This is a mini test version of the openstack app based on FluxCD.
It only has a subset of the charts enabled for testing:
- build-helm-chart.sh changes
- FluxCD application framework changes
This change includes the following charts:
psp-rolebinding, ingress, nginx-ports-control, mariadb,
garbd, memcached, rabbitmq.
NOTE: This new change includes the same code from [1] and the fix
for debian package build, the reason why the original change had to
be reverted originally.
Test Plan:
PASS - package build (CentOS)
PASS - package build (Debian)
PASS - build-helm-charts.sh builds a basic FluxCD app tarball
PASS - application upload and overrides generated
PASS - application apply/remove/delete
Debian build logs: https://paste.opendev.org/show/bty7r5Zcn6JJawuwDBm7/
Application Logs: https://paste.opendev.org/show/bFL2fixBwc0vBhqXDC0K/
Story: 2009138
Task: 45462
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Co-Authored-by: Robert Church <robert.church@windriver.com>
Change-Id: Id501b4a34b1b54ca72943044fb59b18e064d1042
Some pods are being evicted due to some containers exceeding the
usage of ephemeral-storage: since there was no value on the manifest,
it was set to 0, which means that basically any value would cause the
pod to fail.
Test Plan:
PASS - Build stx-openstack tarball.
PASS - Upload/apply stx-openstack and check that new values of
ephemeral-storage took place.
PASS - Remove/delete stx-openstack.
Depends-On: https://review.opendev.org/c/starlingx/helm-charts/+/854006
Closes-Bug: #1970645
Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Co-authored-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: Idcb61c976820574d9ac771cd3bbc1f91f8651f54
We are removing the patches that disables the helm3-hook which are
used by osh(-i) to build an armada app as these patches are not
necessary when building the fluxcd app.
By removing the patches and changing the manifest.yaml, these hooks
will only be disabled for the armada app, and the fluxcd app can be
built as it is with [1].
There's also a small change on Patch #16 so it can be applied as it
was created on top of a change made on Patch #8 (which is being
removed).
Test Plan:
PASS - Build all the packages necessary for the openstack app
PASS - Create openstack tarball
PASS - Apply/remove/delete openstack
[1] I97402f9d4cacb2130118f49589b13b686d04e13b
Story: 2009138
Task: 45716
Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Change-Id: I6a1cb3832be8dc15930edc226e09a55f6f89951b
In order to the Network Resources Cleanup (added in
b5b4cc562a4c7d705d108a8280dc1b246159d90b) successfully performs
its operations, it is necessary to add trunk as one of the neutron's
service plugins. This review adds a new service plugin for neutron
to allow stx-openstack to be successfully removed.
Test Plan:
PASS - Build stx-openstack armada tarball (CentOS)
PASS - Upload stx-openstack on Stx7.0/master build
PASS - Apply stx-openstck on a Stx7.0/master build
PASS - Remove stx-openstack on a Stx7.0/master build
PASS - Delete stx-openstack on a Stx7.0/master build
Closes-bug: 1982220
Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: I2590fdcf7b9551a94757ca04e2dbc11640967508
A new job is introduced for the purpose to cleanup
network resources before OpenStack removal.
TESTS STATUS
- After a fresh deployment of existing stx-openstack app, PASSED
check that VMs can be launched successfully
- Delete VMs and remove OpenStack, without a cleanup of PASSED
network resources. After re-deploying OpenStack, verify
that an error scenario arises where new VMs can not be
launched, with the following error message:
"nova.exception.VirtualInterfaceCreateException ...
Failed to allocate the network(s), not rescheduling".
- Load the updated charts in a fresh OpenStack re-install. PASSED
Assert that OpenStack is deployed successfully, and that
VMs can be launched successfully.
- Delete VMs and remove OpenStack, without a cleanup of PASSED
network resources. After re-deploying OpenStack, verify
that the previous error scenario does not show up and
that new VMs can be launched successfully.
- Verify that the OpenStack charts deployment-sequence PASSED
is unchanged, compared to existing codebase.
