This PS bumps up Airflow version to the latest
2.8.2 and also bumps up openstack dependences to
Antelope 2023.1
Change-Id: I61b5b39079f9c3360f5dfaafb1f961b629795c1c
Update helm toolkit reference
Update helm toolkit ref so that ingress will be created with a pathType
of Prefix.
https: //review.opendev.org/c/openstack/openstack-helm-infra/+/905757
Change-Id: I07dde50ba811aaf040a45b6e30ec53352e25fe55
Upgrading htk to version 0.2.55, which deprecates the ingress class
annotation (kubernetes.io/ingress.class) with .spec.ingressClassName
https://review.opendev.org/c/openstack/openstack-helm-infra/+/891720
Change-Id: Ib4fb99c475ce8bb5d2225f9ba84086e919029785
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfrmed based on
airflow-2.6.2 constraints
- postgresql image updated to 14.8
Change-Id: Ibdcc75e600166c20b842508aa5539587cca466f0
This PS makes the following changes:
- increases timeout for docker images build jobs
- adds available security updates to docker images
Change-Id: Ib10309bab017e864d14cad2dec816645220fba06
Adding ttlSecondsAfterFinished option to the chart for db
clean up cronjob
Add history limit options
Add concurrency policy to forbid
Change-Id: I431a9a3692fee36f77c6037031965e58c2c343c0
This PS restores image build for ubuntu_bionic and adds appropriate
gates to keep it tested by appropriate functional and integrational
tests.
Change-Id: I695fb42efff29aeda737f2b9c1eaeb84b95aa57c
This PS delivers the following updates:
- fixed sample config and policy files generation
- rolled back chart version incremention
Change-Id: I0a7145afd8c81e2bbf36d9437d4eff3c0354667a
This PS implements the following changes:
- switches freeze approach to requirements-direct.txt and
requirements-frozen.txt files
- adjusts code tabulation style according to yapf recommendations
- replaces deprecated usage of responce.body attribute with
responce.text
- fixes integration tests in controlled by Makefile + tox
- uplifts Helm to v3.9.4
Change-Id: I751db72eb8f670825382f11a36657112faeb169a
- uplifted some python modules
- fixed tox4 requirements
- added focal build node as a default one
- added bindep.txt and bindep role to playbooks and docker image build process
- changes Makefile to reflect GoLang and dependency management changes
- upgraded Helm to v3 for chart build process
- uplifted postgresql version to 14.6
- fixed deprecated falcon.API - replaced with falcon.APP
- fixed upstream docker image publishing process
Change-Id: I307d72bb7680f6f5c71e42ad30666cf786420460
This patch adds an ability to match several NIC addresses by one
hardware profile by using regex as the address. The regex expression has
to have regex: prefix in order to be recognized.
Change-Id: I0bb067fb1783725e4ac485683eb898d5fc2d7bf2
Adding cronjob to purge the drydock DB based on retention day value. Additionally adding drydock API endpoint for purging the tasks and result_message tables and running vacuum full on drydock DB.
Change-Id: Ibcce61ecdafa637ca3ffec654152060aae26d4b8
Updates the helm installation script to download and install v2.17.0
from get.helm.sh (instead of v2.14 from storage.googleapis.com).
Change-Id: I98a92c52ee1ecd28eb7a5beb6b72c4565b47cdfe
During MAAS enlistment (and commissioning), an IPMI account (named
"maas" by default) is created on each node, which MAAS then uses for
power management.
This change allows MAAS to use the same credentials as the ones used by
the OOB driver, by overwriting the power parameters for the discovered
nodes. This includes the power type, so if the node is configured to use
Redfish, then Drydock will update a MAAS node discovered as IPMI to use
Redfish instead.
It also provides an option to instruct MAAS not to recreate IPMI
credentials during commissioning, which is passed through to the MAAS
API. Setting this to true is only supported in MAAS 2.7 or later [0].
The two maasdriver configuration options are introduced in drydock.conf,
along with their default values:
[maasdriver]
use_node_oob_params = false
skip_bmc_config = false
These options do not prevent MAAS from creating the IPMI account during
enlistment - this would require addition MAAS customization.
0: 8842d0bfd3
Change-Id: I24d3bc3b1cc94907d73bc247de3fc06dd4750ab1
The existing max_workers setting for the ThreadPoolExecutor caps the
number of nodes that can be deployed concurrently to 16. This change
allows more threads to be run in parallel, allowing the operator to
deploy more nodes at once.
Change-Id: I6d1dfa7ad8f5e03a8328311e6b59ee116a250462
The MAAS API call "GET /MAAS/api/2.0/machines/" retrieves information
about every machine known to MAAS, which is very slow. The API supports
filtering based on hostname and mac_address (among others), and querying
for power parameters for all nodes at once.
This change modifies identify_baremetal_node to avoid calling refresh on
the full machine list.
Also, the refresh method of ResourceCollectionBase is updated to allow
passing of params, which can be used to take advantage of the filtering.
