This creates a new package spec called python-k8sapp-openstack that will
hold all the stevedore plugins needed to support the application. This
spec will build two packages python-k8sapp-openstack and
python-k8sapp-openstack-wheels.
These packages are included in the build dependencies for the
stx-openstack-helm application package build where the wheels file is
included in the application tarball.
The helm and armada plugins have been relocated to this repo and
provided in a k8sapp_openstack python module. This module will be
extracted from the wheels and installed on the platform via the sysinv
application framework. The module will be made available when the
application is enabled.
Change-Id: I342308fbff23d29bfdf64a07dbded4bae01b79fd
Depends-On: https://review.opendev.org/#/c/688191/
Story: 2006537
Task: 36978
Signed-off-by: Robert Church <robert.church@windriver.com>
Since nginx-ingress-controller app was removed for external facing
ingress (https://review.opendev.org/#/c/724385/), updating the app
version to mark the change.
Story: 2007360
Task: 39596
Change-Id: Ied28669dd10fc19549812848f4aa28b147fb6245
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
nginx ingress controller is now deployed as a standalone app
(nginx-ingres-controller-armada-app). This commit removes the external
facing ingress controller in stx-openstack.
Story: 2007360
Task: 39596
Tested by checking external REST APIs are served as expected.
Change-Id: I28c56de4b2c4c31b1e0188f47973ba9851430a39
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
Currently dcdbsync instance for openstack is listening on port 8220.
With the admin endpoint of dcdbsync instance for platform has https
enabled and uses port 8220, the port of dcdbsync instance for
openstack is updated to use 8229.
Change-Id: I37edfe3b5813386b087f13997f4ce312a4766f70
Story: 2007347
Task: 39408
Depends-On: https://review.opendev.org/#/c/720009/
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Need to set bind_host to :: instead of "0.0.0.0" and host listen
ip to ::
Otherwise it will only bind to port to ipv4 address.
Partial-Bug: 1859641
Test pass on both ipv4 and ipv6 simplex setup
Depends-on: https://review.opendev.org/714898
Change-Id: I51bd1a65d7728c74f6c69b87e57e3fc42e8adc15
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
Adding probes parameters for armada overriding them in duplex AIO and
multi-node deployment. Specifically, there are 2 mariadb-servers in
the DB cluster for OpenStack services at duplex or multi-node cases.
These 2 mariadb-server pods are placed on Controller-0 and Controller-1
respectively (manipulated by anti-affinity). Whenever one Controller is
rebooted on purpose or even worse accidiently shutdown for any reasons
mariadb-server pod on that controller is gone together. To keep mariadb
cluster still working even with only one instance, we have to adjust
the default probe behaviors. Upon this request, we have to export probe
parameters for "startupProbe" and "readinessProbe" so that StarlingX
Armada application could set these parameters accordingly and thereby
mariadb server can still work as expected with even only one pod in the
cases of Controller node rebooting or shutdown.
Closes-bug: 1855474
Change-Id: I3a8a99edd44d7ac4257ddf79b6baba5c52714324
Signed-off-by: Hu, Yong <yong.hu@intel.com>
Co-Authored-By: Zhipeng, Liu <zhipengs.liu@intel.com>
When we use Armada to deploy openstack service for ipv6, rabbitmq
pod could not start listen on [::]:5672 and [::]:15672.
For ipv6, we need an override for configuration file.
Upstream patch link is:
https://review.opendev.org/#/c/714027/
Partial-Bug: 1859641
Depends-on: https://review.opendev.org/#/c/714034/
Change-Id: I34e92afe291c4b7f31f53f1b974ad5fdc47b9560
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
In nginx.tmpl, it not enclose ipv6 addresses in square brackets
resulting in them being unable to be parsed, which cause mariadb
ingress pod could not be ready.
Tested it on both ipv4 and ipv6 simplex setup, it fixes mariadb
ingress not ready issue.
Upstream patch submitted as below
https://review.opendev.org/#/c/710413/
Partial-Bug: 1859641
Change-Id: Ic7726eea671bbedf4f37fbe31965bc8fffd2e8cd
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
With the update of openstack clients within heat image:
openstack client >= 4.0.0
neutron client >= 6.14.0
neturon lib >= 1.29.1
The command 'openstack network show ${network} -f value -c subnets'
returns '[]' instead of null string if no subnets found in the
specific network. This commit adds a check logic to avoid subsequent
command returns error by using '[]' as subnet input.
