Security_context'readOnlyRootFilesystem' under container cinder-backup
is misspelled as' redOnlyRootFilesystem', this commit fixed this
Change-Id: I5a1a9c1a9ae66d027199057a13e3119a326ef015
This commit adds a helm chart to deploy placement.
Related test pass on simplex and multi-node setup
Story: 2005799
Task: 33532
Depends-On: https://review.opendev.org/#/c/672678/
Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
Cinder default format of policy file is changed from
"json" to "yaml" in stein. This patch set modifies
Cinder chart templates to load policies in yaml format.
Change-Id: I28f3d5be6609cd28bbc1ce8e5fc1d1cf4730b760
Changed Nova and Neutron health-probe script to exit if previous
probe process is still running.
The health-probe has RPC call timeout of 60 seconds and has 2
retries. In worst case scenario the probe process can run a little
over 180 seconds. Changing the periodSeconds so that probe starts
after previous one is complete. Also changing timeoutSeconds value
a little to give little more extra time for the probe to finish.
Increasing the liveness probe periods as they are not do critical
which will reduce the resource usage for the probes.
Co-authored-by: Randeep Jalli <rj2083@att.com>
Change-Id: Ife1c381d663c1e271a5099bdc6d0dfefb00d8d73
This change adds in the mapping for LDAP groups to be mapped
to groups within keystone. Also adds a group list check to make
sure that groups are correctly mapped.
Change-Id: Ib3b00d3f801ba975202a921643510fcb642e0a90
This reverts commit 1c85fdc390.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
Removes stale DHCP and L3 namespaces. The cron runs once in 12 hours.
Network namespace cleanup is implemented as a daemonset as Kubernetes
does not have a cronjob that works like daemonset-cronjob.
Network namespace cleanup should run on all nodes where DHCP and L3
agents run.
Change-Id: I7525e493067669026e0d57889a3e3238a2bd1308
The gotpl script that determines if a cinder backend is ceph-backed
is not properly handling additional backends that does not have the
driver "cinder.volume.drivers.rbd.RBDDriver". This patch set fixes
the gotpl so it no longer causes a rendering problem.
Change-Id: I902e82301019531832afebce7a1e2f0b28bac8f3
Signed-off-by: Tin Lam <tin@irrational.io>
This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Also disabled barbican running in the apparmor job temporarily
until the correct profile gets used and it can deploy
succesfully.
Change-Id: Iadacd214de3fdb06e4acde4433c5fa86973371d5
This patch set fixes an issue with where the keystone chart's
domain-manage job/pod always restart once due to a calculation
logic error.
Change-Id: I801d04559a526d3a7339cd5102f2e738af9f72e0
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set adds in a script that cleans up orphaned or
lingering rally helm test pods.
Depends-On: https://review.opendev.org/#/c/683759/
Change-Id: I94fc8d067b421248cf74fe40b2e8520f63d4417c
Signed-off-by: Tin Lam <tin@irrational.io>
It was observed that when increasing amount of
conductor workers from default "1" to higher value
the readiness probe fails to check rabbitmq connections
for conductor processes - it happens since the script is trying
to obtain rabbitmq connections for parent conductor process
which in case of workers>1 doesn`t open rabbit connections
but spawns child processes which handle rabbitmq
connections instead.
This patch removes the "check-all-pids" option, keeps the logic
but simplifies and fastens he code - instead of checking all
processes when "check-all-pids" option was set (however
regardless of "sock_count value" if only one process opens connection
the check returns positive result) processes will be checked one-by-one
until the first one with open rabbitmq connection(s) is
found.
Change-Id: I72be0bbdefcba77a55b6ceed6e192c9621c069eb
The 'options' keyword for setting mtu in 'set interface' does not
set mtu and it seems to ignore/fail the request silently.
Change-Id: Icec98c5166611a8c538f93e6326cf7d20b545ecd
This patch set addresses a failure in the compute-kit network
policy failing as some application:nova to application:nova
pods communication is blocked.
Change-Id: I29cc044e0d4f10198c23c7c3e132ab0093f91e21
Signed-off-by: Tin Lam <tin@irrational.io>
When the default release was switched from ocata to stein, some of the
policies were duplicated. This moves the ocata overrides back to where
they belong, and adds overrides for pike, queens, and rocky.
Change-Id: I342d69e721b2692987951055e41ed5e153a91d6c
