Commit Graph

369 Commits

Author SHA1 Message Date
Roman Gorshunov 969b27c95a Deprecate airship-in-a-bottle
Change-Id: Iabd48994f97a7c58fe902216f831f51cb72115f0
2020-04-15 10:57:13 +02:00
Zuul b69fac2d0d Merge "Add SECURITY.md" 2020-03-02 15:55:48 +00:00
Drew Walters 0b3d3cb89d Add SECURITY.md
All Airship projects are moving to GitHub issues. This change adds a
GitHub security policy that links to the official Airship vulnerability
management process [0]. When users on GitHub click "New Issue" on this
GitHub repository, they will see an option to report a security
vulnerability, which will direct them to our official policy.

[0] https://airship-docs.readthedocs.io/en/latest/security/vulnerabilities.html

Change-Id: Iaf060dd0085c21f0c4f18f100e3e053b5ceedbed
Signed-off-by: Drew Walters <andrew.walters@att.com>
2020-02-20 17:14:18 -06:00
Alexander Noskov 8e9da29988 Move deployment scripts to treasuremap
Change-Id: Ie516b6f9f608198e904fa33227c12c55181a3561
2020-02-13 16:07:43 +00:00
Zuul 679751c13c Merge "[pegleg] - syntax change with latest version" 2020-01-31 16:37:51 +00:00
Yasin, Siraj (SY495P) dccbddb87f [pegleg] - syntax change with latest version
older version of pegleg render command had -o option to save the renedered yaml
with latest version of pegleg render command, -s is used to save renedered yaml

Change-Id: Ia4312a6a17ba88c86cea215163ce732bb06e9d37
2020-01-28 22:41:29 +00:00
Sirajudeen b96b0f0bd5 [pegleg] - set passphrase and salt to pegleg
Setting PEGLEG_PASSPHRASE and PEGLEG_SALT to pegleg container
to use it for encryption/decryption.

Change-Id: I2c5c01fb0ef7366dbc35d4f8730ac1aa9ca63db1
2020-01-27 17:37:50 +00:00
Sreejith Punnapuzha 75ff355eec Disable verbose output on normal run
This PS removes set -x from general runs so that all the commands
will not be thrown in output.

Change-Id: I8068e170d632518a93f5bf097d3a88cc3af01433
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
2020-01-06 14:06:06 -06:00
Zuul be8b82649b Merge "[cert-update] - certificate re-generated" 2019-12-10 16:12:00 +00:00
Drew Walters f9020cd359 docs: Update copyright footer
During the recent Airship Working Committee meeting, the committee
addressed feedback from the Airship confirmation review [0]. One such
item was concerned with copyright footers mistakenly claiming rights to
all Airship documentation.

This change updates the footer to attribute documentation to all Airship
authors.

[0] https://etherpad.openstack.org/p/airship-wc-meeting-2019-12-09

Change-Id: I2a6ffc9ab279ffb34851e28ec6fb1294b47d3497
Signed-off-by: Drew Walters <andrew.walters@att.com>
2019-12-09 22:03:17 +00:00
Sreejith Punnapuzha 87113219ed Switch set -x to set -e to disable output
This ps changes set -x to set -e in config.sh so that all the
commands will not throw in output

Change-Id: I08d2e56ea300509a3f579c888bfe6f1bd69deefd
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
2019-12-05 15:17:17 -06:00
Yasin, Siraj (SY495P) b8f08dd865 [cert-update] - certificate re-generated
Change-Id: I03919c85afbba17837a2b873bfff45f181f08ff1
2019-12-05 19:44:36 +00:00
Sreejith Punnapuzha 6c4373d19f [Fix] resolv.conf fix for ubuntu 18.04
This PS replaces resolv.conf link file with generated resolv.conf
and stops systemd-resolved service on build node which causes issue
with coredns container running on build node

Change-Id: Id317587b0c46fdc4822ac9b5bb27fef90bb17636
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
2019-12-02 19:40:03 -06:00
Sreejith Punnapuzha e4e862b7d1 Enable VNC Console for vms
This PS enables vnc console for vms created by aiab scripts.

Change-Id: I7e882b80986a7a0868b793ab9783098cfc09092a
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
2019-11-13 23:02:31 +00:00
Zuul 87b65e9772 Merge "Extended output for pipeline and disk on VM" 2019-11-08 09:06:37 +00:00
Crank, Daniel (dc6350) 671bc38260 Make site and rendered yamls world-readable
Make files collected and rendered by Pegleg (owned by root
and 640 by default) world-readable so non-root Promenade
processes can read them.

