TLS gates from infra monitoring

Change-Id: If41dae31763abac8c9c65b1650556438a9b6b0df

tools/deployment/common/015-cert-manager.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -eux
+
+./${OSH_PATH}tools/scripts/tls/cert-manager.sh

tools/deployment/osh-infra-logging-tls/000-install-packages.sh

@@ -0,0 +1 @@
+../common/000-install-packages.sh

tools/deployment/osh-infra-logging-tls/005-deploy-k8s.sh

@@ -0,0 +1 @@
+../common/005-deploy-k8s.sh

tools/deployment/osh-infra-logging-tls/010-ingress.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make ingress
+
+#NOTE: Deploy global ingress
+tee /tmp/ingress-kube-system.yaml << EOF
+deployment:
+  mode: cluster
+  type: DaemonSet
+network:
+  host_namespace: true
+EOF
+helm upgrade --install ingress-kube-system ./ingress \
+  --namespace=kube-system \
+  --values=/tmp/ingress-kube-system.yaml
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh kube-system
+
+#NOTE: Display info
+helm status ingress-kube-system
+
+#NOTE: Deploy namespace ingress
+for NAMESPACE in osh-infra ceph; do
+  helm upgrade --install ingress-${NAMESPACE} ./ingress \
+    --namespace=${NAMESPACE} \
+    ${OSH_EXTRA_HELM_ARGS} \
+    ${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
+
+  #NOTE: Wait for deploy
+  ./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
+
+  #NOTE: Display info
+  helm status ingress-${NAMESPACE}
+done

