Commit Graph

3772 Commits

Author SHA1 Message Date
Vladimir Kozhukalov 6ca83be780 Rename dpdk job name to reflect Openstack version
Change-Id: I9c04a60ae8b7fde35a8a970e3b74bcaad7bd564f
2024-03-26 11:22:04 -05:00
Zuul 3a062b3c5c Merge "Add custom secret annotations helm-toolkit snippet" 2024-03-26 16:15:44 +00:00
Tadas Sutkaitis b968a788ca
Add custom secret annotations helm-toolkit snippet
Change-Id: Ic61afcb78495b35ee42232b435f54344f0a0a057
2024-03-26 01:05:18 +02:00
Vladimir Kozhukalov 81828430e5 Bump RabbitMQ version 3.9.0 -> 3.13.0
Also
- Update default Heat image to 2023.2 used for
  init and test jobs
- Add overrides for
  - yoga-ubuntu_focal
  - zed-ubuntu_focal
  - zed-ubuntu_jammy
  - 2023.1-ubuntu_focal
  - 2023.1-ubuntu_jammy
  - 2023.2-ubuntu_jammy

Change-Id: I516c655ea1937f9bd1d363ea86d35e05e3d54eed
2024-03-25 17:56:06 -05:00
Zuul 10e0a1cd70 Merge "Refactor deploy-env role" 2024-03-25 22:11:01 +00:00
Zuul cdb4233fea Merge "Add custom pod annotations helm-toolkit snippet" 2024-03-25 21:37:21 +00:00
Vladimir Kozhukalov 5b1879aa09 Refactor deploy-env role
- Make it less mixed. Each task file
  deploys one feature.
- Deploy Metallb
- Deploy Openstack provider network gateway

Change-Id: I41f0353b286f817cb562b3bd59992e4baa473568
2024-03-25 14:45:00 -05:00
Zuul a957d8e12c Merge "Bump containerd sandbox image from 3.6 to 3.9" 2024-03-22 23:20:48 +00:00
Zuul 96ee145e14 Merge "Update ovn controller init script" 2024-03-22 19:05:07 +00:00
Vladimir Kozhukalov 68ae97277e Add custom pod annotations helm-toolkit snippet
Change-Id: I898afae7945c03aec909e5edcd1c760c4d8ff9d6
2024-03-21 18:46:32 -05:00
Vladimir Kozhukalov fb90642b18 Update ovn controller init script
- OVN init script must be able to attach an interface
  to the provider network bridge and migrate IP from the
  interface to the bridge exactly like Neutron OVS agent
  init script does it.

- OVN init script sets gateway option to those OVN controller
  instances which are running on nodes with l3-agent=enabled
  label.

Change-Id: I24345c1f85c1e75af6e804f09d35abf530ddd6b4
2024-03-21 16:03:51 -05:00
Vladimir Kozhukalov d33e9bd50c Bump containerd sandbox image from 3.6 to 3.9
Fixes the following kubeadm warning:

W0321 01:33:46.409134   14953 checks.go:835] detected that the
sandbox image "registry.k8s.io/pause:3.6" of the container
runtime is inconsistent with that used by kubeadm.
It is recommended that using "registry.k8s.io/pause:3.9"
as the CRI sandbox image.

Change-Id: I8129a6e9ad3acdf314e2853851cd5274855e3209
2024-03-21 19:37:28 +00:00
Stephen Taylor 1e84d3f714 [rook-ceph] Add a script to migrate Ceph clusters to Rook
This change adds a deployment script that can be used to migrate a
Ceph cluster deployed with the legacy openstack-helm-infra Ceph
charts to Rook. This process is disruptive. The Ceph cluster goes
down and comes back up multiple times during the migration, but the
end result is a Rook-deployed Ceph cluster with the original
cluster FSID and all OSD data intact.

Change-Id: Ied8ff94f25cd792a9be9f889bb6fdabc45a57f2e
2024-03-21 19:36:37 +00:00
Vladimir Kozhukalov cbbeebb5a1 Fix registry bootstrap values
The quay.io/airshipit/kubernetes-entrypoint:v1.0.0 image format is
deprecated and not supported any more by the docker registry.

This is temporary fix to download the image from third party repo
until we update the quay.io/airshipit/kubernetes-entrypoint:v1.0.0.

The deprecation message is as follows:

[DEPRECATION NOTICE] Docker Image Format v1 and Docker
Image manifest version 2, schema 1 support is disabled
by default and will be removed in an upcoming release.
Suggest the author of quay.io/airshipit/kubernetes-entrypoint:v1.0.0
to upgrade the image to the OCI Format or Docker Image
manifest v2, schema 2. More information at
https://docs.docker.com/go/deprecated-image-specs/

The docker-registry container must start not
earlier than docker-images PVC is bound.

