When using a chart with the flux operator and helm3, it fails
when encountering a volumeMount "subpath" instead of "subPath".
This change corrects the typo to the right camelcase entry.
Change-Id: Id2d9ea25445d84f89b299c7f0b24da1cc5aaf264
With OSH now publishing charts regularly with each change, there
needs to be a way to track these changes in order to track the
changes between chart versions.
This proposed change adds in a reno check job to publish notes
based from the changes to each chart by version as a way to
track and document all the changes that get made to OSH
and published to tarballs.o.o.
Change-Id: Iff8681c697957e4711754fc20b07fa6b728eb584
ClusterIssuer does not belong to a single namespace (unlike Issuer)
and can be referenced by Certificate resources from multiple different
namespaces. When internal TLS is added to multiple namespaces, same
ClusterIssuer can be used instead of one Issuer per namespace.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/766359
Change-Id: I6585d5a8c2ccb507a5c99784c0190502b55a5bcf
This patch set updates the Makefile to use a helm variable so it has
parity with OpenStack-Helm-Infra repository.
Change-Id: I6cdd599320103349d2fd2486670859a6ef970886
Signed-off-by: Tin Lam <tin@irrational.io>
This patchset added the necessary hostPath, hostIpc and
hostNetwork to enable the volume backup for iSCSI based
Cinder volumes.
Change-Id: Ief3cc723650a6c42e24dfd6159c0de6f81e56fce
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* neutron-lb-agent daemonset
* neutron-ovs-agent daemonset
* neutron-sriov-agent daemonset (unused mount removed)
* nova-compute daemeonset
Change-Id: I92f1700e56517a74b1fbcc8e3a68567045a593ee
This PS enables iscsi actions to work correctly in cinder
volume - enabling things like conversion of glance images
to cinder volumes (required for nova-boot-from-volume)
Change-Id: I63521ff9609ad89485a843bc0fbddb00e38dccc8
Signed-off-by: Pete Birley <pete@port.direct>
Add "enable_pwd_validator" variable to apply password
validator settings when enabled in horizon values.
Modify "PASSWORD_VALIDATOR" so as to enforce password
requirements i.e., password must be at least eight
characters in length and must include characters from
at least two of these groupings: alpha, numeric, and
special characters when "enable_pwd_validator" is enabled.
Change-Id: Ia866feb875490d0bb40e820c6c32ee2cb6aa4c29
IPC is used by the multipath processes, hostIPC should be set so
semaphore operations work between the nova-compute pod and the host.
Without this things like `multipath -f ...` stall until timeout.
Change-Id: Iaeb6dff2ae934eabf5faddf930ba2029c0698f90
This change adds a new makefile target to be utilized by the
chart publishing job, specifically one that is compatible with
helm 3. This should fix the publish job not posting
tarballs.
Depends-On: https://review.opendev.org/765634
Change-Id: I3551f691e6c3221b8afb201d8030be538424161b
Tox trying to install latest versions for building docs which may
not be supported by stable and lower branches, so should be
restricted by respective version's tox-constraints.txt
Change-Id: I92b67aa48834c00ad175a311744c36542692f292
Since metadata server is accessed via dhcp namespace, dhcp relies on
conf.OVS.datapath_type for [0] logic to disable checksum offloading
that is not supported with ovs-dpdk, making metadata server not available.
[0] https://opendev.org/openstack/neutron/src/branch/stable/train/neutron/agent/linux/interface.py#L444-L446
Change-Id: I382af9d9e83b39fd9a616351e7cd5a752a603e77
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
neutron-rpc-server container was removed and nginx container
was added here in this commit https://review.opendev.org/#/c/758919/4
Change-Id: Ie7b3a23ea8d7a5d3b1788bce1c1419fe1f627b75
This patch makes the fernet and credential secret something that gets
created only once when the deployment is first done, as when using Helm,
it's possible that it overrides it's values with an empty secret in the
runs afterwards.
By making it a hook, it will instead create it and leave an owner
reference in Helm 3 to delete it later if the release is deleted. It
will not manage it afterwards as well.
Change-Id: I7c1c97f38877e0e54bea7fc09b37dd6f77c9dc8a
Updated neutron to use an Nginx sidecar to terminate internal TLS rather
than using Apache with a separate RPC servers. Multiple RPC servers (in
sidecar) causes communication issues with RabbitMQ causing expected
errors.
Change-Id: Iaa6d3d64b730a54b1b85a338517bcb5be1842bda
Signed-off-by: Tin Lam <tin@irrational.io>
When starting the keystone-api pod, the service checks for a
access_rules file for application credentials during startup.
If the file does not exist, keystone emits a warning saying the
file is not found:
WARNING keystone.access_rules_config.backends.json [-] No config
file found for access rules, application credential access rules
will be unavailable.: FileNotFoundError: [Errno 2] No such file
or directory: '/etc/keystone/access_rules.json'
This change adds in a blank access_rules.json file to the
keystone etc directory in order to surpress this message.
Change-Id: I63ac153cc91ac45b3fd223f8a54b933b5cbffac4
Example override yaml file is added to indicate how to
override the manifest for configure an additional externally
managed Ceph Cinder backend.
In ceph.conf, either "mon_host" or "mon host" can be used for
the same parameter. In order not to force the user to use it one
way or the other, "mon_host" is removed from default setting.
Change-Id: I179567d77196ab2fb82d7a78e3a08efb966ed68c
Enable public endpoint for Heat Client for WaitCondition Functionality
by removing tls override for clients_heat section in heat.conf
Change-Id: I94e339a01e6dd4f82d4348805f02676190082a5d
When a placement service endpoint is changed, nova-compute does not
refresh its cache and continue send requests to the old one:
https://bugs.launchpad.net/charm-nova-compute/+bug/1826382
Also, in Train release, nova services expect placement user be present
in keystone in advance. Without the dependency, the pod starts crash looping.
Change-Id: I6b1a70ec859805794bac2689b04f7eca47ad61b3
This patch set fixes a small misspelling and spaces in docs.
Change-Id: I8d86c86ffa1766d533a79c9e98809f217d0c4eed
Signed-off-by: Tin Lam <tin@irrational.io>
Bring in option to be able to create and send service
tokens to prevent long-running job failures (default is OFF).
Change-Id: I5e5707001687e464386696b9c8d80ad8b2977e97