tools/deployment/osh-infra-logging-tls/015-cert-manager.sh

@@ -0,0 +1 @@
+../common/015-cert-manager.sh

tools/deployment/osh-infra-logging-tls/020-ceph.sh

@@ -0,0 +1,227 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+# setup loopback devices for ceph
+./tools/deployment/common/setup-ceph-loopback-device.sh --ceph-osd-data \
+${CEPH_OSD_DATA_DEVICE:=/dev/loop0} --ceph-osd-dbwal ${CEPH_OSD_DB_WAL_DEVICE:=/dev/loop1}
+
+#NOTE: Lint and package chart
+for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
+  make "${CHART}"
+done
+
+#NOTE: Deploy command
+: ${OSH_EXTRA_HELM_ARGS:=""}
+[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
+CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
+#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this
+# should be set to 'hammer'
+. /etc/os-release
+if [ "x${ID}" == "xcentos" ] || \
+   ([ "x${ID}" == "xubuntu" ] && \
+   dpkg --compare-versions "$(uname -r)" "lt" "4.5"); then
+  CRUSH_TUNABLES=hammer
+else
+  CRUSH_TUNABLES=null
+fi
+tee /tmp/ceph.yaml <<EOF
+endpoints:
+  ceph_mon:
+    namespace: ceph
+    port:
+      mon:
+        default: 6789
+  ceph_mgr:
+    namespace: ceph
+    port:
+      mgr:
+        default: 7000
+      metrics:
+        default: 9283
+network:
+  public: 172.17.0.1/16
+  cluster: 172.17.0.1/16
+  port:
+    mon: 6789
+    rgw: 8088
+    mgr: 7000
+deployment:
+  storage_secrets: true
+  ceph: true
+  rbd_provisioner: true
+  cephfs_provisioner: true
+  client_secrets: false
+  rgw_keystone_user_and_endpoints: false
+bootstrap:
+  enabled: true
+conf:
+  rgw_ks:
+    enabled: false
+  ceph:
+    global:
+      fsid: ${CEPH_FS_ID}
+      mon_addr: :6789
+      osd_pool_default_size: 1
+    osd:
+      osd_crush_chooseleaf_type: 0
+  pool:
+    crush:
+      tunables: ${CRUSH_TUNABLES}
+    target:
+      osd: 1
+      pg_per_osd: 100
+    default:
+      crush_rule: same_host
+    spec:
+      # Health metrics pool
+      - name: device_health_metrics
+        application: mgr_devicehealth
+        replication: 1
+        percent_total_data: 5
+      # RBD pool
+      - name: rbd
+        application: rbd
+        replication: 1
+        percent_total_data: 40
+      # CephFS pools
+      - name: cephfs_metadata
+        application: cephfs
+        replication: 1
+        percent_total_data: 5
+      - name: cephfs_data
+        application: cephfs
+        replication: 1
+        percent_total_data: 10
+      # RadosGW pools
+      - name: .rgw.root
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.control
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.data.root
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.gc
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.log
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.intent-log
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.meta
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.usage
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.users.keys
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.users.email
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.users.swift
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.users.uid
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.buckets.extra
+        application: rgw
+        replication: 1
+        percent_total_data: 0.1
+      - name: default.rgw.buckets.index
+        application: rgw
+        replication: 1
+        percent_total_data: 3
+      - name: default.rgw.buckets.data
+        application: rgw
+        replication: 1
+        percent_total_data: 29
+  storage:
+    osd:
+      - data:
+          type: bluestore
+          location: ${CEPH_OSD_DATA_DEVICE}
+        block_db:
+          location: ${CEPH_OSD_DB_WAL_DEVICE}
+          size: "5GB"
+        block_wal:
+          location: ${CEPH_OSD_DB_WAL_DEVICE}
+          size: "2GB"
+
+pod:
+  replicas:
+    mds: 1
+    mgr: 1
+    rgw: 1
+jobs:
+  ceph_defragosds:
+    # Execute every 15 minutes for gates
+    cron: "*/15 * * * *"
+    history:
+      # Number of successful job to keep
+      successJob: 1
+      # Number of failed job to keep
+      failJob: 1
+    concurrency:
+      # Skip new job if previous job still active
+      execPolicy: Forbid
+    startingDeadlineSecs: 60
+manifests:
+  job_bootstrap: false
+EOF
+
+for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
+  helm upgrade --install ${CHART} ./${CHART} \
+    --namespace=ceph \
+    --values=/tmp/ceph.yaml \
+    ${OSH_INFRA_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_DEPLOY:-$(./tools/deployment/common/get-values-overrides.sh ${CHART})}
+
+  #NOTE: Wait for deploy
+  ./tools/deployment/common/wait-for-pods.sh ceph
+
+  #NOTE: Validate deploy
+  MON_POD=$(kubectl get pods \
+    --namespace=ceph \
+    --selector="application=ceph" \
+    --selector="component=mon" \
+    --no-headers | awk '{ print $1; exit }')
+  kubectl exec -n ceph ${MON_POD} -- ceph -s
+done
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=ceph-osd,release_group=ceph-osd,component=test --namespace=ceph --ignore-not-found
+helm test ceph-osd --timeout 900
+# Delete the test pod if it still exists
+kubectl delete pods -l application=ceph-client,release_group=ceph-client,component=test --namespace=ceph --ignore-not-found
+helm test ceph-client --timeout 900

tools/deployment/osh-infra-logging-tls/025-ceph-ns-activate.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make ceph-provisioners
+
+#NOTE: Deploy command
+: ${OSH_EXTRA_HELM_ARGS:=""}
+tee /tmp/ceph-osh-infra-config.yaml <<EOF
+endpoints:
+  ceph_mon:
+    namespace: ceph
+network:
+  public: 172.17.0.1/16
+  cluster: 172.17.0.1/16
+deployment:
+  storage_secrets: false
+  ceph: false
+  rbd_provisioner: false
+  cephfs_provisioner: false
+  client_secrets: true
+  rgw_keystone_user_and_endpoints: false
+bootstrap:
+  enabled: false
+conf:
+  rgw_ks:
+    enabled: false
+EOF
+
+: ${OSH_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
+
+helm upgrade --install ceph-osh-infra-config ./ceph-provisioners \
+  --namespace=osh-infra \
+  --values=/tmp/ceph-osh-infra-config.yaml \
+  ${OSH_EXTRA_HELM_ARGS} \
+  ${OSH_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=ceph,release_group=ceph-osh-infra-config,component=provisioner-test --namespace=osh-infra --ignore-not-found
+helm test ceph-osh-infra-config --timeout 600
+
+#NOTE: Validate Deployment info
+kubectl get -n osh-infra jobs
+kubectl get -n osh-infra secrets
+kubectl get -n osh-infra configmaps

