The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This patch set adds in job to test the OpenStack train releases.
Depends-On: https://review.opendev.org/#/c/706456/
Change-Id: I89fef1264f68dab7e921a9e5503c29d6a051f342
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the default job to use OpenStack Stein release.
The previously default Ocata release will be place in separate job.
Change-Id: I489324f762a179a2cab5499a6d8e57e97c81297f
Signed-off-by: Tin Lam <tin@irrational.io>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
This is to achieve parity with OSH-infra patch in [0].
[0] https://review.opendev.org/#/c/697749/
Depends-On: https://review.opendev.org/#/c/697749
Change-Id: I3ed504c65900e7b84728019f3acdf706a40c0427
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This patch set adds in the egress policy for core OpenStack Services.
Depends-On: https://review.opendev.org/#/c/679853/
Change-Id: I585ddabcbd640db784520c913af8eddecaee3843
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
This change updates the tests container image
to one which installs python3.
The selenium-test.py template file has been refactored
to match the structure of the selenium tests in
openstack-helm-infra/tools/gate/selenium
Change-Id: I568bea8d715ea28b8e750215d166ba1b04e4172d
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Added new X-Content-Type-Options: nosniff header to make sure the browser
does not try to detect a different Content-Type than what is actually
sent (can lead to XSS)
Added new Header and set X-Permitted-Cross-Domain-Policies: "none"
Change-Id: I6f89ffb44ad805039c4074889a7c15fbef6fc95e
Some configuration when enable will explicitly set headers, for this
to work the header module should be enabled.
Change-Id: If549d4c6924c990d1a48bca193935ed9a2ed6864
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
This PS adds checks for the Stein Release of OpenStack in Ubuntu Bionic
containers.
Depends-On: https://review.opendev.org/667726
Change-Id: Icfad3434ca496a841993b95adaf5d853728d920f
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for running the Rocky release of Openstack under
Python3 in Ubuntu Bionic containers.
Change-Id: I269cef9f8f157e22f6b857822df9a8960dac6ea8
Signed-off-by: Pete Birley <pete@port.direct>
The aim of the patch is to creating directory from ${APACHE_RUN_DIR}
variable for:
* aodh
* ceilometer
* horizon
* panko
If an image is built with python3 therefore libapache2-mod-wsgi-py3 module
has to be installed accordingly but the module doesn't create /var/run/apache2
directory which is APACHE_RUN_DIR in apache configuration file so apache can't
start without it due to the fact that the directory is used to make there pid,
run, etc files.
Change-Id: Id511a07fca3eec9b5e80f2f9413628ab4d42d61b
This PS adds checks for the Rocky Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: Ieed4a6a3afa6e3ebd9b2f72ba227aac891d65214
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Queens Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I0d4d427e43f06fa955dfd275859939d0adca113c
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds checks for the Pike Release of OpenStack in Ubuntu Xenial
containers.
Change-Id: I402584bbcdd53a4a6bc21f370586b3498142bf81
Signed-off-by: Pete Birley <pete@port.direct>
This adds a helm test for Horizon, the helm test
runs a selenium webdriver check to verify the dashboard
is up
Change-Id: I3616c05596b2bd94931c39fb774333bf65453d52
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Setting this to HTTP_X_FORWARDED_FOR will display the IP in
X-Forwarded-For header instead of REMOTE_ADDR. This is to display
client's IP.
Change-Id: Ifab508f2c3e39de69e3b1423b6aab57e333fc37e
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use, and updating the osh-images process or patching its
code has no impact on OSH.
This should fix it.
Change-Id: I672b8755bf9e182b15eff067479b662529a13477
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
There is currently no testing of the Leap 15 images in OSH.
This addresses it by:
- Using the values_overrides folder according to the multi-os
spec, creating value override files there for changes that
needs to happen on Leap 15 images.
- Point to the right images using the previously created folder,
to allow using those in CI easily.
- Change CI to use previously created overrides.
Depends-On: https://review.openstack.org/#/c/651501
Change-Id: I520d3676195c62b253a19397c86b0d0fbabee710
Currently there is no enabling of the heat dashboard if its
installed on the horizon image.
This patch add an extra conf var that allows several dashboards
to be added and will try to find and enable them on start
If the panel dirs dont exists, it will do nothing
This patch add the extra heat_dashboard and includes the existing
neutron_taas_dashboard into the new config
Change-Id: Ibcc4da166d907f3cb842bfc45d842a650361a2d8
log_level variable is added to Horizon configuration. This
will enable the overwriting of the log levels in a
customized manifest.
Change-Id: I15381add9ee1e880e73004131b329ac02972755b
Signed-off-by: Huang,Sophie <sh879n@att.com>
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.
The following values are introduced to be overriden:
conf:
software:
apache2:
conf_dir:
site_dir:
mods_dir:
binary:
start_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* start_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.
Change-Id: If0fb9ab03aacfcd7087e753698880505571d0233
Adding any dashboards shouldbe done before compiling and compressing
as they can enable additional files that need to be compiled and
compressed, so firs we should enabled them if needed and then
compile+compress
Change-Id: Ib2fb44f5829269aa974d467ea57d9add2b9e0141
Implement container security context for the following Horizon resources:
- Horizon server deployment
Change-Id: I8202cd011f4c4f73d778c5f0ad2648440e259e5d
As mentioned on the apache docs[0] having 2 overlapping
listen directories will cause the apache server to fail
with a fatal error. The seems like it was ignored on
earlier versions so we can use the version module to
change it based on the current apache version as to
not affect existing deployments
[0] https://httpd.apache.org/docs/2.4/es/bind.html
Change-Id: I8ce260e020375e93befa5e2e6df22eca0eaf9d07
If user wants to add an extra volumeMounts/volume to a pod,
amd uses override values e.g. like this
pod:
mounts:
nova_placement:
init_container: null
nova_placement:
volumeMounts:
- name: nova-etc
...
helm template parser complains with
Warning: The destination item 'nova_placement' is a table and ignoring the source 'nova_placement' as it has a non-table value of: <nil>
So when we create empty values for such keys in values.yaml, the source
will be present and warning does not need to be shown.
Change-Id: Ib8dc53c3a54e12014025de8fafe16fbe9721c0da
This adds the release-uuid annotation to the pod spec for all
replication controller templates in the openstack-helm charts
Change-Id: I0159f2741c27277fd173208e7169ff657bb33e57
Expose additional Horizon security params in accordance with the
OpenStack Security Guide [0]
- Check-Dashboard-03: Is DISALLOW_IFRAME_EMBED parameter set to True
- Check-Dashboard-07: Is PASSWORD_AUTOCOMPLETE set to False
[0] https://docs.openstack.org/security-guide/dashboard/checklist.html
Change-Id: I355ddbc9fb1dcd0a6100ee650afd54680ef9ffbd