Change-Id: I695e504518e1c884c7d66ecc94c9fa8787ce9752
Closes-Bug: 1855319
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
Current config "concurrent_disk_operations" is not used anymore.
Change it to "max_concurrent_disk_ops" as related patch already
merged since stein.
https://review.opendev.org/#/c/609180/
Closes-Bug: #1835559
Change-Id: I98ce7cee6ef133dbbe70f7af89494ee6e6c021f9
Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
openstack-helm and openstack-helm-infra tarball.
Story: 2006166
Task: 37553
Change-Id: I155a61b12c114eb20a775c207fa8fef7e3f3bc49
Signed-off-by: Scott Little <scott.little@windriver.com>
This update changed dcdbsync endpoint to be created in subcloud
from internal to admin. The admin endpoint will be used by dcorch to
access dcdbsync service in subcloud.
The reason why admin endpoint is used for dcorch access is, public
endpoint is intended for end users and its domain name can be
overrided by "system service-parameter-add openstack helm
endpoint_domain=<public domain>", internal endpoint is used by services
running within the subcloud cluster with listening port on 5000, which
is not accessible from outside the subcloud cluster even its fqdn is
overriden. admin endpoint is a good fit for DC orchestration and
adminstration.
Change-Id: I70784385e6e4572cccc10ef18bdf103def4ca570
Story: 2006588
Task: 37792
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This update patched openstack keystone helm chart to support ingress
creation for custom admin endpoint. It will be used in DC subcloud
deployment to expose keystone admin endpoint to System Controller.
The change has been submitted to upstream openstack-helm for review:
https://review.opendev.org/#/c/697525/
Change-Id: I5792f3f9031470ab97a4dea8f47eff244160f8ee
Story: 2006588
Task: 37747
Signed-off-by: Andy Ning <andy.ning@windriver.com>
The configuration item "conf.neutron.DEFAULT.lock_path" is not
used anymore, we need to override
"conf.neutron.oslo_concurrency.lock_path" to
/var/run/neutron/lock
Verified that in neutron-l3-agent-controller-0
and nova-compute-controller-0, not see lots of errors anymore.
Router update finished in neutron.agent.l3.agent
closes-Bug: #1841660
Change-Id: I9c62872d86ba8f92cb8380181bf91389767cba09
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Due to upgrade of openstack-helm, we need to update related
manifest items whose structure changed.
Basic deployment test on AIO/Duplex/Multi virtual setup pass
and VM creation pass.
Story: 2006544
Task: 36623
Depends-on:https://review.opendev.org/#/c/683886/
Change-Id: I62cc2a723ff1c6ef68b2d27f2b538254825d3835
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This update contains changes to deploy and config the dcdbsync instance
for containerized openstack services, including:
- Added helm charts to create dcdbsync identities in containerized
keystone, including user, endpoint, project-role assignment etc.
The overall procedure is, during stx-openstack app application,
dcdbsync identities will be created in containerized keystone. After
stx-openstack is successfully applied the dcdbsync runtime puppet is
called to generate the configuration file for openstack dcdbsync
instance with some information retrieved from helm (particularly
keystone passwords). Finally sm runtime is called to bring up the
dcdbsync service into running. When stx-openstack app is removed,
openstack dcdbsync instance will be cleanup with configuration file
removed and service deprovisioned and stopped.
Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1
Story: 2004766
Task: 36104
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This update added "identity_openstack" as sync_endpoint into
containerized keystone-api-proxy configuration file. The sync_endpoint
will be used as endpoint type to enqueue job for dcorch.
Change-Id: Iebe9a209f6f8bc63871aa024f7014638e5deeb05
Story: 2004766
Task: 36155
Depends-On: https://review.opendev.org/#/c/674927/
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This change allows to deploy the fm-rest-api helm
chart with armada system.
Change-Id: I382c896f4e211b5344ef694a014438beab7cf4ed
Story: 2004008
Task: 36502
Depends-On: https://review.opendev.org/642925/
The helm charts contain references to images for all
configurations, however some of those configurations
are not being enabled, and so the docker images are never
used.
