272 Commits

Author SHA1 Message Date
Robert Church
daef54697f Partial FluxCD version of stx-openstack: initial
This is a mini test version of the openstack app based on FluxCD.
It only has a subset of the charts enabled for testing:
 - build-helm-chart.sh changes
 - FluxCD application framework changes

This change includes the following charts:
psp-rolebinding, ingress, nginx-ports-control, mariadb,
garbd, memcached, rabbitmq.

NOTE: This new change includes the same code from [1] and the fix
for debian package build, the reason why the original change had to
be reverted originally.

Test Plan:
PASS - package build (CentOS)
PASS - package build (Debian)
PASS - build-helm-charts.sh builds a basic FluxCD app tarball
PASS - application upload and overrides generated
PASS - application apply/remove/delete

Debian build logs: https://paste.opendev.org/show/bty7r5Zcn6JJawuwDBm7/
Application Logs: https://paste.opendev.org/show/bFL2fixBwc0vBhqXDC0K/

Story: 2009138
Task: 45462

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Co-Authored-by: Robert Church <robert.church@windriver.com>
Change-Id: Id501b4a34b1b54ca72943044fb59b18e064d1042
2022-09-01 11:54:42 -03:00
Pedro Almeida
e2d9f126ef Adding ephemeral-storage request on pods
Some pods are being evicted due to some containers exceeding the
usage of ephemeral-storage: since there was no value on the manifest,
it was set to 0, which means that basically any value would cause the
pod to fail.

Test Plan:
PASS - Build stx-openstack tarball.
PASS - Upload/apply stx-openstack and check that new values of
       ephemeral-storage took place.
PASS - Remove/delete stx-openstack.

Depends-On: https://review.opendev.org/c/starlingx/helm-charts/+/854006

Closes-Bug: #1970645

Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Co-authored-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: Idcb61c976820574d9ac771cd3bbc1f91f8651f54
2022-08-26 08:49:40 -03:00
Zuul
6377c978cb Merge "Removing helm3 patches from osh(-i) on armada" 2022-08-04 19:20:26 +00:00
Pedro Almeida
3dbfd56429 Removing helm3 patches from osh(-i) on armada
We are removing the patches that disables the helm3-hook which are
used by osh(-i) to build an armada app as these patches are not
necessary when building the fluxcd app.

By removing the patches and changing the manifest.yaml, these hooks
will only be disabled for the armada app, and the fluxcd app can be
built as it is with [1].

There's also a small change on Patch #16 so it can be applied as it
was created on top of a change made on Patch #8 (which is being
removed).

Test Plan:

PASS - Build all the packages necessary for the openstack app
PASS - Create openstack tarball
PASS - Apply/remove/delete openstack

[1] I97402f9d4cacb2130118f49589b13b686d04e13b

Story: 2009138
Task: 45716

Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Change-Id: I6a1cb3832be8dc15930edc226e09a55f6f89951b
2022-08-04 13:58:12 -03:00
Rafael Falcão
81145bca93 Adding trunk as neutron service plugin
In order to the Network Resources Cleanup (added in
b5b4cc562a4c7d705d108a8280dc1b246159d90b) successfully performs
its operations, it is necessary to add trunk as one of the neutron's
service plugins. This review adds a new service plugin for neutron
to allow stx-openstack to be successfully removed.

Test Plan:
PASS - Build stx-openstack armada tarball (CentOS)
PASS - Upload stx-openstack on Stx7.0/master build
PASS - Apply stx-openstck on a Stx7.0/master build
PASS - Remove stx-openstack on a Stx7.0/master build
PASS - Delete stx-openstack on a Stx7.0/master build

Closes-bug: 1982220

Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: I2590fdcf7b9551a94757ca04e2dbc11640967508
2022-07-22 12:30:24 -03:00
rferraz
b5b4cc562a Network Resources Cleanup before OpenStack Removal
A new job is introduced for the purpose to cleanup
network resources before OpenStack removal.

