starlingx/meta-starlingx
Code Issues Proposed changes

openstack-helm: update for stx 5.0

Browse Source 
* inherit stx-metadata to help aplly updated patches
  from stx 'openstack-armada-app' repo.

* remove the local copy of stx patches and files.

* inherit stx-chartmuseum-native to help build
  the helm charts.

* rename the bb with _git.

* update PV and PR so the generated rpm match the one
  in stx 5.0: openstack-helm-1.0-44.tis.noarch.rpm

Story: 2008952
Task: 42576

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Change-Id: I22019496af703e6a2e6dbf4a1980536b0004816d
This commit is contained in:
Jackie Huang 2021-06-23 14:55:10 +08:00
parent e2e3a266a3
commit e2010544cf
10 changed files with 97 additions and 2031 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
View File

@ -1,81 +0,0 @@
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Wed, 6 Mar 2019 18:06:06 -0500
Subject: [PATCH 01] Ceilometer chart: add the ability to publish events to
panko
Ceilometer notification agent sends the events to panko via panko
dispatcher/publisher which requires the db connection information
in /etc/panko/panko.conf.
This commit updates to mount the configuration file for panko in
ceilometer notification pod.
Change-Id: I4ca524ed7462f945a245e9dbe1d69493dbc4211d
Story: 2005019
Task: 29498
Depends-On: https://review.openstack.org/#/c/641144/
Signed-off-by: Angie Wang <angie.wang@windriver.com>
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/values.yaml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index 44dda74..1343670 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -1706,6 +1706,8 @@ dependencies:
service: mongodb
- endpoint: internal
service: metric
+ - endpoint: internal
+ service: event
tests:
services:
- endpoint: internal
@@ -1827,6 +1829,21 @@ endpoints:
api:
default: 8041
public: 80
+ event:
+ name: panko
+ hosts:
+ default: panko-api
+ public: panko
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: 'http'
+ port:
+ api:
+ default: 8977
+ public: 80
alarming:
name: aodh
hosts:
@@ -1958,7 +1975,19 @@ pod:
init_container: null
ceilometer_notification:
volumeMounts:
+ - name: etcpanko
+ mountPath: /etc/panko
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
volumes:
+ - name: etcpanko
+ emptyDir: {}
+ - name: panko-etc
+ secret:
+ secretName: panko-etc
+ defaultMode: 0444
ceilometer_db_sync:
ceilometer_db_sync:
volumeMounts:
--
2.7.4

70
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
View File

@ -1,70 +0,0 @@
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 01:33:39 -0500
Subject: [PATCH 02] Remove stale Apache2 service pids when a POD starts.
Stale Apache2 pids will prevent Apache2 from starting and will leave
the POD in a crashed state.
Note: the pid file is somewhat confusingly called
/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
/var/run/httpd.
This is loosely based off the in-review upstream commit at
https://review.openstack.org/#/c/619747
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
keystone/templates/bin/_keystone-api.sh.tpl | 6 ++----
nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
index 25b2f9e..3870b4e 100644
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
@@ -42,6 +42,9 @@ function start () {
fi
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
}
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index 384ee8b..4c72310 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -43,10 +43,8 @@ function start () {
source /etc/apache2/envvars
fi
- if [ -f /var/run/apache2/apache2.pid ]; then
- # Remove the stale pid for debian/ubuntu images
- rm -f /var/run/apache2/apache2.pid
- fi
+ # Get rid of stale pid, shared memory segment and wsgi sock files if present.
+ rm -f /var/run/apache2/*
# Start Apache2
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
index bc15a37..055d079 100644
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
@@ -33,6 +33,9 @@ function start () {
fi
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
{{- if .Values.conf.software.apache2.a2enmod }}
{{- range .Values.conf.software.apache2.a2enmod }}
--
2.7.4

66
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0003-Nova-console-ip-address-search-optionality.patch
View File

