Remove the stx-openstack helm and armada plugin modules from
sysinv. These will now be packaged as part of the stx-openstack
application and reside in the openstack-armada-app repository.
Change-Id: I7e1ae1d8a82ddf4c0beb94da0c4bb01328e28880
Depends-On: https://review.opendev.org/#/c/687469/
Story: 2006537
Task: 36755
Signed-off-by: Robert Church <robert.church@windriver.com>
This commit introduces a new interface type: 'VF'.
A VF (virtual function) interface is a sub-interface of an existing
pci-sriov class interface. It can have a different (less than)
number of VFs as the parent interface as well as a different
virtual function driver. In addition, the VF interface can be
assigned to a different data network as the parent SR-IOV interface.
The purpose of the VF interface is to enable a user to split the
virtual functions of a parent device between the parent and child
so that each can be assigned a different VF driver. This may be
beneficial to a user that has a mix of (DPDK) accelerated
containers and containers that just depend on a kernel
netdevice.
An example of configuring a VF interface from the client
is as follows:
system host-if-add -c pci-sriov <host> \
<ifname> vf <parent sriov interface> \
-N <numvfs> --vf-driver <vfio|netdevice>
Story: 2006842
Task: 37422
Change-Id: I1c9712f511c395c532d9b36721d94e22760210af
Signed-off-by: Steven Webster <steven.webster@windriver.com>
Sysinv had partially converted to oslo_log, but
not all the files had been updated. This completes
that conversion and completely removes
- sysinv.openstack.common.log.py
- sysinv.openstack.common.log_handler.py
Most of the changes in this review are:
Old Code:
from sysinv.openstack.common import log
New Code:
from oslo_log import log
Two main differences are:
- verbose flag was removed from oslo_log config in 2017
- oslo_log automatically prefixes each line with config type (sysinv)
Old Prefix:
2019-11-01 16:39:24.142 72561 INFO
New Prefix:
sysinv 2019-11-05 18:55:03.620 96275 INFO
Change-Id: I0dda384d943c6dc9277ebce87a6b295fb62500ff
Story: 2006796
Task: 37342
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The stx-openstack application is no longer automatically reapplied
on node unlock. The new behaviour is handled with a reapply flag:
- When a node is unlocked, or a runtime manifest is applied,
overrides are regenerated and compared to
their old values. If there is a difference a reapply flag is raised
along with a warning alarm
- A check was added to the kubernetes audit in the sysinv conductor
to check if the reapply flag has been raised and to trigger a reapply
if the system is in a stable state (no hosts currently
locking/unlocking/booting)
- This check is also done when a runtime manifest reports success
Test cases:
AIO-SX, AIO-DX, and Standard:
- When a lock/unlock is done with no changes the application is
not reapplied
- When a lock/unlock is done after a config change is made the
application waits until after the unlock and then triggers a reapply
STANDARD
- Enabled ceph-rgw chart and ensured that the application was reapplied upon
config success (likewise for chart disable)
- If there is a pending reapply, and the user triggers it before the
system is stable the reapply flag and alarm are removed
- Provisioning a new compute node and unlocking it for the
first time triggers an application reapply after it comes online
- App is reapplied when a node is deleted
- Compute added without node labels and unlocked results in no reapply
- Compute locked, labels applied, then unlocked results in a reapply
pods launch on compute only when labels present (likewise for label removal)
- Pending reapply flag and alarm persist over a controller swact
Change-Id: I1ae9fdc2afcdf831cf0e7d96f8af14fcb5f6b579
Closes-Bug: 1837750
Depends-On: https://review.opendev.org/677845
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
Extend the helm_charts API to support an enable attribute. This
attribute is set on application upload and stored in the existing
system_overrides element of the helm_overrides table.
Changes include
- Add application metadata support for disabling charts on application
upload.
- Add the system helm-chart-attribute-modify command to allow enabling
and disabling charts from the command-line. This removes the current
implementation of adding a faux label via the system host-label-assign
command to enable and disable charts.
