openstack/openstack-helm
Code Issues Proposed changes

add compute-kit to openstack umbrella chart

Browse Source 
ADD: include new charts to the umbrella chart for comprehensive
     deployment of openstack-helm.

       * openvswitch
       * libvirt
       * neutron
       * nova
       * placement

Change-Id: I78d1c7c629024c3f9530239dff9f8eb9da598764
This commit is contained in:
Graham Steffaniak 2022-04-08 09:10:44 -05:00 committed by Dustin Specker
parent 8d5ddc9035
commit 2e5b7f9cb7
61 changed files with 1636 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Neutron description: OpenStack-Helm Neutron
name: neutron name: neutron
version: 0.2.17 version: 0.2.18
home: https://docs.openstack.org/neutron/latest/ home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources: sources:

8
neutron/templates/configmap-etc.yaml
View File

@ -12,6 +12,12 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- define "neutron.configmap.etc" }} {{- define "neutron.configmap.etc" }}
{{- $configMapName := index . 0 }} {{- $configMapName := index . 0 }}
{{- $envAll := index . 1 }} {{- $envAll := index . 1 }}
@ -161,7 +167,7 @@ just set it along with nova_metadata_host.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} {{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} {{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} {{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} {{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}} {{- end -}}

12
neutron/templates/pod-rally-test.yaml
View File

@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.pod_rally_test }} {{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }} {{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }} {{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }} {{- $serviceAccountName := print .deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: {{ print $envAll.Release.Name "-test" }} name: {{ print .deployment_name "-test" }}
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
@ -66,7 +72,7 @@ spec:
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }} value: {{ .Values.endpoints.identity.auth.test.role | quote }}
{{ if $envAll.Values.conf.rally_tests.force_project_purge }} {{ if $envAll.Values.conf.rally_tests.force_project_purge }}
- name: {{ .Release.Name }}-reset - name: {{ .deployment_name }}-reset
{{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }}
env: env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}

2
nova/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nova description: OpenStack-Helm Nova
name: nova name: nova
version: 0.2.39 version: 0.2.40
home: https://docs.openstack.org/nova/latest/ home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources: sources:

7
nova/templates/configmap-etc.yaml
View File

@ -11,6 +11,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- define "nova.configmap.etc" }} {{- define "nova.configmap.etc" }}
{{- $configMapName := index . 0 }} {{- $configMapName := index . 0 }}
@ -242,7 +247,7 @@ limitations under the License.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} {{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} {{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} {{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} {{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}} {{- end -}}

12
nova/templates/pod-rally-test.yaml
View File

@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.pod_rally_test }} {{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }} {{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }} {{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }} {{- $serviceAccountName := print $envAll.deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: {{ print $envAll.Release.Name "-test" }} name: {{ print $envAll.deployment_name "-test" }}
labels: labels:
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations: annotations:
@ -77,7 +83,7 @@ spec:
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }} {{- end }}
- name: RALLY_ENV_NAME - name: RALLY_ENV_NAME
value: {{.Release.Name}} value: {{.deployment_name}}
command: command:
- /tmp/rally-test.sh - /tmp/rally-test.sh
volumeMounts: volumeMounts:

29
openstack/Chart.yaml
View File

@ -4,28 +4,55 @@ dependencies:
- name: helm-toolkit - name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit repository: file://../../openstack-helm-infra/helm-toolkit
version: ">0.1.0" version: ">0.1.0"
condition: helm-toolkit.enabled
- name: mariadb - name: mariadb
repository: file://../../openstack-helm-infra/mariadb repository: file://../../openstack-helm-infra/mariadb
version: ">0.1.0" version: ">0.1.0"
condition: mariadb.enabled
- name: rabbitmq - name: rabbitmq
repository: file://../../openstack-helm-infra/rabbitmq repository: file://../../openstack-helm-infra/rabbitmq
version: ">0.1.0" version: ">0.1.0"
condition: rabbitmq.enabled
- name: memcached - name: memcached
repository: file://../../openstack-helm-infra/memcached repository: file://../../openstack-helm-infra/memcached
version: ">0.1.0" version: ">0.1.0"
condition: memcached.enabled
- name: keystone - name: keystone
repository: file://../keystone repository: file://../keystone
version: ">0.1.0" version: ">0.1.0"
condition: keystone.enabled
- name: heat - name: heat
repository: file://../heat repository: file://../heat
version: ">0.1.0" version: ">0.1.0"
condition: heat.enabled
- name: glance - name: glance
repository: file://../glance repository: file://../glance
version: ">0.1.0" version: ">0.1.0"
condition: glance.enabled
- name: openvswitch
repository: file://../../openstack-helm-infra/openvswitch
version: ">0.1.0"
condition: openvswitch.enabled
- name: libvirt
repository: file://../../openstack-helm-infra/libvirt
version: ">0.1.0"
condition: libvirt.enabled
- name: nova
repository: file://../nova
version: ">0.1.0"
condition: nova.enabled
- name: placement
repository: file://../placement
version: ">0.1.0"
condition: placement.enabled
- name: neutron
repository: file://../neutron
version: ">0.1.0"
condition: neutron.enabled
description: A chart for openstack helm commmon deployment items description: A chart for openstack helm commmon deployment items
name: openstack name: openstack
type: application type: application
version: 0.1.0 version: 0.1.1
maintainers: maintainers:
- name: OpenStack-Helm Authors - name: OpenStack-Helm Authors

