From 541ba72c88264ec3a388ad45bad449e6e787c4ab Mon Sep 17 00:00:00 2001 From: Thales Elero Cervi Date: Wed, 29 Jun 2022 17:17:02 -0300 Subject: [PATCH] Partial FluxCD version of stx-openstack: compute This is continuing previous work [1] of the openstack app migration to FluxCD, adding compute-kit related charts. This change includes the following charts: libvirt, nova, nova-api-proxy, pci-irq-affinity-agent, neutron, placement and openvswitch. In order to complete the fluxcd migration it was also necessary to remove the openstack-helm Patch0016, made to fix an intermttent issue and only compatible to Armada (helmv2 and old operators). It does not fix a major issue and should be safe to be removed for a while during this migration. Its FluxCD version will be tracked by Task 46426, probably implemented using the current cinder-clean job as an example. Test Plan: PASS - build-helm-charts.sh builds a basic FluxCD app tarball PASS - application upload and overrides generated PASS - application apply/remove/delete [1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/848166 Story: 2009138 Task: 45462 Signed-off-by: Thales Elero Cervi Change-Id: I78b78058e874d9eae7051ca0cb5a1fe09b2726a3 --- openstack-helm/centos/openstack-helm.spec | 10 +- ...ces-Cleanup-before-OpenStack-Removal.patch | 431 ------------------ ...Update-RBAC-authorization-api-to-v1.patch} | 0 ...r-helm-release-hooks-weights-helmv3.patch} | 0 ...Fixing-placement-helm-release-hooks.patch} | 0 ...nova-helm-release-hooks-and-weights.patch} | 0 .../debian/deb_folder/patches/series | 9 +- ...ces-Cleanup-before-OpenStack-Removal.patch | 431 ------------------ ...Update-RBAC-authorization-api-to-v1.patch} | 0 ...r-helm-release-hooks-weights-helmv3.patch} | 0 ...Fixing-placement-helm-release-hooks.patch} | 0 ...nova-helm-release-hooks-and-weights.patch} | 0 .../manifests/kustomization.yaml | 7 + .../manifests/libvirt/helmrelease.yaml | 41 ++ .../manifests/libvirt/kustomization.yaml | 20 + .../libvirt/libvirt-static-overrides.yaml | 39 ++ .../libvirt/libvirt-system-overrides.yaml | 0 .../manifests/neutron/helmrelease.yaml | 41 ++ .../manifests/neutron/kustomization.yaml | 20 + .../neutron/neutron-static-overrides.yaml | 243 ++++++++++ .../neutron/neutron-system-overrides.yaml | 0 .../manifests/nova-api-proxy/helmrelease.yaml | 41 ++ .../nova-api-proxy/kustomization.yaml | 20 + .../nova-api-proxy-static-overrides.yaml | 51 +++ .../nova-api-proxy-system-overrides.yaml | 0 .../manifests/nova/helmrelease.yaml | 41 ++ .../manifests/nova/kustomization.yaml | 20 + .../manifests/nova/nova-static-overrides.yaml | 259 +++++++++++ .../manifests/nova/nova-system-overrides.yaml | 0 .../manifests/openvswitch/helmrelease.yaml | 41 ++ .../manifests/openvswitch/kustomization.yaml | 20 + .../openvswitch-static-overrides.yaml | 29 ++ .../openvswitch-system-overrides.yaml | 0 .../pci-irq-affinity-agent/helmrelease.yaml | 41 ++ .../pci-irq-affinity-agent/kustomization.yaml | 20 + ...i-irq-affinity-agent-static-overrides.yaml | 19 + ...i-irq-affinity-agent-system-overrides.yaml | 0 .../manifests/placement/helmrelease.yaml | 41 ++ .../manifests/placement/kustomization.yaml | 20 + .../placement/placement-static-overrides.yaml | 84 ++++ .../placement/placement-system-overrides.yaml | 0 41 files changed, 1166 insertions(+), 873 deletions(-) delete mode 100644 openstack-helm/debian/deb_folder/patches/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch rename openstack-helm/debian/deb_folder/patches/{0017-Update-RBAC-authorization-api-to-v1.patch => 0016-Update-RBAC-authorization-api-to-v1.patch} (100%) rename openstack-helm/debian/deb_folder/patches/{0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch => 0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch} (100%) rename openstack-helm/debian/deb_folder/patches/{0019-Fixing-placement-helm-release-hooks.patch => 0018-Fixing-placement-helm-release-hooks.patch} (100%) rename openstack-helm/debian/deb_folder/patches/{0020-Fixing-nova-helm-release-hooks-and-weights.patch => 0019-Fixing-nova-helm-release-hooks-and-weights.patch} (100%) delete mode 100644 openstack-helm/files/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch rename openstack-helm/files/{0017-Update-RBAC-authorization-api-to-v1.patch => 0016-Update-RBAC-authorization-api-to-v1.patch} (100%) rename openstack-helm/files/{0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch => 0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch} (100%) rename openstack-helm/files/{0019-Fixing-placement-helm-release-hooks.patch => 0018-Fixing-placement-helm-release-hooks.patch} (100%) rename openstack-helm/files/{0020-Fixing-nova-helm-release-hooks-and-weights.patch => 0019-Fixing-nova-helm-release-hooks-and-weights.patch} (100%) create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/kustomization.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-system-overrides.yaml diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index fa29d022..b4e168c9 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -33,11 +33,10 @@ Patch12: 0012-Replace-deprecated-Nova-VNC-configurations.patch Patch13: 0013-Remove-TLS-from-openstack-services.patch Patch14: 0014-Remove-mariadb-and-rabbit-tls.patch Patch15: 0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch -Patch16: 0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch -Patch17: 0017-Update-RBAC-authorization-api-to-v1.patch -Patch18: 0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch -Patch19: 0019-Fixing-placement-helm-release-hooks.patch -Patch20: 0020-Fixing-nova-helm-release-hooks-and-weights.patch +Patch16: 0016-Update-RBAC-authorization-api-to-v1.patch +Patch17: 0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch +Patch18: 0018-Fixing-placement-helm-release-hooks.patch +Patch19: 0019-Fixing-nova-helm-release-hooks-and-weights.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -67,7 +66,6 @@ Openstack Helm charts %patch17 -p1 %patch18 -p1 %patch19 -p1 -%patch20 -p1 %build # Stage helm-toolkit in the local repo diff --git a/openstack-helm/debian/deb_folder/patches/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch b/openstack-helm/debian/deb_folder/patches/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch deleted file mode 100644 index b6c26e39..00000000 --- a/openstack-helm/debian/deb_folder/patches/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch +++ /dev/null @@ -1,431 +0,0 @@ -From 26035d478bc2e70182446658f3677b079818305e Mon Sep 17 00:00:00 2001 -From: rferraz -Date: Wed, 25 May 2022 05:49:04 -0300 -Subject: [PATCH] Network Resources Cleanup before OpenStack Removal - -This patch introduces a new job for the purpose -to cleanup network resources before OpenStack removal. - -Changes: - - - new file: neutron/templates/bin/_neutron-resources-cleanup.sh.tpl - - new file: neutron/templates/job-resources-cleanup.yaml - - modified: neutron/templates/configmap-bin.yaml - - modified: neutron/values.yaml - -Signed-off-by: rferraz ---- - .../bin/_neutron-resources-cleanup.sh.tpl | 220 ++++++++++++++++++ - neutron/templates/configmap-bin.yaml | 2 + - neutron/templates/job-resources-cleanup.yaml | 81 +++++++ - neutron/values.yaml | 31 +++ - 4 files changed, 334 insertions(+) - create mode 100644 neutron/templates/bin/_neutron-resources-cleanup.sh.tpl - create mode 100644 neutron/templates/job-resources-cleanup.yaml - -diff --git a/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl -new file mode 100644 -index 00000000..8d38373d ---- /dev/null -+++ b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl -@@ -0,0 +1,220 @@ -+#!