Bug #1814333 “Containers: Unable to list all heat stacks as admi...” : Bugs : StarlingX

Frank Miller (sensfan22) on 2019-02-04

tags:

added: stx.containers

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2019-02-06:

#1

Marking as release gating; related to the containers feature

tags:	added: stx.2019.05
Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged
assignee:	nobody → Al Bailey (albailey1974)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-06: Fix proposed to stx-config (f/stein)

#2

Fix proposed to branch: f/stein
Review: https://review.openstack.org/635309

Revision history for this message

Al Bailey (albailey1974) wrote on 2019-02-06:

#3

Review:
https://review.openstack.org/#/c/635309/

Does not show the error:
source /etc/nova/openrc
[wrsroot@controller-0 ~(keystone_admin)]$ openstack --os-auth-url http://keystone.openstack.svc.cluster.local/v3 stack list

helm get osh-openstack-heat | grep global_index
  policy: {'software_configs:global_index': 'rule:context_is_admin', 'stacks:global_index': 'rule:context_is_admin'}
    software_configs:global_index: rule:context_is_admin
    stacks:global_index: rule:context_is_admin

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-08: Fix merged to stx-config (f/stein)

#4

Reviewed: https://review.openstack.org/635309
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=6027b65d66bccfb64d2321469f5131b6a7f40abb
Submitter: Zuul
Branch: f/stein

commit 6027b65d66bccfb64d2321469f5131b6a7f40abb
Author: Al Bailey <email address hidden>
Date: Wed Feb 6 14:54:55 2019 -0600

Fix the global_index policy settings for containerized heat

Sets the following in the armada manifest

software_configs:global_index: rule:context_is_admin
stacks:global_index: rule:context_is_admin

    Closes-Bug: 1814333
    Change-Id: Ib037b39c320587c0220b432a4198197923396709
    Signed-off-by: Al Bailey <email address hidden>

tags:

added: in-f-stein

Al Bailey (albailey1974) on 2019-02-11

Changed in starlingx:
status:	Triaged → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-01: Fix proposed to stx-config (master)

#5

Fix proposed to branch: master
Review: https://review.openstack.org/640464

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-01: Fix merged to stx-config (master)

#6

Download full text (15.0 KiB)

Reviewed: https://review.openstack.org/640464
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=1b22b5313d0618792732066a8fe47460d8ef06de
Submitter: Zuul
Branch: master

commit 654c05df0e45aa47d18ce72e5ba003195872790f
Author: Al Bailey <email address hidden>
Date: Fri Feb 22 16:35:12 2019 -0600

The --kubernetes flag no longer has an effect.

kubernetes mode is always enabled, the flag cannot be used to
enable or disable it.

The option in the CLI will be removed completely once the wiki
and any test tools are updated.

The code that handles the "else" will also be updated in a
later commit

    Story: 2004751
    Task: 29756
    Change-Id: I75a81ab852252ee108fefeca5682e5b1a9d7374e
    Signed-off-by: Al Bailey <email address hidden>

commit 03b08b9722e83597797de93abef54f787b93bab5
Author: Mingyuan Qi <email address hidden>
Date: Wed Jan 30 09:41:27 2019 +0800

Allow user specified registries for config_controller

    Currently docker images were pulled from public registries during
    config_controller. For some users, the connection to the public
    docker registry may be slow such that installing the containerized
    services images may timeout or the system simply does not have
    access to the public internet.

    This change allows users to specify alternative public/private
    registries to replace k8s.gcr.io, gcr.io, quay.io and docker.io.
    Insecure registry is supported if all default registries were
    replaced by one unified registry. It lowers the complexity for
    those who build his own registry without internet access.

Docker doesn't support ipv6 addr as registry name, instead
hostname or domain name in ipv6 network is allowed.