tools/deployment/osh-infra-logging-tls/030-radosgw-osh-infra.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make ceph-rgw
+
+: ${OSH_EXTRA_HELM_ARGS_CEPH_RGW:="$(./tools/deployment/common/get-values-overrides.sh ceph-rgw)"}
+
+#NOTE: Deploy command
+: ${OSH_EXTRA_HELM_ARGS:=""}
+tee /tmp/radosgw-osh-infra.yaml <<EOF
+endpoints:
+  ceph_object_store:
+    namespace: osh-infra
+  ceph_mon:
+    namespace: ceph
+network:
+  public: 172.17.0.1/16
+  cluster: 172.17.0.1/16
+deployment:
+  storage_secrets: false
+  ceph: true
+  rbd_provisioner: false
+  cephfs_provisioner: false
+  client_secrets: false
+  rgw_keystone_user_and_endpoints: false
+bootstrap:
+  enabled: true
+conf:
+  rgw_ks:
+    enabled: false
+  rgw_s3:
+    enabled: true
+pod:
+  replicas:
+    rgw: 1
+manifests:
+  job_bootstrap: true
+EOF
+
+helm upgrade --install radosgw-osh-infra ./ceph-rgw \
+  --namespace=osh-infra \
+  --values=/tmp/radosgw-osh-infra.yaml \
+  ${OSH_EXTRA_HELM_ARGS} \
+  ${OSH_EXTRA_HELM_ARGS_CEPH_RGW}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status radosgw-osh-infra
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=ceph,release_group=radosgw-osh-infra,component=rgw-test --namespace=osh-infra --ignore-not-found
+#NOTE: Test Deployment
+helm test radosgw-osh-infra --timeout 900

tools/deployment/osh-infra-logging-tls/040-ldap.sh

@@ -0,0 +1 @@
+../common/040-ldap.sh

tools/deployment/osh-infra-logging-tls/050-elasticsearch.sh

@@ -0,0 +1,122 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make elasticsearch
+
+#NOTE: Deploy command
+tee /tmp/elasticsearch.yaml << EOF
+jobs:
+  verify_repositories:
+    cron: "*/3 * * * *"
+  curator:
+    cron: "*/10 * * * *"
+monitoring:
+  prometheus:
+    enabled: true
+pod:
+  replicas:
+    client: 1
+    data: 1
+    master: 2
+conf:
+  elasticsearch:
+    snapshots:
+      enabled: true
+  curator:
+    action_file:
+      actions:
+        1:
+          action: delete_indices
+          description: >-
+            "Delete indices older than 365 days"
+          options:
+            timeout_override:
+            continue_if_exception: False
+            ignore_empty_list: True
+            disable_action: False
+          filters:
+          - filtertype: pattern
+            kind: prefix
+            value: logstash-
+          - filtertype: age
+            source: name
+            direction: older
+            timestring: '%Y.%m.%d'
+            unit: days
+            unit_count: 365
+        2:
+          action: snapshot
+          description: >-
+            "Snapshot all indices older than 365 days"
+          options:
+            repository: logstash_snapshots
+            name: "snapshot-%Y-.%m.%d"
+            wait_for_completion: True
+            max_wait: 36000
+            wait_interval: 30
+            ignore_empty_list: True
+            continue_if_exception: False
+            disable_action: False
+          filters:
+          - filtertype: age
+            source: name
+            direction: older
+            timestring: '%Y.%m.%d'
+            unit: days
+            unit_count: 365
+        3:
+          action: delete_snapshots
+          description: >-
+            "Delete index snapshots older than 365 days"
+          options:
+            repository: logstash_snapshots
+            timeout_override: 1200
+            retry_interval: 120
+            retry_count: 5
+            ignore_empty_list: True
+            continue_if_exception: False
+            disable_action: False
+          filters:
+          - filtertype: pattern
+            kind: prefix
+            value: snapshot-
+          - filtertype: age
+            source: name
+            direction: older
+            timestring: '%Y.%m.%d'
+            unit: days
+            unit_count: 365
+
+EOF
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_ELASTICSEARCH:="$(./tools/deployment/common/get-values-overrides.sh elasticsearch)"}
+
+helm upgrade --install elasticsearch ./elasticsearch \
+  --namespace=osh-infra \
+  --values=/tmp/elasticsearch.yaml\
+  ${OSH_INFRA_EXTRA_HELM_ARGS} \
+  ${OSH_INFRA_EXTRA_HELM_ARGS_ELASTICSEARCH}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status elasticsearch
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=elasticsearch,release_group=elasticsearch,component=test --namespace=osh-infra --ignore-not-found
+helm test elasticsearch

