1250 Commits

Author SHA1 Message Date
Zuul
c8fcdeaddf Merge "Deep copy daemonset_yaml cross loop" 2019-03-06 03:50:09 +00:00
Zuul
15ff3d6ae9 Merge "(postgresql) set db admin password at startup" 2019-03-06 03:42:37 +00:00
Scott Hussey
4a505e213c (postgresql) set db admin password at startup
- Make the default to run the postgres database as the uid 999 which
  the default image maps to the 'postgres' user

- If the database is already initialized, before starting postgres
  set the 'postgres' database user password to match the declared
  intended password

Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
2019-03-05 18:38:41 +00:00
Chinasubbareddy Mallavarapu
47d429059c [ceph-osd] resolve name conflicts by appending release name
This is to resolve name conflicts of reources in case of multiple
releases required for single deployment of ceph cluster

Change-Id: Ibee5550db788ea57879837b010e22a24240237bf
2019-03-04 22:39:03 -06:00
Zuul
2eb745d53a Merge "Update irc meeting channel" 2019-03-04 17:17:14 +00:00
Zuul
14713b54e7 Merge "Add support for PostgreSQL DB Initialization" 2019-03-04 17:11:43 +00:00
Zuul
0f176e2455 Merge "Add default-docker (enforce) AppArmor profile to Elasticsearch" 2019-02-28 20:42:46 +00:00
Zuul
a367bacb4b Merge "readOnlyFilesystem: true for memcached chart" 2019-02-27 19:15:01 +00:00
Zuul
c14e4084c3 Merge "readOnlyFilesystem: true for rabbitmq chart" 2019-02-27 19:15:00 +00:00
Zuul
7e26ed1b20 Merge "readOnlyFilesystem: true for ingress chart" 2019-02-27 19:09:30 +00:00
chengli3
f7b8826799 Update irc meeting channel
Update irc meeting channel to #openstack-meeting-4

Change-Id: Icc4b5793ca7fcadd848fa1e7afdda01ba064a92c
2019-02-27 15:02:06 +08:00
Zuul
a88fae1fbb Merge "Update logging format and config for apache reverse proxies" 2019-02-27 01:33:35 +00:00
Rahul Khiyani
25a86df489 readOnlyFilesystem: true for rabbitmq chart
Fix for adding readOnlyFilesystem flag at pod level

Change-Id: I30ef83f1e381d24f40bfc92a1e740746135eceab
2019-02-27 00:24:19 +00:00
Rahul Khiyani
475647036a readOnlyFilesystem: true for memcached chart
Fix for adding readOnlyFilesystem flag at pod
level

Change-Id: I57b77eca9c1091bd080279e1fa808c8b0c67c5c7
2019-02-27 00:24:14 +00:00
Zuul
6ea80fa151 Merge "Create Helm test for redis chart" 2019-02-26 15:57:43 +00:00
Rahul Khiyani
9a34331bcf readOnlyFilesystem: true for ingress chart
Fix for adding readOnlyFilesystem flag at pod level

Change-Id: Icc8fa3aae2d80e1038d7335af9a0a51885f9dad8
2019-02-26 09:21:57 -05:00
Steve Wilkerson
4c0fd492ee Update logging format and config for apache reverse proxies
This updates the logging format and configuration for the apache
reverse proxies used for elasticsearch, kibana, nagios and
prometheus to enable logging of the remote clients used to access
these services

Change-Id: Id07e4294ea18203fbb890b78424a232c2d59cb82
2019-02-25 09:21:41 -06:00
Nishant Kumar
7f21b85128 Add support for PostgreSQL DB Initialization
This PS adds support for PostgreSQL DB initialization ie,

  - DB creation
  - user creation
  - Setting password
    - The password is being re-set everytime using "ALTER USER" to
      enable password rotation to take effect.
  - Grant privileges

Change-Id: I4f14ce44d7c6802d0b78ae6f64099b3707a48b33
2019-02-25 15:10:20 +00:00
Angie Wang
a5aeab344b Add cron job for Gnocchi to purge deleted resources
The current gnocchi chart doesn't purge the resources/metrics for
the deleted openstack resources. This commit adds a cron job to
periodically purge the deleted resources data from gnocchi database.
By default, cron job runs daily and purges the deleted resources with
its associcated metrics which have lived more that 1 day.