    Test:
    AIO-SX/AIO-DX/Standard(2+2):
      Alternative public registry (ipv4/domain) with proxy
        - config_controller pass
      Private registry (ipv4/ipv6/domain) without internet
        - config_controller pass
      Default registry with/without proxy
        - config_controller pass

Story: 2004711
Task: 28742

    Change-Id: I4fee3f4e0637863b9b5ef4ef556082ac75f62a1d
    Signed-off-by: Mingyuan Qi <email address hidden>
    (cherry picked from commit 611a68a96ab915dc4e97d39dffa5c379bbffef3d)

commit 7471ef852b7c37c742ef273f0df6b8ccce3bd928
Author: Bin Qian <email address hidden>
Date: Thu Feb 21 14:46:34 2019 -0500

Boost sm process priority in VBox environment

    There is an instance that sm claimed its main thread ran sluggish
    as some critical timer run behind the scheuled timing.
    The issue could prevent the sm from scheduling services.
    As the result, the controller could fail to enable.

The issue was found only on vbox labs on AIO-SX, the fix is to boost
sm process priority to nice value -10 from current -2.

    Closes-Bug: 1816764
    Depends-On: https://review.openstack.org/638664
    Change-Id: Iafa17b1c47d65cc7394552ea1c8e7a78398e4869
    Signed-off-by: Bin Qian <email address hidden>
    (cherry picked from commit a6934ac9d27e0357d0025018077441d989679409)

commit 5e61519ac92822b959dffe63b76956cf0...

Reviewed:  https://review.openstack.org/640464
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=1b22b5313d0618792732066a8fe47460d8ef06de
Submitter: Zuul
Branch:    master

commit 654c05df0e45aa47d18ce72e5ba003195872790f
Author: Al Bailey <Al.Bailey@windriver.com>
Date:   Fri Feb 22 16:35:12 2019 -0600

The --kubernetes flag no longer has an effect.
    
    kubernetes mode is always enabled, the flag cannot be used to
    enable or disable it.
    
    The option in the CLI will be removed completely once the wiki
    and any test tools are updated.
    
    The code that handles the "else" will also be updated in a
    later commit
    
    Story: 2004751
    Task: 29756
    Change-Id: I75a81ab852252ee108fefeca5682e5b1a9d7374e
    Signed-off-by: Al Bailey <Al.Bailey@windriver.com>

commit 03b08b9722e83597797de93abef54f787b93bab5
Author: Mingyuan Qi <mingyuan.qi@intel.com>
Date:   Wed Jan 30 09:41:27 2019 +0800

Allow user specified registries for config_controller
    
    Currently docker images were pulled from public registries during
    config_controller. For some users, the connection to the public
    docker registry may be slow such that installing the containerized
    services images may timeout or the system simply does not have
    access to the public internet.
    
    This change allows users to specify alternative public/private
    registries to replace k8s.gcr.io, gcr.io, quay.io and docker.io.
    Insecure registry is supported if all default registries were
    replaced by one unified registry. It lowers the complexity for
    those who build his own registry without internet access.
    
    Docker doesn't support ipv6 addr as registry name, instead
    hostname or domain name in ipv6 network is allowed.
    
    Test:
    AIO-SX/AIO-DX/Standard(2+2):
      Alternative public registry (ipv4/domain) with proxy
        - config_controller pass
      Private registry (ipv4/ipv6/domain) without internet
        - config_controller pass
      Default registry with/without proxy
        - config_controller pass
    
    Story: 2004711
    Task: 28742
    
    Change-Id: I4fee3f4e0637863b9b5ef4ef556082ac75f62a1d
    Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
    (cherry picked from commit 611a68a96ab915dc4e97d39dffa5c379bbffef3d)

commit 7471ef852b7c37c742ef273f0df6b8ccce3bd928
Author: Bin Qian <bin.qian@windriver.com>
Date:   Thu Feb 21 14:46:34 2019 -0500

Boost sm process priority in VBox environment
    
    There is an instance that sm claimed its main thread ran sluggish
    as some critical timer run behind the scheuled timing.
    The issue could prevent the sm from scheduling services.
    As the result, the controller could fail to enable.
    
    The issue was found only on vbox labs on AIO-SX, the fix is to boost
    sm process priority to nice value -10 from current -2.
    
    Closes-Bug: 1816764
    Depends-On: https://review.openstack.org/638664
    Change-Id: Iafa17b1c47d65cc7394552ea1c8e7a78398e4869
    Signed-off-by: Bin Qian <bin.qian@windriver.com>
    (cherry picked from commit a6934ac9d27e0357d0025018077441d989679409)

commit 5e61519ac92822b959dffe63b76956cf0e9d0383
Author: Angie Wang <angie.wang@windriver.com>
Date:   Fri Feb 22 01:21:07 2019 -0500

Solve the stx-openstack reapply issue on controller-1
    
    After stx-openstack applied, the stx-openstack reapply shouldn't
    trigger the charts reinstallation if there has no overrides changed
    for charts. However, the reinstallation happens after swacting active
    controller to controller-1 due to the generated images overrides on
    controller-1 are different from before. The images overrides generation
    requires walking through the stx-openstack charts stored under
    /scratch, but charts do not exist on controller-1's /scratch as it's
    an unreplicated filesystem. This causes the images overrides to differ
    between controller-1 and controller-0.
    
    This commit updates to walk through charts and get the images for
    charts during application-upload, then save the images list for each
    chart into the existing images file under aramda directory
    /opt/platform/armada. The images file would be used for retrieving
    the images for charts to generate images overrides.
    
    Closes-Bug: 1816173
    Change-Id: I4f00c3031decb063f8f126d0c837acd4dde56fc3
    Signed-off-by: Angie Wang <angie.wang@windriver.com>
    (cherry picked from commit cb4b30bf56195456ac6b8bd11abf7e23f90f81a4)

commit db199ed89be3ba792521f9c02c531401559742ae
Author: Gerry Kopec <gerry.kopec@windriver.com>
Date:   Fri Feb 15 20:10:56 2019 -0500

Update nova overrides to fix console addressing
    
    Use new nova helm chart config option introduced in dependent commit to
    prevent nova from overriding our per host override for VM console
    address.
    
    Closes-Bug: #1815490
    Depends-On: I86eb80578b23fd89b7f9643b943ee759f26a15be
    Change-Id: I7617157b3b2848cbbe2d9014b900cd437ac082a6
    Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>

commit fbdf59085cf734d8da1c9f4d34b60480e481736e
Author: John Kung <john.kung@windriver.com>
Date:   Sun Feb 10 09:23:27 2019 -0500

Update neutron helm override to enable network_segment_ranges
    
    This update depends on the update for the docker neutron image which
    is part of patch set 19 (or newer supporting the service plugin
    'network_segment_range') of
       https://review.openstack.org/#/c/624708/
    
    Helm override the default vxlan_group, vni_range which are set by:
      github.com/openstack/openstack-helm/blob/master/neutron/values.yaml
    
    Tests Performed:
        Containers:
            Verified network_segment_range feature is enabled when the
            docker image with the available functionality is loaded.
    
            Verified impact when network_segment_range is set and upstream
            feature not available; thus this update Must go in only after
            the docker neutron image has been updated to support the
            service_plugin.
    
            Setup lab, launched instances and confirmed data (provider)
            network reachability on vxlan and vlan.
    
    Change-Id: I2cb76f5cb956c46258481c331a580f979035bb0d
    Story: 2004455
    Task: 28324
    Signed-off-by: John Kung <john.kung@windriver.com>

commit 67bcf4d1bfe8baef3d0d88f2e40c1c98d72d136c
Author: Gerry Kopec <Gerry.Kopec@windriver.com>
Date:   Mon Feb 11 21:00:59 2019 -0500

Remove hugepage overrides from nova.conf
    
    Delete hugepage config options as these were only used by stx-nova and
    are not used in stein.  Additionally, the 4K pages value can change
    causing unnecessary restart of nova pods during application-apply.
    
    Closes-Bug: #1815545
    Change-Id: I9326db038a85be597801f3b78a45e30b28d0dd28
    Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>

commit 754f49a3575b78517327c3a0a7556cc25de6a18b
Author: Irina Mihai <irina.mihai@windriver.com>
Date:   Tue Jan 22 19:32:37 2019 +0000

Add Ceph pools management chart
    
    - new helm chart to set replication and min replication for
    each Ceph pool:
      -> new helm chart name: ceph-pools-audit
      -> the ceph-pools-audit chart creates a CronJob that runs
         every 5 minutes; the CronJob checks the replication for
         each existing pool and sets it right if needed, to reflect
         the attributes of the Ceph backends
      -> the CronJob is needed for: charts that may not manage pool
         configuration, pools created dynamically by services that
         may not have the current pool configuration uploaded
         (ex: swift), updating replication without reinstalling the
         charts that created the pools
      -> the ceph-pools-audit chart is installed after the
         rbd-provisioner in the application-apply
    - new overrides for the ceph-pools-audit chart that provide
    the replication values from the attributes of the present
    Ceph backends
    - enable rados-gw by default when a Ceph backend is enabled
    