tools/deployment/osh-infra-logging-tls/060-fluentd.sh

@@ -0,0 +1 @@
+../common/fluentd.sh

tools/deployment/osh-infra-logging-tls/070-kibana.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make kibana
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA:="$(./tools/deployment/common/get-values-overrides.sh kibana)"}
+
+#NOTE: Deploy command
+: ${OSH_EXTRA_HELM_ARGS:=""}
+helm upgrade --install kibana ./kibana \
+  --namespace=osh-infra \
+  ${OSH_INFRA_EXTRA_HELM_ARGS} \
+  ${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status kibana

tools/deployment/osh-infra-logging-tls/600-kibana-selenium.sh

@@ -0,0 +1 @@
+../common/kibana-selenium.sh

tools/deployment/osh-infra-monitoring-tls/000-install-packages.sh

@@ -0,0 +1 @@
+../common/000-install-packages.sh

tools/deployment/osh-infra-monitoring-tls/005-deploy-k8s.sh

@@ -0,0 +1 @@
+../common/005-deploy-k8s.sh

tools/deployment/osh-infra-monitoring-tls/015-cert-manager.sh

@@ -0,0 +1 @@
+../common/015-cert-manager.sh

tools/deployment/osh-infra-monitoring-tls/020-ingress.sh

@@ -0,0 +1 @@
+../common/020-ingress.sh

tools/deployment/osh-infra-monitoring-tls/030-nfs-provisioner.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+make nfs-provisioner
+
+#NOTE: Deploy nfs instance for logging, monitoring and alerting components
+tee /tmp/nfs-provisioner.yaml << EOF
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+storageclass:
+  name: general
+EOF
+helm upgrade --install nfs-provisioner \
+    ./nfs-provisioner --namespace=nfs \
+    --values=/tmp/nfs-provisioner.yaml
+
+#NOTE: Wait for deployment
+./tools/deployment/common/wait-for-pods.sh nfs
+
+#NOTE: Validate Deployment info
+helm status nfs-provisioner

tools/deployment/osh-infra-monitoring-tls/040-ldap.sh

@@ -0,0 +1 @@
+../common/040-ldap.sh

tools/deployment/osh-infra-monitoring-tls/045-mariadb.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make mariadb
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
+
+#NOTE: Deploy command
+: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
+
+helm upgrade --install mariadb ./mariadb \
+    --namespace=osh-infra \
+    --set monitoring.prometheus.enabled=true \
+    --set pod.replicas.server=1 \
+    ${OSH_INFRA_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status mariadb
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=mariadb,release_group=mariadb,component=test --namespace=osh-infra --ignore-not-found
+#NOTE: Validate the deployment
+helm test mariadb

tools/deployment/osh-infra-monitoring-tls/050-prometheus.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus
+
+FEATURE_GATES="alertmanager,ceph,elasticsearch,kubernetes,nodes,openstack,postgresql,tls,apparmor"
+: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS:="$({ ./tools/deployment/common/get-values-overrides.sh prometheus;} 2> /dev/null)"}
+
+#NOTE: Deploy command
+helm upgrade --install prometheus ./prometheus \
+    --namespace=osh-infra \
+    ${OSH_INFRA_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status prometheus
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=prometheus,release_group=prometheus,component=test --namespace=osh-infra --ignore-not-found
+helm test prometheus

tools/deployment/osh-infra-monitoring-tls/060-alertmanager.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-alertmanager
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_ALERTMANAGER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-alertmanager)"}
+
+#NOTE: Deploy command
+: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
+
+#NOTE: Deploy command
+helm upgrade --install prometheus-alertmanager ./prometheus-alertmanager \
+    --namespace=osh-infra \
+    --set pod.replicas.alertmanager=1 \
+    ${OSH_INFRA_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_ALERTMANAGER}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status prometheus-alertmanager

