Adding this parameter to Cinder, Heat, Glance,and Neutron
config. Adding this parameter allows proper handling to resource
links in response using API services behind https proxy.
Change-Id: Ib99a16b6252b15d9f138417485731ec401cb8f81
the defaults in Python [0] and oslo.log [1] are such that when using
separate config file for logging configuration (log-config-append)
the log fomat of dates containes miliseconds twice (as in sec,ms.ms)
which is exactly what is currently seen in logs of OpenStack services
deployed by openstack-helm.
When not provided with datefmt log formatter option, Python effectively
uses '%Y-%m-%d %H:%M:%S,%f' [0] as a default time formatting string to
render `%(asctime)s`, but the defaults in oslo.log add another `.%f`
to it [1].
Since `log-date-format` oslo.log option has no effect when using
log-config-append, we need to explicitly set date format to avoid double
miliseconds rendering in date of log entries.
[0] 6ee41793d2/Lib/logging/__init__.py (L427-L428)
[1] http://git.openstack.org/cgit/openstack/oslo.log/tree/oslo_log/_options.py?id=7c5f8362b26313217b6c248e77be3dc8e2ef74a5#n148
Change-Id: I47aa7ce96770d94b905b56d6fe4abad428f01047
cinder volume can be created with glance image.
but network policy of glance didn't allow for cinder.
so it should be added cinder podSelector on glance network policy.
ex. openstack volume create --image XXX --size 1 valume-name
Change-Id: Ia41961e16e2583ab571ed8a851a2ee2d14aa71c5
Signed-off-by: Hyunkook Cho <hk0713.cho@samsung.com>
Since rally 1.0, rally has been a platform for testing, and rally for
openstack has been separated by rally-openstack. The current version
of rally in openstack-helm is version 0.8 which corresponds to ocata.
This patch tests with the latest version of rally-openstack, version
1.3.0, and removes scenarios that are no longer in use.
Change-Id: I380a976c0f48c4af0796c9d866fc8787025ce548
This PS is enable the Egress policies
and enforces them in Openstack-helm.
Depends-On: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
Change-Id: I6ef3cd157749fd562acb2f89ad44e63be4f7e975
This patch set updates the gate to by default uses network policy
for all components and enforces them in Openstack-helm.
Change-Id: I70c90b5808075797f02670f21481a4f968205325
Depends-On: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set moves the default deployment to ocata from newton.
Newton zuul job is now moved into its separate job.
Change-Id: Ic534c8ee02179f23c7855d93a4707e5a2fd77354
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the glance chart to disable the service for the
glance registry by default, as we disable the other glance
registry templates by default. This updates the gates to enable
the service when newton is deployed
Change-Id: I453d28d9c552754b66e94d9da2e2b9ea6549a5aa
This is make ceph configmap and admin keyring secret names using
in storage init scripts to be read from chart values as we may
have two ceph clusters gets activated in one namespace and
each ceph clsuter will have its own configmap and admin secret names.
Change-Id: I84d94f3ac21e602c50619e456ff327ae1da53622
This PS udpates the keystone endpoint definition to point to the
correct host for the admin endpoint when looked up using endpoint
functions from helm-toolkit.
Change-Id: Ic6b82a002cca92e37d21f594bad5f00758f1ea7a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the logging config to pass null as a string though to
the rendering engine, which is required to avoid things like `<no value>`
when base64 encoding output.
Change-Id: I04d6afbc693ec1adf560c7be15704c8b7434c08f
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the keystoen chart to stop running the keystone api
as the root user.
Change-Id: If3042210f761476846da02fc8e648c700267a591
Signed-off-by: Pete Birley <pete@port.direct>
This PS disables the v2 keystone API, and finishes the migration to
full v3 support.
Change-Id: I3021ebe0bee668db9f28e7fb18e2d4b26172f209
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use port 80 by default for the keystone
asdmin endpoint, and adjusts paths accordingly.
Change-Id: Iccae704dadc17eba269e857301654782f64763c9
Signed-off-by: Pete Birley <pete@port.direct>
This PS disables the depreciated glance V1 API and registry
by default. For newton gates the registry is enabled, as newton
heat still used it.
