Commit Graph

21 Commits

Author SHA1 Message Date
SPEARS, DUSTIN (ds443n) 7d533d65c3 Adding readiness/liveness probes to apt
This adds readiness and liveness probes to set daemonset to a non-ready status during dpkg usage

Change-Id: I5b9d029f1f8f696b4132a27ea29a77465babc29c
2022-10-19 15:09:04 -04:00
SPEARS, DUSTIN (ds443n) ebf0e22964 Add checks for dpkg availability
Check that dpkg is available before continuing to prevent unwanted pod restarts.

Change-Id: I6925cd074b88d10a858f044da21c7e20a7a238e5
2022-09-30 10:47:30 -04:00
Markin, Sergiy (sm515x) 0ba6181058 [zuul] Zuul gates fixes and Helm version upgrade to 3.x
Add firewall flush rules to zuul pre-update gates.

Wrap gate scripts by run-gates.sh script in order to preserve the scripts execution contexts.

Also migrated chart building process to Helm v3.x.

Fixed 020-test-divingbell.sh script.

Change-Id: I6295d55338a6a75ac43b54c092704670d61854d9
2022-09-30 01:17:39 +00:00
KAVVA, JAGAN MOHAN REDDY (jk330k) 634421a2e9 Move Tiller version to 2.16.9
Update Helm chart for Divingbell to use Tiller version 2.16.9.
Updated package reno>=2.5.0 to reno>=3.2.0.

Change-Id: Id6340c629986e9c6d92359cedd8839c803e0425f
2020-09-16 17:04:32 +00:00
Crank, Daniel f0eb0b7582 [ad-hoc] Fix test case exit conditions
While working on another change, I discovered conditions
in many test cases that echoed fail messages but did not
actually exit, so the gate could succeed even though some
tests failed. This patchset aims to fix those problems, and
then fix the problems masked by those problems:

1) fix bug in revert function of file permissions module
preventing permissions from being reverted.
2) fix various syntax and logic problems in test script
3) add wait_for_tiller_ready function to avoid race condition
with test script using helm too early
4) add install for ethtool in test script
5) ignore ethtool pod failures (see note #1 in [0])
6) make logging of test results more uniform
7) Fix error message logic in perm.sh
8) Fix case in _shcommon.tpl where error message was not
logged, causing test script to unnecessarily wait for
container timeout

[0]: https://review.opendev.org/676010

Change-Id: I22182d35250c37c96e73d9f5f49abfb2246f2a35
2020-03-12 15:25:30 +00:00
Crank, Daniel 44525162a5 Add "strict" mode for apt package removal
Currently, divingbell-apt will only remove packages that aren't
on the current requested package list when they were previously
installed by divingbell-apt. This patchset adds a "strict" mode
which causes it to remove packages not on the requested package
list regardless of whether divingbell installed them (i.e., it
can remove unwanted packages that were part of the host's base
image).

Change-Id: Ie2ba5d47646bfaaf030cb54673e644ab0e917fd4
2020-01-24 12:19:22 -06:00
Phil Sphicas 788501e806 apt: chart update: allow conf.apt.packages as map
This change allows conf.apt.packages to be defined as a map of lists,
allowing for logical grouping and easier substitution when values.yaml
is being assembled from multiple sources.

The existing format (conf.apt.packages as a list) is still supported.

Change-Id: I4d4c09723b2e9ac1f0ecf847e786d991cc6e669a
2020-01-07 12:31:53 -08:00
Drew Walters 66e9241d37 docs: Update copyright footer
During the recent Airship Working Committee meeting, the committee
addressed feedback from the Airship confirmation review [0]. One such
item was concerned with copyright footers mistakenly claiming rights to
all Airship documentation.

This change updates the footer to attribute documentation to the
Divingbell authors.

[0] https://etherpad.openstack.org/p/airship-wc-meeting-2019-12-09

Change-Id: I954141c18175a263973d4288c7d559c0419e08dc
Signed-off-by: Drew Walters <andrew.walters@att.com>
2019-12-09 22:05:56 +00:00
Sphicas, Phil (ps3910) 0576ecde4b doc update for blacklistpkgs
blacklistpkgs supports a list of package names only.

This updates the documentation to match the current functionality.

Change-Id: Ic6f586aa89773ea22e9bf54610ea968243583ac5
2019-11-26 15:58:50 -08:00
anthony.bellino d917166a73 apt: Add allow-downgrades option per package
This change adds the ability to include the --allow-downgrades
option per package install.

