chore: Set openstack version Zed (#310)
* chore: Set openstack version Zed
* Update chart versions
* Fixes after e2e test
- Add python-binary-memcached as default pip package (required for oslo_cache.memcache_pool backend)
- install nova first then neutron because network creation requires az creation first by nova helmrelease
- update registry url for some images
* Update charts
Apply horizon patch for mysqlclient version upgrade
* Add neutron patchset to add placement auth config
* Add neutron patch and set nova-ssh tag as latest
* Update horizon chart
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/charts/tempest/Chart.yaml b/charts/tempest/Chart.yaml
index 0f6c89b..e3be4e4 100644
--- a/charts/tempest/Chart.yaml
+++ b/charts/tempest/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/tempest
- https://opendev.org/openstack/openstack-helm
-version: 0.2.3
+version: 0.2.7
diff --git a/charts/tempest/charts/helm-toolkit/Chart.yaml b/charts/tempest/charts/helm-toolkit/Chart.yaml
index 08512f9..c1296b9 100644
--- a/charts/tempest/charts/helm-toolkit/Chart.yaml
+++ b/charts/tempest/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.41
+version: 0.2.51
diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl
index c1693aa..4c476b2 100644
--- a/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_ingress.tpl
@@ -685,7 +685,9 @@
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
{{- end }}
{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }}
-{{- range $key2, $ingressController := tuple "namespace" "cluster" }}
+{{- $ingressConf := $envAll.Values.network -}}
+{{- $ingressClasses := ternary (tuple "namespace") (tuple "namespace" "cluster") (and (hasKey $ingressConf "use_external_ingress_controller") $ingressConf.use_external_ingress_controller) }}
+{{- range $key2, $ingressController := $ingressClasses }}
{{- $vHosts := list $hostNameFull }}
---
apiVersion: networking.k8s.io/v1
@@ -704,7 +706,6 @@
{{- range $v := without (index $endpointHost.tls "dnsNames" | default list) $hostNameFull }}
{{- $vHosts = append $vHosts $v }}
{{- end }}
-{{- if and ( not ( empty $endpointHost.tls.key ) ) ( not ( empty $endpointHost.tls.crt ) ) }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
{{- $_ := required "You need to specify a secret in your values for the endpoint" $secretName }}
tls:
@@ -716,7 +717,6 @@
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
rules:
{{- range $vHost := $vHosts }}
{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
new file mode 100644
index 0000000..4854bb1
--- /dev/null
+++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
@@ -0,0 +1,93 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+ Creates a manifest for a authenticating a registry with a secret
+examples:
+ - values: |
+ secrets:
+ oci_image_registry:
+ {{ $serviceName }}: {{ $keyName }}
+ endpoints:
+ oci_image_registry:
+ name: oci-image-registry
+ auth:
+ enabled: true
+ {{ $serviceName }}:
+ name: {{ $userName }}
+ password: {{ $password }}
+ usage: |
+ {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
+ return: |
+ ---
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: {{ $secretName }}
+ type: kubernetes.io/dockerconfigjson
+ data:
+ dockerconfigjson: {{ $dockerAuth }}
+
+ - values: |
+ secrets:
+ oci_image_registry:
+ {{ $serviceName }}: {{ $keyName }}
+ endpoints:
+ oci_image_registry:
+ name: oci-image-registry
+ auth:
+ enabled: true
+ {{ $serviceName }}:
+ name: {{ $userName }}
+ password: {{ $password }}
+ usage: |
+ {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
+ return: |
+ ---
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: {{ $secretName }}
+ type: kubernetes.io/dockerconfigjson
+ data:
+ dockerconfigjson: {{ $dockerAuth }}
+*/}}
+
+{{- define "helm-toolkit.manifests.secret_registry" }}
+{{- $envAll := index . "envAll" }}
+{{- $registryUser := index . "registryUser" }}
+{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }}
+{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
+{{/*
+We only use "host:port" when port is non-null, else just use "host"
+*/}}
+{{- $registryPort := "" }}
+{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }}
+{{- if $port }}
+{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- $registryPort = printf ":%s" $port }}
+{{- end }}
+{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }}
+{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }}
+{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ $dockerAuth }}
+{{- end -}}
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
index 87872d6..3739f95 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
@@ -77,6 +77,11 @@
password="${RABBITMQ_PASSWORD}" \
tags="user"
+echo "Deleting Guest User"
+rabbitmqadmin_cli \
+ delete user \
+ name="guest" || true
+
if [ "${RABBITMQ_VHOST}" != "/" ]
then
echo "Managing: vHost: ${RABBITMQ_VHOST}"
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index d3fe4fd..9597d34 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -66,6 +66,14 @@
