Partial FluxCD version of stx-openstack: compute

This is continuing previous work [1] of the openstack app
migration to FluxCD, adding compute-kit related charts.
This change includes the following charts:
libvirt, nova, nova-api-proxy, pci-irq-affinity-agent, neutron,
placement and openvswitch.

In order to complete the fluxcd migration it was also necessary to
remove the openstack-helm Patch0016, made to fix an intermttent issue
and only compatible to Armada (helmv2 and old operators). It does not
fix a major issue and should be safe to be removed for a while during
this migration. Its FluxCD version will be tracked by Task 46426,
probably implemented using the current cinder-clean job as an example.

Test Plan:
PASS - build-helm-charts.sh builds a basic FluxCD app tarball
PASS - application upload and overrides generated
PASS - application apply/remove/delete

[1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/848166

Story: 2009138
Task: 45462

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I78b78058e874d9eae7051ca0cb5a1fe09b2726a3
This commit is contained in:
Thales Elero Cervi 2022-06-29 17:17:02 -03:00
parent e60e80155a
commit 541ba72c88
41 changed files with 1166 additions and 873 deletions

View File

@ -33,11 +33,10 @@ Patch12: 0012-Replace-deprecated-Nova-VNC-configurations.patch
Patch13: 0013-Remove-TLS-from-openstack-services.patch Patch13: 0013-Remove-TLS-from-openstack-services.patch
Patch14: 0014-Remove-mariadb-and-rabbit-tls.patch Patch14: 0014-Remove-mariadb-and-rabbit-tls.patch
Patch15: 0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch Patch15: 0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch
Patch16: 0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch Patch16: 0016-Update-RBAC-authorization-api-to-v1.patch
Patch17: 0017-Update-RBAC-authorization-api-to-v1.patch Patch17: 0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
Patch18: 0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch Patch18: 0018-Fixing-placement-helm-release-hooks.patch
Patch19: 0019-Fixing-placement-helm-release-hooks.patch Patch19: 0019-Fixing-nova-helm-release-hooks-and-weights.patch
Patch20: 0020-Fixing-nova-helm-release-hooks-and-weights.patch
BuildRequires: helm BuildRequires: helm
BuildRequires: openstack-helm-infra BuildRequires: openstack-helm-infra
@ -67,7 +66,6 @@ Openstack Helm charts
%patch17 -p1 %patch17 -p1
%patch18 -p1 %patch18 -p1
%patch19 -p1 %patch19 -p1
%patch20 -p1
%build %build
# Stage helm-toolkit in the local repo # Stage helm-toolkit in the local repo