Change-Id: Ic5bce645ebf58c106fd59701b3f282f9e2455f0e
2019-11-04 09:36:50 -06:00
Egorov, Stanislav d462542026 Extended output for pipeline and disk on VM
After timeout pipeline is trying to run deploy_site again and failed.
There is no info in debug report and console output about current status
if the shipyard action. Added new cmd to describe the action.

ceph-mon is detecting low disk space on n0, it's <70%. So, small increase
of disk space is needed.

Change-Id: Ia92390ccadec4485c37038187034a2978911accd
2019-11-01 16:05:20 -07:00
Alexander Noskov d7d345fd24 Add missing "${GATE_MANIFEST}" for jq in config.sh
Change-Id: Ie37876b51dffa6cb9c49071726858fb0c1b40b0a
2019-10-23 17:51:24 -05:00
Scott Hussey 7ef2e8b988 (multinode) Make workspace persist reboot
- Move the default temp location to /var/tmp so that gate
  workspace directories persist across reboots

Change-Id: Ic11d163c3aba36a08f42bd1739003446aed3a0ce
2019-10-17 17:53:18 -05:00
Yasin, Sirajudeen (SY495P) 074745b203 [kubectl] - Added env KUBECONFIG for kubectl
kubectl_cmd uses ssh_cmd to run kubectl over ssh. ssh_cmd does not
allow to pass extra env vars in command.
So updated to use ssh_cmd_raw with env KUBECONFIG set

Change-Id: I1f2391a79002db15785644e10e673936c3dff4ed
2019-10-17 14:04:56 -07:00
Kaspars Skels 86c2da9a14 Fix disk size issue for latest multinode-gate
PODs are being evicted due reduced disk size (30 from 64G).
The issue is constantly appearing around MAAS image deployment.

Change-Id: If8a0717a7f57d77d0c91a6798c774dc9cc06ecb6
2019-10-16 17:09:47 -05:00
Nishant Kumar 2b67ffaefb (gating) Add shellcheck linter for multinode
- Add a shellcheck linter for the scripts in the multinode
  framework

- Update all scripting to comply with shellcheck

- Move linting job to Ubuntu Bionic as the multinode gate now
  requires Bionic versions of libvirt

Change-Id: Ibee645331421e1e6cecd4e3daa8e9c321dce5523
2019-10-14 15:26:15 +00:00
Zuul 0d8e68c17f Merge "(multinode) Use network roles for selecting IPs" 2019-10-14 15:19:45 +00:00
Scott Hussey d950efcf23 (multinode) Network configuration by JSON
- Support configuration of the network and VM
  interface configuration via JSON.

Change-Id: I994e00f493145ed0ada6d4ba4e5735fd5753c127
2019-10-11 20:50:48 +00:00
Scott Hussey 7d233b0f01 (multinode) Use network roles for selecting IPs
- With a extensible network configuration, selecting
  the correct IP for a node needs a little more intelligence

Change-Id: I742270a4df440c02bb4bcc03badae3a96e094221
2019-10-11 20:47:56 +00:00
Scott Hussey 2eb00af047 (multinode) Update configs for new scripting
- The site definitoin and manifest JSON needs updated
  to reflect the new extensible config.

Change-Id: Ic037e37e97019f19505d9087a0cdf1ea8957f457
2019-10-11 20:29:59 +00:00
Zuul a7e6a8937a Merge "(multinode) Make disk configuration configurable" 2019-10-11 20:19:18 +00:00
Zuul 7e393f52f1 Merge "Uplift Drydock and MAAS" 2019-10-11 20:19:18 +00:00
Zuul fe506b6622 Merge "Uplift default hyperkube version" 2019-10-11 14:21:38 +00:00
Scott Hussey 2670d67dcf (docs) Document manifest authoring
- Start documentation on crafting a framework scenario
  manifest now that the framework supports significant
  manifest-driven customization.

Change-Id: I7ed051238ce9262641615103ec73af3b0b1cc630
2019-10-10 22:00:47 +00:00
Scott Hussey 00bbf600d4 (multinode) Support external stage libraries
- In some cases, a user may want to provide their own stage
  library or replace one of these built-in stages. Allow external
  (to this framework) directories be specified as containing
  stage scripts.

Change-Id: I468ea56a45e3c041e10040433e70eb9aa354ad9a
2019-10-10 21:14:42 +00:00
Egorov, Stanislav 7f23d87584 Uplift default hyperkube version
Change-Id: I4960f22dca0f575e7708a0e59dc6d33e17c2104a
2019-10-04 10:29:49 -07:00
Scott Hussey b85c7e1621 (multinode) Make disk configuration configurable
- This makes the disk configuration for VMs configurable
  to support various configurations.

Change-Id: I94c5ce369f16bd142c9653e88d412299c8327a31
2019-09-30 10:07:02 -05:00
Scott Hussey 228d6c5742 Uplift Drydock and MAAS
- Uplift the Drydock and MAAS charts
- New charts/HTK require Helm 2.14.1, so uplift tiller
  and Armada to support this.

Change-Id: Ie63cff29a979f60f10c97b5b0cb08ed908ed85d4
2019-09-30 10:07:02 -05:00
Zuul 16b27b3d01 Merge "Delete v1.0dev type" 2019-09-27 19:28:20 +00:00
Zuul a9e3e5efff Merge "Remove v1.0dev global version" 2019-09-27 19:28:03 +00:00
Meg 9bea78f20c Fix spelling error
This just fixes a small spelling error in cluster-objects.sh

Change-Id: I01c9c9a3f09e1ea79e2644e2d9e8b6b8e2177215
2019-09-19 14:58:20 -05:00
MegHeisler 9ec57b0290 Add scripts to get cluster and namespaces objects
This adds scripts that gather cluster object information
and namespaces object information. These scripts then
create a folder and both yaml and txt files for each
object

Change-Id: Ia22caef4503451e637b20e1d62c4bd50aedfece2
2019-09-16 15:10:35 -05:00
Scott Hussey 1f08ec62d3 Delete v1.0dev type
Change-Id: Ib31f0ca0866d3744f22498cee28bd46db5480259
2019-08-22 10:51:03 -05:00
Scott Hussey 3cd7d2afa1 Remove v1.0dev global version
- The v1.0dev globals are no longer needed

Change-Id: I163719349c442bf0fa07f0f90a0bf7a916262ec1
2019-08-22 10:51:01 -05:00
Sphicas, Phil (ps3910) 77c91e83ac (fix) Add apparmor profiles on genesis node in multinode gate
Prior change[0] breaks if apparmor profiles are not present in the
manifest. This commit allows the script to proceed if they are not
found.

[0]: https://review.opendev.org/#/c/676532/

Change-Id: Idc3f458c0002c707afceb6609de6822fb638f608
2019-08-22 08:38:55 -07:00
Zuul 6dd38d0f71 Merge "Add apparmor profiles on genesis node in multinode gate" 2019-08-21 21:03:06 +00:00
Zuul 6e93527dac Merge "(fix) Fix br_netfilter disable persistence" 2019-08-15 13:27:32 +00:00
Sphicas, Phil (ps3910) c5044663e0 Add apparmor profiles on genesis node in multinode gate
The bootactions which will be deployed via Drydock on nodes need
to be performed on Genesis node as well. This should be done as
part of pre-genesis setup before genesis.sh is executed.

This patchset allows apparmor profiles to be staged on the genesis
node in the same manner as seccomp profiles.

Change-Id: I418c955a131dc8e23ab5f4d900ae5ea4f7985468
Reference: https://review.opendev.org/644824
2019-08-14 17:48:16 -07:00
Yasin, Sirajudeen (SY495P) aca670aa5f [debug-report-fix] - set KUBECONFIG env
When running kubectl command from ssh_cmd, the env variable KUBECONFIG is not visible
and so the kubectl commands are failing with below error
"The connection to the server localhost:8080 was refused - did you specify the right host or port?"

Change-Id: I453f95b745a914aad5c608c5e5f625056e516add
2019-08-13 06:59:50 -07:00
Hussey, Scott (sh8121) c784cc0475 (fix) Fix br_netfilter disable persistence
- The persistence of the br_netfilter disable settings wasn't
  working due to the br_netfilter kmod loading after sysctl
  settings are applied. Add a udev rule so that the sysctl
  settings are applied when the module loads.

Change-Id: I31eae66f953e644c09b86d5449ac79cf253d5df3
2019-08-02 12:00:47 -05:00
Zuul 497691fe7d Merge "(multinode) Besteffort to disable brnetfilter" 2019-07-31 16:04:34 +00:00
Marcus Furlong 7cb88d92e0 Use correct shipyard directories
Change-Id: I54057dde3d6ddf31026afa53b1a52420f67b9f09
2019-07-24 10:44:50 +00:00
RAHUL KHIYANI 0d84bdd821 Fix wrong path to PEGLEG
This fix the airship-in-a-bottle deployment as there is no airship-peleg file
or directory

Change-Id: Ic67f50148936518f4b63ed860c74a76d717f19b5
2019-07-23 15:25:18 -05:00
Zuul d8a38f08c3 Merge "Add repository depreciation warning" 2019-07-18 15:24:50 +00:00