This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfrmed based on
airflow-2.6.2 constraints
- postgresql image updated to 14.8
Change-Id: Ibdcc75e600166c20b842508aa5539587cca466f0
Adding ttlSecondsAfterFinished option to the chart for db
clean up cronjob
Add history limit options
Add concurrency policy to forbid
Change-Id: I431a9a3692fee36f77c6037031965e58c2c343c0
- uplifted some python modules
- fixed tox4 requirements
- added focal build node as a default one
- added bindep.txt and bindep role to playbooks and docker image build process
- changes Makefile to reflect GoLang and dependency management changes
- upgraded Helm to v3 for chart build process
- uplifted postgresql version to 14.6
- fixed deprecated falcon.API - replaced with falcon.APP
- fixed upstream docker image publishing process
Change-Id: I307d72bb7680f6f5c71e42ad30666cf786420460
Adding cronjob to purge the drydock DB based on retention day value. Additionally adding drydock API endpoint for purging the tasks and result_message tables and running vacuum full on drydock DB.
Change-Id: Ibcce61ecdafa637ca3ffec654152060aae26d4b8
This updates the drydock chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ibeb60d0b88f3519730b5b76996ab137c5af4f4f5
This change updates the location of the kubernetes-entrypoint image to
point to its new home in the airshipit namespace on quay.io [0]. The
stackanetes image is no longer maintained.
[0] https://quay.io/repository/airshipit/kubernetes-entrypoint
Depends-On: 8314c530305a7a14cbf72bf0c2e873e0d01c595c
Change-Id: I08db87c2f97c687bd87162e2f7eaf81abe882c31
Signed-off-by: Drew Walters <andrew.walters@att.com>
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I2705fcf1d322ed06b124811b4ab91bfdfbdeacf3
This updates the drydock chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: I0882622e672e5918da82b58b76697b8974cf0b16
This patch implements Refish as new OOB driver for Drydock.
All the existing Drydock Orchestrator actions are implemented.
Change-Id: I31d653fb41189a18c34cfafb0f490ca4f4d661b5
- Instead of forcing a user to provide the full URL for the MAAS API,
instead use the endpoints pattern and render the URI via HTK templates.
- Add secret name to chart to support HTK ingress
- Install libyaml to take advantage of faster parsing by pyyaml
- Add exception logging when node compiling fails.
- Add caching of parsed design to gain efficiency
- Add TLS certificate secret for use by the ingress document
Change-Id: I5a2dbc415483c336d38d67edcebdfc5812f7bb0c
Add ingress support
- Add nodeSelectors to the PodSpec for the Drydock API
pod
- Physical nodes bootstrapping need to access the Drydock
API to retrieve the bootactions that should be executed during
deployment. This moves that access from a nodeport to ingress.
Change-Id: I3db41932c567cc85e89ad003389b7a019a10715f
Update the Drydock chart to be compatible with the latest Helm-Toolkit,
including taking advantage of some HTK manifest generation functionality
and updating the helm_tk.sh script to pull down master
openstack-helm-infra. Also update the default drydock image to point
to the current airshipit master rather than the old attcomdev in quay.
Change-Id: I9a818ae054361749ce16e9a6213fbeed82581f02
Co-Authored-By: Pete Birley <pete@port.direct>
Signed-off-by: Pete Birley <pete@port.direct>
This change modifies the internal Keystone API port in the
Drydock chart from 80 to 5000 and removes the default admin port
to match the Keystone chart provided by OpenStack-Helm.
Change-Id: I46fa68ffad5015a040b0022776459208be511881
- Remove OSH-based gate as it is not relevant at this point
- Add entries for unit testing, linting and security scans
- Some trivial changes to trigger all gates
Change-Id: Icb2731573b45f3824cde8cb44ef64e9d04c017bc
- Support optionally mounting a SSH private key
to allow Drydock to interact with remote hosts via
ssh (e.g. virsh)
Change-Id: Ib83bc53a46497af6d05f4d87595f1000d3178ec0
NOTE: This has become a monolithic commit to get gate
settings/scripts in place for CI
- Add Makefile with UCP standard entrypoints
- Move Dockerfile into images/drydock per UCP standards
- Add values.yaml entries for uWSGI threads and workers
- Add environment variables to chart Deployment manifest
for uWSGI thread and workers
- Add threads and workers specification to uWSGI commandline
in entrypoint
- Test that the Drydock API is responding
- Test that the Drydock API rejects noauth requests
- Fix Makefile utility script to work behind a proxy
Correct task success voting
Some tasks were incorrectly considered partial_success even when
no failure occurred.
- Network configuration erroneously marked messages as errors
- Update result propagation logic to only use the latest retry
The deploy_nodes task ended as incomplete due to a missing
subtask assignment
Also added a node check step to prepare_nodes so that nodes that
are already under provisioner control (MaaS) are not IPMI-rebooted.
Tangential changes:
- added config item to for leadership claim interval
- added some debug logging to bootaction_report task
- fix tasks list API endpoint to generate valid JSON
Improve task concurrency
When tasks are started with a scope of multiple nodes,
split the main task so each node is managed independently
to de-link the progression of nodes.
- Split the prepare_nodes task
- Begin reducing cyclomatic complexity to allow for
better unit testing
- Improved tox testing to include coverage by default
- Include postgresql integration tests in coverage
Closes #73
Change-Id: I600c2a4db74dd42e809bc3ee499fb945ebdf31f6
This ps removes the last references to Kolla-Toolbox which is not
required for keystone management jobs.
Change-Id: Ia02b018889964b0dc1b324fd053c16ed6c995a2f
Update the Drydock chart ot use the v.0.2.1 Stackanetes
entrypoint container for dependency checking
Change-Id: Ic136ccc8901fd7bcdd2c6615845765c1338c8ebc
This PS migrates the Drydock chart into this repo.
Update chart with input from previous repo
- Remove default secret names for Keystone jobs
- Use endpoints section for defining ports in service manifest
- Use manifests section for enabling all deployed manifests
Add DB integration
- Introduction of postgresql endpoint for Postgresql
- Addition of db_init and db_sync jobs
- Addition of db-init.sh and db-sync.sh scripts
- Convert conf file to use helm-toolkit templater
- Add database connect string to rendered conf file
Fix copyright notices for AT&T compliance
Change-Id: I1676a41ddbbd05c38f68b2b787924fc973411413