1
openstack/charts/libvirt Symbolic link
View File

@ -0,0 +1 @@
../../../openstack-helm-infra/libvirt/

1
openstack/charts/neutron Symbolic link
View File

@ -0,0 +1 @@
../../neutron/

1
openstack/charts/nova Symbolic link
View File

@ -0,0 +1 @@
../../nova/

1
openstack/charts/openvswitch Symbolic link
View File

@ -0,0 +1 @@
../../../openstack-helm-infra/openvswitch/

1
openstack/charts/placement Symbolic link
View File

@ -0,0 +1 @@
../../placement/

45
openstack/values.yaml
View File

@ -1,7 +1,12 @@
---
# default values for openstack umbrella chart # default values for openstack umbrella chart
# Global overrides for subcharts # Global overrides for subcharts
# note(v-dspecker): helm3_hook must be disabled
# There is a cyclic dependency otherwise. For example, libvirt-default ->
# nuetron-ovs-agent-default -> neutron-server -> neutron-ks-user.
# Since libvirt-default is deployed during install phase, neutron-ks-user must also
# be installed during install phase instead of post-install phase.
global: global:
subchart_release_name: true subchart_release_name: true
@ -9,6 +14,7 @@ helm-toolkit:
enabled: true enabled: true
rabbitmq: rabbitmq:
release_group: rabbitmq
enabled: true enabled: true
volume: volume:
enabled: false enabled: false
@ -17,6 +23,7 @@ rabbitmq:
server: 1 server: 1
mariadb: mariadb:
release_group: mariadb
enabled: true enabled: true
pod: pod:
replicas: replicas:
@ -27,16 +34,46 @@ mariadb:
enabled: true enabled: true
memcached: memcached:
release_group: memcached
enabled: true enabled: true
keystone: keystone:
release_group: keystone
enabled: true enabled: true
heat: heat:
release_group: heat
enabled: true enabled: true
helm3_hook: false
glance: glance:
release_group: glance
enabled: true enabled: true
storage: pvc helm3_hook: false
volume:
class_name: standard openvswitch:
release_group: openvswitch
enabled: true
libvirt:
release_group: libvirt
enabled: true
nova:
release_group: nova
enabled: true
helm3_hook: false
placement:
release_group: placement
enabled: true
helm3_hook: false
neutron:
release_group: neutron
enabled: true
helm3_hook: false
conf:
auto_bridge_add:
# no idea why, but something with sub-charts and null values get ommitted entirely from sub chart
br-ex: "null"

8
openstack/values_overrides/libvirt/apparmor.yaml Normal file
View File

@ -0,0 +1,8 @@
---
libvirt:
pod:
mandatory_access_control:
type: apparmor
libvirt-libvirt-default:
libvirt: runtime/default
...

17
openstack/values_overrides/libvirt/cinder-external-ceph-backend.yaml Normal file
View File

@ -0,0 +1,17 @@
# Note: This yaml file serves as an example for overriding the manifest
# to enable additional externally managed Ceph Cinder backend. When additional
# externally managed Ceph Cinder backend is provisioned as shown in
# cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm,
# below override is needed to store the secret key of the cinder user in
# libvirt.
---
libvirt:
conf:
ceph:
cinder:
external_ceph:
enabled: true
user: cinder2
secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74
user_secret_name: cinder-volume-external-rbd-keyring
...

5
openstack/values_overrides/libvirt/netpol.yaml Normal file
View File

@ -0,0 +1,5 @@
---
libvirt:
manifests:
network_policy: true
...

8
openstack/values_overrides/libvirt/ssl.yaml Normal file
View File

@ -0,0 +1,8 @@
---
libvirt:
conf:
libvirt:
listen_tcp: "0"
listen_tls: "1"
listen_addr: 0.0.0.0
...

6
openstack/values_overrides/libvirt/victoria-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,6 @@
---
libvirt:
images:
tags:
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
...