- Add a --long option to helm-override-list to enable easy viewing of
what charts are enabled for a given application
- Enhance the ArmadaManifestOperator to make this a base class for
application specific operator classes. Introduce classes for the
stx-openstack and platform-integ-apps manifests with specific
knowledge of the charts and chart groups within each class.
- Use stevedore to load the application specific manifest operators.
This will allow future packaging of manifest operators with new
application tarballs.
- Move the helm chart definition from the common/constants.py to
helm/common.py. This limits helm/armada specific data leakage outside
of the helm directory, which we may carve out of sysinv in the future.
- Clean up the code related to the faux labels: LABEL_IRONIC,
LABEL_BARBICAN, and LABEL_TELEMETRY
- Rework the manifest update code in the plugins to include checks for
if the chart for a given application has been disabled.
Change-Id: If284f622ceac48c4ffd74e7022fdd390971d0fd8
Closes-Bug: #1833746
Depends-On: I418f0fe4978946a44e512c3025817fb27216c078
Signed-off-by: Robert Church <robert.church@windriver.com>
Neutron is now containerized, so this cleans up
sysinv for most of the unused neutron code.
Removes all neutron service parameters.
Removes unwanted references to service parameters in
the helm overrides.
Removes neutron DB references from upgrades.
Removes unused validators, utility functions and constants.
Change-Id: I36d31eebe9978a515a9c68d821f1b80e94cabc5e
Story: 2004764
Task: 30948
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The networktype field is no longer used in the interface table
since an interface can have multiple networks associated with it.
This commit is to remove the networktype field and use the
network association instead.
The host interface commands used to allow associating an initial
network to the interface. This has been changed such that network
association can only be done with the interface-network commands.
The address assignment of an interface is performed when a network
is assigned to an interface, not when the interface is provisioned.
Data interface no longer requires at least one datanetwork
associated with it.
The REST API doc is also updated to reflect the changes.
Story: 2004273
Task: 30947
Task: 33504
Change-Id: I952008408826f4c630246477d71687628357622c
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
In python, dict.update doesn't merge dict recursive. It only merge the
top level dict.
In following example, {'foo1': { 'bar1': 'val1', 'bar2': 'val2'}} is
expected. But {'bar1': 'val1'} is replaced by {'bar2': 'val2'}
```
>>> dict1 = {'foo1': {'bar1': 'val1'}}
>>> dict1.update({'foo1': {'bar2': 'val2'}})
>>> print dict1
{'foo1': {'bar2': 'val2'}}
```
This patch is to fix the 'updates' where recursive merges are expected.
Closes-bug: #1825275
Change-Id: Ib7d14c9631ce959f506ca309efb314411239ea7b
Signed-off-by: chengli3 <cheng1.li@intel.com>
'flat_networks' should be configured to specify which physical network
can be used as flat network. This patch is to populate'flat_network'
based on sysinv.
Change-Id: I2cec1e1234976b9d73ce4be74527a5bcbb7bc5eb
Closes-bug: #1821150
Signed-off-by: chengli3 <cheng1.li@intel.com>
This commit updates to move the image specification from
overrides generation to armada manifest and get the download
image list from both overrides files and armada manifest.
Story: 2005350
Task: 30312
Change-Id: Iea17a516c53cce4a0baaef684aa3c6cf6b3eff28
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The neutron OVS firewall_driver driver is currently set to noop since
there is no suitable firewall driver packaged. The security group
support for OVS agent is now enabled with the native "openvswitch"
firewall driver, which is stateful and based on openflow + conntrack
implementation.
Change-Id: Ie49ea124b3dd1ad2c5d405274fa891d88c7e39bf
Story: 2002944
Task: 22937
Signed-off-by: Kailun Qin <kailun.qin@intel.com>
As stx cutovers to containerization, most openstack components run in
containers, but ovs-dpdk running on the host.
