Cinder requires rootwrap functionality that we cannot disable
allowPrivilegeEscalation. This patch set removes the line
that disables it by default.
Change-Id: I23b35aee298e2e414e93ff34cd0a7012a9099e3d
Signed-off-by: Tin Lam <tin@irrational.io>
This PS makes the image conversion directory an emptydir, so that
we can use read only containers and sill convert images from glance
into volumes.
Change-Id: Id3cda737895451c2261bf9adfe54995db28c2f63
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the default RMQ policy to not mirror reply queues
as they cause signifigant blocking when resorting a rabbit node to
a cluster, with no advantage.
Change-Id: I6f8d4eaa482fcdf3e877bd38caa9b24358ea5be0
Signed-off-by: Pete Birley <pete@port.direct>
This PS allows the db connection string for the singular cell that OSH
currently supports to be updated, and also uses the full connection
string for the transport url.
Change-Id: I700133263273e04dad5b3e69d5e1f8255323e560
Signed-off-by: Pete Birley <pete@port.direct>
If the transport url changes, cell needs to be updated to use new
transport.
Change-Id: I1a931b5ce272a731be710c43f3fea08abc79af71
Signed-off-by: Pete Birley <pete@port.direct>
This ps updates the component check scripts to deploy
the default number of rabbit replicas in the gate
Change-Id: I996af138373476ae4a65dc2bef7e360155390a5d
Wrap code making the assumption there is only one Ceph backend
(using is_ceph_volume_configured) in a "range" and use
ceph_backend_list helper to iterate all available Ceph backends.
Move Ceph pool application name in values.yaml from
conf.software.rbd.rbd_pool_app_name* to conf.ceph.pools.*.app_name
Change-Id: If1126e51fe9ebb85185e375dc282e83db63d934c
Depends-On: Iaa67061b05a9d355228ad7d3f5ee0f4f04dbdc66
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
The name of the variable ends with LIBVIRT although it should end with
OPENVSWITCH, as used in line 29
Change-Id: I0ec490de44969aea2cccf51d753f1ffcfa9e2511
Signed-off-by: Manuel Buil <mbuil@suse.com>
This commit changes the cinder template bootstrap script
to use the openstack client instead of the cinder client
to list volume types.
Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
The patch adds dependency in cinder for create_internal_tenant job which
uses openstack client to create internal_project_name and internal_user_name
but if identity server is not ready yet the job crashes therefore cinder-volume
doesn't work as well.
Change-Id: I4386f127b834a9777093ac1d3c269937947c7bcf
The L3 neutron agent uses the -W flag when adding new iptable rules.
That flag verifies if the lock is free to avoid race conditions. The
lock is normally /run/xtables.lock.
In iptables <1.6.2, if the file does not exist, iptables ignores the
lock and silently continues. Starting with 1.6.2, that behaviour changed
and if the file does not exist, iptables fails:
https://git.netfilter.org/iptables/commit/?id=80d8bfaac9e2430d710084a10ec78e68bd61e6ec
Leap 15.0 is using iptables 1.6.2 whereas Ubuntu Bionic uses 1.6.1.
That is why Ubuntu compute-kit gates where working whereas openSUSE
compute-kit gate was not
This patch fixes the gate problem by mounting /run/xtables.lock
Change-Id: Ia9c648cdf95c9824b34f40a6d9ed538a2cad5154
Signed-off-by: Manuel Buil <mbuil@suse.com>
Currently, in the script which sets up VMs with vmbc instead of BM for ironic
practice,
There is an IF command checking if OVS_VSWITCHD pod is located in master
node or not.
To get the info about Pod's nodeName, command below has been used.
$ kubectl --namespace openstack get pod "${OVS_VSWITCHD_POD}" -o wide --no-headers | awk '{ print $NF }'
But this command sometimes cannot parse Pod's nodeName correctly becuase
new headers such as "NOMINATED NODE" and "READINESS GATE" are printed in the end "-o wide" option.
(in some version of k8s)
To avoid this problem and give more readability,
I suggest changing commands to use "-o json" option.
Change-Id: Ib81ae505ac8d04dae9af6326880e1fa17664ac0b
This removes the service specific job definitions that currently
run periodically, as they add no value (as they're currently part
of the compute kit jobs). This helps ensure we have a workable
history of our multinode periodic jobs, as the current number of
periodic jobs limits us to ~2 days of history with no added value
Change-Id: Id525ca4895de2673bed2b638b816834bcf34e131
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This commit adds the capability for Aodh, Panko charts to
support TLS on overriden fqdn for public endpoints.
Change-Id: Ia1350f65872b0eddda8ecc83ffea1dd215b3b6db
Signed-off-by: Angie Wang <angie.wang@windriver.com>
BGP-MPLS VPN extension allows attachment of Neutron networks and/or
routers to VPNs built in carrier provided WANs using these standard
protocols.
Change-Id: Ib0ec8cb22e9c113d4be1c992d895b565db5e30b0
On some deployments the tests run on Neutron for multinode deployments
exceed the current 15 minutes timeout. The timeout is now configurable
through the OSH_TEST_TIMEOUT variable which can be passed from the yaml
file. The default timeout remains 15 minutes.
Change-Id: Ic5a1e9fd812e51ed51aef4de162b1c08d1c9a593
Signed-off-by: Abel Navarro <abel.navarro@gmail.com>
Current pxe init script does not support pxe for centos distro as
base image. Different folders were checked for centos to copy
pxe/ipxe files to tftpboot folder.
Change-Id: I4911825193d75aaaed24e8b71ba43efa2fc78fe8
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
This PS fixes a typo in the security context settings for neutrons
sriov agent.
Change-Id: I8cd255969b0f47d541cd5df68dbddde0b1fcf898
Signed-off-by: Pete Birley <pete@port.direct>
The keystone-credential-cleanup hook was previously changed to
post-delete, this can cause issues where the serviceName is deleted
prior to running and will cause this to fail. This change reverts
the hook back to pre-delete to avoid this issue.
Change-Id: I45f3e73f8a957576ef82a733c1a7b7feaba7b679
Remove the readiness probe from the neutron-sriov-agent-init init
container of the neutron-sriov-agent DaemonSet, and use the probe
template for the neutron-sriov-agent container.
Change-Id: Iaa1fbca0b2d5ba1b0c15b82b6e8927c2b7be9f52
This PS udpates the deps on the cinder boostrap job to ensure that the
cinder volume service has started prior to attempting bootstrap.
This crtainly could be enhanced further, but is the 1st step in preventing
the liklyhood of a race.
Change-Id: Id0f958077b296750242450179b41c0a1b703b4a5
Signed-off-by: Pete Birley <pete@port.direct>
