- Make the default to run the postgres database as the uid 999 which
the default image maps to the 'postgres' user
- If the database is already initialized, before starting postgres
set the 'postgres' database user password to match the declared
intended password
Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
This is to resolve name conflicts of reources in case of multiple
releases required for single deployment of ceph cluster
Change-Id: Ibee5550db788ea57879837b010e22a24240237bf
This updates the logging format and configuration for the apache
reverse proxies used for elasticsearch, kibana, nagios and
prometheus to enable logging of the remote clients used to access
these services
Change-Id: Id07e4294ea18203fbb890b78424a232c2d59cb82
This PS adds support for PostgreSQL DB initialization ie,
- DB creation
- user creation
- Setting password
- The password is being re-set everytime using "ALTER USER" to
enable password rotation to take effect.
- Grant privileges
Change-Id: I4f14ce44d7c6802d0b78ae6f64099b3707a48b33
The current gnocchi chart doesn't purge the resources/metrics for
the deleted openstack resources. This commit adds a cron job to
periodically purge the deleted resources data from gnocchi database.
By default, cron job runs daily and purges the deleted resources with
its associcated metrics which have lived more that 1 day.
Change-Id: Id45b92b91bb7668b35c3b5a7379283de51a1256a
Story: 2005016
Task: 29494
Signed-off-by: Angie Wang <angie.wang@windriver.com>
In templates/utils/_daemonset_overrides.tpl,
$context.Values.__daemonset_yaml is used cross the loop. It is not deep
copied in each round of loop. It means that the property set in the
previous round of loop will still exist in current loop. This is not
expected.
This patch is to make a deep copy in each round of loop.
Change-Id: I4e610e4acf67d92257f9d254546ec0b5b31609fe
Currently there is a bug in the beast code that makes it fail
during the initial lookup for a keystone user map. For the time
being we will continue to use civetweb when keystone is present
until this issue is resolved.
Change-Id: I56bcd77f38adb3763d35f46443c1403816d1dcea
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run
Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
This updates daemonsets and deployments from extensions/v1beta1 to
apps/v1. These templates were either missed or overlooked when
added, and this change brings them up to the same api version used
for all other daemonsets and deployments
Change-Id: I6d2aba7791ad5eabd23785c01aed01d4f8e53d39
There is no "make {package}" line in 030-ceph.sh file.
It causes a failure to execute the shell script.
Change-Id: If787abd7711a02313b6a2acae8a888b5609f27df
This PS updates the pod security context snippet to support
a more sane values layout.
Change-Id: Id25441802a23e2dd00ad656cec2428432359dbe5
Signed-off-by: Pete Birley <pete@port.direct>
DELETECOLLECTION for some things like namespaces can be very slow. As
it's not critical it should be safe to ignore it.
Change-Id: I513b2af45b703a73d20a98a7a770776632ae4b39
This adds the required services to the openstack-support job to
deploy ceph radosgateway with keystone auth enabled. This expands
coverage for radosgateway helm tests in the openstack-helm-infra
repository
Change-Id: I3a5505ad3d3400563694ef063b4e6777ba34c414
This PS increases the feedback give by the rabbitmq test pod
Change-Id: If8aa713017eccaf100c6186cd569a6a0f4b021e9
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.
Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the k8s prod security context example.
Change-Id: I1b1d6875dda852bebb428708d4acf9c460360510
Signed-off-by: Pete Birley <pete@port.direct>
This updates the kubernetes version used when deploying via
kubeadm to v1.12.2, which matches what is deployed via minikube
for the single node jobs
This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely
Change-Id: I26573de35529ce44e91e6d4d4530f608b8cee476
This updates the network policy test that gets executed at the
conclusion of the network-policy job. As long as nsenter is used,
we need to account for situations where nsenter executing wget
fails due to invalid credentials. Since this validates the policy
successfully allows ingress traffic while still exiting with an
error code (6 for invalid credentials vs 4 for connection
timeouts), we should consider those scenarios successes.
This also updates the flags used for wget. Instead of using spider
mode, this enables flags for: recursive mode, not creating
directories, and deleting results after execution. This allows for
the testing of exporter endpoint paths explicitly.
Change-Id: I2d51e8ed5a153c2a6796e0df9b3fe5f710a947f9
Image files could contain whitespace after carriage return and newline
characters; patch excludes "*.png" files from openstack-helm-lint job.
Change-Id: I6aef5f2f34637f018fd56a3bb8121d5829c600a2