Change-Id: Id45b92b91bb7668b35c3b5a7379283de51a1256a
Story: 2005016
Task: 29494
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2019-02-25 04:54:44 +00:00
Zuul
7578ba5a4b Merge "Remove set -x from exporter scripts and htk s3 user script" 2019-02-23 03:05:31 +00:00
chengli3
2df03d3a32 Deep copy daemonset_yaml cross loop
In templates/utils/_daemonset_overrides.tpl,
$context.Values.__daemonset_yaml is used cross the loop. It is not deep
copied in each round of loop. It means that the property set in the
previous round of loop will still exist in current loop. This is not
expected.
This patch is to make a deep copy in each round of loop.

Change-Id: I4e610e4acf67d92257f9d254546ec0b5b31609fe
2019-02-22 19:45:14 +08:00
Zuul
6b8f0065cb Merge "Fix for absent link packages in ceph deployment shell" 2019-02-22 03:04:27 +00:00
Zuul
b8b72d7e16 Merge "[CEPH] Use civetweb by default for RGW with keystone" 2019-02-21 14:16:22 +00:00
Matthew Heler
aad0394963 [CEPH] Use civetweb by default for RGW with keystone
Currently there is a bug in the beast code that makes it fail
during the initial lookup for a keystone user map. For the time
being we will continue to use civetweb when keystone is present
until this issue is resolved.

Change-Id: I56bcd77f38adb3763d35f46443c1403816d1dcea
2019-02-20 20:10:21 -06:00
Steve Wilkerson
70e5769900 Remove set -x from exporter scripts and htk s3 user script
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run

Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
2019-02-19 14:42:17 -06:00
Steve Wilkerson
7387ecd71c Updated missed daemonsets and deployments to apps/v1
This updates daemonsets and deployments from extensions/v1beta1 to
apps/v1.  These templates were either missed or overlooked when
added, and this change brings them up to the same api version used
for all other daemonsets and deployments

Change-Id: I6d2aba7791ad5eabd23785c01aed01d4f8e53d39
2019-02-19 08:19:45 -06:00
John Haan
b7a96ca8c9 Fix for absent link packages in ceph deployment shell
There is no "make {package}" line in 030-ceph.sh file.
It causes a failure to execute the shell script.

Change-Id: If787abd7711a02313b6a2acae8a888b5609f27df
2019-02-19 02:27:21 +09:00
Pete Birley
ded99204b2 HTK: Update pod security context snippet
This PS updates the pod security context snippet to support
a more sane values layout.

Change-Id: Id25441802a23e2dd00ad656cec2428432359dbe5
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-16 20:19:58 +00:00
Zuul
27f4c66a80 Merge "[Prometheus] Tweak K8SApiServerLatency to ignore DELETECOLLECTION" 2019-02-16 18:43:31 +00:00
Zuul
924f0cd07d Merge "Fix wrong indentation of multinode docs" 2019-02-16 17:28:45 +00:00
Chris Wedgwood
332d7a4e39 [Prometheus] Tweak K8SApiServerLatency to ignore DELETECOLLECTION
DELETECOLLECTION for some things like namespaces can be very slow.  As
it's not critical it should be safe to ignore it.

Change-Id: I513b2af45b703a73d20a98a7a770776632ae4b39
2019-02-16 16:58:16 +00:00
Zuul
b53f476344 Merge "ReadinessProbe for OVS-DB Pod" 2019-02-16 14:15:08 +00:00
Zuul
4a00d79bee Merge "Add radosgateway to openstack support job" 2019-02-16 14:08:40 +00:00
Zuul
13e226c6cd Merge "Rabbit: Be more verbose in test logs" 2019-02-16 13:54:54 +00:00
Zuul
d968613da3 Merge "Revert "Update kubeadm kubernetes version to 1.12.2"" 2019-02-16 07:44:39 +00:00
Zuul
4a0b8d0511 Merge "HTK: Fix k8s pod security context example" 2019-02-16 07:42:44 +00:00
Zuul
bc9f8466e1 Merge "Exclude PNG images from whitespace linting job" 2019-02-16 05:54:36 +00:00
Zuul
4caf6220fc Merge "Update network policy test executed in osh-infra job" 2019-02-16 02:46:47 +00:00
Zuul
164e9125c2 Merge "RabbitMQ: Improve robustness of readyness checks" 2019-02-16 02:37:39 +00:00
Steve Wilkerson
75b9802c4e Add radosgateway to openstack support job
This adds the required services to the openstack-support job to
deploy ceph radosgateway with keystone auth enabled. This expands
coverage for radosgateway helm tests in the openstack-helm-infra
repository

Change-Id: I3a5505ad3d3400563694ef063b4e6777ba34c414
2019-02-16 01:38:34 +00:00
Pete Birley
939923db64 Rabbit: Be more verbose in test logs
This PS increases the feedback give by the rabbitmq test pod

Change-Id: If8aa713017eccaf100c6186cd569a6a0f4b021e9
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-16 01:33:48 +00:00
Zuul
0d4970087e Merge "Grafana: Add job to update admin password" 2019-02-16 01:10:44 +00:00
Zuul
a9f22aafed Merge "Fluentd: Add type_name to default elasticsearch output" 2019-02-16 01:01:23 +00:00
Pete Birley
69cf377fd6 RabbitMQ: Improve robustness of readyness checks
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.

Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-15 18:17:55 -06:00
Steve Wilkerson
be5ac2d4cc Revert "Update kubeadm kubernetes version to 1.12.2"
This reverts commit 8e8193f9e1631ffd34de32336b041ee9c58a0973.

Change-Id: I69c4d8716389d17dc806bd56f6afc14233f003af
2019-02-15 19:19:30 +00:00
Pete Birley
5ea775ab9b HTK: Fix k8s pod security context example
This PS fixes the k8s prod security context example.

Change-Id: I1b1d6875dda852bebb428708d4acf9c460360510
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-15 12:06:02 -06:00
Steve Wilkerson
8e8193f9e1 Update kubeadm kubernetes version to 1.12.2
This updates the kubernetes version used when deploying via
kubeadm to v1.12.2, which matches what is deployed via minikube
for the single node jobs

This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely

Change-Id: I26573de35529ce44e91e6d4d4530f608b8cee476
2019-02-15 10:42:57 -06:00
Steve Wilkerson
a03d047e07 Update network policy test executed in osh-infra job
This updates the network policy test that gets executed at the
conclusion of the network-policy job. As long as nsenter is used,
we need to account for situations where nsenter executing wget
fails due to invalid credentials. Since this validates the policy
successfully allows ingress traffic while still exiting with an
error code (6 for invalid credentials vs 4 for connection
timeouts), we should consider those scenarios successes.

This also updates the flags used for wget. Instead of using spider
mode, this enables flags for: recursive mode, not creating
directories, and deleting results after execution. This allows for
the testing of exporter endpoint paths explicitly.

Change-Id: I2d51e8ed5a153c2a6796e0df9b3fe5f710a947f9
2019-02-15 09:28:00 -06:00
Nikos Mimigiannis
7afe5189a0 Create Helm test for redis chart
Task: 21711
Story: 2002201

This patch creates Helm test for redis chart

Change-Id: Ifac407b5544484f2626ba7ffdbd2e96fca6e51ef
Signed-off-by: Nikos Mimigiannis <nmimi@intracom-telecom.com>
2019-02-15 07:55:07 -05:00
Roman Gorshunov
410d34317e Exclude PNG images from whitespace linting job
Image files could contain whitespace after carriage return and newline
characters; patch excludes "*.png" files from openstack-helm-lint job.

Change-Id: I6aef5f2f34637f018fd56a3bb8121d5829c600a2
2019-02-14 14:52:09 +01:00