Rebasing Armada to use the latest docker image tag
8a1638098f88d92bf799ef4934abe569789b885e-ubuntu_bionic.
Change-Id: Ic48a2e053d0de7dacfd6a07d817947e11dc8d596
Story: 2006347
Task: 36105
Signed-off-by: Robert Church <robert.church@windriver.com>
On compute nodes with openstack-compute label, the
kvm_timer_advance_setup.service should be enabled.
The puppet service runs before kubelet.
Change-Id: I84d6c6234d4bd1c8c0c52f5735d7520377b2fe80
Partial-Bug: 1823751
Depends-On: https://review.opendev.org/#/c/672124
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The barbican-api process currently writes directly
to its logfile. As such, the logrotate config file
needs a copytruncate directive to ensure the process
doesn't end up writing to the rotated file instead.
Change-Id: I60c8a08ce612fd7f82e05f69b168919b12ab0017
Partial-Bug: 1836632
Signed-off-by: Don Penney <don.penney@windriver.com>
Upversion armada image from existing
af8a9ffd0873c2fbc915794e235dbd357f2adab1
to
dd2e56c473549fd16f94212b553ed58c48d1f51b-ubuntu_bionic
The specific image was chosen because it contained upstream
armada commit df68a90e057c2e1e3427d6b8497b437c8a4c3b7e, which
is a fix for keystone kubernetes auth. The ubuntu bionic image
was chosen because the old image was an ubuntu bionic based image.
Testing done by applying stx-openstack on standard, simplex,
and duplex systems.
Story: 2005860
Task: 33693
Change-Id: Ifd8a66d46e2dfd47ca7c5ab9807076ef43e67027
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
The ceph.conf file packaged in the Ceph RPM sets 'osd_pool_default_size
= 2'. This is a valid initial value for most deployments. The exception
is for the AIO-SX single OSD installation (which is our default minimum
AIO-SX configuration). In this deployment configuration, this value will
produce a HEALTH_WARN specifying "Degraded data redundancy".
This commit will set 'osd_pool_default_size' based on the deployment and
specifically set it to '1' for the AIO-SX. This will provide a HEALTH_OK
cluster on controller unlock.
If/when additional OSDs are added, the 'system storage-backend-modify'
command can be used to change the replication factor to provide a higher
level of data redundancy.
This change removes the long-stanging need to run the following command
when provisioning the AIO-SX:
ceph osd pool ls | xargs -i ceph osd pool set {} size 1
This will also now enable automatic loading of the platform-integ-apps
k8s application and subsequent loading of the rbd-provisioner for
persistent volume claims on the AIO-SX.
Change-Id: I901b339f1c7770aa16a7bbfecf193d0c1e5e9eaa
Story: 2005424
Task: 33471
Signed-off-by: Robert Church <robert.church@windriver.com>
Based on investigation by Matt, the tiller-deploy pod was running
in the cluster network namespace and therefore not inheriting host
TCP keepalive parameters.
During a swact, when the floating IP is taken down, tiller keepalive
is so large its the kube-apiserver detects the timeout after 15 minutes
(5 probes * 180 seconds)
The cluster namespace values are 9 probes at 75 second intervals.
The host TCP values are 5 consecutive probes at 1 second intervals.
By changing the tiller pod to be deployed using the host network,
it will inherit the host sysctl values and detect much more quickly.
(10 seconds)
Adding additional override settings during helm init for tiller
helm init <params> --override spec.template.spec.hostNetwork=true
These changes were added to the ansible playbook.
Change-Id: I218e4ef37100950c8ac5a0cb9759d9df50d9e368
Closes-Bug: 1817941
Partial-Bug: 1818123
Co-Authored-By: Matt Peters <Matt.Peters@windriver.com>
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
boundary_clock_jbod performs a sanity check to make sure
that all of the ports share the same hardware clock device.
This option is not needed in case of software PTP mode.
Moreover it interferes with normal PTP operation in this
case and causes PTP clocks instability in a network.
Also, cleaning up unused pmon scripts for ptp4l and phc2sys
and adding services dependencies from mainline linuxptp.
Change-Id: If4bbe6af600dbdf38d301deafb7dc050a7754cad
Closes-bug: 1824218
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Calico is meant to be configured for a < 50 node system.
The configuration for the > 50 node system had been mistakenly
selected.
Story: 2005198
Task: 30499
Change-Id: I5bd058a40b29f0a32f8d51d58054ab07faf3d85f
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Using SHA: af8a9ffd0873c2fbc915794e235dbd357f2adab1
which was built and tagged on April 9, 2019.