Change-Id: Ia6bd4382750bde1b0a0e4db174d2de11626a1826
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the double logging of openstack components that
were caused by outputting to both stdout and stderr.
Change-Id: I6e0ae5861bbf5b8d736ae08251aa865e1c4ce0d8
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use a service domain for openstack service accounts
and users.
Change-Id: Ibe7c5f83a9fc9960fb85e53f9745d24f2192a94a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates keystone, and the keystone endpoints sections to use
the same layout for port declarations as other charts.
Change-Id: I7dddabee6c74bf023da4b1cdf722a409e7475f8f
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the swift backend for glance by default, which
in the case of OSH is currently served by keystone auth'd radosgw.
This change moves the chart to be inline with the current gates, and
deployments - which have been using swift by default for some time.
Change-Id: Ia9c954ae2bd833e7f449bfdf7c51f8df5c78ba57
Signed-off-by: Pete Birley <pete@port.direct>
This introduces a mechanism for generating the logging.conf
file for the openstack services via the values. This allows us to
define loggers, handlers, and formatters for the services and the
modules they're composed of.
This also allows us to take advantage of the oslo fluent handler
and formatter. The fluent handler and formatter give us the
following benefits: sending logs directly to fluentd instead of
routed to stdout/stderr and then through fluentbit to fluentd,
project specific tags on the logged events (enables us to define
more robust filters in fluentd for aggregation if required),
full traceback support, and additional metadata (modules that
created logged event, etc)
Depends-On: https://review.openstack.org/577796
Change-Id: I63340ce6b03191d93a74d9ac6947f0b49b8a1a39
This PS adds support for TLS on over-ridden fqdn's for public
endpoints for core OpenStack Services. Currently this implementation
is limited, in that it does not provide support for dynamicly loading
CAs into the containers, or specifying them manually via configuration.
As a result only well known or CA's added manually to containers will
be recognised.
Change-Id: I8f1b699af29cbed2d83ad91bb6840dccce8c5146
Depends-On: I535f38a8d92c01280d79926a1f0acd06984aabbf
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ceph chart to use the ingress controller for
the radosgw.
Change-Id: Ie0ff4d9dd91d8228170e0ed4f2793599132077a7
Signed-off-by: Pete Birley <pete@port.direct>
This adds the rgwadmin python package to the ceph config helper
image, allowing it to be used for creating s3 buckets for radosgw
to be used with elasticsearch
Change-Id: I2c633a4715ef1fdccd833cc8eeaefddbecb0cec4
This PS updates the cephs config to deploy radosgw with greater
swift compatibility. Allowing clients to use RGW as though it
were a real swift deployment.
Change-Id: Id0a27b42b7f9c0c9e4b5a197ef50feb612e6adfc
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
Move to v0.3.1 of kubernetes-entrypoint which has 2
breaking changes to pod dependencies, and also adds support for
depending on jobs via labels.
Change-Id: I49d2cea11fbe5c5919ae22a020b877ebbb285992
This PS adds vhost management to rabbitmq jobs. It also prevents
sensitive information being displayed in the management job, and
removes the 'administrator' tag from service users.
Change-Id: Id337f763c5e4776bce7269676a8a2dc54dc2e5f8
This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.
Change-Id: Ida5d9e312cc18cb50f5805a59f9fc4fef1a98658
This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.
Change-Id: I44411687f756968d00178d487af66c2393e6bde0
This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.
Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8
without this the api starts up in a non-working state, the bootstrap
job then runs and give is images which are stuck queued
Change-Id: Ie3e03620618b1c46882c05b3a5ef8745c78af6a3
This PS reduces the number of processes spawned by services, as
with Kubernetes load distribution can be better managed by a larger
number of single threaded pods (up to a certain point) and doing so
also provides both increased avilibility, leading to smoother rolling
updates. In addtion when running single replicas resource consuption
is reduced.
Change-Id: Ifb7494a0804913d843a072e10d26c6ec53c3bd16
This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.
Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