Change-Id: I6bff98aa7d0b23e13a17a038f3039b7956703d40
2024-03-20 22:01:26 -05:00
Alexey Odinokov 4f735b471f Fixing rolebindings generation for init container
This part has to use the same configuration
as init container: see line 96

Change-Id: I06c1f3ad586863d4dcfab559d13a592fc576f857
2024-03-15 14:56:09 +00:00
Zuul 4df05848f5 Merge "Update Ceph images to patched 18.2.2 and restore debian-reef repo" 2024-03-13 16:51:25 +00:00
Stephen Taylor 2fd438b4b1 Update Ceph images to patched 18.2.2 and restore debian-reef repo
This change updates the Ceph images to 18.2.2 images patched with a
fix for https://tracker.ceph.com/issues/63684. It also reverts the
package repository in the deployment scripts to use the debian-reef
directory on download.ceph.com instead of debian-18.2.1. The issue
with the repo that prompted the previous change to debian-18.2.1
has been resolved and the more generic debian-reef directory may
now be used again.

Change-Id: I85be0cfa73f752019fc3689887dbfd36cec3f6b2
2024-03-12 13:45:42 -06:00
astebenkova 1953f869ad Include values_overrides for OpenStack components
Fixes issue where override files for OS charts were
missing due to specifying the wrong project directory.

Change-Id: I4af6715a33c7de43068ed76a8115c12a2c0969ed
2024-03-11 17:21:04 +02:00
Zuul af916d970b Merge "bugfix: updated permissions of ceph user created to allow rbd profile" 2024-03-05 18:15:02 +00:00
Stephen Taylor 1e05f3151d [ceph-osd] Allow lvcreate to wipe existing LV metadata
In some cases when OSD metadata disks are reused and redeployed,
lvcreate can fail to create a DB or WAL volume because it overlaps
an old, deleted volume on the same disk whose signature still
exists at the offsets that trigger detection and abort the LV
creation process when the user is asked whether or not to wipe to
old signature. Adding a --yes argument to the lvcreate command
automatically answers yes to the wipe question and allows lvcreate
to wipe the old signature.

Change-Id: I0d69bd920c8e62915853ecc3b22825fa98f7edf3
2024-03-04 21:19:50 +00:00
Sergiy Markin 3a2399c99f Workaround for debian-reef folder issue
This PS changes ceph repo to debian-18.2.1 from
debian-reef due to some issues with debian-reef
folder at https://download.ceph.com/

Change-Id: I31c501541b54d9253c334b56df975bddb13bbaeb
2024-03-04 19:35:38 +00:00
Karl Kloppenborg 93e639a4be
bugfix: updated permissions of ceph user created to allow rbd profile
Change-Id: I9049e4312aa6cb92a832d5100ba1da995233c48e
2024-03-03 02:41:42 +00:00
Sergiy Markin 0e086e4c12 [mariadb] Switch to ingress-less mariadb
This PS switches mariadb to use primary service by
default instead of ingress based deployment. The
primary service that is getting created and
automatically updated based on the leader election
process in start.py entrypoint script.

Mariadb primary service was introduced by this PS:

https://review.opendev.org/c/openstack/openstack-helm-infra/+/905797

Change-Id: I4992276d0902d277a7a81f2730c22635b15794b0
2024-02-26 18:59:22 +00:00
Zuul 973041f378 Merge "Remove unused nodesets" 2024-02-22 00:34:57 +00:00
astebenkova 2216cbfec4 Add compute-kit job with DPDK enabled
+ add role for enabling hugepages

Change-Id: I89d3c09ea3bedcba6cb51178c8d1ac482a57af01
Depends-On: I2f9d954258451f64eb87d03affc079b71b00f7bd
2024-02-14 13:23:34 -06:00
Zuul 683102b725 Merge "[deploy-env] Docker env setup" 2024-02-08 22:00:53 +00:00
Zuul 8d8c18a8dc Merge "Remove some aio jobs" 2024-02-08 20:54:31 +00:00
Sergiy Markin 1c83e3a9ae [deploy-env] Docker env setup
This PS adds connection reset for ansible session
letting zuul user to use newly installed docker
environment without sudo

Change-Id: I37a2570f1dd58ec02338e07c32ec15eacbfaf4b6
2024-02-08 17:57:48 +00:00
Vladimir Kozhukalov 4eed2c3486 Remove calico chart
Tigera provides tools for managing Calico deployments (helm chart,
operator and even plain kubectl manifest). Also there are plenty of
other networking solutions on the market and it looks like users can choose
on their own the CNI implementation.

There have not been many contributions to this chart for quite some time
and we don't use this chart in any test jobs. In the deploy-env role we use
the upstream Calico manifest.

Change-Id: I6005e85946888c52e0d273c61d38f4787e43c20a
2024-02-05 15:17:13 -08:00
Vladimir Kozhukalov cab8491389 Remove unused nodesets
Change-Id: Ifc5ea6a83729fc2313c209f683ef7476d6a14272
2024-02-05 14:31:44 -08:00
Vladimir Kozhukalov 6a452ecb49 Remove some aio jobs
These two jobs openstack-helm-infra-aio-monitoring and
openstack-helm-infra-aio-logging were only needed for
backward compatibility.

