diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl index 173273d0a0..d6440a84f6 100644 --- a/nova/templates/bin/_nova-compute.sh.tpl +++ b/nova/templates/bin/_nova-compute.sh.tpl @@ -19,5 +19,12 @@ set -ex # Make the Nova Instances Dir as this is not autocreated. mkdir -p /var/lib/nova/instances +console_kind="{{- .Values.console.console_kind -}}" +if [ "${console_kind}" == "novnc" ] ; then +exec nova-compute \ + --config-file /etc/nova/nova.conf \ + --config-file /tmp/pod-shared/nova-vnc.ini +else exec nova-compute \ --config-file /etc/nova/nova.conf +fi \ No newline at end of file diff --git a/nova/templates/bin/_nova-novncproxy.sh.tpl b/nova/templates/bin/_nova-novncproxy.sh.tpl new file mode 100644 index 0000000000..613cca9de8 --- /dev/null +++ b/nova/templates/bin/_nova-novncproxy.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x +exec nova-novncproxy \ + --config-file /etc/nova/nova.conf \ + --config-file /tmp/pod-shared/nova-vnc.ini \ No newline at end of file diff --git a/nova/templates/bin/_nova-vnc-compute-init.sh.tpl b/nova/templates/bin/_nova-vnc-compute-init.sh.tpl new file mode 100644 index 0000000000..71c084c7d0 --- /dev/null +++ b/nova/templates/bin/_nova-vnc-compute-init.sh.tpl @@ -0,0 +1,42 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +client_address="{{- .Values.conf.nova.vnc.nova.conf.vncserver_proxyclient_address -}}" +if [ -z "${client_address}" ] ; then + client_interface="{{- .Values.console.novnc.compute.vncserver_proxyclient_interface -}}" + if [ -z "${client_interface}" ] ; then + # search for interface with default routing + client_interface=$(ip r | grep default | awk '{print $5}') + fi + + # determine client ip dynamically based on interface provided + client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +fi + +listen_ip="{{- .Values.conf.nova.vnc.nova.conf.vncserver_listen -}}" +if [ -z "${listen_ip}" ] ; then + # The server component listens on all IP addresses and the proxy component + # only listens on the management interface IP address of the compute node. + listen_ip=0.0.0.0 +fi + +cat </tmp/pod-shared/nova-vnc.ini +[vnc] +vncserver_proxyclient_address = $client_address +vncserver_listen = $listen_ip +EOF diff --git a/nova/templates/bin/_nova-vnc-proxy-init.sh.tpl b/nova/templates/bin/_nova-vnc-proxy-init.sh.tpl new file mode 100644 index 0000000000..51bb375a1f --- /dev/null +++ b/nova/templates/bin/_nova-vnc-proxy-init.sh.tpl @@ -0,0 +1,40 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +client_address="{{- .Values.conf.nova.vnc.vncproxy.conf.vncserver_proxyclient_address -}}" +if [ -z "${client_address}" ] ; then + client_interface="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_interface -}}" + if [ -z "${client_interface}" ] ; then + # search for interface with default routing + client_interface=$(ip r | grep default | awk '{print $5}') + fi + + # determine client ip dynamically based on interface provided + client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +fi + +listen_ip="{{- .Values.conf.nova.vnc.vncproxy.conf.vncserver_listen -}}" +if [ -z "${listen_ip}" ] ; then + listen_ip=$client_address +fi + +cat </tmp/pod-shared/nova-vnc.ini +[vnc] +vncserver_proxyclient_address = $client_address +vncserver_listen = $listen_ip +EOF diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index aee5c9ea23..d0d5a830d8 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -53,3 +53,9 @@ data: {{ tuple "bin/_fake-iptables.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ceph-keyring.sh: |+ {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + nova-novncproxy.sh: | +{{ tuple "bin/_nova-novncproxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + nova-vnc-compute-init.sh: | +{{ tuple "bin/_nova-vnc-compute-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + nova-vnc-proxy-init.sh: | +{{ tuple "bin/_nova-vnc-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 824f024469..32d00b9eb1 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -65,6 +65,60 @@ spec: subPath: key readOnly: true {{ end }} + - name: nova-compute-init + image: {{ .Values.images.compute }} + imagePullPolicy: {{ .Values.images.pull_policy }} + {{- if .Values.resources.enabled }} + resources: + requests: + memory: {{ .Values.resources.nova_compute.requests.memory | quote }} + cpu: {{ .Values.resources.nova_compute.