This change adds the keystonemiddleware audit paste filter[0]
and enables it for the ceilometer-api service. This provides
the ability to audit API requests for ceilometer.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I9d49769bc04f9623ecf5ba4276665dc3b5bebd07
With this patch we allow for a more easy way of overriding some
of the values that may be used in other distros while maintainting
the default values if those values are not overriden.
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir:
binary:
start_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* start_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set to what
they used to be as to not disrupt existing deployments.
Change-Id: Ibb7e3bec0f6561bccc6a1aea907a2f3e4e1bfb73
If user wants to add an extra volumeMounts/volume to a pod,
amd uses override values e.g. like this
pod:
mounts:
nova_placement:
init_container: null
nova_placement:
volumeMounts:
- name: nova-etc
...
helm template parser complains with
Warning: The destination item 'nova_placement' is a table and ignoring the source 'nova_placement' as it has a non-table value of: <nil>
So when we create empty values for such keys in values.yaml, the source
will be present and warning does not need to be shown.
Change-Id: Ib8dc53c3a54e12014025de8fafe16fbe9721c0da
Currently, ceilometer is not listening to the notifications which
sent from the openstack services as the messaging_urls isn't configured
properly. The commit updates the messaging_urls with the correct type
and the default value.
The configuration for the cache server is also added. With the cache
server configured, ceilometer will not update the resource metadata
through gnocchi client if the resource is not changed.
Change-Id: I77e5acf3da31e211c444032f26d7625e51d8b0a9
Story: 2005019
Task: 29746
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit adds the ability to deploy a polling process with ipmi
functionality to pull ipmi samples.
Story: 2005019
Task: 29819
Signed-off-by: Angie Wang <angie.wang@windriver.com>
Change-Id: Ib61d65f9ab815faa0d750422ffb0e36406dd3ccd
This commit adds two missing definition files which are
meters.yaml and polling.yaml.
meters.yaml is the meter definition file that used for
ceilometer notification agent to convert meters.
polling.yaml is the polling definition file that used for
ceilometer polling agents to pull meters.
Change-Id: I6b9b7543aa1a77661d6a86166af59fde85085513
Story: 2005019
Task: 29811
Signed-off-by: Angie Wang <angie.wang@windriver.com>
Upgrade the default images from newton to ocata and update
the following configuration files to align with ocata.
event_definitions.yaml
pipeline.yaml
policy.json
api_paste.ini
Story: 2005019
Task: 29773
Change-Id: Ib0ba502215aa0fe959606f15dacf39e2cdd06fe6
Signed-off-by: Angie Wang <angie.wang@windriver.com>
The current ceilometer upgrade command "ceilometer-dbsync" was
deprecated since newton and was removed since ocata. The commit
updates to use the replaced command.
Story: 2005019
Task: 29727
Change-Id: I06afb2cc99726991d6941aabb039379dc78c5d66
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This adds the release-uuid annotation to the pod spec for all
replication controller templates in the openstack-helm charts
Change-Id: I0159f2741c27277fd173208e7169ff657bb33e57
Since rally 1.0, rally has been a platform for testing, and rally for
openstack has been separated by rally-openstack. The current version
of rally in openstack-helm is version 0.8 which corresponds to ocata.
This patch tests with the latest version of rally-openstack, version
1.3.0, and removes scenarios that are no longer in use.
Change-Id: I380a976c0f48c4af0796c9d866fc8787025ce548
This patch set updates the gate to by default uses network policy
for all components and enforces them in Openstack-helm.
Change-Id: I70c90b5808075797f02670f21481a4f968205325
Depends-On: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Depends-On: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Change-Id: I324680f10263c1aefca2be9056e70d0ff22fcaf0
Signed-off-by: Pete Birley <pete@port.direct>
This PS udpates the keystone endpoint definition to point to the
correct host for the admin endpoint when looked up using endpoint
functions from helm-toolkit.
Change-Id: Ic6b82a002cca92e37d21f594bad5f00758f1ea7a
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves ceilometer inline with other charts, and drives all config
directly from the charts values.yaml.
Change-Id: I475302c8be97364e32286b642629e400590ae5f0
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the keystoen chart to stop running the keystone api
as the root user.
Change-Id: If3042210f761476846da02fc8e648c700267a591
Signed-off-by: Pete Birley <pete@port.direct>
This PS disables the v2 keystone API, and finishes the migration to
full v3 support.
Change-Id: I3021ebe0bee668db9f28e7fb18e2d4b26172f209
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use port 80 by default for the keystone
asdmin endpoint, and adjusts paths accordingly.
Change-Id: Iccae704dadc17eba269e857301654782f64763c9
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use a service domain for openstack service accounts
and users.
Change-Id: Ibe7c5f83a9fc9960fb85e53f9745d24f2192a94a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates keystone, and the keystone endpoints sections to use
the same layout for port declarations as other charts.
Change-Id: I7dddabee6c74bf023da4b1cdf722a409e7475f8f
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the use of the `quote and truncate` approach to
suppress output from gotpl actions in templates and replaces it
with the recommended practice of defining `$_` instead.
Change-Id: I5f35c5f7e70b4f7f461d772e3b72ed1c695c56a8
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the current ga version for kubernetes daemonsets,
additionally any remaining deployments that were using the
`extensions/v1beta1` have been updated to `apps/v1`.
Story: 2002205
Task: 21735
Depends-On: If9703162dc472af1e6096bf2b9062802fd5ce8ab
Change-Id: Iba4e3d2798c54639e077b80999e669c79b616c6f
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the current ga version for kubernetes deployments.
Story: 2002205
Task: 21735
Depends-On: Icb4e7aa2392da6867427a58926be2da6f424bd56
Change-Id: I062a8a29dff70427ee9bcf09f595011b3611b0b1
Signed-off-by: Pete Birley <pete@port.direct>
When removing helm-toolkit from OSH and swithcing to use the
toolkit from OSH-Infra, the image declaration function was missed.
Depends-On: I2f2012590d81ffcb159d49d8a76eedd4441744cd
Change-Id: I0f1118bb748f3fe1b6bb73acfc00e77c5cca9c7d
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
This PS updates various aspects of the ceilomter and mongodb charts
to bring them closer to operational.
Change-Id: If72f107297298aa7d02d17236404c9e86cd50ba5
This patch set tidies up the existing charts. Fixes include:
* add release_group key in yaml
* fix indentation inconsistency issue
* clean up the ldap chart's value.yaml to be consistent with mariaDB
Change-Id: Ibd9d86603ebc6c6c31c596dc0af523eb71c083d0
Signed-off-by: Tin Lam <tin@irrational.io>
Move to v0.3.1 of kubernetes-entrypoint which has 2
breaking changes to pod dependencies, and also adds support for
depending on jobs via labels.
Change-Id: I49d2cea11fbe5c5919ae22a020b877ebbb285992
This PS adds vhost management to rabbitmq jobs. It also prevents
sensitive information being displayed in the management job, and
removes the 'administrator' tag from service users.
Change-Id: Id337f763c5e4776bce7269676a8a2dc54dc2e5f8
This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.
Change-Id: I44411687f756968d00178d487af66c2393e6bde0
This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.
Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.
Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.
Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
