summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-02-04Allow tls versions and ciphers to be configuredHEADmasterJared Miller
Add the ability to set tls version and cipher suites Change-Id: Ifb3d1ed315c0ed8d679e5ab71cf2484dc8329dbd Vulnerability: https://sweet32.info/ Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+1: Dan Crank <dan.no@att.com> Code-Review+1: PRATEEK REDDY DODDA <pd2839@att.com> Code-Review+2: Matt McEuen <matt.mceuen@att.com> Workflow+1: Matt McEuen <matt.mceuen@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 13 Feb 2019 20:44:06 +0000 Reviewed-on: https://review.openstack.org/634815 Project: openstack/airship-promenade Branch: refs/heads/master
2019-01-25Adding filename to promenade logging message format for troubleshooting purpose.pg611m
Change-Id: Ibbbf65ad815fb8c9e6ede468eda12bec863bc474 Notes (review): Code-Review+1: Evgeniy L <eli@mirantis.com> Code-Review+1: Chris Wedgwood <cw@f00f.org> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+2: Matt McEuen <matt.mceuen@att.com> Workflow+1: Matt McEuen <matt.mceuen@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 25 Jan 2019 19:12:05 +0000 Reviewed-on: https://review.openstack.org/625190 Project: openstack/airship-promenade Branch: refs/heads/master
2019-01-10Refactor API serverMark Burnett
This change accomplishes 2 primary things: 1. It generalizes work to enable the EventRateLimit admission plugin. 2. It restructures the anchor so that during an upgrade an "old" anchor does not try to coordinate the injection of "new" data from configmaps/secrets. It also includes these ancillary changes: * Clean up apiserver argument specification in the chart. * De-duplicate and realign apiserver arguments in bootstrapping templates. It has the side effects of: * Adding a new field, ".apiserver.arguments" to the Genesis config, which will be the preferred way to configure bootstrapping apiservers going forward (in lieu of command_prefix). Change-Id: I33cfe80ee8e29cd79e479a7985e3c098a2288fda Notes (review): Code-Review+2: Matt McEuen <matt.mceuen@att.com> Code-Review+2: Bryan Strassner <strassner.bryan@gmail.com> Workflow+1: Matt McEuen <matt.mceuen@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 14 Jan 2019 19:19:42 +0000 Reviewed-on: https://review.openstack.org/622586 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-27Merge "Fix bug about promenade debug"Zuul
2018-12-20Fix incorrect volumeMount entry for policy.yamlMark Burnett
Change-Id: I49ad7e897543f230475f9c7d1aec5d002293077d Notes (review): Code-Review+1: Evgeniy L <eli@mirantis.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 21 Dec 2018 14:26:11 +0000 Reviewed-on: https://review.openstack.org/626757 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-20Merge "[US:349446] Adding capabilites for reading policy.yaml file."Zuul
2018-12-18Merge "Update Kubernetes to 1.10.11"Zuul
2018-12-18Update Kubernetes to 1.10.11Mark Burnett
Change-Id: If1479f7a5d0a8ea459eed39172a0bc1f89935e36 Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Mark Burnett <mark.m.burnett@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 18 Dec 2018 18:05:40 +0000 Reviewed-on: https://review.openstack.org/622334 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-16Merge "Extend webhook-enabled apiserver chart"Zuul
2018-12-16Merge "Support systemd unit management during node join"Zuul
2018-12-15Change static pod template to run as root userMichael Beaver
Change-Id: Ie04a52bec37633ebbd2b1f9e252740575cc80de1 Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Sat, 15 Dec 2018 18:25:21 +0000 Reviewed-on: https://review.openstack.org/625402 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-14Support systemd unit management during node joinScott Hussey
- Support systemctl enable/start/stop/disable commands during join.sh or genesis.sh Change-Id: I28046afbc55fc1d1af4575778f614f928f0e91c9 Notes (review): Workflow+1: Scott Hussey <sthussey@att.com> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+2: Matt McEuen <matt.mceuen@att.com> Code-Review+2: Pete Birley <petebirley@gmail.com> Workflow+1: Pete Birley <petebirley@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Sun, 16 Dec 2018 17:24:46 +0000 Reviewed-on: https://review.openstack.org/625329 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-12[US:349446] Adding capabilites for reading policy.yaml file.Rahul Khiyani