This patch is to support ovs running in container, and make it the
default setting. We still support running ovs-dpdk on the host.
For option ovs-dpdk on the host, run follow command before unlock.
```
system modify --vswitch_type ovs-dpdk
```
Change-Id: I111865de17fc82a1e7c269fb97f53a181fb382b2
Story: 2004649
Task: 28610
Co-authored-by: Huifeng Le <huifeng.le@intel.com>
Signed-off-by: chengli3 <cheng1.li@intel.com>
The certificate for openstack services are installed and stored
under /etc/ssl/private/openstack. The endpoint tls parameters are
configured by the helm overrides.
Tests performed:
AIO-SX: application apply, reapply and launch instance
AIO-DX: application apply, reapply and launch instance
Standard system: application apply, reapply and launch instance
Pause and Resume instance. Ensure that no audit error is seen.
Story: 2004433
Task: 28096
Change-Id: Ib81f9541ebf116dee817e0b55f31866ed0d283f0
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
This commit introduces Barbican as an OpenStack Application.
Adding the Armada manifest for Barbican and updating the helm
plugin with correct values to bring up containerized Barbican.
Also fixing the typo in memcache_secret_key for all the services
in order to leverage authtoken cache encryption key feauture.
Removing the non-existing value for Keystone.
Change-Id: I41c85969fe0554399721abb6efa73148bdc84cd4
Story: 2003108
Task: 29969
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Added a service parameter to configure the public endpoint domain name
for Openstack. The Helm overrides is updated based on the configured
domain name.
Story: 2004433
Task: 29564
Change-Id: Iae1e722d31af991c051c69eebec26d3dddbf1cbd
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Move all neutron static configurations from the overrides to the
Armada manifest.
This is being done so we have a consistent way of managing
containerized openstack configurations. Static configurations will
be located in the Armada manifest and dynamic configuration will be
located in the overrides files.
Story: 2003909
Task: 29433
Change-Id: I5baf0bbc15912e0303955456151e69856bba0385
Signed-off-by: Kristine Bujold <kristine.bujold@windriver.com>
The sriov agent was polling devices via 'sudo ip link show',
and this resulted in a severe memory leak. The usage of 'sudo'
uses the host 'dbus-daemon', and somewhere the host does not
clean up login sessions.
Symptoms:
- gradual run out of memory until system unstable, host spontaneous
reboot due to delay or OOM
- huge growth of kernel slab
- thousands of /sys/fs/cgroup/systemd/user.slice/user-0.slice
session-x*.scope files with empty 'tasks', i.e., sessions
that should have deleted
- huge latency seen with ssh and various systemd commands
The problem is mitigated by disabling 'sudo' for sriov agent, using
a helm override that configures [agent]/root_helper='' .
Testing:
- Verified that we could launch a VM with SR-IOV interface;
VFs were able to set MAC and VLAN attributes.
Closes-Bug: 1815106
Change-Id: I0c57629c01b7407c99cc7f38b409019ab87af859
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
This adds generation of nova.conf overrides to configure:
- global PCI aliases for QAT and GPU devices
- per-host PCI passthrough whitelist (contains both
passthrough and SR-IOV devices)
Helm multistring dictionary is created for PCI alias, and created for
PCI passthrough whitelist. These multistring are OSLO.conf compatible
with oslo_config.MultiStringOpt() multiple input values.
Each multistring contains a list of JSON encoded strings.
The generation of these overrides assumes that all host PCI device
PFs and VFs are already provisioned, and that the resulting
pci addresses are queryable using sysinv DB methods.
Story: 2003909
Task: 29071
Change-Id: I8b96e471f7dcff6277cca107cbd0668ffd67c7b7
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
This update depends on the update for the docker neutron image which
is part of patch set 19 (or newer supporting the service plugin
'network_segment_range') of
https://review.openstack.org/#/c/624708/
Helm override the default vxlan_group, vni_range which are set by:
github.com/openstack/openstack-helm/blob/master/neutron/values.yaml
Tests Performed:
Containers:
Verified network_segment_range feature is enabled when the
docker image with the available functionality is loaded.