View File

@ -1,431 +0,0 @@
From 26035d478bc2e70182446658f3677b079818305e Mon Sep 17 00:00:00 2001
From: rferraz <RogerioOliveira.Ferraz@windriver.com>
Date: Wed, 25 May 2022 05:49:04 -0300
Subject: [PATCH] Network Resources Cleanup before OpenStack Removal
This patch introduces a new job for the purpose
to cleanup network resources before OpenStack removal.
Changes:
- new file: neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
- new file: neutron/templates/job-resources-cleanup.yaml
- modified: neutron/templates/configmap-bin.yaml
- modified: neutron/values.yaml
Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
---
.../bin/_neutron-resources-cleanup.sh.tpl | 220 ++++++++++++++++++
neutron/templates/configmap-bin.yaml | 2 +
neutron/templates/job-resources-cleanup.yaml | 81 +++++++
neutron/values.yaml | 31 +++
4 files changed, 334 insertions(+)
create mode 100644 neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
create mode 100644 neutron/templates/job-resources-cleanup.yaml
diff --git a/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
new file mode 100644
index 00000000..8d38373d
--- /dev/null
+++ b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
@@ -0,0 +1,220 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+function cleanup_network_trunks()
+{
+ TRUNKS=$(openstack network trunk list -c ID -f value)
+ PORTS=$(openstack network trunk list -c "Parent Port" -f value)
+
+ for TRUNK in ${TRUNKS}; do
+ openstack network trunk delete ${TRUNK}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete trunk ${TRUNK}"
+ return ${RET}
+ fi
+ done
+
+ for PORT in ${PORTS}; do
+ openstack port delete ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete port ${PORT}"
+ return ${RET}
+ fi
+ done
+ return 0
+}
+
+function cleanup_vm_instances()
+{
+ local VMLIST=""
+ local ID=""
+ local RETRY=0
+
+ VMLIST=$(openstack server list --all-projects -c ID -f value)
+ for VM in ${VMLIST}; do
+ openstack server delete ${VM} --wait
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete VM ${ID}"
+ return ${RET}
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_floating_ips()
+{
+ local IPLIST=""
+ local IP=""
+
+ IPLIST=$(openstack floating ip list | grep -E "[0-9]+.[0-9]+.[0-9]+.[0-9]" | awk '{ print $2; }')
+ for IP in ${IPLIST}; do
+ openstack floating ip delete ${IP}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete floating ip ${IP}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_manual_ports()
+{
+ PORTS=$(openstack port list --device-owner=compute:manual | grep -E "^\|\s\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\s\|" | awk '{ print $2; }')
+ for PORT in ${PORTS}; do
+ openstack port delete ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete manual port ${PORT}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_routers()
+{
+ local ROUTERLIST=""
+ local ID=""
+
+ ROUTERLIST=$(openstack router list -c ID -f value)
+ for ID in ${ROUTERLIST}; do
+ openstack router set ${ID} --no-route
+ openstack router unset --external-gateway ${ID}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to clear gateway on router ${ID}"
+ return 1
+ fi
+
+ PORTS=$(openstack port list --router ${ID} -c ID -f value)
+ for PORT in ${PORTS}; do
+ openstack router remove port ${ID} ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete interface ${PORT} from router ${ID}"
+ return ${RET}
+ fi
+ done
+
+ openstack router delete ${ID}
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete router ${ID}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_application_ports()
+{
+ NETS=$(openstack network list -c ID -f value)
+ for NET in $NETS; do
+ NET_PORTS=$(openstack port list --network $NET -c ID -f value)
+ for NET_PORT in $NET_PORTS; do
+ openstack port delete $NET_PORT
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete port ${NET_PORT}"
+ return 1
+ fi
+ done
+ done
+
+ return 0
+}
+
+function cleanup_networks()
+{
+ local ID=""
+ NETLIST=$(openstack network list -c ID -f value)
+ for ID in ${NETLIST}; do
+ openstack network delete ${ID}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete network ${ID}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+date
+echo "Cleaning up network resources..."
+
+echo "Cleaning up network trunks"
+cleanup_network_trunks
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup network trunks"
+fi
+
+echo "Cleaning up VM instances"
+cleanup_vm_instances