6
openstack/values_overrides/libvirt/wallaby-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,6 @@
---
libvirt:
images:
tags:
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
...

42
openstack/values_overrides/neutron/apparmor.yaml Normal file
View File

@ -0,0 +1,42 @@
---
neutron:
pod:
mandatory_access_control:
type: apparmor
neutron-dhcp-agent-default:
neutron-dhcp-agent: runtime/default
neutron-dhcp-agent-init: runtime/default
init: runtime/default
neutron-l3-agent-default:
neutron-l3-agent: runtime/default
neutron-l3-agent-init: runtime/default
init: runtime/default
neutron-lb-agent-default:
neutron-lb-agent-default: runtime/default
neutron-metadata-agent-default:
neutron-metadata-agent: runtime/default
neutron-metadata-agent-init: runtime/default
init: runtime/default
neutron-ovs-agent-default:
neutron-ovs-agent: runtime/default
neutron-openvswitch-agent-kernel-modules: runtime/default
neutron-ovs-agent-init: runtime/default
init: runtime/default
neutron-sriov-agent-default:
neutron-sriov-agent: runtime/default
neutron-sriov-agent-init: runtime/default
init: runtime/default
neutron-netns-cleanup-cron-default:
neutron-netns-cleanup-cron: runtime/default
init: runtime/default
neutron-server:
neutron-server: runtime/default
init: runtime/default
nginx: runtime/default
neutron-test:
init: runtime/default
neutron-test: runtime/default
neutron-test-ks-user: runtime/default
manifests:
certificates: true
...

33
openstack/values_overrides/neutron/dpdk-bond.yaml Normal file
View File

@ -0,0 +1,33 @@
---
neutron:
network:
interface:
tunnel: br-phy-bond0
conf:
plugins:
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics: []
bonds:
# CHANGE-ME: modify below parameters according to your hardware
- name: dpdkbond0
bridge: br-phy-bond0
# The IP from the first nic in nics list shall be used
migrate_ip: true
ovs_options: "bond_mode=active-backup"
nics:
- name: dpdk_b0s0
pci_id: '0000:00:05.0'
- name: dpdk_b0s1
pci_id: '0000:00:06.0'
bridges:
- name: br-phy-bond0
...

27
openstack/values_overrides/neutron/dpdk.yaml Normal file
View File

@ -0,0 +1,27 @@
---
neutron:
network:
interface:
tunnel: br-phy
conf:
plugins:
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics:
# CHANGE-ME: modify pci_id according to your hardware
- name: dpdk0
pci_id: '0000:05:00.0'
bridge: br-phy
migrate_ip: true
bridges:
- name: br-phy
bonds: []
...

25
openstack/values_overrides/neutron/gate.yaml Normal file
View File

@ -0,0 +1,25 @@
---
neutron:
network:
interface:
tunnel: docker0
conf:
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
plugins:
ml2_conf:
ml2_type_flat:
flat_networks: public
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
linuxbridge_agent:
linux_bridge:
bridge_mappings: public:br-ex
...

14
openstack/values_overrides/neutron/netpol.yaml Normal file
View File

@ -0,0 +1,14 @@
---
neutron:
manifests:
network_policy: true
network_policy:
neutron:
egress:
- to:
- ipBlock:
cidr: %%%REPLACE_API_ADDR%%%/32
ports:
- protocol: TCP
port: %%%REPLACE_API_PORT%%%
...

97
openstack/values_overrides/neutron/shared-sriov-ovs-dpdk-bond.yaml Normal file
View File

@ -0,0 +1,97 @@
---
neutron:
network:
interface:
sriov:
- device: enp3s0f0
num_vfs: 32
promisc: false
- device: enp66s0f1
num_vfs: 32
promisc: false
tunnel: br-phy-bond0
backend:
- openvswitch
- sriov
conf:
auto_bridge_add:
br-ex: null
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
service_plugins: router
plugins:
ml2_conf:
ml2:
mechanism_drivers: l2population,openvswitch,sriovnicswitch
type_drivers: vlan,flat,vxlan
tenant_network_types: vxlan
ml2_type_flat:
flat_networks: public
ml2_type_vlan:
network_vlan_ranges: ovsnet:2:4094,sriovnet1:100:4000,sriovnet2:100:4000
openvswitch_agent:
default:
ovs_vsctl_timeout: 30
agent:
tunnel_types: vxlan
securitygroup:
enable_security_group: False
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
ovs:
bridge_mappings: public:br-ex,ovsnet:br-phy-bond0
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
of_connect_timeout: 60
of_request_timeout: 30
sriov_agent:
securitygroup:
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
sriov_nic:
physical_device_mappings: sriovnet1:enp3s0f0,sriovnet2:enp66s0f1
exclude_devices: enp3s0f0:0000:00:05.1,enp66s0f1:0000:00:06.1
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics: []
bonds:
# CHANGE-ME: modify below parameters according to your hardware
- name: dpdkbond0
bridge: br-phy-bond0
mtu: 9000
# The IP from the first nic in nics list shall be used
migrate_ip: true
n_rxq: 2
n_rxq_size: 1024
n_txq_size: 1024
ovs_options: "bond_mode=active-backup"
nics:
- name: dpdk_b0s0
pci_id: '0000:00:05.0'
vf_index: 0
- name: dpdk_b0s1
pci_id: '0000:00:06.0'
vf_index: 0
bridges:
- name: br-phy-bond0
modules:
- name: dpdk
log_level: info
# In case of shared profile (sriov + ovs-dpdk), sriov agent should finish
# first so as to let it configure the SRIOV VFs before ovs-agent tries to
# bind it with DPDK driver.
dependencies:
dynamic:
targeted:
openvswitch:
ovs_agent:
pod:
- requireSameNode: true
labels:
application: neutron
component: neutron-sriov-agent
...