The previous Armada SHA was from Sept 2018.
The manifest.xml is updated to not generate armada warnings
for libvirt, openvswitch, nova and neutron.
The warning was:
"label_selector" not specified,
waiting with no labels may cause unintended consequences.
Story: 2005198
Task: 30436
Change-Id: I97b633d9e6e1e4574e25dc8b69500faae4b4a809
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The SM database had several services removed.
This change removes the calls to disable and deprovision those
services that no longer exist.
Story: 2004764
Task: 30247
Change-Id: I8834803b5ebbd5f41af9af7fab3f225da4cecb99
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This clamps kubernetes at 1.13.5 during the init phase.
Upversions helm/tiller from 2.12.1 to 2.13.1
Upversion calico to v3.6
Information about how to configure and test when upversioning
calico is located in the calico.yaml.erb file.
Story: 2005198
Task: 30211
Depends-On: If9476b26b315e8c863e1ec487cbf701972a82a98
Change-Id: I7fed5d75cb9f8b593fda7dc1bdd125c4e6d7affc
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
* Remove the nova api proxy puppet module.
* Remove openstack::swift puppet manifest.
* Refactor openstack::nova::storage as platform::worker::storage.
This requires the nova puppet code in sysinv to write to a
different hiera target, and creation of /var/lib/nova.
* Remove puppet modules from spec file for modules that are no
longer being used.
Story: 2004764
Task: 29840
Change-Id: Ifa0171b06e23fd77d373983d644df3f56ae4e2de
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
There is no supported way to do this to configure the coredns pod for
anti-affinity. See https://github.com/kubernetes/kubeadm/issues/1416
For now we will set this with a patch in the kubernetes manifest.
Change-Id: I3c83cee9d3209b223fd2c2e1149a85205e3c9b15
Story: 2004520
Task: 29726
Signed-off-by: David Sullivan <david.sullivan@windriver.com>
On AIO deployments puppet is run twice with two different manifests:
1. 'controller': to configure controller services
2. 'worker': to configure worker services.
Ceph is configured when 'controller' manifests are applied, there is
no need to run them a second time, when 'worker' set is applied.
Commit adds new puppet classes to encapsulate ceph configuration
based on node personality and adds a check to not apply it a 2nd
time on controllers.
If the ceph manifests are executed a second time then we get into
a racing issue between SM's process monitoring and 'worker' puppet
manifests triggering a restart of ceph-mon as part of reconfiguration
After a reboot on AIO, SM takes control of ceph-mon monitoring
after 'controller' puppet manifests finish applying. As part of this,
SM monitors processes death notification and gets the pid from the
.pid file. And periodically executes '/etc/init.d/ceph status
mon.controller' for a more advanced monitoring.
When the 'worker' manifests are executed, they trigger a restart
of ceph-mon through /etc/init.d/ceph restart that has two steps: 'stop'
in which ceph-mon is stopped, and 'start' in which it is restarted.
In the first step, stopping ceph-mon leads to the death of ceph-mon
process and removal of its PID file. This is promptly detected by
SM which immediately triggers a start of ceph-mon that creates a
new pid file. Problem is that ceph-mon was already in a restart,
and at the end of the 'stop' step the init script cleans up the
new pid file instead of the old.
This leads to controllers swacting a couple of times before the system
gets rid of the rogue process.
Change-Id: I2a0df3bab716a553e71e322e1515bee2bb2f700d
Co-authored-by: Ovidiu Poncea <ovidiu.poncea@windriver.com>
Story: 2002844
Task: 29214
Signed-off-by: Ovidiu Poncea <ovidiu.poncea@windriver.com>
Due to ordering of firewall rule/policy configuration, all incoming
packets may be dropped during firewall configuration, until its
completion. This creates a race condition where this packet loss
could result in manifest application failure, causing the initial
unlock to fail.
In order to avoid this packet loss, this update adds ordering
dependencies to ensure the default policies are applied only after
the common platform firewall rules.
Change-Id: I196911a197e6efb58e41d742a57216d0175cd4be
Closes-Bug: 1814619
Signed-off-by: Don Penney <don.penney@windriver.com>
https://review.openstack.org/#/c/628687/ stopped packaging the
query_ntp_servers.sh script. However, since there were no other
files being packaged into that directory the spec file choose
not to create an empty directory.
When config controller called the mtce.pp manifest to install
dynamic files into /etc/rmonfiles.d it could not. So it failed.
This update adds a directory check block to the mtce.pp file
to create the directoy if its not present.