TESTS                                                       STATUS

- After a fresh deployment of existing stx-openstack app,   PASSED
  check that VMs can be launched successfully

- Delete VMs and remove OpenStack, without a cleanup of     PASSED
  network resources. After re-deploying OpenStack, verify
  that an error scenario arises where new VMs can not be
  launched, with the following error message:
  "nova.exception.VirtualInterfaceCreateException ...
  Failed to allocate the network(s), not rescheduling".

- Load the updated charts in a fresh OpenStack re-install.  PASSED
  Assert that OpenStack is deployed successfully, and that
  VMs can be launched successfully.

- Delete VMs and remove OpenStack, without a cleanup of     PASSED
  network resources. After re-deploying OpenStack, verify
  that the previous error scenario does not show up and
  that new VMs can be launched successfully.

- Verify that the OpenStack charts deployment-sequence      PASSED
  is unchanged, compared to existing codebase.

- Verify that, for all OpenStack charts, except the ones    PASSED
  under the compute-kit group, the removal sequence is
  the reverse of deployment-sequence.

- Verify that the charts under the compute-kit group are    PASSED
  deployed in parallel but removed in sequence.
  The removal sequence is the reverse deployment-sequence
  from the OpenStack Armada App manifest.

- Verify that, within the OpenStack compute-kit group,      PASSED
  the Neutron chart is the first one to be removed.

Partial-Bug: 1892659

Explanatory text: this is a system improvement which aims
to prevent from similar bugs as the one above.

Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I268ab75a849734874646b5f23b0bcdbe5faae1ef
2022-06-22 11:08:10 -03:00
Davlet Panech
afc2fe2a4c debian: make all packages arch-independent
All debian packages in this repo are architecture-independent (ie don't
include any arch-specific binaries). Declare them as such in debian
control files. This is inline with their centos versions.

TESTS
====================================
Rebuild packages in debian

Story: 2009897
Task: 45278

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I25a41dc96565caa62767ab3c302967cec3b96fb5
2022-05-04 22:26:05 -04:00
Davlet Panech
78d407c12f neutron: remove duplicate image from chart
Remove duplicate entry "neutron_openvswitch_agent" from
openstack-neutron chart. Otherwise YAML in manifest is not strictly
valid and some parsers can't load it properly.

Story: 2009897
Task: 45277

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: If134561cc966a0ca28bfdf1d607cfb44bbed95c5
2022-05-04 21:41:28 -04:00
Arthur Luz de Avila
e1edf583e0 Bump Rabbitmq version to 3.9.0
As Rabbitmq 3.7.x is in EOL this PR bump the version to 3.9.0

TEST PLAN:

PASS: Build chart with change

Test - Create Instance from Image, from Volume and fromSnapshot
PASS: Create Flavors For Instances
PASS: Create Images For Instances
PASS: Create Volume For Instances
PASS: Create Networks For Instances
PASS: Launch Instances
PASS: Suspend Resume Instances
PASS: Set Error Active Flags Instances
PASS: Pause Unpause Instances
PASS: Stop Start Instances
PASS: Lock Unlock Instances
PASS: Reboot Instances
PASS: Rebuild Instances
PASS: Resize Instances
PASS: Set Unset Properties Instances

Test - Create Instance from Heat Template
PASS: Create Flavors for Instance
PASS: Create Images for Instances
PASS: Create Networks for Instance
PASS: Create Instance Trough Stack

Test - Measurements for Metric
PASS: Create Image For Metrics
PASS: Update Image Name
PASS: Update Image Disk Ram Size

Story: 2009944
Task: 44856

Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: I3dea6378ce16fe401035a5ddbbe42f8b84920b2c
2022-03-29 11:14:56 +00:00
Zuul
53f7d158b8 Merge "Change ceph-helper-config to a version compatible with Nautilus" 2022-03-16 13:55:46 +00:00
Zuul
1b521dda7d Merge "Adding tolerations to disabled charts" 2022-03-11 18:50:38 +00:00
Thiago Brito
352e34cd2a Fix misconfig causing neutron netns job fail
We should be using the default rootwrap that OSH uses, not overwriting
this with sudo. Using just sudo cause a permission problem running this
script.