Verified impact when network_segment_range is set and upstream
feature not available; thus this update Must go in only after
the docker neutron image has been updated to support the
service_plugin.
Setup lab, launched instances and confirmed data (provider)
network reachability on vxlan and vlan.
Change-Id: I2cb76f5cb956c46258481c331a580f979035bb0d
Story: 2004455
Task: 28324
Signed-off-by: John Kung <john.kung@windriver.com>
There are some bits of code that are duplicated across almost
all the sysinv helm classes, and so it makes sense to pull
them into the parent class.
Change-Id: I3979a8e0052f751a41b1461826d492961d2bfdae
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Story: 2003909
Task: 29412
The vhost_user_enabled neutron config parameter has been moved under the
ML2 ovs_driver section in the last stein/master docker build, therefore
this helm override parameter needs to be updated to the new location.
Depends-on: https://review.openstack.org/#/c/635551/
Depends-on: https://review.openstack.org/#/c/635552/
Story: 2004751
Task:29364
Change-Id: I2181926fdbea2e00b152a65bf76f9c9f1c85247c
Signed-off-by: Matt Peters <matt.peters@windriver.com>
- Triggers an application reapply (including override
regeneration) on node unlock to pick up a new node being added
or configuration changes being made.
- The reapply also triggers on node delete if the host
had a compute node label to remove any per-host overrides.
- Turned on the restriction that nodes must be locked to modify
labels. Added an audit task to sync any labels made before
a node is unlocked and missing from k8s.
- Modified k8s puppet manifest to only launch kubelet on the
initial configuration, after that the service file is
modified to have a dependancy on the config gate.
This is to avoid PLEG errors in kubernetes due to the node
being overwhelmed during boot.
Change-Id: I1d9ca92f451aa322765da43ffcbb1d95f97f92f2
Story: 2004520
Task: 28826
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
Rework neutron system host management to operate on agent states
rather than an extended host entity, as it was agreed with the
neutron team that a new host level entity was not desired in the
neutron core.
This commit modifies the neutron override values to accommodate
the above.
Story: 2003857
Task: 26669
Depends-On: I441fcf3c186f68d17abafe337af71d0caf9c40da
Change-Id: I85943d5b6f421f4ef379694f21ad2d758bb5f38a
Signed-off-by: Kevin Smith <kevin.smith@windriver.com>
Introduce the DataNetwork api, client, model to allow modelling of the
physical data network, with the following attributes:
datanetwork_name
mtu
datanetwork_type (flat, vlan, vxlan)
VxLAN specific attributes
- port_number
- multicast_group
- ttl
- mode ('dynamic' default, or 'static')
The system data network may then be assigned to interface.
This is part of the Story to "Move neutron provider network modelling
to system configuration".
The interface api is currently made compatible with current usage to
allow specifying datanetwork (formerly providernetwork).
The following new CLI commands and corresponding api are exposed:
datanetwork-add Add a datanetwork.
datanetwork-delete Delete a datanetwork.
datanetwork-list List datanetworks.
datanetwork-modify Modify a datanetwork.
datanetwork-show Show datanetwork details.
interface-datanetwork-assign
Assign a datanetwork to an interface.
interface-datanetwork-list
List datanetwork interfaces.
interface-datanetwork-remove
Remove an assigned datanetwork from an interface.
interface-datanetwork-show
Show interface datanetwork details.
'system datanetwork-add' must be run where
'neutron providernetwork-create'.
Tests Performed:
AIO Sanity
Sanity 2-controller, 2-compute
Sanity Storage lab
Interface Profile create and apply
Containers deployment
Change-Id: I630f90768647dbb414a60978bf8f8f641496afd5
Story: 2004455
Task: 28324
Signed-off-by: John Kung <john.kung@windriver.com>
Update neutron chart overrides to align with the upstream docker image
based on the master branch.