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.nova_compute.limits.memory | quote }} + cpu: {{ .Values.resources.nova_compute.limits.cpu | quote }} + {{- end }} + securityContext: + privileged: true + command: + - /tmp/nova-vnc-compute-init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/nova-vnc-compute-init.sh + subPath: nova-vnc-compute-init.sh + readOnly: true + - name: nova-etc + mountPath: /etc/nova/nova.conf + subPath: nova.conf + readOnly: true + - name: nova-etc + mountPath: /etc/nova/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: nova-etc + mountPath: /etc/resolv.conf + subPath: resolv.conf + readOnly: true + - name: nova-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: nova-etc + mountPath: /etc/ceph/ceph.client.keyring + subPath: ceph.client.keyring + readOnly: true + - mountPath: /lib/modules + name: libmodules + readOnly: true + - name: varlibnova + mountPath: /var/lib/nova + - name: varliblibvirt + mountPath: /var/lib/libvirt + - name: run + mountPath: /run + - name: cgroup + mountPath: /sys/fs/cgroup + - name: pod-shared + mountPath: /tmp/pod-shared containers: - name: nova-compute image: {{ .Values.images.compute }} @@ -126,6 +180,8 @@ spec: mountPath: /run - name: cgroup mountPath: /sys/fs/cgroup + - name: pod-shared + mountPath: /tmp/pod-shared {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }} volumes: - name: nova-bin @@ -160,4 +216,6 @@ spec: - name: cgroup hostPath: path: /sys/fs/cgroup + - name: pod-shared + emptyDir: {} {{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }} diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml new file mode 100644 index 0000000000..961641a813 --- /dev/null +++ b/nova/templates/deployment-novncproxy.yaml @@ -0,0 +1,119 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if eq .Values.console.console_kind "novnc" }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.novncproxy }} +{{- $mounts_nova_novncproxy := .Values.mounts.nova_novncproxy.nova_novncproxy }} +{{- $mounts_nova_novncproxy_init := .Values.mounts.nova_novncproxy.init_novncproxy }} + +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: nova-novncproxy +spec: + replicas: {{ .Values.replicas.novncproxy }} + revisionHistoryLimit: {{ .Values.upgrades.deployments.revision_history }} + strategy: + type: {{ .Values.upgrades.deployments.pod_replacement_strategy }} + {{ if eq .Values.upgrades.deployments.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.deployments.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.deployments.rolling_update.max_surge }} + {{ end }} + template: + metadata: + labels: + app: nova-novncproxy + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + hostPID: true + dnsPolicy: ClusterFirst + initContainers: +{{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: nova-novncproxy-init + image: {{ .Values.images.novncproxy }} + imagePullPolicy: {{ .Values.images.pull_policy }} + {{- if .Values.resources.enabled }} + resources: + requests: + memory: {{ .Values.resources.nova_novncproxy.requests.memory | quote }} + cpu: {{ .Values.resources.nova_novncproxy.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.nova_novncproxy.limits.memory | quote }} + cpu: {{ .Values.resources.nova_novncproxy.limits.cpu | quote }} + {{- end }} + command: + - /tmp/nova-vnc-proxy-init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/nova-vnc-proxy-init.sh + subPath: nova-vnc-proxy-init.sh + readOnly: true + - name: nova-etc + mountPath: /etc/nova/nova.conf + subPath: nova.conf + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + containers: + - name: nova-novncproxy + image: {{ .Values.images.novncproxy }} + imagePullPolicy: {{ .Values.images.pull_policy }} + {{- if .Values.resources.enabled }} + resources: + requests: + memory: {{ .Values.resources.nova_novncproxy.requests.memory | quote }} + cpu: {{ .Values.resources.nova_novncproxy.