- Verify that, for all OpenStack charts, except the ones PASSED
under the compute-kit group, the removal sequence is
the reverse of deployment-sequence.
- Verify that the charts under the compute-kit group are PASSED
deployed in parallel but removed in sequence.
The removal sequence is the reverse deployment-sequence
from the OpenStack Armada App manifest.
- Verify that, within the OpenStack compute-kit group, PASSED
the Neutron chart is the first one to be removed.
Partial-Bug: 1892659
Explanatory text: this is a system improvement which aims
to prevent from similar bugs as the one above.
Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I268ab75a849734874646b5f23b0bcdbe5faae1ef
All debian packages in this repo are architecture-independent (ie don't
include any arch-specific binaries). Declare them as such in debian
control files. This is inline with their centos versions.
TESTS
====================================
Rebuild packages in debian
Story: 2009897
Task: 45278
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I25a41dc96565caa62767ab3c302967cec3b96fb5
Remove duplicate entry "neutron_openvswitch_agent" from
openstack-neutron chart. Otherwise YAML in manifest is not strictly
valid and some parsers can't load it properly.
Story: 2009897
Task: 45277
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: If134561cc966a0ca28bfdf1d607cfb44bbed95c5
As Rabbitmq 3.7.x is in EOL this PR bump the version to 3.9.0
TEST PLAN:
PASS: Build chart with change
Test - Create Instance from Image, from Volume and fromSnapshot
PASS: Create Flavors For Instances
PASS: Create Images For Instances
PASS: Create Volume For Instances
PASS: Create Networks For Instances
PASS: Launch Instances
PASS: Suspend Resume Instances
PASS: Set Error Active Flags Instances
PASS: Pause Unpause Instances
PASS: Stop Start Instances
PASS: Lock Unlock Instances
PASS: Reboot Instances
PASS: Rebuild Instances
PASS: Resize Instances
PASS: Set Unset Properties Instances
Test - Create Instance from Heat Template
PASS: Create Flavors for Instance
PASS: Create Images for Instances
PASS: Create Networks for Instance
PASS: Create Instance Trough Stack
Test - Measurements for Metric
PASS: Create Image For Metrics
PASS: Update Image Name
PASS: Update Image Disk Ram Size
Story: 2009944
Task: 44856
Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: I3dea6378ce16fe401035a5ddbbe42f8b84920b2c
We should be using the default rootwrap that OSH uses, not overwriting
this with sudo. Using just sudo cause a permission problem running this
script.
Closes-Bug: #1964507
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0b16483504fcc83020e3387b7696b55b618a0942
On the previous work to add tolerations for the openstack-helm charts,
we missed adding those tolerations to disabled charts like the charts
for the telemetry services, ironic, gnocchi and ceph-rgw. This commit
will fix it.
This is a cherry-pick with minor removals from [1] and [2]and should
be removed from the openstack-armada-app tree on the next osh/osh-i
upversion.
NOTE: Since ironic/gnocchi/ceph-rgw charts are not proven to work with
stx-openstack, we will not validate those on the test plan.
[1] https://review.opendev.org/c/openstack/openstack-helm-infra/+/812753
[2] https://review.opendev.org/c/openstack/openstack-helm/+/812734
TEST PLAN
PASS build stx-openstack and install on SX
PASS enable telemetry charts
REGRESSION PLAN
PASS debian build
LOG: https://paste.opendev.org/show/bV3bgChLHxro3caaRC7q/
Story: 2009232
Task: 44572
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0b35e2cb531cf54fc5a319c35e0a058603790af1
The healthcheck used to liveness and readiness probes is considered
intrusive and can produce false positives[0]. It's just returning that
the pod is healthy if it's fully booted and whether the pod is waiting
for a peer to appear to sync tables, it cannot succeed and eventually
enters into a pod restart deadlock.
The command is also deprecated and will be removed in future version.
Updating the probes based on current recommenation from community[1].