Changes include:
- Remove StarlingX use of custom extensions for the host driver and
scheduler.
- Update the ml2 type_drivers to the expected upstream values.
- As of Queens the deprecated api-paste entrypoint
neutron.api.versions:Versions.factory has been removed. An override
has been provided to use neutron.pecan_wsgi.app:versions_factory.
Change-Id: I9a40f31d0795acd24a2ccef22f2b4c9630a8b924
Signed-off-by: Robert Church <robert.church@windriver.com>
Story: 2004751
Task: 28895
This commit adds configuration of the sriov backend to neutron.
This commit also adds setting the sriov=enabled label in kube_app.
Story: 2003909
Task: 28835
Change-Id: If9c7c0b73382855dde4b539ca821a9ef8a2963b3
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
This commit includes:
- Cleanup the duplicated functions for image overrides generation
- Add missing image overrides in some charts to avoid pulling
useless/uncessary images
Verified on AIO-SX/AIO-DX/2+2+2:
- config_controller --kubernetes
- system application-upload/apply/remove/delete
Story: 2004520
Task: 28730
Change-Id: Ibc4d3b5d3087547678c2786e44764e02f752c186
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The recent change to specify "required" for anti-affinity has
highlighted the fact that heat and neutron do not properly override
the number of pod replicas. This causes problems on AIO-SX.
Update the system overrides appropriately to set the number of
replicas based on the number of controller nodes.
Change-Id: I76769147c593974b1868ca8452d240ad391d0770
Story: 2004520
Task: 28633
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Currently, the images pulled from public registries are used
by helm charts for pods launching. This commit updates this
behavior to pull images from the local docker registry to
launch pods. In order to pull images from local registry,
images for each supported chart are updated in sysinv overrides
to point to the local docker registry. For the non stx images
or images not included in sysinv overrides, they are handled
when application apply by getting them from charts and adding
the converted image tags to the override files.
A list of docker images required for stx-openstack app installation
is maintained in a file. When applying stx-openstack app (before
launching pods), if the required images do not exist in the local
registry, images will be pulled from the public registries and
pushed to the local registry.
To be able to use the local docker registry, the default disk
size for docker-distribution is increased from 1G to 16G.
Validated on AIO-SX/AIO-DX/2+2+2:
- config_controller with kubernetes
- During the initial stx-openstack app apply, images pulled from
public registry and pushed to local registry. Images are pulled
from local registry for pods launching on each node
- Cleanup docker cache for each node, all images pulled from local
registry during the subsequent application apply
- Cleanup the images in local registry, images pulled from public
and pushed to the local during the application apply
Story: 2004520
Task: 28526
Depends-On: https://review.openstack.org/#/c/626394/
Change-Id: I2001fff237cc2ccf4be1a8b15ab346d730bb32e9
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This update replaced the compute personality & subfunction
to worker, and updated internal and customer visible
references.
In addition, the compute-huge package has been renamed to
worker-utils as it contains various scripts/services that
used to affine running tasks or interface IRQ to specific CPUs.
The worker_reserved.conf is now installed to /etc/platform.
The cpu function 'VM' has also been renamed to 'Application'.
Tests Performed:
Non-containerized deployment
AIO-SX: Sanity and Nightly automated test suite
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+2 System: Horizon Patch Orchestration
Kubernetes deployment:
AIO-SX: Create, delete, reboot and rebuild instances
2+2+2 System: worker nodes are unlock enable and no alarms
Story: 2004022
Task: 27013
Change-Id: I0e0be6b3a6f25f7fb8edf64ea4326854513aa396
Signed-off-by: Tao Liu <tao.liu@windriver.com>
When kubernetes is configured and the OpenStack application has
been installed, the VIM will be configured to access the OpenStack
services running in pods (keystone, nova, rabbitmq, etc...).
