This change updates all of the charts that use Ceph images to use
new images based on the Squid 19.2.1 release.
Rook is also updated to 1.16.3 and is configured to deploy Ceph
19.2.1.
Change-Id: Ie2c0353a4bfa181873c98ce5de655c3388aa9574
This is the action item to implement the spec:
doc/source/specs/2025.1/chart_versioning.rst
Also add overrides env variables
- OSH_VALUES_OVERRIDES_PATH
- OSH_INFRA_VALUES_OVERRIDES_PATH
This commit temporarily disables all jobs that involve scripts
in the OSH git repo because they need to be updated to work
with the new values_overrides structure in the OSH-infra repo.
Once this is merged I4974785c904cf7c8730279854e3ad9b6b7c35498
all these disabled test jobs must be enabled.
Depends-On: I327103c18fc0e10e989a17f69b3bff9995c45eb4
Change-Id: I7bfdef3ea2128bbb4e26e3a00161fe30ce29b8e7
Recently we fixed the libvirt.sh script
and removed the conditionals cgroup commands
which were introduced for smooth transition
to Jammy and cgroups v2
https://review.opendev.org/c/openstack/openstack-helm-infra/+/929401
But because we didn't have overrides for 2023.1
we used to run 2023.1 with the default libvirt image
openstackhelm/libvirt:latest-ubuntu_focal
which does not work with cgroups v2 on the host
system with this recent fix (see above).
So the 2023.1 Ubuntu Jammy compute-kit test jobs fails.
This PR fixes this job by means of introducing
explicit image overrides for 2023.1.
Change-Id: Ie81f8fb412362388274ea92ad7fa5d3d176c0441
Use virsh connect instead of list which is heavy and may
stuck for a while when libvirt creating domains.
Change-Id: I515c70b0b3a050599726ca2548eeeb7fd3f3e6ea
It may be required to use some dynamic options such as IP address
from interface where to bind service. This patch adds ability to
use dynamic logic in option detection and fill it in the configuration
file later.
Co-Authored-By: dbiletskiy <dbiletskiy@mirantis.com>
Change-Id: I8cc7da4935c11c50165a75b466d41f7d0da3e77c
Add init-modules libvirt container which allows to initialize
libvirt modules during start. The script is provided via
.Values.init_modules.script data structure
Change-Id: I9d5c48448b23b6b6cc18d273c9187a0a79db4af9
The tests is useless as libvirt is not running in the pod
cgroup so pod settings are not applied to it.
Change-Id: Ice3957c800e29a0885a341103c453c4d6c921fd3
The list of default kernel cgroup controllers may be changed
an example is kernel upgrade from 5.4.x to 5.15.x where misc controller
is enabled by default. Unhardcode list of controllers to have ability
to override them for never kernel version and allow to do not kill
qemu processes with container restart.
Change-Id: Ic4f895096a3ad2228c31f19ba1190e44f562f2a0
Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.
Change-Id: I6349a57494ed8b1e3c4b618f5bd82705bef42f7a
This change updates the Ceph images to 18.2.2 images patched with a
fix for https://tracker.ceph.com/issues/63684. It also reverts the
package repository in the deployment scripts to use the debian-reef
directory on download.ceph.com instead of debian-18.2.1. The issue
with the repo that prompted the previous change to debian-18.2.1
has been resolved and the more generic debian-reef directory may
now be used again.
Change-Id: I85be0cfa73f752019fc3689887dbfd36cec3f6b2
This patchset allows enabling vencrypt for VNC, based on a
downstream patchset. [1]
Primary differences:
- script to generate pod-specific certs has been moved under
values.conf.vencrypt.cert_init_sh to allow for it to be
overridden if necessary
- leaves the creation of a (sub)issuer for vencrypt as
outside the scope of this (and the nova) chart
- issuer to use to sign these certs configurable under:
values.conf.vencrypt.issuer.kind
values.conf.vencrypt.issuer.name
- added manifests.role_cert_manager to control creation of
roles needed to create/update certs
1. https://github.com/vexxhost/atmosphere/pull/483
Change-Id: I955015874fed2b24570251c4cad01412bbab6045
The reason for this PR is that in most cases
we utilize systemd cgroup driver nowadays.
So it worth it to set kubepods.slice cgroup root
by default.
https: //github.com/kubernetes/kubernetes/blob/release-1.26/pkg/kubelet/cm/cgroup_manager_linux.go#L77-L81
Change-Id: I0cad148eb827439815c7e5bad1d6b6108cd1ab8d
This change updates all Ceph image references to use Focal images
for all charts in openstack-helm-infra.
Change-Id: I759d3bdcf1ff332413e14e367d702c3b4ec0de44
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
This change updates the default libvirt image value and removes
several unused values overrides for the libvirt chart.
Change-Id: I0a0b81de017f33c2cabf5311f5288c8f46191d8b
This adds taint toleration support for openstack jobs
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I8e1a719235b364907491df25ce7e32133163ecf9
With "hostPid: true" we want the entrypoint process to be libvirtd not a wrapper so that process lifecycle management works as expected.
The fix for now is
* start libvirtd
* create secrets (libvirtd needs to be running for this)
* kill it
then start it again using exec so libvirtd is the entrypoint pid
and container lifecycle should work as expected.
Change-Id: I9ef8a66da0fba70e8db4be3301833263de0617e8
This change updates the helm-toolkit path in each chart as part
of the move to helm v3. This is due to a lack of helm serve.
Change-Id: I011e282616bf0b5a5c72c1db185c70d8c721695e
This PS enables overriding liveness/readiness probes configurations
for libvirt pods via values.yaml. In addition, updating the values
for some of the fields of the probes as the default values seem to
be too aggresive.
Change-Id: I64033a1d67461851d8f2d86905ef7068c2ec43b6
Co-authored-by: Huy Tran <ht095u@att.com>
Change-Id: Ib10379829e2989d3de385ad6d1944565b2f9953f
This will ease mirroring capabilities for the docker official images.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
We are gonna use libvirt unix socket in nova.
We are trying to realize live migration in libvirt while guarantee
secure. To realize this, replaced 127.0.0.1 with 0.0.0.0 for listen
address and plus enabled tls instead bare tcp.
And in the nova, used libvirt unix socket to connect instead of tcp
127.0.0.1 connection.
fyi, https://review.opendev.org/752108/
and https://review.opendev.org/752125/
Change-Id: Idb7d3a0d90be84d96b541c41fb90abdd33b7de94
Example values_overrides file is added to indicate how to
override the Libvirt manifest for configure an additional
externally managed Ceph Cinder backend.
Change-Id: I8e7a294059a2d98fb7854a281a29dcff80530d2b
Motivation: libvirt 127.0.0.1 listen is terrible for live migration.
To resolve that, we can use 0.0.0.0 but it is not secure so tried
to realize SSL.
Once create secrets for cacert, client&server cert and keys then it will
mounted on libvirt daemonset.
It means all instances use the same key and cert. This is not ideal
but can be considered as the first stage.
Change-Id: Ic3407e484039afaf98495e0f6028254c4c2a0a78
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This patchset adds a libvirt secret for the Cinder uuid of external
ceph backend when Cinder externally managed ceph backend is
enabled.
Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
