Merge "Fix for creation endpoins and services when v1/v2 are disabled."

This commit is contained in:
Zuul 2023-01-20 18:00:59 +00:00 committed by Gerrit Code Review
commit e199168df8
21 changed files with 184 additions and 44 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Cinder
name: cinder
version: 0.3.2
version: 0.3.3
home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources:

View File

@ -94,7 +94,7 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.osapi_volume_listen_port -}}
{{- $_ := tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.cinder.DEFAULT "osapi_volume_listen_port" -}}
{{- $_ := tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.cinder.DEFAULT "osapi_volume_listen_port" -}}
{{- end -}}
{{- if .Values.conf.cinder.service_user.send_service_user_token -}}

View File

@ -90,7 +90,7 @@ spec:
mountPath: /tmp/volume-usage-audit.sh
subPath: volume-usage-audit.sh
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }}
@ -107,7 +107,7 @@ spec:
configMap:
name: cinder-bin
defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}

View File

@ -93,17 +93,17 @@ spec:
- stop
ports:
- name: c-api
containerPort: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
containerPort: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
httpGet:
scheme: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe:
httpGet:
scheme: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
failureThreshold: 3
periodSeconds: 10
@ -165,7 +165,7 @@ spec:
readOnly: true
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
volumes:
@ -188,7 +188,7 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -107,7 +107,7 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
@ -128,7 +128,7 @@ spec:
- name: cinder-coordination
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}

View File

@ -131,7 +131,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@ -281,7 +281,7 @@ spec:
mountPropagation: HostToContainer
{{- end }}
{{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
@ -351,7 +351,7 @@ spec:
path: /sys
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -14,10 +14,10 @@ limitations under the License.
{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
{{- $envAll := . -}}
{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "volumev3" "backendPort" "c-api" -}}
{{- $secretName := $envAll.Values.secrets.tls.volumev3.api.internal -}}
{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "volume" "backendPort" "c-api" -}}
{{- $secretName := $envAll.Values.secrets.tls.volume.api.internal -}}
{{- if and .Values.manifests.certificates $secretName -}}
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.volumev3.host_fqdn_override.default.tls.issuerRef.name -}}
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.volume.host_fqdn_override.default.tls.issuerRef.name -}}
{{- end -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

View File

@ -20,7 +20,7 @@ helm.sh/hook-weight: "5"
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "cinder" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.cinder.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}}
{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.cinder.enabled -}}
{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}

View File

@ -68,7 +68,7 @@ spec:
mountPath: /tmp/create-internal-tenant.sh
subPath: create-internal-tenant.sh
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@ -97,5 +97,5 @@ spec:
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end -}}

View File

@ -17,10 +17,17 @@ helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-2"
{{- end }}
{{- $volTypes := list "volumev3" -}}
{{- if .Values.conf.cinder.DEFAULT.enable_v1_api }}
{{- $volTypes = append $volTypes "volume" }}
{{- end }}
{{- if .Values.conf.cinder.DEFAULT.enable_v2_api }}
{{- $volTypes = append $volTypes "volumev2" }}
{{- end }}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( tuple "volumev3" ) -}}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( $volTypes ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }}

View File

@ -24,9 +24,16 @@ helm.sh/hook-weight: "-3"
{{- $serviceTypes = append $serviceTypes $v }}
{{- end }}
{{- end }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" $serviceTypes -}}
{{- $volTypes := list "volumev3" -}}
{{- if .Values.conf.cinder.DEFAULT.enable_v1_api }}
{{- $volTypes = append $volTypes "volume" }}
{{- end }}
{{- if .Values.conf.cinder.DEFAULT.enable_v2_api }}
{{- $volTypes = append $volTypes "volumev2" }}
{{- end }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( $volTypes ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }}

View File

@ -20,7 +20,7 @@ helm.sh/hook-weight: "-1"
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "cinder" -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }}

View File

@ -53,7 +53,7 @@ spec:
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
{{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
@ -93,7 +93,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: pod-tmp
@ -108,6 +108,6 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -13,5 +13,5 @@ limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "volumev3" ) }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "volume" ) }}
{{- end }}

View File

@ -18,11 +18,11 @@ limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "volumev3" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
name: {{ tuple "volume" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: c-api
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}