In order to support this, some extensions were done to the sysinv
helm code to allow parts of the OpenStack application
configuration to be retrieved (e.g. endpoint info). Changes
were also required to dnsmasq configuration to get resolution of
pod based names (e.g. keystone.openstack.svc.cluster.local)
working properly.
This commit is just the first step and has limitations. There is
no trigger to reconfigure the VIM after the OpenStack application
has been installed - a controller lock/unlock is required.
Story: 2003910
Task: 27852
Change-Id: I1c6dcdecd1365104457009196bbcf06b19c95489
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
Update the openstack-neutron helm overrides to label the neutron agents
to run on nodes where openvswitch=enabled.
Story: 2003909
Task: 27082
Change-Id: I0e854811601cfdc8b86a2a2c701be7ef29a73748
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
This commit moves password generation from the armada
manifest to the individual service overrides.
The passwords are being generated and stored on the sysinv
helm_overrides table under a new 'system_overrides' column.
Still TODO: Using Barbican to store the passwords
Change-Id: I16bc3b674aed9caa1c1207276552168c834e102c
Story: 2003909
Task: 27647
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
This commit fixes disabling the firewall driver in openstack-neutron
helm overrides for openvswitch_agent.
Story: 2003909
Task: 27082
Change-Id: I624c7356d3abad7f7c987ebb9f1d153966b68d4e
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
This commit introduces support for a containerized deployment of
neutron, with ovs-dpdk running on bare metal.
This is currently subject to the following known limitations, which
have not been included as part of this submission:
- BGP
- SDN
- SFC
- SRIOV
- PCIPT
In a regular set up, neutron interfaces are bound from sysinv, and
neutron hosts are managed from VIM. In a containerized deployment,
this (sysinv|VIM) <--> neutron interaction is nonexistent, so this
setup must be done manually, with the following commands:
- neutron host-create
- neutron host-bind-interface
The configured providernets, hostnames, and uuids should match the
values in sysinv.
Story: 2003909
Task: 27082
Change-Id: I3175aacfcdc96bfbc4d32fced0d63a26e7ccead0
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
Mirror the current infrastructure that we use for puppet based
provisioning of openstack services to enable system specific helm
overrides.
This commit comprises the backend to the sysinv API helm commands that
allow a customer to update the system provided overrides or introduce
new overrides for specific charts.
Four conductor RPC functions are provided to the API to gather system
overrides and namespaces for supported charts and chart bundles (i.e. an
application):
- get_helm_chart_namespaces()
- get_helm_chart_overrides()
- get_helm_application_overrides()
- get_helm_application_namespaces()
An application in this context is a set of supported charts that we
would deploy to support some specific functionality (i.e. a customized
openstack solution)
As with the puppet infrastructure, a CLI is provided to get the latest
system-only overrides for a given chart or bundle of charts that make up
an application. This is provided for development purposes and removes
user-provided overrides from the picture.
The following is the chart command syntax, a command to generate
override files for all supported namespaces of the ingress chart, and a
command to generate overrides for just the openstack namespace of the
ingress chart:
- sysinv-helm create-chart-overrides <path> <chart> <specific namespace>
- sysinv-helm create-chart-overrides /root/overrides ingress
- sysinv-helm create-chart-overrides /root/overrides ingress openstack
The following is the application command syntax, a command to generate
override files for all supported namespaces of the all chart in the
chart bundle, and a command to generate overrides for all charts in the
chart bundle that support the kube-system namespace:
- sysinv-helm create-app-overrides <path> <app> <specific namespace>
- sysinv-helm create-app-overrides /root/overrides wr-openstack
- sysinv-helm create-app-overrides /root/overrides wr-openstack kube-system
Story: 2002876
Task: 22831
Depends-On: https://review.openstack.org/587390
Change-Id: Idbe0938ef196fb68f716a95d1e9202f6f77cb6a8
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Robert Church