71
openstack/values_overrides/neutron/tf.yaml Normal file
View File

@ -0,0 +1,71 @@
---
neutron:
images:
tags:
tf_neutron_init: opencontrailnightly/contrail-openstack-neutron-init:master-latest
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
backend:
- tungstenfabric
dependencies:
dynamic:
targeted:
tungstenfabric:
server:
daemonset: []
conf:
openstack_version: queens
neutron:
DEFAULT:
core_plugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
service_plugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
l3_ha: False
api_extensions_path: /opt/plugin/site-packages/neutron_plugin_contrail/extensions:/opt/plugin/site-packages/neutron_lbaas/extensions
interface_driver: null
quotas:
quota_driver: neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
plugins:
tungstenfabric:
APISERVER:
api_server_ip: config-api-server.tungsten-fabric.svc.cluster.local
api_server_port: 8082
contrail_extensions: "ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None"
multi_tenancy: True
KEYSTONE:
insecure: True
tf_vnc_api_lib:
global:
WEB_SERVER: config-api-server.tungsten-fabric.svc.cluster.local
WEB_PORT: 8082
auth:
AUTHN_TYPE: keystone
AUTHN_PROTOCOL: http
AUTHN_URL: /v3/auth/tokens
manifests:
daemonset_dhcp_agent: false
daemonset_l3_agent: false
daemonset_lb_agent: false
daemonset_metadata_agent: false
daemonset_ovs_agent: false
daemonset_sriov_agent: false
pod_rally_test: false
pod:
mounts:
neutron_db_sync:
neutron_db_sync:
volumeMounts:
- name: db-sync-conf
mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
subPath: tf_plugin.ini
readOnly: true
volumes:
...

142
openstack/values_overrides/neutron/tls.yaml Normal file
View File

@ -0,0 +1,142 @@
---
neutron:
images:
tags:
nginx: docker.io/nginx:1.18.0
network:
server:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
pod:
security_context:
neutron_server:
pod:
runAsUser: 0
container:
neutron_server:
readOnlyRootFilesystem: false
resources:
nginx:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
nginx: |
worker_processes 1;
daemon off;
user nginx;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65s;
tcp_nodelay on;
log_format main '[nginx] method=$request_method path=$request_uri '
'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
'"$remote_user" "$http_referer" "$http_user_agent"';
access_log /dev/stdout main;
upstream websocket {
server 127.0.0.1:$PORT;
}
server {
server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
listen $POD_IP:$PORT ssl;
client_max_body_size 0;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
location / {
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_pass http://websocket;
proxy_read_timeout 90;
}
}
}
neutron:
DEFAULT:
bind_host: 127.0.0.1
nova:
cafile: /etc/neutron/certs/ca.crt
keystone_authtoken:
cafile: /etc/neutron/certs/ca.crt
oslo_messaging_rabbit:
ssl: true
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
ssl_key_file: /etc/rabbitmq/certs/tls.key
metadata_agent:
DEFAULT:
auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
nova_metadata_port: 443
nova_metadata_protocol: https
endpoints:
compute:
scheme:
default: https
port:
api:
public: 443
compute_metadata:
scheme:
default: https
port:
metadata:
public: 443
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
neutron:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
network:
host_fqdn_override:
default:
tls:
secretName: neutron-tls-server
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
ingress:
port:
ingress:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

21
openstack/values_overrides/neutron/train-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
neutron_db_sync: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_dhcp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_l3: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_l2gw: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_metadata: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_rpc_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
...

21
openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
neutron_db_sync: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_dhcp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_l3: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_l2gw: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_metadata: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_rpc_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
...

