This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
removing readOnlyRootFilesystem flag since pods are running to
crashLoopBackOff state by implementing HTK functionality.
Change-Id: I221bdb54b1e94e4089fb079f161dcb4de4dd3571
This change creates a pre-delete hook to clean out all entries
in the credential table of the keystone database when the
keystone service is deleted. Note that these are not
the typical username/password.[0]
This fixes the issue of leftover credential blobs being saved
in the database that are unable to be decrypted since the
original encryption keys are removed upon deletion of the
keystone service
[0] https://specs.openstack.org/openstack/keystone-specs/specs/keystone/newton/credential-encryption.html
Change-Id: I8adf0878af2f3b880e9194a6cb8d97b58d6895a5
Currently a pxe-client has to contact with ironic-api through
it's internal endpoint during lookup() period.
However, the pxe-client cannot access kube-dns by ifself,
so it needs additional dns server. (or Using NodePort)
With additional dns server, it will be safer for pxe-client
to contact with ironic-api through it's public endpoint(passing by ingress)
rather than internal endpoint directly becuase internal pod's IPs would be changed frequently.
Also, I refered to {Values.conf.ironic.glance.swift_endpoint_url}.
(swift is also accessed by the pxe-client and swift_url's default is public endpoint)
Change-Id: I0ad97f3ed608973d7e5a4a11d87595fe258a0db5
Cinder raw cache feature requires internal tenant id be set in
/etc/cinder/cinder.conf, something like:
cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
This patch get or create if not exist intenal user id and project id, and then
set in cinder.conf
reference: Cinder cache feature:
https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
Story: 2004869
Task: 29121
Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
Add a configurable logging.conf to the tempest chart.
Sets the default level to WARN as it currently its on INFO and
that results into the log being full of rest_client calls, which
makes it difficult to read the log and the actual tests running
Change-Id: I9deb016a4feee482c01e79a4209c001968b8ea12
Currently there is no enabling of the heat dashboard if its
installed on the horizon image.
This patch add an extra conf var that allows several dashboards
to be added and will try to find and enable them on start
If the panel dirs dont exists, it will do nothing
This patch add the extra heat_dashboard and includes the existing
neutron_taas_dashboard into the new config
Change-Id: Ibcc4da166d907f3cb842bfc45d842a650361a2d8
This PS enables the use of simple logging options if desired.
Change-Id: I0278cefeaa46a39a893ba1fdc9f4c4b633a8866b
Signed-off-by: Pete Birley <pete@port.direct>
With this patch we allow for a more easy way of overriding some of
the values that may be used in other distros while maintainting the
default values if those values are not overriden
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir
binary:
extra_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files for apache vhosts
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* extra_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set
to what they used to be
Change-Id: I4fcfde78c5c8fa65956aeae55108ffa1f10e6972
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir:
binary:
start_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* start_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.
Change-Id: I7622325cf23e5afb26a5f5e887458fd58af2fab8
This adds the deployment of heat to the compute kit and apparmor
job in order to provide a simple mechanism for booting vms to
validate a functional cloud deployment
Change-Id: I1a0b0fd4fd708a045e82781cfe3990e23d2af581
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the panko-api service.
This provides the ability to audit API requests for panko.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I5c0e3c61317483d36fcb05ebff8b377941675c27
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the cinder-api and cinder-scheduler services.
This provides the ability to audit API requests for cinder.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: If81b88a4003bc4394ef4a378626cf5d6edb9c4ae
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the ceilometer-api service. This provides
the ability to audit API requests for ceilometer.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I9d49769bc04f9623ecf5ba4276665dc3b5bebd07
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the nova-api services.
This provides the ability to audit API requests for nova.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: Ic6df044d83f4dee581c9cc0405f61d926e45bcab
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the neutron-server service.
This provides the ability to audit API requests for neutron.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I86b4df1436ae59bc9a151c28337af7c06c83e45f
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the heat-api, heat-cfn, and heat-cloudwatch
services. This provides the ability to audit API requests
for heat.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: Ib5a7dfd882416553ff6f43aa009e3e67871d7f4c
log_level variable is added to Horizon configuration. This
will enable the overwriting of the log levels in a
customized manifest.
Change-Id: I15381add9ee1e880e73004131b329ac02972755b
Signed-off-by: Huang,Sophie <sh879n@att.com>
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the glance-api and glance-registry services.
This provides the ability to audit API requests for glance.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I3b42717dbc11257c21b27e7c68dedc3283e1bd34
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir:
binary:
start_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* start_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.
Change-Id: Ibb7e3bec0f6561bccc6a1aea907a2f3e4e1bfb73
Using {{- if for the volume mounts caused them to be added inline with
the previous line.
Removing the - from the if expression makes them be properly aligned on
the next line
Change-Id: Ia5e28366fb1f2ae7420b7f5217c10cbb94bc48ab
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
container.
- Map private and public keys to configmap-ssh which will default to
the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
Depends on helm-toolkit supporting multiple containers per daemonset
pod.
Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
we are using the None value for some of the values that should be filled
by the configmap-etc template but as that template checks for empty values
and None is not counted, we are filling the tempest.conf with the wrong
values for auth and others
Instead use the null value for those so they get properly filled by the
template system into the appropiate values
Change-Id: I30528b1944722e9ce2e227b1b4dacae7635167ec