tools/deployment/osh-infra-monitoring-tls/070-kube-state-metrics.sh

@@ -0,0 +1 @@
+../common/070-kube-state-metrics.sh

tools/deployment/osh-infra-monitoring-tls/075-node-problem-detector.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make kubernetes-node-problem-detector
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_PROBLEM_DETECTOR:="$(./tools/deployment/common/get-values-overrides.sh kubernetes-node-problem-detector)"}
+
+#NOTE: Deploy command
+tee /tmp/kubernetes-node-problem-detector.yaml << EOF
+monitoring:
+  prometheus:
+    pod:
+      enabled: false
+    service:
+      enabled: true
+manifests:
+  service: true
+EOF
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
+
+helm upgrade --install kubernetes-node-problem-detector \
+    ./kubernetes-node-problem-detector --namespace=kube-system \
+    --values=/tmp/kubernetes-node-problem-detector.yaml \
+    ${OSH_INFRA_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_PROBLEM_DETECTOR}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh kube-system
+
+#NOTE: Validate Deployment info
+helm status kubernetes-node-problem-detector

tools/deployment/osh-infra-monitoring-tls/080-node-exporter.sh

@@ -0,0 +1 @@
+../common/080-node-exporter.sh

tools/deployment/osh-infra-monitoring-tls/090-process-exporter.sh

@@ -0,0 +1 @@
+../common/090-process-exporter.sh

tools/deployment/osh-infra-monitoring-tls/100-openstack-exporter.sh

@@ -0,0 +1 @@
+../common/openstack-exporter.sh

tools/deployment/osh-infra-monitoring-tls/105-blackbox-exporter.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-blackbox-exporter
+
+#NOTE: Deploy command
+: ${OSH_INFRA_EXTRA_HELM_ARGS_BLACKBOX_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-blackbox-exporter)"}
+
+#NOTE: Deploy command
+helm upgrade --install prometheus-blackbox-exporter \
+    ./prometheus-blackbox-exporter --namespace=osh-infra \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_BLACKBOX_EXPORTER}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status prometheus-blackbox-exporter

tools/deployment/osh-infra-monitoring-tls/110-grafana.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make grafana
+
+FEATURE_GATES="calico,ceph,containers,coredns,elasticsearch,kubernetes,nginx,nodes,openstack,prometheus,home_dashboard,persistentvolume,tls,apparmor"
+: ${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA:="$({ ./tools/deployment/common/get-values-overrides.sh grafana;} 2> /dev/null)"}
+
+#NOTE: Deploy command
+helm upgrade --install grafana ./grafana \
+  --namespace=osh-infra \
+  ${OSH_INFRA_EXTRA_HELM_ARGS} \
+  ${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status grafana
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=grafana,release_group=grafana,component=test --namespace=osh-infra --ignore-not-found
+helm test grafana

tools/deployment/osh-infra-monitoring-tls/120-nagios.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make nagios
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_NAGIOS:="$(./tools/deployment/common/get-values-overrides.sh nagios)"}
+
+#NOTE: Deploy command
+helm upgrade --install nagios ./nagios \
+  --namespace=osh-infra \
+  ${OSH_INFRA_EXTRA_HELM_ARGS} \
+  ${OSH_INFRA_EXTRA_HELM_ARGS_NAGIOS}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status nagios
+
+# Delete the test pod if it still exists
+kubectl delete pods -l application=nagios,release_group=nagios,component=test --namespace=osh-infra --ignore-not-found
+helm test nagios

