Synchronise master with upstream#558
Open
github-actions[bot] wants to merge 15 commits into
Open
Conversation
Due to implementation choices in qemu and libvirt, standard log rotate does not work on these console files, and instead the usual approach is to have libvirt's virtlogd rotate the contents of the console log file when it gets a bit big. OpenStack Compute knows how to read data from more than one rotated console log file if required to service a REST API request. OpenStack Kolla and Kolla-Ansible deploy OpenStack components in docker or podman containers. An error in the startup configuration for the nova_libvirt container results in the libvirt virtlogd daemon not being run, which results in this console log rotation not occurring. This opens up the risk of a disk usage denial of service attack on a hypervisor. The console log is stored on the same filesystem as ephemeral disks, and OpenStack Nova will take a hypervisor out of service if disk space becomes constrained. There is some protection from the instance console not being able to write data particularly quickly, but it is definitely still possible to fill the hypervisor file system -- especially if multiple instances are used. This misconfiguration appears to exist in all versions of Kolla / Kolla-Ansible as best as I can tell. Partial-Bug: 2155214 Change-Id: Ib62191e3022e5bcff781c12f662c9800fb210eb9 Signed-off-by: Michael Still <mikal@stillhq.com>
Change-Id: I7513f1ab627aa5137e16777ca6bee600e14a00e9 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
OpenDev does not have enough aarch64 node capacity at this point and the backlog has grown to several days, which is also blocking non-arm64 periodic jobs. This means new Kolla images are not published to Quay.io. Switch arm64 publish jobs to periodic-weekly so they stop blocking other publish jobs. Change-Id: Iffa7e2908c1beb083a9535e7328dcab687248c06 Signed-off-by: Pierre Riteau <pierre@stackhpc.com>
Following the PTG agreement, this commit extends the container configuration engine (set_configs.py) to support YAML format while maintaining backward compatibility with JSON. - Integrated 'yaml' library as a universal parser for both JSON and YAML formats (YAML is a superset of JSON) - Updated 'load_config' to search for 'config.json', 'config.yaml' - Added 'python3-yaml' (Debian) and 'python3-pyyaml' (RHEL) as required base packages in Dockerfile.j2 This change improves configuration readability and allows for easier maintenance while ensuring no breakage for existing JSON-based deployments. Change-Id: Icfb52b8f94e1036d5952b160c5921348d1427fda Signed-off-by: Piotr Milewski <vurmil@gmail.com>
Add --buildkit flag to use docker buildx build instead of the docker-py SDK. An optional --buildkit-builder selects a named buildx builder instance, enabling docker-container or remote drivers for multi-arch builds. --buildkit and --squash are mutually exclusive and rejected at startup. PushTask is skipped when buildkit is active; push is handled inline. Set buildkit as the new default. Change-Id: Idbf1d1bdc091bb84721f8006c2b916731b999859 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
This is no longer required Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/993932 Change-Id: I20a2ff0a97b9fad86b6103ec488a39e42cdba091 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
This release fixes multiple security issues [1]. [1] https://github.com/prometheus/prometheus/releases/tag/v3.5.4 Change-Id: I1ec8f15e14360422aa316779bd19195fd1f4f7a1 Signed-off-by: Pierre Riteau <pierre@stackhpc.com>
This reverts commit 4cdf881. Reason for revert: It's fixed in Horizon Change-Id: If7e6ad7114c69de2435732a45f7a86a7b9bfeca1 Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
github-actions
Bot
added
automated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains a snapshot of master from upstream master.