SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for caasp-container-manifests-4.0.0+git_r333_646322a-lp150.72.1.noarch.rpm :

* Fri Jan 18 2019 Containers Team - Commit ced474b by Maximilian Meister mmeisterAATTsuse.de point to registry.suse.com for the container images Signed-off-by: Maximilian Meister
* Wed Jan 16 2019 Containers Team - Commit b64a049 by Maximilian Meister mmeisterAATTsuse.de adapt registry for now at some point we can remove this functionality but for now adapt the image path to the up-to-date registry.suse.com Signed-off-by: Maximilian Meister
* Wed Dec 12 2018 jmassaguerplaAATTsuse.com- fix bsc#1118157: namespace should be sle12 for caasp4
* Mon Dec 03 2018 jmassaguerplaAATTsuse.com- Fix namespace for addons (bsc#1118108)
* Thu Oct 18 2018 containers-bugownerAATTsuse.de- Commit 7d9fb2a by Florian Bergmann fbergmannAATTsuse.de Move patch to the correct location for concourse pipeline. Patches are expected to be in packaging/suse/patches/
*.patch
* Thu Oct 18 2018 containers-bugownerAATTsuse.de- Commit 16c5452 by Florian Bergmann fbergmannAATTsuse.de Add patch for adding concrete tags to images. This is needed in SLE15, otherwise the images will be :__TAG__ which won\'t exist in the registry. Commit 73887fe by Florian Bergmann fbergmannAATTsuse.de Store the registry configuration as part of the manifests. This information will be modified and set during the build-time of the packages, depending on the distribution it will be released to: on SLE15 the information will contain the registry and set the use_registry to true, on SLE12 the use_registry will remain false and use the images from container-feeder.
* Thu Oct 11 2018 jmassaguerplaAATTsuse.com- Use SUSE official Registry. This package should be in the SUSE namespace
* Thu Oct 11 2018 containers-bugownerAATTsuse.de- Commit 07cb68b by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Use 3.0 images instead of head images Because the images from head will be removed to avoid duplications. The ones we are using is the ones from 3.0 project, cause those ones cannot be removed. Signed-off-by: Jordi Massaguer Pla
* Tue Oct 09 2018 containers-bugownerAATTsuse.de- Commit 07cb68b by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Use 3.0 images instead of head images Because the images from head will be removed to avoid duplications. The ones we are using is the ones from 3.0 project, cause those ones cannot be removed. Signed-off-by: Jordi Massaguer Pla
* Tue Sep 25 2018 containers-bugownerAATTsuse.de- Commit 74fdaab by Jordi Massaguer Pla jmassaguerplaAATTsuse.de use the sles12 images from registry.suse.de This is a first step towards using the registry. We will use an internal one in registry.suse.de Later, we will use the registry.suse.com for caasp and registry.opensuse.org for kubic, however, we have to figure out the tagging strategy if we want to use kubic images or images based on sle15. Thus, for now, we start using the sles12 images which have a fixed tag. Signed-off-by: Jordi Massaguer Pla
* Tue Sep 25 2018 containers-bugownerAATTsuse.de- Commit 1bebec5 by Vicente Zepeda Mas vzepedamasAATTsuse.com Fix bsc#1099045 adds annotation to use docker/default seccomp profile Signed-off-by: Vicente Zepeda Mas
* Mon Jul 23 2018 containers-bugownerAATTsuse.de- Commit 5b6cfa2 by Maximilian Meister mmeisterAATTsuse.de re-introduce config flag with the kubelet-config.yaml we need it again kubelet#config Signed-off-by: Maximilian Meister
* Fri Jul 06 2018 containers-bugownerAATTsuse.de- Commit f23f049 by Maximilian Meister mmeisterAATTsuse.de use 503 error file (bsc#1080636) Signed-off-by: Maximilian Meister Commit 5ceb972 by Maximilian Meister mmeisterAATTsuse.de mount static pages from velum-branding (bsc#1080636) Signed-off-by: Maximilian Meister
* Thu Jul 05 2018 containers-bugownerAATTsuse.de- Commit 79bf8f4 by Alvaro Saurin alvaro.saurinAATTgmail.com We should generate a random CA serial number. According to the CA/Browser Forum Baseline Requirements section 7.1: \"CAs SHOULD generate non‐sequential Certificate serial numbers that exhibit at least 20 bits of entropy.\". In general it is considered a good practice to use a random number instead of a constant... feature#security
* Tue Jul 03 2018 containers-bugownerAATTsuse.de- Commit 0f2b13b by Maximilian Meister mmeisterAATTsuse.de drop branding mount for images the images have to be precompiled into the velum rpm, therefore a mount is useless velum#branding Signed-off-by: Maximilian Meister
* Thu Jun 21 2018 containers-bugownerAATTsuse.de- Commit fda5fa4 by Florian Bergmann fbergmannAATTsuse.de Fix bsc#1072242: Map the keyboard file into velum container. Map the keyboard file from the admin node into the valum container to make keyboard defined in YaST available. Signed-off-by: Florian Bergmann
* Tue Jun 12 2018 containers-buildsAATTsuse.de- Commit adb2262 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de fix favicon path Commit 5aed6c1 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de do not mount public directory Signed-off-by: Jordi Massaguer Pla Commit dfdf04a by Jordi Massaguer Pla jmassaguerplaAATTsuse.de move the images into the public directory but in a branding subfolder Signed-off-by: Jordi Massaguer Pla Commit 0e9705a by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Do not mount the public directory or the compiled assets get hidden in the iso Mounting the public directory from the host, was \"hidding\" the assets files present in the public directory and so our images were broken. This was only happening in the iso and not in our dev environments because in production we have the assets precompiled and we don\'t compile them on the fly, since we don\'t have a js engine installed. Signed-off-by: Jordi Massaguer Pla