21
openstack/values_overrides/neutron/victoria-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
neutron_db_sync: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_dhcp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_l3: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_l2gw: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
...

21
openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
neutron_db_sync: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_dhcp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_l3: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_l2gw: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
...

37
openstack/values_overrides/nova/apparmor.yaml Normal file
View File

@ -0,0 +1,37 @@
---
nova:
pod:
mandatory_access_control:
type: apparmor
nova-compute-default:
nova-compute: runtime/default
init: runtime/default
nova-compute-init: runtime/default
nova-compute-vnc-init: runtime/default
nova-api-metadata:
nova-api-metadata-init: runtime/default
nova-api: runtime/default
init: runtime/default
nova-api-osapi:
nova-osapi: runtime/default
init: runtime/default
nova-conductor:
nova-conductor: runtime/default
init: runtime/default
nova-novncproxy:
nova-novncproxy: runtime/default
nova-novncproxy-init-assets: runtime/default
nova-novncproxy-init: runtime/default
init: runtime/default
nova-scheduler:
nova-scheduler: runtime/default
init: runtime/default
nova-cell-setup:
nova-cell-setup: runtime/default
nova-cell-setup-init: runtime/default
init: runtime/default
nova-test:
init: runtime/default
nova-test: runtime/default
nova-test-ks-user: runtime/default
...

23
openstack/values_overrides/nova/cntt.yaml Normal file
View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
nova:
conf:
nova:
DEFAULT:
reserved_huge_pages:
type: multistring
values:
- node:0,size:1GB,count:4
- node:1,size:1GB,count:4
reserved_host_memory_mb: 512
...

18
openstack/values_overrides/nova/netpol.yaml Normal file
View File

@ -0,0 +1,18 @@
---
nova:
manifests:
network_policy: true
network_policy:
nova:
egress:
- to:
- podSelector:
matchLabels:
application: nova
- to:
- ipBlock:
cidr: %%%REPLACE_API_ADDR%%%/32
ports:
- protocol: TCP
port: %%%REPLACE_API_PORT%%%
...

27
openstack/values_overrides/nova/opensuse_15.yaml Normal file
View File

@ -0,0 +1,27 @@
---
nova:
conf:
software:
apache2:
binary: apache2ctl
start_parameters: -DFOREGROUND -k start
site_dir: /etc/apache2/vhosts.d
conf_dir: /etc/apache2/conf.d
a2enmod:
- version
security: |
<Directory "/var/www">
Options Indexes FollowSymLinks
AllowOverride All
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
nova:
DEFAULT:
mkisofs_cmd: mkisofs
...

36
openstack/values_overrides/nova/ssh.yaml Normal file
View File

@ -0,0 +1,36 @@
---
nova:
network:
ssh:
enabled: true
public_key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
private_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
-----END RSA PRIVATE KEY-----
...

79
openstack/values_overrides/nova/tf.yaml Normal file
View File

@ -0,0 +1,79 @@
---
nova:
images:
tags:
tf_compute_init: opencontrailnightly/contrail-openstack-compute-init:master-latest
conf:
nova:
libvirt:
virt_type: qemu
cpu_mode: host-model
agent:
compute:
node_selector_key: openstack-compute-node
node_selector_value: enabled
compute_ironic:
node_selector_key: openstack-compute-node
node_selector_value: enabled
api_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
novncproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
spiceproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
rootwrap: |
# Configuration for nova-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin,/opt/plugin/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
network:
backend:
- tungstenfabric
dependencies:
dynamic:
targeted:
tungstenfabric:
compute:
daemonset: []
...

15
openstack/values_overrides/nova/tls-offloading.yaml Normal file
View File

@ -0,0 +1,15 @@
---
nova:
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
tls:
identity: true
...

