965 Commits

Author SHA1 Message Date
Zuul
f81e2c54d1 Merge "Update Ceph-rgw helm tests" 2018-12-13 22:39:22 +00:00
Zuul
23967559a6 Merge "Add securityContext helm-toolkit function" 2018-12-13 18:24:10 +00:00
Renis Makadia
458b8f6692 Update Ceph-rgw helm tests
Change-Id: I7b328da18ef10840baf8454e2fb3abaeeb542068
2018-12-13 11:21:13 -06:00
Zuul
6589af54db Merge "Fluentbit: Add Decode_Field_As config to docker parser" 2018-12-13 01:35:59 +00:00
Zuul
d984f3c782 Merge "Elasticsearch: Define success criteria for adding snapshot repo" 2018-12-12 23:23:48 +00:00
Zuul
fe24873310 Merge "Elasticsearch: Update helm test" 2018-12-12 22:30:58 +00:00
Steve Wilkerson
f4e10f8839 Fluentbit: Add Decode_Field_As config to docker parser
This adds the Decode_Field_As configuration key to the docker
parser for fluentbit. This is required to escape utf-8 encoded
characters appropriately in the log field

Change-Id: Ie2600cfe22045e3ab651fddf61ed2f676ab8a1d5
2018-12-12 22:24:09 +00:00
Zuul
ef2e415ec8 Merge "Ingress: Remove server headers from response" 2018-12-12 22:13:53 +00:00
Steve Wilkerson
7be42d3cd5 Elasticsearch: Define success criteria for adding snapshot repo
This adds a simple check to the Elasticsearch snapshot repo job
that will cause the job to fail if the repository isn't added
successfully

Change-Id: I9dca6ef545b43c52a37542319fa2f706b174c44b
2018-12-12 14:44:49 -06:00
Steve Wilkerson
d3e046d803 Elasticsearch: Update helm test
This updates the Elasticsearch helm test to execute a clean on the
test index before attempting to create it, in cases where a
stranded test index may exist

Change-Id: I87533f94f6ea55b0b2f929543f8d3e75baa81bed
2018-12-12 12:43:13 -06:00
Pete Birley
c256cce537 Ceph: Allow multiple test pods to be present in clusters
This ps allows multiple ceph test pods to be present in cluster with
more than one ceph deployment.

Change-Id: I002a8b4681d97ed6ab95af23e1938870c28f5a83
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-12 07:29:01 -06:00
Zuul
7f1ad7b03c Merge "Ingress: Update sleep function to not require dumb-init" 2018-12-11 22:01:30 +00:00
Zuul
d93c591e9e Merge "Elasticsearch: Remove default Curator action configuration" 2018-12-11 20:58:50 +00:00
Pete Birley
337ac99234 Ingress: Update sleep function to not require dumb-init
This PS updates the sleep function to not require dumb-init to be
present in images.

Change-Id: I9ee7270f2c101a3a85b2aecd01097a70014ea4a6
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-11 12:53:38 -06:00
Pete Birley
8c9227273f Ingress: Remove server headers from response
This PS removes the server headers from client responses, as per
security guidelines.

Change-Id: I351f396e8e735e1d13f00c661b9c4068664d934a
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-11 10:05:43 -06:00
Zuul
ddb95379a4 Merge "helm-toolkit: Support standard kubernetes/helm labels" 2018-12-11 07:11:45 +00:00
Tin Lam
bf445b4add Add securityContext helm-toolkit function
This patch set adds in a helm-toolkit function to render the
securityContext in the chart.

Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
2018-12-10 21:59:41 -06:00
Zuul
0a53cad3a4 Merge "k8s-keystone create cluster roles and tests" 2018-12-10 22:06:22 +00:00
Sean Eagan
75e0c2d0f5 helm-toolkit: Support standard kubernetes/helm labels
As documented in [1].

Also add quotes around those and existing metadata labels.

[1]: https://docs.helm.sh/chart_best_practices/#standard-labels

Change-Id: I1e195deb23e87567041e237212b5a828bb34f3e8
2018-12-10 19:12:42 +00:00
Aaron Sheffield
8b201ea0eb Adding AppArmor profile to Calico v3
- Adds AppArmor profile to the privileged pod
  using kubernetes_manadatory_access_control_annotation.
- Added apparmor install to the gate jobs.

