This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
Glance provide default list of metadata definitions in /etc/glance/metadefs
directory. The patch adds job that will load those defaults definitions.
The job is enabled by default.
Change-Id: Ib3ab20a9a7f73b568b029b06101cf4e5e2473716
glance_store uses bare ConfigParser for swift configuration, that
ceased to strip quotes in PY3. That leads to invalid auth parameters
(e.g. 'project_domain_id': '""') and failure to authenticate.
Current CI process does not hit this issue because Swift backend
is not used.
Change-Id: I6d2c129e6747a3c5fcd2da0c88b0a2135775a914
Closes-bug: #1839772
The patch sets allowed_origin in cors section to have ability to
operate along with CSRF operations and direct upload in horizon dashboard.
Change-Id: Icdd9aa97d24c5bf3cc42d3cd1dfd5b2f7adbefc9
The patch fixes issue when ingress for glance registry is created
when manifests:ingress_registry is set to false.
Change-Id: I8e54c73b3924ea292e18aa1e837d0e10b51e3876
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Stein Release of OpenStack in Ubuntu Bionic
containers.
Depends-On: https://review.opendev.org/667726
Change-Id: Icfad3434ca496a841993b95adaf5d853728d920f
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for running the Rocky release of Openstack under
Python3 in Ubuntu Bionic containers.
Change-Id: I269cef9f8f157e22f6b857822df9a8960dac6ea8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Rocky Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: Ieed4a6a3afa6e3ebd9b2f72ba227aac891d65214
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Queens Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I0d4d427e43f06fa955dfd275859939d0adca113c
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Pike Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I402584bbcdd53a4a6bc21f370586b3498142bf81
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.
Depends-On: I5150a64bd29fa062e30496c1f2127de138322863
Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
This PS enables the use of simple logging options if desired.
Change-Id: If6ea420c6ed595b3b6b6eedf99a0bf26a20b6abf
Signed-off-by: Pete Birley <pete@port.direct>
Currently each service uses the same name for their helm test user,
"test". While this works when services are ran sequentially, when
multiple services are deployed and tested at the same time, it can
lead to a race condition where one service deletes the user before
the other is done testing, causing a failure.
This change makes it so that each service defines its own test user
in the form of [service]-test.
Change-Id: Idd7ad3bef78a039f23fb0dd79391e3588e94b73c
This patch make the db sync job template follows the same pattern
that other templates utilize the variables to make in a predictable
pattern.
Change-Id: Idbedd046c6b4fd001cf63004ffac792173a5778b
Story: 2005754
Task: 33457
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use, and updating the osh-images process or patching its
code has no impact on OSH.
This should fix it.
Change-Id: I672b8755bf9e182b15eff067479b662529a13477
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
There is currently no testing of the Leap 15 images in OSH.
This addresses it by:
- Using the values_overrides folder according to the multi-os
spec, creating value override files there for changes that
needs to happen on Leap 15 images.
- Point to the right images using the previously created folder,
to allow using those in CI easily.
- Change CI to use previously created overrides.
Depends-On: https://review.openstack.org/#/c/651501
Change-Id: I520d3676195c62b253a19397c86b0d0fbabee710
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the glance-api and glance-registry services.
This provides the ability to audit API requests for glance.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I3b42717dbc11257c21b27e7c68dedc3283e1bd34
This PS tells glance to make rabbitmq queues ha when available.
Change-Id: I675c8a80548f0d0cd9e9fea74dfaeeec632b71e3
Signed-off-by: Pete Birley <pete@port.direct>
In case of not using qemu, the cirros image can not be deployed
because of filtering hypervisor_type.
Change-Id: Ia3e6c9eb5011875aaa9b5334fb34c2c7b8ea9565
Signed-off-by: hagun.kim <hagun.kim@samsung.com>
Implement container security context for the following Glance resources:
- Glance server deployment
Change-Id: I32b63226f5f2bcfff09f0b6760f5475ef7d1b5b5
If user wants to add an extra volumeMounts/volume to a pod,
amd uses override values e.g. like this
pod:
mounts:
nova_placement:
init_container: null
nova_placement:
volumeMounts:
- name: nova-etc
...
helm template parser complains with
Warning: The destination item 'nova_placement' is a table and ignoring the source 'nova_placement' as it has a non-table value of: <nil>
So when we create empty values for such keys in values.yaml, the source
will be present and warning does not need to be shown.
Change-Id: Ib8dc53c3a54e12014025de8fafe16fbe9721c0da
In a previous patch set (https://review.openstack.org/#/c/629300/),
the "allowPrivilegeEscalation" flag was set to false for one of the
init containers, but it was intended to be used for the glance-api
container.
Change-Id: If2d83d82a720d7a1a39729bbf3bddc226af3ba20
- pass new pool replication&crush ruleset parameter to the
storage init script
- set images pool replication&crush ruleset in the storage init script
Change-Id: Idd883d4348a292c0de54c7ee47da98f11f36306f
Story: 2004921
Task: 29282
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
The current helm chart defaults drops logs of any warnings
(and above) for any logger outside of the namespace
of the deployed chart.
This is a problem, as logging could reveal important information for
operators. While this could be done with a value override, there
is no reason to hide warning, errors, or critical information that
are happening in the cycle of the operation of the software
deployed with the helm charts. For example, nothing would get
logged in oslo_service, which is a very important part of running
OpenStack.
This fixes it by logging to stdout all the warnings (and above)
for OpenStack apps.
Change-Id: I16f77f4cc64caf21b21c8519e6da34eaf5d31498
Adding this parameter to Cinder, Heat, Glance,and Neutron
config. Adding this parameter allows proper handling to resource
links in response using API services behind https proxy.
Change-Id: Ib99a16b6252b15d9f138417485731ec401cb8f81
the defaults in Python [0] and oslo.log [1] are such that when using
separate config file for logging configuration (log-config-append)
the log fomat of dates containes miliseconds twice (as in sec,ms.ms)
which is exactly what is currently seen in logs of OpenStack services
deployed by openstack-helm.
When not provided with datefmt log formatter option, Python effectively
uses '%Y-%m-%d %H:%M:%S,%f' [0] as a default time formatting string to
render `%(asctime)s`, but the defaults in oslo.log add another `.%f`
to it [1].
Since `log-date-format` oslo.log option has no effect when using
log-config-append, we need to explicitly set date format to avoid double
miliseconds rendering in date of log entries.
[0] 6ee41793d2/Lib/logging/__init__.py (L427-L428)
[1] http://git.openstack.org/cgit/openstack/oslo.log/tree/oslo_log/_options.py?id=7c5f8362b26313217b6c248e77be3dc8e2ef74a5#n148
Change-Id: I47aa7ce96770d94b905b56d6fe4abad428f01047
This adds the release-uuid annotation to the pod spec for all
replication controller templates in the openstack-helm charts
Change-Id: I0159f2741c27277fd173208e7169ff657bb33e57
- Change all tests to support Mimic and Luminous releases
- Update ceph-config-helper dockerfile to use Mimic Ceph binaries
Change-Id: I06a545c1964eaa5b983c58db48b6ad4ccaaa3b8b