Because of that, we change the liveness to check the rabbit connection
to check if the rabbit is connected and running and also changed the
readiness to ping the pod after boot to see if it's ready.
Ref:
[0] https://www.rabbitmq.com/monitoring.html#deprecations
[1] https://www.rabbitmq.com/monitoring.html#health-checks
Test plan:
PASS: Close rabbitmq connection inside pod and verify if Liveness fail
and rebooted the pod.
PASS: Readiness check pod state and verify if can ping it to check if
the pod is health after get up.
PASS: Build on Debian
Story: 2009892
Task: 44674
Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: Ib98df7e1135b7b5cee50d63a9ab06eb4a961cd4b
Use docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
instead of docker.io/starlingx/ceph-config-helper:v1.15.0. With this,
we align the ceph client version with the cluster and also go back to
the upstream versions.
Test plan:
Build armada app
Apply OpenStack
After applying, verify that there are 4 new pools created
Inspect pods yaml to check images used
Story: 2009867
Task: 44553
Signed-off-by: Delfino Curado <delfinogomes.curadofilho@windriver.com>
Change-Id: I0210b94d88f59035ffdb11790cf74edf3f39b0b7
Openstack-helm provides the option to terminate TLS at the services.
However, at Starlingx TLS termination is done at the reverse
proxy (ingress) and therefore is unecessary for the OpenStack itself
be HTTPS and terminate tls a second time. Furthermore, it is not
possible to have https enabled on openstack services with the
current centos based containers that we have, openstack-helm only
supports tls using debian based containers.
Manually working arroud this creates a cumbersome override file, so
to diminish this overrides this patch 0020 and 0013(osh-i) disables
https at the backend, thus maitaining the same behaviour as stx 5.0
Mariadb and RabbitMQ tls does not seem to be working very well within
Starlingx, so we also disable TLS for them. I am not confident that
current openstack-helm and openstack-helm-infra supports production level
openstack with mariadb in TLS mode. Furthermore, from the way everything
is redirected in StarlingX I do see too many performance and stability
issues using both of them with tls enabled.
Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.
Test Plan:
PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f
Partial-bug: 1960354
Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815
This change sets the rabbit forceBoot flag to true through
the manifest to enable the force_boot command on the RabbitMQ
start script template. Also, add a new condition to the patch
file to use the force_boot command only on the first RabbitMQ
node to boot.
Test plan:
PASS: Shutdown and start a multi-node RabbitMQ cluster
PASS: Build stx-openstack with the change
Regression:
PASS: OpenStack can be applied successfully
PASS: RabbitMQ nodes can join the RabbitMQ cluster
Story: 2009784
Task: 44290
Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/826516
Signed-off-by: Maik Catrinque
<maik.wandercatrinqueandrade@windriver.com>
Change-Id: Ibd59526eafe941955e06b3141481eaf7c61a04c0
In the change I58cefac9076db52333b41633bf2cbaa5441dc98c the
pci-irq-affinity-agent code was refactored, this broke the
health probe declared in the helm charts.
This commit alters the health probe to work with the new
nova_provider functions introduced by the agent refactoring.
Test Plan
PASS: Apply stx-openstack and verify that pci-irq-affinity-agent
pod is created successfully without health probe failures
Closes-bug: https://bugs.launchpad.net/starlingx/+bug/1959480
Change-Id: I245ea5bf8d9ea37dc6ef9300e9d39db2a3e5d08b
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
vncserver_listen and vncserver_proxyclient_address were deprecated,
this change aims to replace them with the versioned name.
Test plan:
PASS: Verify that vncserver_listen was changed to server_listen inside
nova openstack manifest (system helm-override-show).
Story: 2009783
Task: 44273
Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I7bc9087bce8926595fd1f0dbc82d722fd26b45a0
After the upversion of OSH, we perceived that stx-openstack is still
downloading the images "openstackhelm/nova" and "openstackhelm/heat".
These are default images on the OSH charts and we want to overwrite them
with stx-heat and stx-nova images so we don't bring unnecessary and
probably unsupported images to the StarlingX registry and stx-openstack
charts.