213
openstack/values_overrides/nova/tls.yaml Normal file
View File

@ -0,0 +1,213 @@
---
nova:
network:
osapi:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
metadata:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
novncproxy:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
conf:
mpm_event: |
<IfModule mpm_event_module>
ServerLimit 1024
StartServers 32
MinSpareThreads 32
MaxSpareThreads 256
ThreadsPerChild 25
MaxRequestsPerChild 128
ThreadLimit 720
</IfModule>
wsgi_nova_api: |
{{- $portInt := tuple "compute" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "nova-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess nova-api processes=1 threads=1 user=nova display-name=%{GROUP}
WSGIProcessGroup nova-api
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-api-wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
AllowEncodedSlashes On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/nova/certs/tls.crt
SSLCertificateKeyFile /etc/nova/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
wsgi_nova_metadata: |
{{- $portInt := tuple "compute_metadata" "internal" "metadata" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "nova-metadata" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess nova-metadata processes=1 threads=1 user=nova display-name=%{GROUP}
WSGIProcessGroup nova-metadata
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-metadata-wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
AllowEncodedSlashes On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/nova/certs/tls.crt
SSLCertificateKeyFile /etc/nova/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
software:
apache2:
a2enmod:
- ssl
nova:
console:
ssl_minimum_version: tlsv1_2
glance:
cafile: /etc/nova/certs/ca.crt
ironic:
cafile: /etc/nova/certs/ca.crt
neutron:
cafile: /etc/nova/certs/ca.crt
keystone_authtoken:
cafile: /etc/nova/certs/ca.crt
cinder:
cafile: /etc/nova/certs/ca.crt
placement:
cafile: /etc/nova/certs/ca.crt
keystone:
cafile: /etc/nova/certs/ca.crt
oslo_messaging_rabbit:
ssl: true
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
ssl_key_file: /etc/rabbitmq/certs/tls.key
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
neutron:
cacert: /etc/ssl/certs/openstack-helm.crt
placement:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
image:
scheme:
default: https
port:
api:
public: 443
compute:
host_fqdn_override:
default:
tls:
secretName: nova-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: 'https'
port:
api:
public: 443
compute_metadata:
host_fqdn_override:
default:
tls:
secretName: metadata-tls-metadata
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
metadata:
public: 443
compute_novnc_proxy:
host_fqdn_override:
default:
tls:
secretName: nova-novncproxy-tls-proxy
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
novnc_proxy:
public: 443
compute_spice_proxy:
host_fqdn_override:
default:
tls:
secretName: nova-tls-spiceproxy
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
placement:
host_fqdn_override:
default:
tls:
secretName: placement-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
network:
scheme:
default: https
port:
api:
public: 443
oslo_messaging:
port:
https:
default: 15680
pod:
security_context:
nova:
container:
nova_api:
runAsUser: 0
readOnlyRootFilesystem: false
nova_osapi:
runAsUser: 0
readOnlyRootFilesystem: false
manifests:
certificates: true
...

24
openstack/values_overrides/nova/train-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
nova_api: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_cell_setup: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_cell_setup_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
nova_compute: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_compute_ssh: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_conductor: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_db_sync: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_novncproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_scheduler: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_spiceproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

24
openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
nova_api: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_cell_setup: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_cell_setup_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
nova_compute: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_compute_ssh: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_conductor: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_db_sync: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_novncproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_scheduler: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_spiceproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

24
openstack/values_overrides/nova/victoria-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
nova_api: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_cell_setup: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_cell_setup_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
nova_compute: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_compute_ssh: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_conductor: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_db_sync: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_novncproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_scheduler: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_spiceproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

24
openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
nova_api: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_cell_setup: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_cell_setup_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
nova_compute: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_compute_ssh: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_conductor: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_db_sync: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_novncproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_scheduler: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_spiceproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

7
openstack/values_overrides/nova/wallaby.yaml Normal file
View File

@ -0,0 +1,7 @@
---
nova:
conf:
rally_tests:
tests:
NovaAgents.list_agents: []
...

15
openstack/values_overrides/openvswitch/apparmor.yaml Normal file
View File

@ -0,0 +1,15 @@
# NOTE: Enable this with the correct policy
---
openvswitch:
pod:
mandatory_access_control:
type: apparmor
openvswitch-vswitchd:
openvswitch-vswitchd: runtime/default
openvswitch-vswitchd-modules: runtime/default
init: runtime/default
openvswitch-db:
openvswitch-db: runtime/default
openvswitch-db-perms: runtime/default
init: runtime/default
...

25
openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml Normal file
View File

@ -0,0 +1,25 @@
---
openvswitch:
images:
tags:
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
pod:
resources:
enabled: true
ovs:
vswitchd:
requests:
memory: "2Gi"
cpu: "2"
limits:
memory: "2Gi"
cpu: "2"
hugepages-1Gi: "1Gi"
conf:
ovs_dpdk:
enabled: true
hugepages_mountpath: /dev/hugepages
vhostuser_socket_dir: vhostuser
socket_memory: 1024
...

25
openstack/values_overrides/openvswitch/dpdk-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,25 @@
---
openvswitch:
images:
tags:
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
pod:
resources:
enabled: true
ovs:
vswitchd:
requests:
memory: "2Gi"
cpu: "2"
limits:
memory: "2Gi"
cpu: "2"
hugepages-1Gi: "1Gi"
conf:
ovs_dpdk:
enabled: true
hugepages_mountpath: /dev/hugepages
vhostuser_socket_dir: vhostuser
socket_memory: 1024
...