    Change-Id: I1565268bac3ddc77e8368d2d6ab8600b3e4ed893
    Story: 2004520
    Task: 29034
    Signed-off-by: Irina Mihai <irina.mihai@windriver.com>

commit e2a2b3f9e0a463b6fdaac885d09888b0fd4f981b
Author: Gerry Kopec <Gerry.Kopec@windriver.com>
Date:   Thu Feb 7 19:59:34 2019 -0500

Set nova override to enable numa live migration
    
    Upstream nova has disabled instances with numa_topology from being able
    to live migrate (see https://review.openstack.org/#/c/611088 and
    https://review.openstack.org/#/c/635350/) due to numerous issues with
    the current implementation.  They did provide a workaround config option
    (enable_numa_live_migration).  We want this enabled by default for
    further testing.
    
    Story: 2003909
    Task: 29402
    Change-Id: Iadd9e2351e41aadd7fd0bb9a6e18e622e677fa42
    Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>

commit 67f351d6f9f074a7be2dcf44653c2d3eeb5f4371
Author: Matt Peters <matt.peters@windriver.com>
Date:   Tue Feb 5 15:54:18 2019 -0500

update vhost-user enabled helm parameter
    
    The vhost_user_enabled neutron config parameter has been moved under the
    ML2 ovs_driver section in the last stein/master docker build, therefore
    this helm override parameter needs to be updated to the new location.
    
    Depends-on: https://review.openstack.org/#/c/635551/
    Depends-on: https://review.openstack.org/#/c/635552/
    Story: 2004751
    Task:29364
    
    Change-Id: I2181926fdbea2e00b152a65bf76f9c9f1c85247c
    Signed-off-by: Matt Peters <matt.peters@windriver.com>

commit 6027b65d66bccfb64d2321469f5131b6a7f40abb
Author: Al Bailey <Al.Bailey@windriver.com>
Date:   Wed Feb 6 14:54:55 2019 -0600

Fix the global_index policy settings for containerized heat
    
    Sets the following in the armada manifest
    
        software_configs:global_index: rule:context_is_admin
        stacks:global_index: rule:context_is_admin
    
    Closes-Bug: 1814333
    Change-Id: Ib037b39c320587c0220b432a4198197923396709
    Signed-off-by: Al Bailey <Al.Bailey@windriver.com>

commit 38a9e5fc00a770a2228ba67f774cf8cba93caa15
Author: Angie Wang <angie.wang@windriver.com>
Date:   Tue Jan 22 15:15:59 2019 -0500

Stein: Update ceilometer overrides
    
    This commit includes the following ceilometer overrides to
    align with the ceilometer docker image based on master branch.
    
    - Remove the usage of the elimated configuration options
    - Remove the definitions of the elimated transformed metrics in
      polling/gnocchi_resources yamls as the transformer was removed
      from ceilometer master
    - gnocchi: remove the usage of the elimated filter http_proxy_to_wsgi
    - Add overrides for meter_definitions_dirs option to prevent loading
      duplicated meter definitions
    
    Change-Id: Iad1548864bc053b657074de66a99ae6342c5188d
    Story: 2004751
    Task: 28965
    Signed-off-by: Angie Wang <angie.wang@windriver.com>

commit fe1f1b569463acff8e97d7258bab7300f063b256
Author: Robert Church <robert.church@windriver.com>
Date:   Sat Jan 19 03:30:39 2019 -0500

Enable Telemetry services
    
    This add the telemetry chart group to the manifest so telemetry
    services (aodh, gnocchi, panko, ceilometer) start on application apply.
    
    Also, a minor reorganization change to the neutron chart data to
    minimize diffs between the manifest files.
    
    Change-Id: I515ec0d4165c315bbc49ce6620451eca846028c6
    Story: 2004751
    Task: 28895
    Signed-off-by: Robert Church <robert.church@windriver.com>

commit 01e87ec78a25fc9bd6bf60f3872d35ad89253629
Author: Robert Church <robert.church@windriver.com>
Date:   Sat Jan 12 03:11:02 2019 -0500

Stein: Update cinder backup driver
    
    Support for loading by class name and not module name was deprecated in
    queen and removed in stein. The backup driver class name is now provided
    to specify which backup driver to use.
    