View File

@ -13,6 +13,6 @@ limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "volumev3" -}}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "volume" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -434,7 +434,19 @@ conf:
composite:osapi_volume:
use: call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3
composite:openstack_volume_api_v1:
use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
composite:openstack_volume_api_v2:
use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
composite:openstack_volume_api_v3:
use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
@ -455,6 +467,10 @@ conf:
paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory
filter:sizelimit:
paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
app:apiv1:
paste.app_factory: cinder.api.v1.router:APIRouter.factory
app:apiv2:
paste.app_factory: cinder.api.v2.router:APIRouter.factory
app:apiv3:
paste.app_factory: cinder.api.v3.router:APIRouter.factory
pipeline:apiversions:
@ -487,6 +503,8 @@ conf:
types: type
volumes: volume
service_endpoints:
volume: service/storage/block
volumev2: service/storage/block
volumev3: service/storage/block
cinder_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@ -774,6 +792,7 @@ conf:
use_syslog: false
use_stderr: true
enable_v1_api: false
enable_v2_api: false
volume_name_template: "%s"
osapi_volume_workers: 1
glance_api_version: 2
@ -911,7 +930,7 @@ conf:
rados_connect_timeout: -1
rbd_user: cinder
rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
image_volume_cache_enabled: True
image_volume_cache_enabled: true
image_volume_cache_max_size_gb: 200
image_volume_cache_max_count: 50
rally_tests:
@ -1029,7 +1048,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
backup_storage_init:
jobs: null
bootstrap:
@ -1037,7 +1056,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
pod:
- requireSameNode: false
labels:
@ -1088,7 +1107,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
storage_init:
jobs: null
tests:
@ -1096,7 +1115,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
volume:
jobs:
- cinder-db-sync
@ -1108,7 +1127,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
volume_usage_audit:
jobs:
- cinder-db-sync
@ -1120,7 +1139,7 @@ dependencies:
- endpoint: internal
service: identity
- endpoint: internal
service: volumev3
service: volume
image_repo_sync:
services:
- endpoint: internal
@ -1147,7 +1166,7 @@ secrets:
admin: cinder-rabbitmq-admin
cinder: cinder-rabbitmq-user
tls:
volumev3:
volume:
api:
public: cinder-tls-public
internal: cinder-tls-api
@ -1240,8 +1259,52 @@ endpoints:
api:
default: 9292
public: 80
volumev3:
volume:
name: cinder
hosts:
default: cinder-api
public: cinder
host_fqdn_override:
default: null
# NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: '/v1/%(tenant_id)s'
scheme:
default: 'http'
port:
api:
default: 8776
public: 80
volumev2:
name: cinderv2
hosts:
default: cinder-api
public: cinder
host_fqdn_override:
default: null
# NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: '/v2/%(tenant_id)s'
scheme:
default: 'http'
port:
api:
default: 8776
public: 80
volumev3:
name: cinderv3
hosts:
default: cinder-api
public: cinder

View File

@ -33,7 +33,7 @@ conf:
ThreadLimit 720
</IfModule>
wsgi_cinder: |
{{- $portInt := tuple "volumev3" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
@ -95,6 +95,34 @@ endpoints:
port:
api:
public: 443
volume:
host_fqdn_override:
default:
tls:
secretName: cinder-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
internal: https
port:
api:
public: 443
volumev2:
host_fqdn_override:
default:
tls:
secretName: cinder-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
internal: https
port:
api:
public: 443
volumev3:
host_fqdn_override:
default:

View File

@ -1019,8 +1019,10 @@ Update script overrides as following:
| ID | Name | Type |
+----------------------------------+----------+--------------+
| 0eddeb6af4fd43ea8f73f63a1ae01438 | swift | object-store |
| 66bd0179eada4ab8899a58356fd4d508 | cinder | volume |
| 67cc6b945e934246b25d31a9374a64af | keystone | identity |
| 81a61ec8eff74070bb3c2f0118c1bcd5 | glance | image |
| c126046fc5ec4c52acfc8fee0e2f4dda | cinderv2 | volumev2 |
| f89b99a31a124b7790e3bb60387380b1 | cinderv3 | volumev3 |
+----------------------------------+----------+--------------+
+ sleep 30

View File

@ -52,4 +52,5 @@ cinder:
- 0.3.0 Remove support for Train and Ussuri
- 0.3.1 Change ceph-config-helper image tag
- 0.3.2 Remove default policy rules
- 0.3.3 Fix for creation endpoins and services when v1/v2 are disabled
...

View File

@ -281,6 +281,38 @@ $(cat ${GLANCE_API_CRT} | sed 's/^/ /')
key: |
$(cat ${GLANCE_API_KEY} | sed 's/^/ /')
ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volume:
scheme:
public: https
port:
api:
public: 443
host_fqdn_override:
public:
host: "$(cat "${CINDER_CSR}" | jq -r '.CN')"
tls:
crt: |
$(cat ${CINDER_CRT} | sed 's/^/ /')
key: |
$(cat ${CINDER_KEY} | sed 's/^/ /')
ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volumev2:
scheme:
public: https
port:
api:
public: 443
host_fqdn_override:
public:
host: "$(cat "${CINDER_CSR}" | jq -r '.CN')"
tls:
crt: |
$(cat ${CINDER_CRT} | sed 's/^/ /')
key: |
$(cat ${CINDER_KEY} | sed 's/^/ /')
ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volumev3:
scheme: