Using local variables outside of function is not allowed
in bash. During adding route it tries to delete cached
route and fails with "Not found" because it can delete only
user created routes, so we need to omit Cached routes
in ovs/route/show listing.
Change-Id: Ifc8da7fc36206f7ebd2e6198dbf192a5a40261af
This patch allow Neutron to start taking advantage of the rootwrap
daemon which should significantly increase performance.
Change-Id: I9d4f8dd8f9d36dc558e5e280b8f8193212345f34
We didn't have an annotation label, so there's no way for things
to automatically reload when config changes.
Change-Id: I5d142c8d3c2bb11b955d4c4e2fd2e95e3a1e522a
There was a mistake in the script for the archive_delete_rows cron for
rendering the values from the values files. Fix for taking the values
from the values file for --max-rows and --before options when enabled
using the values.yaml file.
Change-Id: Ib63920c497bbf9ac74e41bdfd0b2e580b95bebb0
At the moment, the multidomain support selector is broken because
it always puts the value of a boolean inside a string which always
evaluates to true, which means setting it to false does nothing.
This patch drops the quotes around the templated configuration,
that way, it is taken for the literal boolean value.
Change-Id: I02c0a0ece680ecb55e83f3da5a992398c3ab6390
Script has been created with archve_deleted_rows which will run as
cronjob to move the deleted rows from production table to shadow table.
Change-Id: I1cd3e523301b1aaeb3366288d128e23aae5e0780
This change modifies the keystone probe timings to be less
aggressive. This should prevent the probes from restarting any
keystone-api pods that are under a high volume of traffic as well
as reduce the amount of log spam.
Change-Id: Icce06bf2247591a7b603aa32ded254ce7b6cc67a
This change modifies the default values for all of the readiness
and liveness probes to something a bit less aggressive, namely
the default timeout of 1 second.
Change-Id: Ib389aebb2450f8ed134ef8f75110b559d1a4f2ee
This patch updates the gate scripts so that the Ceph CSI RBD Provisioner
will be tested appropriately and is documented properly.
Change-Id: I0ad86c9d53db3533b65a41387bbd426c9023d6ee
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed
rabbitmq support should be added.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188
Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
When using the simple_crypto_plugin (which is enabled by default),
secrets are encrypted with per-project keys, and those keys are
encrypted (or wrapped) with a master key encryption key (KEK, or MKEK).
The wrapped project keys are stored in the database. The KEK is stored
in the barbican configuration file.
If no KEK is specified, a well-known default is used. There is no native
Barbican support for rotating the KEK. Changing the KEK would cause loss
of access to all secrets, because Barbican would be unable to unwrap the
project keys.
This change adds support for upgrading the Helm chart while changing the
KEK. A script can be executed during the db-sync job that decrypts the
project keys with the old KEK, and rewraps them with the new KEK. Note
that no secrets are actually modified during this procedure, and the
project keys are not actually changed.
To use this feature, specify the following values:
conf:
barbican:
simple_crypto_plugin:
kek: # new KEK, 32-bytes of data, base64-encoded
simple_crypto_kek_rewrap:
old_kek: # old KEK, 32-bytes of data, base64-encoded
Change-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53
The dnsPolicy not being set to "ClusterFirstWithHostNet" results in
the housekeeping service failing to connect to the database.
Change-Id: I23c9f0c561ea61695fbc7ce333a3f331cf31a7a4
``[vnc]/vncserver_proxyclient_address`` was deprecated, so we replace it with ``server_proxyclient_address``
Change-Id: I142710ffab2aa407a09318e4b8517938ed28f3c8
In the Victoria cycle oslo.policy decided to change all default policies
to yaml format. Today on openstack-helm we have a mix of json and yaml
on projects and, after having a bad time debugging policies that should
have beeing mounted somewhere but was being mounted elsewhere, I'm
proposing this change so we can unify the delivery method for all
policies across components on yaml (that is supported for quite some
time). This will also avoid having problems in the future as the
services move from json to yaml.
[1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f
The openstack-helm docs currently state that the openstack-helm
dev team will work with Helm with regards to facilitating job upgrades.
This is misleading in that we do not directly contribute to Helm and
currently provide methods for charts to run jobs for an upgrade
for instances where images are updated, the job is deleted and
re-ran.
Change-Id: If04367b6563ed36c3b3cde7a9cd4425b6795505f
Some nova gotpl files have +x permission. This changes it so they are
consistent with the other gotpl files.
Change-Id: Ifcd4c1032b41363ea8b1d43407315d68d7e9eec8
Signed-off-by: Tin <tin@irrational.io>