Closes-Bug: #1964507
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0b16483504fcc83020e3387b7696b55b618a0942
2022-03-10 19:49:16 +00:00
Thiago Brito
a801776a41 Adding tolerations to disabled charts
On the previous work to add tolerations for the openstack-helm charts,
we missed adding those tolerations to disabled charts like the charts
for the telemetry services, ironic, gnocchi and ceph-rgw. This commit
will fix it.

This is a cherry-pick with minor removals from [1] and [2]and should
be removed from the openstack-armada-app tree on the next osh/osh-i
upversion.

NOTE: Since ironic/gnocchi/ceph-rgw charts are not proven to work with
stx-openstack, we will not validate those on the test plan.

[1] https://review.opendev.org/c/openstack/openstack-helm-infra/+/812753
[2] https://review.opendev.org/c/openstack/openstack-helm/+/812734

TEST PLAN
PASS build stx-openstack and install on SX
PASS enable telemetry charts

REGRESSION PLAN
PASS debian build

LOG: https://paste.opendev.org/show/bV3bgChLHxro3caaRC7q/

Story: 2009232
Task: 44572
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0b35e2cb531cf54fc5a319c35e0a058603790af1
2022-03-10 14:04:42 +00:00
Arthur Luz de Avila
abdf99ad03 Update RabbitMQ probes
The healthcheck used to liveness and readiness probes is considered
intrusive and can produce false positives[0]. It's just returning that
the pod is healthy if it's fully booted and whether the pod is waiting
for a peer to appear to sync tables, it cannot succeed and eventually
enters into a pod restart deadlock.
The command is also deprecated and will be removed in future version.
Updating the probes based on current recommenation from community[1].
Because of that, we change the liveness to check the rabbit connection
to check if the rabbit is connected and running and also changed the
readiness to ping the pod after boot to see if it's ready.

Ref:
[0] https://www.rabbitmq.com/monitoring.html#deprecations
[1] https://www.rabbitmq.com/monitoring.html#health-checks

Test plan:
PASS: Close rabbitmq connection inside pod and verify if Liveness fail
and rebooted the pod.
PASS: Readiness check pod state and verify if can ping it to check if
the pod is health after get up.
PASS: Build on Debian

Story: 2009892
Task: 44674

Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: Ib98df7e1135b7b5cee50d63a9ab06eb4a961cd4b
2022-03-10 11:49:25 +00:00
Delfino Curado
cd802b4ad5 Change ceph-helper-config to a version compatible with Nautilus
Use docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
instead of docker.io/starlingx/ceph-config-helper:v1.15.0. With this,
we align the ceph client version with the cluster and also go back to
the upstream versions.

Test plan:
Build armada app
Apply OpenStack
After applying, verify that there are 4 new pools created
Inspect pods yaml to check images used

Story: 2009867
Task: 44553

Signed-off-by: Delfino Curado <delfinogomes.curadofilho@windriver.com>
Change-Id: I0210b94d88f59035ffdb11790cf74edf3f39b0b7
2022-03-03 07:37:30 -05:00
Lucas Cavalcante
27c4d562c8 Fixes Application Apply failing when HTTPS enabled
Openstack-helm provides the option to terminate TLS at the services.
However, at Starlingx TLS termination is done at the reverse
proxy (ingress) and therefore is unecessary for the OpenStack itself
be HTTPS and terminate tls a second time. Furthermore,  it is not
possible to have https enabled on openstack services with the
current centos based containers that we have, openstack-helm only
supports tls using debian based containers.

