v1.0.0 onwards of jetstack/cert-manager the apiVersion of CRD Issuer
was changed to v1. This patchset add support for earlier version of
cert-manager.
Change-Id: I884c4e8e8c07e30240cd9fb3c125bd2aee6c4ddf
This change updates the releasenotes for all ceph charts to current
changes as of the date of this commit.
Change-Id: I18d08eb00c86c1022fdc2599d88ac5429ad661a6
This change updates the releasenotes for ceph-client to all current
changes as of the date of this commit.
Change-Id: I4e8746f428da383759884fbadacd6a50a847a19b
The wait_for_pgs() function in the rbd pool job waits for all PGs
to become active before proceeding, but in the event of an upgrade
that decreases pg_num values on one or more pools it sees PGs in
the clean+premerge+peered state as peering and waits for "peering"
to complete. Since these PGs are in the process of merging into
active PGs, waiting for the merge to complete is unnecessary. This
change will reduce the wait time in this job significantly in
these cases.
Change-Id: I9a2985855a25cdb98ef6fe011ba473587ea7a4c9
This change updates the releasenotes for ceph-provisioners to all current
changes as of the date of this commit.
Change-Id: I48a0e10fcae8920396658499321dede9ed026eff
This change updates the releasenotes for ceph-rgw to all current
changes as of the date of this commit.
Change-Id: Ibaa817a2178e38f18cb6e16f4e9d65e8ae2e7b0a
This change updates the releasenotes for ceph-osd to all current
changes as of the date of this commit.
Change-Id: Ib2f1ae712d81ccc3d35e334b15ad71b602ebd87f
This change updates the releasenotes for ceph-mon to all current
changes as of the date of this commit.
Change-Id: I9a29ed9b6d8e17de19c6e929f3c673107ebd7912
This change updates the logic in our create-elasticsearch-templates
job to support creation of a variety of different API objects.
Change-Id: I380a55b93e7aabb606e713c21d71a383fef78b3f
This change adds an apache sidecar to the Alertmanager statefulset
in order to facillitate authentication to the service.
Change-Id: I6e3cfb582251ecd280644439bfbd432a1f86ede3
On somewhat rare occasions the openstack service list call fails with
a connection aborted OSError 104 ECONNRESET. During an upgrade this failure
causes the script to think that the service it is checking for does not
exist and therefore it recreates the script. In turn this causes further
issues when other services try to use this duplicate service.
This is a temporary change in order to alliviate the issue while the root
cause is investigated.
[0] https://review.opendev.org/c/openstack/openstack-helm-infra/+/772416
Change-Id: Id0971a95eb54eca9486a9811f7ec6f603a007cbb
We've seen a few cases where the openstack service list is unable
to establish a connection with keystone thus causing the check to fail.
When this happens, an additional service is created unnecessarily.
When the addtional service is created, it tends to cause issues since
there are no endpoints asscociated with the new service.
Allow this check to retry several times.
Change-Id: I5a1985c680e90de71549177ffc3faf848a831bfa
The deal is that all the jobs' scripts include extra arguments
when deploying helm charts, except these ones in the commit.
It would be useful to use override files in these charts.
+ Fix typo in apparmor.yaml for node-exporter
+ Amend apparmor.yaml for openstack-exporter since
those values are already by default in values.yaml
Change-Id: Ibe8b38977216e618dccba7e8443b3cc05a772de5
This PS is to address security best practices concerning running
containers as a non-privileged user and disallowing privilege
escalation.
Change-Id: If4c0e9fe446091ba75d1a9818ffd3a0933285af4
The 'ceph pg dump_stuck' command that looks for PGs that are stuck
inactive doesn't include the 'inactive' keyword, so it also finds
PGs that are active that it believes are stuck. This change adds
the 'inactive' keyword to the command so only inactive PGs are
considered.
Change-Id: Id276deb3e5cb8c7e30f5a55140b8dbba52a33900
With OSH now publishing charts regularly with each change, there
needs to be a way to track these changes in order to track the
changes between chart versions.
This proposed change adds in a reno check job to publish notes
based from the changes to each chart by version as a way to
track and document all the changes that get made to OSH-infra
and published to tarballs.o.o.
Change-Id: I5e6eccc4b34a891078ba816249795b2bf1921a62
This brings the Grafana version up to the current version
and fixes the selenium helm and gate test for the new login
dashboard.
Change-Id: I0b65412f4689c763b3f035055ecbb4ca63c21048
The volume naming convention prefixes logical volume names with
ceph-lv-, ceph-db-, or ceph-wal-. The code that was added recently
to remove orphaned DB and WAL volumes does a string replacement of
"db" or "wal" with "lv" when searching for corresponding data
volumes. This causes DB volumes to get identified incorrectly as
orphans and removed when "db" appears in the PV UUID portion of
the volume name.
Change-Id: I0c9477483b70c9ec844b37a6de10a50c0f2e1df8
This commit introduces the following helm test improvement for the
ceph-client chart:
1) Reworks the pg_validation function so that it allows some time for
peering PGs to finish peering, but fail if any other critical errors are
seen. The actual pg validation was split out into a function called
check_pgs(), and the pg_validation function manages the looping aspects.
2) The check_cluster_status function now calls pv_validation if the
cluster status is not OK. This is very similar to what was happening
before, except now, the logic will not be repeated.
Change-Id: I65906380817441bd2ff9ff9cfbf9586b6fdd2ba7
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Change-Id: I1576f486f30d693c4bc6b15e25c238d8004b4568
This change adds cleanup mechanism to archive by following steps:
1) add archive_cleanup.sh under /tmp directory
2) through the start.sh this script will be triggered
3) It runs every hour, checking utilization of archive dir
4) If it is above threshold it deletes half of old files
Change-Id: I918284b0aa5a698a6028b9807fcbf6559ef0ff45
Found another issue in disk_zap() where a needed update was missed when
https://review.opendev.org/c/openstack/openstack-helm-infra/+/745166
changed the logical volume naming convention.
The above patch set renamed volumes that followed the old convention,
so this logic will never be correct and must be updated.
Also added logic to clean up orphaned DB/WAL volumes if they are
encountered and removed some cases where a data disk is marked as in use
when it isn't set up correctly.
Change-Id: I8deeecfdb69df1f855f287caab8385ee3d6869e0
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* ingress deployment
* openvswitch-vswitchd daemonset
Change-Id: I5964c595210af60d54158e6f7c962d5abe77fc2f
This PS is to address security best practices concerning running
containers as a non-privileged user and disallowing privilege
escalation. Ceph-client is used for the mgr and mds pods.
Change-Id: Idbd87408c17907eaae9c6398fbc942f203b51515