This change prevents armada from downloading docker images
that are not being used by the armada manifest.
It requires an enhancement in sysinv to handle the null
reference.
The following images are unused and have been replaced
in the manifest with null (or the appropriate reference)
- kolla/ubuntu-source-nova-novncproxy: referenced by
novnc_assets and must point to the nova image.
- xrally/xrally-openstack: used when "test" is enabled,
referenced by cinder, ceilometer, glance, heat, keystone,
nova, neutron, panko.
- openstackhelm/ceph-daemon: referenced by ceph_rgw.
- openstackhelm/neutron: referenced by openstack-ingress.
- osixia/keepalived: referenced by openstack-ingress.
- prom/memcached-exporter: referenced by openstack-memcached.
- docker: referenced by image_repo_sync image tags in almost
every chart.
- kbudde/rabbitmq-exporter: referenced by openstack-rabbitmq.
- prom/mysqld-exporter: referenced by openstack-mariadb
Change-Id: Ide26ddaf3537b8b9595104a683339554aea71b48
Closes-Bug: 1841611
Depends-On: https://review.opendev.org/#/c/680067/
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
In deployment-novncproxy.yaml, it set hostNetwork = true.
We want to let it use cluster network instead of hostNetwork.
This patch will add a config item, so that we can override it
to use cluster network. Then no need to enable 6080 port in
local network firewall for novncproxy access.
Upstream patch submitted as below.
https://review.opendev.org/#/c/679891
Below test pass!
Access to VM console through horizon works!
Closes-bug: 1827246
Change-Id: Icb0cfa39839e151d5869c64bc8f0151d0d9faf49
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This job adds a single linters tox target.
The linters target is an aggregation of linters for
this repo.
At present the only linter being invoked is bashate.
Other linters such as yamllint can be added to this
repo by later commits.
Change-Id: Ife7acf5fbbbfcd69a1d7b393ddf7b650e985af2c
Story: 2006166
Task: 36535
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This file is needed in order for people cloning the repo
to be able to initialize it for gerrit by the
"git review -s" command
Change-Id: I468a5d3fced8fc84c3d189224e88518ed60f0e04
Story: 2006166
Task: 36512
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Relocation of helm charts required some modifications to
the spec and relocation of the makefile..
Story: 2006166
Task: 35687
Depends-On: I5c34bf66a3631e86e22684412e01c02980e9ae30
Change-Id: If27d138708c580df168797a3878e349fde2c6d19
Signed-off-by: Scott Little <scott.little@windriver.com>
Upgrading from kubernetes 1.13.5 to 1.15.0 meant the config
needed to be updated to handle whatever was deprecated or dropped
in 1.14 and 1.15.
1) Removed "ConfigMapAndSecretChangeDetectionStrategy = Watch"
reported by https://github.com/kubernetes/kubernetes/issues/74412
because this was a golang deficiency, and is fixed by the newer
version of golang.
2) Enforced the kubernetes 1.15.3 version
3) Updated v1alpha3 to v1beta2, since alpha3 was dropped in 1.14
changed fields for beta1 and beta2 are mentioned in these docs:
https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2
4) cgroup validation checking now includes the pids subfolder.
5) Update ceph-config-helper to v1.15 kubernetes compatable
This means that the stx-openstack version check needed to be increased
Change-Id: Ibe3d5960c5dee1d217d01fbb56c785581dd1b42c
Story: 2005860
Task: 35841
Depends-On: https://review.opendev.org/#/c/671150
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Add variables for initial delay, period and timeout for rabbitmq
liveness and readiness probes. Default to current upstream settings.
Do not recommend this for upstreaming to openstack-helm-infra as
enhancements have been added since the last starlingx rebase to enable
more generic override of probes. On next rebase of starlingx on
openstack-helm-infra, recommend refactoring this change based on these
upstream commits (assuming upstream hasn't done it already):
https://review.opendev.org/#/c/668710/https://review.opendev.org/#/c/631597/
Partial-Bug: 1837426
Change-Id: I0a8d8f466c4b8482cc9161d28de37bff6fc7ced3
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>