Added new X-Content-Type-Options: nosniff header to make sure the browser
does not try to detect a different Content-Type than what is actually
sent (can lead to XSS)
Added new Header and set X-Permitted-Cross-Domain-Policies: "none"
Change-Id: I6f89ffb44ad805039c4074889a7c15fbef6fc95e
This updates the ceph-config-helper image for the ubuntu distro
based jobs to use an image that includes kubernetes 1.16.2
Change-Id: If063db5e6f0abfab10cd0195b3633c41d8ed560f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Some configuration when enable will explicitly set headers, for this
to work the header module should be enabled.
Change-Id: If549d4c6924c990d1a48bca193935ed9a2ed6864
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
This patch adds a deployment guide for installing Openstack Helm
with OVS-DPDK
Co-Authored-By: Georg Kunz <georg.kunz@ericsson.com>
Change-Id: Ic8078537a7317c4132e4b11494e0d827365109d9
In daemonset-compute.yaml, it uses a wrong application name
Bug introduced in commit-id:9b42e8a1c0e68404bf13487dbfb699b1bd0e4c01
Change-Id: I614dc9d52d6dd7b346aa0b3f5e0012686de93ced
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This patch set is one of many to migrate existing code/script to be
python-3 compatible as python-2 is sunsetting in January of 2020.
Change-Id: I337069203a3273e9aba6a37294ee3c25e5b4870a
Signed-off-by: Tin Lam <tin@irrational.io>
The current configuration expects VF & bonding info by default. This patch
set removes the need to configure them for every deployment.
Change-Id: Id546c113b2d3c42591a0326ee8cd442cccc73578
Python psutil library has not been consistent in behavior
a. gives trucated process names at times
b. the truncated names sometimes contain path to Python instead
of the program name Python runs
Change-Id: I99b77a4c28761a2187e59be4e562d5893ef3caa9
This PS adds octavia chart and its deployment scripts.
Blueprint name : openstack-helm-octavia
- Deployments : api, worker, housekeeping
- Daemonset : health-manager
- health-manager daemonset creates o-hm device on each controller node.
- This is for multi node deployment.
- 180-create-resource-for-octavia.sh : Create openstack resources
(network, sec groups, flavor, keypair, image for development)
- 190-create-octavia-certs.sh : Create certificates to use Octavia
(the certs is passed into pod using secret and volume for development)
- 200-octavia.sh : Deploy Octavia chart
Note: This chart doesn't include amphora image itself and its build.
Change-Id: I0bb7dfc7c15d77287c05a8542347e19fc269aba4
Signed-off-by: hagun.kim <hagun.kim@samsung.com>
The base network policy framework currently applies only to some
OpenStack services' charts but not others. This patch set applies the
same base network policies framework to all services.
Change-Id: I786c68057f6742a79a33f78db6e3bba8b99cf1b8
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates the test project purge script to target specificly
the desired project by its id.
Change-Id: I54bfaa7727fdad781bdecc31251c1fe53f912c18
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the os purge of the test project to be an optional
operator driven choice, as they will also need to ensure
the project is unique to neutron testing.
Additionally this updates the purge image to be driven by the
charts values.yaml, as with every other image in OSH.
Change-Id: I46807f7c4922a1b411386641eddbd8957ab56f05
Signed-off-by: Pete Birley <pete@port.direct>
This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
Glance provide default list of metadata definitions in /etc/glance/metadefs
directory. The patch adds job that will load those defaults definitions.
The job is enabled by default.
Change-Id: Ib3ab20a9a7f73b568b029b06101cf4e5e2473716
glance_store uses bare ConfigParser for swift configuration, that
ceased to strip quotes in PY3. That leads to invalid auth parameters
(e.g. 'project_domain_id': '""') and failure to authenticate.
Current CI process does not hit this issue because Swift backend
is not used.
Change-Id: I6d2c129e6747a3c5fcd2da0c88b0a2135775a914
Closes-bug: #1839772
This commit adds readiness checks to neutron ovs agent
to check if the ovs and dpdk configurations are working
without errors.
Change-Id: I48277bdbd91ec8121e5fec300aeb646a80a65d29
Rally usually cleans up all its resources in normal executions - normal
test success cases and normal test failure cases. But the generic cleanup
does not work well for out of the system failures like process
interruptions, pod failures, disaster cleanup etc.
This is a known issue in rally-openstack. -
"Current generic mechanism is nice but it doesn't work enough well in real life.
And in cases of existing users, persistence context
and disaster cleanups it doesn't work well."
Hence, if we shall face above such issues, it is becoming impossible
to run "helm test neutron" again because of the stale data
and different quota limits mentioned in the values.yaml.
Hence we need to purge the stale data from the "test"
project as well as reset the quota limit for such scenarios.
For the normal executions, this patch has to do nothing,
but for unexpected failures, this patch will purge the stale data
from test project and reset the quota as defined in
values.yaml for the next run.
Change-Id: I3f6851582e2ac1aa1d375fcd13c07f4f57f45dc8