# framework will automatically tar/zip the files in that directory and
# name the tarball appropriately according to the proper conventions.
#
+# verify_databases_backup_archives [scope]
+# returns: 0 if no errors; 1 if any errors occurred
+#
+# This function is expected to verify the database backup archives. If this function
+# completes successfully (returns 0), the
+# framework will automatically starts remote backup upload.
+#
+#
# The functions in this file will take care of:
# 1) Calling "dump_databases_to_directory" and then compressing the files,
# naming the tarball properly, and then storing it locally at the specified
@@ -90,6 +98,16 @@
exit $ERRCODE
}
+log_verify_backup_exit() {
+ MSG=$1
+ ERRCODE=${2:-0}
+ log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}"
+ rm -f $ERR_LOG_FILE
+ # rm -rf $TMP_DIR
+ exit $ERRCODE
+}
+
+
log() {
#Log message to a file or stdout
#TODO: This can be convert into mail alert of alert send to a monitoring system
@@ -195,18 +213,52 @@
fi
fi
+ # load balance delay
+ DELAY=$((1 + ${RANDOM} % 300))
+ echo "Sleeping for ${DELAY} seconds to spread the load in time..."
+ sleep ${DELAY}
+
# Create an object to store the file
openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE
if [[ $? -ne 0 ]]; then
log WARN "${DB_NAME}_backup" "Cannot create container object ${FILE}!"
return 2
fi
+
openstack object show $CONTAINER_NAME $FILE
if [[ $? -ne 0 ]]; then
log WARN "${DB_NAME}_backup" "Unable to retrieve container object $FILE after creation."
return 2
fi
+ # load balance delay
+ DELAY=$((1 + ${RANDOM} % 300))
+ echo "Sleeping for ${DELAY} seconds to spread the load in time..."
+ sleep ${DELAY}
+
+ # Calculation remote file SHA256 hash
+ REMOTE_FILE=$(mktemp -p /tmp)
+ openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
+ rm -rf ${REMOTE_FILE}
+ return 1
+ fi
+
+ # Remote backup verification
+ SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
+ SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
+ if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ else
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
+ return 1
+ fi
+ rm -rf ${REMOTE_FILE}
+
log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully."
return 0
}
@@ -368,8 +420,8 @@
count=0
SECONDS_TO_KEEP=$((${REMOTE_DAYS_TO_KEEP}*86400))
log INFO "${DB_NAME}_backup" "Deleting backups older than ${REMOTE_DAYS_TO_KEEP} days (${SECONDS_TO_KEEP} seconds)"
- for INDEX in $(tr " " "\n" <<< ${!FILETABLE[@]} | sort -n -); do
- ARCHIVE_FILE=${FILETABLE[${INDEX}]}
+ for INDEX in $(tr " " "\n" <<< ${!fileTable[@]} | sort -n -); do
+ ARCHIVE_FILE=${fileTable[${INDEX}]}
if [[ ${INDEX} -lt ${SECONDS_TO_KEEP} || ${count} -lt ${REMOTE_DAYS_TO_KEEP} ]]; then
((count++))
log INFO "${DB_NAME}_backup" "Keeping remote backup(s) ${ARCHIVE_FILE}."
@@ -382,8 +434,8 @@
# Cleanup now that we're done.
for fd in ${BACKUP_FILES} ${DB_BACKUP_FILES}; do
- if [[ -f fd ]]; then
- rm -f fd
+ if [[ -f ${fd} ]]; then
+ rm -f ${fd}
else
log WARN "${DB_NAME}_backup" "Can not delete a temporary file ${fd}"
fi
@@ -444,10 +496,6 @@
cd $ARCHIVE_DIR
- # Remove the temporary directory and files as they are no longer needed.
- rm -rf $TMP_DIR
- rm -f $ERR_LOG_FILE
-
#Only delete the old archive after a successful archive
export LOCAL_DAYS_TO_KEEP=$(echo $LOCAL_DAYS_TO_KEEP | sed 's/"//g')
if [[ "$LOCAL_DAYS_TO_KEEP" -gt 0 ]]; then
@@ -459,6 +507,25 @@
done
fi
+ # Local backup verification process
+
+ # It is expected that this function will verify the database backup files
+ if verify_databases_backup_archives ${SCOPE}; then
+ log INFO "${DB_NAME}_backup_verify" "Databases backup verified successfully. Uploading verified backups to remote location..."
+ else
+ # If successful, there should be at least one file in the TMP_DIR
+ if [[ $(ls $TMP_DIR | wc -w) -eq 0 ]]; then
+ cat $ERR_LOG_FILE
+ fi
+ log_verify_backup_exit "Verify of the ${DB_NAME} database backup failed and needs attention."
+ exit 1
+ fi
+
+ # Remove the temporary directory and files as they are no longer needed.
+ rm -rf $TMP_DIR
+ rm -f $ERR_LOG_FILE
+
+ # Remote backup
REMOTE_BACKUP=$(echo $REMOTE_BACKUP_ENABLED | sed 's/"//g')
if $REMOTE_BACKUP; then
# Remove Quotes from the constants which were added due to reading
@@ -490,7 +557,7 @@
get_backup_prefix $(cat $DB_BACKUP_FILES)
for ((i=0; i<${#PREFIXES[@]}; i++)); do
echo "Working with prefix: ${PREFIXES[i]}"
- create_hash_table $(cat $DB_BACKUP_FILES | grep ${PREFIXES[i]})
+ create_hash_table $(cat ${DB_BACKUP_FILES} | grep ${PREFIXES[i]})
remove_old_remote_archives
done
fi
@@ -511,4 +578,4 @@
echo "=================================================================="
fi
}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/tempest/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/charts/tempest/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index 4cc898d..bc2045e 100644
--- a/charts/tempest/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -42,6 +42,12 @@
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+{{- if $envAll.Values.manifests.secret_registry }}
+{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }}
+imagePullSecrets:
+ - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }}
+{{- end -}}
+{{- end -}}
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock
index aba1c66..08e3e72 100644
--- a/charts/tempest/requirements.lock
+++ b/charts/tempest/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.41
-digest: sha256:2886b76b32f4fc31863aa7dc8de689b95f46afee79e74ed3f38c89559fd93822
-generated: "2022-04-27T22:43:02.53583665Z"
+ version: 0.2.51
+digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
+generated: "2023-01-30T23:09:57.436181816Z"
diff --git a/charts/tempest/templates/configmap-etc.yaml b/charts/tempest/templates/configmap-etc.yaml
index 8e136c9..025a270 100644
--- a/charts/tempest/templates/configmap-etc.yaml
+++ b/charts/tempest/templates/configmap-etc.yaml
@@ -35,6 +35,38 @@
{{- $_ := set .Values.conf.tempest.identity "region" .Values.endpoints.identity.auth.admin.region_name -}}
{{- end -}}
+{{- if .Values.conf.tempest.service_available.heat -}}
+{{- if empty .Values.conf.tempest.heat_plugin.username -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "username" .Values.endpoints.identity.auth.tempest.username -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.password -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "password" .Values.endpoints.identity.auth.tempest.password -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.project_name -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "project_name" .Values.endpoints.identity.auth.tempest.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.admin_username -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "admin_username" .Values.endpoints.identity.auth.admin.username -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.admin_password -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "admin_password" .Values.endpoints.identity.auth.admin.password -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.admin_project_name -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "admin_project_name" .Values.endpoints.identity.auth.admin.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tempest.heat_plugin "auth_url" -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.region -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "region" .Values.endpoints.identity.auth.admin.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.project_domain_name -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "project_domain_name" .Values.endpoints.identity.auth.tempest.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.tempest.heat_plugin.user_domain_name -}}