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.nova_novncproxy.limits.memory | quote }} + cpu: {{ .Values.resources.nova_novncproxy.limits.cpu | quote }} + {{- end }} + command: + - /tmp/nova-novncproxy.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/nova-novncproxy.sh + subPath: nova-novncproxy.sh + readOnly: true + - name: nova-etc + mountPath: /etc/nova/nova.conf + subPath: nova.conf + readOnly: true + - name: nova-etc + mountPath: /etc/resolv.conf + subPath: resolv.conf + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared +{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: nova-bin + configMap: + name: nova-bin + defaultMode: 0555 + - name: nova-etc + configMap: + name: nova-etc + - name: pod-shared + emptyDir: {} +{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }} +{{ end }} diff --git a/nova/templates/service-novncproxy.yaml b/nova/templates/service-novncproxy.yaml new file mode 100644 index 0000000000..ad19a70fcf --- /dev/null +++ b/nova/templates/service-novncproxy.yaml @@ -0,0 +1,35 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if eq .Values.console.console_kind "novnc" }} +apiVersion: v1 +kind: Service +metadata: + name: nova-novncproxy +spec: + ports: + - name: nova-novncproxy + protocol: TCP + port: {{ .Values.network.novncproxy.port }} + targetPort: {{ .Values.network.novncproxy.targetPort }} + {{ if .Values.network.novncproxy.node_port.enabled }} + nodePort: {{ .Values.network.novncproxy.node_port.port }} + {{ end }} + selector: + app: nova-novncproxy + {{ if .Values.network.novncproxy.node_port.enabled }} + type: NodePort + {{ end }} +{{ end }} + diff --git a/nova/values.yaml b/nova/values.yaml index ff5d6bd38a..4579443f3c 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -23,6 +23,7 @@ replicas: conductor: 1 consoleauth: 1 scheduler: 1 + novncproxy: 1 labels: agent: @@ -50,6 +51,9 @@ labels: job: node_selector_key: openstack-control-plane node_selector_value: enabled + novncproxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: test: docker.io/kolla/ubuntu-binary-rally:4.0.0 @@ -131,6 +135,13 @@ network: node_port: enabled: false port: 30775 + novncproxy: + name: "nova-novncproxy" + node_port: + enabled: false + port: 36080 + port: 6080 + targetPort: 6080 keystone: admin_user: "admin" @@ -257,6 +268,12 @@ dependencies: endpoint: internal - service: network endpoint: internal + novncproxy: + jobs: + - nova-db-sync + services: + - service: oslo_db + endpoint: internal mounts: nova_compute: @@ -286,6 +303,22 @@ mounts: nova_tests: init_container: null nova_tests: + nova_novncproxy: + init_novncproxy: null + nova_novncproxy: + +console: + # serial | spice | novnc | none + console_kind: novnc + serial: + spice: + novnc: + compute: + # IF blank, search default routing interface + vncserver_proxyclient_interface: + vncproxy: + # IF blank, search default routing interface + vncserver_proxyclient_interface: conf: paste: @@ -316,15 +349,23 @@ conf: allow_resize_to_same_host: true compute_driver: libvirt.LibvirtDriver my_ip: 0.0.0.0 + spice: + serial: vnc: nova: conf: novncproxy_host: 0.0.0.0 novncproxy_port: 6080 vncserver_listen: 0.0.0.0 - vncserver_proxyclient_address: 0.0.0.0 - # FIXME(ALANMEADOWS) - novncproxy_base_url: http://0.0.0.0:6080/no_vnc.html + # leave blank, this should be set by each compute nodes's ip + vncserver_proxyclient_address: + # set management or lb address + novncproxy_base_url: http://nova-novncproxy:6080/vnc_auto.html + vncproxy: + conf: + # IF blank, search default routing interface's ip + vncserver_listen: + vncserver_proxyclient_address: conductor: nova: conf: @@ -612,3 +653,10 @@ resources: limits: memory: "1024Mi" cpu: "2000m" + nova_novncproxy: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m"