Change-Id: I8b53e0b8ddc2695fa278481edf5688efa23ab06b
2018-12-10 16:23:35 +00:00
Zuul
da99ce9a07 Merge "Mariadb: Share container PID namespaces under docker" 2018-12-10 14:17:38 +00:00
Steve Wilkerson
00f6a4a9c1 Elasticsearch: Remove default Curator action configuration
This removes the default Curator action configuration. As these
values will potentially be merged with any supplied overrides, it
could result in undesirable behavior. As a result, we should leave
the existing defaults commented out as a reference instead.

Change-Id: Idaf1dc8f3e476f1189058b69b841588a15deb7cd
2018-12-10 14:06:35 +00:00
Zuul
1a383fdacb Merge "Add tenant ceph deployment as nonvoting check" 2018-12-09 19:51:18 +00:00
Pete Birley
977c523cef Mariadb: Share container PID namespaces under docker
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.

Change-Id: Ib5fc101d930446d848246eb5ca4d554b756cb91f
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-08 16:16:11 -06:00
Pete Birley
7608d2c9d7 Ceph: Update failure domain overrides to support dynamic config
This PS updates the ceph failure domain overrides to support
dynamic configuration based on host/label based overrides.

Also fixes typo identified in the following ps for directories:
 * https://review.openstack.org/#/c/623670/1

Change-Id: Ia449be23353083f9a77df2b592944571c907e277
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-08 13:54:17 -06:00
Matthew Heler
d50bd2daad Fix detection of failure domain type
Small typo in the logic filtering of the failure domain type for
an OSD pod. This wasn't initially found since it didn't break any
expected behavior tests.

Change-Id: I2b895bbc83c6c71fffe1a0db357b120b3ffb7f56
2018-12-08 12:45:07 -06:00
Steve Wilkerson
4593854c6c Add tenant ceph deployment as nonvoting check
This adds a nonvoting check that will deploy two ceph clusters
and then deploy two radosgw instances, each one backed by a unique
ceph cluster. This allows us validate whether we can reliably
deploy multiple ceph clusters, as in the case of tenant-ceph outlined
in openstack-helm specs

Change-Id: I76a416eddcdb3ea2416d475ea8c8756925cd9580
Co-Authored-By: Meghan Heisler <mh783g@att.com>
2018-12-07 23:02:52 +00:00
Zuul
b591e0754a Merge "Add Nagios Elasticsearch Query Command" 2018-12-06 20:50:28 +00:00
Zuul
9d5c67fb74 Merge "Disable Ceph helm test while being updated." 2018-12-06 18:42:56 +00:00
Renis Makadia
5aaa59f23f Disable Ceph helm test while being updated.
Change-Id: I6011ee6f41044647dea43fa2848058d723e194b8
2018-12-06 15:47:08 +00:00
Zuul
be06b7c441 Merge "Add divingbell to zuul for test of htk overrides" 2018-12-06 11:32:54 +00:00
Pete Birley
90700f5a76 Ceph: Add labels to secrets created by charts
This PS adds labels to secrets created by charts, which allows them
to be easily identified in deployed sites.

PS4: This PS resolves undefined variable "$envAll" issue

Change-Id: Icbe3584b0ac18b23e32489c4a04ad5aa7aad67e6
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-06 04:15:29 +00:00
Zuul
0a4a76797d Merge "Modify Fluentbit to add appropriate tags" 2018-12-06 01:28:17 +00:00
Mike Pham
d09254c6de Modify Fluentbit to add appropriate tags
Adding auth tags for the logs to support special filter
for openstack and application security logs

Change-Id: Ifbd2395e4268d8d8fc4a2a3ac4d351db3d3e0845
2018-12-05 15:16:40 +00:00
Anderson, Craig (ca846m)
ab4c330b65 Add divingbell to zuul for test of htk overrides
Change-Id: I1e5cec885b4ae20f34733e6aaf1ee0a8a170ac32
2018-12-05 08:36:50 +00:00
Matthew Heler
4ad893eb1a Additional Ceph tunning parameters for openstack-helm
osd_scrub_load_threshold set to 10.0 (default 0.5)
 - With the number of multi-core processors nowadays, it's fairly
   typical to see systems over a load of 1.0. We need to adjust the
   scrub load threshold so that scrubbing runs as scheduled even
   when a node is moderately/lightly under load.

filestore_max_sync_interval set to 10s (default 5s)
 - Larger default journal sizes (>1GB) will not be effectively used
   unless the max sync interval time is increased for Filestore. The
   benefit of this change is increased performance especially around
   sequential write workloads.

mon_osd_down_out_interval set to 1800s (default 600s)
 - OSD PODs can take longer then several minutes to boot up. Mark
   an OSD as 'out' in the CRUSH map only after 15 minutes of being
   'down'.

Change-Id: I62d6d0de436c270d3295671f8c7f74c89b3bd71e
2018-12-04 20:27:52 -06:00
qingszhao
a5b8223eeb Change openstack-dev to openstack-discuss
Mailinglists have been updated. Openstack-discuss replaces openstack-dev.

Change-Id: Ibb461bf73b31d5e20a89081b281046fb5044b17e
2018-12-04 17:31:43 +00:00
Zuul
5da44ee309 Merge "Gate: minikube single node gate deployment" 2018-12-04 16:32:04 +00:00
Zuul
6985cc059b Merge "Fix racy conditions with Ceph caps updating" 2018-12-04 05:15:14 +00:00
Zuul
4dca49571e Merge "Switch Ceph to IPs when DNS is down" 2018-12-04 04:51:23 +00:00
Matthew Heler
621d3938db Fix racy conditions with Ceph caps updating
The sed commands are replaced with simpler methods of extracting
the cephx cap keys.

Change-Id: I783c360569bf17b16d128544b5ab11cb1ce9a7ed
2018-12-03 20:58:10 -06:00
Matthew Heler
76fb1fb10a Cephx caps update for new and post deployments
The update makes sure the Openstack service's cephx
user capabilities match best practices in terms of
security permissions after a site or software update.

Change-Id: I7c241cdb5d92463ac59c557ca7847ca5688d158b
2018-12-03 16:51:45 -06:00
Pete Birley
957bcb15a4 Gate: minikube single node gate deployment
This PS moves the single node gate to use a lightwight minikube
based env.

Change-Id: I285c4222795b66f3527f0daaf62a91973da5dca8
Co-authored-by: Krishna Venkata <kvenkata986@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-03 15:33:44 -06:00
Matthew Heler
35cce6cb43 Switch Ceph to IPs when DNS is down
Add helper scripts that are called by a POD to switch
Ceph from DNS to IPs. This POD will loop every 5 minutes
to catch cases where the DNS might be unavailable.

On a POD's Service start switch ceph.conf to using IPs rather
then DNS.

Change-Id: I402199f55792ca9f5f28e436ff44d4a6ac9b7cf9
2018-12-03 10:51:37 -06:00
Huang, Scott (sh2725)
bd05126309 Add Nagios Elasticsearch Query Command
Change-Id: I74a965a5397101793cae71228a6a5bd442bf9f5a
2018-12-03 09:09:03 -05:00
Zuul
2a0b183613 Merge "Helm tests for Ceph-OSD and Ceph-Client charts" 2018-12-03 05:03:31 +00:00
Zuul
48f5737e98 Merge "Helm Tests for Ceph-RGW chart" 2018-12-02 14:54:53 +00:00
Pete Birley
896385354e Mariadb: Support adoption of running single node mariadb deployment
This PS updates the mariadb chart to both support adoption of a
single instance of mariadb running the bash driven chart, which
did not support reforming a galera cluster by tracking state using
a configmap. Additionally basic logic is added for upgrading the
database as part of the normal rolling update flow.

Change-Id: I412de507112b38d6d2534e89f2a02f84bef3da63
Signed-off-by: Pete Birley <pete@port.direct>
2018-12-02 00:20:57 -06:00
Sangeet Gupta
eac7202774 k8s-keystone create cluster roles and tests
This commit adds roles to kubernetes-keystone-webook policy
which has permissions similar to clusterrols cluster-admin,
edit and view present in kubernetes.

Check.sh script is also modified to test and verify the new
roles.

Change-Id: I43621d2e1036259064c805d97b340589a5b68c93
2018-12-01 19:14:31 +00:00
Jean-Charles Lopez
f7e03d4763 Helm Tests for Ceph-RGW chart
Co-Authored-By: Renis Makadia <renis.makadia@att.com>

Change-Id: I81cc0cb498b2ca911d5b7bfa7c3bd9b8552e0e2b
2018-12-01 08:08:28 +00:00