This change adds the minimum version of tls1.2 to not allow insecure
older tls versions to be allowed.
Change-Id: I880ac1caf31d2a26ca78389d5f96b07cf42b61ac
This fixes the file name that was modified in
the mentioned version.
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ib43e8a34173ef397ba7e2c29cc242a340c585232
The current bandit job appears to be failing due to a dependency
on setuptools. This change adds in a manual install for setuptools
when running the bandit job.
Change-Id: I6d0f5987c4f1a5fe7cfeed3eddb6d21c3040ebb0
This change reduces the amount of scripts used to deploy memcache
down to one by removing a duplicate and pointing the symlink
to the component script.
Change-Id: Ia127666cf89c8823ffb3ba2b5ebe7d62afa5f82b
On _ssh-init.sh.tpl, despite one change the runAsUser for the
nova-compute container on the securityContext, the ssh keys are always
being copied into the 'nova' user's folder. This change fixes it by
getting the correct user defined on the securityContext and copying the
keys to its correct folder.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ia7883dc4626a295892eb4637ef717b0b1725ac89
masakari hostmonitors needs to run the privsep-helper as root. As masakari monitors runs as masakari-monitors users, sudoers file is added so that privsep-helper can be run as root user without using password.
Change-Id: I3501d8913f4b8b0bf9d7e03c8d411137d9c25a8c
Keystone has default policy defined in code, this change
removes the outdated values set in values.yaml in order to fall
back onto the in code values for policy.
Change-Id: If27eb0aa312b52c6fddd3811f10bc6207c7dfe27
This change cleans up several redundant values and updates several
openstack release references to wallaby.
Change-Id: I547408a81c73b6b3db147582def6e8527e75a5c3
The deployment scripts for glance have leftover value settings
from older openstack releases that are no longer supported by
OSH. This change removes those random override values and has
them fallback to the get-values-overrides script.
Change-Id: If348d8be9748c281be27bdf5e8ac37d240d72636
When using Barbican with a large number of clusters, this option can
allow Magnum to cache the certificates locally to avoid hitting
the API excessively. It is enabled out of the box however since
we don't have that folder, it is not working.
Change-Id: I63cb35798b82460f7addd4ec719c157e2c1c4fd9
At the moment, the Cinder usage audit runs every 5 minutes which
is excessive and causes load on the system. Also, it defaults to
auditing an entire month which can take ages for large systems.
This patch makes it run sanely at the 5th minute of ever hour and
also runs the audit for the past hour only.
Change-Id: I59d1230fa4d33a2cf0364ade1a710e65ef449057
Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
Horizon complains about not defined the container_infra version in OPENSTACK_API_VERSIONS when using the magnum dashboard in horizon. Additional of the api version of the container_infra solves the issue.
Change-Id: I99faeffc82d9d0e50e01f17f3fbf2ca0d19c161b
We have observed that omitting statefulset
on the olso_messaging values can cause octavia
workers to ocasionally fail with:
AMQP server on rabbitmq.openstack.svc.cluster.local:5672 is unreachable:
[Errno 104] Connection reset by peer. Trying again in 1 seconds.:
ConnectionResetError: [Errno 104] Connection reset by peer
This patch aims to keep the pattern used on the other serivces
to setup the transport_url that includes all pods in the statefulset.
Change-Id: I1905dc8f443929a03786fd01d6cf4e50ff5d3cb2
When changes are made to config, helm upgrade failes with immutable fields in jobs. Addition of the helm hooks with post upgrade will delete the old job and create the new jobs which will solve the issue.
Also, mounted the shm and enabled hostNetwork in masakari monitors so that it can communicate with pacemaker remote for monitoring the cluster status.
Change-Id: I8a8bc5b7c77643872e65fac294d0ff48347c476b
After volumev1 and volumev2 were removed, openstack-helm-infra gates
started failing because they are deploying defult cinder image which
is currently stein. The python-openstackclient for stein sets volumev2
as default volume type. This was failing volume commands in cinder
bootstrap job for openstack-helm-infra gates
Change-Id: Ifcb3c813f132c9deedaba9a11f9ef721efcb92b0
This change removes the cinder v1 and v2 endpoint definitions
from the default values in the cinder chart.
Change-Id: I0ee35ad71c76df157e2c670a7899e4b6c1b91e46
Fix node labels for monitors agents as they need to run on the compute node where libvirt daemonset is running.
Change-Id: Ia4f3a510443f58b29d700421d77c5de51b0991b3
This change modifies the keystone-ldap job to run in check when
the keystone chart contains any modifications. This moves it from
running periodically to running on each keystone change.
Depends-On: https://review.opendev.org/c/openstack/openstack-helm/+/816209
Change-Id: I32008e3a14b0428922071205f873087c2aba071d
This patch allows the user to set log_config_append
to null which will flip back to the original shipped
logging config.
Change-Id: I1a2b90f208286a61c4ca5799a75d46d44bcd5296
This patch fixes the code for adding extra mounts
for the Designate pods, it would otherwise
generate invalid YAML.
Change-Id: I7126e20090714db85f571a3a6a80ea2fc4e069d5
The TLS job was previously broken with the change to helm v3, but
has since been fixed. This change makes it voting again.
Change-Id: I3ea6f12a4d165f9ff64e002e860e873a603f6a6d
This change updates the experimental jobs that are
currently working to use helm v3. Later changes should
fix the other issues that they are currently experiencing.
Change-Id: I068a9bb835e1bde4d11d8dee0352c49248c20b15
