This patchset adds a secret containing the backup/restore configuration
for Postgresql, in case it is needed for invoking a backup/restore
operation from a different application or from a different namespace
(like from a utility container). Default is to not produce the secret.
Change-Id: I273fe169e7ee533c3fe04ad33c97af64b29bc16f
The flush-kibana-metadata job was causing issue in loading the kibana
dashboard due to conflict in order this is run. Adding dependencies to avoid
running jobs simultaneously.
Change-Id: If5a2564a8b6a16fb0dbd6a93f2e6e02d91f394dc
Adding the capability to retrieve a list of tables, list of rows,
and the table schema information from a given database backup
archive file, for the purpose of manual database table/row
restoration and also for just viewing.
This is added to the HTK _restore_main.sh.tpl and is integrated
into the Postgresql restore script (Mariadb will be done later).
Change-Id: I729ecf7a720f1847a431de7e149cec6841ec67b8
This change adds the ability to configure the
--collector.filesystem.ignored-mount-points
parameter, which is useful in events where a subdirectory
cannot be statfs'd by a non-root user.
Change-Id: Ie2be8c496aa676e9a3fee5434e0c194615f9cdab
See: https://github.com/prometheus/node_exporter/issues/703
This patch set adds in a manifest method in helm toolkit to generate
certificates and places them into a secret.
Change-Id: I50300afb0fc0ab92169ad9dd9ba66a56454fbc46
Signed-off-by: Tin Lam <tin@irrational.io>
This places in a chart that a CA issuer using [0].
[0] https://cert-manager.io/
Change-Id: I0825b50cc0fcfc510f5db00bf85a01dee388141e
Signed-off-by: Tin Lam <tin@irrational.io>
Mariadb is using utf8_general_ci as the default collation:
- https://mariadb.com/kb/en/mariadb/supported-character-sets-and-collations/
Currently utf8_unicode_ci is used for collation server, but when
enabled panko and run "openstack event list", we will see
"pymysql.err.InternalError". This issue can be fixed when using
utf8_general_ci.
Related issue is here:
https://bugs.launchpad.net/starlingx/+bug/1880948
Change-Id: I24005ec4ae1ffe20c2436ba63471ea8fc1315b86
Signed-off-by: chenyan <yan.chen@intel.com>
Use nginx-ingress-controller:0.32.0 and change user to 101
intead of 33 which is suported by this image.
Change-Id: I38679e350ec352f13074055b7e08b98df1090fbf
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I7a7bf796d3f25e4dd3d1709850729d29497d355e
This updates to use TOX_CONSTRAINTS_FILE instead of
UPPER_CONSTRAINTS_FILE since the latter is obsolete.
Change-Id: Ib31adb98e822b1b57acd8fd2f3f338e6cfe24c23
Signed-off-by: Tin Lam <tin@irrational.io>
By default erlang VM determines a number of scheduler threads equal to a
number of CPU cores it detects [0]. Running rabbitmq in container makes
Erlang VM to think it has all host CPU power, making extra scheduler
threads competing for CPU time and, depending on a difference between
a number host CPU cores and container limits, causing CPU throttling even
while idle.
This commit limits a number of schedulers to a value actually available
to container via k8s resource limits (min 1) emulating the default
behavior.
[0] https://www.rabbitmq.com/runtime.html#scheduling
Change-Id: If36f63173de4c8035daf7aac4014c027c579b58f
Added capability in the podsecuritypolicy template to bind individual
serviceaccounts to clusterroles to enable enforcing psp at
serviceaccount level.
The idea is that the default psp can be tuned to be restrictive for all
serviceaccounts; and new psp, clusterroles, and clusterrolebindings are
defined to bind specific serviceaccounts or namespaces to permissive
podsecuritypolicies, based on the security requirements of a deployment.
Change-Id: I1b13c0e324b9a756a07d36b6e53786303f4a9f89
This change adds in a helm test to properly test cinder functionality
in the openstack-support zuul check.
Change-Id: Ie4b2b8ef9e56e9745c58ce6dc8858f5f90057b96
sometimes it is needed to use other than `openstack` CLI clients
or older versions of those in bootstrap/other scripts that do not
understand the OS_INTERFACE env var, and instead use the
OS_ENDPOINT_TYPE var (and --os-endpoint-type CLI arg) for the same
purpose.
Example is `neutron` command from python-neutronclient package.
Change-Id: I0fb7d1e9612391e8632d775b91848d3c834b9bd2