Testing: Install AIO SX in SM1
Change-Id: Ib2dfadb261be6f9ebbaa7213eb6669b25158c779
Closes-Bug: 1811693
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
Barbican service is needed during bootstrap phase for StarlingX.
Implement bootstrap and runtime manifests to achieve that.
Change-Id: I6c22ebddacf8aec3a731f7f6d7a762f79f511c78
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Barbican fails to start in case of IPv6 configuration:
"Error: ':2:9311' is not a valid port number."
Wrong parsing of IPv6 host address can be fixed by adding [].
Also dropping '' for API workers number for the sake of consistency.
Change-Id: Ie40a0338d202dfa1cc17810db56d902b14e5accf
Closes-Bug: 1810558
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Starting collectd too early in the manifest apply is seen
to occasionally fail due to a dependency configuration on
hostname resolution in FQDNLookup not being complete.
This is fixed by making collectd startup have a hard
dependency on platform::networking by-way of a manifest
require Anchor.
As well, to handle the DOR case when controller manifest
is not executed, this update also ensures that collectd
and influxdb services are enabled in its manifest base
class so these processes are auto started by init.
Since influxdb is a controller only service it is removed
from non controller load types.
This issue is fixed by the following multi-git changes.
stx-metal:
Filter influxdb out of storage and compute only loads.
No real inter git merge dependency
stx-integ:
Add startup Before=pmond dependency
stx-config: This Update.
Move collectd config and startup to manifest apply post stage
Move influxdb config and startup to manifest apply post stage
Test Plan:
PASS: Build iso
PASS: Verify install storage system and collectd startup
PASS: Verify influxdb and extensions excluded in non-controller loads
PASS: Verify collectd starts properly on all nodes (CC,DOR,UNLOCK)
PASS: Verify influxdb starts properly on controller nodes (CC,DOR,UNLOCK)
PASS: Verify collectd pmond process monitoring and recovery
PASS: Verify influxdb pmond process monitoring and recovery
PASS: Verify collectd statistics storage and fetch to/from influxdb
PASS: Verify Install AIO DX and verify collectd and influxdb startup
PASS: Verify Storage system DOR
PASS: Verify AIO DX DOR
Change-Id: Idff6382d835289f5986e98e3b4ee6e9c7a960287
Closes-Bug: 1797909
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
Do not attempt to set wakeup latency unless the list of CPU instances is
non-empty. If either the low or high wakeup list is empty then there is
no need to attempt to run the script. Running the script with an empty
list results in a manifest apply errors and fails the node
initialization.
Story: 2004357
Task: 27957
Change-Id: I89f19388d131b6c377020c55f5b13960738e350d
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
Calico is being downgraded to v3.1.4 since the latest versions
are causing readiness and liveness failures. Based on K8S v12.1,
Calico should be on v3.3.x, therefore the underlying issue should
be investigated further and Calico upgraded once resolved.
This update also changes the IP autodetect method to ensure the
proper IP is selected. This is required for hosts that have
multiple IP addresses and the wrong address is being selected
based on the default find first address method.
Change-Id: I31c3630bde69160786866d0bc1bc29816892943f
Story: 2002843
Task: 22791
Signed-off-by: Matt Peters <matt.peters@windriver.com>
This update removes hbsAgent configuration from SM now
that it is no longer an SM managed/monitored process.
Story: 2003576
Task: 24907
Depends-On: https://review.openstack.org/#/c/617835
Change-Id: Ifceb92b5e82c45e1ac42068d11675006f2586169
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
The mtc.ini file is updated a second time in AIO config.
Due to the scope of the SM ports being for controller only
and no defaults we see the sm port assignments missing in
AIO configs.
This update defaults the SM port numbers and changes the scope
of the parameters so that they get set on all node types for
all system types.
Testing included provisioning an AIO system.
Change-Id: Ib53921c4b59a9e67ed136a03504bdf0775de6dff
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
The neutron network scheduler driver was set to the default dhcp
agent weight scheduler. This update is to set it to the host-based
scheduler.
Change-Id: I9d7d62935e0c2c26f22879dd1e249ef8eeeadd5a
Closes-bug: 1798096
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
As part of helm upversion from 2.9.0 to 2.11.0
the tiller docker image for 2.11.0 should also
be updated to align with it.