/bin/bash -+ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+function cleanup_network_trunks() -+{ -+ TRUNKS=$(openstack network trunk list -c ID -f value) -+ PORTS=$(openstack network trunk list -c "Parent Port" -f value) -+ -+ for TRUNK in ${TRUNKS}; do -+ openstack network trunk delete ${TRUNK} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete trunk ${TRUNK}" -+ return ${RET} -+ fi -+ done -+ -+ for PORT in ${PORTS}; do -+ openstack port delete ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete port ${PORT}" -+ return ${RET} -+ fi -+ done -+ return 0 -+} -+ -+function cleanup_vm_instances() -+{ -+ local VMLIST="" -+ local ID="" -+ local RETRY=0 -+ -+ VMLIST=$(openstack server list --all-projects -c ID -f value) -+ for VM in ${VMLIST}; do -+ openstack server delete ${VM} --wait -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete VM ${ID}" -+ return ${RET} -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_floating_ips() -+{ -+ local IPLIST="" -+ local IP="" -+ -+ IPLIST=$(openstack floating ip list | grep -E "[0-9]+.[0-9]+.[0-9]+.[0-9]" | awk '{ print $2; }') -+ for IP in ${IPLIST}; do -+ openstack floating ip delete ${IP} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete floating ip ${IP}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_manual_ports() -+{ -+ PORTS=$(openstack port list --device-owner=compute:manual | grep -E "^\|\s\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\s\|" | awk '{ print $2; }') -+ for PORT in ${PORTS}; do -+ openstack port delete ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete manual port ${PORT}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_routers() -+{ -+ local ROUTERLIST="" -+ local ID="" -+ -+ ROUTERLIST=$(openstack router list -c ID -f value) -+ for ID in ${ROUTERLIST}; do -+ openstack router set ${ID} --no-route -+ openstack router unset --external-gateway ${ID} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to clear gateway on router ${ID}" -+ return 1 -+ fi -+ -+ PORTS=$(openstack port list --router ${ID} -c ID -f value) -+ for PORT in ${PORTS}; do -+ openstack router remove port ${ID} ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete interface ${PORT} from router ${ID}" -+ return ${RET} -+ fi -+ done -+ -+ openstack router delete ${ID} -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete router ${ID}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_application_ports() -+{ -+ NETS=$(openstack network list -c ID -f value) -+ for NET in $NETS; do -+ NET_PORTS=$(openstack port list --network $NET -c ID -f value) -+ for NET_PORT in $NET_PORTS; do -+ openstack port delete $NET_PORT -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete port ${NET_PORT}" -+ return 1 -+ fi -+ done -+ done -+ -+ return 0 -+} -+ -+function cleanup_networks() -+{ -+ local ID="" -+ NETLIST=$(openstack network list -c ID -f value) -+ for ID in ${NETLIST}; do -+ openstack network delete ${ID} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete network ${ID}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+date -+echo "Cleaning up network resources..." -+ -+echo "Cleaning up network trunks" -+cleanup_network_trunks -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup network trunks" -+fi -+ -+echo "Cleaning up VM instances" -+cleanup_vm_instances -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup VM instances" -+fi -+ -+echo "Cleaning up floating IP addresses" -+cleanup_floating_ips -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup floating IP addresses" -+fi -+ -+echo "Cleaning up manual ports" -+cleanup_manual_ports -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup manual ports" -+fi -+ -+echo "Cleaning up routers" -+cleanup_routers -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup routers" -+fi -+ -+echo "Cleaning up application ports" -+cleanup_application_ports -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup shared networks" -+fi -+ -+echo "Cleaning up networks" -+cleanup_networks -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup networks" -+fi -+ -+date -+echo "Cleanup finished" -+ -+exit 0 -diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml -index 2a6b9cff..647762c4 100644 ---- a/neutron/templates/configmap-bin.yaml -+++ b/neutron/templates/configmap-bin.yaml -@@ -95,6 +95,8 @@ data: - {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} - neutron-test-force-cleanup.sh: | - {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ neutron-resources-cleanup.sh: | -+{{ tuple "bin/_neutron-resources-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - {{- if ( has "tungstenfabric" .Values.network.backend ) }} - tf-plugin.pth: | - /opt/plugin/site-packages -diff --git a/neutron/templates/job-resources-cleanup.yaml b/neutron/templates/job-resources-cleanup.yaml -new file mode 100644 -index 00000000..9870305f ---- /dev/null -+++ b/neutron/templates/job-resources-cleanup.yaml -@@ -0,0 +1,81 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_resources_cleanup }} -+{{- $envAll := . }} -+ -+{{- $serviceAccountName := "neutron-resources-cleanup" }} -+{{ tuple $envAll "resources_cleanup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: batch/v1 -+kind: Job -+metadata: -+ name: {{ $serviceAccountName }} -+ labels: -+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ annotations: -+{{- if .Values.helm3_hook }} -+ "helm.sh/hook": pre-delete -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+{{- end }} -+{{- if .Values.helm2_hook }} -+ "helm.sh/hook": pre-delete -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+{{- end }} -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ backoffLimit: 2 -+ activeDeadlineSeconds: 1500 -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ restartPolicy: OnFailure -+{{ if .Values.pod.tolerations.neutron.enabled }} -+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} -+{{ end }} -+ nodeSelector: -+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "resources_cleanup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: {{ $serviceAccountName }} -+{{ tuple $envAll "neutron_resources_cleanup" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll .Values.pod.resources.jobs.resources_cleanup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" "container" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ env: -+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates}} -+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -+{{- end }} -+ command: -+ - /tmp/{{ $serviceAccountName }}.sh -+ volumeMounts: -+ - name: pod-tmp -+ mountPath: /tmp -+ - name: neutron-bin -+ mountPath: /tmp/{{ $serviceAccountName }}.sh -+ subPath: {{ $serviceAccountName }}.sh -+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} -+ volumes: -+ - name: pod-tmp -+ emptyDir: {} -+ - name: neutron-bin -+ configMap: -+ name: neutron-bin -+ defaultMode: 0555 -+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }} -+{{- end }} -diff --git a/neutron/values.yaml b/neutron/values.yaml -index dc73b68a..4be350e8 100644 ---- a/neutron/values.yaml -+++ b/neutron/values.yaml -@@ -42,6 +42,7 @@ images: - neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic - neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic - neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic -+ neutron_resources_cleanup: docker.io/openstackhelm/heat:stein-ubuntu_bionic - dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" -@@ -326,6 +327,21 @@ dependencies: - service: oslo_cache - - endpoint: internal - service: identity -+ resources_cleanup: -+ jobs: -+ - neutron-db-sync -+ - neutron-rabbit-init -+ services: -+ - endpoint: internal -+ service: oslo_messaging -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: compute -+ - endpoint: internal -+ service: network - tests: - services: - - endpoint: internal -@@ -547,6 +563,12 @@ pod: - neutron_netns_cleanup_cron: - readOnlyRootFilesystem: true - privileged: true -+ neutron_resources_cleanup: -+ pod: -+ runAsUser: 42424 -+ container: -+ neutron_resources_cleanup: -+ readOnlyRootFilesystem: true - affinity: - anti: - type: -@@ -836,6 +858,13 @@ pod: - limits: - memory: "1024Mi" - cpu: "2000m" -+ resources_cleanup: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" - - conf: - rally_tests: -@@ -2522,6 +2551,7 @@ network_policy: - egress: - - {} - -+helm2_hook: true - helm3_hook: true - - manifests: -@@ -2549,6 +2579,7 @@ manifests: - job_ks_service: true - job_ks_user: true - job_rabbit_init: true -+ job_resources_cleanup: true - pdb_server: true - pod_rally_test: true - network_policy: false --- -2.25.1 - diff --git a/openstack-helm/debian/deb_folder/patches/0017-Update-RBAC-authorization-api-to-v1.patch b/openstack-helm/debian/deb_folder/patches/0016-Update-RBAC-authorization-api-to-v1.patch similarity index 100% rename from openstack-helm/debian/deb_folder/patches/0017-Update-RBAC-authorization-api-to-v1.patch rename to openstack-helm/debian/deb_folder/patches/0016-Update-RBAC-authorization-api-to-v1.patch diff --git a/openstack-helm/debian/deb_folder/patches/0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch b/openstack-helm/debian/deb_folder/patches/0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch similarity index 100% rename from openstack-helm/debian/deb_folder/patches/0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch rename to openstack-helm/debian/deb_folder/patches/0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch diff --git a/openstack-helm/debian/deb_folder/patches/0019-Fixing-placement-helm-release-hooks.patch b/openstack-helm/debian/deb_folder/patches/0018-Fixing-placement-helm-release-hooks.patch similarity index 100% rename from openstack-helm/debian/deb_folder/patches/0019-Fixing-placement-helm-release-hooks.patch rename to openstack-helm/debian/deb_folder/patches/0018-Fixing-placement-helm-release-hooks.patch diff --git a/openstack-helm/debian/deb_folder/patches/0020-Fixing-nova-helm-release-hooks-and-weights.patch b/openstack-helm/debian/deb_folder/patches/0019-Fixing-nova-helm-release-hooks-and-weights.patch similarity index 100% rename from openstack-helm/debian/deb_folder/patches/0020-Fixing-nova-helm-release-hooks-and-weights.patch rename to openstack-helm/debian/deb_folder/patches/0019-Fixing-nova-helm-release-hooks-and-weights.patch diff --git a/openstack-helm/debian/deb_folder/patches/series b/openstack-helm/debian/deb_folder/patches/series index 4f22dd14..eca52717 100644 --- a/openstack-helm/debian/deb_folder/patches/series +++ b/openstack-helm/debian/deb_folder/patches/series @@ -12,8 +12,7 @@ 0013-Remove-TLS-from-openstack-services.patch 0014-Remove-mariadb-and-rabbit-tls.patch 0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch -0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch -0017-Update-RBAC-authorization-api-to-v1.patch -0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch -0019-Fixing-placement-helm-release-hooks.patch -0020-Fixing-nova-helm-release-hooks-and-weights.patch +0016-Update-RBAC-authorization-api-to-v1.patch +0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch +0018-Fixing-placement-helm-release-hooks.patch +0019-Fixing-nova-helm-release-hooks-and-weights.patch diff --git a/openstack-helm/files/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch b/openstack-helm/files/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch deleted file mode 100644 index b6c26e39..00000000 --- a/openstack-helm/files/0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch +++ /dev/null @@ -1,431 +0,0 @@ -From 26035d478bc2e70182446658f3677b079818305e Mon Sep 17 00:00:00 2001 -From: rferraz -Date: Wed, 25 May 2022 05:49:04 -0300 -Subject: [PATCH] Network Resources Cleanup before OpenStack Removal - -This patch introduces a new job for the purpose -to cleanup network resources before OpenStack removal. - -Changes: - - - new file: neutron/templates/bin/_neutron-resources-cleanup.sh.tpl - - new file: neutron/templates/job-resources-cleanup.yaml - - modified: neutron/templates/configmap-bin.yaml - - modified: neutron/values.yaml - -Signed-off-by: rferraz ---- - .../bin/_neutron-resources-cleanup.sh.tpl | 220 ++++++++++++++++++ - neutron/templates/configmap-bin.yaml | 2 + - neutron/templates/job-resources-cleanup.yaml | 81 +++++++ - neutron/values.yaml | 31 +++ - 4 files changed, 334 insertions(+) - create mode 100644 neutron/templates/bin/_neutron-resources-cleanup.sh.tpl - create mode 100644 neutron/templates/job-resources-cleanup.yaml - -diff --git a/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl -new file mode 100644 -index 00000000..8d38373d ---- /dev/null -+++ b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl -@@ -0,0 +1,220 @@ -+#!