This enables ability to continuously update and test an image with
osh-infra gate and periodic pipeline.
Change-Id: I34ad5f8033038216129955b049d3ed09dfc0c140
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This PS fixes the CRD spec validation errors seen in k8s 1.18.6,
the errors were not seen in the previous k8s version.
Change-Id: Iec1381eca2a21268d40827dbce105899b8d129b3
This commit ensures the below mariadb settings with reference to [0]:
- 'local_infile' Is Disabled
- 'have_symlink' Is Disabled
- 'secure_file_priv' Is Not Empty
- 'sql_mode' Contains 'STRICT_ALL_TABLES'
[0] https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/general-security-issues.html
Change-Id: I701b9bc2bdfb91d67aef91e88f953a09ac72d8be
This PS fixes a problem with the main backup script in the helm-toolkit,
which tries to create a swift container using the SWIFT_URL. The problem
is that the SWIFT_URL is malformed because the call to openstack get
catalog list has a different format in Train than it did in Stein. So a
solution that works for both Train and Stein is needed. This patch will
use openstack catalog show instead and will extract the public URL from
that output.
Change-Id: Ic326b0b4717951525e6b17ab015577f28e1d321a
Switch from using images from defined in docker_images to provided as
zuul artifacts. Currently to be used in conjunction with [0] in
openstack-helm-images pipelines.
[0] https://review.opendev.org/741551
Change-Id: I43dbd38906e8854c87a361f2e5e479f57850252f
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Motivation: libvirt 127.0.0.1 listen is terrible for live migration.
To resolve that, we can use 0.0.0.0 but it is not secure so tried
to realize SSL.
Once create secrets for cacert, client&server cert and keys then it will
mounted on libvirt daemonset.
It means all instances use the same key and cert. This is not ideal
but can be considered as the first stage.
Change-Id: Ic3407e484039afaf98495e0f6028254c4c2a0a78
The existing helm-toolkit function "helm-toolkit.manifests.ingress"
will create namespace-fqdn and cluster-fqdn Ingress objects when the
host_fqdn_override parameter is used, but only for a single hostname.
This change allows additional FQDNs to be associated with the same
Ingress, including the names defined in the list:
endpoints.$service.host_fqdn_override.$endpoint.tls.dnsNames
For example:
endpoints:
grafana:
host_fqdn_override:
public:
host: grafana.openstackhelm.example
tls:
dnsNames:
- grafana-alt.openstackhelm.example
Will produce the following:
spec:
tls:
- secretName: grafana-tls-public
hosts:
- grafana.openstackhelm.example
- grafana-alt.openstackhelm.example
rules:
- host: grafana.openstackhelm.example
http:
# ...
- host: grafana-alt.openstackhelm.example
http:
# ...
Change-Id: I9b068f10d25923bf61220112da98d6fbfdf7ef8a
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
The default value of the kubernetes keystone authorization webhook is
grossly outdated (v0.2). This patch set brings the default up to the
latest of this patch set (v1.19).
Change-Id: Idbf8d027ad6d5f4fb8bdedaf3047c06c66eef27d
Signed-off-by: Tin Lam <tin@irrational.io>
The task was missed which was causing the post pipeline to fail, this
patch should fix it by adding the missing task.
Change-Id: I13955b1c9ac3899325f7397da6bf5379b3991241
This corrects an issue in the create_pool function with checking
if the pg autoscaler should be enabled.
Change-Id: Id9be162fd59cc452477f5cc5c5698de7ae5bb141
This patchset adds a libvirt secret for the Cinder uuid of external
ceph backend when Cinder externally managed ceph backend is
enabled.
Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
At the moment, we are using --all which means run the linting on all of
the charts. However, the problem with using --all is that it disables
version checking which means we can't enforce version changes on Helm
charts.
This patch drops it which means the chart-testing logic will go over the
changed files and make sure that it lints those charts which have
undergone changes.
Because we use a mdoel of 1 commit per merge within Gerrit, this should
still give us the exact coverage that we need without potentially
missing any linting changes.
Change-Id: I64c7896b25c1f3daaa4f61723de8a6c722aaf3a6
Due to some recent reordering of the Bluestore OSD init code, the check
for empty db and wal device strings that sets CEPH_LVM_PREPARE to 0 is
now incorrect as it checks for an existing volume group on the OSD
device to determine if an OSD previously existed on the device. That
device is now initialized prior to this check, so the check is invalid.
This change removes it.
Change-Id: I5236de171d94930e08770537663b14c2eedb0b32
The path to get the conntrack value was incorrect.
Also the logic of the script is updated to raise conntrack alert.
Change-Id: I4d3ea74396eb726458d05df3d9c9a50fec74cf05
This will start publishing all of the charts into tarballs.openstack.org
which should allow for easier public consumption of these charts. This
patch covers adding publishing for openstack-helm-infra first.
Change-Id: Iaa14629c0d0c36b98c2295119af3008f14c0cd39
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
The PS updates queries in wait_for_pgs function (init pool script). The queries
were updated to handle the cases when PGs have "activating" and "peered"
statuses.
Change-Id: Ie93797fcb72462f61bca3a007f6649ab46ef4f97
This change allows Ceph OSDs to respond to logical disk changes
and continue to function instead of failing to initialize after
such a change. For example, /dev/sdd is deployed as an OSD disk
and then subsequently becomes /dev/sde due to a hardware-related
event. This change allows the OSD to adapt and run as /dev/sde.
Change-Id: I6c22088b8d884f9dd300d026415fb126af4b41d4
Fallback to old dump file naming for read operation to support archives
with legacy naming.
Change-Id: I0c9c7b2c1feaac9aca817041dae617b4d1056b84
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
1)Moved Apparmor changes to overides so as to use experimental Jobs.
2)Changed Numerical Convention to openstack exporterw
Change-Id: I9ac1f6399c09fc54fcdb98eb0c6cf91912bc93c1
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
default reject at the end of pg_hba.conf is added to ensure all connections must be explicitly allowed.
List of dependant users are added to allow connections are:
1. postgresql-admin
2. postgres
3. psql_exporter
Change-Id: Ic7bd19e5eb4745b91d94d5a88851280054459547