tools/deployment/osh-infra-monitoring-tls/170-postgresql.sh

@@ -0,0 +1 @@
+../common/postgresql.sh

tools/deployment/osh-infra-monitoring-tls/600-grafana-selenium.sh

@@ -0,0 +1 @@
+../common/grafana-selenium.sh

tools/deployment/osh-infra-monitoring-tls/610-prometheus-selenium.sh

@@ -0,0 +1 @@
+../common/prometheus-selenium.sh

tools/deployment/osh-infra-monitoring-tls/620-nagios-selenium.sh

@@ -0,0 +1 @@
+../common/nagios-selenium.sh

zuul.d/jobs.yaml

@@ -653,4 +653,70 @@
         - ./tools/deployment/openstack-support/090-keystone.sh
         - ./tools/deployment/openstack-support/110-openstack-exporter.sh
         - ./tools/deployment/apparmor/140-ceph-radosgateway.sh
+
+- job:
+    name: openstack-helm-infra-aio-monitoring-tls
+    parent: openstack-helm-infra-functional
+    timeout: 7200
+    pre-run:
+      - playbooks/osh-infra-upgrade-host.yaml
+      - playbooks/osh-infra-deploy-selenium.yaml
+    post-run: playbooks/osh-infra-collect-logs.yaml
+    nodeset: openstack-helm-single-node
+    required-projects:
+      - openstack/openstack-helm
+    vars:
+      osh_params:
+        feature_gates: tls
+      gate_scripts_relative_path: ../openstack-helm-infra
+      gate_scripts:
+        - ./tools/deployment/osh-infra-monitoring-tls/000-install-packages.sh
+        - ./tools/deployment/osh-infra-monitoring-tls/005-deploy-k8s.sh
+        - ./tools/deployment/osh-infra-monitoring-tls/015-cert-manager.sh
+        - - ./tools/deployment/osh-infra-monitoring-tls/020-ingress.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/030-nfs-provisioner.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/040-ldap.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/045-mariadb.sh
+        - - ./tools/deployment/osh-infra-monitoring-tls/050-prometheus.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/060-alertmanager.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/070-kube-state-metrics.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/075-node-problem-detector.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/080-node-exporter.sh
+        - - ./tools/deployment/osh-infra-monitoring-tls/090-process-exporter.sh
+          # - ./tools/deployment/osh-infra-monitoring-tls/100-openstack-exporter.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/105-blackbox-exporter.sh
+        - - ./tools/deployment/osh-infra-monitoring-tls/110-grafana.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/120-nagios.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/170-postgresql.sh
+          - ./tools/deployment/osh-infra-monitoring-tls/600-grafana-selenium.sh || true
+          - ./tools/deployment/osh-infra-monitoring-tls/610-prometheus-selenium.sh || true
+          - ./tools/deployment/osh-infra-monitoring-tls/620-nagios-selenium.sh || true
+- job:
+    name: openstack-helm-infra-aio-logging-tls
+    parent: openstack-helm-infra-functional
+    timeout: 7200
+    pre-run:
+      - playbooks/osh-infra-upgrade-host.yaml
+      - playbooks/osh-infra-deploy-selenium.yaml
+    post-run: playbooks/osh-infra-collect-logs.yaml
+    nodeset: openstack-helm-single-node
+    required-projects:
+      - openstack/openstack-helm
+    vars:
+      osh_params:
+        feature_gates: tls
+      gate_scripts_relative_path: ../openstack-helm-infra
+      gate_scripts:
+        - ./tools/deployment/osh-infra-logging-tls/000-install-packages.sh
+        - ./tools/deployment/osh-infra-logging-tls/005-deploy-k8s.sh
+        - ./tools/deployment/osh-infra-logging-tls/015-cert-manager.sh
+        - - ./tools/deployment/osh-infra-logging-tls/010-ingress.sh
+          - ./tools/deployment/osh-infra-logging-tls/020-ceph.sh
+        - - ./tools/deployment/osh-infra-logging-tls/025-ceph-ns-activate.sh
+          - ./tools/deployment/osh-infra-logging-tls/030-radosgw-osh-infra.sh
+          - ./tools/deployment/osh-infra-logging-tls/040-ldap.sh
+          - ./tools/deployment/osh-infra-logging-tls/050-elasticsearch.sh
+        - - ./tools/deployment/osh-infra-logging-tls/060-fluentd.sh
+          - ./tools/deployment/osh-infra-logging-tls/070-kibana.sh
+        - ./tools/deployment/osh-infra-logging-tls/600-kibana-selenium.sh || true
 ...

zuul.d/project.yaml

@@ -73,4 +73,6 @@
         - openstack-helm-infra-aio-logging-apparmor
         - openstack-helm-infra-openstack-support-apparmor
         - openstack-helm-infra-metacontroller
+        - openstack-helm-infra-aio-monitoring-tls
+        - openstack-helm-infra-aio-logging-tls
 ...