Manually working arroud this creates a cumbersome override file, so
to diminish this overrides this patch 0020 and 0013(osh-i) disables
https at the backend, thus maitaining the same behaviour as stx 5.0

Mariadb and RabbitMQ tls does not seem to be working very well within
Starlingx, so we also disable TLS for them. I am not confident that
current openstack-helm and openstack-helm-infra supports production level
openstack with mariadb in TLS mode. Furthermore, from the way everything
is redirected in StarlingX I do see too many performance and stability
issues using both of them with tls enabled.

Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.

Test Plan:

PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f
Partial-bug: 1960354
Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815
2022-02-11 16:59:37 +00:00
Maik Catrinque
9892254209 Enable rabbitmq force_boot command
This change sets the rabbit forceBoot flag to true through
the manifest to enable the force_boot command on the RabbitMQ
start script template. Also, add a new condition to the patch
file to use the force_boot command only on the first RabbitMQ
node to boot.

Test plan:
PASS: Shutdown and start a multi-node RabbitMQ cluster
PASS: Build stx-openstack with the change

Regression:
PASS: OpenStack can be applied successfully
PASS: RabbitMQ nodes can join the RabbitMQ cluster

Story: 2009784
Task: 44290

Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/826516

Signed-off-by: Maik Catrinque
<maik.wandercatrinqueandrade@windriver.com>
Change-Id: Ibd59526eafe941955e06b3141481eaf7c61a04c0
2022-02-04 16:35:54 -03:00
Heitor Matsui
87d67cc91a Fix pci-irq-affinity-agent health probe imports
In the change I58cefac9076db52333b41633bf2cbaa5441dc98c the
pci-irq-affinity-agent code was refactored, this broke the
health probe declared in the helm charts.

This commit alters the health probe to work with the new
nova_provider functions introduced by the agent refactoring.

Test Plan
PASS: Apply stx-openstack and verify that pci-irq-affinity-agent
      pod is created successfully without health probe failures

Closes-bug: https://bugs.launchpad.net/starlingx/+bug/1959480
Change-Id: I245ea5bf8d9ea37dc6ef9300e9d39db2a3e5d08b
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2022-01-29 08:20:47 -03:00
Zuul
5cab9df8c4 Merge "Rename VNC deprecated opts" 2022-01-27 20:52:12 +00:00
Zuul
abf0e32051 Merge "stx-openstack-helm: remove dl_hook" 2022-01-26 17:20:45 +00:00
Iago Estrela
1623a2bc72 Rename VNC deprecated opts
vncserver_listen and vncserver_proxyclient_address were deprecated,
this change aims to replace them with the versioned name.

Test plan:
PASS: Verify that vncserver_listen was changed to server_listen inside
      nova openstack manifest (system helm-override-show).

Story: 2009783
Task: 44273

Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I7bc9087bce8926595fd1f0dbc82d722fd26b45a0
2022-01-25 18:59:45 -03:00
Thiago Brito
88e18ec9c9 Providing overrides for newer images on OSH
After the upversion of OSH, we perceived that stx-openstack is still
downloading the images "openstackhelm/nova" and "openstackhelm/heat".
These are default images on the OSH charts and we want to overwrite them
with stx-heat and stx-nova images so we don't bring unnecessary and
probably unsupported images to the StarlingX registry and stx-openstack
charts.

TEST PLAN
PASS Install stx-openstack and made sure no openstackhelm/* images are
     being downloaded.

Log of the image downloading: https://paste.opendev.org/show/812347/

Closes-Bug: #1958677

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I365a6f373cced98cb62aa51626a9657abad41b08
2022-01-24 20:46:35 +00:00
Yue Tao
e4b0126863 stx-openstack-helm: remove dl_hook
Replace dl_hook with "src_path" and "src_files"

Test Plan:

Pass: successfully build stx-openstack-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43801

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I477c0b51ed735f9bcab6bf80e96a109f24c96710
2022-01-19 10:48:34 +08:00
Zuul
1d2ee5ad30 Merge "Fix nova-compute-ssh" 2022-01-14 12:46:29 +00:00
Lucas Cavalcante
4e3157bf4c Fix nova-compute-ssh
On stx-openstack, we run the nova-compute containers as user 0 (root) to
get privileged access to some of the host resources. During the latest
upversion of openstack-helm, we got in some commits that were
incompatible with our usage of the root user since the keys for ssh
access to a different compute were always placed under the 'nova' user's
folder. This commit fixes that behavior while we don't merge a
definitive fix on openstack-helm and go through a new upversion.

Test Plan:

PASS - nova-compute-ssh starting correctly after change
the sshd->ssh parameter
PASS - migrate/resize vm

Closes-Bug: #1956229

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ic90e8e64670b8314b9a2f38b93a59361dcb7ecc9
2022-01-13 22:59:54 -03:00
Heitor Matsui
f555e6929f Adapt pci-irq helm chart for oslo_config
The pci-irq-affinity-agent currently uses two mechanisms to
store its configuration parameters, and this is being unified
in [1] to use only oslo_config. As the agent uses a custom
config file in a path not used by default by oslo_config,
it will be needed to pass this path as argument when running the
application, so this commit changes the helm chart to pass the
agent config file with the "--config-file" argument used by
oslo_config.

[1] https://review.opendev.org/c/starlingx/utilities/+/822540

Test Plan:
PASS: Verify that agent definition is created with the
      argument --config-file
PASS: Verify that the agent command script runs without errors
PASS: Verify that the health probe script runs without errors

Regression:
PASS: Verify that OpenStack applies successfully

Story: 2009299
Task: 44214
Change-Id: Ibd9b8c9537ccd46351a4ec511a36c273ae0536b4
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2022-01-06 11:47:57 -03:00
Zuul
1b67fd1aa8 Merge "Add amqp topic to pci-irq-affinity-agent" 2022-01-04 17:05:43 +00:00
Iago Estrela
07524b60cb Add amqp topic to pci-irq-affinity-agent
Nova has two kinds of RabbitMQ notifications publishers: versioned
and unversioned, this change is needed in order to parameterize the
use of the compatible agent notification listener based on the amqp
topic (notifications or versioned_notifications).

Test plan:
PASS: Apply stx-openstack successfully with versioned_notifications
         and notifications assigned to the topic variable.
PASS: Verify that pci-irq-affinity agent config file was overwritten
         with the topic value.

Story: 2009299
Task: 44237
Relates-To: https://review.opendev.org/c/starlingx/utilities/+/823021

Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Change-Id: I4ea3b4eb3c77486bfa84cdc33106484921569275
2022-01-03 16:23:40 -03:00
Zuul
158734e061 Merge "Modify description of IRQ metadata on OpenStack UI" 2021-12-31 16:13:08 +00:00
Maik Catrinque
85398ea6c4 Modify description of IRQ metadata on OpenStack UI
Modify the PCI IRQ Affinity mask metadata description on the
OpenStack UI to provide guidance to the end user on how to
set up the mask.

Test plan:
PASS: PCI IRQ Affinity metadata description is changed on
the Openstack UI

Regression:
PASS: OpenStack can be applied successfully
PASS: metadata is added to the supported metadata list
PASS: user can set/change/delete metadata value

Story: 2009299
Task: 43861
Relates-to: https://review.opendev.org/c/starlingx/openstack-armada-app/+/817168

Signed-off-by: Maik Catrinque <maik.wandercatrinqueandrade@windriver.com>
Change-Id: I4175da9a872f7469b06993ff0da6ac7a3f8dfd19
2021-12-30 14:40:10 -03:00
Zuul
d7d35bd0c6 Merge "Add openstack-compute-node toleration" 2021-12-29 18:24:42 +00:00
Heitor Matsui
763df9dfff Allow pci-irq-affinity-agent parameters overrides
As consequence of containerizing the pci-irq-affinity-agent,
the capability to edit its configuration parameters like the
log_level was lost, since this could only be done previously by
editing the config.py file manually and restarting the agent.