TEST PLAN
PASS Install stx-openstack and made sure no openstackhelm/* images are
being downloaded.
Log of the image downloading: https://paste.opendev.org/show/812347/
Closes-Bug: #1958677
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I365a6f373cced98cb62aa51626a9657abad41b08
Replace dl_hook with "src_path" and "src_files"
Test Plan:
Pass: successfully build stx-openstack-helm
Pass: No difference comparing with the result of dl_hook
Story: 2009101
Task: 43801
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I477c0b51ed735f9bcab6bf80e96a109f24c96710
On stx-openstack, we run the nova-compute containers as user 0 (root) to
get privileged access to some of the host resources. During the latest
upversion of openstack-helm, we got in some commits that were
incompatible with our usage of the root user since the keys for ssh
access to a different compute were always placed under the 'nova' user's
folder. This commit fixes that behavior while we don't merge a
definitive fix on openstack-helm and go through a new upversion.
Test Plan:
PASS - nova-compute-ssh starting correctly after change
the sshd->ssh parameter
PASS - migrate/resize vm
Closes-Bug: #1956229
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ic90e8e64670b8314b9a2f38b93a59361dcb7ecc9
The pci-irq-affinity-agent currently uses two mechanisms to
store its configuration parameters, and this is being unified
in [1] to use only oslo_config. As the agent uses a custom
config file in a path not used by default by oslo_config,
it will be needed to pass this path as argument when running the
application, so this commit changes the helm chart to pass the
agent config file with the "--config-file" argument used by
oslo_config.
[1] https://review.opendev.org/c/starlingx/utilities/+/822540
Test Plan:
PASS: Verify that agent definition is created with the
argument --config-file
PASS: Verify that the agent command script runs without errors
PASS: Verify that the health probe script runs without errors
Regression:
PASS: Verify that OpenStack applies successfully
Story: 2009299
Task: 44214
Change-Id: Ibd9b8c9537ccd46351a4ec511a36c273ae0536b4
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Nova has two kinds of RabbitMQ notifications publishers: versioned
and unversioned, this change is needed in order to parameterize the
use of the compatible agent notification listener based on the amqp
topic (notifications or versioned_notifications).
Test plan:
PASS: Apply stx-openstack successfully with versioned_notifications
and notifications assigned to the topic variable.
PASS: Verify that pci-irq-affinity agent config file was overwritten
with the topic value.
Story: 2009299
Task: 44237
Relates-To: https://review.opendev.org/c/starlingx/utilities/+/823021
Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I4ea3b4eb3c77486bfa84cdc33106484921569275
Modify the PCI IRQ Affinity mask metadata description on the
OpenStack UI to provide guidance to the end user on how to
set up the mask.
Test plan:
PASS: PCI IRQ Affinity metadata description is changed on
the Openstack UI
Regression:
PASS: OpenStack can be applied successfully
PASS: metadata is added to the supported metadata list
PASS: user can set/change/delete metadata value
Story: 2009299
Task: 43861
Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/817168
Signed-off-by: Maik Catrinque <maik.wandercatrinqueandrade@windriver.com>
Change-Id: I4175da9a872f7469b06993ff0da6ac7a3f8dfd19
As consequence of containerizing the pci-irq-affinity-agent,
the capability to edit its configuration parameters like the
log_level was lost, since this could only be done previously by
editing the config.py file manually and restarting the agent.
This commit includes these configuration parameters on the
agent config file template, using overrideable values declared
on the helm chart values.yaml file.
Test plan:
PASS: Verify that helm chart is generated without errors
PASS: Verify that config.ini includes new section "parameters"
PASS: Confirm that section "parameters" attributes' can be
overridden
Regression:
PASS: Verify that OpenStack can be applied successfully
PASS: Verify that pci-irq-affinity-agent logs show no errors
Story: 2009299
Task: 44214
Relates-to: https://review.opendev.org/c/starlingx/utilities/+/822540
Change-Id: I5daaacee0bd441f9dddf207ad2b61bb24a378e2f
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Add the `openstack-compute-node` toleration for
openstack services. This is used in a Hybrid Cluster
environment to taint all user only applications.
Test Plan:
PASS: After compute node taint application is applied
PASS: If compute has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: After compute node taint other applications is not
created in the compute node.
PASS: Compute taint, VM creation and ping OK.
Story: 2009702
Task: 44150
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ibde7b6a1ee813a4ed5ed649a84eeb6a2389d0871
The commit: https://review.opendev.org/c/starlingx/openstack-armada-app/+/821591
introduced a typo causing an error in the build process.
Story: 2009232
Task: 44187
Test Plan:
PASS: All builds were successful
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ib239daa533b09c034b979ec1b8f89cdc48f96378
Enable tolerations for the gardb pod. This pod
is only created on the `openstack-compute-node`
nodes.
Test Plan (Standard deployment configuration):
PASS: After controller node taint (any) application is applied
FAIL (expected): After compute node taint (any) application is
not applied. Gardb pod in Pending State.
PASS: If compute has no taint application is applied
PASS: After user override add toleration and compute node taint
application is applied.
Story: 2009232
Task: 44174
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: I7a5f5066bae766305480b877a09e5122b618ef0e
This patch moves the NoExecute toleration for mariadb
and rabbitmq pods to the new toleration parameter.
NoExecute toleration is required because of:
https://review.opendev.org/c/starlingx/openstack-armada-app/+/751358
Story: 2009232
Task: 44151
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: I09d109f5725d60ef1d670c62055b98f99a194eb0
Adds patches from openstack-helm and openstack-helm-infra that
enables openstack services, jobs, and friends (libvirt, memcached
mariadb, openvswitch, rabbitmq, ingress) to support taint toleration
Also adds tolerations for nova-api-proxy, stx-ks-user and
nova-ephemeral-pool
Taint toleration `node-role.kubernetes.io/master:NoSchedule` is also
enabled by default as seen in `manifest.yaml`
deleted:
- file: 0014-Add-tolerations-to-rabbitmq-chart.patch
reason: deprecated by 0017 (also was not working for rabbit jobs)
- file: 0015-Add-tolerations-to-mariadb-chart.patch
reason: deprecated by 0017 (also was not working for maria jobs)
Test Plan:
PASS: After controller node taint application is applied
PASS: If controller has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: Other taint is added to controller and after user overrides apply
succceeds
Notes:
- Tested in AIO-SX (Both Virt. and Physical Machine)
- Tested with taint node-role.kubernetes.io/master:NoSchedule
- Tested with taint openstack-compute-node:NoSchedule
- Apply fails -> pods pending untolarated taints
Story: 2009232
Task: 43345
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I6bd0d28cdc31f07d18b3cdfda3b0282a4d3117a4
PCI IRQ affinity agent is unable to find the instances' PCI devices
and is failing to set IRQ affinity settings. This is happening
because the directory used by the agent, /sys/bus/pci/devices,
contains symbolic links to directories inside /sys/devices, and these
aren't available inside the container, causing the agent to fail when
it tries to read PCI devices information.
This commit changes the hostPath volume from /sys/bus/pci/devices to
/sys, so that the container will have /sys/devices mounted as well
and the agent will be able to access its contents.
Test Plan:
PASS: Verify that /sys/bus/pci/devices symbolic links are not broken
PASS: Verify that PCI IRQ affinity agent can read PCI devices info
PASS: Verify agent configuring IRQ affinity settings successfully
after booting instances with PCI affinity mask on the flavor
Regression:
PASS: Verify that openstack application can be applied successfully
PASS: Verify that no alarms are raised after applying openstack
Closes-bug: 1952660
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I1d6dea0a89955715975de3d3cda384e7f19bd13c
With the openstack-helm upversion, we noticed that the Panko project was
retired [1][2]. Since this chart is currently disabled by default, we
didn't notice it, but we need to take action to remove the chart
references from stx-openstack.
