Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
This updates the Keystone chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I0e00571d4060cca914d1bdb4f36e736fa8501130
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.
Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
This updates the Keystone chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I655ef19a3c187e3462ff8ec1a54bc9691ca64d41
This updates the Keystone chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true.
Change-Id: I2ac3a4efa6798e263de19f0db444f37c5236d121
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
This change adds in the mapping for LDAP groups to be mapped
to groups within keystone. Also adds a group list check to make
sure that groups are correctly mapped.
Change-Id: Ib3b00d3f801ba975202a921643510fcb642e0a90
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.
Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
This patch set fixes an issue with where the keystone chart's
domain-manage job/pod always restart once due to a calculation
logic error.
Change-Id: I801d04559a526d3a7339cd5102f2e738af9f72e0
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
In case of keystone-fernet-setup job rerun (delete and create),
fernet tokens are recreated. Which leads to ongoing openstack request
fail.
keystone-manage fernet_setup is idempotent, let's make the
keystone-fernet-setup job idempotent as well.
Change-Id: I62e741fe5192b7a0018bc84ccdac1ea5311a1e03
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
Pods for some of the CronJobs do not have correct
application and component labels applied, they are
unable to start if Network Policies are enabled.
Change-Id: Ie4eed0e9829419b4b2e40e9b712b73a86d6fc3d2
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This patch set is one of many to migrate existing code/script to be
python-3 compatible as python-2 is sunsetting in January of 2020.
Change-Id: I337069203a3273e9aba6a37294ee3c25e5b4870a
Signed-off-by: Tin Lam <tin@irrational.io>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
Using the direct / path for the keystone probes can lead to the
probes receiving an http 300. We want to have an http 200 so there
is no warning from the probes. Use the full v3 path so the probes
are stable
Change-Id: If8b45801bb053778bd2e1691ff8556aa73cb434d
In cases where mariadb is not accessable, either from being deleted
prior to deleting keystone, or some other reason, it is preferred
to fail and move on with the keystone-credential-cleanup.
This change adds hook-failed to the "hook-delete-policy" for the
keystone-credential-cleanup job. This is address cases where deleting
keystone would cause the delete task to hang while the cleanup hook
would fail to connect to mariadb, often due to mariadb being already
deleted.
Change-Id: Ice7187fe6329c8b12333f508351bd5f9e2cdc8e2
Python 3 renamed ConfigParser module to configparser.
This patch fixes compatibility with Python 3 for the
keystone-credential-cleanup job.
Change-Id: I6e34ba995d7a02f94b12162f0e5f8f326dfa8108
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
