A scalability issue was discovered in a large distributed cloud
system with thousands of subclouds.
When a subcloud is added, Calico globalnetworkpolicy rules are
created to allow the subcloud and system controller to be
permitted to communicate via the firewall.
The gnp rules are generated via a file constructed by puppet
based on the available (known) routes.
What can happen with thousands of subclouds (routes + rules) is that
the file becomes so large that kubernetes cannot handle it via
a 'kubectl apply <file>' command.
The kubectl apply is trying to reconcile what the user wants
(the file) with what is present on the system.
The error message looks similar to:
The GlobalNetworkPolicy "controller-mgmt-if-gnp" is invalid:
metadata.annotations: Too long: must have at most 262144 bytes
As is expected, it is not easy to gain access to a system with
thousands of subclouds - but I have reproduced the issue by
constructing a gnp file simulating the real system.
A solution to this is to directly call kubectl create/replace
rather than apply.
Test Plan:
- Manually kubectl create/replace a file with 10000 rules.
- Using the system host-route-add command, create ~8000 routes
(each one leads to puppet updating the gnp rules file and
replacing the Calico rules)
Closes-Bug: #2068499
Change-Id: I99f075488c164816c1e8a6f31421a1cbe7dcc78e
Signed-off-by: Steven Webster <steven.webster@windriver.com>
The Memcached is started by init.d before the SM starts the DNSMasq.
This results in the service not being able to resolve the FQDN and
the service starts and stop several times during the startup, logging
some error messages until the DNSMasq is started.
The Memcached service switched to use the FQDN because after a
management network reconfiguration it was using the wrong IP.
Since a management network reconfiguration is not a frequent action
the decision is to use the hostname for the normal operation and
restart the memcached after a management network reconfiguration to
fix the IP address.
Test done:
AIO-SX fresh install
AIO-DX fresh install
AIO-DX host-swact
Story: 2010722
Task: 50222
Depends-On: https://review.opendev.org/c/starlingx/config/+/920694
Change-Id: I4b0e88f3be7e06ed7e5b548a7e018ba24fa50056
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
The kernel names in puppet-update-grub-env.py is hardcoded
as amd64, use dpkg-architecture to check host arch and
replace the hardcoded names.
Test Plan:
PASS: build-pkgs on x86-64 host
PASS: build-image on x86-64 host
PASS: build-pkgs on arm64 host
PASS: build-image on arm64 host
PASS: install AIO-SX on x86-64 targets
PASS: install AIO-SX on arm64 targets
Story: 2010739
Task: 48284
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Change-Id: I1df220f585f53e58f2fcd8f6918273f8ea45fb90
Code for creating unique region name in the
bootstrap step, this generate unique region name for
the non-systemcontroller and subcloud name may
optionally be overridden by config.
reconfig happens in the bootstrap and region_name
will change to UUID for non-systemcontroller and subcloud
Generation of UUID region_name will happen only if
distributed_cloud_role is subcloud or none
Test Plan:
PASS: DC SystemController Installation and subcloud deployment.
PASS: Standalone Cloud deployment.
PASS: Deploy an AIO-SX system and verify the host unlocks
PASS: Perform bootstrap replay and ensure the host unlocks after
re-execution
Story: 2011100
Task: 50078
Change-Id: I59cc6d294b654d9db995d6cae5db29dc75a497e3
Signed-off-by: Yuxing Jiang <Yuxing.Jiang@windriver.com>
Admin runtime config classes were updated to dual stack in
https://review.opendev.org/c/starlingx/stx-puppet/+/912417 but the
parameters were not. This change adds the new parameteres to the
scope of the classes.
Test plan
=========
Tests in https://review.opendev.org/c/starlingx/config/+/920669 cover
this change.
Story: 2011027
Task: 50136
Change-Id: I92153453fc1221d2a427d3e81faed600df234d6b
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
This commit adds support for creating and deleting a controller
filesystem. At the moment, only the creation/deletion of the
controller fs 'ceph-float' is allowed, used to establish
ceph-specific storage on controllers for Rook Ceph support.
Test Plan:
PASS: AIO-SX / AIO-DX / Standard -> fresh install with Ceph Bare
Metal using designer build with topic changes + Check that
there is no interference or errors.
PASS: AIO-DX -> Standby controller locked and ceph-rook as
storage-backend + controller-fs add ceph-float=<size> +
checking if everything is created correctly: lv, drbd and
SM services.
PASS: AIO-DX -> Resize controller-fs "ceph-float" and other fss
successfully.