@ -1,66 +0,0 @@
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH 03] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
compute init container
2. my_ip hypervisor address found by compute init container
These options can be used to prevent cases where the found addresses
overwrite what has already been defined in nova.conf by per host nova
compute daemonset overrides.
Story: 2005259
Task: 30066
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
nova/values.yaml | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index c80da6d..4927908 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -20,6 +20,10 @@ set -ex
exec nova-compute \
--config-file /etc/nova/nova.conf \
+{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
+{{- end }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
- --config-file /tmp/pod-shared/nova-hypervisor.conf
\ No newline at end of file
+{{- if .Values.conf.hypervisor.address_search_enabled }}
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 29512ca..7ba2925 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -461,7 +461,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
-
+ address_search_enabled: true
ssh:
key_types:
- rsa
@@ -1598,6 +1598,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
# This list is the keys to exclude from the config file ingested by nova-compute
--
2.7.4

347
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0004-Nova-chart-Support-ephemeral-pool-creation.patch
View File

@ -1,347 +0,0 @@
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH 04] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
to make sure this pool exists.
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
Story: 2004922
Task: 29285
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
nova/templates/configmap-bin.yaml | 4 +-
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
nova/values.yaml | 19 +++-
4 files changed, 251 insertions(+), 2 deletions(-)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 0000000..f79fcff
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
+ echo "Update its cephx caps"
+ ceph auth caps client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd"
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ else
+ # NOTE: Restrict Nova permissions to what is needed.
+ # MON Read only and RBD access to the Nova ephemeral pool only.
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index c58b90b..268434f 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -1,5 +1,5 @@
{{/*
-Copyright 2017 The Openstack-Helm Authors.
+Copyright 2017-2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -83,6 +83,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cell-setup.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 0000000..7d057fb
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,155 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if or $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index 7ba2925..97ef1b5 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:1.3.0
image_repo_sync: docker.io/docker:17.07.0
local_registry:
@@ -556,6 +557,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 3
+ rbd_chunk_size: 64
ssh: |
Host *
StrictHostKeyChecking no
@@ -1797,6 +1806,7 @@ secrets:
placement:
placement:
public: placement-tls-public
+ ephemeral: nova-ephemeral
# typically overridden by environmental
# values, but should include all endpoints
@@ -2482,7 +2492,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
-
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
# TODO(lamt): Need to tighten this ingress for security.
@@ -2545,6 +2561,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
--
2.7.4

228
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
View File

@ -1,228 +0,0 @@
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:42:08 -0400
Subject: [PATCH 05] Nova: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib8e4b93486588320fd2d562c3bc90b65844e52e5, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: Iebe7327055f58fa78ce3fcac968c1fa617c30c2f
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/daemonset-compute.yaml | 4 ++++
nova/templates/deployment-conductor.yaml | 4 ++++
nova/templates/deployment-consoleauth.yaml | 4 ++++
nova/templates/deployment-novncproxy.yaml | 4 ++++
nova/templates/deployment-scheduler.yaml | 4 ++++
nova/templates/deployment-spiceproxy.yaml | 4 ++++
nova/values.yaml | 28 ++++++++++++++++++++++++++++
7 files changed, 52 insertions(+)
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index feea6ab..86dc2b9 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -190,6 +190,7 @@ spec:
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.conf.ceph.secret_uuid }}"
{{ end }}
+ {{- if .Values.pod.probes.readiness.nova_compute.enabled }}
readinessProbe:
exec:
command:
@@ -202,6 +203,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_compute.enabled }}
livenessProbe:
exec:
command:
@@ -215,6 +218,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-compute.sh
volumeMounts:
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index f927afa..0caa006 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
readinessProbe:
exec:
command:
@@ -71,6 +72,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_conductor.enabled }}
livenessProbe:
exec:
command:
@@ -84,6 +87,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-conductor.sh
volumeMounts:
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
index b9cb717..0f590e0 100644
--- a/nova/templates/deployment-consoleauth.yaml
+++ b/nova/templates/deployment-consoleauth.yaml
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
readinessProbe:
exec:
command:
@@ -71,6 +72,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_consoleauth.enabled }}
livenessProbe:
exec:
command:
@@ -84,6 +87,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-consoleauth.sh
volumeMounts:
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index 42a52af..495c1ac 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -103,14 +103,18 @@ spec:
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_novcnproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index 05ee949..9a30fa6 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_scheduler.enabled }}
livenessProbe:
exec:
command:
@@ -86,6 +89,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-scheduler.sh
volumeMounts:
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index a221656..038c85c 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -101,14 +101,18 @@ spec:
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_spiceproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/values.yaml b/nova/values.yaml
index 97ef1b5..4092329 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2499,6 +2499,34 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
+ liveness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
+
network_policy:
nova:
# TODO(lamt): Need to tighten this ingress for security.
--
2.7.4

