airship/porthole
Code Issues Proposed changes
porthole/tools/gate/playbooks/roles/disable-local-nameserver/tasks/main.yaml
Markin, Sergiy (sm515x) 1cb2ee3566 [CPID-354] Improve MariaDB Backup/Restore validation process 
HTK has been updated to 0.2.48 version that includes local backup verification step before uploading to remote storage.

In mysqlclient-utility chart HTK is used to perform test backup/restore processes. This chart has been updated to match HTK changes.
The main difference that a mariadb verification server has to be running as a side container.

In etcdctl-utility chart .Values.manifests.secret_certificates value was set to False and a condition has been added to deployment-etcdctl-utility.yaml to avoid looking for etcdctl-etcd-secrets secret to mount.

Also in mysqlclient-utility in ensure_ondemand_pod_exists() function of dbutils.sh made the folloging adjustment: number of containers in *-ondemand pod in pod existence verification condition set to 2/2. This is because we added the second container to this pod with verification server.

Additionally, bumping up HTK version to 0.2.48 from a commit id obtained from merge of https://review.opendev.org/c/openstack/openstack-helm-infra/+/853027 and set proper commit id in this file: tools/helm_tk.sh

Change-Id: I9d3796500574da3582cf67d8aeeec8c796dd88dd
2022-09-10 14:55:40 -05:00

60 lines
2.2 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(portdirect): We disable the local nameserver as it interferes with the
# k8s dns-service and other local resolvers used for development use.
# See the following for the original config:
# * https://github.com/openstack/project-config/blob/0332c33dd134033e0620645c252f82b77e4c16f5/nodepool/elements/nodepool-base/finalise.d/89-unbound
---
- name: Disable local nameserver and systemd-resolved service
when: ansible_distribution == 'Ubuntu'
block:
- name: update rc.local
blockinfile:
path: /etc/rc.local
mode: 365
block: |
#!/bin/bash
set -o xtrace
# Some providers inject dynamic network config statically. Work around this
# for DNS nameservers. This is expected to fail on some nodes so remove -e.
set +e
sed -i -e 's/^\(DNS[0-9]*=[.0-9]\+\)/#\1/g' /etc/sysconfig/network-scripts/ifcfg-*
sed -i -e 's/^NETCONFIG_DNS_POLICY=.*/NETCONFIG_DNS_POLICY=""/g' /etc/sysconfig/network/config
set -e
echo 'nameserver 208.67.222.222' > /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
exit 0
- name: write resolv.conf
blockinfile:
path: /etc/resolv.conf
mode: 644
block: |
nameserver 208.67.222.222
nameserver 8.8.8.8
- name: stop unbound service
systemd:
state: stopped
enabled: no
masked: yes
daemon_reload: yes
name: unbound
- name: stop systemd-resolved service
systemd:
state: stopped
enabled: no
masked: yes
daemon_reload: yes
name: systemd-resolved
...
View Git Blame Copy Permalink