PASS: AIO-DX -> Lock/unlock + swact tests.
PASS: AIO-DX -> Standby controller locked + controllerfs-delete
ceph + checking if everything is deleted correctly: lv, drbd
and SM services.
Depends-On: https://review.opendev.org/c/starlingx/ha/+/919492
Story: 2011117
Task: 50074
Change-Id: I26fad86c1e127d18ed2383893dea0fe5ccf958b5
Co-Authored-By: Robert Church <robert.church@windriver.com>
Signed-off-by: Gabriel de Araújo Cabral <gabriel.cabral@windriver.com>
Kubernetes 1.29 now deploys new 'super-admin.conf' and new RBAC Group
kubeadm:cluster-admins. The ownership and permission and association
with RBAC group of 'admin.conf' is changed, so K8s control-plane
upgrade and abort upgrade operations of 1.29 modifies the ownership
and permissions.
This workaround resets the ownership and permissions of the
admin.conf file to retain backwards compatibility. This may have
to be addressed differently in future.
Without this change, kubectl commands no longer work due to
insufficient permissions after K8s control-plane upgrade or
abort upgrade of 1.29.
Test Plan:
PASS: Install ISO with K8s 1.29 on AIO-SX.
PASS: Install ISO with K8s 1.29 on AIO-SX and perform the BnR.
PASS: Ansible bootstrap replay on K8s 1.29
PASS: Install ISO with K8s 1.28 on AIO-SX, upgrade to 1.29
PASS: Install ISO with K8s 1.28 on AIO-SX, upgrade to 1.29 and
perform the BnR.
PASS: Install ISO with K8s 1.28 on AIO-SX, abort upgrade to 1.29.
PASS: Install ISO with K8s 1.29 on AIO-DX.
PASS: Install ISO with K8s 1.29 on AIO-DX and perform the BnR.
PASS: Install ISO with K8s 1.28 on AIO-DX, upgrade to 1.29
PASS: Verify that "kubectl get pods -n kube-system" works as expected
after the K8s upgrade and abort upgrade operations.
PASS: Manually hardcode to fail kube-upgrade-abort and verify backup
of admin.conf and super-admin.conf files restored successfully.
PASS: Lock/unlock the host after modify the permission of Kubernetes
admin.conf and verify permissions are reset correctly.
Story: 2011047
Task: 49793
Change-Id: I1d410cb1e638b94bcc965dd43dd0e8f032401ade
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
Add reference for keystone pwd variable 'password_expires_days' in
stx-puppet. Also updating 'unique_last_password_count',
'password_regex' and 'password_regex_description' to comply with the
new rules set by:
https://review.opendev.org/c/starlingx/upstream/+/915081
Test Plan:
PASS: Run full deploy of an .iso.
PASS: Verify that 'password_expires_days' works with an integer.
PASS: Verify that 'password_expires_days' show up in
'system service-parameter-list' in section identity.
PASS: Verify that 'password_expires_days' is modified with
'system service-parameter-apply'.
Story: 2011084
Task: 49824
Change-Id: Id2c4d59fc4abe7f8f39713ef4f00b13ae2961500
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
This commit provision ipsec-config service on systems. This
service is responsible to manage swanctl configuration by
creating symbolic links between swanctl.conf and different
conf files.
This service is expected to be enabled-active on active controllers
and remain disabled on stand-by controllers. Therefore, the swanctl
configuration file is changed according to controller's status (active
or standby) per creating a symbolic link with swanctl_active.conf or
swanctl_standby.conf files.
Note: if IPsec is not properly configured, this ipsec-config service
won't be provisioned.
Test Plan:
PASS: Build a new debian iso containing the changes.
PASS: Bootstrap, install and unlock controller-0 from DX system with
IPsec enabled. Wait until system reboots and verify unlocked
enable available status. Observe that ipsec-config is listed on
sm-services and is on enabled-active status. Observe that a
symbolic link is created between swanctl.conf files.
/etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_active.conf
PASS: Bootstrap, install and unlock controller-1 from DX system with
IPsec enabled. Wait until system reboots and verify unlocked
enable available status. Observe that ipsec-config is listed on
sm-services and is on disabled status. Observe that a symbolic
link is created between swanctl.conf files.
/etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_standby.conf
PASS: In a DX system with unlocked enabled available status, perform a
host swact. Observe that ipsec-config status and swanctl.conf
changes as host status (active or standby) change as well.
PASS: stx 9.0 to stx 10.0 upgrade, during which IPsec is not
configured, verify that the ipsec-config service is not
provisioned and not managed by SM.
Story: 2010940
Task: 49999
Change-Id: Ic481d8fb84a1aec14f4230a129ffca7263d6b750
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Some networks (OAM, for AIO-SX, and ADMIN) support network runtime
configuration, meaning that they do not require a lock/unlock cycle.
It was observed that the previously generated files were not removed:
in network_ifupdown.sh the use of wildcard "ifcfg-*" to a function
was not expanding as an argument inside of do_rm(), preventing the
removal, and the puppet-network plugin (responsible to generate the
interfaces file) was concatenating its content with the previous one.
This change corrects this errors by explicitly removing the files.
Test Plan
[PASS] Install AIO-SX in single-stack and then add dual-stack config
for OAM network in runtime and observe that there is no traffic
interruption as the secondary address is added
[PASS] Install AIO-DX in single-stack with the following variants:
- ethernet port with {mgmt, cluster-host, pxeboot} networks
- ethernet port with pxeboot and vlan with {mgmt, cluster-host}
networks
- bonding port with {mgmt, cluster-host, pxeboot} networks
- bonding port with pxeboot and vlan with {mgmt, cluster-host}
networks
Story: 2011027
Task: 50055
Change-Id: I85c218e230d392ee1aa4097d089acc18e8bbbc89
Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>
This commit removes the keystone bootstrap class from Puppet,
following the migration of keystone bootstrap to Ansible:
https://review.opendev.org/c/starlingx/ansible-playbooks/+/915284.
Test plan:
All of the following items were tested with the addition of the
changes from the above specified commit.
1. PASS: Deploy a DC system with one system controller and two subclouds
and ensure the subclouds can be managed
2. PASS: Deploy an AIO-SX system and verify the host unlocks
3. PASS: Perform bootstrap replay and ensure the host unlocks after
re-execution
4. PASS: Verify the creation of the services project, _member_ role and
the admin user update to the correct e-mail address
5. PASS: Verify the keystone.conf and keystone-extra.conf files for each
deployment type
6. PASS: Validate the sql dump of the keystone database generated in
a subcloud deployment in relation to the one generated before the
changes
7. PASS: Validate the permissions in /etc/keystone and
/opt/platform/keystone
8. PASS: Validate that the admin and sysinv users have the
ignore_lockout_failure_attempts set to true
9. PASS: Perform backup and restore on a system controller
and an AIO-SX deployment
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/915284
Story: 2011035
Task: 49924
Change-Id: I02a964ce47cd4fe624980e5b5c50f7ad164d70b9
Signed-off-by: Raphael Lima <Raphael.Lima@windriver.com>
New system-service-parameter that will allow a user to specify the
number of sysinv api workers for horizontal scaling
The values:
- service -> platform
- section -> config
- name -> sysinv_api_workers
- value -> [1 .. n ]
- personality -> None
- resource -> ::platform::sysinv::params::sysinv_api_workers
Sample:
system service-parameter-add platform config sysinv_api_workers=5
This change adds logic to select the new parameter if defined or
else keep the existing default behaviour
Test plan:
PASS - AIO-SX: iso install
confirm in system.yaml content not present by default
verify default sysinv_api_workers in /etc/sysinv/sysinv.conf
verify number of sysinv_api worker process ( ps -ef )
PASS - AIO-DX: iso install
confirm in system.yaml content not present by default
verify default sysinv_api_workers in /etc/sysinv/sysinv.conf
verify number of sysinv_api worker process ( ps -ef )
PASS - Test system service-parameter-add|modify|delete
followed by host-unlock
verify sysinv db content system service-parameter-list
verify content of system.yaml
verify /etc/sysinv/sysinv.conf
verify number of sysinv_api worker process ( ps -ef )
Story: 2011106
Task: 50064
Change-Id: I8d45581274565e2b6b476a2ca7d26fc4e88dcc9b
Signed-off-by: Kyale, Eliud <Eliud.Kyale@windriver.com>
This commit enables keystone logging to /var/log/keystone/keystone.log
and makes the default log level as INFO.
Test plan:
PASS: Full build, install, bootstrap and unlock
PASS: Run authenticated commands such as 'system host-list' and verify
that it gets logged to /var/log/keystone/keystone.log
Story: 2011106
Task: 50067
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I8cb1dce87ff1a46253573c48ce340be902292008
This adds an optional ceph-lv filesystem to the cgts-vg volume group
which will be used to establish ceph specific storage on controllers and
workers. The presence of this filesystem on a particular host will be
used to determine where containerized Ceph services will be provisioned
via Rook.
This follows the established patterns set by the instances and
conversion filesystems.
Test Plan:
- PASS: Install AIO-SX with bare-metal Ceph
- PASS: Install AIO-DX with bare-metal Ceph
- PASS: Install 2+2 with bare-metal Ceph
- PASS: add/remove optional ceph host-fs on controller-0/1
- PASS: add/remove optional ceph host-fs on worker
Change-Id: Ie14156b7abec4cc970792b7714746880499c9fe2
Story: 2011117
Task: 50037
Signed-off-by: Robert Church <robert.church@windriver.com>
This change adds the variable public_secondary_ip_address to
platform::haproxy::params filled with the secondary OAM address pool
floating address value, in a similar way that is done for the primary
address pool. This will be used in HAproxy to bind the necessary L4
public ports to the secondary address.
Test plan
[PASS] Install and add a secondary pool via CLI and, then, after
lock/unlock, check that all public endpoints (openstack
endpoint list) are available in the primary and secondary
addresses, on the following setups:
- AIO-SX (prim:IPv4, sec:IPv6)
- AIO-SX (prim:IPv6, sec:IPv4)
- AIO-DX (prim:IPv4, sec:IPv6) with system-controller role
- AIO-DX (prim:IPv6, sec:IPv4) with system-controller role
[PASS] Access the public APIs on both protocols using curl.
Story: 2011027
Task: 49997
Depends-On: https://review.opendev.org/c/starlingx/config/+/917250
Change-Id: I5a274565e2cd9435478beb2de3f9a1578a1679e5
This commit updated strongswan.pp puppet classes so they work with
ipsec-client to generate two copies of swanctl configurtion files for
controller nodes, one for when the node is active controller
(swanctl_active.conf), and one for when the node is standby controller
(swanctl_standby.conf). A symlink (swanctl.conf) is created pointing to
one of the two config files based on the role of the node. When
controller swact, the symlink will be updated by a SM service.
Test Plan (IPv4 and IPv6 DX system):
PASS: controller-0 bootstrap, verify swanctl configuration files and
symlink are created in /etc/swanctl directory:
/etc/swanctl/swanctl_standby.conf
/etc/swanctl/swanctl_active.conf
/etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_active.conf
PASS: controller-1 installation, after installed, verify swanctl
configuration files and symlink are created in /etc/swanctl
directory:
/etc/swanctl/swanctl_standby.conf
/etc/swanctl/swanctl_active.conf
/etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_standby.conf
PASS: controller-1 unlock, after controller-1 is unlocked, verfiy that
during drbd synchronization there is no uncontrolled swact, and
controller-1 comes up in "enabled" and "available" state after
drbd is fully synced.
Story: 2010940
Task: 49930
Change-Id: Ief8e078a6e2cdd9a9aa713aa18b7cb6d177eafd5
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Switch to using "stage1" and "stage2" symlinks under
/var/lib/kubernetes to select versions for kubeadm and kubelet/
kubectl.
We have been using bind mounts to select K8s versions, but they are not
well supported by Puppet and suffer from fragility since you cannot
remove a bind mount while an executable is still running from it. They
also need to be re-created when creating an OSTree hotfix.
Symlinks suffer from no such issues, they just need to be created in
a filesystem that is not managed by OSTree.
Also, fix up a case where the existing code was using "include" when it
should have used "require", and remove some redundant dependencies that
were not needed.
Depends-On: https://review.opendev.org/c/starlingx/integ/+/916337
NOTE: This also requires the following change in ansible-playbooks,
all three commits must be merged together.
https://review.opendev.org/c/starlingx/ansible-playbooks/+/916336
Story: 2011047
Task: 49916
TEST PLAN:
See integ repo commit for test plan.
Change-Id: Iea7410241028e3ac9ced9e5653460a249892aed0
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
StarlingX stopped supporting CentOS builds in the after release 7.0.
This update will strip CentOS from our code base. It will also remove
references to the failed OpenSUSE feature as well.
Story: 2011110
Task: 49961
Change-Id: Ibdaf1d43ab35382bd4d2b34ae9737a01b8ef9a5d
Signed-off-by: Scott Little <scott.little@windriver.com>
When configuring the Docker proxy (see feature doc at
https://docs.starlingx.io/configuration/docker_proxy_config.html), the
system IPs should be added automatically to the "NO_PROXY" environment
variable of services "docker" and "containerd". This configuration was
lost long time ago during a code cleanup (review
https://review.opendev.org/c/starlingx/config/+/703516 , file
controllerconfig/controllerconfig/controllerconfig/configassistant.py ,
line 2286). This commit implements again the addition of system IPs to
"NO_PROXY" list.
Test Plan:
PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with no
bootstrap overrides.
PASS: In the deployed IPv4 AIO-SX with no bootstrap overrides, apply the
configuration below and verify that the pod "ceph-pools-audit" (executed
every 5 minutes) continues working correctly:
source /etc/platform/openrc
system service-parameter-add docker proxy
https_proxy=http://1.2.3.4:3128
system service-parameter-add docker proxy http_proxy=http://1.2.3.4:3128
system service-parameter-add docker proxy no_proxy="5.6.7.8"
system service-parameter-apply docker
PASS: Repeat the test above in the IPv6 AIO-DX with no bootstrap
overrides.
PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with Docker
proxy bootstrap overrides. Verify that the environment variables for
"docker" and "containerd" services (at
/etc/systemd/system/docker.service.d/http-proxy.conf and
/etc/systemd/system/containerd.service.d/http-proxy.conf) are correct.
Verify that the pod "ceph-pools-audit" (executed every 5 minutes)
continues working correctly.
Partial-Bug: 2062079
Depends-On: https://review.opendev.org/c/starlingx/config/+/916019
Change-Id: I7691fab7c4e2ba813bac1bf71c0ed7d4c4432380
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
With the dual-stack feature the system now can have 2 floating IPs per
network. In non-SX systems the floating IPs are managed by SM, but not
in AIO-SX, this is done via puppet, and it requires to mark floating
addresses as deprecated.
This change can now process IPv4 and IPv6 addresses present in the
"platform::network::addresses::address_config" variable
Test Plan
[PASS] install AIO-SX and check if floating IPs have the correct
flags
[PASS] in the installation configure dual-stack and check if floating
IPs have the correct flags
Story: 2011027
Task: 49888
Depends-On: https://review.opendev.org/c/starlingx/config/+/916282
Change-Id: Ieb886eeb7844b58502bb3939a8b203595570c44c
This commit supports QAT devices with device ids 4940 & 4942.
The commit provides provision to create QAT devices
configuration files (Eg: 4xxx_dev0,4xxxvf_dev0.conf)
in /etc directory.
The configuration files will be read by qat_service to up
the QAT devices endpoints and persist the devices status
across reboot.
Also, the vfio-pci will be loaded as part of this commit.
TEST CASES:
PASSED: The development iso should be successfully deployed on the QAT
hardware. Also should have log "QAT device found.".
After the deployment is complete, validate below test cases.
PASSED: Check "systemctl status qat_service.service"
Service should be up and running.
PASSED: Check the "systemctl is-enabled qat_service.service".
Service should be enabled.
PASSED: Check the "/etc/init.d/qat_service status".
The number of QAT VF endpoints should match to QAT
supported sriov numvfs i.e 16.
PASSED: Check the number of PF and VF config files
(Eg: 4xxx_dev0,4xxxvf_dev0.conf) in /etc directory. It
should match the total QAT PFs and number of sriov numvfs.
PASSED: Check "lsmod | grep vfio-pci".
The vfio-pci driver should be loaded.
PASSED: Reboot the system and check all above test cases. Also pf and
vf configuration files should not be recreated.
PASSED: The development iso should be successfully deployed on the
non-QAT hardware. Also should have log "QAT device not found.".
Story: 2010604
Task: 49700
Change-Id: Ia925bfaa890d853b853ad2274e2377221631a6a7
Signed-off-by: Md Irshad Sheikh <mdirshad.sheikh@windriver.com>
With the change made in [1], when processing more than one
nova-local, puppet fails with "Duplicate declaration", due
to the exec "vgchange -an nova-local".
To resolve this, the variable $name was added, so that it
becomes dynamic.
Furthermore, the review mentioned above deactivate VG to perform
wiping, however, it is not activated again after that. So to
resolve this, another exec was added, so that VG is activated
after wipe new PG.
[1]: https://review.opendev.org/c/starlingx/stx-puppet/+/863871
Test Plan:
SX: Delete instances fs and add 4 nova-local
B&R with nova-local instead of instances
DX+: Add 4 nova-local in compute-0
B&R with nova-local created
STD: Add 4 nova-local in compute-0
B&R with nova-local created
Closes-Bug: 2061526
Change-Id: I7449c5cd7199541551dccee17e22a8bda48414e1
Signed-off-by: Hediberto C Silva <hediberto.cavalcantedasilva@windriver.com>
Signed-off-by: Erickson Silva de Oliveira <Erickson.SilvadeOliveira@windriver.com>
This change splits the IP service for each platform network into ipv4
and ipv6 t support dual-stack. It still supporting single-stack (when
there is only ipv4 or ipv6). Each service is instantiated if there is
a configuration for it.
Test Plan:
[PASS] install, lock, unlock and swact for the following setups:
- AIO-SX (IPv4 and IPv6)
- AIO-DX (IPv4 and IPv6)
- Standard (IPv4 and IPv6)
- DC (SisCtrl=AIO-DX, subcloud=AIO-SX)
[PASS] Add dual-stack configuration and validate services operation
with lock, unlock and swact:
- AIO-SX (IPv4 and IPv6)
- AIO-DX (IPv4 and IPv6)
- Standard (IPv4 and IPv6)
- DC (SisCtrl=AIO-DX, subcloud=AIO-SX), using the admin network
Story: 2011027
Task: 49762
Depends-On: https://review.opendev.org/c/starlingx/ha/+/912418
Change-Id: I480c89a59309137c5517db7bd630df7eb2dfa552
Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>
This change removes the extra rule that is added directly to ip6tables
to block IPv6 traffic in IPv4 setups. Instead, the firewall for IPv6
will be permanently enabled in Calico.
Test plan
=========
The tests for https://review.opendev.org/c/starlingx/config/+/915508
also cover this change.
Story: 2011027
Task: 49816
Depends-On: https://review.opendev.org/c/starlingx/config/+/915508
Change-Id: Ia7a8a7e2a12c80e0ec0f99af0417efa9dcd8a7a6
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
Add logic to the `platform::kubernetes::configuration` method
to generate the kubelet's systemd override file. This
change ensures the file is generated every time a host is
unlocked. This facilitates delivery of systemd service changes
via patches to existing installs.
We only want to update on lock and unlock, so we need to
check that the flag is_initial_k8s_config is not
set before creating the resource in platform::kubernetes::configuration.
This ensures that the file is only regenerated on host unlock and
not during the initial installation, which is currently handled
in platform::kubernetes::master::init.
This change is needed by bug 2027810 to ensure that the
orphan volume cleanup script is executed as part of the systemd
ExecStartPre kubelet service override.
This bug is an update for this reverted commit:
https://review.opendev.org/c/starlingx/stx-puppet/+/896154
Test Plan:
PASS - Verify successful installation from an ISO on AIO-SX with
the controller unlocked.
PASS - Verify successful installation from an ISO on AIO-DX with
the controllers unlocked.
PASS - Verify successful installation from an ISO on STANDARD with
the controllers unlocked.
PASS - Verify that kube-stx-override.conf is updated on AIO-SX:
- Update the kube-stx-override.conf.erb file.
- Lock/Unlock the AIO-SX host.
- Verify that kube-stx-override.conf has been updated.
PASS - Verify that kube-stx-override.conf is updated on STANDARD:
- Update the kube-stx-override.conf.erb file on compute-0.
- Lock/Unlock compute-0 and verify that kube-stx-override.conf
is updated.
Partial-Bug: 2027810
Change-Id: Id473fd0e2c807d1e9d1e3fdd707bc3e9e36688b1
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
This commit removes the sysinv bootstrap class from Puppet,
following the migration of sysinv bootstrap to Ansible:
https://review.opendev.org/c/starlingx/ansible-playbooks/+/913930.
Test plan:
All of the following items were tested with the addition of the
changes from the above specified commit.
1. PASS: Deploy a DC system with one system controller and two subclouds
and ensure the subclouds can be managed
2. PASS: Deploy an AIO-SX system and verify the host unlocks
3. PASS: Perform bootstrap replay and ensure the host unlocks after
re-execution
4. PASS: Verify the openstack user, role, service and endpoints
configuration for sysinv after bootstrap for each deployment type
5. PASS: Verify the sysinv.conf and api-paste.ini file for each
deployment type
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/913930
Story: 2011035
Task: 49765
Change-Id: Ide37577c6ec580acfd468819428a4f80e21625f8
Signed-off-by: Raphael Lima <Raphael.Lima@windriver.com>