5b3917befd
This task aims to Upversion base OSH to Caracal (3013cbc9)
This change upversions the base commit SHA for openstack-helm
to the Caracal version. Because upstream OSH does not track
versions the same way Openstack does, the base commit [1] was
chosen after the caracal release date and the stability of the
changes in the upstream repo.
It also ports all StarlingX specific patches on top of it,
dropping the patches that are no longer necessary and updating
what needs to be updated in order to be applied on top of the
new base SHA.
Patches 0002, 0009, 0019 and 0022 had their changes merged
on the upstream OSH repo, therefore they were dropped in this
upversion.
Patch 0003 was also removed since a similar job was created
upstream. It remains a point of attention because altough
a similar job was created upstream there are some differences
between them. Patch 0012 was dropped as it only modified the
file created by the patch 0003.
Most of patch 0020 was merged upstream, because of that the size
of the patch was significantly reduced.
All static overrides had the dep_check image added, this image
was already present on the values file upstream but was not being
exposed on the static overrides.
In the Neutron Helm chart, some additional images were added. Most
of the images that were not previously used by STX-O were set as "null"
in the static overrides. The rpc_server proved to be necessary for the
deployment. Similarly, the Nova Helm chart had some images added and
deleted. The static overrides was updated accordingly.
Test Plan:
PASS - Run downloader to get new OSH version
PASS - Run build-pkgs -c -a -l openstack to rebuild all packages
PASS - OSH is on the Caracal version
PASS - All OSH patches are applied
PASS - STX-O is built
With this change STX-Openstack will stop applying until the all
reviews in the relation chain are merged as well. Because of that,
the Test Plan does not include the apply and proper functioning of
the application. The last review of the relation chain will have a
more torough test plan. In order for the build not to be broken, all
reviews in the relation chain should be merged together.
Story: 2011303
Task: 51429
[1] - 3013cbc94a
Change-Id: I988051a73c405c0df810cd24e9dc08fa1051faac
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
97 lines
2.7 KiB
Diff
97 lines
2.7 KiB
Diff
From f749443bfafc92ac52ac0fe7462699707e2f1e55 Mon Sep 17 00:00:00 2001
|
|
From: Rafael Falcao <rafael.vieirafalcao@windriver.com>
|
|
Date: Tue, 18 Apr 2023 15:28:09 -0300
|
|
Subject: [PATCH] Update user to execute commands in cinder related pods
|
|
|
|
The cinder-volume container needs to be able to run qemu-img
|
|
commands. The current user used to execute those commands
|
|
(keystone) does not have the permissions to do that.
|
|
We are updating the runAsUser parameter to execute all
|
|
cinder related containers as cinder user. Doing that the
|
|
user of the container will have the correct permissions
|
|
to perform its operations.
|
|
|
|
Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
|
|
Change-Id: I9bffd45208ab2992e380b2226c8e99639bc3f514
|
|
---
|
|
cinder/values.yaml | 16 ++++++++--------
|
|
1 file changed, 8 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
|
index 07adee1c..b95bd618 100644
|
|
--- a/cinder/values.yaml
|
|
+++ b/cinder/values.yaml
|
|
@@ -79,14 +79,14 @@ pod:
|
|
security_context:
|
|
volume_usage_audit:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
cinder_volume_usage_audit:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
cinder_api:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
ceph_coordination_volume_perms:
|
|
runAsUser: 0
|
|
@@ -96,7 +96,7 @@ pod:
|
|
allowPrivilegeEscalation: false
|
|
cinder_backup:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
ceph_backup_keyring_placement:
|
|
runAsUser: 0
|
|
@@ -118,7 +118,7 @@ pod:
|
|
runAsUser: 0
|
|
cinder_scheduler:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
ceph_coordination_volume_perms:
|
|
runAsUser: 0
|
|
@@ -128,7 +128,7 @@ pod:
|
|
allowPrivilegeEscalation: false
|
|
cinder_volume:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
ceph_keyring_placement:
|
|
runAsUser: 0
|
|
@@ -146,7 +146,7 @@ pod:
|
|
readOnlyRootFilesystem: true
|
|
storage_init:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
ceph_keyring_placement:
|
|
runAsUser: 0
|
|
@@ -156,14 +156,14 @@ pod:
|
|
allowPrivilegeEscalation: false
|
|
clean:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
cinder_volume_rbd_secret_clean:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
create_internal_tenant:
|
|
pod:
|
|
- runAsUser: 42424
|
|
+ runAsUser: 42425
|
|
container:
|
|
create_internal_tenant:
|
|
readOnlyRootFilesystem: true
|
|
--
|
|
2.25.1
|
|
|