Add firewall flush rules to zuul pre-update gates.
Wrap gate scripts by run-gates.sh script in order to preserve the scripts execution contexts.
Also migrated chart building process to Helm v3.x.
Fixed 020-test-divingbell.sh script.
Change-Id: I6295d55338a6a75ac43b54c092704670d61854d9
The default behavior of divingbell-perm is to fail when trying to assign
permissions to non-existent files.
This change adds an option to values.yaml to skip any missing files and
proceed with the rest of the assignments.
conf:
perm:
ignore_missing: true # default is false
This may be useful in cases where files will never exist on a node, or
cases where the file does not exist yet, but will exist later. Note that
with this option enabled, a run in which files are skipped is considered
successful, so the rerun_policy and rerun_interval will determine if and
when another attempt will be made.
Change-Id: I15505d6292dda66942c66eea5a4d0666bd6bdfa7
1. OSH jobs now require gate_scripts_relative_path
variable to be explicitly defined.
2. Strict-mode test cases require a test package
that does not have to install dependencies, or
the test case will fail (since strict mode will
uninstall the dependency package and thus the
originally requested package).
3. Reduce redundant logging of the entire pod log
every time the pod status is checked; this was
causing long test cases (e.g. apt strict mode) to
fail.
4. Add a helper function to dump the pod log for
debugging failed test cases, since we will no
longer have the redundant logs above.
Change-Id: I7d2f6d2d161689a8744275b3d07571c83862a89c
While working on another change, I discovered conditions
in many test cases that echoed fail messages but did not
actually exit, so the gate could succeed even though some
tests failed. This patchset aims to fix those problems, and
then fix the problems masked by those problems:
1) fix bug in revert function of file permissions module
preventing permissions from being reverted.
2) fix various syntax and logic problems in test script
3) add wait_for_tiller_ready function to avoid race condition
with test script using helm too early
4) add install for ethtool in test script
5) ignore ethtool pod failures (see note #1 in [0])
6) make logging of test results more uniform
7) Fix error message logic in perm.sh
8) Fix case in _shcommon.tpl where error message was not
logged, causing test script to unnecessarily wait for
container timeout
[0]: https://review.opendev.org/676010
Change-Id: I22182d35250c37c96e73d9f5f49abfb2246f2a35
This adds default AppArmor profile to divingbell.
Also, update to gate script to install ethtool if it is not present.
Change-Id: I7abb13a533b596f4db5fe65fdae5eb7fc57ec00a
Currently, divingbell-apt will only remove packages that aren't
on the current requested package list when they were previously
installed by divingbell-apt. This patchset adds a "strict" mode
which causes it to remove packages not on the requested package
list regardless of whether divingbell installed them (i.e., it
can remove unwanted packages that were part of the host's base
image).
Change-Id: Ie2ba5d47646bfaaf030cb54673e644ab0e917fd4
This change allows conf.apt.packages to be defined as a map of lists,
allowing for logical grouping and easier substitution when values.yaml
is being assembled from multiple sources.
The existing format (conf.apt.packages as a list) is still supported.
Change-Id: I4d4c09723b2e9ac1f0ecf847e786d991cc6e669a
Gate enhancements:
1. On certain opendev hardware, it's not possible to change
ethtool tunables, or the expected tunables are unavailable.
Until we have a mechanism to schedule to the right hardware,
we will issue a warning whenever these tests fail instead of
failing the gate.
2. Add a check so that gate script will not run until there are
no other instances of the gate script running on the same node,
as this can cause spurious gate failures.
3. Print gate script tracebacks in the event of gate script faliure
4. Increase check interval for two exec tests that were seen to fail
on one ocassion due to insufficient wait time.
Change-Id: Ifdbb203a1b14242e3801ba10ef7e932931771878
1. There is an ocassional timing issue when container logs are
unavailabile at certain points in the crash loop at the same
time the gate script tries to request them. The gate will now retry
this operation, instead of terminating right away with failure.
2. Re-enable uamlite security context so that useradd operations would
succeed.
3. Change apt pinning tests to use a version of the package that is
available in the apt repo. Upstream repos change, so we should not
pin to an explicit version that will be removed in the future and
break the gate.
4. Update helm version to 2.14.1 to sync with openstack-helm-infra
5. Fix divingbell build script: git --depth=1 incompatible with explicit
non-master commit checkout
6. Enhance overrides test case #7 to test for the issue identified in
[0].
