commit 1c467789c43827321e4319d50065fdbab1be35a2
Author: David Sullivan <email address hidden>
Date: Wed Feb 20 00:49:17 2019 -0500
Add replica settings for mariadb ingress pod
There was no mariadb replica override for the ingress pod. On AIO-SX
this caused two pods to be scheduled. When anti-affinity was added to
mariadb this broke application-apply on AIO-SX.
The mariadb ingress pod replication will be set to the number of
controllers.
commit ed3c63a06da2cb04b7415cb1b5ba6340c3fa229a
Author: Erich Cordoba <email address hidden>
Date: Tue Feb 19 12:09:42 2019 -0600
Add DNS requirement for kubernetes and helm.
`helm init` is being execute before networking and DNS is properly
configured in the controller. A dependency was added to kubernetes
to setup DNS, helm manifest was updated to depend on kubernetes.
Also, the `--skip-refresh` flag was added to helm init for second
controller to avoid timeout scenarios on proxy enviroments.
commit 70ed5b099496c98b37a94b061610d48c9263f554
Author: Alex Kozyrev <email address hidden>
Date: Fri Feb 15 15:46:32 2019 -0500
Enable Barbican provisioning in SM in kubernetes environment
Since Barbican is in charge of storing BMC passwords for MTCE now
we need it to run as a bare-metal service alongside with kubernetes.
This patch enables SM provisioning for barbican in this case.
commit 5b94294002617b18bc0f98b206a24cec38a5b929
Author: Angie Wang <email address hidden>
Date: Thu Feb 7 23:42:25 2019 -0500
Support stx-openstack app install with the authed local registry
The functionality of local docker registry authentication will be
enabled in commit https://review.openstack.org/#/c/626355/.
However, local docker registry is currently used to pull/push images
during application apply without authentication and no credentials
passed to the kubernetes when pulling images on other nodes except
for active controller.
In order to install stx-openstack app with local docker registry that
has authentication turned on, this commit updates the following:
1. Pass the user credentials when pulling/pushing images from local
registry during application apply.
2. Create a well-known registry secret "default-registry-key" which
holds the authorization token during stx-openstack app apply and
delete the secret during removal. The helm-toolkit is updated to
refer to this secret in k8s openstack service account template for
pulling images from local by kubelet. This secret is also added to rbd-provisioner service account as well since it is not using helm-toolkit to create service account.
Move all neutron static configurations from the overrides to the
Armada manifest.
This is being done so we have a consistent way of managing
containerized openstack configurations. Static configurations will
be located in the Armada manifest and dynamic configuration will be
located in the overrides files.
commit cf23446094d52851e4bd2ade516ab724b65844f0
Author: Dean Troyer <email address hidden>
Date: Tue Feb 12 17:06:53 2019 -0600
Fix configutilities and controllerconfig installs in DevStack
Use the DevStack-provided functions to do the Python installations
for configutilities and controllerconfig.
Prepare the plugin setting for declaring DevStack prereqs that
is available in master's DevStack playbook.
Also do not enable all services by default. sysinv-api is disabled
in the devstack job as it does not properly start under Bionic. We
will address this separately.
Change-Id: Ib57863526d285049b5964828e1b60bf215d25a23
Signed-off-by: Dean Troyer <email address hidden>
commit acefd544f0f02aa348e29a46be925436349e542d
Author: Jim Gauld <email address hidden>
Date: Thu Feb 14 15:42:07 2019 -0500
Mitigate memory leak of sessions by disabling sudo for sriov agent
The sriov agent was polling devices via 'sudo ip link show',
and this resulted in a severe memory leak. The usage of 'sudo'
uses the host 'dbus-daemon', and somewhere the host does not
clean up login sessions.
Symptoms:
- gradual run out of memory until system unstable, host spontaneous
reboot due to delay or OOM
- huge growth of kernel slab
- thousands of /sys/fs/cgroup/systemd/user.slice/user-0.slice
session-x*.scope files with empty 'tasks', i.e., sessions
that should have deleted
- huge latency seen with ssh and various systemd commands
The problem is mitigated by disabling 'sudo' for sriov agent, using
a helm override that configures [agent]/root_helper='' .
Testing:
- Verified that we could launch a VM with SR-IOV interface;
VFs were able to set MAC and VLAN attributes.
Closes-Bug: 1815106
Change-Id: I0c57629c01b7407c99cc7f38b409019ab87af859
Signed-off-by: Jim Gauld <email address hidden>
Reviewed: https:/ /review. openstack. org/638217 /git.openstack. org/cgit/ openstack/ stx-config/ commit/ ?id=b09d0898b6e aec572be3195ae2 5ec15413136552
Committed: https:/
Submitter: Zuul
Branch: f/stein
commit 1c467789c438273 21e4319d50065fd bab1be35a2
Author: David Sullivan <email address hidden>
Date: Wed Feb 20 00:49:17 2019 -0500
Add replica settings for mariadb ingress pod
There was no mariadb replica override for the ingress pod. On AIO-SX
this caused two pods to be scheduled. When anti-affinity was added to
mariadb this broke application-apply on AIO-SX.
The mariadb ingress pod replication will be set to the number of
controllers.
Change-Id: Icf3f1979720629 904ca9ddcabf59e 8ecfab709e5
Story: 2004520
Task: 29570
Signed-off-by: David Sullivan <email address hidden>
commit ed3c63a06da2cb0 4b7415cb1b5ba63 40c3fa229a
Author: Erich Cordoba <email address hidden>
Date: Tue Feb 19 12:09:42 2019 -0600
Add DNS requirement for kubernetes and helm.
