This adds the Decode_Field_As configuration key to the docker
parser for fluentbit. This is required to escape utf-8 encoded
characters appropriately in the log field
Change-Id: Ie2600cfe22045e3ab651fddf61ed2f676ab8a1d5
This adds a simple check to the Elasticsearch snapshot repo job
that will cause the job to fail if the repository isn't added
successfully
Change-Id: I9dca6ef545b43c52a37542319fa2f706b174c44b
This updates the Elasticsearch helm test to execute a clean on the
test index before attempting to create it, in cases where a
stranded test index may exist
Change-Id: I87533f94f6ea55b0b2f929543f8d3e75baa81bed
This ps allows multiple ceph test pods to be present in cluster with
more than one ceph deployment.
Change-Id: I002a8b4681d97ed6ab95af23e1938870c28f5a83
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the sleep function to not require dumb-init to be
present in images.
Change-Id: I9ee7270f2c101a3a85b2aecd01097a70014ea4a6
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the server headers from client responses, as per
security guidelines.
Change-Id: I351f396e8e735e1d13f00c661b9c4068664d934a
Signed-off-by: Pete Birley <pete@port.direct>
This patch set adds in a helm-toolkit function to render the
securityContext in the chart.
Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
- Adds AppArmor profile to the privileged pod
using kubernetes_manadatory_access_control_annotation.
- Added apparmor install to the gate jobs.
Change-Id: I8b53e0b8ddc2695fa278481edf5688efa23ab06b
This removes the default Curator action configuration. As these
values will potentially be merged with any supplied overrides, it
could result in undesirable behavior. As a result, we should leave
the existing defaults commented out as a reference instead.
Change-Id: Idaf1dc8f3e476f1189058b69b841588a15deb7cd
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: Ib5fc101d930446d848246eb5ca4d554b756cb91f
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ceph failure domain overrides to support
dynamic configuration based on host/label based overrides.
Also fixes typo identified in the following ps for directories:
* https://review.openstack.org/#/c/623670/1
Change-Id: Ia449be23353083f9a77df2b592944571c907e277
Signed-off-by: Pete Birley <pete@port.direct>
Small typo in the logic filtering of the failure domain type for
an OSD pod. This wasn't initially found since it didn't break any
expected behavior tests.
Change-Id: I2b895bbc83c6c71fffe1a0db357b120b3ffb7f56
This adds a nonvoting check that will deploy two ceph clusters
and then deploy two radosgw instances, each one backed by a unique
ceph cluster. This allows us validate whether we can reliably
deploy multiple ceph clusters, as in the case of tenant-ceph outlined
in openstack-helm specs
Change-Id: I76a416eddcdb3ea2416d475ea8c8756925cd9580
Co-Authored-By: Meghan Heisler <mh783g@att.com>
This PS adds labels to secrets created by charts, which allows them
to be easily identified in deployed sites.
PS4: This PS resolves undefined variable "$envAll" issue
Change-Id: Icbe3584b0ac18b23e32489c4a04ad5aa7aad67e6
Signed-off-by: Pete Birley <pete@port.direct>
Adding auth tags for the logs to support special filter
for openstack and application security logs
Change-Id: Ifbd2395e4268d8d8fc4a2a3ac4d351db3d3e0845
osd_scrub_load_threshold set to 10.0 (default 0.5)
- With the number of multi-core processors nowadays, it's fairly
typical to see systems over a load of 1.0. We need to adjust the
scrub load threshold so that scrubbing runs as scheduled even
when a node is moderately/lightly under load.
filestore_max_sync_interval set to 10s (default 5s)
- Larger default journal sizes (>1GB) will not be effectively used
unless the max sync interval time is increased for Filestore. The
benefit of this change is increased performance especially around
sequential write workloads.
mon_osd_down_out_interval set to 1800s (default 600s)
- OSD PODs can take longer then several minutes to boot up. Mark
an OSD as 'out' in the CRUSH map only after 15 minutes of being
'down'.
Change-Id: I62d6d0de436c270d3295671f8c7f74c89b3bd71e
The update makes sure the Openstack service's cephx
user capabilities match best practices in terms of
security permissions after a site or software update.
Change-Id: I7c241cdb5d92463ac59c557ca7847ca5688d158b
This PS moves the single node gate to use a lightwight minikube
based env.
Change-Id: I285c4222795b66f3527f0daaf62a91973da5dca8
Co-authored-by: Krishna Venkata <kvenkata986@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
Add helper scripts that are called by a POD to switch
Ceph from DNS to IPs. This POD will loop every 5 minutes
to catch cases where the DNS might be unavailable.
On a POD's Service start switch ceph.conf to using IPs rather
then DNS.
Change-Id: I402199f55792ca9f5f28e436ff44d4a6ac9b7cf9
This PS updates the mariadb chart to both support adoption of a
single instance of mariadb running the bash driven chart, which
did not support reforming a galera cluster by tracking state using
a configmap. Additionally basic logic is added for upgrading the
database as part of the normal rolling update flow.
Change-Id: I412de507112b38d6d2534e89f2a02f84bef3da63
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds roles to kubernetes-keystone-webook policy
which has permissions similar to clusterrols cluster-admin,
edit and view present in kubernetes.
Check.sh script is also modified to test and verify the new
roles.
Change-Id: I43621d2e1036259064c805d97b340589a5b68c93