- Remove openstack-helm-infra-openstack-support* jobs.
Instead of these jobs we run compute-kit, cinder and tls
jobs defined in the openstack-helm repo.
- Remove all experimental jobs since they are outdated and
do not work. We will later add some of the test cases
including apparmor, network policy, tenant Ceph and others.
Change-Id: I8f3379c06b4595ed90de025d32c89de29614057d
Specifically we would like at least the following
deployments to be tested when helm-toolkit is updated
- compute-kit
- cinder
- tls
Change-Id: I3991d6984563813d5a3a776eabd52e2e89933bd8
Forward requests for unknown names to 8.8.8.8
NOTE: Temporarily disable DPDK job which turned to
be incompatible with this PR
https://review.opendev.org/c/openstack/openstack-helm/+/914399
It wasn't tested with the DPDK job.
Change-Id: I936fb1032a736f7b09ad50b749d37095cce4c392
Also
- Update default Heat image to 2023.2 used for
init and test jobs
- Add overrides for
- yoga-ubuntu_focal
- zed-ubuntu_focal
- zed-ubuntu_jammy
- 2023.1-ubuntu_focal
- 2023.1-ubuntu_jammy
- 2023.2-ubuntu_jammy
Change-Id: I516c655ea1937f9bd1d363ea86d35e05e3d54eed
- Make it less mixed. Each task file
deploys one feature.
- Deploy Metallb
- Deploy Openstack provider network gateway
Change-Id: I41f0353b286f817cb562b3bd59992e4baa473568
- OVN init script must be able to attach an interface
to the provider network bridge and migrate IP from the
interface to the bridge exactly like Neutron OVS agent
init script does it.
- OVN init script sets gateway option to those OVN controller
instances which are running on nodes with l3-agent=enabled
label.
Change-Id: I24345c1f85c1e75af6e804f09d35abf530ddd6b4
This PS switches mariadb to use primary service by
default instead of ingress based deployment. The
primary service that is getting created and
automatically updated based on the leader election
process in start.py entrypoint script.
Mariadb primary service was introduced by this PS:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/905797
Change-Id: I4992276d0902d277a7a81f2730c22635b15794b0
These two jobs openstack-helm-infra-aio-monitoring and
openstack-helm-infra-aio-logging were only needed for
backward compatibility.
Depends-On: I9c3b8cd18178aa57ce44564490ef1b61f275ae29
Change-Id: I09d0e48128a3fd98fa9148b8e520df75d6e5be50
Recently we added a jpg file to OSH documentation
but the lint job didn't run due to the job configuration.
But then for the next PR link job did run and failed
due to trailing whitespace in the jpg file.
Change-Id: I9abf8f93a4566411076190965f282375846dc5db
This PS adds mariadb-server-primary service that is getting created
and automatically updated based on the leader election process in
start.py entrypoint script.
Change-Id: I1d8a8db0ce8102e5e23f7efdeedd139726ffff28
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
When using Rook for managing Ceph clusters we have
to provision a minimal set of assets (keys, endpoints, etc.)
to make Openstack-Helm charts work with these Ceph clusters.
Rook provides CRDs that can be used for managing Ceph assets
like pools/keyrings/buckets etc. but Openstack-Helm can not
utilize these CRDs. To support these CRDs in OSH would
require having lots of conditionals in OSH templates since
we still want OSH to work with OSH ceph-* charts.
Change-Id: If7fe29052640e48c37b653e13a74d95e360a6d16
This PS adds mariadb-cluster chart based on mariadb-operator. Also for
some backward compartibility this PS adds mariadb-backup chart and
prometheus-mysql-exporter chart as a separate ones.
Change-Id: I3f652375cce2e3b45e095e08d2e6f4ae73b8d8f0
When using Rook for managing Ceph we can use
Rook CRDs to create S3 buckets and users.
This PR adds bucket claim template to the
elasticsearch chart. Rook creates a bucket for
a bucket claim and also creates a secret
containing the credentials to get access to this
bucket. So we also add a snippet to expose
these credentials via environment variables to
containers where they are needed.
Change-Id: Ic5cd35a5c64a914af97d2b3cfec21dbe399c0f14
- In case we deploy Ceph on a multi-node env we have
to prepare the loop devices on all nodes. For this
we moved loop devices setup to the deploy-env
Ansible role.
For simplicity we need the same device on all nodes,
so we create a loop device with a big
minor number (/dev/loop100 by default) hoping
that only low minor numbers could be busy.
- For test jobs we don't need to use different devices
for OSD data and metadata. There is no
any benefit from this for the test environment.
So let's keep it simple and put both OSD data and metadata
on the same device.