`helm init` is being execute before networking and DNS is properly
configured in the controller. A dependency was added to kubernetes
to setup DNS, helm manifest was updated to depend on kubernetes.
Also, the `--skip-refresh` flag was added to helm init for second
controller to avoid timeout scenarios on proxy enviroments.
Closes-Bug: 1814968
Change-Id: I65759314b3a861 e7fdb428889aa5f 5c1c7037661
Suggested-by: Mingyuan Qi <email address hidden>
Signed-off-by: Erich Cordoba <email address hidden>
commit 70ed5b099496c98 b37a94b061610d4 8c9263f554
Author: Alex Kozyrev <email address hidden>
Date: Fri Feb 15 15:46:32 2019 -0500
Enable Barbican provisioning in SM in kubernetes environment
Since Barbican is in charge of storing BMC passwords for MTCE now
we need it to run as a bare-metal service alongside with kubernetes.
This patch enables SM provisioning for barbican in this case.
Change-Id: Id51f679738d429 e78f388b6dc42e7 606ef0c41ab
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <email address hidden>
commit 0dd4b86526609b8 6d8c7395a7c9af1 3e7f769596
Author: David Sullivan <email address hidden>
Date: Tue Feb 12 14:09:10 2019 -0500
Add replica and anti-affinity settings
Add anti-affinity settings to openstack pods. Add replication to
novncproxy, aodh, panko and rbd_provisioner services.
Change-Id: I8091a54cab98ff 295eba6e7dd6fa7 6827d149b5f
Story: 2004520
Task: 29418
Signed-off-by: David Sullivan <email address hidden>
commit 5b94294002617b1 8bc0f98b206a24c ec38a5b929
Author: Angie Wang <email address hidden>
Date: Thu Feb 7 23:42:25 2019 -0500
Support stx-openstack app install with the authed local registry
The functionality of local docker registry authentication will be /review. openstack. org/#/c/ 626355/.
enabled in commit https:/
However, local docker registry is currently used to pull/push images
during application apply without authentication and no credentials
passed to the kubernetes when pulling images on other nodes except
for active controller.
In order to install stx-openstack app with local docker registry that registry- key" which
rbd-provisione r service account as well since it is not using
helm-toolkit to create service account.
has authentication turned on, this commit updates the following:
1. Pass the user credentials when pulling/pushing images from local
registry during application apply.
2. Create a well-known registry secret "default-
holds the authorization token during stx-openstack app apply and
delete the secret during removal. The helm-toolkit is updated to
refer to this secret in k8s openstack service account template for
pulling images from local by kubelet. This secret is also added to
Note: #2 is short-term solution. The long-term solution is to implement /blueprints. launchpad. net/openstack- helm/+spec/ support registry- with-authentica tion-turned- on.
the BP https:/
-docker-
Story: 2002840 /review. openstack. org/636181 a7a4bea74eef8d1 72f03b5d60e
Task: 28945
Depends-On: https:/
Change-Id: I015dccd12c5c7f
Signed-off-by: Angie Wang <email address hidden>
commit d5db10f6b7df537 924efef684395be e3c608d23a
Author: Kristine Bujold <email address hidden>
Date: Tue Feb 12 10:03:48 2019 -0500
Move neutron static configs to Armada manifest
Move all neutron static configurations from the overrides to the
Armada manifest.
This is being done so we have a consistent way of managing
containerized openstack configurations. Static configurations will
be located in the Armada manifest and dynamic configuration will be
located in the overrides files.
Story: 2003909
Task: 29433
Change-Id: I5baf0bbc15912e 0303955456151e6 9856bba0385
Signed-off-by: Kristine Bujold <email address hidden>
commit cf23446094d5285 1e4bd2ade516ab7 24b65844f0
Author: Dean Troyer <email address hidden>
Date: Tue Feb 12 17:06:53 2019 -0600
Fix configutilities and controllerconfig installs in DevStack
Use the DevStack-provided functions to do the Python installations
for configutilities and controllerconfig.
Prepare the plugin setting for declaring DevStack prereqs that
is available in master's DevStack playbook.
Also do not enable all services by default. sysinv-api is disabled
in the devstack job as it does not properly start under Bionic. We
will address this separately.
Change-Id: Ib57863526d2850 49b5964828e1b60 bf215d25a23
Signed-off-by: Dean Troyer <email address hidden>
commit acefd544f0f02aa 348e29a46be9254 36349e542d
Author: Jim Gauld <email address hidden>
Date: Thu Feb 14 15:42:07 2019 -0500
Mitigate memory leak of sessions by disabling sudo for sriov agent
The sriov agent was polling devices via 'sudo ip link show',
and this resulted in a severe memory leak. The usage of 'sudo'
uses the host 'dbus-daemon', and somewhere the host does not
clean up login sessions.
Symptoms: cgroup/ systemd/ user.slice/ user-0. slice x*.scope files with empty 'tasks', i.e., sessions
- gradual run out of memory until system unstable, host spontaneous
reboot due to delay or OOM
- huge growth of kernel slab
- thousands of /sys/fs/
session-
that should have deleted
- huge latency seen with ssh and various systemd commands
The problem is mitigated by disabling 'sudo' for sriov agent, using /root_helper= '' .
a helm override that configures [agent]
Testing:
- Verified that we could launch a VM with SR-IOV interface;
VFs were able to set MAC and VLAN attributes.
Closes-Bug: 1815106
Change-Id: I0c57629c01b740 7c99cc7f38b4090 19ab87af859
Signed-off-by: Jim Gauld <email address hidden>