* Thu Jun 07 2018 containers-buildsAATTsuse.de- Commit e38f5ea by Jordi Massaguer Pla jmassaguerplaAATTsuse.de We removed the mysql dir, so we need to do the same in the package msyql dir was removed in https://github.com/kubic-project/caasp-container-manifests/pull/189 Fixes: bsc#1095335 Signed-off-by: Jordi Massaguer Pla
* Thu Jun 07 2018 containers-buildsAATTsuse.de- Commit ea9e260 by Rafael Fernández López ereslibreAATTereslibre.es Configure `innodb_log_file_size` to a 128M limit When a salt output is big enough, mysql will refuse to insert the offending row for being too big, with an error: ``` [ERROR ] Could not store events - returner \'mysql.event_return\' raised exception: (1118, \'The size of BLOB/TEXT data inserted in one transaction is greater than 10% of redo log size. Increase the redo log size using innodb_log_file_size.\') ``` Whatever we set as `innodb_log_file_size` will be an arbitrary number that will eventually be flooded if the cluster is big enough, or if salt is noisy enough. Given a cluster size, this can suddenly fail if we add more states (thus, increasing salt\'s output). Obviously, given the same salt states, we can also reach this limit by increasing the cluster size. There is not a definitive fix for this issue, all we can do for now (without a proper refactor of the way we integrate salt and velum) is to ensure that with todays salt states we can reach a certain number of nodes. As said, this can no longer be true if we add more salt states and we reach again the limit for the same cluster size. Fixes: bsc#1095335
* Wed May 30 2018 containers-bugownerAATTsuse.de- Commit eda9a39 by Maximilian Meister mmeisterAATTsuse.de mount velum branding feature#branding Signed-off-by: Maximilian Meister
* Wed May 30 2018 containers-bugownerAATTsuse.de- Commit 70b16ee by David Cassany dcassanyAATTsuse.de Make use of the %license macro
* Wed May 30 2018 containers-bugownerAATTsuse.de- Commit aadfa9b by David Cassany dcassanyAATTsuse.de Spec cleaning
* removed env shebang from setup-mysql.sh
* removed executable bit from some config files
* Tue May 29 2018 containers-bugownerAATTsuse.de- Commit 31544c4 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Only require image rpms if we are in a sle version older than sle15 because sle15 will use the suse registry Signed-off-by: Jordi Massaguer Pla Commit 8ebc884 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Revert \"Remove image RPM requirements\" This reverts commit 433738bf4bda5eabce933039b504b5b5690f03c5. Image RPMs are still required by versions < SLE15
* Mon May 28 2018 containers-bugownerAATTsuse.de- Commit 1e7d2ed by Jordi Massaguer Pla jmassaguerplaAATTsuse.de [Packaging] Require container feeder on sle versions older than sle15 We were requiring container feeder on distributions different than sle15, but actually we need them to be older, as sle15 and
*newer
* dont\' require it. Signed-off-by: Jordi Massaguer Pla Commit 433738b by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Remove image RPM requirements CaaSP 4 (SLE15) won\'t require the images be installed as RPMs Signed-off-by: Jordi Massaguer Pla Commit c6855a1 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de fix image name for CaaSP4 We have changed the naming of the images. Instead of calling them sleXY/image_name, we call them caasp/image_name, so we don\'t have to create a new package each time we change the base image. Signed-off-by: Jordi Massaguer Pla
* Fri May 25 2018 containers-bugownerAATTsuse.de- Commit ce01435 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Do not requires container-feeder for SLE15 We will be using the SUSE Registry for SLE15 Signed-off-by: Jordi Massaguer Pla
* Wed May 16 2018 containers-bugownerAATTsuse.de- Commit b74681d by Rafael Fernández López ereslibreAATTereslibre.es Update manifests to match haproxy changes to work as an http proxy fix bsc#1071994
* Tue May 15 2018 containers-bugownerAATTsuse.de- Commit fdda2c3 by Kiall Mac Innes kiallAATTmacinnes.ie Add Housekeeping Job
* Wed May 09 2018 containers-bugownerAATTsuse.de- Commit 2dec06e by Rafael Fernández López ereslibreAATTereslibre.es Run Velum\'s `bin/init` as an init container This will ensure that when the dashboard, api and event processor start, the database has been created and/or migrated at all times. This avoids the weird situation in which the api and event-processor can start while the dashboard was still migrating the database, causing side-effects if Rails already cached some model attributes on other processes. Fixes: bsc#1091843
* Tue May 08 2018 containers-bugownerAATTsuse.de- Commit c0644aa by Jordi Massaguer Pla jmassaguerplaAATTsuse.de update version to 4.0.0+dev
* Mon May 07 2018 containers-bugownerAATTsuse.de- Commit 73a51a2 by Thorsten Kukuk kukukAATTthkukuk.de Run activate.sh from admin-node-init.service during the first boot
* Mon Apr 23 2018 containers-bugownerAATTsuse.de- Commit b34c443 by Kiall Mac Innes kiallAATTmacinnes.ie salt-master and salt-api should not load each others configuration files Since both need different log_level settings, they need their own config files. The intent for these two files was just that - api specific, and master specific settings.
* Wed Apr 18 2018 containers-bugownerAATTsuse.de- Commit ccbb3d7 by Rafael Fernández López ereslibreAATTereslibre.es Add minion reconciler to the event processor. Feature#force-remove-nodes
* Mon Apr 16 2018 containers-bugownerAATTsuse.de- Commit 2701ede by Thorsten Kukuk kukukAATTthkukuk.de Fix version number of pause image for SLE15 and Factory
* Thu Apr 12 2018 containers-bugownerAATTsuse.de- Commit dbbfa42 by Kiall Mac Innes kiallAATTmacinnes.ie Pass through /etc/caasp/pillar-seeds to Velum Dashboard container This allows for pre-seeding any pillar values specified in the above directory.