Change-Id: I202a98d37988d57e0f09e15200d719f9111231d3 Notes (review): Code-Review+1: Vladyslav Drok <vdrok@mirantis.com> Code-Review+1: Chris Wedgwood <cw@f00f.org> Code-Review+1: Evgeniy L <eli@mirantis.com> Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Pete Birley <petebirley@gmail.com> Workflow+1: Craig Anderson <craig.anderson@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 20 Dec 2018 06:20:48 +0000 Reviewed-on: https://review.openstack.org/617698 Project: openstack/airship-promenade Branch: refs/heads/master
2018-12-10Extend webhook-enabled apiserver chartScott Hussey
- Updates to the webhook-enabled apiserver chart to properly support certificate trust and allow for fragmented CAs for better security. Change-Id: I56dee9d1ca4e0807d89ce6b0f3ab3fb5d4ea8c67 Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Pete Birley <petebirley@gmail.com> Workflow+1: Pete Birley <petebirley@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Sun, 16 Dec 2018 19:33:54 +0000 Reviewed-on: https://review.openstack.org/603887 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-30[FIX] liveness probe file location fixBryan Strassner
Fixes the destination for the file created during the liveness probe for the apiserver anchor pod so that it exists in the desired location for the subsequent check. Change-Id: I29966ee47524f73b018cc6ea85854a42a406dfc3 Notes (review): Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+1: Kaspars Skels <kaspars.skels@gmail.com> Code-Review+2: Craig Anderson <craig.anderson@att.com> Workflow+1: Craig Anderson <craig.anderson@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Sat, 01 Dec 2018 00:54:56 +0000 Reviewed-on: https://review.openstack.org/621294 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-27Fix bug about promenade debugpengdake
The lower of "PROMENADE_DEBUG" never equal to "True". Change-Id: I77b6ece23d39bfcaead764bf3790c099f28b57cb Signed-off-by: pengdake <19921207pq@gmail.com> Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Workflow+1: Mark Burnett <mark.m.burnett@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 27 Dec 2018 15:01:28 +0000 Reviewed-on: https://review.openstack.org/620204 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-26Use new default-test behavior of Armada in resiliency testMark Burnett
Change-Id: Ic8cd6f7c703bc54ab0d31316b6f1d4b1a34af551 Notes (review): Code-Review+1: Drew Walters <drewwalters96@gmail.com> Code-Review+2: Sean Eagan <sean.eagan@att.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 27 Nov 2018 20:27:47 +0000 Reviewed-on: https://review.openstack.org/620145 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-21Merge "Newer Deckhand engine"Zuul
2018-11-19Merge "Fix incorrect templating in haproxy anchor script"Zuul
2018-11-19Fix incorrect templating in haproxy anchor scriptMark Burnett
Change-Id: Ia21f90f0e59fc85cdaf7366a22973a089927c6c5 Notes (review): Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 19 Nov 2018 22:14:22 +0000 Reviewed-on: https://review.openstack.org/618825 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-13omit the twice occured words in values.yamlzhouxinyong
Change-Id: I0690c79b42be2e06a07f8487774b4a9004ea346d Notes (review): Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 13 Nov 2018 14:30:05 +0000 Reviewed-on: https://review.openstack.org/617413 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-13dumplicate words was deleted in kubernetes-network.rstzhouxinyong
Change-Id: If366518a5d4b75e6bc292ce30aee289f42b98171 Notes (review): Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 13 Nov 2018 14:26:08 +0000 Reviewed-on: https://review.openstack.org/617412 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-13fix some errors for ill-syntax in kubernetes-network.rstzhouxinyong
Change-Id: I5125e432f1eaa8ae9f19abc44e2a64939f1d866b Notes (review): Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 13 Nov 2018 14:26:07 +0000 Reviewed-on: https://review.openstack.org/617411 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-08Minor: meaningful default labelRoman Gorshunov
Making default label meaningful and conformant to "key=value" requirement. Change-Id: I67f52063b1ac0413155ee96248318180a1ea6ad6 Notes (review): Code-Review+2: Matt McEuen <matt.mceuen@att.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 08 Nov 2018 19:00:49 +0000 Reviewed-on: https://review.openstack.org/616665 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-06Newer Deckhand engineBryan Strassner
