-Id: I41858c831a4af564dbdf38934d51d34489bf8a9a
Story: 2007960
Task: 41293
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
2021-01-13 22:39:07 +02:00
Zuul
1320520db1 Merge "Increase proxy-connect-timeout to avoid nginx timeout errors" 2021-01-08 16:05:51 +00:00
hbrito
b64b020446 Increase proxy-connect-timeout to avoid nginx timeout errors
This patch increases the proxy-connect-timeout from 5 to 30 seconds,
avoiding the Bad Gateway 502 error when CLI commands are executed.

Closes-bug: 1908720
Change-Id: I557456e9d0550a906b6d849d682de7ea3f0f42ad
Signed-off-by: hbrito <hugo.brito@windriver.com>
2021-01-07 20:00:51 +00:00
Don Penney
ca527c2276 Remove empty package from python-k8sapp-openstack
Packages defined in a spec with no files do not result in an RPM
produced by the build. On a rebuild, the build tools scan the spec and
sees the package defined but does not find a corresponding RPM, and so
flags the package for a rebuild as a result.

This commit removes the empty package definition from the spec.

Partial-Bug: 1910439
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: Ie1f18b1592f8187900624d993434ba04b23cbcff
2021-01-06 14:35:03 -05:00
Zhipeng Liu
cb9854c701 Update cpu_shared_set and cpu_dedicated_set in nova config
Starting from Ussuri, OpenStack is deprecating vcpu_pin_set
in favor of cpu_dedicated_set and cpu_shared_set. These
overriders must be supported to be generated via Starlingx
system commands.

Closes-Bug: 1904729
Change-Id: I61514389b616db754b0d2f35deb0101f90dbdd02
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
2021-01-05 14:18:35 +00:00
Shuicheng Lin
ed82abff0f Create stx_admin account for flock service to communicate with openstack
admin account is used before, but if admin password is changed, flock
service cannot be notified and cannot get the new password, so flock
service like nfv-vim cannot fetch openstack vm info ever.
stx_admin account is created for this case.

Depends-On: https://review.opendev.org/753971
Closes-Bug: 1887755

Change-Id: I36f2442036bf6c98fbb0af727fddf1dd50e58330
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-12-01 12:55:22 +08:00
Zuul
8bd9842dfd Merge "Remove kube-system-ingress from openstack operator" 2020-11-05 15:41:28 +00:00
Shuicheng Lin
e972af2ec6 Correct CEPH_POOL_BACKUP_PG_NUM name to fix python module error
The correct name should be CEPH_POOL_BACKUP_CHUNK_SIZE.

Closes-Bug: 1900710

Change-Id: Ie3aa2c6009cc626c2224ea464e8bea8c719316a3
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-10-21 09:28:37 +08:00
Mihnea Saracin
5fee64eca7 Remove kube-system-ingress from openstack operator
When we apply stx-openstack with the 'mode' argument
like `system application apply restore_db`, only
some of the openstack charts must be deployed.
If kube-system-ingress chart groups is specified,
it won't be found in the armada manifest and the
openstack application will always be deployed
in the default way (deploying all the charts),
ignoring the value of the 'mode' argument.

Depends-on: https://review.opendev.org/#/c/698003/
Change-Id: I6791974e337cd3193bf2a75e9d75f48841f0676d
Story: 2006770
Task: 37780
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
2020-10-13 17:36:44 +03:00
Elena Taivan
a643665af4 Change default pg_num values for ceph pools:
- cinder-volumes
    - cinder.backups
    - images
    - ephemeral

Pg_num values were increased to avoid ceph health warning
that occurs on larger systems due to the default
pg_num settings not being large enough.

Change-Id: I23feffe613c37b12dff51c73e7ced9a9c7663089
Closes-bug: 1899128
Signed-off-by: Elena Taivan <elena.taivan@windriver.com>
2020-10-13 06:10:47 +00:00
Mihnea Saracin
fc68439414 Fix apply of stx-openstack when host is locked
Currently, all of the stx-openstack services have the
replica count set to the number of the controllers.
If one of the controllers is locked their replicas
number will still be 2 which is incorrect.
We solve this by changing the number of replicas
to be equal to the number of the active controllers.
The rabbitmq and mariadb services cannot use this approach because
they are unable to work properly if their replica number
is decreased from 2 to 1. So a kubernetes toleration
is used here to allow the rabbitmq and mariadb pods to be
deployed on the locked controller.

Change-Id: I15cf2a3f62525751435ddbe66760935f3ab21d2b
Closes-Bug: 1879018
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
2020-09-11 18:46:52 +03:00
Mihnea Saracin
d73c7c494d Revert "Fix apply of stx-openstack when host is locked"
The commit that we are reverting broke the normal lock/unlock
case when stx-openstack is applied. More specifically,
the mariadb pod failed to start when stx-openstack
was applied automatically after unlock.

This reverts commit 754a1d33de7e16b454052190a2496f1a1d59c707.

Change-Id: I0f1e5854d22ed54747d0237153ada3985f29ef96
2020-08-25 11:35:18 +03:00
Zuul
cc42f7cf54 Merge "Update mariadb-server suspect_timeout to default value to align with garbd's suspect_timeout" 2020-08-19 13:57:28 +00:00
Zuul
d50204f174 Merge "Remove subcloud openstack overrides" 2020-08-16 18:41:30 +00:00