* Fri Mar 23 2018 containers-bugownerAATTsuse.de- Commit 5aeb3dc by Michal Jura mjuraAATTsuse.com Mount /etc/caasp/cpi directory to velum
* Thu Mar 22 2018 containers-bugownerAATTsuse.de- Commit d429409 by Thorsten Kukuk kukukAATTthkukuk.de Move /etc/issue.d/90-velum.conf to /run/issue.d/80-velum.conf (it\'s only valid until next reboot) and call issue-generator at the end [bsc#1047192].
* Thu Mar 22 2018 containers-bugownerAATTsuse.de- Commit 7b30b38 by Thorsten Kukuk kukukAATTthkukuk.de ifconfig is deprecated since years and removed from SLE15
* Thu Mar 15 2018 containers-bugownerAATTsuse.de- Commit a90b497 by Richard Brown rbrownccbAATTopensuse.org Remove Kubic workaround, caasp-tools no longer conflicts
* Wed Mar 14 2018 containers-bugownerAATTsuse.de- Commit 6103539 by Richard Brown rbrownccbAATTopensuse.org Change manifest __TAG__\'s for Kubic also
* Mon Mar 05 2018 rbrownAATTsuse.com- Remove Kubic workaround, caasp-tools no longer conflicts
* Tue Feb 27 2018 containers-bugownerAATTsuse.de- Commit d02a181 by Kiall Mac Innes kiallAATTmacinnes.ie Haproxy: Remove daemon config flag
* Tue Feb 27 2018 containers-bugownerAATTsuse.de- Commit 4a6ade3 by Kiall Mac Innes kiallAATTmacinnes.ie Fix three upgrade issues
* Migrate the old HAProxy config over
* Add the new static velum/velum-api haproxy sections
* Generate the missing
*-bundle.pem files Fixes bsc#1080978
* Tue Feb 27 2018 containers-bugownerAATTsuse.de- Commit 7a8e1d1 by Flavio Castelli fcastelliAATTsuse.com Make entrypoint of mariadb-user-secrets container more robust I\'ve run into a timing issue that caused the root password of mariadb
*
*not
*
* being injected into the running container \"mariadb-user-secrets\" in time. That caused the container to enter an infinite loop consisting of trying to connect to mariadb as root without a specifying password, getting an error message, sleeping 1 second and trying again. This is an init container, as long as it\'s running kubelet won\'t start over containers, like openldap, velum-
*, salt-
*,... With this change the mariadb entrypoint waits untile the file containing the root password exists and is not empty. Signed-off-by: Flavio Castelli
* Tue Feb 27 2018 containers-bugownerAATTsuse.de- Commit da3c5cc by Kiall Mac Innes kiallAATTmacinnes.ie Update missed LDAP_HOST value from 127.0.0.1 to ldap.infra.caasp.local I don\'t think this value is actually used, however, for consistency, lets set it to the correct value. We may want to check if it\'s used and remove if not.
* Mon Feb 26 2018 containers-bugownerAATTsuse.de- Commit 30edb7c by Maximilian Meister mmeisterAATTsuse.de enable certificate validation for net-ldap CVE-2017-17718 requires net-ldap to validate the certificate therefore set a fixed resolvable name for ldap and generate the certificate for it Signed-off-by: Maximilian Meister
* Thu Feb 22 2018 containers-bugownerAATTsuse.de- Commit 30edb7c by Maximilian Meister mmeisterAATTsuse.de enable certificate validation for net-ldap CVE-2017-17718 requires net-ldap to validate the certificate therefore set a fixed resolvable name for ldap and generate the certificate for it Signed-off-by: Maximilian Meister
* Fri Feb 16 2018 containers-bugownerAATTsuse.de- Commit 51731ef by Kiall Mac Innes kiallAATTmacinnes.ie Velum Dash and API both attempt to bind to the same port It\'s not possible to reliably bind to 0.0.0.0:443 for one service, and 127.0.0.1:443 for another service. As such, we\'ll move velum-api over to 127.0.0.1:444
* Thu Feb 15 2018 containers-bugownerAATTsuse.de- Commit 94ec5bb by Kiall Mac Innes kiallAATTmacinnes.ie Increase haproxy timeouts from 50sec, to 120sec Some components have a 60 second timeout for salt request timeouts, e.g the salt-api server which is called by Velum. Increase this timeout to double their timeouts to allow the real failures to be disclosed. We\'ll likely want to rework how timeouts are handled soon accross all our components.
* Mon Feb 12 2018 containers-bugownerAATTsuse.de- Commit e8ace8f by Kiall Mac Innes kiallAATTmacinnes.ie Fix a build error introduced by the previous change: [ 26s] caasp-container-manifests-3.0.0+git_r240_60aff03-1.1.noarch.rpm: directories not owned by a package: [ 26s] - /etc/caasp
* Mon Feb 12 2018 containers-bugownerAATTsuse.de- Commit d707d7d by Kiall Mac Innes kiallAATTmacinnes.ie Move haproxy config to /etc/caasp/haproxy This avoids a conflict between the caasp-container-manifests package, and the haproxy package.
* Thu Feb 08 2018 containers-bugownerAATTsuse.de- Commit d18485c by Kiall Mac Innes kiallAATTmacinnes.ie Sync haproxy manifest with salt repo The haproxy manifest is duplicated between the salt and c-c-m repo, sync the recent changes from the salt repo over here to keep everything lined up. Syncs 25c660fd92150fbf8b1a7213282d2f9ead9a67e6 from the salt repo.
* Wed Feb 07 2018 containers-bugownerAATTsuse.de- Commit 96952e7 by Richard Brown rbrownccbAATTopensuse.org Use base_image name as \'kubic-\' for kubic images
* Tue Feb 06 2018 containers-bugownerAATTsuse.de- Commit a52dec4 by Joachim Gleissner jgleissnerAATTsuse.com Add mount for public cloud pillar
* Tue Feb 06 2018 containers-bugownerAATTsuse.de- Commit db81118 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de [packaging] replace sles12/pause image by tumbleweed/pause image for kubic Signed-off-by: Jordi Massaguer Pla
* Mon Feb 05 2018 containers-bugownerAATTsuse.de- Commit 682c2a1 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Fix a conflict in Factory caasp-tools provides the activate.sh script when building in Factory Signed-off-by: Jordi Massaguer Pla
* Mon Feb 05 2018 containers-bugownerAATTsuse.de- Commit 8f06135 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de [packaging] Use pipe instead of per-cent in the sed expression as per-cent is reserved for rpm macros Signed-off-by: Jordi Massaguer Pla
* Thu Feb 01 2018 containers-bugownerAATTsuse.de- Commit cba5612 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Add kubic images If this package is built in tumbleweed,the images should be named tumbleweed and not sle12. When this builds on sle15, the images should be named sle15. We cannot use the same name for the different suse versions as if this images were in a registry, they should be named different.
* Fri Jan 19 2018 containers-bugownerAATTsuse.de- Commit a185168 by Federico Ceratto federico.cerattoAATTsuse.de Disable swap bsc#1075001
* Mon Jan 15 2018 containers-bugownerAATTsuse.de- Commit a0d7831 by Rafael Fernández López ereslibreAATTereslibre.es Fix version to 3.0.0+dev
* Mon Dec 18 2017 containers-bugownerAATTsuse.de- Commit 793b753 by Rafael Fernández López ereslibreAATTereslibre.es Do not use FileOrCreate resource type. The init container for the secrets will create this file.
* Fri Dec 01 2017 containers-bugownerAATTsuse.de- Commit 735919a by Kiall Mac Innes kiallAATTmacinnes.ie Move manifests into a subdirectory This allows us to remove the public.yaml / private.yaml hardcodes, which in turn allows us to split the public / private pods into more specific pods matching the typical patterns used to deploy workloads in K8S.
* Wed Nov 29 2017 containers-bugownerAATTsuse.de- Commit 3248cf2 by Rafael Fernández López ereslibreAATTereslibre.es Reuse `$DIR` when setting the prefix for the private folder Move constant functions to global vars.
* Mon Nov 27 2017 containers-bugownerAATTsuse.de- Commit 492a8c5 by Rafael Fernández López ereslibreAATTereslibre.es Add `%dir` directive for `/etc/haproxy`, so this RPM knows it tracks this directory
* Mon Nov 27 2017 containers-bugownerAATTsuse.de- Commit 65a58c6 by Rafael Fernández López ereslibreAATTereslibre.es Fix haproxy.cfg location on the RPM spec
* Mon Nov 27 2017 containers-bugownerAATTsuse.de- Commit 9f73951 by Rafael Fernández López ereslibreAATTereslibre.es Use HAProxy from the beginning for Velum too. This will help us with SSL termination on HAProxy side.
* Tue Nov 21 2017 containers-bugownerAATTsuse.de- Commit c1a0716 by Rafael Fernández López ereslibreAATTereslibre.es Generate username and password for the Velum internal API Also, mount the CA certificate in the salt-master container, as it is required for the Velum pillar to perform SSL/TLS requests. Fixes: bsc#1069145
* Mon Nov 06 2017 containers-bugownerAATTsuse.de- Commit e42f910 by Rafael Fernández López ereslibreAATTereslibre.es Follow prefix patterns for returner credentials too, as has been introduced in 17a0d8d8ac58ee8cb6d79849219b5631a60afa1e Fixes: bsc#1062248
* Fri Nov 03 2017 containers-bugownerAATTsuse.de- Commit 682830d by Rafael Fernández López ereslibreAATTereslibre.es Move init containers from annotations to their own section. Also, make indentation style unique throughout the manifests. Fixes: #114
* Tue Oct 10 2017 containers-bugownerAATTsuse.de- Commit a778319 by Maximilian Meister mmeisterAATTsuse.de wait for network to be online follow up of #127 bsc#1062284 Signed-off-by: Maximilian Meister
* Mon Oct 09 2017 containers-bugownerAATTsuse.de- Commit 01bff6b by Kiall Mac Innes kiallAATTmacinnes.ie Wait for network before running admin-node-setup.service As we need to know the IPs and hostnames for use in the TLS certificates this generates, we should ensure the network is up and running before this unit triggers. bsc#1062284
* Sat Oct 07 2017 containers-bugownerAATTsuse.de- Commit 3cc3db7 by Kiall Mac Innes kiallAATTmacinnes.ie Update VERSION file to 2.0.0+dev
* Fri Oct 06 2017 containers-bugownerAATTsuse.de- Commit be61fbd by Alvaro Saurin alvaro.saurinAATTgmail.com Fix wrong package name
* Fri Oct 06 2017 containers-bugownerAATTsuse.de- Commit 4a75b00 by Maximilian Meister mmeisterAATTsuse.de kubelet: update deprecated --config flag (bsc#1062011) new flag: --pod-manifest-path this needs to be done during upgrade to 2.0 otherwise kubelet wont start https://bugzilla.suse.com/show_bug.cgi?id=1062011 Signed-off-by: Maximilian Meister Commit 18fa99d by Kiall Mac Innes kiallAATTmacinnes.ie Ensure LDAP cert is generated on upgrade Moving the call to gen-certs.sh from activate.sh, over to admin-node-setup.sh will ensure that any missing certs are generated upon upgrade. This will ensure the new LDAP cert is created. In order to preserve issue generation, which contains the Velum key fingerprint, we must also move this to admin-node-setup. bsc#1062022 Commit 86edf7c by Kiall Mac Innes kiallAATTmacinnes.ie Move salt-master-custom.conf creation to admin-node-setup activate.sh is only ran once, during a fresh install. This step is required on fresh installs, and 1.0 -> 2.0 upgrades, so moving to admin-node-setup.sh and ensuring idempotency will resolve this issue. bsc#1062003