5
openstack/values_overrides/openvswitch/netpol.yaml Normal file
View File

@ -0,0 +1,5 @@
---
openvswitch:
manifests:
network_policy: true
...

12
openstack/values_overrides/openvswitch/vswitchd-probes.yaml Normal file
View File

@ -0,0 +1,12 @@
---
openvswitch:
pod:
probes:
ovs_vswitch:
ovs_vswitch:
liveness:
exec:
- /bin/bash
- -c
- '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))'
...

15
openstack/values_overrides/placement/apparmor.yaml Normal file
View File

@ -0,0 +1,15 @@
---
placement:
pod:
mandatory_access_control:
type: apparmor
placement-api:
placement-api: runtime/default
init: runtime/default
placement-db-migrate:
init: runtime/default
placement-mysql-migration: runtime/default
manifests:
job_db_migrate: true
...

21
openstack/values_overrides/placement/netpol.yaml Normal file
View File

@ -0,0 +1,21 @@
---
placement:
manifests:
network_policy: true
network_policy:
placement:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
application: nova
ports:
- protocol: TCP
port: 8778
- protocol: TCP
port: 80
- protocol: TCP
port: 8080
...

80
openstack/values_overrides/placement/tls.yaml Normal file
View File

@ -0,0 +1,80 @@
---
placement:
network:
api:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
conf:
software:
apache2:
a2enmod:
- ssl
placement:
keystone_authtoken:
cafile: /etc/placement/certs/ca.crt
wsgi_placement: |
Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
WSGIProcessGroup placement-api
WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stdout
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/placement/certs/tls.crt
SSLCertificateKeyFile /etc/placement/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
Alias /placement /var/www/cgi-bin/placement/placement-api
<Location /placement>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
placement:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
placement:
host_fqdn_override:
default:
tls:
secretName: placement-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
manifests:
certificates: true
...

24
openstack/values_overrides/placement/train-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

24
openstack/values_overrides/placement/ussuri-ubuntu_bionic.yaml Normal file
View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

24
openstack/values_overrides/placement/victoria-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

24
openstack/values_overrides/placement/wallaby-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

1
releasenotes/notes/neutron.yaml
View File

@ -31,4 +31,5 @@ neutron:
- 0.2.15 Remove unsupported values overrides - 0.2.15 Remove unsupported values overrides
- 0.2.16 Remove usage of six - 0.2.16 Remove usage of six
- 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.2.18 Updated naming for subchart compatibility
... ...

1
releasenotes/notes/nova.yaml
View File

@ -60,4 +60,5 @@ nova:
- 0.2.37 Remove nova-placement - 0.2.37 Remove nova-placement
- 0.2.38 Update nova image defaults - 0.2.38 Update nova image defaults
- 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
- 0.2.40 Updated naming for subchart compatibility
... ...

1
releasenotes/notes/openstack.yaml
View File

@ -1,4 +1,5 @@
--- ---
openstack: openstack:
- 0.1.0 Initial Chart - 0.1.0 Initial Chart
- 0.1.1 Deploy compute-kit charts (neutron, nova, libvirt, openvswitch, placement)
... ...