/bin/bash -+ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+function cleanup_network_trunks() -+{ -+ TRUNKS=$(openstack network trunk list -c ID -f value) -+ PORTS=$(openstack network trunk list -c "Parent Port" -f value) -+ -+ for TRUNK in ${TRUNKS}; do -+ openstack network trunk delete ${TRUNK} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete trunk ${TRUNK}" -+ return ${RET} -+ fi -+ done -+ -+ for PORT in ${PORTS}; do -+ openstack port delete ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete port ${PORT}" -+ return ${RET} -+ fi -+ done -+ return 0 -+} -+ -+function cleanup_vm_instances() -+{ -+ local VMLIST="" -+ local ID="" -+ local RETRY=0 -+ -+ VMLIST=$(openstack server list --all-projects -c ID -f value) -+ for VM in ${VMLIST}; do -+ openstack server delete ${VM} --wait -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete VM ${ID}" -+ return ${RET} -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_floating_ips() -+{ -+ local IPLIST="" -+ local IP="" -+ -+ IPLIST=$(openstack floating ip list | grep -E "[0-9]+.[0-9]+.[0-9]+.[0-9]" | awk '{ print $2; }') -+ for IP in ${IPLIST}; do -+ openstack floating ip delete ${IP} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete floating ip ${IP}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_manual_ports() -+{ -+ PORTS=$(openstack port list --device-owner=compute:manual | grep -E "^\|\s\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\s\|" | awk '{ print $2; }') -+ for PORT in ${PORTS}; do -+ openstack port delete ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete manual port ${PORT}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_routers() -+{ -+ local ROUTERLIST="" -+ local ID="" -+ -+ ROUTERLIST=$(openstack router list -c ID -f value) -+ for ID in ${ROUTERLIST}; do -+ openstack router set ${ID} --no-route -+ openstack router unset --external-gateway ${ID} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to clear gateway on router ${ID}" -+ return 1 -+ fi -+ -+ PORTS=$(openstack port list --router ${ID} -c ID -f value) -+ for PORT in ${PORTS}; do -+ openstack router remove port ${ID} ${PORT} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete interface ${PORT} from router ${ID}" -+ return ${RET} -+ fi -+ done -+ -+ openstack router delete ${ID} -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete router ${ID}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+function cleanup_application_ports() -+{ -+ NETS=$(openstack network list -c ID -f value) -+ for NET in $NETS; do -+ NET_PORTS=$(openstack port list --network $NET -c ID -f value) -+ for NET_PORT in $NET_PORTS; do -+ openstack port delete $NET_PORT -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete port ${NET_PORT}" -+ return 1 -+ fi -+ done -+ done -+ -+ return 0 -+} -+ -+function cleanup_networks() -+{ -+ local ID="" -+ NETLIST=$(openstack network list -c ID -f value) -+ for ID in ${NETLIST}; do -+ openstack network delete ${ID} -+ RET=$? -+ if [ ${RET} -ne 0 ]; then -+ echo "Failed to delete network ${ID}" -+ return 1 -+ fi -+ done -+ -+ return 0 -+} -+ -+date -+echo "Cleaning up network resources..." -+ -+echo "Cleaning up network trunks" -+cleanup_network_trunks -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup network trunks" -+fi -+ -+echo "Cleaning up VM instances" -+cleanup_vm_instances -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup VM instances" -+fi -+ -+echo "Cleaning up floating IP addresses" -+cleanup_floating_ips -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup floating IP addresses" -+fi -+ -+echo "Cleaning up manual ports" -+cleanup_manual_ports -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup manual ports" -+fi -+ -+echo "Cleaning up routers" -+cleanup_routers -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup routers" -+fi -+ -+echo "Cleaning up application ports" -+cleanup_application_ports -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup shared networks" -+fi -+ -+echo "Cleaning up networks" -+cleanup_networks -+RET=$? -+if [ ${RET} -ne 0 ]; then -+ echo "Failed to cleanup networks" -+fi -+ -+date -+echo "Cleanup finished" -+ -+exit 0 -diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml -index 2a6b9cff..647762c4 100644 ---- a/neutron/templates/configmap-bin.yaml -+++ b/neutron/templates/configmap-bin.yaml -@@ -95,6 +95,8 @@ data: - {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} - neutron-test-force-cleanup.sh: | - {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ neutron-resources-cleanup.sh: | -+{{ tuple "bin/_neutron-resources-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - {{- if ( has "tungstenfabric" .Values.network.backend ) }} - tf-plugin.pth: | - /opt/plugin/site-packages -diff --git a/neutron/templates/job-resources-cleanup.yaml b/neutron/templates/job-resources-cleanup.yaml -new file mode 100644 -index 00000000..9870305f ---- /dev/null -+++ b/neutron/templates/job-resources-cleanup.yaml -@@ -0,0 +1,81 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_resources_cleanup }} -+{{- $envAll := . }} -+ -+{{- $serviceAccountName := "neutron-resources-cleanup" }} -+{{ tuple $envAll "resources_cleanup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: batch/v1 -+kind: Job -+metadata: -+ name: {{ $serviceAccountName }} -+ labels: -+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ annotations: -+{{- if .Values.helm3_hook }} -+ "helm.sh/hook": pre-delete -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+{{- end }} -+{{- if .Values.helm2_hook }} -+ "helm.sh/hook": pre-delete -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+{{- end }} -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ backoffLimit: 2 -+ activeDeadlineSeconds: 1500 -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ restartPolicy: OnFailure -+{{ if .Values.pod.tolerations.neutron.enabled }} -+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} -+{{ end }} -+ nodeSelector: -+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "resources_cleanup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: {{ $serviceAccountName }} -+{{ tuple $envAll "neutron_resources_cleanup" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll .Values.pod.resources.jobs.resources_cleanup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" "container" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ env: -+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates}} -+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -+{{- end }} -+ command: -+ - /tmp/{{ $serviceAccountName }}.sh -+ volumeMounts: -+ - name: pod-tmp -+ mountPath: /tmp -+ - name: neutron-bin -+ mountPath: /tmp/{{ $serviceAccountName }}.sh -+ subPath: {{ $serviceAccountName }}.sh -+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} -+ volumes: -+ - name: pod-tmp -+ emptyDir: {} -+ - name: neutron-bin -+ configMap: -+ name: neutron-bin -+ defaultMode: 0555 -+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }} -+{{- end }} -diff --git a/neutron/values.yaml b/neutron/values.yaml -index dc73b68a..4be350e8 100644 ---- a/neutron/values.yaml -+++ b/neutron/values.yaml -@@ -42,6 +42,7 @@ images: - neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic - neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic - neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic -+ neutron_resources_cleanup: docker.io/openstackhelm/heat:stein-ubuntu_bionic - dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" -@@ -326,6 +327,21 @@ dependencies: - service: oslo_cache - - endpoint: internal - service: identity -+ resources_cleanup: -+ jobs: -+ - neutron-db-sync -+ - neutron-rabbit-init -+ services: -+ - endpoint: internal -+ service: oslo_messaging -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: compute -+ - endpoint: internal -+ service: network - tests: - services: - - endpoint: internal -@@ -547,6 +563,12 @@ pod: - neutron_netns_cleanup_cron: - readOnlyRootFilesystem: true - privileged: true -+ neutron_resources_cleanup: -+ pod: -+ runAsUser: 42424 -+ container: -+ neutron_resources_cleanup: -+ readOnlyRootFilesystem: true - affinity: - anti: - type: -@@ -836,6 +858,13 @@ pod: - limits: - memory: "1024Mi" - cpu: "2000m" -+ resources_cleanup: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" - - conf: - rally_tests: -@@ -2522,6 +2551,7 @@ network_policy: - egress: - - {} - -+helm2_hook: true - helm3_hook: true - - manifests: -@@ -2549,6 +2579,7 @@ manifests: - job_ks_service: true - job_ks_user: true - job_rabbit_init: true -+ job_resources_cleanup: true - pdb_server: true - pod_rally_test: true - network_policy: false --- -2.25.1 - diff --git a/openstack-helm/files/0017-Update-RBAC-authorization-api-to-v1.patch b/openstack-helm/files/0016-Update-RBAC-authorization-api-to-v1.patch similarity index 100% rename from openstack-helm/files/0017-Update-RBAC-authorization-api-to-v1.patch rename to openstack-helm/files/0016-Update-RBAC-authorization-api-to-v1.patch diff --git a/openstack-helm/files/0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch b/openstack-helm/files/0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch similarity index 100% rename from openstack-helm/files/0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch rename to openstack-helm/files/0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch diff --git a/openstack-helm/files/0019-Fixing-placement-helm-release-hooks.patch b/openstack-helm/files/0018-Fixing-placement-helm-release-hooks.patch similarity index 100% rename from openstack-helm/files/0019-Fixing-placement-helm-release-hooks.patch rename to openstack-helm/files/0018-Fixing-placement-helm-release-hooks.patch diff --git a/openstack-helm/files/0020-Fixing-nova-helm-release-hooks-and-weights.patch b/openstack-helm/files/0019-Fixing-nova-helm-release-hooks-and-weights.patch similarity index 100% rename from openstack-helm/files/0020-Fixing-nova-helm-release-hooks-and-weights.patch rename to openstack-helm/files/0019-Fixing-nova-helm-release-hooks-and-weights.patch diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml index 1012a158..35b774f3 100644 --- a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml @@ -23,4 +23,11 @@ resources: - glance - cinder - ceph-rgw + - placement + - nova + - nova-api-proxy + - neutron + - libvirt + - pci-irq-affinity-agent + - openvswitch ... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/helmrelease.yaml new file mode 100644 index 00000000..3ff54e56 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: libvirt + labels: + chart_group: openstack-libvirt +spec: + releaseName: osh-openstack-libvirt + chart: + spec: + chart: libvirt + version: 0.1.7 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: placement + namespace: openstack + valuesFrom: + - kind: Secret + name: libvirt-static-overrides + valuesKey: libvirt-static-overrides.yaml + - kind: Secret + name: libvirt-system-overrides + valuesKey: libvirt-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/kustomization.yaml new file mode 100644 index 00000000..b9e962e1 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: libvirt-static-overrides + files: + - libvirt-static-overrides.yaml + - name: libvirt-system-overrides + files: + - libvirt-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-static-overrides.yaml new file mode 100644 index 00000000..2541d677 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-static-overrides.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-libvirt +ceph_client: + user_secret_name: cinder-volume-rbd-keyring +labels: + agent: + libvirt: + node_selector_key: openstack-compute-node + node_selector_value: enabled +conf: + ceph: + enabled: true + kubernetes: + cgroup: "k8s-infra" +libvirt: + listen_addr: "::" +pod: + tolerations: + libvirt: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule +images: + tags: + ceph_config_helper: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223 + image_repo_sync: null + libvirt: docker.io/starlingx/stx-libvirt:master-centos-stable-latest +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/libvirt/libvirt-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/helmrelease.yaml new file mode 100644 index 00000000..288bb7b2 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: neutron + labels: + chart_group: openstack-neutron +spec: + releaseName: osh-openstack-neutron + chart: + spec: + chart: neutron + version: 0.2.9 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: placement + namespace: openstack + valuesFrom: + - kind: Secret + name: neutron-static-overrides + valuesKey: neutron-static-overrides.yaml + - kind: Secret + name: neutron-system-overrides + valuesKey: neutron-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/kustomization.yaml new file mode 100644 index 00000000..9ef5d6ec --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: neutron-static-overrides + files: + - neutron-static-overrides.yaml + - name: neutron-system-overrides + files: + - neutron-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-static-overrides.yaml new file mode 100644 index 00000000..e6fbcec0 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-static-overrides.yaml @@ -0,0 +1,243 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-neutron +endpoints: + oslo_messaging: + statefulset: + name: osh-openstack-rabbitmq-rabbitmq + identity: + force_public_endpoint: true +pod: + replicas: + server: 2 + security_context: + neutron_dhcp_agent: + pod: + runAsUser: 0 + neutron_l2gw_agent: + pod: + runAsUser: 0 + neutron_bagpipe_bgp: + pod: + runAsUser: 0 + neutron_l3_agent: + pod: + runAsUser: 0 + neutron_lb_agent: + pod: + runAsUser: 0 + neutron_metadata_agent: + pod: + runAsUser: 0 + neutron_ovs_agent: + pod: + runAsUser: 0 + neutron_server: + pod: + runAsUser: 0 + neutron_sriov_agent: + pod: + runAsUser: 0 + affinity: + anti: + type: + default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + neutron: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule + # Probes fail cause a long delay and eventual failure of the armada + # application apply. Need to determine the fix to re-enable these. + probes: + dhcp_agent: + dhcp_agent: + readiness: + enabled: false + liveness: + enabled: false + l3_agent: + l3_agent: + readiness: + enabled: false + liveness: + enabled: false + lb_agent: + lb_agent: + readiness: + enabled: false + liveness: + enabled: false + metadata_agent: + metadata_agent: + readiness: + enabled: false + liveness: + enabled: false + ovs_agent: + ovs_agent: + readiness: + enabled: false + liveness: + enabled: false + sriov_agent: + sriov_agent: + readiness: + enabled: false + liveness: + enabled: false +labels: + agent: + dhcp: + node_selector_key: openstack-compute-node + node_selector_value: enabled + l3: + node_selector_key: openstack-compute-node + node_selector_value: enabled + metadata: + node_selector_key: openstack-compute-node + node_selector_value: enabled + l2gw: + node_selector_key: openstack-compute-node + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + lb: + node_selector_key: linuxbridge + node_selector_value: enabled + # ovs is a special case, requiring a special + # label that can apply to both control hosts + # and compute hosts, until we get more sophisticated + # with our daemonset scheduling + ovs: + node_selector_key: openvswitch + node_selector_value: enabled + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled +images: + tags: + bootstrap: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest + image_repo_sync: null + ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest + neutron_db_sync: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_dhcp: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_l3: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_l2gw: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_openvswitch_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_linuxbridge_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_metadata: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_server: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_sriov_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_sriov_agent_init: docker.io/starlingx/stx-neutron:master-centos-stable-latest + test: null + purge_test: null + neutron_bagpipe_bgp: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_ironic_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest + neutron_netns_cleanup_cron: docker.io/starlingx/stx-neutron:master-centos-stable-latest +network: + interface: + tunnel: docker0 + backend: + - openvswitch + - sriov +dependencies: + static: + ovs_agent: + pod: null +conf: + neutron: + DEFAULT: + l3_ha: false + min_l3_agents_per_router: 1 + max_l3_agents_per_router: 1 + l3_ha_network_type: vxlan + dhcp_agents_per_network: 1 + max_overflow: 64 + max_pool_size: 1 + idle_timeout: 60 + rpc_response_max_timeout: 60 + router_status_managed: true + vlan_transparent: true + wsgi_default_pool_size: 100 + notify_nova_on_port_data_changes: true + notify_nova_on_port_status_changes: true + control_exchange: neutron + core_plugin: neutron.plugins.ml2.plugin.Ml2Plugin + state_path: /var/run/neutron + syslog_log_facility: local2 + use_syslog: true + pnet_audit_enabled: false + driver: messagingv2 + enable_proxy_headers_parsing: true + log_format: '[%(name)s] %(message)s' + policy_file: /etc/neutron/policy.json + service_plugins: router,network_segment_range + dns_domain: openstacklocal + enable_new_agents: false + allow_automatic_dhcp_failover: true + allow_automatic_l3agent_failover: true + # Increase from default of 75 seconds to avoid agents being declared + # down during controller swacts, reboots, etc... + agent_down_time: 180 + bind_host: "::" + oslo_concurrency: + lock_path: /var/run/neutron/lock + vhost: + vhost_user_enabled: true + keystone_authtoken: + auth_uri: http://keystone.openstack.svc.cluster.local:80/v3 + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + nova: + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + dhcp_agent: + DEFAULT: + enable_isolated_metadata: true + enable_metadata_network: false + interface_driver: openvswitch + resync_interval: 30 + l3_agent: + DEFAULT: + agent_mode: dvr_snat + interface_driver: openvswitch + metadata_port: 80 + plugins: + ml2_conf: + ml2: + mechanism_drivers: openvswitch,sriovnicswitch,l2population + path_mtu: 0 + tenant_network_types: vlan,vxlan + type_drivers: flat,vlan,vxlan + ml2_type_vxlan: + vni_ranges: '' + vxlan_group: '' + ovs_driver: + vhost_user_enabled: true + securitygroup: + firewall_driver: openvswitch + openvswitch_agent: + agent: + tunnel_types: vxlan + ovs: + bridge_mappings: public:br-ex + securitygroup: + firewall_driver: openvswitch +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/helmrelease.yaml new file mode 100644 index 00000000..46880c01 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: nova-api-proxy + labels: + chart_group: openstack-nova-api-proxy +spec: + releaseName: osh-openstack-nova-api-proxy + chart: + spec: + chart: nova-api-proxy + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: placement + namespace: openstack + valuesFrom: + - kind: Secret + name: nova-api-proxy-static-overrides + valuesKey: nova-api-proxy-static-overrides.yaml + - kind: Secret + name: nova-api-proxy-system-overrides + valuesKey: nova-api-proxy-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/kustomization.yaml new file mode 100644 index 00000000..ed68b457 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: nova-api-proxy-static-overrides + files: + - nova-api-proxy-static-overrides.yaml + - name: nova-api-proxy-system-overrides + files: + - nova-api-proxy-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-static-overrides.yaml new file mode 100644 index 00000000..17c8f0af --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-static-overrides.yaml @@ -0,0 +1,51 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-nova-api-proxy +images: + tags: + nova_api_proxy: docker.io/starlingx/stx-nova-api-proxy:master-centos-stable-latest + ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest +endpoints: + identity: + force_public_endpoint: true +pod: + affinity: + anti: + type: + default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + nova_api_proxy: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule + nova: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule +conf: + nova_api_proxy: + DEFAULT: + osapi_proxy_listen: "::" + nfvi_compute_listen: "::" + osapi_compute_listen: nova-api-internal.openstack.svc.cluster.local + osapi_compute_listen_port: 80 + keystone_authtoken: + interface: internal + auth_uri: http://keystone.openstack.svc.cluster.local:80/v3 + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova-api-proxy/nova-api-proxy-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/helmrelease.yaml new file mode 100644 index 00000000..5f5bb196 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: nova + labels: + chart_group: openstack-nova +spec: + releaseName: osh-openstack-nova + chart: + spec: + chart: nova + version: 0.2.21 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: placement + namespace: openstack + valuesFrom: + - kind: Secret + name: nova-static-overrides + valuesKey: nova-static-overrides.yaml + - kind: Secret + name: nova-system-overrides + valuesKey: nova-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/kustomization.yaml new file mode 100644 index 00000000..15a93b32 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: nova-static-overrides + files: + - nova-static-overrides.yaml + - name: nova-system-overrides + files: + - nova-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-static-overrides.yaml new file mode 100644 index 00000000..48cfbd43 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-static-overrides.yaml @@ -0,0 +1,259 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-nova +endpoints: + oslo_messaging: + statefulset: + name: osh-openstack-rabbitmq-rabbitmq + compute: + hosts: + public: nova-api-internal +manifests: + job_ks_endpoints: false + ingress_osapi: true + service_ingress_osapi: true + cron_job_cell_setup: false + statefulset_compute_ironic: false + deployment_placement: false + ingress_placement: false + job_db_init_placement: false + job_ks_placement_endpoints: false + job_ks_placement_service: false + job_ks_placement_user: false + pdb_placement: false + secret_keystone_placement: false + service_ingress_placement: false + service_placement: false + deployment_consoleauth: false +labels: + agent: + compute: + node_selector_key: openstack-compute-node + node_selector_value: enabled + compute_ironic: + node_selector_key: openstack-ironic + node_selector_value: enabled + api_metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + conductor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + consoleauth: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + novncproxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled + osapi: + node_selector_key: openstack-control-plane + node_selector_value: enabled + scheduler: + node_selector_key: openstack-control-plane + node_selector_value: enabled + spiceproxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled +images: + tags: + bootstrap: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest + image_repo_sync: null + ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest + nova_api: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_archive_deleted_rows: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_cell_setup: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_cell_setup_init: docker.io/starlingx/stx-heat:master-centos-stable-latest + nova_compute: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_compute_ironic: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_compute_ssh: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_conductor: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_consoleauth: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_db_sync: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_novncproxy: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_novncproxy_assets: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_placement: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_scheduler: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_service_cleaner: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223 + nova_spiceproxy: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_spiceproxy_assets: docker.io/starlingx/stx-nova:master-centos-stable-latest + nova_storage_init: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223 + test: null +pod: + useHostNetwork: + novncproxy: false + use_fqdn: + compute: false + replicas: + api_metadata: 1 + osapi: 1 + conductor: 1 + consoleauth: 1 + scheduler: 1 + novncproxy: 1 + affinity: + anti: + type: + default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + nova: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule + security_context: + nova: + pod: + # https://bugs.launchpad.net/starlingx/+bug/1956229 + runAsUser: 0 + probes: + readiness: + nova_scheduler: + enabled: false + liveness: + nova_scheduler: + enabled: false +conf: + ceph: + enabled: true + policy: + os_compute_api:limits: '@' + os_compute_api:os-availability-zone:list: '@' + nova: + DEFAULT: + allow_resize_to_same_host: true + default_mempages_size: 2048 + reserved_host_memory_mb: 0 + compute_monitors: cpu.virt_driver + running_deleted_instance_poll_interval: 60 + mkisofs_cmd: /usr/bin/genisoimage + network_allocate_retries: 2 + # Set number of block device allocate retries and interval + # for volume create when VM boots and creates a new volume. + # The total block allocate retries time is set to 2 hours + # to satisfy the volume allocation time on slow RPM disks + # which may take 1 hour and a half per volume when several + # volumes are created in parallel. + block_device_allocate_retries_interval: 3 + block_device_allocate_retries: 2400 + disk_allocation_ratio: 1.0 + cpu_allocation_ratio: 16.0 + ram_allocation_ratio: 1.0 + remove_unused_original_minimum_age_seconds: 3600 + enable_new_services: false + map_new_hosts: false + # Increase from default of 60 seconds to avoid services being + # declared down during controller swacts, reboots, etc... + service_down_time: 90 + long_rpc_timeout: 400 + osapi_compute_listen: "::" + metadata_listen: "::" + metadata_host: "::" + my_ip: "::" + keystone_authtoken: + interface: internal + auth_uri: http://keystone.openstack.svc.cluster.local:80/v3 + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + vnc: + novncproxy_host: "::" + server_listen: "::" + spice: + html5proxy_host: "::" + server_listen: "::" + compute: + max_concurrent_disk_ops: 2 + libvirt: + cpu_mode: host-model + live_migration_completion_timeout: 180 + live_migration_permit_auto_converge: true + mem_stats_period_seconds: 0 + rbd_user: cinder + # Allow up to 1 day for resize conf + remove_unused_resized_minimum_age_seconds: 86400 + database: + idle_timeout: 60 + max_overflow: 64 + max_pool_size: 1 + api_database: + idle_timeout: 60 + max_overflow: 64 + max_pool_size: 1 + cell0_database: + idle_timeout: 60 + max_overflow: 64 + max_pool_size: 1 + glance: + api_servers: http://glance.openstack.svc.cluster.local:80/ + ironic: + api_endpoint: http://ironic.openstack.svc.cluster.local:80/ + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + placement: + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + neutron: + default_floating_pool: public + url: http://neutron.openstack.svc.cluster.local:80/ + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + notifications: + notification_format: unversioned + filter_scheduler: + build_failure_weight_multiplier: 0.0 + cpu_weight_multiplier: 0.0 + disk_weight_multiplier: 0.0 + enabled_filters: + - RetryFilter + - ComputeFilter + - AvailabilityZoneFilter + - AggregateInstanceExtraSpecsFilter + - ComputeCapabilitiesFilter + - ImagePropertiesFilter + - NUMATopologyFilter + - ServerGroupAffinityFilter + - ServerGroupAntiAffinityFilter + - PciPassthroughFilter + pci_weight_multiplier: 0.0 + ram_weight_multiplier: 0.0 + shuffle_best_same_weighed_hosts: true + soft_affinity_weight_multiplier: 20.0 + soft_anti_affinity_weight_multiplier: 20.0 + scheduler: + workers: 1 + discover_hosts_in_cells_interval: 30 + periodic_task_interval: -1 + service_user: + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + send_service_user_token: true + metrics: + required: false + workarounds: + enable_numa_live_migration: true + hypervisor: + address_search_enabled: false + ssh: | + Host * + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + Port {{ .Values.network.ssh.port }} +network: + ssh: + enabled: true +console: + address_search_enabled: false +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/helmrelease.yaml new file mode 100644 index 00000000..53243d85 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: openvswitch + labels: + chart_group: openstack-openvswitch +spec: + releaseName: osh-openstack-openvswitch + chart: + spec: + chart: openvswitch + version: 0.1.5 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: placement + namespace: openstack + valuesFrom: + - kind: Secret + name: openvswitch-static-overrides + valuesKey: openvswitch-static-overrides.yaml + - kind: Secret + name: openvswitch-system-overrides + valuesKey: openvswitch-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/kustomization.yaml new file mode 100644 index 00000000..504ddb3c --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: openvswitch-static-overrides + files: + - openvswitch-static-overrides.yaml + - name: openvswitch-system-overrides + files: + - openvswitch-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-static-overrides.yaml new file mode 100644 index 00000000..889673d2 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-static-overrides.yaml @@ -0,0 +1,29 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-openvswitch +labels: + ovs: + node_selector_key: openvswitch + node_selector_value: enabled +images: + tags: + image_repo_sync: null + openvswitch_db_server: docker.io/starlingx/stx-ovs:master-centos-stable-latest + openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest +pod: + tolerations: + openvswitch: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/openvswitch/openvswitch-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/helmrelease.yaml new file mode 100644 index 00000000..5a45e0ce --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: pci-irq-affinity-agent + labels: + chart_group: openstack-pci-irq-affinity-agent +spec: + releaseName: osh-openstack-pci-irq-affinity-agent + chart: + spec: + chart: pci-irq-affinity-agent + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: nova + namespace: openstack + valuesFrom: + - kind: Secret + name: pci-irq-affinity-agent-static-overrides + valuesKey: pci-irq-affinity-agent-static-overrides.yaml + - kind: Secret + name: pci-irq-affinity-agent-system-overrides + valuesKey: pci-irq-affinity-agent-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/kustomization.yaml new file mode 100644 index 00000000..ab5da988 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: pci-irq-affinity-agent-static-overrides + files: + - pci-irq-affinity-agent-static-overrides.yaml + - name: pci-irq-affinity-agent-system-overrides + files: + - pci-irq-affinity-agent-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-static-overrides.yaml new file mode 100644 index 00000000..804fd39f --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-static-overrides.yaml @@ -0,0 +1,19 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-pci-irq-affinity-agent +images: + tags: + pci_irq_affinity_agent: docker.io/starlingx/stx-pci-irq-affinity-agent:master-centos-stable-latest +tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/pci-irq-affinity-agent/pci-irq-affinity-agent-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/helmrelease.yaml new file mode 100644 index 00000000..5354e96c --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: placement + labels: + chart_group: openstack-placement +spec: + releaseName: osh-openstack-placement + chart: + spec: + chart: placement + version: 0.2.4 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: cinder + namespace: openstack + valuesFrom: + - kind: Secret + name: placement-static-overrides + valuesKey: placement-static-overrides.yaml + - kind: Secret + name: placement-system-overrides + valuesKey: placement-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/kustomization.yaml new file mode 100644 index 00000000..473ebfae --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: placement-static-overrides + files: + - placement-static-overrides.yaml + - name: placement-system-overrides + files: + - placement-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-static-overrides.yaml new file mode 100644 index 00000000..a148aee6 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-static-overrides.yaml @@ -0,0 +1,84 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-placement +endpoints: + identity: + force_public_endpoint: true +labels: + placement: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled +images: + tags: + db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest + db_migrate: quay.io/airshipit/porthole-mysqlclient-utility:179e19a91fc75052da2f5d1de5c1a273d5407c3b-ubuntu_bionic + image_repo_sync: null + ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest + ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest + placement: docker.io/starlingx/stx-placement:master-centos-stable-latest + placement_db_sync: docker.io/starlingx/stx-placement:master-centos-stable-latest +pod: + replicas: + placement: 1 + affinity: + anti: + type: + default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + placement: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: openstack-compute-node + operator: Exists + effect: NoSchedule +conf: + placement: + DEFAULT: + log_config_append: /etc/placement/logging.conf + keystone_authtoken: + auth_uri: http://keystone.openstack.svc.cluster.local:80/v3 + auth_url: http://keystone.openstack.svc.cluster.local:80/v3 + wsgi_placement: | + Listen :::{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + WSGISocketPrefix /var/run/httpd/wsgi + + WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP} python-home=/var/lib/openstack socket-user=apache + WSGIProcessGroup placement-api + WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /dev/stdout + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + Alias /placement /var/www/cgi-bin/placement/placement-api + + SetHandler wsgi-script + Options +ExecCGI + WSGIProcessGroup placement-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-system-overrides.yaml new file mode 100644 index 00000000..e69de29b