This commit enables configuration of probes
for etcd pod by manipulating/overriding values in
values.yaml or through manifests.
Change-Id: I69eabd13f8ea8b97a33281ad993ec2e88b9280bc
- When the anchor provides a new haproxy config file
to the running haproxy, add a reasonable check that
the new config is valid:
- Is it a valid config file per haproxy
- Does it contain the expected number of frontends
- Update helm version for linting to 2.14.1
Change-Id: I7a49deb372831c44f05c7baa870735c515519cb2
Now it's possible to use hyperkube Docker image to extract hyperkube binary.
Use case for this feature is kubelet/kubectl delivery in one binary(hyperkube)
which is built into Docker image. Promenade will extract hyperkube from Docker image,
create symlinks for kubelet/kubectl pointed to hyperkube. To do so promenade container
need to be configured to use Docker on the host where this container will be created.
This is happening only for script generation for genesis node. Later when promenade
will be started as a service pod inside ucp cluster it will generate scripts for joining nodes
by using cached hyperkube from /tmp.
Old way to delivery kubelet from tarball is still supported.
Configuration for the new method.
Need to export environment variables to properly configure Docker in Docker.
Docker socket should be provided as a mounted file inside promenade.
Also need to set temporary permissions for this socket during the build scripts stage.
Example:
DOCKER_SOCK="/var/run/docker.sock"
sudo chmod o+rw $DOCKER_SOCK
export DOCKER_HOST="unix:/${DOCKER_SOCK}"
export PROMENADE_TMP="abs_path_tmp_dir_on_host"
export PROMENADE_TMP_LOCAL="tmp_dir_inside_container"
After genesis scripts generation Docker socket permission should be turned back:
sudo chmod o-rw $DOCKER_SOCK
Change-Id: Ida22ea934fc551fec34df162d8147c8b9e630330
Currently, the package, repository, and key lists are used by up.sh for
genesis and join. This is not desirable when using an in-cluster
mirroring service, as the service address may change after it has been
deployed.
This commit separates the sources for genesis and join to circumvent the
aforementioned pain point. A 'common' entry in the
'promenade/HostSystem/v1' document can be used if a common source for
genesis and join is desired.
Co-authored-by: Rick Bartra <rb560u@att.com>
Change-Id: Ieb2513da0cff587297cfcbf5629d908696349621
This version fixes manifest validation [0], so a couple invalid
manifests are fixed in this patchset as well.
[0]: 32d7f1a3fc
Change-Id: I0cbdf21cf016271bef2d8a541687ce3ab28081ce
This commit introduces a non-voting job to lint Helm charts against the
latest version of Helm toolkit from OpenStack-Helm Infra. This job
should serve as an indicator of when it's safe to advance the version of
Helm toolkit used by Airship.
Additionally, this commit modifies all Helm chart lint jobs to run on
each commit, regardless of the files modified by a change. This should
not introduce a noticeable difference in CI runtime, as these jobs
execute quicker than the tox jobs.
Change-Id: I0b38ef3388629b88ea6d6f88eabdc2d7f5f69a3b
Daemonset update strategy defaults to OnDelete in v1beta1, whereas
it defaults to RollingUpdate in v1, which seems prefereable.
This also adds helm-toolkit based labels at the controller level
to match standard usage such as for example by armada as wait labels.
This change has been tested using the promenade resiliency gate.
Change-Id: I9fd1bc4caedc0a6717b779e5333640ca8dc78b7e
Adds an optional external_ip parameter to the prom join script API,
and to the Genesis and KubernetesNode schema.
This is used to populate the host's IP address in its /etc/hosts
file if present, according to normal hosts conventions.
If the value is not passed to prom-join or is absent from a
Genesis or KubernetesNode document, then the hosts file defaults
to the current loopback IP for the hostname (business as usual).
Change-Id: I58dc219923b18aaf9c83453b896ce509664d8766
- Zuul updated ansible to 2.7, no longer uses missing variables.