* Wed Oct 04 2017 containers-bugownerAATTsuse.de- Commit 260a882 by Alvaro Saurin alvaro.saurinAATTgmail.com Re-add the sle12-flannel-image
* Mon Oct 02 2017 containers-bugownerAATTsuse.de- Commit 1125bcf by Nikhil Manchanda SlickNikAATTgmail.com Add helm tiller image
* Thu Sep 21 2017 containers-bugownerAATTsuse.de- Commit 17a0d8d by Kiall Mac Innes kiallAATTmacinnes.ie Allow custom options to be passed to the Salt Master Create a file for custom salt-master configuration options to be supplied. This will be loaded in numeric order, allowing for certain options (e.g. worker thread counts). bsc#1059724
* Wed Sep 20 2017 containers-bugownerAATTsuse.de- Commit 66f75e1 by Robert Roland robert.rolandAATTsuse.com Put the OpenLDAP config db and data db on the host OpenLDAP did not put its configuration database and data database on the admin node\'s filesystem, so if the OpenLDAP container restarted, all login data and TLS configuration data were lost. Fixes bsc#1059407
* Fri Sep 15 2017 containers-bugownerAATTsuse.de- Commit 531839c by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Revert requirement on helm-tiller image. We will add this later. Signed-off-by: Jordi Massaguer Pla
* Wed Sep 13 2017 containers-bugownerAATTsuse.de- Commit fed0ac3 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de add helm tiller image Signed-off-by: Jordi Massaguer Pla
* Wed Sep 13 2017 containers-bugownerAATTsuse.de- Commit 8d9256d by Jordi Massaguer Pla jmassaguerplaAATTsuse.de update openldap and dex version requirement Signed-off-by: Jordi Massaguer Pla
* Wed Sep 13 2017 containers-bugownerAATTsuse.de- Commit 188d179 by Robert Roland robert.rolandAATTsuse.com Removing hardcoded admin password for LDAP Switching to sles12/openldap image from other image
* Mon Sep 11 2017 containers-bugownerAATTsuse.de- Commit 838e5ac by Robert Roland robert.rolandAATTsuse.com Adding RBAC dependencies to make_spec
* Mon Sep 11 2017 containers-bugownerAATTsuse.de- Commit 0931f23 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Revert \"Revert \"update image requirements\"\" This reverts commit cc67389ddc19b50cf49ba9139389f4ab3cbb8aa9. This is to update the requirements for the sles12sp3 images. We had to revert that because the images were not in the iso.
* Thu Sep 07 2017 containers-bugownerAATTsuse.de- Commit d010b99 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de flannel docker image is not yet needed This image is for CNI and we still don\'t need this Signed-off-by: Jordi Massaguer Pla
* Wed Sep 06 2017 containers-bugownerAATTsuse.de- Commit cc67389 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de Revert \"update image requirements\" This reverts commit 777e2226d8055566212bd7fc16e5b9324210fa0a. This broke our dvd cause the new packages are not yet in. Let\'s revert it and do this again once the new packages are in.
* Wed Sep 06 2017 containers-bugownerAATTsuse.de- Commit 777e222 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de update image requirements For CAASP 2.0, image version is > 2.0 and we have renamed the images to not contain \"docker\" in its name. Signed-off-by: Jordi Massaguer Pla
* Tue Sep 05 2017 containers-bugownerAATTsuse.de- Commit e21f9a6 by Robert Roland rob.rolandAATTgmail.com RBAC: Adding OpenLDAP to admin node (#89)
* adding OpenLDAP container to the public manifest
* Adding LDAP configuration to velum
* Fri Sep 01 2017 containers-bugownerAATTsuse.de- Commit 1f7ce09 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de update requirements of docker images admin-node-setup.sh script expects images to have a .tag file in order to substitute the __TAG__ tags in public.yaml and private.yaml This .tag is in the update images, which are >= 1.1.0
* Mon Aug 28 2017 containers-bugownerAATTsuse.de- Commit 5ed140b by Kiall Mac Innes kiallAATTmacinnes.ie Use the tagfiles rather than hardcoding a tag This decouples our manifests from the tag of the images contained within the RPMs. These tagfiles will contain the latest, and most specifc, tag for a given image.
* Mon Aug 28 2017 containers-bugownerAATTsuse.de- Commit 35c6630 by Aishwarya Thangappa aishwarya.thangappaAATTgmail.com Include kubedns, dnsmasq-nanny and sidecar as dependecies
* Fri Aug 18 2017 containers-bugownerAATTsuse.de- Commit 89e2fa5 by Alvaro Saurin alvaro.saurinAATTgmail.com Require the flannel docker image
* Fri Aug 18 2017 containers-bugownerAATTsuse.de- Commit 66e9487 by Kiall Mac Innes kiallAATTmacinnes.ie Include haproxy as a dependency haproxy will be used to loadbalance requests over the chosen masters, so we\'ll need to include the haproxy docker RPM as a dependency.
* Thu Aug 17 2017 containers-bugownerAATTsuse.de- Commit 5b61692 by Kiall Mac Innes kiallAATTmacinnes.ie Increase MariaDBs max_allowed_packet to 16MB MariaDB\'s max allowed packet size is too small for some larger deployments, by increasing it, we allow ourselves some time to implement an alternative pattern for handling salt\'s event stream. Fixes bsc#1054250
* Fri Aug 11 2017 containers-bugownerAATTsuse.de- Commit 8473650 by Kiall Mac Innes kiallAATTmacinnes.ie etcd on admin node does not have any peers As such, there is no reason to listen on 0.0.0.0 for peering.