+{{- $_ := set .Values.conf.tempest.heat_plugin "user_domain_name" .Values.endpoints.identity.auth.tempest.user_domain_name -}}
+{{- end -}}
+{{- end -}}
{{- if empty .Values.conf.tempest.dashboard.dashboard_url -}}
{{- $endpointScheme := tuple "dashboard" "public" "web" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
diff --git a/charts/tempest/templates/job-ks-user.yaml b/charts/tempest/templates/job-ks-user.yaml
index ae8f774..4537d5a 100644
--- a/charts/tempest/templates/job-ks-user.yaml
+++ b/charts/tempest/templates/job-ks-user.yaml
@@ -23,5 +23,8 @@
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
{{- end }}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
+{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
+{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
diff --git a/charts/tempest/templates/job-run-tests.yaml b/charts/tempest/templates/job-run-tests.yaml
index abacad1..fc37523 100644
--- a/charts/tempest/templates/job-run-tests.yaml
+++ b/charts/tempest/templates/job-run-tests.yaml
@@ -61,6 +61,10 @@
command:
- /tmp/run-tests.sh
env:
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/tempest/certs/ca.crt"
+{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
@@ -95,6 +99,7 @@
{{- end }}
- name: tempest-reports
mountPath: /var/lib/tempest/data
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal "path" "/etc/tempest/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -115,4 +120,5 @@
persistentVolumeClaim:
claimName: {{ .Values.pvc.name }}
{{- end }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
diff --git a/charts/tempest/templates/secret-registry.yaml b/charts/tempest/templates/secret-registry.yaml
new file mode 100644
index 0000000..da979b3
--- /dev/null
+++ b/charts/tempest/templates/secret-registry.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}
diff --git a/charts/tempest/values.yaml b/charts/tempest/values.yaml
index 00b5c53..a903143 100644
--- a/charts/tempest/values.yaml
+++ b/charts/tempest/values.yaml
@@ -24,8 +24,8 @@
images:
tags:
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
- tempest_run_tests: docker.io/openstackhelm/tempest:latest-ubuntu_xenial
- ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+ tempest_run_tests: docker.io/openstackhelm/tempest:latest-ubuntu_focal
+ ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
@@ -137,6 +137,23 @@
admin_domain_name: null
use_dynamic_credentials: true
dashboard: {}
+ heat_plugin:
+ # Username to use for non admin API requests
+ username: null
+ # Non admin API key to use when authenticating.
+ password: null
+ project_name: null
+ # Username to use for admin API requests
+ admin_username: null
+ # Admin API key to use when authentication
+ admin_password: null
+ # Admin project name to use for admin API requests
+ admin_project_name: null
+ auth_version: 3
+ auth_url: null
+ user_domain_name: null
+ project_domain_name: null
+ region: null
identity:
admin_domain_scope: false
auth_version: v3
@@ -203,6 +220,7 @@
# tempest image used includes a bug resulting in failed network tests that
# wasn't fixed in newton. Swift is disabled by default as the swift chart
# isn't complete
+ heat: false
neutron: false
nova: false
swift: false
@@ -267,6 +285,13 @@
identity:
admin: tempest-keystone-admin
tempest: tempest-keystone-user
+ oci_image_registry:
+ tempest: tempest-oci-image-registry
+ tls:
+ identity:
+ api:
+ public: keystone-tls-public
+ internal: keystone-tls-api
endpoints:
cluster_domain_suffix: cluster.local
@@ -282,6 +307,21 @@
port:
registry:
node: 5000
+ oci_image_registry:
+ name: oci-image-registry
+ namespace: oci-image-registry
+ auth:
+ enabled: false
+ tempest:
+ username: tempest
+ password: password
+ hosts:
+ default: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ default: null
identity:
name: keystone
auth:
@@ -334,6 +374,8 @@
port:
web:
default: 80
+tls:
+ identity: false
manifests:
configmap_bin: true
@@ -342,4 +384,5 @@
job_ks_user: true
job_run_tests: true
secret_keystone: true
+ secret_registry: true
...