The default behavior of divingbell-perm is to fail when trying to assign
permissions to non-existent files.
This change adds an option to values.yaml to skip any missing files and
proceed with the rest of the assignments.
conf:
perm:
ignore_missing: true # default is false
This may be useful in cases where files will never exist on a node, or
cases where the file does not exist yet, but will exist later. Note that
with this option enabled, a run in which files are skipped is considered
successful, so the rerun_policy and rerun_interval will determine if and
when another attempt will be made.
Change-Id: I15505d6292dda66942c66eea5a4d0666bd6bdfa7
This change adds the ability to configure node selectors per module. The
default node selector is 'kubernetes.io/os=linux'. For example:
labels:
apt:
node_selector_key=divingbell-apt
node_selector_value=enabled
Will result in a node selector of 'divingbell-apt=enabled'.
Change-Id: I7150c5f998afa30dce22f505be4d0d164254214f
This adds default AppArmor profile to divingbell.
Also, update to gate script to install ethtool if it is not present.
Change-Id: I7abb13a533b596f4db5fe65fdae5eb7fc57ec00a
Currently, divingbell-apt will only remove packages that aren't
on the current requested package list when they were previously
installed by divingbell-apt. This patchset adds a "strict" mode
which causes it to remove packages not on the requested package
list regardless of whether divingbell installed them (i.e., it
can remove unwanted packages that were part of the host's base
image).
Change-Id: Ie2ba5d47646bfaaf030cb54673e644ab0e917fd4
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I2adb5e652c1da0a1982ab18c498f033910a47cd8
Currently, the APT daemonset allows the installation of new packages or
upgrade of existing packages to a newer version. Sometimes, it may be
desirable to trigger an update for all packages. This change introduces
the ability to trigger a full-system upgrade using the .conf.apt.upgrade
chart value. The new option is disabled by default.
Change-Id: I611422c2093b9dbbae4e2d7cc05ebd726e895c88
Signed-off-by: Drew Walters <andrew.walters@att.com>
- Adds the ability to rerun divingbell-perm at specified interval.
- Adds the ability to specify a rerun policy of
'always', 'never', 'once_successfully'. Default value is 'always'.
Demo: https://asciinema.org/a/220289
Change-Id: I3909b4d92f8e2bdb0d826ca1cfbd62f937c2532d
via new module 'perm'
1) DaemonSet
2) Secret (instead of old ConfigMap)
3) Include module /bin/_perm.sh.tpl
4) Commented example in values.yaml
5) Demo: https://asciinema.org/a/209509
6) Increased # of expected DaemonSets
7) Rebased after a few merges
8) Addressing comments
9) Migrated from ConfigMap to Secret
10) Got rid of 'eval'
11) Test
12) Demo for host targeting: https://asciinema.org/a/213125
Change-Id: Ia3181dcb7fc1ccc7422c635b010000f6d3fbcf4d
- Extends apt daemonset to remove packages.
- Uses a list of packages in remove and automove, so if a
package gets installed that should not be it will be
uninstalled when Divingbell runs again.
Change-Id: Id5c7ccead399a8c78621a0e593033e55412ff315
This change adds a possibility to install or upgrade to packages
with a specific version. The daemonset also tracks the packages
installed, and will be removing the packages that were deleted
from the chart but were previously installed by divingbell.
Change-Id: Ia6066679e549190054eb2cf71589065177447447
1) 'Values' configures limit settings to be persisted.
2) Previous DivingBell controlled limits those were set
but now are gone are cleared.
3) Previous values of newly set limits are backed up
to /var/divingbell/limits
4) New limit is applied via adding a separate conf file
to /etc/security/limits.d
5) The Doc is updated with appropriate details.
6) Dev env with Vagrant
7) Increase number of expected DaemonSets in 020-test
8) Demo: https://asciinema.org/a/209619
Change-Id: I5efb39c498c2b666b4ba97271b59757f4a0c1ca7