- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Cinder chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: If17af3e3dba188a43ed11a0d5757fcae9f5358e8
Enables and sets some sane, default configuration, based off
documentation [0] for the 'rbd1' scoped Cinder backend. When a
volume is first created from an image, a new cached image-volume
will be created that is owned by the Block Storage Internal Tenant.
Subsequent requests to create volumes from that image will clone
the cached version instead of downloading the image contents and
copying data to the volume.
[0]: https://docs.openstack.org/cinder/stein/admin/blockstorage-image-volume-cache.html
Change-Id: I1eae74b7058f0c6c0826289cf468033eccecaa8a
In this Patchset, Cinder configuration is added to values_overrides
for supporting PURE as one possible Cinder block storage backend.
Please note: updated images are needed for Cinder and Nova to
include package purestorage for the support of pure backend.
Change-Id: Ic0f1116045d74ec624449fbaf92858ccf8d4d936
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
Co-Authored by gage Hugo <gagehugo@gmail.com>.
This Patchset creates Zuul Gate Jobs for apparmor to support Cinder.
Change-Id: I7705512a3b50560b183e19f0868be40078241cdd
In this patchset, the iSCSI protocol support is added
to enable Cinder to use iSCSI based storage backends.
Bootable volumes are not supported, only VM attached
volumes are supported for this initial patchset.
Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
Security_context'readOnlyRootFilesystem' under container cinder-backup
is misspelled as' redOnlyRootFilesystem', this commit fixed this
Change-Id: I5a1a9c1a9ae66d027199057a13e3119a326ef015
Cinder default format of policy file is changed from
"json" to "yaml" in stein. This patch set modifies
Cinder chart templates to load policies in yaml format.
Change-Id: I28f3d5be6609cd28bbc1ce8e5fc1d1cf4730b760
This reverts commit 1c85fdc390e05eb578874e77fad9d4ec942da791.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
The gotpl script that determines if a cinder backend is ceph-backed
is not properly handling additional backends that does not have the
driver "cinder.volume.drivers.rbd.RBDDriver". This patch set fixes
the gotpl so it no longer causes a rendering problem.
Change-Id: I902e82301019531832afebce7a1e2f0b28bac8f3
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in a script that cleans up orphaned or
lingering rally helm test pods.
Depends-On: https://review.opendev.org/#/c/683759/
Change-Id: I94fc8d067b421248cf74fe40b2e8520f63d4417c
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
- Change all tests to support Nautilus,Mimic and Luminous releases
- Update ceph-config-helper image
Change-Id: I557b1efa12529d0ee51d4c5b9d4beb4abf1b0574
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the ceph-config-helper image for the ubuntu distro
based jobs to use an image that includes kubernetes 1.16.2
Change-Id: If063db5e6f0abfab10cd0195b3633c41d8ed560f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
Cinder requires rootwrap functionality that we cannot disable
allowPrivilegeEscalation. This patch set removes the line
that disables it by default.
Change-Id: I23b35aee298e2e414e93ff34cd0a7012a9099e3d
Signed-off-by: Tin Lam <tin@irrational.io>
This PS makes the image conversion directory an emptydir, so that
we can use read only containers and sill convert images from glance
into volumes.
Change-Id: Id3cda737895451c2261bf9adfe54995db28c2f63
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
Wrap code making the assumption there is only one Ceph backend
(using is_ceph_volume_configured) in a "range" and use
ceph_backend_list helper to iterate all available Ceph backends.
Move Ceph pool application name in values.yaml from
conf.software.rbd.rbd_pool_app_name* to conf.ceph.pools.*.app_name
Change-Id: If1126e51fe9ebb85185e375dc282e83db63d934c
Depends-On: Iaa67061b05a9d355228ad7d3f5ee0f4f04dbdc66
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
This commit changes the cinder template bootstrap script
to use the openstack client instead of the cinder client
to list volume types.
Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
The patch adds dependency in cinder for create_internal_tenant job which
uses openstack client to create internal_project_name and internal_user_name
but if identity server is not ready yet the job crashes therefore cinder-volume
doesn't work as well.
Change-Id: I4386f127b834a9777093ac1d3c269937947c7bcf
This PS udpates the deps on the cinder boostrap job to ensure that the
cinder volume service has started prior to attempting bootstrap.
This crtainly could be enhanced further, but is the 1st step in preventing
the liklyhood of a race.
Change-Id: Id0f958077b296750242450179b41c0a1b703b4a5
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Stein Release of OpenStack in Ubuntu Bionic
containers.
Depends-On: https://review.opendev.org/667726
Change-Id: Icfad3434ca496a841993b95adaf5d853728d920f
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for running the Rocky release of Openstack under
Python3 in Ubuntu Bionic containers.
Change-Id: I269cef9f8f157e22f6b857822df9a8960dac6ea8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Rocky Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: Ieed4a6a3afa6e3ebd9b2f72ba227aac891d65214
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Queens Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I0d4d427e43f06fa955dfd275859939d0adca113c
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Pike Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I402584bbcdd53a4a6bc21f370586b3498142bf81
Signed-off-by: Pete Birley <pete@port.direct>
In preparation for supporting multiple Ceph backends
replace is_ceph_volume_configured with has_ceph_backend.
has_ceph_backend returns true when at least one
backend is using RBDDriver.
Change-Id: Iaa67061b05a9d355228ad7d3f5ee0f4f04dbdc66
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>.