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup VM instances"
+fi
+
+echo "Cleaning up floating IP addresses"
+cleanup_floating_ips
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup floating IP addresses"
+fi
+
+echo "Cleaning up manual ports"
+cleanup_manual_ports
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup manual ports"
+fi
+
+echo "Cleaning up routers"
+cleanup_routers
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup routers"
+fi
+
+echo "Cleaning up application ports"
+cleanup_application_ports
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup shared networks"
+fi
+
+echo "Cleaning up networks"
+cleanup_networks
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup networks"
+fi
+
+date
+echo "Cleanup finished"
+
+exit 0
diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml
index 2a6b9cff..647762c4 100644
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@@ -95,6 +95,8 @@ data:
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
neutron-test-force-cleanup.sh: |
{{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-resources-cleanup.sh: |
+{{ tuple "bin/_neutron-resources-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
tf-plugin.pth: |
/opt/plugin/site-packages
diff --git a/neutron/templates/job-resources-cleanup.yaml b/neutron/templates/job-resources-cleanup.yaml
new file mode 100644
index 00000000..9870305f
--- /dev/null
+++ b/neutron/templates/job-resources-cleanup.yaml
@@ -0,0 +1,81 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_resources_cleanup }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "neutron-resources-cleanup" }}
+{{ tuple $envAll "resources_cleanup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ $serviceAccountName }}
+ labels:
+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ annotations:
+{{- if .Values.helm3_hook }}
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+{{- end }}
+{{- if .Values.helm2_hook }}
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+{{- end }}
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+spec:
+ backoffLimit: 2
+ activeDeadlineSeconds: 1500
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+{{ if .Values.pod.tolerations.neutron.enabled }}
+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "resources_cleanup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: {{ $serviceAccountName }}
+{{ tuple $envAll "neutron_resources_cleanup" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll .Values.pod.resources.jobs.resources_cleanup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" "container" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates}}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ command:
+ - /tmp/{{ $serviceAccountName }}.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: neutron-bin
+ mountPath: /tmp/{{ $serviceAccountName }}.sh
+ subPath: {{ $serviceAccountName }}.sh
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: neutron-bin
+ configMap:
+ name: neutron-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index dc73b68a..4be350e8 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -42,6 +42,7 @@ images:
neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
+ neutron_resources_cleanup: docker.io/openstackhelm/heat:stein-ubuntu_bionic
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
@@ -326,6 +327,21 @@ dependencies:
service: oslo_cache
- endpoint: internal
service: identity
+ resources_cleanup:
+ jobs:
+ - neutron-db-sync
+ - neutron-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_messaging
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: compute
+ - endpoint: internal
+ service: network
tests:
services:
- endpoint: internal
@@ -547,6 +563,12 @@ pod:
neutron_netns_cleanup_cron:
readOnlyRootFilesystem: true
privileged: true
+ neutron_resources_cleanup:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_resources_cleanup:
+ readOnlyRootFilesystem: true
affinity:
anti:
type:
@@ -836,6 +858,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ resources_cleanup:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
conf:
rally_tests:
@@ -2522,6 +2551,7 @@ network_policy:
egress:
- {}
+helm2_hook: true
helm3_hook: true
manifests:
@@ -2549,6 +2579,7 @@ manifests:
job_ks_service: true
job_ks_user: true
job_rabbit_init: true
+ job_resources_cleanup: true
pdb_server: true
pod_rally_test: true
network_policy: false
--
2.25.1

View File

@ -12,8 +12,7 @@
0013-Remove-TLS-from-openstack-services.patch 0013-Remove-TLS-from-openstack-services.patch
0014-Remove-mariadb-and-rabbit-tls.patch 0014-Remove-mariadb-and-rabbit-tls.patch
0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch 0015-Decrease-terminationGracePeriodSeconds-on-glance-api.patch
0016-Network-Resources-Cleanup-before-OpenStack-Removal.patch 0016-Update-RBAC-authorization-api-to-v1.patch
0017-Update-RBAC-authorization-api-to-v1.patch 0017-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
0018-Fixing-cinder-helm-release-hooks-weights-helmv3.patch 0018-Fixing-placement-helm-release-hooks.patch
0019-Fixing-placement-helm-release-hooks.patch 0019-Fixing-nova-helm-release-hooks-and-weights.patch
0020-Fixing-nova-helm-release-hooks-and-weights.patch

View File

@ -1,431 +0,0 @@
From 26035d478bc2e70182446658f3677b079818305e Mon Sep 17 00:00:00 2001
From: rferraz <RogerioOliveira.Ferraz@windriver.com>
Date: Wed, 25 May 2022 05:49:04 -0300
Subject: [PATCH] Network Resources Cleanup before OpenStack Removal
This patch introduces a new job for the purpose
to cleanup network resources before OpenStack removal.
Changes:
- new file: neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
- new file: neutron/templates/job-resources-cleanup.yaml
- modified: neutron/templates/configmap-bin.yaml
- modified: neutron/values.yaml
Signed-off-by: rferraz <RogerioOliveira.Ferraz@windriver.com>
---
.../bin/_neutron-resources-cleanup.sh.tpl | 220 ++++++++++++++++++
neutron/templates/configmap-bin.yaml | 2 +
neutron/templates/job-resources-cleanup.yaml | 81 +++++++
neutron/values.yaml | 31 +++
4 files changed, 334 insertions(+)
create mode 100644 neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
create mode 100644 neutron/templates/job-resources-cleanup.yaml
diff --git a/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
new file mode 100644
index 00000000..8d38373d
--- /dev/null
+++ b/neutron/templates/bin/_neutron-resources-cleanup.sh.tpl
@@ -0,0 +1,220 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+function cleanup_network_trunks()
+{
+ TRUNKS=$(openstack network trunk list -c ID -f value)
+ PORTS=$(openstack network trunk list -c "Parent Port" -f value)
+
+ for TRUNK in ${TRUNKS}; do
+ openstack network trunk delete ${TRUNK}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete trunk ${TRUNK}"
+ return ${RET}
+ fi
+ done
+
+ for PORT in ${PORTS}; do
+ openstack port delete ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete port ${PORT}"
+ return ${RET}
+ fi
+ done
+ return 0
+}
+
+function cleanup_vm_instances()
+{
+ local VMLIST=""
+ local ID=""
+ local RETRY=0
+
+ VMLIST=$(openstack server list --all-projects -c ID -f value)
+ for VM in ${VMLIST}; do
+ openstack server delete ${VM} --wait
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete VM ${ID}"
+ return ${RET}
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_floating_ips()
+{
+ local IPLIST=""
+ local IP=""
+
+ IPLIST=$(openstack floating ip list | grep -E "[0-9]+.[0-9]+.[0-9]+.[0-9]" | awk '{ print $2; }')
+ for IP in ${IPLIST}; do
+ openstack floating ip delete ${IP}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete floating ip ${IP}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_manual_ports()
+{
+ PORTS=$(openstack port list --device-owner=compute:manual | grep -E "^\|\s\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\s\|" | awk '{ print $2; }')
+ for PORT in ${PORTS}; do
+ openstack port delete ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete manual port ${PORT}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_routers()
+{
+ local ROUTERLIST=""
+ local ID=""
+
+ ROUTERLIST=$(openstack router list -c ID -f value)
+ for ID in ${ROUTERLIST}; do
+ openstack router set ${ID} --no-route
+ openstack router unset --external-gateway ${ID}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to clear gateway on router ${ID}"
+ return 1
+ fi
+
+ PORTS=$(openstack port list --router ${ID} -c ID -f value)
+ for PORT in ${PORTS}; do
+ openstack router remove port ${ID} ${PORT}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete interface ${PORT} from router ${ID}"
+ return ${RET}
+ fi
+ done
+
+ openstack router delete ${ID}
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete router ${ID}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+function cleanup_application_ports()
+{
+ NETS=$(openstack network list -c ID -f value)
+ for NET in $NETS; do
+ NET_PORTS=$(openstack port list --network $NET -c ID -f value)
+ for NET_PORT in $NET_PORTS; do
+ openstack port delete $NET_PORT
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete port ${NET_PORT}"
+ return 1
+ fi
+ done
+ done
+
+ return 0
+}
+
+function cleanup_networks()
+{
+ local ID=""
+ NETLIST=$(openstack network list -c ID -f value)
+ for ID in ${NETLIST}; do
+ openstack network delete ${ID}
+ RET=$?