1114
meta-stx-flock/stx-openstack-armada-app/openstack-helm/0006-Add-Placement-Chart.patch
View File

File diff suppressed because it is too large Load Diff

4
meta-stx-flock/stx-openstack-armada-app/openstack-helm/index.yaml
View File

@ -1,4 +0,0 @@
---
apiVersion: v1
entries: {}
generated: 2019-01-07T12:33:46.098166523-06:00

12
meta-stx-flock/stx-openstack-armada-app/openstack-helm/repositories.yaml
View File

@ -1,12 +0,0 @@
---
apiVersion: v1
generated: 2019-01-02T15:19:36.215111369-06:00
repositories:
- caFile: ""
cache: /builddir/.helm/repository/cache/local-index.yaml
certFile: ""
keyFile: ""
name: local
password: ""
url: http://127.0.0.1:8879/charts
username: ""

109
meta-stx-flock/stx-openstack-armada-app/openstack-helm_1.0.bb
View File

@ -1,109 +0,0 @@
SUMMARY = "Openstack Helm charts"
DESCRIPTION = "Openstack Helm charts"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
DEPENDS += " \
helm-native \
openstack-helm-infra \
"
PROTOCOL = "https"
BRANCH = "r/stx.3.0"
SRCREV_openstack-helm = "82c72367c85ca94270f702661c7b984899c1ae38"
SRCREV_openstack-armada-app = "863f4b9733d3d4f4fd490606a94b84cfdaf2df2c"
SRC_URI = " \
git://github.com/openstack/openstack-helm;protocol=${PROTOCOL};name=openstack-helm \
file://0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch \
file://0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch \
file://0003-Nova-console-ip-address-search-optionality.patch \
file://0004-Nova-chart-Support-ephemeral-pool-creation.patch \
file://0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch \
file://0006-Add-Placement-Chart.patch \
file://repositories.yaml \
file://index.yaml \
"
PATCHTOOL = "git"
PATCH_COMMIT_FUNCTIONS = "1"
S = "${WORKDIR}/git"
inherit allarch
helm_folder = "${nonarch_libdir}/helm"
toolkit_version = "0.1.0"
helmchart_version = "0.1.0"
do_configure[noexec] = "1"
do_compile () {
# initialize helm and build the toolkit
# helm init --client-only does not work if there is no networking
# The following commands do essentially the same as: helm init
export HOME="${B}/${USER}"
export helm_home="${B}/${USER}/.helm"
rm -rf ${helm_home}
mkdir -p ${helm_home}
mkdir ${helm_home}/repository
mkdir ${helm_home}/repository/cache
mkdir ${helm_home}/repository/local
mkdir ${helm_home}/plugins
mkdir ${helm_home}/starters
mkdir ${helm_home}/cache
mkdir ${helm_home}/cache/archive
# Stage a repository file that only has a local repo
install -m 0644 ${WORKDIR}/repositories.yaml ${helm_home}/repository/repositories.yaml
# Stage a local repo index that can be updated by the build
install -m 0644 ${WORKDIR}/index.yaml ${helm_home}/repository/local/index.yaml
# Stage helm-toolkit in the local repo
cp ${RECIPE_SYSROOT}${helm_folder}/helm-toolkit-${toolkit_version}.tgz .
# Host a server for the charts
helm serve --repo-path . &
sleep 1
helm repo rm local
helm repo add local http://localhost:8879/charts
# Make the charts. These produce a tgz file
make aodh
make barbican
make ceilometer
make cinder
make glance
make heat
make horizon
make ironic
make keystone
make magnum
make neutron
make nova
make panko
make placement
# terminate helm server (the last backgrounded task)
kill $!
rm -rf ${helm_home}
# Remove the helm-toolkit tarball
rm helm-toolkit-${toolkit_version}.tgz
}
do_install () {
install -d -m 755 ${D}${helm_folder}
install -p -D -m 755 ${B}/*.tgz ${D}${helm_folder}
}
FILES_${PN} = "${helm_folder}"
RDEPENDS_${PN} = " \
helm \
openstack-helm-infra \
"

