178 Commits

Author SHA1 Message Date
Pete Birley
40a45b9751 RabbitMQ: Add vHost management and improve security
This PS adds vhost management to rabbitmq jobs. It also prevents
sensitive information being displayed in the management job, and
removes the 'administrator' tag from service users.

Change-Id: Id337f763c5e4776bce7269676a8a2dc54dc2e5f8
2018-04-19 08:26:45 -05:00
Zuul
6483279265 Merge "keystone: yaml indentation fixes" 2018-04-13 18:44:25 +00:00
Chris Wedgwood
34082dba21 keystone: yaml indentation fixes
Change-Id: Ic402d57f2b0a0a625164a294760476725faea3aa
2018-04-11 21:11:39 +00:00
Tin Lam
172178343e Add validation to domain logic
This patch set addresses the comments left in [0] by fixing the header
information in the python template file and adding logic to query the
domain specific logic.

[0]https://review.openstack.org/#/c/559191/

Change-Id: I656d7ac8158f9b40246ac739e4dc4fc88e1e43da
Signed-off-by: Tin Lam <tin@irrational.io>
2018-04-11 01:20:39 +00:00
Tin Lam
2873435274 Add robust ldap domain-specific config
This patch set provides PATCH capability for ldap-backed domain config,
and prevents silent failure if the configuration contains erroneous
setting.  This also moves from loading .conf files into DB directly,
and uses the API endpoints.

Change-Id: I17a19046fa96e0f3e8fb029c156ba79c924a0097
Signed-off-by: Tin Lam <tin@irrational.io>
2018-04-06 12:08:01 -05:00
Tin Lam
866d858c6f Update heat bootstrap scripts
This patch set adds in two roles for heat: heat_stack_owner
and heat_stack_user as outlined in the Newton [0] and Ocata [1],
as well as assigning roles.

[0] https://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
[1] https://docs.openstack.org/project-install-guide/orchestration/ocata/install-ubuntu.html

Change-Id: I8510ae114448cc1985c11e9b337b9697a379a920
Signed-off-by: Tin Lam <tin@irrational.io>
Co-Authored-By: Pete Birley <pete@port.direct>
2018-03-29 20:52:54 +00:00
melissaml
205c50cd5d fix typos in documentation
Change-Id: Idb156b0141e177041de5c79b2118d682808d45aa
2018-03-23 08:38:21 +08:00
Zuul
c9a875e9f4 Merge "Ingress: support arbitary hostnames." 2018-03-21 23:24:55 +00:00
Zuul
004f8c4cd5 Merge "Use v0.3.0 of kubernetes-entrypoint" 2018-03-21 20:33:21 +00:00
Pete Birley
6971143048 Ingress: support arbitary hostnames.
This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.

Change-Id: I44411687f756968d00178d487af66c2393e6bde0
2018-03-21 09:39:55 -05:00
Tin Lam
d23a77105b Polish TLS patch set
This patch set performs non-critical polish fix to [0].

[0] https://review.openstack.org/#/c/552171/

Change-Id: I5bbb64d5af65782665fd659886e55e25bac61452
Signed-off-by: Tin Lam <tin@irrational.io>
2018-03-19 16:33:53 +00:00
Sean Eagan
85587f2f56 Use v0.3.0 of kubernetes-entrypoint
This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.

Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8
2018-03-19 10:35:36 -05:00
Tin Lam
90b6aa9d78 Add tls support for ldap
This patch set adds TLS support for keystone LDAP.

External-tracking: OSH#555

Change-Id: Ice32a31a712b8534a5d1a8f90a8a203710bdb9a9
Signed-off-by: Tin Lam <tin@irrational.io>
2018-03-16 16:47:41 -05:00
Zuul
32a468178b Merge "Ingress controller service: consolidate to helm-toolkit" 2018-03-14 02:14:22 +00:00
Pete Birley
507600e898 Ingress controller service: consolidate to helm-toolkit
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.

Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
2018-03-12 13:48:39 +00:00
Zuul
4f0aeb619d Merge "DB-Drop-Jobs: consolidate to helm-toolkit" 2018-03-10 20:10:23 +00:00
Pete Birley
6e4bcebcf5 DB-Drop-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Drop Job to helm-toolkit.

