Updated obsolete uwsgi default configuration parameters for better
performance.
Increased number of worker threads to increase performance.
Uplifted uwsgi to the latest for bug fixes since 2018.
For more info please see:
https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
Change-Id: Ifedb9c6279e64be86deb6ec375810c5ecf97958a
Adds configmap-hash annotations to the job-db-init and job-db-sync
for configmap-bin and configmap-etc.
These annotations ensure that if configmaps change, the pods
are redeployed according to their upgrade strategy.
Change-Id: I8ff282d8279c934590d5308e9c26efaf65685e2b
This updates the deckhand chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I9bfd889b163e280cf17c4e7b49974a077e889f2f
Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ib0b21b33d8bf91ea6da4c2421cc81355cf2b23b1
Update apiversion for deployment to apps/v1
Add selector match labels to deployment
This patch is similar to https://review.opendev.org/#/c/638276/
These changes are required to install deckhand helm chart on k8s 1.16.0
Change-Id: Ifca6020dee953252629f42a1b04f384e959c0916
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I9ae69e84991f16891830fb7e044a06985eca9d0f
This PS adds pod anti-affinity to deckhand pods,
so that the scheduler can constrain pods against labels on other pods
running on the node. The default soft rule is in place so that if the
scheduler can’t satisfy the requirement, the pod will still
be scheduled.
Change-Id: Icab673726d0473662ccf45c4c576fe20912a1260
Implement container and pod level security context for the following
Deckhand resources:
- Deckhand server deployment
Change-Id: I23cd742cc3b76b4e5de67d3b8bb195ec3899fc0f
This is to try to address stuck deckhand-api ponds that never
went to error state in an attempt to self-jolt the pod again.
Change-Id: I70bf57dde5d696bddc68caab2f54826803d82d28
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I69d7dfebe457423c58dc297ec84d02ca62230020
This patch set adds TLS on overridden fqdns for public endpoints for
airship-deckhand. As cacerts are not loaded into the containers, this
only supports certificates that can be externally verified.
Change-Id: I41606129c8d59dfedcb648f5390985a31b690eec
This PS moves the chart to use secrets to store potentially sensitive
config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I884a68b379beefa3aa73018613ac37c0f3ee089d
Signed-off-by: Pete Birley <pete@port.direct>
This updates Deckhand to be compatible with the current
OpenStack-Helm Helm Toolkit. This includes:
- Using HTK manifest templates
- Refactoring values.yaml structure
- Some other small cleanup
Change-Id: Ib7c2451b46fab20935edb1c768ac56cc6353aa16
As part of ongoing effort to update the "application" and
"component" labels for the UCP components, there is a need
to align with the convention. We will update the label for
the deckhand API pod in this case.
Also updated helm_tk.sh to point to openstack-helm-infra for
reference to helm-toolkit as helm-toolkit has been removed
from the openstack-helm repo [0]
[0] https://review.openstack.org/#/c/558065/
Change-Id: I753c4ce653790250b79986c670224d0962f7676f
This is to stop the DH pod from being killed in production whenever
DH receives multiple concurrent requests from another service,
causing all its threads to become occupied with servicing those
requests, causing the liveness probe to fail, causing the DH pod
to be killed. This is highly undesirable and as a temporary
workaround we will drop the liveness probe altogether.
This partially reverts I1a1c107706862431e53668a864db622499e63c6f
Additional reading: Id2d4deaaf8bf73d6df4639810e6dee3acf79b05c
Change-Id: Ic81c0c1d6e3cd3ab3b326054b9c882962d240968
We will align the name with the rest of the UCP components, i.e.
change it from 'deckhand' to 'deckhand-api'
Change-Id: I4c65ac1e6371ffa80fd8b42cbe979d71b93e99c7
Updates Deckhand to use alembic to manage database upgrades.
Moves from creating tables at startup of Deckhand to the
db-sync job.
Change-Id: I6f4cb237fadc46fbee81d1c33096f48a720f589f
Under load, Deckhand will fail liveness checks with a 1 second timeout.
This Patchset extends the timout to 10 seconds and spaces the period
between checks to 20 seconds.
Adds labels to keystone user job.