+ if [ ${RET} -ne 0 ]; then
+ echo "Failed to delete network ${ID}"
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+date
+echo "Cleaning up network resources..."
+
+echo "Cleaning up network trunks"
+cleanup_network_trunks
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup network trunks"
+fi
+
+echo "Cleaning up VM instances"
+cleanup_vm_instances
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup VM instances"
+fi
+
+echo "Cleaning up floating IP addresses"
+cleanup_floating_ips
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup floating IP addresses"
+fi
+
+echo "Cleaning up manual ports"
+cleanup_manual_ports
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup manual ports"
+fi
+
+echo "Cleaning up routers"
+cleanup_routers
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup routers"
+fi
+
+echo "Cleaning up application ports"
+cleanup_application_ports
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup shared networks"
+fi
+
+echo "Cleaning up networks"
+cleanup_networks
+RET=$?
+if [ ${RET} -ne 0 ]; then
+ echo "Failed to cleanup networks"
+fi
+
+date
+echo "Cleanup finished"
+
+exit 0
diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml
index 2a6b9cff..647762c4 100644
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@@ -95,6 +95,8 @@ data:
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
neutron-test-force-cleanup.sh: |
{{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-resources-cleanup.sh: |
+{{ tuple "bin/_neutron-resources-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
tf-plugin.pth: |
/opt/plugin/site-packages
diff --git a/neutron/templates/job-resources-cleanup.yaml b/neutron/templates/job-resources-cleanup.yaml
new file mode 100644
index 00000000..9870305f
--- /dev/null
+++ b/neutron/templates/job-resources-cleanup.yaml
@@ -0,0 +1,81 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_resources_cleanup }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "neutron-resources-cleanup" }}
+{{ tuple $envAll "resources_cleanup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ $serviceAccountName }}
+ labels:
+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ annotations:
+{{- if .Values.helm3_hook }}
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+{{- end }}
+{{- if .Values.helm2_hook }}
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+{{- end }}
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+spec:
+ backoffLimit: 2
+ activeDeadlineSeconds: 1500
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "neutron" "resources_cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+{{ if .Values.pod.tolerations.neutron.enabled }}
+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "resources_cleanup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: {{ $serviceAccountName }}
+{{ tuple $envAll "neutron_resources_cleanup" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll .Values.pod.resources.jobs.resources_cleanup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_resources_cleanup" "container" "neutron_resources_cleanup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates}}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ command:
+ - /tmp/{{ $serviceAccountName }}.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: neutron-bin
+ mountPath: /tmp/{{ $serviceAccountName }}.sh
+ subPath: {{ $serviceAccountName }}.sh
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: neutron-bin
+ configMap:
+ name: neutron-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index dc73b68a..4be350e8 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -42,6 +42,7 @@ images:
neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
+ neutron_resources_cleanup: docker.io/openstackhelm/heat:stein-ubuntu_bionic
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
@@ -326,6 +327,21 @@ dependencies:
service: oslo_cache
- endpoint: internal
service: identity
+ resources_cleanup:
+ jobs:
+ - neutron-db-sync
+ - neutron-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_messaging
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: compute
+ - endpoint: internal
+ service: network
tests:
services:
- endpoint: internal
@@ -547,6 +563,12 @@ pod:
neutron_netns_cleanup_cron:
readOnlyRootFilesystem: true
privileged: true
+ neutron_resources_cleanup:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_resources_cleanup:
+ readOnlyRootFilesystem: true
affinity:
anti:
type:
@@ -836,6 +858,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ resources_cleanup:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
conf:
rally_tests:
@@ -2522,6 +2551,7 @@ network_policy:
egress:
- {}
+helm2_hook: true
helm3_hook: true
manifests:
@@ -2549,6 +2579,7 @@ manifests:
job_ks_service: true
job_ks_user: true
job_rabbit_init: true
+ job_resources_cleanup: true
pdb_server: true
pod_rally_test: true
network_policy: false
--
2.25.1