    Change-Id: I6cded150608aff808a4382ab611dc0ad6953223d
    Story: 2004751
    Task: 28895
    Signed-off-by: Robert Church <robert.church@windriver.com>

commit 07aac0f6b14af83ff72b91b24c26cbf54c47322d
Author: Robert Church <robert.church@windriver.com>
Date:   Mon Jan 14 15:22:24 2019 -0500

Stein: Remove ceilometer transformer support
    
    In Stein transformer support was removed from master as data
    transformation is no longer the responsibility of Ceilometer. This
    updates the pipeline configuration in the armada manifest to align with
    what is expected upstream.
    
    Change-Id: Ia4fc58ef0d99ce07fc23cb9bc7eafce95489988a
    Story: 2004751
    Task: 28895
    Signed-off-by: Robert Church <robert.church@windriver.com>

commit 42def5b1f95a2b459817329a5c7b5035548ac37d
Author: Robert Church <robert.church@windriver.com>
Date:   Mon Jan 14 15:07:23 2019 -0500

Stein: Update neutron overrides
    
    Update neutron chart overrides to align with the upstream docker image
    based on the master branch.
    
    Changes include:
     - Remove StarlingX use of custom extensions for the host driver and
       scheduler.
     - Update the ml2 type_drivers to the expected upstream values.
     - As of Queens the deprecated api-paste entrypoint
       neutron.api.versions:Versions.factory has been removed. An override
       has been provided to use neutron.pecan_wsgi.app:versions_factory.
    
    Change-Id: I9a40f31d0795acd24a2ccef22f2b4c9630a8b924
    Signed-off-by: Robert Church <robert.church@windriver.com>
    Story: 2004751
    Task: 28895

commit 514e2c0d00a28a572f15617f1edcb0f2586d79a8
Author: Robert Church <robert.church@windriver.com>
Date:   Mon Jan 14 13:02:43 2019 -0500

Stein: Remove custom nova scheduler filters
    
    Remove the StarlingX custom nova scheduler filters which are not
    currently supported in upstream nova.
    
    Change-Id: I7b8dd644d2bf9ebda40d3e908bb9dcdd5952d088
    Story: 2004751
    Task: 28895
    Signed-off-by: Robert Church <robert.church@windriver.com>

commit b5263866f9c97a465108d55663605a1db63ca1fa
Author: Robert Church <robert.church@windriver.com>
Date:   Mon Jan 14 22:57:24 2019 -0500

Stein: Change latest tag to align to master
    
    Use docker images built on master.
    
    Change-Id: I4ca006258136d3a841fd9716aa20e29b86138f9c
    Story: 2004751
    Task: 28895
    Signed-off-by: Robert Church <robert.church@windriver.com>

commit f0f0811ab67d3c7fa0b0b36b8c6ca27855423d47
Author: Al Bailey <Al.Bailey@windriver.com>
Date:   Wed Jan 16 10:43:49 2019 -0600

Disable setup of AODH on bare metal controller for stein
    
    Pike AODH cannot be built with stein clients, so it is disabled.
    
    All bare metal openstack components (except keystone and horizon)
    will later be disabled.
    
    Story: 2004751
    Task: 28839
    Change-Id: Iaef48dcc205ce52ab01f50eec8f59ea79431f2a2
    Depends-On: Ifa905bea2e95ded72a327f8ff43667c8c5429363
    Signed-off-by: Al Bailey <Al.Bailey@windriver.com>

commit 2f23ebe84cf889b4372bef4757db259662267275
Author: Scott Little <scott.little@windriver.com>
Date:   Tue Jan 8 16:31:39 2019 -0500

Update .gitreview for f/stein
    
    Change-Id: I4d5a723156e29ecd57f82c1c03a0e3ded487d007
    Signed-off-by: Scott Little <scott.little@windriver.com>

Ken Young (kenyis) on 2019-04-05

tags:

added: stx.2.0
removed: stx.2019.05

StarlingX

Containers: Unable to list all heat stacks as admin

Bug Description

Other bug subscribers

Remote bug watches