- Using an if to try and address.
Based on Aaron Sheffield's PS for Pegleg:
https://review.openstack.org/#/c/645631/
Change-Id: I6cf52a2b9c804c29cc727ad60d45c05a8450c9e9
This pins the version of helm-toolkit used in the build due to
a breaking change in helm-toolkit.
Once helm 2.13.1 is released with this fix [0] we can update to use
it, and update the helm-toolkit pin to "master".
[0]: https://github.com/helm/helm/pull/5411
Change-Id: I827f1145c6d670cc955b82155455455a4f3ca486
This change updates the following components in the Promenade charts,
docs, and example bootstrap configuration:
Kubernetes 1.10.11 -> 1.11.6
CoreDNS 1.1.2 -> 1.1.3 (per k8s 1.11 recommendations)
Etcd 3.2.14 -> 3.2.18 (per k8s 1.11 recommendations)
Tiller 2.10.0 -> 2.12.1 (per Helm k8s support)
This change has been tested by the Promenade resiliency gate.
Change-Id: Ia70de212dd2d50c6638578b92c750a4d5c791229
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I55f546b8ad22bf2e3097ff831d021ed5a35059de
16.04 on 16.04 VMs will crash (illegal instruction in
raid6_avx21_gen_syndrome) on boot if the host has AVX2 and we pass
that through.
The issue seems to be the guest kernel sees presence of AVX2 so raid6
module makes use of it - though it's not enabled (different bits).
Until this is resolved in the host hypervisor (kvm) and/or guest
kernel, mask out AVX2 to prevent crashes in L1/L2 VMs.
Change-Id: I0ca8edb8f62f9f2e96aa5e265bac631c346d0eac
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
4) Unify docker-image-build.yaml playbook with other Airship-*
components
Change-Id: I89afed3bf6a1f9fa92391d605bb6b3c871e58126
This introduces a new document called `EncryptionPolicy` to configure
this behavior. It currently only supports using symmetric encryption
with `GPG`, but that should be available on all Ubuntu systems (which is
what we currently support) and should also be fairly reliable.
Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf
Depends-On: https://review.openstack.org/#/c/602175/
This was removed in Iccf6228ab9e6d621d3047994b3adc192d67273c9 but should
not have been as it has allowed for code format drift.
This also
* Pins the version of yapf to 0.24.0
* Fixes some drift
* Updates formatting to the version of yapf being used
Change-Id: Ie3d9fd6344a29d8ddb76a36d4a31d001a4c8b7c6
This also makes a corresponding update to the Makefile to address a bug
with which $(HELM) is being used that was exposed during local testing.
Change-Id: I08da45c1f232960c58ab482053befed83da6fdd6
These pinned versions are frequently removed from Ubuntu's repositories,
leading to broken tests. Removing them will expose us to breakage from
unexpected updates, but will avoid issues with removed packages.
Change-Id: I30bf993fa20f0054ee77eb47086a784f6d02d2ac
This change adds the global zuul pep8 tox job, which runs both
bandit and pep8 using tox. This also removes the two other airship
specific lint-pep8 and bandit zuul jobs since they are both covered
by the default openstack global one.
Also cleaned up the tox.ini by moving the requirements into the
test-requirements.txt file.
Change-Id: Iccf6228ab9e6d621d3047994b3adc192d67273c9
Update all Helm and Tiller references to 2.9.1, which has fixes
for template rendering bugs. Some references are already updated,
and this PS updates the rest.
Change-Id: Id617cc866d09f5cb3708fcf329a21bc60e17ce45
This provides more robustness in testing and removes a nosec.
Additionally, commit 5a8b1d8 introduced a random failure in the
resiliency gate, due to there being a chance to choose the intentionally
downed node for the join ip.
Change-Id: I77b410b8e51f9d41eca2be4f5f770694140733b4
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
