Commit Graph

13 Commits

Author SHA1 Message Date
Pete Birley
d3c3c35365 Libvirt: Move ceph config to remain on host
Change-Id: If525389191b82dc7fb10cd2941bbe48fb0bbdb3c
Signed-off-by: Pete Birley <pete@port.direct>
2019-02-08 16:20:49 -06:00
Anderson, Craig (ca846m)
ff7985e391 Parameterize hugepage pod cgroup
Change-Id: I5a52397185610e19ce5861ce3c3b3303006a296b
2019-01-03 14:13:13 -08:00
Steve Wilkerson
281b0799f0 Write libvirt logs to host
This modifies the libvirt chart to write logs directly to the
host by default. This also modifies the fluentbit and fluentd
charts to capture libvirt logs from the host and index them into
Elasticsearch

Change-Id: I0bbc49d2c0d4cf4895f797e48f309f308ffd021f
2018-12-28 17:43:12 +00:00
Pete Birley
0bf3674539 Revert "Add Egress Helm-toolkit function & enforce the nework policy at OSH-INFRA"
This reverts commit 8d33a2911c.

Change-Id: Ic861b9bf9b337449b47a3558da8355e7a5bcacee
2018-12-16 04:21:46 +00:00
Mike Pham
8d33a2911c Add Egress Helm-toolkit function & enforce the nework policy at OSH-INFRA
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.

Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
2018-12-14 16:32:40 -05:00
Matthew Heler
621d3938db Fix racy conditions with Ceph caps updating
The sed commands are replaced with simpler methods of extracting
the cephx cap keys.

Change-Id: I783c360569bf17b16d128544b5ab11cb1ce9a7ed
2018-12-03 20:58:10 -06:00
Matthew Heler
76fb1fb10a Cephx caps update for new and post deployments
The update makes sure the Openstack service's cephx
user capabilities match best practices in terms of
security permissions after a site or software update.

Change-Id: I7c241cdb5d92463ac59c557ca7847ca5688d158b
2018-12-03 16:51:45 -06:00
Jean-Charles Lopez
566a489bbe Restrict libvirt Ceph access scope to what is needed only.
Change-Id: I78bffe6764e9cbb16b2a615be766c910ba5d4e48
2018-10-26 01:15:12 +00:00
Tin Lam
92e68d33ea Add network policy toolkit function
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.

Additionally, implementation is done for some infrastructure charts.

Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
2018-10-15 13:50:50 +00:00
Pete Birley
f8880d27ad Libvirt: Fix image
This PS fixes the libvirt image, buy removing the ubuntu-cloud
archive repo and pinning to a good version.

Change-Id: I5097d8893b92d020f7a5a1cb5925dec0b01d4da2
Signed-off-by: Pete Birley <pete@port.direct>
2018-10-05 15:41:12 -05:00
Pete Birley
25985f7b43 Libvirt: escape kube cgroups and pid reaper
This PS moves to run the Libvirt process as a transient unit
on the host, free fom k8s controlled cgroups. In addition it
also uses the cloud archive provided libvirt/qemu packages.

Change-Id: Idfe9ae6f072acd86f877df0c3dfe3db4c20902d6
Signed-off-by: Pete Birley <pete@port.direct>
2018-10-03 19:11:00 +00:00
Pete Birley
bb3ff98d53 Add release uuid to pods and rc objects
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.

Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 05:35:35 +00:00
Steve Wilkerson
6b944f557b Libvirt: Move chart to openstack-helm-infra
This moves the libvirt chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories

Change-Id: I02ce197f8d100da74c086d84e2f9d2b902a69e97
Story: 2002204
Task: 21723
2018-09-10 09:45:55 -06:00