All Airship projects are moving to GitHub issues. This change adds a
GitHub security policy that links to the official Airship vulnerability
management process [0]. When users on GitHub click "New Issue" on this
GitHub repository, they will see an option to report a security
vulnerability, which will direct them to our official policy.
[0] https://airship-docs.readthedocs.io/en/latest/security/vulnerabilities.html
Change-Id: Iaf060dd0085c21f0c4f18f100e3e053b5ceedbed
Signed-off-by: Drew Walters <andrew.walters@att.com>
older version of pegleg render command had -o option to save the renedered yaml
with latest version of pegleg render command, -s is used to save renedered yaml
Change-Id: Ia4312a6a17ba88c86cea215163ce732bb06e9d37
Setting PEGLEG_PASSPHRASE and PEGLEG_SALT to pegleg container
to use it for encryption/decryption.
Change-Id: I2c5c01fb0ef7366dbc35d4f8730ac1aa9ca63db1
This PS removes set -x from general runs so that all the commands
will not be thrown in output.
Change-Id: I8068e170d632518a93f5bf097d3a88cc3af01433
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
During the recent Airship Working Committee meeting, the committee
addressed feedback from the Airship confirmation review [0]. One such
item was concerned with copyright footers mistakenly claiming rights to
all Airship documentation.
This change updates the footer to attribute documentation to all Airship
authors.
[0] https://etherpad.openstack.org/p/airship-wc-meeting-2019-12-09
Change-Id: I2a6ffc9ab279ffb34851e28ec6fb1294b47d3497
Signed-off-by: Drew Walters <andrew.walters@att.com>
This ps changes set -x to set -e in config.sh so that all the
commands will not throw in output
Change-Id: I08d2e56ea300509a3f579c888bfe6f1bd69deefd
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
This PS replaces resolv.conf link file with generated resolv.conf
and stops systemd-resolved service on build node which causes issue
with coredns container running on build node
Change-Id: Id317587b0c46fdc4822ac9b5bb27fef90bb17636
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
This PS enables vnc console for vms created by aiab scripts.
Change-Id: I7e882b80986a7a0868b793ab9783098cfc09092a
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
Make files collected and rendered by Pegleg (owned by root
and 640 by default) world-readable so non-root Promenade
processes can read them.
Change-Id: Ic5bce645ebf58c106fd59701b3f282f9e2455f0e
After timeout pipeline is trying to run deploy_site again and failed.
There is no info in debug report and console output about current status
if the shipyard action. Added new cmd to describe the action.
ceph-mon is detecting low disk space on n0, it's <70%. So, small increase
of disk space is needed.
Change-Id: Ia92390ccadec4485c37038187034a2978911accd
- Move the default temp location to /var/tmp so that gate
workspace directories persist across reboots
Change-Id: Ic11d163c3aba36a08f42bd1739003446aed3a0ce
kubectl_cmd uses ssh_cmd to run kubectl over ssh. ssh_cmd does not
allow to pass extra env vars in command.
So updated to use ssh_cmd_raw with env KUBECONFIG set
Change-Id: I1f2391a79002db15785644e10e673936c3dff4ed
PODs are being evicted due reduced disk size (30 from 64G).
The issue is constantly appearing around MAAS image deployment.
Change-Id: If8a0717a7f57d77d0c91a6798c774dc9cc06ecb6
- Add a shellcheck linter for the scripts in the multinode
framework
- Update all scripting to comply with shellcheck
- Move linting job to Ubuntu Bionic as the multinode gate now
requires Bionic versions of libvirt
Change-Id: Ibee645331421e1e6cecd4e3daa8e9c321dce5523
- With a extensible network configuration, selecting
the correct IP for a node needs a little more intelligence
Change-Id: I742270a4df440c02bb4bcc03badae3a96e094221
- Start documentation on crafting a framework scenario
manifest now that the framework supports significant
manifest-driven customization.
Change-Id: I7ed051238ce9262641615103ec73af3b0b1cc630
- In some cases, a user may want to provide their own stage
library or replace one of these built-in stages. Allow external
(to this framework) directories be specified as containing
stage scripts.
Change-Id: I468ea56a45e3c041e10040433e70eb9aa354ad9a
- Uplift the Drydock and MAAS charts
- New charts/HTK require Helm 2.14.1, so uplift tiller
and Armada to support this.
Change-Id: Ie63cff29a979f60f10c97b5b0cb08ed908ed85d4
This adds scripts that gather cluster object information
and namespaces object information. These scripts then
create a folder and both yaml and txt files for each
object
Change-Id: Ia22caef4503451e637b20e1d62c4bd50aedfece2
Prior change[0] breaks if apparmor profiles are not present in the
manifest. This commit allows the script to proceed if they are not
found.
[0]: https://review.opendev.org/#/c/676532/
Change-Id: Idc3f458c0002c707afceb6609de6822fb638f608
The bootactions which will be deployed via Drydock on nodes need
to be performed on Genesis node as well. This should be done as
part of pre-genesis setup before genesis.sh is executed.
This patchset allows apparmor profiles to be staged on the genesis
node in the same manner as seccomp profiles.
Change-Id: I418c955a131dc8e23ab5f4d900ae5ea4f7985468
Reference: https://review.opendev.org/644824
When running kubectl command from ssh_cmd, the env variable KUBECONFIG is not visible
and so the kubectl commands are failing with below error
"The connection to the server localhost:8080 was refused - did you specify the right host or port?"
Change-Id: I453f95b745a914aad5c608c5e5f625056e516add
- The persistence of the br_netfilter disable settings wasn't
working due to the br_netfilter kmod loading after sysctl
settings are applied. Add a udev rule so that the sysctl
settings are applied when the module loads.
Change-Id: I31eae66f953e644c09b86d5449ac79cf253d5df3