View File

@ -23,4 +23,11 @@ resources:
- glance - glance
- cinder - cinder
- ceph-rgw - ceph-rgw
- placement
- nova
- nova-api-proxy
- neutron
- libvirt
- pci-irq-affinity-agent
- openvswitch
... ...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: libvirt
labels:
chart_group: openstack-libvirt
spec:
releaseName: osh-openstack-libvirt
chart:
spec:
chart: libvirt
version: 0.1.7
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: placement
namespace: openstack
valuesFrom:
- kind: Secret
name: libvirt-static-overrides
valuesKey: libvirt-static-overrides.yaml
- kind: Secret
name: libvirt-system-overrides
valuesKey: libvirt-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: libvirt-static-overrides
files:
- libvirt-static-overrides.yaml
- name: libvirt-system-overrides
files:
- libvirt-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,39 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-libvirt
ceph_client:
user_secret_name: cinder-volume-rbd-keyring
labels:
agent:
libvirt:
node_selector_key: openstack-compute-node
node_selector_value: enabled
conf:
ceph:
enabled: true
kubernetes:
cgroup: "k8s-infra"
libvirt:
listen_addr: "::"
pod:
tolerations:
libvirt:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
images:
tags:
ceph_config_helper: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
image_repo_sync: null
libvirt: docker.io/starlingx/stx-libvirt:master-centos-stable-latest
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: neutron
labels:
chart_group: openstack-neutron
spec:
releaseName: osh-openstack-neutron
chart:
spec:
chart: neutron
version: 0.2.9
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: placement
namespace: openstack
valuesFrom:
- kind: Secret
name: neutron-static-overrides
valuesKey: neutron-static-overrides.yaml
- kind: Secret
name: neutron-system-overrides
valuesKey: neutron-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: neutron-static-overrides
files:
- neutron-static-overrides.yaml
- name: neutron-system-overrides
files:
- neutron-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,243 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-neutron
endpoints:
oslo_messaging:
statefulset:
name: osh-openstack-rabbitmq-rabbitmq
identity:
force_public_endpoint: true
pod:
replicas:
server: 2
security_context:
neutron_dhcp_agent:
pod:
runAsUser: 0
neutron_l2gw_agent:
pod:
runAsUser: 0
neutron_bagpipe_bgp:
pod:
runAsUser: 0
neutron_l3_agent:
pod:
runAsUser: 0
neutron_lb_agent:
pod:
runAsUser: 0
neutron_metadata_agent:
pod:
runAsUser: 0
neutron_ovs_agent:
pod:
runAsUser: 0
neutron_server:
pod:
runAsUser: 0
neutron_sriov_agent:
pod:
runAsUser: 0
affinity:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
neutron:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
# Probes fail cause a long delay and eventual failure of the armada
# application apply. Need to determine the fix to re-enable these.
probes:
dhcp_agent:
dhcp_agent:
readiness:
enabled: false
liveness:
enabled: false
l3_agent:
l3_agent:
readiness:
enabled: false
liveness:
enabled: false
lb_agent:
lb_agent:
readiness:
enabled: false
liveness:
enabled: false
metadata_agent:
metadata_agent:
readiness:
enabled: false
liveness:
enabled: false
ovs_agent:
ovs_agent:
readiness:
enabled: false
liveness:
enabled: false
sriov_agent:
sriov_agent:
readiness:
enabled: false
liveness:
enabled: false
labels:
agent:
dhcp:
node_selector_key: openstack-compute-node
node_selector_value: enabled
l3:
node_selector_key: openstack-compute-node
node_selector_value: enabled
metadata:
node_selector_key: openstack-compute-node
node_selector_value: enabled
l2gw:
node_selector_key: openstack-compute-node
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
lb:
node_selector_key: linuxbridge
node_selector_value: enabled
# ovs is a special case, requiring a special
# label that can apply to both control hosts
# and compute hosts, until we get more sophisticated
# with our daemonset scheduling
ovs:
node_selector_key: openvswitch
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
bootstrap: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest
image_repo_sync: null
ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
neutron_db_sync: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_dhcp: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_l3: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_l2gw: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_openvswitch_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_linuxbridge_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_metadata: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_server: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_sriov_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_sriov_agent_init: docker.io/starlingx/stx-neutron:master-centos-stable-latest