Updates Promenade to use a newer Deckhand version Change-Id: I240b12093a9ef6da26d04eaffb79d834f513e537 Notes (review): Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 21 Nov 2018 16:48:11 +0000 Reviewed-on: https://review.openstack.org/615989 Project: openstack/airship-promenade Branch: refs/heads/master
2018-11-06Merge "Add release uuid to pods and rc objects (prom)"Zuul
2018-11-05Merge "Add EventRateLimit admission controller"Zuul
2018-11-02Merge "Share process namespaces with exec probes"Zuul
2018-11-02Share process namespaces with exec probesMark Burnett
This avoids leaving zombies in cases where the processes don't reap children. Also fixes a certificate issue with the resiliency gate. Change-Id: I8a795557b0d60338c40b360c947b81a20fd48877 Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Sean Eagan <sean.eagan@att.com> Workflow+1: Alan Meadows <alan.meadows@gmail.com> Code-Review+2: Alan Meadows <alan.meadows@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 02 Nov 2018 20:29:19 +0000 Reviewed-on: https://review.openstack.org/615303 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-29Merge "Uplift deckhand dependency"Zuul
2018-10-27Add EventRateLimit admission controllerMatt McEuen
Add the EventRateLimit admission controller, to allow operators to define rate limits for the k8s API server at the server, namespace, or user account level. This also * cleans up some of the parameters passed into the API server * replaces the deprecated --admission-control parameter * applies --repair-malformed-updates consistently, incl examples * removes unused batch/v2alpha1 runtime config * https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/ * removes duplicate --service-cluster-ip-range setting This PS adds EventRateLimits to the bootstrap and anchor API servers; future work will need to add it to the Keystone Webhook API server. Change-Id: I32a2d4add880e50f470e4cb0687e20d16e6e926d Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+1: Ahmad Mahmoudi <am495p@att.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 05 Nov 2018 20:27:05 +0000 Reviewed-on: https://review.openstack.org/611713 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-26Merge "Enable using PBR for package library"Zuul
2018-10-25Enable using PBR for package libraryAhmad Mahmoudi
Updated promenade packaging scripts to use pbr. This was done to make sure all required packages for promenade package library are pulled, when another moudle does git pull to use promenade package library. Change-Id: I820ac6513c42456d52f92dab72dba2a34d8b437b Notes (review): Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 26 Oct 2018 21:39:58 +0000 Reviewed-on: https://review.openstack.org/612551 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-25Merge "Secure host file permissions"Zuul
2018-10-24Fix: adding back the possibility to add arbitrary labelsRoman Gorshunov
Arbitrary labels could be added as `make` parameter `LABEL=`, which is used in att-comdev/cicd Jenkins pipelines. Sample parameter: 'LABEL=org.label-schema.vcs-url=${GERRIT_CHANGE_URL} \ --label org.label-schema.base-image=${base_sha256}' Sample usage: See Jenkinsfile files under images/ directory in att-comdev/cicd repo. In addition to that, if `COMMIT` variable is undefined when invoking `make`, we use result of `git rev-parse HEAD` command, which should output latest git commit ID. [0] https://github.com/att-comdev/cicd Change-Id: If4e3425ac92f654f1bff046f20535e619a7e595c Notes (review): Code-Review+1: Stacey Fletcher <staceylynnfletcher@gmail.com> Code-Review+1: Drew Walters <drewwalters96@gmail.com> Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 24 Oct 2018 21:23:50 +0000 Reviewed-on: https://review.openstack.org/613029 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-23Merge "Make haproxy-anchor cleanup optional"Zuul
2018-10-23Uplift deckhand dependencyScott Hussey
- Uplift deckhand dependency to gain support of recursive document substitution. Change-Id: Iccaee6d750c2b351ddcb0dcc5321d628778a8e98 Notes (review): Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Workflow+1: Bryan Strassner <bryan.strassner@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 29 Oct 2018 14:11:09 +0000 Reviewed-on: https://review.openstack.org/612707 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-19Secure host file permissionsMichael Beaver
