Enable Cinder backends to use iSCSI for data traffic

In this patchset, the iSCSI protocol support is added
to enable Cinder to use iSCSI based storage backends.

Bootable volumes are not supported, only VM attached
volumes are supported for this initial patchset.

Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0

cinder/templates/bin/_iscsiadm.tpl

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+{{/*
+Copyright 2020 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
+       iscsiadm "${@:1}"

cinder/templates/configmap-bin.yaml

@@ -23,6 +23,10 @@ kind: ConfigMap
 metadata:
   name: cinder-bin
 data:
+{{- if .Values.conf.enable_iscsi }}
+  iscsiadm: |
+{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
 {{- if .Values.images.local_registry.active }}
   image-repo-sync.sh: |
 {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}

cinder/templates/deployment-volume.yaml

@@ -52,6 +52,9 @@ spec:
 {{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
       nodeSelector:
         {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
+{{- if .Values.pod.useHostNetwork.volume }}
+      hostNetwork: true
+{{- end }}
       initContainers:
 {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
         {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
@@ -195,6 +198,22 @@ spec:
               readOnly: true
             {{- end }}
             {{- end }}
+            {{- if .Values.conf.enable_iscsi }}
+            - name: host-rootfs
+              mountPath: /mnt/host-rootfs
+            - name: runlock
+              mountPath: /run/lock
+            - name: etciscsi
+              mountPath: /etc/iscsi
+              {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+              mountPropagation: Bidirectional
+              {{- end }}
+            - name: usrlocalsbin
+              mountPath: /usr/local/sbin
+            - name: cinder-bin
+              mountPath: /usr/local/sbin/iscsiadm
+              subPath: iscsiadm
+            {{- end }}
 {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: pod-tmp
@@ -228,5 +247,18 @@ spec:
         - name: cinder-coordination
           emptyDir: {}
         {{- end }}
+        {{- if .Values.conf.enable_iscsi }}
+        - name: host-rootfs
+          hostPath:
+            path: /
+        - name: runlock
+          hostPath:
+            path: /run/lock
+        - name: etciscsi
+          hostPath:
+            path: /etc/iscsi
+        - name: usrlocalsbin
+          emptyDir: {}
+        {{- end }}
 {{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
 {{- end }}

cinder/values.yaml

@@ -143,7 +143,8 @@ pod:
         default: kubernetes.io/hostname
       weight:
         default: 10
-
+  useHostNetwork:
+    volume: false
   mounts:
     cinder_api:
       init_container: null
@@ -1025,7 +1026,7 @@ conf:
       - name
       - volume_type
     volume_type: []
-
+  enable_iscsi: false
 backup:
   external_ceph_rbd:
     enabled: false

nova/templates/bin/_iscsiadm.tpl

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+{{/*
+Copyright 2020 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
+      iscsiadm "${@:1}"

nova/templates/configmap-bin.yaml

@@ -23,6 +23,10 @@ kind: ConfigMap
 metadata:
   name: nova-bin
 data:
+{{- if .Values.conf.enable_iscsi }}
+  iscsiadm: |
+{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
 {{- if .Values.images.local_registry.active }}
   image-repo-sync.sh: |
 {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}

nova/templates/daemonset-compute.yaml

@@ -64,6 +64,7 @@ spec:
               value: "{{ .Values.pod.user.nova.uid }}"
           command:
             - /tmp/nova-compute-init.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -84,6 +85,7 @@ spec:
             - -R
             - "nova:"
             - /etc/ceph
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -95,6 +97,7 @@ spec:
 {{ dict "envAll" $envAll "application" "nova" "container" "ceph_admin_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/ceph-admin-keyring.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -125,6 +128,7 @@ spec:
               value: "{{ .Values.conf.ceph.secret_uuid }}"
           command:
             - /tmp/ceph-keyring.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -145,6 +149,7 @@ spec:
 {{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_vnc_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/nova-console-compute-init.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -162,6 +167,7 @@ spec:
 {{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_spice_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/nova-console-compute-init.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -223,6 +229,7 @@ spec:
             timeoutSeconds: 580
           command:
             - /tmp/nova-compute.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -316,6 +323,25 @@ spec:
             - name: machine-id
               mountPath: /etc/machine-id
               readOnly: true
+            {{- if .Values.conf.enable_iscsi }}
+            - name: host-rootfs
+              mountPath: /mnt/host-rootfs
+            - name: usrlocalsbin
+              mountPath: /usr/local/sbin
+            - name: etciscsi
+              mountPath: /etc/iscsi
+              {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+              mountPropagation: Bidirectional
+              {{- end }}
+            - name: dev
+              mountPath: /dev
+              {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+              mountPropagation: Bidirectional
+              {{- end }}
+            - name: nova-bin
+              mountPath: /usr/local/sbin/iscsiadm
+              subPath: iscsiadm
+            {{- end }}
 {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
         {{- if .Values.network.sshd.enabled }}
         - name: nova-compute-ssh
@@ -333,6 +359,7 @@ spec:
             - containerPort: {{ .Values.network.ssh.port }}
           command:
             - /tmp/ssh-start.sh
+          terminationMessagePath: /var/log/termination-log
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -400,6 +427,19 @@ spec:
         - name: machine-id
           hostPath:
             path: /etc/machine-id
+        {{- if .Values.conf.enable_iscsi }}
+        - name: host-rootfs
+          hostPath:
+            path: /
+        - name: etciscsi
+          hostPath:
+            path: /etc/iscsi
+        - name: dev
+          hostPath:
+            path: /dev
+        - name: usrlocalsbin
+          emptyDir: {}
+        {{- end }}
 {{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
 {{- end }}
 {{- end }}

nova/values.yaml

@@ -1759,6 +1759,7 @@ conf:
       keys:
         - root
         - nova
+        - os.brick
     handlers:
       keys:
         - stdout
@@ -1776,6 +1777,11 @@ conf:
       handlers:
         - stdout
       qualname: nova
+    logger_os.brick:
+      level: INFO
+      handlers:
+        - stdout
+      qualname: os.brick
     logger_amqp:
       level: WARNING
       handlers: stderr
@@ -1828,6 +1834,7 @@ conf:
         priority: 0
         apply-to: all
         pattern: '^(?!(amq\.|reply_)).*'
+  enable_iscsi: false
 
 # Names of secrets used by bootstrap and environmental checks
 secrets: