This patchset will add the capability to configure the
Ceph RBD pool job to leave failed pods behind for debugging
purposes, if it is desired. Default is to not leave them
behind, which is the current behavior.
Change-Id: Ife63b73f89996d59b75ec617129818068b060d1c
As new ceph clients expecting the ceph_mon config as shown below , this
ps will update the configmap.
mon_host = [v1:172.29.1.139:6789/0,v2:172.29.1.139:3300/0],
[v1:172.29.1.140:6789/0,v2:172.29.1.140:3300/0],
[v1:172.29.1.145:6789/0,v2:172.29.1.145:3300/0]
Change-Id: I6b96bf5bd4fb29bf1e004fc2ce8514979da706ed
Directory-based OSDs are failing to deploy because 'python' has
been replaced with 'python3' in the image. This change updates the
python commands to use python3 instead.
There is also a dependency on forego, which has been removed from
the image. This change also modifies the deployment so that it
doesn't depend on forego.
Ownership of the OSD keyring file has also been changed so that it
is owned by the 'ceph' user, and the ceph-osd process now uses
--setuser and --setgroup to run as the same user.
Change-Id: If825df283bca0b9f54406084ac4b8f958a69eab7
This ps adds the lookback duration of 5m to the systemd-monitor to avoid
looking back indefinitely in journal log and causing the alert to stick around.
Change-Id: Ia32f043c0c7484d0bb92cfc4b68b506eae8e9d72
v1.2.0 of cert-manager noew supports overriding the default value
of ingress certificate expiry via annotations. This PS add the
required annotation.
Change-Id: Ic81e47f24d4e488eb4fc09688c36a6cea324e9e2
For security reasons, strict access permission is given to
the mariadb data directory /var/lib/mysql
Change-Id: I9e55a7e564d66874a35a54a72817fa1237a162e9
This patch resolves a helm test problem where the test was failing
if it found a PG state of "activating". It could also potentially
find a number of other states, like premerge or unknown, that
could also fail the test. Note that if these transient PG states are
found for more than 3 minutes, the helm test fails.
Change-Id: I071bcfedf7e4079e085c2f72d2fbab3adc0b027c
Since chart v0.1.3 SLM policies have been supported, but we still
run curator in the gate, and its manifest toggles still default to
true
Change-Id: I5d8a29ae78fa4f93cb71bdf6c7d1ab3254c31325
This removes the functionality to perform envsubst in the feature
gate script to prevent users with specific env set running into
unexpected error. This feature will be re-visited in the future to
be made more robust.
Signed-off-by: Tin Lam <tin@irrational.io>
Change-Id: I6dcfd4dad138573294a9222e4e7af80c9bff4ac0
This patchset enables TLS path between Prometheus and Grafana.
Grafana pull data from Prometheus. As such, Prometheus is the
server and Grafana is the client for TLS handshake.
Change-Id: I50cb6f59472155415cff16a81ebaebd192064d65
This patchset enabled TLS path for Prometheus when it acts as
a server. Note that TLS is not directly terminated at Prometheus.
TLS is terminated at apache proxy which in turn route request
to Prometheus.
Change-Id: I0db366b6237a34da2e9a31345d96ae8f63815fa2
The flag storage.tsdb.retention is deprecated and generates warnings
on startup storage.tsdb.retention.time is the new flag.
storage.tsdb.wal-compression is now set as the default in v2.20
and above and is no longer needed
Change-Id: I66f861a354a3cdde69a712ca5fd8a1d1a1eca60a
Environment variable MYSQL_HISTFILE is added to mariadb container
to disable storing client mysql history to ~/.mysql_history file.
Change-Id: Ie95bc1f830fbf34d30c73de07513299115d8e8c5
When autoscaling is disabled after pools are created, there is an
opportunity for some autoscaling to take place before autoscaling
is disabled. This change checks to see if autoscaling needs to be
disabled before creating pools, then checks to see if it needs to
be enabled after creating pools. This ensures that autoscaling
won't happen when autoscaler is disabled and autoscaling won't
start prematurely as pools are being created when it is enabled.
Change-Id: I8803b799b51735ecd3a4878d62be45ec50bbbe19
fsGroup is not supported inside the container securityContext,
only inside the pod. This drops a configuration that is not
valid and makes things deployable.
Change-Id: I956a1de107768c3fadc704722db83eb661cd25d2
The autoscaler was introduced in the Nautilus release. This
change only sets the pg_num value for a pool if the autoscaler
is disabled or the Ceph release is earlier than Nautilus.
When pools are created with the autoscaler enabled, a pg_num_min
value specifies the minimum value of pg_num that the autoscaler
will target. That default was recently changed from 8 to 32
which severely limits the number of pools in a small cluster per
https://github.com/rook/rook/issues/5091. This change overrides
the default pg_num_min value of 32 with a value of 8 (matching
the default pg_num value of 8) using the optional --pg-num-min
<value> argument at pool creation and pg_num_min value for
existing pools.
Change-Id: Ie08fb367ec8b1803fcc6e8cd22dc8da43c90e5c4
Challenge:
Now remote_ks_admin and remote_rgw_user are using for user labels
of backup target openstack cloud.
When the backup user doesn't exist and we can enable job_ks_user
manifest.
But job_ks_user uses .Vaules.secrets.identity.admin and mariadb,
while secret-rgw and cron-job-backup-mariadb use .Values.secrets.
identity.remote_ks_admin and remote_rgw_user.
It requires to use same values for admin and remote_ks_admin,
and for mariadb and remote_rgw_user.
Seems it isbreaking values consistency.
Suggestion:
Now providing 2 kinds of backup - pvc and swift.
"remote_" means the swift backup.
In fact, mariadb chart has no case to access to keystone except
swift backup. So we can remove remote_xx_* prefix and there is
no confusion.
Change-Id: Ib82120611659bd36bae35f2e90054642fb8ee31f
- Uplifts the image to nginx 0.42.0 to address CVEs
- Updates nginx.tmpl accordingly for nginx 0.42.0
- Adds CLusterRole and labels needed for nginx 0.42.0
- Updates release notes for mariadb
Change-Id: Ie4e2a66873bc130c547ff8f30d8e1b2ee9a62186
This change removes the ignore-errors parameter for the
linter in order to enforce release note updates per chart
change.
Change-Id: I15f538be3c4ad253d5c4f64c21c0b1df10e7e5d2
This patchset updates grafana chart manifests to enable TLS with
osh-infra mariadb. TLS for osh-infra mariadb is completed as part
of TLS phase 1, no additional mariadb chart work is required to
work with this patch.
Change-Id: Ic01e7c012ab2167d59b2117eb985386666f2bb2a