Change-Id: Ia2b035d730bf612086a9fd9b5d14aba494f56dc7
2018-03-09 14:25:15 +00:00
Pete Birley
02767f6d76 Reduce the number of workers spawned by services
This PS reduces the number of processes spawned by services, as
with Kubernetes load distribution can be better managed by a larger
number of single threaded pods (up to a certain point) and doing so
also provides both increased avilibility, leading to smoother rolling
updates. In addtion when running single replicas resource consuption
is reduced.

Change-Id: Ifb7494a0804913d843a072e10d26c6ec53c3bd16
2018-03-09 06:39:02 +00:00
Hemanth Nakkina
8c9ac9f5df Remove Api version constraint for CronJob
Cronjob resource is deprecated in batch/v2alpha1 from
k8s 1.8 and batch/v1beta1 is enabled by default. All the
CronJobs are already using batch/v1beta1 but there is condition
to check if api version have batch/v2alpha1.

Remove the api version constraint on batch/v2alpha1

Partial-Bug: #1753524
Change-Id: I7eeb7d6cc2630311ec5d613b9e059824daae0620
2018-03-06 08:46:22 +05:30
Pete Birley
ff0372be4f Keystone: use endpoints section and lookups to set port
This PS moves keystone to use the endpoints section and lookups to
set the port it serves on.

Change-Id: I52c130ded9e76f9e74fce6e5b33d3950262dd7ad
2018-03-03 17:54:15 +00:00
Renis
1ecc905b65 Rabbitmq Credential Management
- This PS implements job to create new user
for each chart

Change-Id: I7335ba4ad4bc9f70871100dbd9e6f030049abe07
2018-02-26 17:44:44 -08:00
Pete Birley
f57972b5b6 dependencies: move static dependencies under a 'static' key
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.

Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
2018-02-23 12:31:15 -08:00
Pete Birley
49aacc2030 Ingress rules: consolidate to helm-toolkit
This PS consolidates ingress rules to helm-toolkit.

Change-Id: I38a4de939e1ec65fed1630a53787d363f2ec78f6
2018-02-21 10:21:16 -08:00
Chris Wedgwood
6b844382ad yaml cleanup: trim multiline strings
Change-Id: Ice615c1d252651793dfa09b8e85a5b4228d68737
2018-02-20 16:39:52 +00:00
portdirect
c7e2eb9e25 Bootstrap jobs: move template to helm toolkit
This PS moves the templates for bootstrap jobs to helm-toolkit.

Change-Id: I0fc0f7722cfc87b00e26510dee7ba79d2139a171
2018-02-19 22:53:34 -05:00
Pete Birley
b311f86193 Node Labels: update nodelabels to allow targeting of pods to nodes
This PS updates the node labels to allow pods to be targeted to nodes
on a per type basis.

Change-Id: I45d5383d04fcd1d98740a18d86c1cfc2cb8ec409
2018-02-19 11:51:09 -05:00
portdirect
eb943b63fb DB-Sync-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Sync Job to helm-toolkit.

Change-Id: I54d53468a437f6cacf6943ed3dec27089bf5f482
2018-02-18 21:08:24 -06:00
Zuul
e6ca5a4fef Merge "Keystone: break domain management out of generic bootstrap" 2018-02-18 05:44:34 +00:00
portdirect
897edb3202 DB-Init-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Init Job to helm-toolkit.

Change-Id: Ib92743d678de09a6fb4457e5415a098013952410
2018-02-17 22:47:58 +00:00
portdirect
cf34a995ac Keystone: break domain management out of generic bootstrap
This PS breaks domain management out of the generic bootstrap
job.

Change-Id: I9d26b58cffee0cd13f75113b2dbdf4eac16a6cf7
2018-02-17 20:01:07 +00:00
portdirect
2cb634789d Images: Move default to LOCI and Kolla newton gate
This PS moves the default image in OSH for most services to use LOCI
and also provides a Kolla gate for newton openstack.

Change-Id: Ice6cb9f89bc3ce6e8280e580d215aedda9e71904
2018-02-16 17:06:15 -05:00
portdirect
323267e256 CronJobs: Allow cronjob history to be controlled
This PS allows the number of jobs stored for cronjobs to be controlled.

Change-Id: I0187f566c4e4302f34aabb704696748756102d94
2018-02-08 13:14:09 -05:00
portdirect
4746de33f4 Helm-Test: remove user and tenant creation from test context
This PS removes the user managemnt from the rally driven helm tests
which allows LDAP and other read only sources being used to validate
service functionality, in addition to reducing false -ve results in
the Zuul gates.

