Implement container security context for the following Cinder resources:
- Cinder server deployment
Change-Id: Ic319fc8ccfea4c8d640ceecd0bbc93912173d172
If user wants to add an extra volumeMounts/volume to a pod,
amd uses override values e.g. like this
pod:
mounts:
nova_placement:
init_container: null
nova_placement:
volumeMounts:
- name: nova-etc
...
helm template parser complains with
Warning: The destination item 'nova_placement' is a table and ignoring the source 'nova_placement' as it has a non-table value of: <nil>
So when we create empty values for such keys in values.yaml, the source
will be present and warning does not need to be shown.
Change-Id: Ib8dc53c3a54e12014025de8fafe16fbe9721c0da
The armada update password job was attempting to invoke a script
that didn't exist for sourcing the passwords. This updates the
path appropriately
Change-Id: Ieb0b85c18ed4f2a589ee3a3ba251317350dc4b81
This specification proposes support for deploying openstack services
using OSH with OCI image registry which has authentication turned on.
Change-Id: I26e34a5a39c06e9d481af58c15fb930d3fe9b1ef
Implements: blueprint support-oci-image-registry-with-authentication-turned-on
Signed-off-by: Angie Wang <angie.wang@windriver.com>
In a previous patch set (https://review.openstack.org/#/c/629300/),
the "allowPrivilegeEscalation" flag was set to false for one of the
init containers, but it was intended to be used for the glance-api
container.
Change-Id: If2d83d82a720d7a1a39729bbf3bddc226af3ba20
fernet-manage:
- filter used to return a list on python2 but on python3 it returns
an iterator which has no len method
- Coherce the keys var into a list so we can run len on it on both
versions
update-endpoint:
- ConfigParser is called configparser on python3
- try/catch and import the proper configparser
Change-Id: I8296074f4d20e47afe0c7aea41bf21999685aecd
Previously, when adding interfaces to an ovs bridge we would set the
link state to up. Some environments assume this is the case so
restore that behavior.
This fixes the problem where external (public) IPs for routers and VMs
no longer respond.
Change-Id: I59e21bd5cde7e239320125e9a7e0a33adae578a8
Health_probe for neutron pods accomplish both liveness and
readiness probe.
Neutron DHCP/L3/OVS agents:
Sends an RPC call with a non-existence method to agent’s queue.
Assumes no other agent subscribed to tunnel-update queue other
than OVS. Probe is success if agent returns with NoSuchMethod
error.
Neutron Metadata agent:
Sends a message to Unix Domain Socket opened by Metadata agent.
Probe is success if agent returns with HTTP status 404.
In both the cases, if agent is not reachable or fails to
respond in time, returns failure to probe.
Readiness probe for Neutron L3/DHCP/Metadata/SRIOV agents
Following are the operations executed on the pod as part of
readiness probe on the neutron agents:
- Check if the agent process is up and running.
- Retrieve the sockets associated with the process from the /proc fs.
- Check the status of tcp sockets related to Rabbitmq communication.
- Check the reachability of the rabbitmq message bus from the agent.
- For SRIOV Agent, check if VFs are configured properly for the
configured NICs in sriov_agent.ini conf file
Change-Id: Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a
Health probe for Nova pods is used for both liveness
and readiness probe.
nova-compute, nova-conductor, nova-consoleauth and nova-scheduler:
Check if the rpc socket status on the nova pods to rabbitmq and
database are in established state.
sends an RPC call with a non-existence method to component's queue.
Probe is success if agent returns with NoSuchMethod error.
If agent is not reachable or fails to respond in time,
returns failure to probe.
novnc/spice proxy: uses Kubernetes tcp probe on corresponding ports
they expose.
Added code to catch nova config file not present exception.
Change-Id: Ib8e4b93486588320fd2d562c3bc90b65844e52e5
Currently, ceilometer is not listening to the notifications which
sent from the openstack services as the messaging_urls isn't configured
properly. The commit updates the messaging_urls with the correct type
and the default value.
The configuration for the cache server is also added. With the cache
server configured, ceilometer will not update the resource metadata
through gnocchi client if the resource is not changed.
Change-Id: I77e5acf3da31e211c444032f26d7625e51d8b0a9
Story: 2005019
Task: 29746
Signed-off-by: Angie Wang <angie.wang@windriver.com>
- pass new pool replication&crush ruleset parameter to the
storage init script
- set images pool replication&crush ruleset in the storage init script
Change-Id: Idd883d4348a292c0de54c7ee47da98f11f36306f
Story: 2004921
Task: 29282
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
This commit adds the ability to deploy a polling process with ipmi
functionality to pull ipmi samples.
Story: 2005019
Task: 29819
Signed-off-by: Angie Wang <angie.wang@windriver.com>
Change-Id: Ib61d65f9ab815faa0d750422ffb0e36406dd3ccd
During the Stein development cycle, Cinder removed the deprecated
query_volume_filters configuration option with
Icd311db7f88c3c274d9a362eb96519e46c7e4d17.
This chart update will add resource_filters.json to the configmap and
provides the default values for the filter keys to enable filtering in
the list APIs.
Change-Id: I31263e9ce06d31773e961ae5d1252e062a38a4e5
Signed-off-by: Robert Church <robert.church@windriver.com>
This commit adds two missing definition files which are
meters.yaml and polling.yaml.
meters.yaml is the meter definition file that used for
ceilometer notification agent to convert meters.
polling.yaml is the polling definition file that used for
ceilometer polling agents to pull meters.
Change-Id: I6b9b7543aa1a77661d6a86166af59fde85085513
Story: 2005019
Task: 29811
Signed-off-by: Angie Wang <angie.wang@windriver.com>