test: null
purge_test: null
neutron_bagpipe_bgp: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_ironic_agent: docker.io/starlingx/stx-neutron:master-centos-stable-latest
neutron_netns_cleanup_cron: docker.io/starlingx/stx-neutron:master-centos-stable-latest
network:
interface:
tunnel: docker0
backend:
- openvswitch
- sriov
dependencies:
static:
ovs_agent:
pod: null
conf:
neutron:
DEFAULT:
l3_ha: false
min_l3_agents_per_router: 1
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
max_overflow: 64
max_pool_size: 1
idle_timeout: 60
rpc_response_max_timeout: 60
router_status_managed: true
vlan_transparent: true
wsgi_default_pool_size: 100
notify_nova_on_port_data_changes: true
notify_nova_on_port_status_changes: true
control_exchange: neutron
core_plugin: neutron.plugins.ml2.plugin.Ml2Plugin
state_path: /var/run/neutron
syslog_log_facility: local2
use_syslog: true
pnet_audit_enabled: false
driver: messagingv2
enable_proxy_headers_parsing: true
log_format: '[%(name)s] %(message)s'
policy_file: /etc/neutron/policy.json
service_plugins: router,network_segment_range
dns_domain: openstacklocal
enable_new_agents: false
allow_automatic_dhcp_failover: true
allow_automatic_l3agent_failover: true
# Increase from default of 75 seconds to avoid agents being declared
# down during controller swacts, reboots, etc...
agent_down_time: 180
bind_host: "::"
oslo_concurrency:
lock_path: /var/run/neutron/lock
vhost:
vhost_user_enabled: true
keystone_authtoken:
auth_uri: http://keystone.openstack.svc.cluster.local:80/v3
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
nova:
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
dhcp_agent:
DEFAULT:
enable_isolated_metadata: true
enable_metadata_network: false
interface_driver: openvswitch
resync_interval: 30
l3_agent:
DEFAULT:
agent_mode: dvr_snat
interface_driver: openvswitch
metadata_port: 80
plugins:
ml2_conf:
ml2:
mechanism_drivers: openvswitch,sriovnicswitch,l2population
path_mtu: 0
tenant_network_types: vlan,vxlan
type_drivers: flat,vlan,vxlan
ml2_type_vxlan:
vni_ranges: ''
vxlan_group: ''
ovs_driver:
vhost_user_enabled: true
securitygroup:
firewall_driver: openvswitch
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
securitygroup:
firewall_driver: openvswitch
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: nova-api-proxy
labels:
chart_group: openstack-nova-api-proxy
spec:
releaseName: osh-openstack-nova-api-proxy
chart:
spec:
chart: nova-api-proxy
version: 0.1.0
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: placement
namespace: openstack
valuesFrom:
- kind: Secret
name: nova-api-proxy-static-overrides
valuesKey: nova-api-proxy-static-overrides.yaml
- kind: Secret
name: nova-api-proxy-system-overrides
valuesKey: nova-api-proxy-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: nova-api-proxy-static-overrides
files:
- nova-api-proxy-static-overrides.yaml
- name: nova-api-proxy-system-overrides
files:
- nova-api-proxy-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,51 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-nova-api-proxy
images:
tags:
nova_api_proxy: docker.io/starlingx/stx-nova-api-proxy:master-centos-stable-latest
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
endpoints:
identity:
force_public_endpoint: true
pod:
affinity:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
nova_api_proxy:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
nova:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
conf:
nova_api_proxy:
DEFAULT:
osapi_proxy_listen: "::"
nfvi_compute_listen: "::"
osapi_compute_listen: nova-api-internal.openstack.svc.cluster.local
osapi_compute_listen_port: 80
keystone_authtoken:
interface: internal
auth_uri: http://keystone.openstack.svc.cluster.local:80/v3
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: nova
labels:
chart_group: openstack-nova
spec:
releaseName: osh-openstack-nova
chart:
spec:
chart: nova
version: 0.2.21
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: placement
namespace: openstack
valuesFrom:
- kind: Secret
name: nova-static-overrides
valuesKey: nova-static-overrides.yaml
- kind: Secret
name: nova-system-overrides
valuesKey: nova-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: nova-static-overrides
files:
- nova-static-overrides.yaml
- name: nova-system-overrides
files:
- nova-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,259 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-nova
endpoints:
oslo_messaging:
statefulset:
name: osh-openstack-rabbitmq-rabbitmq
compute:
hosts:
public: nova-api-internal
manifests:
job_ks_endpoints: false
ingress_osapi: true
service_ingress_osapi: true
cron_job_cell_setup: false
statefulset_compute_ironic: false
deployment_placement: false
ingress_placement: false
job_db_init_placement: false
job_ks_placement_endpoints: false
