Nova metadata : set clusterIP dynamically

This PS updates nova to set metadata's clusterIP dynamically and neutron to set nova_metadata_ip from metadata hosts If specify a clusterIP, it is hard-coded as before also. Change-Id: Ib0d6df8272bd8494bb59ffc8e6b2cfa36a901f60 Closes-Bug: #1715553
2017-10-13 18:16:45 +09:00 · 2017-10-13 18:16:45 +09:00 · 121a52dd93
commit 121a52dd93
parent c699614b2d
12 changed files with 143 additions and 6 deletions
--- a/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
@ -0,0 +1,30 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+metadata_ip="{{- .Values.conf.metadata_agent.DEFAULT.nova_metadata_ip -}}"
+if [ -z "${metadata_ip}" ] ; then
+    metadata_ip=$(getent hosts metadata | awk '{print $1}')
+fi
+
+cat <<EOF>/tmp/pod-shared/neutron-metadata-agent.ini
+[DEFAULT]
+nova_metadata_ip=$metadata_ip
+EOF
+
--- a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl
@ -20,7 +20,8 @@ set -x
 exec neutron-metadata-agent \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/metadata_agent.ini \
-      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+      --config-file /tmp/pod-shared/neutron-metadata-agent.ini
 {{- if eq .Values.network.backend "ovs" }} \
      --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
 {{- end }}
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -51,6 +51,8 @@ data:
 {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-metadata-agent.sh: |+
 {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-metadata-agent-init.sh: |+
+{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-openvswitch-agent.sh: |+
 {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-openvswitch-agent-init.sh: |+
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@ -40,6 +40,25 @@ spec:
      hostNetwork: true
      initContainers:
 {{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: neutron-metadata-agent-init
+          image: {{ .Values.images.metadata }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            runAsUser: {{ .Values.pod.user.neutron.uid }}
+          command:
+            - /tmp/neutron-metadata-agent-init.sh
+          volumeMounts:
+            - name: neutron-bin
+              mountPath: /tmp/neutron-metadata-agent-init.sh
+              subPath: neutron-metadata-agent-init.sh
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
      containers:
        - name: neutron-metadata-agent
          image: {{ .Values.images.metadata }}
@ -130,6 +149,9 @@ spec:
              readOnly: true
            - name: socket
              mountPath: /var/lib/neutron/stackanetes
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+              readOnly: true
 {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: neutron-bin
@ -148,5 +170,7 @@ spec:
        - name: socket
          hostPath:
            path: /var/lib/neutron/openstack-helm
+        - name: pod-shared
+          emptyDir: {}
 {{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -163,6 +163,8 @@ dependencies:
      endpoint: internal
    - service: compute
      endpoint: internal
+    - service: compute_metadata
+      endpoint: public
    daemonset:
    # this should be set to corresponding neutron L2 agent
    - neutron-ovs-agent
@ -1040,7 +1042,8 @@ conf:
  metering_agent: null
  metadata_agent:
    DEFAULT:
-      nova_metadata_ip: 10.97.120.234
+      # IF blank, set dynamically from metadata hosts
+      nova_metadata_ip:
      nova_metadata_port: 80
      nova_metadata_protocol: http
      metadata_proxy_shared_secret: "password"
@ -1119,10 +1122,23 @@ endpoints:
      api:
        default: 8774
        public: 80
-      metadata:
-        default: 8775
      novncproxy:
        default: 6080
+  compute_metadata:
+    name: nova
+    hosts:
+      default: nova-metadata
+      public: metadata
+    host_fqdn_override:
+      default: null
+    path:
+      default: /
+    scheme:
+      default: 'http'
+    port:
+      metadata:
+        default: 8775
+        public: 80
  identity:
    name: keystone
    auth:
--- a/nova/templates/bin/_nova-api-metadata-init.sh.tpl
+++ b/nova/templates/bin/_nova-api-metadata-init.sh.tpl
@ -0,0 +1,30 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+metadata_ip="{{- .Values.network.metadata.ip -}}"
+if [ -z "${metadata_ip}" ] ; then
+    metadata_ip=$(getent hosts metadata | awk '{print $1}')
+fi
+
+cat <<EOF>/tmp/pod-shared/nova-api-metadata.ini
+[DEFAULT]
+metadata_host=$metadata_ip
+EOF
+
--- a/nova/templates/bin/_nova-api-metadata.sh.tpl
+++ b/nova/templates/bin/_nova-api-metadata.sh.tpl
@ -21,7 +21,8 @@ COMMAND="${@:-start}"

 function start () {
  exec nova-api-metadata \
-        --config-file /etc/nova/nova.conf
+        --config-file /etc/nova/nova.conf \
+        --config-file /tmp/pod-shared/nova-api-metadata.ini
 }

 function stop () {
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@ -47,6 +47,8 @@ data:
 {{ tuple "bin/_nova-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  nova-api-metadata.sh: |
 {{ tuple "bin/_nova-api-metadata.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-api-metadata-init.sh: |
+{{ tuple "bin/_nova-api-metadata-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  nova-compute.sh: |
 {{ tuple "bin/_nova-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  nova-compute-init.sh: |
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@ -100,8 +100,10 @@ limitations under the License.
 {{- end -}}

 {{- if empty .Values.conf.nova.DEFAULT.metadata_host -}}
+{{- if .Values.network.metadata.ip -}}
 {{- set .Values.conf.nova.DEFAULT "metadata_host" .Values.network.metadata.ip | quote | trunc 0 -}}
 {{- end -}}
+{{- end -}}

 {{- if empty .Values.conf.nova.DEFAULT.metadata_port -}}
 {{- tuple "compute_metadata" "public" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "metadata_port" | quote | trunc 0 -}}
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@ -42,6 +42,25 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.metadata.timeout | default "30" }}
      initContainers:
 {{ tuple $envAll $dependencies $mounts_nova_api_metadata_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: nova-api-metadata-init
+          image: {{ .Values.images.api }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            runAsUser: {{ .Values.pod.user.nova.uid }}
+          command:
+            - /tmp/nova-api-metadata-init.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-api-metadata-init.sh
+              subPath: nova-api-metadata-init.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
      containers:
        - name: nova-api
          image: {{ .Values.images.api }}
@ -115,6 +134,9 @@ spec:
              mountPath: /etc/nova/rootwrap.d/network.filters
              subPath: network.filters
              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+              readOnly: true
 {{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: nova-bin
@ -125,5 +147,7 @@ spec:
          configMap:
            name: nova-etc
            defaultMode: 0444
+        - name: pod-shared
+          emptyDir: {}
 {{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/nova/templates/service-ingress-metadata.yaml
+++ b/nova/templates/service-ingress-metadata.yaml
@ -26,7 +26,9 @@ spec:
  ports:
  - name: http
    port: 80
+{{- if .Values.network.metadata.ip }}
  clusterIP: {{ .Values.network.metadata.ip }}
+{{- end }}
  selector:
    app: ingress-api
 {{- end }}
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -112,7 +112,8 @@ network:
      enabled: false
      port: 30774
  metadata:
-    ip: 10.97.120.234
+    # IF blank, set clusterIP and metadata_host dynamically
+    ip:
    port: 8775
    ingress:
      public: true
@ -150,6 +151,8 @@ dependencies:
      endpoint: internal
    - service: identity
      endpoint: internal
+    - service: compute_metadata
+      endpoint: public
  db_init:
    services:
    - service: oslo_db