openstack-helm/nova/templates/configmap-etc.yaml
Gerry Kopec 5a7c6581ad Fix ssh config in nova to support cold migrations
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
  container.
- Map private and public keys to configmap-ssh which will default to
  the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
  root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.

Depends on helm-toolkit supporting multiple containers per daemonset
pod.

Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
2019-04-09 22:24:46 +00:00

242 lines
14 KiB
YAML

{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "nova.configmap.etc" }}
{{- $configMapName := index . 0 }}
{{- $envAll := index . 1 }}
{{- with $envAll }}
{{- if empty .Values.conf.nova.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.nova.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.nova.api_database.connection -}}
{{- $_ := tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.nova.cell0_database.connection -}}
{{- $_ := tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.glance.api_servers -}}
{{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.glance "api_servers" -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.url -}}
{{- $_ := tuple "network" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.neutron "url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.neutron "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.region_name -}}
{{- $_ := set .Values.conf.nova.neutron "region_name" .Values.endpoints.identity.auth.neutron.region_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.project_name -}}
{{- $_ := set .Values.conf.nova.neutron "project_name" .Values.endpoints.identity.auth.neutron.project_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.project_domain_name -}}
{{- $_ := set .Values.conf.nova.neutron "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.user_domain_name -}}
{{- $_ := set .Values.conf.nova.neutron "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.username -}}
{{- $_ := set .Values.conf.nova.neutron "username" .Values.endpoints.identity.auth.neutron.username -}}
{{- end -}}
{{- if empty .Values.conf.nova.neutron.password -}}
{{- $_ := set .Values.conf.nova.neutron "password" .Values.endpoints.identity.auth.neutron.password -}}
{{- end -}}
{{- if empty .Values.conf.nova.cache.memcache_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.cache "memcache_servers" -}}
{{- end -}}
{{- if and (empty .Values.conf.nova.DEFAULT.metadata_host) .Values.endpoints.compute_metadata.ip.ingress -}}
{{- $_ := set .Values.conf.nova.DEFAULT "metadata_host" .Values.endpoints.compute_metadata.ip.ingress -}}
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.metadata_port -}}
{{- $_ := tuple "compute_metadata" "public" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "metadata_port" -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.placement "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.os_region_name -}}
{{- $_ := set .Values.conf.nova.placement "os_region_name" .Values.endpoints.identity.auth.placement.region_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.project_name -}}
{{- $_ := set .Values.conf.nova.placement "project_name" .Values.endpoints.identity.auth.placement.project_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.project_domain_name -}}
{{- $_ := set .Values.conf.nova.placement "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.user_domain_name -}}
{{- $_ := set .Values.conf.nova.placement "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.username -}}
{{- $_ := set .Values.conf.nova.placement "username" .Values.endpoints.identity.auth.placement.username -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.password -}}
{{- $_ := set .Values.conf.nova.placement "password" .Values.endpoints.identity.auth.placement.password -}}
{{- end -}}
{{- if eq .Values.console.console_kind "novnc"}}
{{- $_ := "true" | set .Values.conf.nova.vnc "enabled" -}}
{{- if empty .Values.conf.nova.vnc.novncproxy_base_url -}}
{{- $_ := tuple "compute_novnc_proxy" "public" "novnc_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.vnc "novncproxy_base_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.vnc.novncproxy_port -}}
{{- $_ := tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.vnc "novncproxy_port" -}}
{{- end -}}
{{- end -}}
{{- if eq .Values.console.console_kind "spice"}}
{{- $_ := "false" | set .Values.conf.nova.vnc "enabled" -}}
{{- $_ := "true" | set .Values.conf.nova.spice "enabled" -}}
{{- if empty .Values.conf.nova.spice.html5proxy_base_url -}}
{{- $_ := tuple "compute_spice_proxy" "public" "spice_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.spice "html5proxy_base_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.spice.html5proxy_port -}}
{{- $_ := tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.spice "html5proxy_port" -}}
{{- end -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.api_endpoint -}}
{{- $_ := tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.ironic "api_endpoint" -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.ironic "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.region_name -}}
{{- $_ := set .Values.conf.nova.ironic "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.project_name -}}
{{- $_ := set .Values.conf.nova.ironic "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.project_domain_name -}}
{{- $_ := set .Values.conf.nova.ironic "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.user_domain_name -}}
{{- $_ := set .Values.conf.nova.ironic "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.username -}}
{{- $_ := set .Values.conf.nova.ironic "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.password -}}
{{- $_ := set .Values.conf.nova.ironic "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.auth_type -}}
{{- $_ := set .Values.conf.nova.ironic "auth_type" .Values.endpoints.identity.auth.ironic.auth_type -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.auth_version -}}
{{- $_ := set .Values.conf.nova.ironic "auth_version" .Values.endpoints.identity.auth.ironic.auth_version -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.memcache_secret_key -}}
{{- $_ := (default (randAlphaNum 64) .Values.endpoints.oslo_cache.auth.memcache_secret_key) | set .Values.conf.nova.ironic "memcache_secret_key" -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.memcache_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.osapi_compute_listen_port -}}
{{- $_ := tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}}
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $configMapName }}
type: Opaque
data:
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
nova_sudoers: {{ $envAll.Values.conf.nova_sudoers | b64enc }}
rootwrap.conf: {{ .Values.conf.rootwrap | b64enc }}
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
{{- $filePrefix := replace "_" "-" $key }}
{{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
{{- end }}
nova.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
{{- list "nova-etc" . | include "nova.configmap.etc" }}
{{- end }}