Change-Id: I1cc0e99bf74d578648b3cd40eaf60c1804044d88
2018-01-29 02:40:22 +00:00
Tin Lam
9173fc7f75 Add domain specific driver support
This patch set allows for domain specific driver (ldap and sql)
for keystone.

Change-Id: Iad8e07fdfdb0e4abc96a7e8100467959ed275dfb
2018-01-23 18:10:19 -06:00
Zuul
e1e60244d2 Merge "Keystone: Move rally tests to values.yaml" 2018-01-16 17:57:20 +00:00
portdirect
b180d28618 Auth: Update credential keys to reference service specifically
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.

Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
2018-01-15 18:54:13 +00:00
portdirect
c25193a549 Keystone: Move rally tests to values.yaml
This PS moves the rally tests to the values.yaml allowing
them to be driven by operators.

Change-Id: I3d65da011e39362db24c170a37cbffe71a63c20c
2018-01-15 14:43:48 +00:00
portdirect
e446e5eceb Ingress: Update image and add UDP/TCP proxying support
This PS updates the image used in the ingress controller and
adds UDP/TCP proxying. In addition the chart has been given
a spring clean to better match other OSH charts.

Change-Id: Ib892b82c4657c42e7531a2ce81746398e7bd4df5
2018-01-11 18:33:42 -05:00
portdirect
f73200e4d1 readiness: test apache APIs provide http response to request
This PS updates the readiness probes to test for an http response
to requests.

Change-Id: If102b4f247cc8524ceb02e6b2d22cd854a8fb9d2
2018-01-07 02:15:10 +00:00
Zuul
5d91148986 Merge "Oslo-messaging: remove unused admin credentials from values.yaml" 2018-01-06 18:49:55 +00:00
portdirect
4b9c2c7922 Oslo-messaging: remove unused admin credentials from values.yaml
This PS remove the admin credentials from the values.yaml, which
have never been leveraged.

Change-Id: Ifb1cdefd1c52b8a2a2fb3a627393d305823e74ec
2018-01-05 10:22:53 -05:00
portdirect
5a2f71ebdf Ingress: Allow annotations to be dyanmicly driven
This PS allows the ingress rules to be dynamicly driven from the
values.yaml, permitting the ingress cotnroller to ba changed and
custom rules to be applied: eg whitelisting of clients.

Change-Id: Ica6b4692ff9b6b77d1efe6bae212a1227e56ca66
2018-01-05 00:29:05 -05:00
portdirect
9944b0d84f RBAC: add rules to all remaing helm test pods
This PS adds RBAC rules for all remaining helm test pods
in OpenStack-Helm.

Change-Id: Ib44d5fdc8c147f2cbecec51cc4767116f3adb6b2
2017-12-29 14:09:43 -05:00
portdirect
fa2620d54b RBAC for OSH
This PS applys RBAC rules to OSH, based off the work
done in https://review.openstack.org/#/c/526464/

Change-Id: I541b0ac1a3972566ef2b66571ae32744dab70c17
2017-12-26 10:24:19 -05:00
Steve Wilkerson
5bc7ded909 Update names of helm test pods for openstack services
This updates the names of the helm test pods to give all services
in OSH-infra/OSH a uniform '{{ .Release.Name }}-test' name, which
allows for easier gathering of test results across all deployed
services

Change-Id: I24df7a18d32b99d1ffaad19647ef724316e2fe20
2017-12-14 14:03:12 +00:00
portdirect
a4fa122e43 Images: Keystone service specific explicit image names
This PS makes the service-specific images for Keystone have
explicit names, allowing simple over-riding of images for an
entire site.

Change-Id: I0b50d07fc0c2e00ab7803dd4c986c8a26e25ea49
2017-11-28 23:24:55 -05:00
Hyunsun Moon
0808cf5198 Add option to set external policy to local for openstack services
External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.

Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
2017-11-02 15:07:21 +09:00
intlabs
fe6107cf76 Images: Update values to allow simple parse of images being used
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.

Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
2017-10-23 10:05:20 -05:00
Jenkins
a19dba192a Merge "Logging: Direct transfer and custom logs for apache to stdout" 2017-10-12 19:55:29 +00:00
Steve Wilkerson
ea14357eeb Logging: Direct transfer and custom logs for apache to stdout
Directs transferlogs in apache to stdout to align with the other
services in openstack-helm

Change-Id: If9e203ee19e125b390e10c0ee18f39e8df43b7db
2017-10-11 03:21:07 +00:00