* Tue Jul 25 2017 containers-bugownerAATTsuse.de- Commit 1655395 by Flavio Castelli fcastelliAATTsuse.com Improve comment about how to access velum Be explicit about using `https://`, some users tried to access velum using `http://velum-ip:443`. Fixes bsc#1047310
* Mon Jul 24 2017 containers-bugownerAATTsuse.de- Commit 453eac7 by Rafael Fernández López ereslibreAATTereslibre.es Cache the grains on the `ca` container Rendering grains on the `ca` takes a fair amount of time if they are not cached, as lots of grains are falling back to other cases, making other calls like `publish.publish` timeout (timeouts by default after 5 seconds). Forcing the grains cache will be slow only the first time, when the grains get populated, and will get cached, making future uses faster. Fixes: bsc#1049886
* Thu Jul 20 2017 containers-bugownerAATTsuse.de- Commit 1676983 by Rafael Fernández López ereslibreAATTereslibre.es Add fingerprints to the velum issue By adding SHA1 and SHA256 fingerprints to the Velum issue, we can ensure that the instance we are accessing is the right one, and we are not mistaken (several clusters) or to reject a MITM, since the certificates chain of trust does not exist (the CA is autogenerated), and the customer has no way to import the CA as trusted for now. Fixes: bsc#1048135
* Fri Jul 14 2017 containers-bugownerAATTsuse.de- Commit d376008 by Maximilian Meister mmeisterAATTsuse.de make branch safe by transforming slashes to dashes Signed-off-by: Maximilian Meister Commit 4cfa01c by Maximilian Meister mmeisterAATTsuse.de packaging: make branch configurable Signed-off-by: Maximilian Meister
* Fri Jul 14 2017 containers-bugownerAATTsuse.de- Commit 1e3ef9e by Kiall Mac Innes kiallAATTmacinnes.ie Add Jenkinsfile The Jenkinsfile in each repo, if we adopt Jenkins in the end, will be very thin, including just a single library load, and a single method call. This prevents us from needing to keep each projects Jenkinsfile in sync as CI changes are made.
* Tue Jul 11 2017 containers-bugownerAATTsuse.de- Commit 1e3ef9e by Kiall Mac Innes kiallAATTmacinnes.ie Add Jenkinsfile The Jenkinsfile in each repo, if we adopt Jenkins in the end, will be very thin, including just a single library load, and a single method call. This prevents us from needing to keep each projects Jenkinsfile in sync as CI changes are made.
* Thu Jul 06 2017 containers-bugownerAATTsuse.de- Commit 2a2a6af by Kiall Mac Innes kiallAATTmacinnes.ie Reinstate critical flag on x509 extensions Reinstate the critiical flag on two x509 extenstions:
* X509v3 Basic Constraints (CA=False)
* X509v3 Key Usage (Digital Signature, Non Repudiation, Key Encipherment) bsc#1046708
* Tue Jul 04 2017 containers-bugownerAATTsuse.de- Commit c685e59 by Kiall Mac Innes kiallAATTmacinnes.ie Match up TLS cert generation to genca.sh
* Remove critical constraints
* Add nonRepudiation and digitalSignature key usages
* Include only the keyid Authority Identifier bsc#1046708 Commit eb05991 by Kiall Mac Innes kiallAATTmacinnes.ie Include a UUID in the CA\'s Subject field Including a random UUID in the CA\'s subject fields ensures that browsers do not cache certs from older deployments, preventing access to replacement deployments. bsc#1046881 Commit ee9d3ab by Kiall Mac Innes kiallAATTmacinnes.ie Include x509 Subject and Authority IDs in certs e.g: X509v3 extensions: X509v3 Subject Key Identifier: 15:5F:91:F5:63:EA:85:B6:91:AB:8C:A9:9E:C2:36:F0:FD:11:B8:2E X509v3 Authority Key Identifier: keyid:F2:AA:7D:21:48:9D:45:00:FA:0C:94:40:48:81:B7:92:33:B5:27:12 bsc#1046881 Commit 69a738d by Kiall Mac Innes kiallAATTmacinnes.ie End entity TLS certs should not be CA certs Use different extentions when self signing the CA cert, and when signing end entity certs. bsc#1047177 Commit 0c4bbd7 by Kiall Mac Innes kiallAATTmacinnes.ie CA: Add some logging to more easily identify the steps
* Fri Jun 30 2017 containers-bugownerAATTsuse.de- Commit 7ae4dac by Rafael Fernández López ereslibreAATTereslibre.es Rename `velum-dashboard-autoyast` to `velum-autoyast` We have a lot of processes in the development, e2e-tests and debugging environments that use `velum-dashboard`. Renaming the autoyast serving to `velum-autoyast` will make them still only match one container, the one they expect (actually both of them are practically the same thing, but to keep things as they were).
* Fri Jun 30 2017 containers-bugownerAATTsuse.de- Commit ab71633 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de fix requirements for the docker images This is needed to fix bsc#1046378 Signed-off-by: Jordi Massaguer Pla
* Thu Jun 29 2017 containers-bugownerAATTsuse.de- Commit f9ee78a by Rafael Fernández López ereslibreAATTereslibre.es Add gen-certs script This script will generate a CA and both certificates for services that require to start with TLS enabled: `velum` and `salt-api`. Thanks to Robert Roland (AATTrobdaemon) for providing the original script. Fixes: bsc#1043570 Fixes: bsc#1043589
* Wed Jun 28 2017 containers-bugownerAATTsuse.de- Commit 6714137 by Kiall Mac Innes kiallAATTmacinnes.ie Clear TX update grains on admin node boot bsc#1045379 Clear the tx_update_{reboot_needed,failed} grains upon boot. This ensures the UI doesn\'t continue to show an admin node upgrade after we\'ve upgraded.
* Wed Jun 28 2017 containers-bugownerAATTsuse.de- Commit aa1a388 by Alvaro Saurin alvaro.saurinAATTgmail.com Minor: some comments
* Wed Jun 28 2017 containers-bugownerAATTsuse.de- Commit 0ea70ff by Kiall Mac Innes kiallAATTmacinnes.ie Remove unnecessary code from activate.sh See SR#135010, SR#134883, SR#134572
* Wed Jun 28 2017 containers-bugownerAATTsuse.de- Commit b738430 by Graham Hayes graham.hayesAATTsuse.com bsc#1045350 Accept salt keys that have been pre-generated Currently the admin nodes salt minion starts before the container that generates and accepts keys is ran. This means that the salt minion is started with a key that is not accepted, and goes to a pending state. This checks if the key is pre-generated, and if we have accepted a key from this minion before. If the key has been generated, but not accepted, we accept the key and continue.
