This PS breaks out the helper container images, which is required
now that the ingress image is more compact.
Change-Id: I6afb08954f37eda1ed913a4b3acdaf6e2b89d30e
Signed-off-by: Pete Birley <pete@port.direct>
This patch takes into consideration that there could be multiple
options for mandatory access control in a cluster. The previously
defined Helm toolkit function for generating a MAC annotation can
now be specified generically, like in this example:
mandatory_access_control:
type: apparmor
glance-api:
init: runtime/default
glance-api: runtime/default
glance-perms: runtime/default
ceph-keyring-placement: runtime/default
glance-registry:
init: runtime/default
glance-registry: runtime/default
If no MAC is required, then the "type" can be set to null,
and no annotation would be generated. The only MAC type supported
at the moment is "apparmor".
Change-Id: I6b45533d73af82e8fff353b0ed9f29f0891f24f1
This removes the tolerations key from the labels entries. As the
boolean check is on the pod.tolerations.enabled key instead, the
labels.foo.tolerations key is no longer used and should be removed
Change-Id: I00536dabadf9bd354219058d8efd054c60952bbd
Largely inspired and taken from Kranthi's PS.
- Add support for creating custom CRUSH rules based off of failure
domains and device classes (ssd & hdd)
- Basic logic around the PG calculator to autodetect the number of
OSDs globally and per device class (required when using custom crush
rules that specify device classes).
Change-Id: I13a6f5eb21494746c2b77e340e8d0dcb0d81a591
To allow to integrate TungstenFabric(Contrail) with Airship
there should be ability to redifine ports that can be conflicted.
Change-Id: Id15658c65339577cec03f25ebd22dd664bb5976a
Long hostnames can cause the 63 char name limit to be exceeded.
Truncate the hostname if hostname > 20 char.
Change-Id: Ieb7e4dafb41d1fe3ab3d663d2614f75c814afee6
This adds basic charts for Elastic metricbeat, filebeat,
packetbeat, and elastic APM server. This also adds an experimental
job for deploying the elastic beats along with Elasticsearch and
Kibana
Change-Id: Idcdc1bfa75bcdcaa68801dbb8999f0853652af0f
This adds session affinity to Prometheus's ingress. This allows for
the use of cookies for Prometheus's session affinity
Change-Id: I2e7e1d1b5120c1fb3ddecb5883845e46d61273de
This updates the Nagios image tag to include the updated plugin
for querying Elasticsearch for alerting on logged events
Change-Id: Idd61d82463b79baab0e94c20b32da1dc6a8b3634
This PS updates the version of the ingress controller image used.
This brings in the ability to update the ingress configuration without
reloading nginx. There may also need to be some changes for prom based
monitoring:
* https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0100
Change-Id: Ia0bf3dbb9b726f3a5cfb1f95d7ede456af13374a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ingress chart to allow the status pport to be
changed.
Change-Id: Ia38223c56806f6113622a809e792b4fedd010d87
Signed-off-by: Pete Birley <pete@port.direct>
Add support for a rack level CRUSH map. Rack level CRUSH support is
enabled by using the "rack_replicated_rule" crush rule.
Change-Id: I4df224f2821872faa2eddec2120832e9a22f4a7c
This moves to update the host used for the ceph health checks, as
we should be checking the ceph-mgr service directly for ceph
metrics instead of trying to curl the host directly.
This also changes the ceph_health_check to use the base-os
hostgroup instead of the placeholder ceph-mgr host group, as we're
just executing a simple check against the ceph-mgr service.
This also adds default configuration values for the
max_concurrent_checks (60) and check_workers (4) values instead
of leaving them at the defaults Nagios uses (0 and # cores,
respectively)
Change-Id: Ib4072fcd545d8c05d5e9e4a93085a8330be6dfe0
This updates the Nagios image to use a tag that includes a fix for
the service discovery mechanism used for updating host checks.
After moving the Nagios chart to either run in shared or host PID
namespaces, the service discovery mechanism no longer worked due
to the plugin attempting to restart PID 1 instead of determining
the appropriate PID to restart.
For reference, see:
https://review.gerrithub.io/#/c/att-comdev/nagios/+/432205/
Change-Id: Ie01c3a93dd109a9dc99cfac5d27991583546605a
This adds session affinity to Nagios's ingress. This allows for
the use of cookies for Nagios's session affinity
Change-Id: I6054a92f644dc533dd06d35a2541fb44d46cba88
Change deployment script for rgw to not use the docker
bridge for public and cluster network overrides. Instead,
calculate network values in same way as other ceph multinodes
deployment steps
Change-Id: I2bacd1af1cc331d76a5d61f3b589ca6ef80b1b2e
Request from downstream to use 10GB journal sizes. Currently journals
are created manually today, but there is upcoming work to have the
journals created by the Helm charts themselves. This value needs to be
put in as a default to ensure journals are sized appropiately.
Change-Id: Idaf46fac159ffc49063cee1628c63d5bd42b4bc6
This reverts commit 5c2859c3e9026e464bf0c35b591aaae810ff2a1c.
This commit breaks the ability to declare users to use with rally/helm test - and needs to be refactored to match the commit message's intent.
Change-Id: I2bc66ef40694c277058b4324b8a3528f4f25d1d1
Currently the cronjob is broken due to syntax and
permission issues.
Additionally move the cronjob from once a month to
every 15 minutes, and automatically disable the job
unless explicitly enabled.
Change-Id: Id72bdb286c805ccb0ea4e9fcf65fabca94a180dd
The ceph_health check in Nagios incorrectly sets the warning and
error level to 0. The ceph_health_status metric's value of 0
indicates the cluster is healthy, while 1 indicates a warning and
2 indicates an error state. The Nagios check for ceph_health is
updated to reflect these values
Change-Id: Iffe80f1c34f6edee6370dd7e707e5f55f83f1ec1
This updates the Prometheus scrape configuration to use the
service based discovery mechanism instead of endpoints. This
removes issues associated with multiple ceph-mgr replicas deployed
Change-Id: I2c557af0c7200d0c4aea646c5f9ecd1a070db33e
If OSH_INFRA_PATH is never used in the openstack-helm-infra repository,
as all the references are using relative paths.
The keystone script is not using a relative path, and relies on
OSH_INFRA_PATH to be defined to work.
This is a problem, because when it is not defined, the expected path
for ldap chart is /ldap, which is an incorrect path.
This fixes the problem by ensuring the path is relative.
Change-Id: I04a8d5c074b7c1e6fa66617bbb907f2ad4dcb3af
