This updates the ceph-mon chart to include the pod
security context on the pod template
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I4c9e292eaf3d76ee80f50553d1cbc8cdc6f57cac
Zuul updated ansible to 2.9 and broke one of the playbooks
that had the old sudo keyword, which is no longer valid in 2.9.
This change updates the offending file to use "become" instead,
which is the valid keyword instead of sudo.
Change-Id: I2057de7470d65a60c4c984cb99d0715c9d43b3a8
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
This change optimizes the creation of symlinks in udev_settle by
only looking at the disks related to the OSD being
deployed/started and skipping the ln command for existing symlinks.
A second "udevadm settle" command is also added after the creation
of the symlinks in order to allow any logical volumes related to
new symlinks to become established.
Change-Id: I3283021fd80c8a05f0aa0c9917bb7ba0ea144303
This change defines the 32GB node option to be used in rare cases
when a particular check requires more resources than a normal
run can provide.
Change-Id: I9ff79f98a0f1874411c0df19cb07b5473d82992a
Using a subset of the characters in the hostname to determine the
failure domain is not always possible, and using overrides based on
hostnames is in some ways overkill.
This change provides a simple way to map hostnames to failure domains.
It is used only when 'failure_domain' is set other than 'host', and when
'failure_domain_by_hostname' is 'false'. Any hosts not referenced in the
map will be given the default treatment (root=default host=hostname)
Example usage:
conf:
storage:
failure_domain: rack
failure_domain_by_hostname_map:
hostfoo: rack1
hostbar: rack1
hostbaz: rack2
hostqux: rack2
Change-Id: Ia98fec8c623486f80054877e40e0753e4b939e8e
This patchset adds a secret containing the backup/restore configuration
for Postgresql, in case it is needed for invoking a backup/restore
operation from a different application or from a different namespace
(like from a utility container). Default is to not produce the secret.
Change-Id: I273fe169e7ee533c3fe04ad33c97af64b29bc16f
The flush-kibana-metadata job was causing issue in loading the kibana
dashboard due to conflict in order this is run. Adding dependencies to avoid
running jobs simultaneously.
Change-Id: If5a2564a8b6a16fb0dbd6a93f2e6e02d91f394dc
Adding the capability to retrieve a list of tables, list of rows,
and the table schema information from a given database backup
archive file, for the purpose of manual database table/row
restoration and also for just viewing.
This is added to the HTK _restore_main.sh.tpl and is integrated
into the Postgresql restore script (Mariadb will be done later).
Change-Id: I729ecf7a720f1847a431de7e149cec6841ec67b8
This change adds the ability to configure the
--collector.filesystem.ignored-mount-points
parameter, which is useful in events where a subdirectory
cannot be statfs'd by a non-root user.
Change-Id: Ie2be8c496aa676e9a3fee5434e0c194615f9cdab
See: https://github.com/prometheus/node_exporter/issues/703
This patch set adds in a manifest method in helm toolkit to generate
certificates and places them into a secret.
Change-Id: I50300afb0fc0ab92169ad9dd9ba66a56454fbc46
Signed-off-by: Tin Lam <tin@irrational.io>
This places in a chart that a CA issuer using [0].
[0] https://cert-manager.io/
Change-Id: I0825b50cc0fcfc510f5db00bf85a01dee388141e
Signed-off-by: Tin Lam <tin@irrational.io>
Mariadb is using utf8_general_ci as the default collation:
- https://mariadb.com/kb/en/mariadb/supported-character-sets-and-collations/
Currently utf8_unicode_ci is used for collation server, but when
enabled panko and run "openstack event list", we will see
"pymysql.err.InternalError". This issue can be fixed when using
utf8_general_ci.
Related issue is here:
https://bugs.launchpad.net/starlingx/+bug/1880948
Change-Id: I24005ec4ae1ffe20c2436ba63471ea8fc1315b86
Signed-off-by: chenyan <yan.chen@intel.com>
Use nginx-ingress-controller:0.32.0 and change user to 101
intead of 33 which is suported by this image.
Change-Id: I38679e350ec352f13074055b7e08b98df1090fbf
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I7a7bf796d3f25e4dd3d1709850729d29497d355e
This updates to use TOX_CONSTRAINTS_FILE instead of
UPPER_CONSTRAINTS_FILE since the latter is obsolete.
Change-Id: Ib31adb98e822b1b57acd8fd2f3f338e6cfe24c23
Signed-off-by: Tin Lam <tin@irrational.io>
By default erlang VM determines a number of scheduler threads equal to a
number of CPU cores it detects [0]. Running rabbitmq in container makes
Erlang VM to think it has all host CPU power, making extra scheduler
threads competing for CPU time and, depending on a difference between
a number host CPU cores and container limits, causing CPU throttling even
while idle.
This commit limits a number of schedulers to a value actually available
to container via k8s resource limits (min 1) emulating the default
behavior.
[0] https://www.rabbitmq.com/runtime.html#scheduling
Change-Id: If36f63173de4c8035daf7aac4014c027c579b58f