108
tools/deployment/component/common/openstack.sh
View File

@ -13,28 +13,110 @@
# under the License. # under the License.
set -xe set -xe
namespace=openstack
chart=$namespace export OSH_TEST_TIMEOUT=1200
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm/openstack"}"}" export OS_CLOUD=openstack_helm
: "${RUN_HELM_TESTS:="no"}"
: "${CEPH_ENABLED:="false"}"
: "${OSH_EXTRA_HELM_ARGS:=""}"
release=openstack
namespace=$release
: ${GLANCE_BACKEND:="pvc"}
tee /tmp/glance.yaml <<EOF
glance:
storage: ${GLANCE_BACKEND}
volume:
class_name: standard
EOF
#NOTE: Deploy neutron
tee /tmp/neutron.yaml << EOF
neutron:
release_group: neutron
enabled: true
network:
interface:
tunnel: docker0
conf:
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
plugins:
ml2_conf:
ml2_type_flat:
flat_networks: public
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
linuxbridge_agent:
linux_bridge:
bridge_mappings: public:br-ex
EOF
## includes second argument 'subchart' to indicate a different path
export HELM_CHART_ROOT_PATH="../openstack-helm/openstack"
: ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb subchart)"} : ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb subchart)"}
: ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq subchart)"} : ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq subchart)"}
: ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached subchart)"} : ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached subchart)"}
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone subchart)"} : ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone subchart)"}
: ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat subchart)"} : ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat subchart)"}
: ${OSH_EXTRA_HELM_ARGS_GLANCE:="$(./tools/deployment/common/get-values-overrides.sh glance subchart)"} : ${OSH_EXTRA_HELM_ARGS_GLANCE:="$(./tools/deployment/common/get-values-overrides.sh glance subchart)"}
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch subchart)"}
: ${OSH_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt subchart)"}
: ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova subchart)"}
: ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement subchart)"}
: ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron subchart)"}
#NOTE: Lint and package chart #NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} . make -C ${HELM_CHART_ROOT_PATH} .
echo "helm installing ..." if [ "x$(systemd-detect-virt)" != "xnone" ]; then
helm upgrade --install $chart $chart/ \ echo 'OSH is being deployed in virtualized environment, using qemu for nova'
${OSH_EXTRA_HELM_ARGS_MARIADB} \ OSH_EXTRA_HELM_ARGS=( "--set nova.conf.nova.libvirt.virt_type=qemu" \
${OSH_EXTRA_HELM_ARGS_RABBITMQ} \ "--set nova.conf.nova.libvirt.cpu_mode=none" )
${OSH_EXTRA_HELM_ARGS_MEMCACHED} \ fi
${OSH_EXTRA_HELM_ARGS_KEYSTONE} \ echo "helm installing openstack..."
${OSH_EXTRA_HELM_ARGS_HEAT} \ helm upgrade --install $release openstack/ \
${OSH_EXTRA_HELM_ARGS_GLANCE} \ ${OSH_EXTRA_HELM_ARGS_MARIADB} \
${OSH_EXTRA_HELM_ARGS:=} \ ${OSH_EXTRA_HELM_ARGS_RABBITMQ} \
--namespace=$namespace ${OSH_EXTRA_HELM_ARGS_MEMCACHED} \
${OSH_EXTRA_HELM_ARGS_KEYSTONE} \
${OSH_EXTRA_HELM_ARGS_HEAT} \
${OSH_EXTRA_HELM_ARGS_GLANCE} \
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} \
${OSH_EXTRA_HELM_ARGS_LIBVIRT} \
${OSH_EXTRA_HELM_ARGS_NOVA} \
${OSH_EXTRA_HELM_ARGS_PLACEMENT} \
${OSH_EXTRA_HELM_ARGS_NEUTRON} \
${OSH_EXTRA_HELM_ARGS} \
--set nova.bootstrap.wait_for_computes.enabled=true \
--set libvirt.conf.ceph.enabled=${CEPH_ENABLED} \
--set nova.conf.ceph.enabled=${CEPH_ENABLED} \
--values=/tmp/neutron.yaml \
--values=/tmp/glance.yaml \
--namespace=$namespace
# If compute kit installed using Tungsten Fubric, it will be alive when Tunsten Fabric become active.
if [[ "$FEATURE_GATES" =~ (,|^)tf(,|$) ]]; then
exit 0
fi
#NOTE: Wait for deploy #NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh $namespace 1800 ./tools/deployment/common/wait-for-pods.sh $namespace 1800
#NOTE: Validate Deployment info
openstack service list
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack compute service list
openstack network agent list
openstack hypervisor list
if [ "${RUN_HELM_TESTS}" == "no" ]; then
exit 0
fi
./tools/deployment/common/run-helm-tests.sh $chart $release

8
zuul.d/jobs-openstack-helm.yaml
View File

@ -170,7 +170,7 @@
name: openstack-helm-compute-kit-umbrella name: openstack-helm-compute-kit-umbrella
parent: openstack-helm-chart-deploy parent: openstack-helm-chart-deploy
vars: vars:
run_helm_tests: "no" run_helm_tests: "yes"
gate_scripts_relative_path: ../openstack-helm gate_scripts_relative_path: ../openstack-helm
gate_scripts: gate_scripts:
- ./tools/deployment/common/install-packages.sh - ./tools/deployment/common/install-packages.sh
@ -178,12 +178,6 @@
- - ./tools/deployment/common/setup-client.sh - - ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/common/ingress.sh - ./tools/deployment/component/common/ingress.sh
- ./tools/deployment/component/common/openstack.sh - ./tools/deployment/component/common/openstack.sh
- ./tools/deployment/component/compute-kit/openvswitch.sh
- ./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- - export OSH_TEST_TIMEOUT=1200;./tools/deployment/common/run-helm-tests.sh neutron
- ./tools/deployment/common/run-helm-tests.sh nova;
- ./tools/deployment/common/run-helm-tests.sh openstack;
- ./tools/deployment/developer/common/170-setup-gateway.sh - ./tools/deployment/developer/common/170-setup-gateway.sh
- - ./tools/deployment/developer/common/900-use-it.sh - - ./tools/deployment/developer/common/900-use-it.sh
- ./tools/deployment/common/force-cronjob-run.sh - ./tools/deployment/common/force-cronjob-run.sh