* added in missing recursive flag to the chmod command used to remove extraneous permissions from CURATED_DIRS * added commands to change permissions for manifests and configurations that are copied to the host Change-Id: I174db09061c3162db11dd976a55132f5fad7a80d Notes (review): Code-Review+1: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 25 Oct 2018 18:43:27 +0000 Reviewed-on: https://review.openstack.org/610725 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-16Add release uuid to pods and rc objects (prom)Matt McEuen
This PS adds the ability to attach a release uuid to pods and rc objects as desired. This can be used, for example, to force an artificial manifest change in CICD scenarios, for upgradability testing purposes. Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add Notes (review): Code-Review+1: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+2: Pete Birley <petebirley@gmail.com> Code-Review+2: Alan Meadows <alan.meadows@gmail.com> Workflow+1: Alan Meadows <alan.meadows@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 06 Nov 2018 19:18:34 +0000 Reviewed-on: https://review.openstack.org/602747 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-16Merge "Fix: git commit id labels on images"Zuul
2018-10-10Merge "Make kube-proxy liveness probe more cautious"Zuul
2018-10-10Merge "Add /opt resources to cleanup.sh"Zuul
2018-10-10Merge "Fix: Workaround kube-proxy keeping stale IPs"Zuul
2018-10-10Make kube-proxy liveness probe more cautiousMark Burnett
This update makes it so list of services without endpoints detected on the host must be static to cause failure. This avoids race conditions for large deployments where new services are being added over several minutes, and trigger probe failures. Change-Id: Ie65c8613cb85bfdf61d41099540d3499ea1de817 Notes (review): Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Workflow+1: Bryan Strassner <bryan.strassner@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 10 Oct 2018 19:03:10 +0000 Reviewed-on: https://review.openstack.org/609443 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-09Merge "Re-align Kubernetes proxy chart with upstream DS"Zuul
2018-10-09Fix: Workaround kube-proxy keeping stale IPsMark Burnett
This updates the liveness probe to fail when there are iptables rules from kube-proxy that don't appear in existing endpoints. Change-Id: I376be24566809a653417acfb84cac8f1c4e1a36e Notes (review): Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Workflow+1: Aaron Sheffield <ajs@sheffieldfamily.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 10 Oct 2018 16:32:10 +0000 Reviewed-on: https://review.openstack.org/605832 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-05Add /opt resources to cleanup.shKaspars Skels
Change-Id: I8795032932167f7b09ad9162fc2b9f8b86a7eb9a Notes (review): Code-Review+1: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+1: Chris Wedgwood <cw@f00f.org> Code-Review+2: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+1: Serge Kovaleff <sk607s@att.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Workflow+1: Mark Burnett <mark.m.burnett@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 10 Oct 2018 16:43:25 +0000 Reviewed-on: https://review.openstack.org/608390 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-05Merge "Treat warnings as errors in docs and fix warnings"Zuul
2018-10-05Make haproxy-anchor cleanup optionalAndrey Volkov
Continuation of Ia1449d188c15b71dd756e96b1ea2d4a672011a17. This patch creates the additional var "conf.anchor.enable_cleanup" that is true by default. False value will effectively disable cleanup procedure. Change-Id: I7f74454190dcd1d563d6cb3c9fef8504a3e0806a Notes (review): Code-Review+1: Serge Kovaleff <sk607s@att.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Code-Review+2: Scott Hussey <sthussey@att.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 23 Oct 2018 15:22:43 +0000 Reviewed-on: https://review.openstack.org/607707 Project: openstack/airship-promenade Branch: refs/heads/master
2018-10-05Merge "fix: Promenade exceptions documentation incorrectly rendering"Zuul