Keystone token expiration, rotation frequency and active keys
values should follow the formula:
max_active_keys = (token_expiration / rotation_frequency) + 2
max_active_keys by default is 3
token expiration set to 43200 (12h)
rotation frequency set to 12 hours
Change-Id: Ia04daec9b2905ef2d3f2d4fbb43557dda220dc70
Signed-off-by: Ruslan Khanbikov <rk760n@att.com>
This PS updates the Nova and Libvirt charts to mount the vm state
directories with bidirectional mount propagation for k8s >= 1.10.
This allows mounts created by some volume drivers to be used, and
unaffected by pod restart.
Change-Id: Idaf664efb23a424dd8d9e1376ea7231b8565e3fe
Signed-off-by: Pete Birley <pete@port.direct>
Ideally, this would completely own the postgresql.conf file that
is autogenerated by the container. This should not be done without
further deliberation though on what impact that may have. For now,
this allows some critical items to be manipulated at installation
time but does not meet the full need of complete configuration
flexibility.
Change-Id: I94fd3ac42398f8114c0b5c8b4ef0a6a96e530f96
This PS moves the neutron agents to run as child processes of either
the pause container or use the hosts init system (for k8s <1.10)
to prevent defunct process sprawl.
Change-Id: I3392bdc957144c1aa83314583d57183d35279336
Co-Authored-By: Hyunsun Moon <hyunsun.moon@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the swift backend for glance by default, which
in the case of OSH is currently served by keystone auth'd radosgw.
This change moves the chart to be inline with the current gates, and
deployments - which have been using swift by default for some time.
Change-Id: Ia9c954ae2bd833e7f449bfdf7c51f8df5c78ba57
Signed-off-by: Pete Birley <pete@port.direct>
This introduces a mechanism for generating the logging.conf
file for the openstack services via the values. This allows us to
define loggers, handlers, and formatters for the services and the
modules they're composed of.
This also allows us to take advantage of the oslo fluent handler
and formatter. The fluent handler and formatter give us the
following benefits: sending logs directly to fluentd instead of
routed to stdout/stderr and then through fluentbit to fluentd,
project specific tags on the logged events (enables us to define
more robust filters in fluentd for aggregation if required),
full traceback support, and additional metadata (modules that
created logged event, etc)
Depends-On: https://review.openstack.org/577796
Change-Id: I63340ce6b03191d93a74d9ac6947f0b49b8a1a39
This PS adds support for TLS on over-ridden fqdn's for public
endpoints for core OpenStack Services. Currently this implementation
is limited, in that it does not provide support for dynamicly loading
CAs into the containers, or specifying them manually via configuration.
As a result only well known or CA's added manually to containers will
be recognised.
Change-Id: I8f1b699af29cbed2d83ad91bb6840dccce8c5146
Depends-On: I535f38a8d92c01280d79926a1f0acd06984aabbf
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates horizon to use internal endpoints by default.
Change-Id: I8fa9286859a710ef434d2321a6be19be978b1690
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the glance storage init job to use the internal
endpoint by default.
Change-Id: Id85946fbe3b897a45d671b972621f94ff9173e17
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the ironic gate deployment, by adding the ceph namespace
ingress controller.
Change-Id: I21d8ae257dac4e0c268981bb253c86e543ed9218
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ceph chart to use the ingress controller for
the radosgw.
Change-Id: Ie0ff4d9dd91d8228170e0ed4f2793599132077a7
Signed-off-by: Pete Birley <pete@port.direct>
This updates the values in the armada LMA and OSH manifests to
include similar overrides for ceph to those used in the standard
multinode gates
Change-Id: I435ae0ad761da626591fa45486764d71566fd966
This PS moves to use the internal endpoint for nova interaction.
Change-Id: Ifb796fb80314c97bc117d82a93a9cd0cfa95591e
Signed-off-by: Pete Birley <pete@port.direct>
As of Rocky, keystone creates a default "member" role upon bootstrap.
This change modifies any references to the manually created
"_member_" role to "member". In a future change, the manualy creation
of this role in keystone can be removed since it will no longer be
needed.
Change-Id: I65c63695976f38da21dc6dd8f40ad70e23da6f48
This PS updates the ceph daemonset over-rides function to
reference the correct key, rather than the chart name to
apply host/label specific configuration.
Change-Id: Id4004077a7cc0e7e4caceff6779165e8a7c3e6ef
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the dnsmasq pod that runs in the gate to allow vm's
API access to only bind to br-ex, as otherwise it collides with other
DNS servers running in the gates.
Change-Id: I85bb3043d56689ad8ee2996df61d23969a535de1
With libvirt 2.0, when using qemu cpu mode is not properly
evaluated and need to be set to cpu_mode = none.
Add this option when kvm is not supported, otherwise user
will still facing errors when launching instances over qemu.
Change-Id: Ib00fa257fb33fd3281f484a47a945640da8dda56
This change add the "nginx.org/proxy-max-temp-file-size" value
to the ingress chart's values file, sets it to "0" to
disable temp file caching, and allows serving files of any size.
Change-Id: I536ad98585e0270e033db2bc85d448981b3cfd90
This adds fluentbit sidecar containers to the ceph mon and ceph
osd charts, allowing for the gathering of ceph logs that arent
sent to stdout and stderr. This sidecar container mounts a shared
directory on /var/log/ceph, and fluentbit is configured to tail
the log files in this directory and tag the event messages
appropriately before forwarding them to fluentd. This behavior can
be toggled on or off via values, and its proposed to be disabled
by default
Change-Id: Ia2c944a68f9e7d831ac0fe11ed09468d0dc9ce71
The information to setup passwordless sudo is only present for
multinode deployment. This patch moves all common requirements to
a 'Common Requirements' location before any of the deployment
instructions.
Change-Id: I22b14dec2153dabd57b451e0a8f7d30d423760b0
This PS moves to use the current ga version for kubernetes deployments.
Story: 2002205
Task: 21735
Depends-On: Icb4e7aa2392da6867427a58926be2da6f424bd56
Change-Id: I062a8a29dff70427ee9bcf09f595011b3611b0b1
Signed-off-by: Pete Birley <pete@port.direct>
This PS simply moves functions within the chart to their correct location.
Change-Id: I6430304528b964d9babcd54e3336f3016b8efde6
Signed-off-by: Pete Birley <pete@port.direct>
This PS increases the number of default RPC works to a more
sane value - even with a large number of replicas a single worker
thread has difficulty keeping up.
Change-Id: I9a4ce7a88983b52c506b6a5f6253688f8a3aa61e
Depends-On: I705f2ddf3facfe56838f606f88cfb15b822d18a5
Signed-off-by: Pete Birley <pete@port.direct>