7. Change hostname scheduling to match minikube hostname now configured
by OSH gate, instead of using the node's actual hostname
8. Re-enable gate voting
[0] https://storyboard.openstack.org/#!/story/2005936
Depends-On: https://review.opendev.org/671875/
Change-Id: Iad983ce363711e16ccd54e663c23d30a4a6a1177
Use the common logger for consistent log output for some echo statements
that were not making use of it.
Change-Id: I7fae2a950318f5cd3245a4571dc464009726d4ae
This commit introduces a non-voting job to lint Helm charts against the
latest version of Helm toolkit from OpenStack-Helm Infra. This job
should serve as an indicator of when it's safe to advance the version of
Helm toolkit used by Airship.
Additionally, this commit modifies all Helm chart lint jobs to run on
each commit, regardless of the files modified by a change. This should
not introduce a noticeable difference in CI runtime, as these jobs
execute quicker than the tox jobs.
Change-Id: Iffbe718f2f8cabaac74910e0c40a13e17e3f0578
- Adds the ability to rerun divingbell-perm at specified interval.
- Adds the ability to specify a rerun policy of
'always', 'never', 'once_successfully'. Default value is 'always'.
Demo: https://asciinema.org/a/220289
Change-Id: I3909b4d92f8e2bdb0d826ca1cfbd62f937c2532d
Add support for retries and reruns at specified intervals for
divingbell-exec scripts. Also adds support for timeouts.
Also update osh-infra-upgrade-host to allow gate to run.
Change-Id: I5f4cd43b13a467d94f67b358f3190f515256ae66
via new module 'perm'
1) DaemonSet
2) Secret (instead of old ConfigMap)
3) Include module /bin/_perm.sh.tpl
4) Commented example in values.yaml
5) Demo: https://asciinema.org/a/209509
6) Increased # of expected DaemonSets
7) Rebased after a few merges
8) Addressing comments
9) Migrated from ConfigMap to Secret
10) Got rid of 'eval'
11) Test
12) Demo for host targeting: https://asciinema.org/a/213125
Change-Id: Ia3181dcb7fc1ccc7422c635b010000f6d3fbcf4d
This change also adds an apt-get update call and a possibility to
provide debconf options that might be needed for some packages.
In case of dpkg interruptions dpkg --configure -a is added to
try to handle the failures.
Change-Id: Ib1f9a412bc544b4f7754634740fb04569bae6d34
- Extends apt daemonset to remove packages.
- Uses a list of packages in remove and automove, so if a
package gets installed that should not be it will be
uninstalled when Divingbell runs again.
Change-Id: Id5c7ccead399a8c78621a0e593033e55412ff315
This change adds a possibility to install or upgrade to packages
with a specific version. The daemonset also tracks the packages
installed, and will be removing the packages that were deleted
from the chart but were previously installed by divingbell.
Change-Id: Ia6066679e549190054eb2cf71589065177447447
1) 'Values' configures limit settings to be persisted.
2) Previous DivingBell controlled limits those were set
but now are gone are cleared.
3) Previous values of newly set limits are backed up
to /var/divingbell/limits
4) New limit is applied via adding a separate conf file
to /etc/security/limits.d
5) The Doc is updated with appropriate details.
6) Dev env with Vagrant
7) Increase number of expected DaemonSets in 020-test
8) Demo: https://asciinema.org/a/209619
Change-Id: I5efb39c498c2b666b4ba97271b59757f4a0c1ca7
See false positive in I234a50e9b2e46d5c92a89eb8073771043b4eaf56.
This patch makes the following changes to improve gate stability:
- Increase timeout while waiting for container logs from 30 to 60.
- Exclude terminating containers and get container name on each iteration.
NAME READY STATUS RESTARTS AGE
divingbell-apparmor-default-984mc 0/1 Terminating 0 26s
divingbell-apparmor-default-splhc 0/1 ContainerCreating 0 8s
divingbell-ethtool-default-62dlt 0/1 ContainerCreating 0 8s
divingbell-ethtool-default-v975n 0/1 Terminating 0 26s
divingbell-mounts-default-2xhv5 0/1 ContainerCreating 0 8s
divingbell-sysctl-default-c8nhn 0/1 Pending 0 8s
divingbell-sysctl-default-mlsnp 0/1 Terminating 0 26s
divingbell-uamlite-default-dv9cv 0/1 Pending 0 8s
Change-Id: I35ba6844d41c92bf9f581a97218275363e9ee0bd
This PS adds the skeleton for a set of zuul checks and gates for
Airship, using the framework from OpenStack-Helm.
Change-Id: I757aef16f023248ab37e87d47e36fc1eae1e23c4
Signed-off-by: Pete Birley <pete@port.direct>
Markin, Sergiy (sm515x)