- On multi-node env Ceph cluster needs cluster members
see each other, so let's use pod network CIDR.
Change-Id: I493b6c31d97ff2fc4992c6bb1994d0c73320cd7b
The motivation is to reduce the code base and get rid
of unnecessary duplications. This PR is moves bandit
tasks from the osh-infra-bandit.yaml playbook
to the osh-bandit role. Then we can use this role for the
same job in OSH.
Change-Id: I9489a8c414e6679186e6c399243a7c0838df812a
This PS mounts extra 80Gb volume if available and mounts it to
/opt/ext_vol. It also alters docker and containerd configs to move their
root folder to that extra volume. This helps zuul gates to succeed when
a node with 40Gb volume is assigned to a zuul gate.
Change-Id: I1c91b13c233bac5ebfe6e3cb16d4288df2c2fe80
This change adds an openstack-support-rook zuul job to test
deploying Ceph using the upstream Rook helm charts found in the
https://charts.rook.io/release repository. Minor changes to the
storage keyring manager job and the mon discovery service in the
ceph-mon chart are also included to allow the ceph-mon chart to be
used to generate auth keys and deploy the mon discovery service
necessary for OpenStack.
Change-Id: Iee4174dc54b6a7aac6520c448a54adb1325cccab
To make it easier to maintain the jobs all experimental
jobs (those which are not run in check and gate pipelines)
are moved to a separate file. They will be revised later
to use the same deploy-env role.
Also many charts use Openstack images for testing this
PR adds 2023.1 Ubuntu Focal overrides for all these charts.
Change-Id: I4a6fb998c7eb1026b3c05ddd69f62531137b6e51
The current zuul jobs definitions still use an older release and
distro version of ubuntu. This change modifies the versions to run
ubuntu focal and the Xena release of openstack.
Change-Id: I653fd9ed42972c7bba5fa94519cd413c0d15b2c9
osh-infra still have references to fedora 27 which is quite old now,
this change removes those definitions since they are unused.
Change-Id: I4f127113f0014ec2ed11f21e230facd08820af6e
The kubernetes-keystone-auth check job has not been ran in a long
time and has not been maintained. This change removes it from the
list of jobs defined and jobs ran in the osh-infra project.
Change-Id: If0275524fda92d8fd8baa689521e2e841210ce51
Since most of the charts in both openstack-helm and
this repo use helm-toolkit, changes in helm-toolkit
have the possibility of impacting charts in the
openstack-helm repo and will not be caught in testing
here.
This change adds a conditional linter to lint the
charts in the openstack-helm repo if any changes
to helm-toolkit are made.
Change-Id: I0f6a935eca53d966c01e0902e546ea132a636a9d
The fedora and centos jobs have not been used or maintained for
quite some time. This change removes them and the related notes.
Also removed an outdate note about disabling all the experimental
and periodic jobs.
Change-Id: Ic8eb628e21c49957bdcd10a8d69d850ec921b6d6
This change improves the osh-infra-deploy job to
successfully deploy minikube with helm v3 along with
the necessary namespaces. Future changes will modify
the install scripts for each job to make them helm
v3 compatible.
Change-Id: I08a94046f86f7c92be7580fbf10751150d2fcecc
Changes the override to use dynamically generated certs for the
libvirt-ssl jobs so they don't expire in the future. Also, changes it so
it is voting again like before.
Signed-off-by: Tin Lam <t@lam.wtf>
Change-Id: If7215961b0b9a7cad75afd7f78592515b74a7b58
This patch sets temporary disables the ssl gate job and makes the check
job non-voting to unblock osh-infra. The certificate hardcoded in [0]
has expired.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:61:31:9d:0f:ff:99:81:ba:6d:50:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = libvirt.org
Validity
Not Before: Sep 15 21:26:53 2020 GMT
Not After : Sep 15 21:26:53 2021 GMT
This will need to be updated or better, unhardcode this at the gate.
[0] https://opendev.org/openstack/openstack-helm-infra/src/branch/master/tools/deployment/openstack-support/051-libvirt-ssl.sh#L27-L51
Signed-off-by: Tin Lam <t@lam.wtf>
Change-Id: I5ea58490c4fe4b65fec7bd3f11b4684cdc1a3e8b
This change removes a bunch of unused and unmaintained files
and job declarations related to deploying osh-infra with armada.
Change-Id: I158a255132cd6b02607b6e1e77b8b9525cc8a3d5
This change adds a new script and job to deploy minikube with
helm3. This job will be improved upon in later changes as
part of the movement to helm3.
Change-Id: Ia7ef30a4e2af77508ad95191e5241d2c1b83a7c4
Vladimir Kozhukalov