Change-Id: I2e0c6f11a51c1b78994e77084e3b2046c179d888
2019-10-17 03:11:19 +00:00
Drew Walters 2e5ffaccca apt: Add full-system upgrade feature
Currently, the APT daemonset allows the installation of new packages or
upgrade of existing packages to a newer version. Sometimes, it may be
desirable to trigger an update for all packages. This change introduces
the ability to trigger a full-system upgrade using the .conf.apt.upgrade
chart value. The new option is disabled by default.

Change-Id: I611422c2093b9dbbae4e2d7cc05ebd726e895c88
Signed-off-by: Drew Walters <andrew.walters@att.com>
2019-08-21 16:07:54 +00:00
BARTRA, RICK bb582048d9 Update documentation based on change to using unprivileged containers
A recent change made most Divingbell Daemonsets run as unprivileged containers:
https://review.openstack.org/#/c/639435/

Change-Id: If4e04368a3de3c7de7a3cf64692e5dd1294234b6
2019-03-25 11:29:46 -04:00
Roman Gorshunov dfdadbe970 Enhance docs rendering; update documentation
Enhanced rendering of docs, expanded introductory section.

Documented `perm` module, alphabetically sorted documenation for
modules, replaced dead recorded demo links with new links,
documented apt package blacklisting capability.

Change-Id: Ifd889efe73287c13d839ab40b1a78ffa357fd00e
2019-03-18 22:46:50 +01:00
Nikita Koshikov 606cf35bda Add new apparmor daemonset
Implemented daemonset that will manage host apparmor profiles.
Tests and documentation added.

demo: https://asciinema.org/a/uQjlWgC4bjI3WkfontmThf8t0

Co-Authored-By: Vladyslav Drok <vdrok@mirantis.com>
Change-Id: I13f7357c15b5c4386a61bba50f097eb434d7f211
2018-12-14 19:02:00 -08:00
Craig Anderson 4ed467e512 Add retry/rerun support for exec module
Add support for retries and reruns at specified intervals for
divingbell-exec scripts. Also adds support for timeouts.

Also update osh-infra-upgrade-host to allow gate to run.

Change-Id: I5f4cd43b13a467d94f67b358f3190f515256ae66
2018-12-14 19:45:38 +00:00
Craig Anderson 012800d854 Add new divingbell-exec module
Stopgap module to provide generic node exec capability until shift
to [0] and [1].

[0] https://github.com/GoogleCloudPlatform/metacontroller
[1] https://github.com/argoproj/argo

Change-Id: I278548e1e09ed31dcc4212142f1e6465ee8d9792
2018-12-04 18:22:51 +00:00
Vladyslav Drok da532c32aa Add options to apt-get install call
This change also adds an apt-get update call and a possibility to
provide debconf options that might be needed for some packages.
In case of dpkg interruptions dpkg --configure -a is added to
try to handle the failures.

Change-Id: Ib1f9a412bc544b4f7754634740fb04569bae6d34
2018-11-15 14:27:07 -08:00
Vladyslav Drok 0f5567dc58 Add the ability to install packages via divingbell
This change adds a possibility to install or upgrade to packages
with a specific version. The daemonset also tracks the packages
installed, and will be removing the packages that were deleted
from the chart but were previously installed by divingbell.

Change-Id: Ia6066679e549190054eb2cf71589065177447447
2018-11-12 13:34:58 -08:00
skovaleff 7ed8c29f99 Add ability to control pam_limits via new module 'limits'
1) 'Values' configures limit settings to be persisted.
2) Previous DivingBell controlled limits those were set
but now are gone are cleared.
3) Previous values of newly set limits are backed up
to /var/divingbell/limits
4) New limit is applied via adding a separate conf file
to /etc/security/limits.d
5) The Doc is updated with appropriate details.
6) Dev env with Vagrant
7) Increase number of expected DaemonSets in 020-test
8) Demo: https://asciinema.org/a/209619

Change-Id: I5efb39c498c2b666b4ba97271b59757f4a0c1ca7
2018-11-01 09:09:48 -07:00
Andrey Volkov a648dcb2db Improve docs formatting
- Make numerated list look properly.
- Fix hierarchy of headers.

Change-Id: I18d50221aa7bdd6b85d19f8d55b42439aa292a2f
2018-10-10 09:16:20 -07:00
Tin Lam 4e074ec0c2 docs(tox): Add tox target to generate docs
This patch set:
(a) renamed the docs folder to doc
(b) add in a basic tox.ini to generate the doc via ``tox -edocs``
(c) add in necessary /docs/requirements.txt dependencies

Change-Id: Id45db34fdc8860047047a4e6069483dfb4a56d7f
Signed-off-by: Tin Lam <tin@irrational.io>
2018-05-22 14:26:20 -05:00