Change-Id: Id2d4deaaf8bf73d6df4639810e6dee3acf79b05c
This sets multiple threads in Deckhand's chart config (4)
and set workers to just 1.
Deckhand's database is not configured to work with multiprocessing.
Currently there is a data race on acquiring shared SQLAlchemy
engine pooled connection strings when workers > 1. As a
workaround, we use multiple threads but only 1 worker. For more
information, see:
https://github.com/att-comdev/deckhand/issues/20
Change-Id: I60adeffff5461fdda957124232bc5a606baae413
This patch set does the following to enhance health/status checks
on the deckhand-api pod:
1) Add Liveness Probe
2) Update Readiness Probe
Change-Id: I1a1c107706862431e53668a864db622499e63c6f
This adds resource declarations to the keystone service job
container for deckhand. It also updates .gitignore to specifically
exclude tarballs and requirements lock files instead of all
contents in charts/deckhand
Change-Id: Ide80834cf636dfc96d207a19f2248fd75aea5ca7
- Seeing issues with a lot of Drydock
requests timing out and it seems to be a
downstream issue with pulling Deckhand
docs
- Add jsonpath cacheing as the jsonpath-ng
parser was consuming 54s of the total 56s
runtime of a rendered-documents GET call.
With caching, the call is taking closer to 2s.
- All add a .dockerignore file to make image
building a little faster
Change-Id: I6ef84ffd946dcf2713b4f7570b985156deb1d697
We are getting the following error [1] in Armada after [0]
was merged due to missing values in values.yaml
This patch set is meant to correct that
[0] https://review.gerrithub.io/#/c/398810/
[1] Error Messages
2018-02-08 07:02:54.481 1 ERROR armada grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with (StatusCode.UNKNOWN, render error in "deckhand/deployment.yaml": template: deckhand/deployment.yaml:36:62: executing "deckhand/deployment.yaml" at <include "helm-toolki...>: error calling include: template: deckhand/charts/helm-toolkit/utils/_hash.tpl:22:4: executing "helm-toolkit.utils.hash" at <include $wtf $contex...>: error calling include: template: deckhand/configmap-etc.yaml:37:20: executing "deckhand/configmap-etc.yaml" at <.Values.conf.deckhan...>: can't evaluate field api_endpoint in type interface {})>
Change-Id: Ie0aad8c2668924589fbad8865c973d86cb8779f7
- Support configured Postgres admin password
- Use secrets for database job environment setup
- Remove superuser rights from deckhand user
Change-Id: I9d8eee1af864b0e99ee7c8a01a6bba84cfcb67f9
When testing Promenade integration, I found that it was taking more than
the default 60 second timeout to render documents.
Change-Id: Id0ee7ea30b901a60eb95df06a3d25ce4c8689a8a
This p.s. will allow multi-thread/worker parameters to be
configurable in the Deckhand chart so that the values can
be injected into the pod environment. This is a follow up
to the comments made in [0].
Note also that we will need multiple workers in order to
handle concurrent requests from Armada and DryDock to DeckHand
for the rendered document. Multi-threads with single worker
did not work as expected. Test results from our lab environment
suggests that 4 single-threaded workers will be sufficient
for our purpose. Hence we will use that as default override
values for now.
[0] https://review.gerrithub.io/#/c/393679/
Change-Id: I228713ec7b2ec305cbc2c761bc77125ea98e7dfa
Currently, openstackhelm-toolkit provides two utility methods:
.to_oslo_conf and .to_ini whose only difference at this time is
the ability to handle multistring in .to_oslo_conf as it is an
openstack concept that is not found in .ini files.
As logging.conf and paste.ini do not support multistring, they do
not need to be render by .to_oslo_conf, and while the code is not
incorrect, using .to_ini would be more appropriate.
Trivial fix
Change-Id: I20ae77842a3406ea64bf40d951adef2e519cbfcb
There has been recent changes to the Helm Toolkit which broke
the DeckHand Chart
The changes in Helm Toolkit were made to the 'images' definition
in values.yaml to facilitate adding the option to prefix image
name etc
This P.S. updates the DeckHand Chart to align with the recent
changes in Helm Toolkit
Change-Id: I0c9ddfd8b06be7dedcd030d94e381bf4e3f1d210
Sean Eagan