* Tue Jun 27 2017 containers-bugownerAATTsuse.de- Commit bf6b0f0 by Graham Hayes graham.hayesAATTsuse.com bsc#1043592 Use mktemp to create tmp directories Use `mktemp` to ensure that directory has a random name
* Tue Jun 27 2017 containers-bugownerAATTsuse.de- Commit 2ab0646 by Thorsten Kukuk kukukAATTthkukuk.de Fix ordner number of velum.conf for issue.d (we use only two digit numbers)
* Tue Jun 27 2017 containers-bugownerAATTsuse.de- Commit 09c947b by Jordi Massaguer Pla jmassaguerplaAATTsuse.de add the admin-node-setup script and service to the package This is the 3rd step to fix bsc#1045378 - activate.sh was not reran after admin node upgrade Commit 81a7983 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de add admin-node-setup service This is the second step to fix bsc#1045378 - activate.sh was not reran after admin node upgrade We create a service that will run the admin-node-setup.sh on every reboot (thus on every update) Enable this in the activate.sh Commit 68926c0 by Jordi Massaguer Pla jmassaguerplaAATTsuse.de split activate into 2 This is the first step to fix bsc#1045378 - activate.sh was not reran after admin node upgrade. We need to split the script in 2: - activate.sh: run only once after the installation - admin-node-setup.sh: run on every reboot (thus in every update)
* Mon Jun 26 2017 containers-bugownerAATTsuse.de- Commit d5a5ccc by Graham Hayes graham.hayesAATTsuse.com bsc#1043592 Add pre-generation of minion keys Generates 2 salt keys (ca and admin) and places them in the correct directories. This allows us to remove
*auto_accept
* from the master config file and select the rest of the members of the cluster. The admin key is writen out to
*/etc/salt/pki/minion/minion.(pub|pem)
* The ca key is written out the same path in the container. bsc#1043592
* Fri Jun 23 2017 containers-bugownerAATTsuse.de- Commit 1f5680c by Rafael Fernández López ereslibreAATTereslibre.es Mount `salt-master` and `salt-minion-ca` caches from the host This way we ensure that the mine information and other cached information survives reboots. Fixes: bsc#1045368
* Thu Jun 22 2017 containers-bugownerAATTsuse.de- Commit 5e81ace by Graham Hayes graham.hayesAATTsuse.com Add \'grains_refresh_every\' to config
* Tue Jun 20 2017 containers-bugownerAATTsuse.de- Commit ea55036 by Rafael Fernández López ereslibreAATTereslibre.es Connect the `salt-minion` in the administration dashboard machine to the `salt-master` Set the `admin` role to the administration dashboard machine, as well as the minion configuration (`id` and `master` location). This way we will leave the `salt-minion` in the administration dashboard connected to the `salt-master` for future orchestrated upgrades.
* Thu Jun 08 2017 containers-bugownerAATTsuse.de- Commit 6db8409 by Rafael Fernández López ereslibreAATTereslibre.es Do not mount `/usr/share/salt/kubernetes/config/master.d` from the host We will mounting other volumes on top of this on the containers, and they will fail because on the host, `/usr/share/salt/kubernetes/config/master.d` is a `RO` volume. We fix this by mounting all specific files in the containers instead of the top level directory of the hierarchy. This imposes us the restriction to modify the container manifests every time a new config file appears, but that should not happen very often. Otherwise, we cannot add our own configuration files on top of the `RO` mounted volume, because they will fail. In this case, the mounted folder on the containers will be `/etc/salt/master.d`, but in this case this folder won\'t be mounted from `/usr/share/salt/kubernetes/config/master.d`, it will live only in the container, and we will mount the specific files under it, what will avoid the `RO` volume problems from the host.
* Thu Jun 08 2017 containers-bugownerAATTsuse.de- Commit faa0ddb by Rafael Fernández López ereslibreAATTereslibre.es Do not mount these three mountpoints readonly Related to infrastructure secrets. It makes the container initialization to fail. Ideally they should be read-only, as they will only read from here, but something is trying to write in there, avoiding containers to start.
* Thu Jun 08 2017 containers-bugownerAATTsuse.de- Commit 46e5def by Rafael Fernández López ereslibreAATTereslibre.es Install setup folder -- we need it to mount the initialization scripts Related to hardcoded secrets removal, was a bug in the packaging side
* Wed Jun 07 2017 containers-bugownerAATTsuse.de- Commit 5c48335 by Rafael Fernández López ereslibreAATTereslibre.es Remove hardcoded secrets We will be generating secrets with init containers. These secrets will be created in a volume mounted from the host, so they survive reboots. While being sufficient for our GA purposes we will need to rethink how we do this in a HA environment. Some secrets are generated with the init containers:
* mysql root password
* mysql velum user password
* mysql salt user password
* saltapi user password Once we have generated all the passwords, we need to write this configuration on files that will be mounted on the different containers, so the different services can read the files where the passwords are written. By default, passwords will be created in files with permissions 400. Password generation uses `/dev/random`, performing a `base64` encoding to that random content, and pick up a line of the `base64` output. Images will take this environment variables and they will use their entrypoint to perform the required actions. Example:
* mariadb container will set the root password and do some initializations
* salt-master container will `chpasswd` the `saltapi` user to the generated saltapi password.