97
meta-stx-flock/stx-openstack-armada-app/openstack-helm_git.bb Normal file
View File

@ -0,0 +1,97 @@
SUMMARY = "Openstack Helm charts"
DESCRIPTION = "Openstack Helm charts"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
DEPENDS += " \
helm-native \
openstack-helm-infra \
"
PROTOCOL = "https"
SRCREV = "34a7533b6484a157c8725889d0d68e792e13fc8d"
PV = "1.0"
PR = "44"
PRAUTO = "tis"
inherit stx-chartmuseum
inherit stx-metadata
STX_REPO = "openstack-armada-app"
STX_SUBPATH = "${BPN}/files"
SRC_URI_STX = " \
file://0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch \
file://0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch \
file://0003-Nova-console-ip-address-search-optionality.patch \
file://0004-Nova-chart-Support-ephemeral-pool-creation.patch \
file://0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch \
file://0006-Support-ingress-creation-for-keystone-admin-endpoint.patch \
file://0007-Allow-more-generic-overrides-for-placeme.patch \
file://0008-Allow-set-public-endpoint-url-for-keystone-endpoints.patch \
file://0009-Wrong-usage-of-rbd_store_chunk_size.patch \
file://0010-Add-stx_admin-account.patch \
"
SRC_URI = " \
git://github.com/openstack/${BPN};protocol=${PROTOCOL} \
"
PATCHTOOL = "git"
PATCH_COMMIT_FUNCTIONS = "1"
S = "${WORKDIR}/git"
inherit allarch
helm_folder = "${nonarch_libdir}/helm"
toolkit_version = "0.1.0"
helmchart_version = "0.1.0"
do_configure[noexec] = "1"
do_compile () {
# Stage helm-toolkit in the local repo
cp ${RECIPE_SYSROOT}${helm_folder}/helm-toolkit-${toolkit_version}.tgz .
# Host a server for the charts
chartmuseum --debug --port=${CHARTMUSEUM_PORT} --context-path='/charts' --storage="local" --storage-local-rootdir="." &
sleep 2
helm repo add local http://localhost:${CHARTMUSEUM_PORT}/charts
# Make the charts. These produce a tgz file
make aodh
make barbican
make ceilometer
make cinder
make glance
make heat
make horizon
make ironic
make keystone
make magnum
make neutron
make nova
make panko
make placement
# terminate helm server (the last backgrounded task)
kill $!
# Remove the helm-toolkit tarball
rm helm-toolkit-${toolkit_version}.tgz
}
do_install () {
install -d -m 755 ${D}${helm_folder}
install -p -D -m 755 ${B}/*.tgz ${D}${helm_folder}
}
FILES_${PN} = "${helm_folder}"
RDEPENDS_${PN} = " \
helm \
openstack-helm-infra \
"