This commit includes these configuration parameters on the
agent config file template, using overrideable values declared
on the helm chart values.yaml file.

Test plan:
PASS: Verify that helm chart is generated without errors
PASS: Verify that config.ini includes new section "parameters"
PASS: Confirm that section "parameters" attributes' can be
      overridden

Regression:
PASS: Verify that OpenStack can be applied successfully
PASS: Verify that pci-irq-affinity-agent logs show no errors

Story: 2009299
Task: 44214
Relates-to: https://review.opendev.org/c/starlingx/utilities/+/822540
Change-Id: I5daaacee0bd441f9dddf207ad2b61bb24a378e2f
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2021-12-21 21:39:10 -03:00
Hugo Brito
4a3fb0f4e1 Add openstack-compute-node toleration
Add the `openstack-compute-node` toleration for
openstack services. This is used in a Hybrid Cluster
environment to taint all user only applications.

Test Plan:

PASS: After compute node taint application is applied
PASS: If compute has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: After compute node taint other applications is not
created in the compute node.
PASS: Compute taint, VM creation and ping OK.

Story: 2009702
Task: 44150

Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ibde7b6a1ee813a4ed5ed649a84eeb6a2389d0871
2021-12-21 19:21:47 +00:00
Hugo Brito
c34e08cfe6 Fix typo on garbd
The commit: https://review.opendev.org/c/starlingx/openstack-armada-app/+/821591
introduced a typo causing an error in the build process.

Story: 2009232
Task: 44187

Test Plan:
PASS: All builds were successful

Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ib239daa533b09c034b979ec1b8f89cdc48f96378
2021-12-15 13:21:13 +00:00
Hugo Brito
b36261adbd Add toleration to garbd pod
Enable tolerations for the gardb pod. This pod
is only created on the `openstack-compute-node`
nodes.

Test Plan (Standard deployment configuration):

PASS: After controller node taint (any) application is applied
FAIL (expected): After compute node taint (any) application is
not applied. Gardb pod in Pending State.
PASS: If compute has no taint application is applied
PASS: After user override add toleration and compute node taint
application is applied.

Story: 2009232
Task: 44174

Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: I7a5f5066bae766305480b877a09e5122b618ef0e
2021-12-13 19:32:15 +00:00
Hugo Brito
9dc289bfc7 Add NoExecute toleration for mariadb and rabbitmq
This patch moves the NoExecute toleration for mariadb
and rabbitmq pods to the new toleration parameter.

NoExecute toleration is required because of:
https://review.opendev.org/c/starlingx/openstack-armada-app/+/751358

Story: 2009232
Task: 44151

Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: I09d109f5725d60ef1d670c62055b98f99a194eb0
2021-12-09 17:09:19 +00:00
Tracey Bogue
dec8d50061 Add Debian packaging for openstack app
Create Debian packages for openstack-helm,
openstack-helm-infra, python-k8sapp-openstack and
stx-openstack-helm packages.

Story: 2009101
Task: 43801

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: I24dcedf8e9181ab38c27c2e117b1487f0feb614c
2021-12-06 12:59:32 -06:00
Lucas Cavalcante
de4ac1007a Add tolerations to openstack services
Adds patches from openstack-helm and openstack-helm-infra that
enables openstack services, jobs, and friends (libvirt, memcached
mariadb, openvswitch, rabbitmq, ingress) to support taint toleration