Note that a filtered call to refresh overwrites the resources collection
to only contain the returned values.
Most calls to Machines.refresh() aren't really needed at all - they are
replaced with a call to Machines.empty_refresh(), which will still make
sure that the API endpoint is accessible but return an empty collection.
(This may get removed entirely in the future.)
Change-Id: Ie58c45e1790c5c827d9d47f5582214ca519946de
This patchset tunes the Drydock MAAS request factory to:
a) Implement retries for requests toward MAAS_URL/api/2.0/
b) Bumps the request timeout slightly
In addition, restricts threaded actions towards nodes to
using the same MAAS client, effectively rate limiting calls
to the MAAS api.
Change-Id: I2e66105ae332adaed62c9c3bc8cddc63e1f7bf23
* pep8 fixes for airship-drydock-omni-test
* Install requirements sequential for ubuntu_xenial image
* Install older version of pip<21.0 for ubuntu_xenial image
Change-Id: If494b6abc1f8b85d96da4cad2da8606b8b2a1352
Adding said label, that's already defined, to the deployment itself.
This will enable Armada to properly wait for certain percentages
of the deployment replicas to be ready prior to proceeding. Prior to
this change, there wasn't a way to select the Drydock deployment via
labels.
Change-Id: I7c5ed223d54213a1260c27485d0bfd493c09163f
Patch PyYAML (via the pylibyaml library) to automatically enable the
LibYAML parser and emitter, which are faster than the Python versions.
https://pypi.org/project/pylibyaml/
Change-Id: Iaddc0f30ed99b1f9a999f5365e9e8bf43349b82f
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: Ic115755eff68f419116b79102661e9fe1a7b1764
When pip is upgraded to 20.3, the pip dependency resolver is much more
strict and will no longer install a combination of packages that is mutually
inconsistent[0].
These changes account for the fact that Shipyard imports Armada, Drydock,
Promenade, and Deckhand. Having said that, with pip 20.3, the pip
packages amongst those projects cannot conflict. A follow-up change may
be needed if more conflicts are found.
[0] https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-2-2020
Change-Id: I89c6dc728824f00f964c794142766012c407c4ed
During drydock node deployments, sometimes MaaS node deployment for
some nodes fails when the node tries to pull the node bootaction
files, using drydock api.
Drydock api call fails with `500 Internal Server Error`, when
drydock tries to create the booaction files for the node. The logs,
however do no provide any additional clues on what caused drydock to
fail. This issue does not happen always, and subsequent site updates
will most of the deploy the failed nodes.
The additional checks and logs are added to help pinpoint the root cause
of the 500 return code, if/when this issue heppens again.
This ps also, uplifted `MarkupSafe` pip library from 1.0 to 1.1.1 to
address the issue with MarkupSafe and latest version of setuptools
described here: https://github.com/pallets/markupsafe/issues/116
Change-Id: I08a088d9690d8d9dd1f771dc5e84d1eb02fbd39f
This updates the drydock chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ibeb60d0b88f3519730b5b76996ab137c5af4f4f5
Use apt to install python3-pip, and use pip3 in event system has
both pip2 and pip3 installed. Use apt to install setuptools for
Ansible's consumption.
Change-Id: Id80c809c636abe41a1cbb4d465f82ed1e8e0e9d7
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
Corrects a recently introduced rendering error in the chart that
resulted in missing metadata labels for the drydock-db-init and
drydock-db-sync jobs.
https://review.opendev.org/#/c/724768
Change-Id: Ifa01bbc369a33ca3d5482c760a342d873736272e
This change allows node storage sizes to be specified using binary
prefixes (MiB, GiB, TiB) in addition to the existing supported formats
(MB, GB, TB).
Change-Id: Idef88b648a75bad87625acf1d73af011480cc0b9
A recent change[0] to address PEP8 issues resulted in an unintended
behavior modification, in some cases resulting in MAAS allocation of
multiple IP addresses to the same NIC.
This reverts to the original code logic.
[0] 1755930331
Change-Id: I6dccd1b60c414e3aa966085e81dc0b61244e9814
The Airship vulnerability documentation has moved [0]. This change
updates SECURITY.md to point to the correct location.
[0] https://docs.airshipit.org/learn/vulnerabilities.html
Change-Id: Iea843a3399bc7836f5645c3ca81603e2e9ca7356
Signed-off-by: Drew Walters <andrew.walters@att.com>
Flake8 version recently updated to include new PEP8 rules. Some of
the codebase is not compliant with the new rules.
Change-Id: I0f5b3d41ee54ff0d9ffa05f733f98c7e34f0f258
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
Automatic security alerts were created for pyyaml==3.12 and
requests==2.19.1 suggesting these packages be upgraded to 2.20.0 and
5.1 respectively.
Vulnerabilities addressed:
CVE-2018-18074 on requests package
CVE-2017-18342 on PyYAML package
Change-Id: Iff5bc11d60c2724fef0bb8b2552e17573c79dc9f
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>