Story: 2002843
Task: 26751
Depends-On: I5afb5847204c62214689f9e246a4c9c0ddaf02b7
Change-Id: Iba89f89c9689579703354a77cafea33705c3b35d
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
All openstack services except keystone and horizon need to be
disabled in a kubernetes configuration. This task re-enables openstack
horizon dashboard as a baremetal service, and in a kubernetes config, it
disables the platform libvirt services which run on compute nodes or
on controller hosts in an AIO config
Story: 2002876
Task : 26168
Change-Id: I20e938ca83149474bf2c507062a0e65b69f005bc
Signed-off-by: Shoaib Nasir <shoaib.nasir@windriver.com>
docker-lv is an XFS file system. Add support for re-sizing XFS
filesystems by using blkid to query the file system type and call
xfs_growfs for XFS filesystems. Maintain the current behavior by calling
resize2fs for all non-XFS file systems.
Change-Id: If5de15d232c66e99f7f5c752d96ef92674dafb1d
Story: 2002876
Task: 26864
Signed-off-by: Robert Church <robert.church@windriver.com>
In support of the HA Improvements feature maintenance is required to,
upon request, send SM a summary of maintenance's heartbeat responsiveness
during the last 20 heartbeat periods.
This update adds the required port assignments to the mtc.ini file
in support of said communications.
With this update the mtc.ini file will be updated to contain the
following entries.
; Communication ports between SM and maintenance
sm_server_port = 2124 ; port sm receives mtce commands from
sm_client_port = 2224 ; port mtce receives sm commands from
Change-Id: I05c022f7e4dcdeaea71bc0020641baa331daae57
Story: 2003576
Task: 26837
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
The ptp4l process will fail in case there are no NICs specified.
We need to list all the NICs in the configuration file since
NIC specification has been removed from command line earlier.
Change-Id: Ib68406a2ed514830674627180c451d274b581f74
Story: 2002935
Task: 22923
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
All openstack services except keystone has been disabled when the initial
system is configured using the --kubernetes option. This includes openstack
services running on the controller as well as the ones running on
compute nodes.
Several unlock semantic checks for compute nodes including the requirement to
provision data interfaces prior to unlock have also been removed in the
kubernetes configuration
Change-Id: I555a62ac621d26217928d2522eb631fe9bb1f906
Story: 2002876
Task : 26168
Signed-off-by: Shoaib Nasir <shoaib.nasir@windriver.com>
The existing dependency for ensuring the hugepage directory was mounted
did not ensure that it was executed before the openvswitch service was
started. This causes an ordering problem under some configurations
since the OVS DPDK EAL init will fail since it cannot map the hugepages.
This update ensures the dependency is defined against the service rather
than the generic platform::vswitch puppet class to correct the
incomplete dependency ordering.
Story: 2003104
Task: 24862
Change-Id: I2dc9479024bd8363503058c0a9d3034b7c662a07
Signed-off-by: Matt Peters <matt.peters@windriver.com>
The generated lighttpd.conf file only included ipv6 support
when https is enabled.
This modification fixes the template to support ipv6 in all cases
Story: 2002986
Task: 23000
Change-Id: I3551e5cfeb4d31a8fefcbd3f6f1350bb17984053
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
Modify NTP puppet manifest to allow enabling and disabling this service.
This is required in case user would like to enable PTP service instead.
As a result, NTP daemon must be stopped on compute/storage nodes.
It is still running on controller nodes, but all the servers are wiped.
So, system date cannot be updated by NTP on controller nodes, but
it is still possible for compute nodes to do an initial time sync.
Also, PMON script is moved here from MTCE to follow enabled/disabled path.
Change-Id: I0831487fb14de80edec0ee8df5cc6f23dfb6bae8
Depends-On: I1ca6045af8c5169220b7332d45b843fdb4960f01
Story: 2002935
Task: 24646
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Updating ceilometer puppet manifest to use memcached as ceilometer
caching backend for resource caching.
Story: 2002825
Task: 22871
Change-Id: Ia4dfe41672c760488406ee5bbb33ca725e9a5d07
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit allows TPM certificates, per controller hosts, to be
persisted across:
- Host Reinstalls
- Controller Restores
- Doing a Backup on controller-1 and doing a Restore on controller-0
- DX / SX Upgrades
By populating them in Sysinv's per host tpmdevice table's tpm_data
field, we manage to push these certs in as hiera data and recreate the
TPM certs
The TPM binary memory maps are base64 encoded to allow RPC conduction
and storage in DB, as by default when the Agent RPC message is parsed,
it is done so using json.dumps which expects utf-8 encoding. The Binary
maps are base64 decoded prior to be written to the hiera records so that
the right content ends up in the files when the config manifest applies.
Change-Id: Ie8b282808afacbba92949eefb85e96d6be441822
Story: 2002886
Task: 22847
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Scott Little