[1] 160529ef90
[2] http://lists.openstack.org/pipermail/openstack-discuss/2021-May/022337.html
TEST PLAN
PASS Build and install stx-openstack with the change
PASS Verified no override namespaces were generated to Panko via `system
helm-override-list` and `system helm-override-show wr-openstack
panko openstack`
FAIL (expected) Tried to enable the Panko chart using `system
helm-chart-attribute-modify --enabled true wr-openstack panko
openstack
PASS Enabled aodh, ceilometer, gnocchi and re-appplied
Story: 2009161
Task: 44072
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2dc99a5d86933b36cc635124aca779e3bb20a7d0
This patch introduces the hw:pci_irq_affinity_mask metadata.
The metadata hw:pci_irq_affinity_mask specifies which CPU cores are
interrupted due to PCI IRQ requests. It can be set as a compute flavor
extra spec, as well as a compute image or volume metadata.
Test Plan Status
1. New metadata is added to the supported metadata list PASSED
on compute flavor, compute image and volume metadata
2. New metadata can be set to a value PASSED
on compute flavor, compute image and/or volume metadata
3. New metadata can be changed value and/or deleted PASSED
on compute flavor, compute image and/or volume metadata
4. New metadata persists when re-applying OpenStack PASSED
Regression
1. New metadata is added to the supported metadata list PASSED
on compute flavor, compute image and volume metadata
2. New metadata can be set a value, changed valued and deleted PASSED
on compute flavor, compute image and volume metadata
Story: 2009299
Task: 43861
Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I0f94e8cddcff744306a01ce275c697cb39f8c5e7
To make a downstream release of stx-openstack, we often have to also
rename all the app's helm and puppet plugins namespace and also change
code on sysinv. This change decouples the name of the openstack
application from its plugins in order to ease downstream development
and release.
Tests report: https://paste.opendev.org/show/810225/
Story: 2009669
Task: 43900
Depends-On: https://review.opendev.org/c/starlingx/config/+/814670
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2bce2416c613bde374a86854c746ba4ded52a842
The pci-irq-affinity-agent uses the platform keyring file to
fetch the admin password to communicate with OpenStack services,
but now that the agent is raised during the application apply it
can use the same approach the other helm charts use to get the
credentials, using it's plugin to capture the information and
generate the system overrides with the values.
This commit:
- Changes the plugin to get the credentials
- Changes the pci-irq-affinity-agent helm chart to include the
password on the chart values and use it on the agent config file
template
- Adds an init container with dependencies on libvirt and nova
compute pods, so that the agent pod is only create when those
are available
- Removes the keyring mount on the container, which will not be
needed anymore with the previous changes and is causing failure
when raising the pod
- Removes additional keyring tools
Depends-On: https://review.opendev.org/c/starlingx/utilities/+/818620
Closes-Bug: 1951245
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I26f993146b8a17b7602a45f0cd5d983c1d93b0c1
On commit 03d78718966e85eb0094ed48062d9d33f3519f85 of
openstack-helm a new image was introduced to execute the db
migrations as a "latest" form. This commit pins the version of
that image for stx-openstack to a fixed version to avoid that
future image builds of porthole-mysqlclient-utility breaks the
app.
Closes-Bug: #1951444
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2b599578858c9212fb61419f166d4db8527f884d
The stx-openstack apply is failing with a timeout condition,
caused by failure while trying to pull the image of the agent from
the local registry. This is caused by missing imagePullSecrets on
the daemonset definition, so this commit creates the ServiceAccount
with the imagePullSecrets and use it on the spec.
Closes-Bug: 1951245
Change-Id: I5e408539e001bbe867812db8c614d47cea1ae225
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
This change is part of an initiative to decouple the pci-irq-affinity
agent process from the platform by converting it into a resource to
be deployed along with stx-openstack application.
Depends-on: https://review.opendev.org/c/starlingx/utilities/+/814031
Story: 2009299
Task: 43656
Change-Id: Iefc1106e01cbfc874119e16b610e48a629771db1
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>