* Tue Jun 06 2017 containers-bugownerAATTsuse.de- Commit bf0bce0 by Kiall Mac Innes kiallAATTmacinnes.ie Bump image tag for salt pods to 2016.11.4
* Fri Jun 02 2017 containers-bugownerAATTsuse.de- Commit 331fd9b by Kiall Mac Innes kiallAATTmacinnes.ie Update RPM spec for salt 2016.11.4 As the RPM names have changed with the new tag, we need to update the spec to require the new salt version.
* Thu May 25 2017 containers-bugownerAATTsuse.de- Commit 1880b3f by Rafael Fernández López ereslibreAATTereslibre.es- Make substitution in a safer way for --pod-infra-container-image argument-- This wasn\'t working on our production image because we are using Kubernetes- 1.5 that in our config comes with the following setting in- /etc/kubernetes/kubelet:-- KUBELET_ARGS=\"--config=/etc/kubernetes/manifests\"-- On 1.6, --config has been completely removed and it will use- --pod-manifest-path, but not on our current installed configuration.-- By adding this change, we ensure that we only make the replacement once (if- the pod-manifest-path is already there we won\'t do anything), and we don\'t- rely on the current contents for making the substitution.-- Fixes: bsc#1039863
* Wed May 24 2017 containers-bugownerAATTsuse.de- Commit f24962e by Rafael Fernández López ereslibreAATTereslibre.es- Mount MariaDB configuration under `/etc/my.cnf.d`--
* Under SLE the configuration lives under `/etc/my.cnf.d`-
* Add `[mysqld]` section to the skip-networking file so it will be- processed by mysqld (otherwise it\'s ignored)-
* Mount only the `skip-networking.cnf` file, as other cnf files come- pre-installed in `/etc/my.cnf.d` and we would be shadowing them
* Tue May 23 2017 containers-bugownerAATTsuse.de- Commit b050481 by Michal Jura mjuraAATTsuse.com- Kubernetes does not pick the sles12/pause image, bsc#1039863-- Kubernetes does not pick the sles12/pause image, but the one from GCR on- OpenStack.-- After Kubernetes version upgrade KUBELET_ARGS changed and option --config for- sed regular expresion is not matched.-- This change is fixing sed regular expresion for- /etc/kubernetes/kubelet config file.
* Fri May 12 2017 containers-bugownerAATTsuse.de- Share ssh public key for autoyast profile, bsc#1030876
* Mon May 08 2017 containers-bugownerAATTsuse.de- Use the configuration files found in the kubernetes-salt package
* Wed May 03 2017 containers-bugownerAATTsuse.de- activate.sh: notify that velum is starting (bsc#1031682)
* Wed May 03 2017 containers-bugownerAATTsuse.de- Set the presence flag
* Wed Apr 26 2017 containers-bugownerAATTsuse.de- Mount mysql data dir
* Tue Apr 25 2017 containers-bugownerAATTsuse.de- Update salt-master configuration
* Tue Apr 25 2017 containers-bugownerAATTsuse.de- Update mysql paths after checking manifests in production- Migrate https://github.com/kubic-project/velum/pull/104 to production
* Tue Apr 25 2017 containers-bugownerAATTsuse.de- Migrate https://github.com/kubic-project/velum/pull/126/files to production
* Wed Apr 19 2017 containers-bugownerAATTsuse.de- Add missing VELUM_SALT_PASSWORD
* Tue Apr 18 2017 containers-bugownerAATTsuse.de- activate.sh: fix bsc#1032651
* Fri Mar 31 2017 containers-bugownerAATTsuse.de- Persist CA certificates and issued certificates
* Tue Mar 28 2017 containers-bugownerAATTsuse.de- Enable etcd using the activate.sh script
* Mon Mar 27 2017 containers-bugownerAATTsuse.de- Added a temporary fix for the pause container in the dashboard
* Fri Mar 24 2017 containers-bugownerAATTsuse.de- Rename database
* Fri Mar 24 2017 containers-bugownerAATTsuse.de- Remove leftover that made the kubelet ignore salt.yaml file
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- fix call to init
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- use bundle as this is a symlink now in the image- review entry commands
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- Fix TODO comments about path prefixes- Add velum configuration settings
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- Use port 80 by default
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- fix velum version in spec- replace opensuse by sles12 images
* Thu Mar 23 2017 containers-bugownerAATTsuse.de- redirect errors to standard error
* Wed Mar 22 2017 containers-bugownerAATTsuse.de- check if the activate is being run by YaST or by cloud-init
* Wed Mar 22 2017 containers-bugownerAATTsuse.de- Clarify the important assumption that DB container will not move to a different host after it is started for the very first time.
* Wed Mar 22 2017 containers-bugownerAATTsuse.de- fix enabled services in controller node
* Wed Mar 22 2017 containers-bugownerAATTsuse.de- add executable permissions to activate.sh
* Tue Mar 21 2017 containers-bugownerAATTsuse.de- fix velum name
* Mon Mar 20 2017 containers-bugownerAATTsuse.de- add the required images for caasp as Requires
* Fri Mar 17 2017 containers-bugownerAATTsuse.de- add activate in rpm
* Fri Mar 17 2017 containers-bugownerAATTsuse.de- Revert \"add pv-recycler-node image\"
* Wed Mar 15 2017 containers-bugownerAATTsuse.de- Revert \"add pv-recycler-node image\"
* Wed Mar 15 2017 containers-bugownerAATTsuse.de- add pv-recycler-node image
* Wed Mar 15 2017 containers-bugownerAATTsuse.de- use mariadb docker image based on sles12sp2
* Wed Mar 15 2017 containers-bugownerAATTsuse.de- update salt images to sles12 images
* Tue Mar 14 2017 containers-bugownerAATTsuse.de- packaging: don\'t expand inner variables in the template
* Tue Mar 14 2017 containers-bugownerAATTsuse.de- packaging: help automated packaging for caasp-container-manifests
* Thu Mar 09 2017 jmassaguerplaAATTsuse.com- Add configuration files
* Thu Mar 02 2017 hguoAATTsuse.com- New package, initial release.
  
ICM