Adding this parameter to Cinder, Heat, Glance,and Neutron
config. Adding this parameter allows proper handling to resource
links in response using API services behind https proxy.
Change-Id: Ib99a16b6252b15d9f138417485731ec401cb8f81
the defaults in Python [0] and oslo.log [1] are such that when using
separate config file for logging configuration (log-config-append)
the log fomat of dates containes miliseconds twice (as in sec,ms.ms)
which is exactly what is currently seen in logs of OpenStack services
deployed by openstack-helm.
When not provided with datefmt log formatter option, Python effectively
uses '%Y-%m-%d %H:%M:%S,%f' [0] as a default time formatting string to
render `%(asctime)s`, but the defaults in oslo.log add another `.%f`
to it [1].
Since `log-date-format` oslo.log option has no effect when using
log-config-append, we need to explicitly set date format to avoid double
miliseconds rendering in date of log entries.
[0] 6ee41793d2/Lib/logging/__init__.py (L427-L428)
[1] http://git.openstack.org/cgit/openstack/oslo.log/tree/oslo_log/_options.py?id=7c5f8362b26313217b6c248e77be3dc8e2ef74a5#n148
Change-Id: I47aa7ce96770d94b905b56d6fe4abad428f01047
This patch set adds "startingDeadlineSeconds" field to cronJobs.
When the field is not set, the controller counts how many missed
jobs occured from the last scheduled time till now. And if it happends
more than 100 time the job will not be scheduled. To avoid this
the "startingDeadlineSeconds" field should be set to sufficient period
of time. In this case the controller counts how many missed jobs occured
during this period of time. The value of the field should be less than
time (in seconds) needed for running >100 jobs (according to schedule).
Change-Id: I3bf7c7077b55ca5a3421052bd0b59b70c9bbcf24
Resolve issue with sriov dependency removal.
sriov key is required even if there are no dependencies.
Change-Id: I978b411502af575579e4f4a56e0974ef2baf5f52
Add documentation describing steps to deploy tap-as-a-service neutron
plugin as L2 Agent ext, and to deploy tap-as-a-service-dashboard
plugin in horizon.
Change-Id: I3e671d58b612a517af9cd2902401f91aad4bcd78
This adds the release-uuid annotation to the pod spec for all
replication controller templates in the openstack-helm charts
Change-Id: I0159f2741c27277fd173208e7169ff657bb33e57
Expose additional Horizon security params in accordance with the
OpenStack Security Guide [0]
- Check-Dashboard-03: Is DISALLOW_IFRAME_EMBED parameter set to True
- Check-Dashboard-07: Is PASSWORD_AUTOCOMPLETE set to False
[0] https://docs.openstack.org/security-guide/dashboard/checklist.html
Change-Id: I355ddbc9fb1dcd0a6100ee650afd54680ef9ffbd
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568
the release name is currently hard-coded to 'newton' while the default
images are for ocata (and the oldest supported release is also ocata).
Change-Id: Iac5112bb978309a07114fcfd0bd899ef3f3d56d0
this role is not actually required since ~Kilo
I3f1b70b78b91bfac9af5fadb71140679b208c999
plus the heat chart already sets the trusts_delegated_roles option
for Heat to pass all roles to the trust
Change-Id: Icf900f318d3173d63c5967857d96f7d2a7f9aa5b
This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: I6f2125f3505904c4714688e7a9900b8d6bea49b4
This adds wait timeouts to nova and neutron to circumvent timeout
issues with deploying those two releases
Change-Id: I3fcc9ef5f16ecbc6dc33fc52df22c2d5ff504fb7
This updates the openstack-helm Armada job to instead deploy
only Ceph, the OpenStack service charts, and their dependencies.
This is dependent on the addition of the Armada job for Ceph and
the LMA components to openstack-helm-infra. This also updates the
jobs definition to use the osh-gate-runner playbook instead, as
well as sets the job both to a periodic and experimental job
Depends-On: https://review.openstack.org/#/c/634676/
Depends-On: https://review.openstack.org/#/c/633067/
Change-Id: I7e191a153f123e04e123acc33fb691d8117062a9
In accordance with the OpenStack Security Guide this PS updates
the cinder.conf to explicity set the auth_strategy param.
Change-Id: Ie0a2b9ffebb597166851226eabac4924c34e1404
Signed-off-by: Pete Birley <pete@port.direct>
This simply adds the release uuid value to the chart overrids in
the Armada manifests, which allows for validation that the release
uuid is appropriately added as an annotation to the resulting pods
Change-Id: I53dc31ed9849ea321064184817549c0e90c34378
1. Chart name : change from "ceph" to "ceph-rgw"
2. Postfix of environment variable's name
: change from "OPENSTACK" to "CEPH"
Change-Id: I03a4e12457cec1811b6fa03367811f74e4bb8b83
Signed-off-by: Deokjin Kim <deokjin81.kim@samsung.com>
To get openstack related metrics, prometheus-openstack-exporter need to
access to keystone. So add prometheus-openstack-exporter to network
policy of keystone.
Change-Id: I31106a10e512578a35122949c3cff698b1bc482b
Signed-off-by: Deokjin Kim <deokjin81.kim@samsung.com>
This PS moves the default to use public endpoints for heat clients
eg: waitcondition url generation consumed by cloudinit in vms.
Change-Id: I24113c969f2b310a48cf128a1ada78930c69a4e1
Signed-off-by: Pete Birley <pete@port.direct>
This change adds a zuul check job to export any templated python
contained in the helm charts and scan it with bandit for any
potential security flaws.
This also adds two nosec comments on the instances of subprocess
used as they currently do not appear to be malicious, as well
as changing the endpoint_update python code to prevent sql
injection, which satisfies bandit code B608.
Change-Id: I2212d26514c3510353d16a4592893dd2e85cb369
This PS allows to customize (and disable) information about OS and
Apache version displayed on pages with error messages.
Change-Id: Ic4d19bcc90dadf5cf26faa5c8fb39de00a6f3212
This PS updates the cinder volume template to restore rootwrap
operation.
Change-Id: Ifc6d2442e536e22dca0563bb16634fd9accf44e1
Signed-off-by: Pete Birley <pete@port.direct>
This parameter has been deprecated in Newton and removed [1]
in Ocata.
[1] https://review.openstack.org/#/c/385604/
Change-Id: Ib80cc6634d0fba8ddd2a8e5c9d26a6a0524164b8
This PS disables the server status page of Apache.
On the page provided information which can aid the
malicious user in finding vulnerabilities in the system.
Change-Id: I11104b10359808dc78a214ebb531d710ec353f60
