This project is mirrored from Pull mirroring updated .
  1. 21 Jun, 2018 1 commit
  2. 18 Jun, 2018 2 commits
  3. 14 Jun, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] enable tls in traefik ingress · 10a35cbd
      Ricardo Rocha authored
      Change traefik configuration to explicit declare the endpoints, and
      include an additional TLS endpoint on port 443.
      Drop -d as an option in traefik (debug), explicitly setting the logLevel
      for easier change if required by users.
      Rename --web (deprecated) to --api.
      Fixes OS-6287.
  4. 12 Jun, 2018 1 commit
  5. 08 Jun, 2018 2 commits
    • Spyros Trigazis's avatar
      [cern] k8s_fedora: Add admin user · c9487736
      Spyros Trigazis authored
      jira: OS-6474
      Add an admin service account and give it the
      cluster role. It can be used for access apps
      with token authentication like the
      Remove the cluster role from the dashboard service account.
      Change-Id: I7980c0e72b0d71921e42af7338d02b8a1e563c34
      Closes-Bug: #1766284
      (cherry picked from commit 91d5229b)
    • Ricardo Rocha's avatar
      [cern] Add CSI and CEPH support to Kubernetes · 42d35211
      Ricardo Rocha authored
      Add a new label 'kube_csi_enabled' controlling the configuration of the
      CSI provisioner and attacher. These are the basic sidecar containers
      required to have additional CSI drivers - but they do not include the
      configuration of any specific driver.
      Additional feature gates are enabled - CSIPersistentVolume and
      MountPropagation, on apiserver, controller-manager and kubelet.
      Configure the ceph csi plugin by deploying the driver container in every
      minion, along with the driver registrar.
  6. 04 Jun, 2018 1 commit
  7. 20 Apr, 2018 1 commit
  8. 16 Apr, 2018 1 commit
    • Ricardo Rocha's avatar
      [cern] Add host certificate setup, uniform cern-setup · 6c17e06e
      Ricardo Rocha authored
      Add configuration of the cern-hostcert atomic system container, filling
      in /etc/grid-security with the key and cert pem files.
      As we rely on the host keytab for this, move all the CERN certificate
      related setup to one file (, and wait for the keytab to be
      properly set before proceeding to the host certificate configuration.
      New flags cern_enabled and cern_tag control if this setup should be done
      and which tag to use for the cern related setup container images.
  9. 26 Mar, 2018 2 commits
  10. 08 Mar, 2018 3 commits
  11. 07 Mar, 2018 1 commit
  12. 27 Feb, 2018 8 commits
    • Daniel Abad's avatar
      [cern] Get ssh public key from nova in bm nodes · f78a1b0b
      Daniel Abad authored
      Change-Id: Ia4cc4895c7a7cac72eeb5b803e3717937d56a528
    • Ricardo Rocha's avatar
      [cern] swarm: add docker_ce_version label · 6aecfdcd
      Ricardo Rocha authored
      Add a new docker_ce_version label to enable replacing the built-in
      docker package with an upstream community version, using a container.
    • Ricardo Rocha's avatar
      [cern] add cvmfs storage driver config to swarm · 33e00a1c
      Ricardo Rocha authored
      Add a new label 'cvmfs_storage_driver' with a boolean value indicating
      if the CVMFS storage driver should be enabled or not.
      Add an additional config resource to setup this driver. For the moment
      it also does:
      * setup docker-ce as an atomic system container, replacing the atomic
        docker package
      * enable 'experimental' in the docker daemon, allowing docker plugins
      Eventually this setup will be replaced with upstream reviewed patches.
    • Ricardo Rocha's avatar
      [cern] Make werkzeug log the client IP when using proxy · c77b3922
      Ricardo Rocha authored
      By default werkzeug is taking the REMOTE_ADDR as the client IP, which
      gives the proxy IP when using a reverse proxy. Check for the
      X-Forwarded-For header and also log that IP when it's available.
      Werkzeug has a ProxyIP fixer which does something similar changing the
      REMOTE_ADDR env var, but this is not used for logging.
      Change-Id: Ib61bd9ac6767f67f06c7e7a3158be959f9a898d3
      Closes-Bug: #1666943
    • Ricardo Rocha's avatar
      [cern] add docker cvmfs driver configuration · a36740f3
      Ricardo Rocha authored
      Add docker-volume-cvmfs configuration as an atomic system container to
      swarm and kubernetes drivers.
      For kubernetes, add the appropriate plugin symlink under
    • Ricardo Rocha's avatar
      [cern] disable cern-services (no dns wait on boot) · 2cd71a75
      Ricardo Rocha authored
      Set metadata property cern-services to false to all master and slave nodes
      in all drivers. This prevents nova from waiting until the node appears in
      the cern dns before considering it active.
      We don't rely on dns for any part of the magnum installation.
      Change-Id: If9898b6386c8f753eb51d9fb04932d2238bd4791
    • Ricardo Rocha's avatar
      [cern] drop dependency on neutron objects · 455e4a02
      Ricardo Rocha authored
      drop dependency on neutron networks, subnets, routers, floating ips,
      security groups, load balancers.
      we don't currently have neutron enabled everywhere, and for several
      cases these concepts are not yet supported by our neutron setup
      (routers, floating ips, security groups, load balancers) or are
      not available to users (networks, subnets).
      for cases where the node ip is required, rely instead on the first_ip
      exposed by the heat resource.
    • Ricardo Rocha's avatar
      [cern] setup cern ca certificates · 9f6d93b9
      Ricardo Rocha authored
      drop the cern ca certificates in the default location, so standard tools
      can do remote calls to CERN services without disable tls checks.
      Change-Id: I6ea9def9f1e75362c577d91995f5cf1a94c32e78
  13. 26 Feb, 2018 1 commit
  14. 23 Feb, 2018 3 commits
  15. 22 Feb, 2018 12 commits