Depends-On: I9c3b8cd18178aa57ce44564490ef1b61f275ae29
Change-Id: I09d0e48128a3fd98fa9148b8e520df75d6e5be50
2024-02-05 14:17:39 -08:00
Zuul 010c21cfc9 Merge "Bump Calico version to v3.27.0" 2024-02-03 00:06:33 +00:00
Vladimir Kozhukalov cf2cdd7821 Fix prevent trailing whitespace lint command
Recently we added a jpg file to OSH documentation
but the lint job didn't run due to the job configuration.

But then for the next PR link job did run and failed
due to trailing whitespace in the jpg file.

Change-Id: I9abf8f93a4566411076190965f282375846dc5db
2024-02-02 14:12:26 -06:00
Vladimir Kozhukalov cfff60ec10 Bump Calico version to v3.27.0
Change-Id: I8daa54e70c66cec41733d6b9fd5c9dd4597ff9c1
2024-02-02 13:54:22 -06:00
Zuul c48dffaaa2 Merge "Use upstream ingress-nginx chart" 2024-02-01 21:42:47 +00:00
Vladimir Kozhukalov 88ad17a84b Use upstream ingress-nginx chart
Change-Id: I90a1a1e27f0b821bbecfe493057eada81d4f9424
2024-02-01 10:45:05 -06:00
Zuul b26555ed60 Merge "Use containerized Openstack client" 2024-02-01 03:54:26 +00:00
Zuul c119701ada Merge "[openvswitch] Add overrides values for dpdk" 2024-01-31 20:07:25 +00:00
Vladimir Kozhukalov 03225aad49 Use containerized Openstack client
Change-Id: I17c841b74bf92fc3ac375404b27fa2562603604f
2024-01-31 13:42:43 -06:00
astebenkova 7df8ebde19 [openvswitch] Add overrides values for dpdk
Change-Id: I756f35f1251244bc76f87a18a1a2e51f13a8c010
2024-01-31 09:21:55 +02:00
Stephen Taylor f641f34b00 [ceph] Update Ceph images to Jammy and Reef 18.2.1
This change updates all Ceph images in openstack-helm-infra to
ubuntu_jammy_18.2.1-1-20240130.

Change-Id: I16d9897bc5f8ca410059a5f53cc637eb8033ba47
2024-01-30 07:58:03 -07:00
Stephen Taylor 2d15cb4fdf [ceph-rook] Update Rook and increase ceph-mon memory limit
This change updates Rook to the 1.13.3 release. It also increases
the memory limit for ceph-mon pods deployed by Rook to prevent
pod restarts due to liveness probe failures that sometimes result
from probes causing ceph-mon pods to hit their memory limit.

Change-Id: Ib7d28fd866a51cbc5ad0d7320ae2ef4a831276aa
2024-01-26 13:15:11 -07:00
Zuul 5baf273c9b Merge "[mariadb] Add mariadb-server-primary service" 2024-01-19 22:54:00 +00:00
astebenkova 98f9438ba7 [elasticsearch-exporter] Update to the latest v1.7.0
The current version of the exporter is outdated, switch to the upstream
+ rename --es.snapshots to --collector.snapshots (v1.7.0) and
  --es.cluster_settings to --collector.clustersettings (v1.6.0)

Change-Id: I4b496d859a4764fbec3271817391667a53286acd
2024-01-18 17:23:24 +02:00
Sergiy Markin 07bd8c92a2 [mariadb] Add mariadb-server-primary service
This PS adds mariadb-server-primary service that is getting created
and automatically updated based on the leader election process in
start.py entrypoint script.

Change-Id: I1d8a8db0ce8102e5e23f7efdeedd139726ffff28
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
2024-01-18 00:17:47 +00:00
Zuul d0c93b5648 Merge "Change default ingress path type to prefix" 2024-01-18 00:10:42 +00:00
Ritchie, Frank (fr801x) 5b72041fd9 Change default ingress path type to prefix
Due to CVE-2022-4886 the default pathType for an ingress should be
either "Exact" or "Prefix". This allows for more strict path validation by
the admission controller. This PS changes the default pathType to Prefix.
This value can be overridden.

In a separate PS I will add the pathType parameter to the ingressOpts
for all helm charts that create an ingress.

See:

https://github.com/kubernetes/ingress-nginx/issues/10570

Change-Id: I8f1df594f0c86f2de6cdd7cf2ee56637bd508565
2024-01-17 13:18:25 -05:00
Vladimir Kozhukalov 2b7563f5de Add zuul user to docker group
We are going to use containerized Openstack client
in test scripts. Adding zuul to the docker group
allows running docker command directly not using sudo.

Change-Id: Iee77e7f2b8801743f95535d31d0b909dcea50bf3
2024-01-16 13:38:19 -06:00
Sergiy Markin d0b3f1c1d2 [mariadb-operator] Fix mariadb TLS
This PS fixed some imcompatibilities of inherited mariadb config with
docker-entrypoint.sh script that is now used to perform initial mariadb
nodes setup and mariadb-upgrade at startup.
Also added x509 requirement for root and audit users
connections.


Change-Id: Ic5ad2e692b64927fc73962fe0cc250a9d682114c
2024-01-08 17:43:17 +00:00
Zuul 359ab4b8d7 Merge "Update template for ingress 1.9" 2024-01-05 16:32:34 +00:00