Also adds tolerations for nova-api-proxy, stx-ks-user and
nova-ephemeral-pool

Taint toleration `node-role.kubernetes.io/master:NoSchedule` is also
enabled by default as seen in `manifest.yaml`

deleted:
  - file: 0014-Add-tolerations-to-rabbitmq-chart.patch
    reason: deprecated by 0017 (also was not working for rabbit jobs)
  - file: 0015-Add-tolerations-to-mariadb-chart.patch
    reason: deprecated by 0017 (also was not working for maria jobs)

Test Plan:

PASS: After controller node taint application is applied
PASS: If controller has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: Other taint is added to controller and after user overrides apply
succceeds

Notes:
 - Tested in AIO-SX (Both Virt. and Physical Machine)
 - Tested with taint node-role.kubernetes.io/master:NoSchedule
 - Tested with taint openstack-compute-node:NoSchedule
 - Apply fails -> pods pending untolarated taints

Story: 2009232
Task: 43345

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I6bd0d28cdc31f07d18b3cdfda3b0282a4d3117a4
2021-12-03 08:35:21 -03:00
Zuul
7120e3fb53 Merge "Retire Panko" 2021-12-02 22:06:00 +00:00
Heitor Matsui
1262e5ca01 Fix PCI devices missing mount points
PCI IRQ affinity agent is unable to find the instances' PCI devices
and is failing to set IRQ affinity settings. This is happening
because the directory used by the agent, /sys/bus/pci/devices,
contains symbolic links to directories inside /sys/devices, and these
aren't available inside the container, causing the agent to fail when
it tries to read PCI devices information.

This commit changes the hostPath volume from /sys/bus/pci/devices to
/sys, so that the container will have /sys/devices mounted as well
and the agent will be able to access its contents.

Test Plan:
PASS: Verify that /sys/bus/pci/devices symbolic links are not broken
PASS: Verify that PCI IRQ affinity agent can read PCI devices info
PASS: Verify agent configuring IRQ affinity settings successfully
      after booting instances with PCI affinity mask on the flavor

Regression:
PASS: Verify that openstack application can be applied successfully
PASS: Verify that no alarms are raised after applying openstack

Closes-bug: 1952660
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I1d6dea0a89955715975de3d3cda384e7f19bd13c
2021-11-30 18:16:09 -03:00
Thiago Brito
0a50ff4f89 Retire Panko
With the openstack-helm upversion, we noticed that the Panko project was
retired [1][2]. Since this chart is currently disabled by default, we
didn't notice it, but we need to take action to remove the chart
references from stx-openstack.

[1] 160529ef90
[2] http://lists.openstack.org/pipermail/openstack-discuss/2021-May/022337.html

TEST PLAN

PASS Build and install stx-openstack with the change
PASS Verified no override namespaces were generated to Panko via `system
     helm-override-list` and `system helm-override-show wr-openstack
     panko openstack`
FAIL (expected) Tried to enable the Panko chart using `system
     helm-chart-attribute-modify --enabled true wr-openstack panko
     openstack
PASS Enabled aodh, ceilometer, gnocchi and re-appplied

Story: 2009161
Task: 44072
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2dc99a5d86933b36cc635124aca779e3bb20a7d0
2021-11-30 15:12:07 +00:00
Zuul
1eb9ea3d4a Merge "PCI IRQ affinity mask metadata" 2021-11-26 22:59:05 +00:00
rferraz
aa7bf02e6b PCI IRQ affinity mask metadata
This patch introduces the hw:pci_irq_affinity_mask metadata.

The metadata hw:pci_irq_affinity_mask specifies which CPU cores are
interrupted due to PCI IRQ requests. It can be set as a compute flavor
extra spec, as well as a compute image or volume metadata.

Test Plan                                                         Status
1. New metadata is added to the supported metadata list           PASSED
   on compute flavor, compute image and volume metadata
2. New metadata can be set to a value                             PASSED
   on compute flavor, compute image and/or volume metadata
3. New metadata can be changed value and/or deleted               PASSED
   on compute flavor, compute image and/or volume metadata
4. New metadata persists when re-applying OpenStack               PASSED

Regression
1. New metadata is added to the supported metadata list           PASSED
   on compute flavor, compute image and volume metadata
2. New metadata can be set a value, changed valued and deleted    PASSED
   on compute flavor, compute image and volume metadata

Story: 2009299
Task: 43861

Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
Change-Id: I0f94e8cddcff744306a01ce275c697cb39f8c5e7
2021-11-26 03:41:45 -03:00
Thiago Brito
147f1cfb7f Using general naming for app openstack
To make a downstream release of stx-openstack, we often have to also
rename all the app's helm and puppet plugins namespace and also change
code on sysinv. This change decouples the name of the openstack
application from its plugins in order to ease downstream development
and release.

Tests report: https://paste.opendev.org/show/810225/

Story: 2009669
Task: 43900

Depends-On: https://review.opendev.org/c/starlingx/config/+/814670
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2bce2416c613bde374a86854c746ba4ded52a842
2021-11-24 14:04:02 +00:00
Heitor Matsui
2755a00457 Get admin password and use it on config template
The pci-irq-affinity-agent uses the platform keyring file to
fetch the admin password to communicate with OpenStack services,
but now that the agent is raised during the application apply it
can use the same approach the other helm charts use to get the
credentials, using it's plugin to capture the information and
generate the system overrides with the values.

This commit:
- Changes the plugin to get the credentials
- Changes the pci-irq-affinity-agent helm chart to include the
password on the chart values and use it on the agent config file
template
- Adds an init container with dependencies on libvirt and nova
compute pods, so that the agent pod is only create when those
are available
- Removes the keyring mount on the container, which will not be
needed anymore with the previous changes and is causing failure
when raising the pod
- Removes additional keyring tools

Depends-On: https://review.opendev.org/c/starlingx/utilities/+/818620
Closes-Bug: 1951245
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
Change-Id: I26f993146b8a17b7602a45f0cd5d983c1d93b0c1
2021-11-20 13:27:36 -03:00
Thiago Brito
70dde94488 Pin placement's db_migrate image version
On commit 03d78718966e85eb0094ed48062d9d33f3519f85 of
openstack-helm a new image was introduced to execute the db
migrations as a "latest" form. This commit pins the version of
that image for stx-openstack to a fixed version to avoid that
future image builds of porthole-mysqlclient-utility breaks the
app.

Closes-Bug: #1951444

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2b599578858c9212fb61419f166d4db8527f884d
2021-11-18 13:05:27 -03:00
Heitor Matsui
1747cd2dd2 Create ServiceAccount for pci-irq-affinity-agent
The stx-openstack apply is failing with a timeout condition,
caused by failure while trying to pull the image of the agent from
the local registry. This is caused by missing imagePullSecrets on
the daemonset definition, so this commit creates the ServiceAccount
with the imagePullSecrets and use it on the spec.

Closes-Bug: 1951245
Change-Id: I5e408539e001bbe867812db8c614d47cea1ae225
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2021-11-17 15:02:23 -03:00
Zuul
bf60464454 Merge "Decouple pci-irq-affinity-agent service" 2021-11-16 14:44:25 +00:00
Heitor Matsui
7f9029b21f Decouple pci-irq-affinity-agent service
This change is part of an initiative to decouple the pci-irq-affinity
agent process from the platform by converting it into a resource to
be deployed along with stx-openstack application.

Depends-on: https://review.opendev.org/c/starlingx/utilities/+/814031
Story: 2009299
Task: 43656

Change-Id: Iefc1106e01cbfc874119e16b610e48a629771db1
Signed-off-by: Heitor Matsui <HeitorVieira.Matsui@windriver.com>
2021-11-10 15:41:58 -03:00
Zuul
7bbdc856ba Merge "Update openstack-helm commit" 2021-11-10 17:26:04 +00:00