job_ks_placement_service: false
job_ks_placement_user: false
pdb_placement: false
secret_keystone_placement: false
service_ingress_placement: false
service_placement: false
deployment_consoleauth: false
labels:
agent:
compute:
node_selector_key: openstack-compute-node
node_selector_value: enabled
compute_ironic:
node_selector_key: openstack-ironic
node_selector_value: enabled
api_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
consoleauth:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
novncproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
spiceproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
bootstrap: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest
nova_api: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_archive_deleted_rows: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_cell_setup: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_cell_setup_init: docker.io/starlingx/stx-heat:master-centos-stable-latest
nova_compute: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_compute_ironic: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_compute_ssh: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_conductor: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_consoleauth: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_db_sync: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_novncproxy: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_novncproxy_assets: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_placement: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_scheduler: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_service_cleaner: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
nova_spiceproxy: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_spiceproxy_assets: docker.io/starlingx/stx-nova:master-centos-stable-latest
nova_storage_init: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
test: null
pod:
useHostNetwork:
novncproxy: false
use_fqdn:
compute: false
replicas:
api_metadata: 1
osapi: 1
conductor: 1
consoleauth: 1
scheduler: 1
novncproxy: 1
affinity:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
nova:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
security_context:
nova:
pod:
# https://bugs.launchpad.net/starlingx/+bug/1956229
runAsUser: 0
probes:
readiness:
nova_scheduler:
enabled: false
liveness:
nova_scheduler:
enabled: false
conf:
ceph:
enabled: true
policy:
os_compute_api:limits: '@'
os_compute_api:os-availability-zone:list: '@'
nova:
DEFAULT:
allow_resize_to_same_host: true
default_mempages_size: 2048
reserved_host_memory_mb: 0
compute_monitors: cpu.virt_driver
running_deleted_instance_poll_interval: 60
mkisofs_cmd: /usr/bin/genisoimage
network_allocate_retries: 2
# Set number of block device allocate retries and interval
# for volume create when VM boots and creates a new volume.
# The total block allocate retries time is set to 2 hours
# to satisfy the volume allocation time on slow RPM disks
# which may take 1 hour and a half per volume when several
# volumes are created in parallel.
block_device_allocate_retries_interval: 3
block_device_allocate_retries: 2400
disk_allocation_ratio: 1.0
cpu_allocation_ratio: 16.0
ram_allocation_ratio: 1.0
remove_unused_original_minimum_age_seconds: 3600
enable_new_services: false
map_new_hosts: false
# Increase from default of 60 seconds to avoid services being
# declared down during controller swacts, reboots, etc...
service_down_time: 90
long_rpc_timeout: 400
osapi_compute_listen: "::"
metadata_listen: "::"
metadata_host: "::"
my_ip: "::"
keystone_authtoken:
interface: internal
auth_uri: http://keystone.openstack.svc.cluster.local:80/v3
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
vnc:
novncproxy_host: "::"
server_listen: "::"
spice:
html5proxy_host: "::"
server_listen: "::"
compute:
max_concurrent_disk_ops: 2
libvirt:
cpu_mode: host-model
live_migration_completion_timeout: 180
live_migration_permit_auto_converge: true
mem_stats_period_seconds: 0
rbd_user: cinder
# Allow up to 1 day for resize conf
remove_unused_resized_minimum_age_seconds: 86400
database:
idle_timeout: 60
max_overflow: 64
max_pool_size: 1
api_database:
idle_timeout: 60
max_overflow: 64
max_pool_size: 1
cell0_database:
idle_timeout: 60
max_overflow: 64
max_pool_size: 1
glance:
api_servers: http://glance.openstack.svc.cluster.local:80/
ironic:
api_endpoint: http://ironic.openstack.svc.cluster.local:80/
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
placement:
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
neutron:
default_floating_pool: public
url: http://neutron.openstack.svc.cluster.local:80/
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
notifications:
notification_format: unversioned
filter_scheduler:
build_failure_weight_multiplier: 0.0
cpu_weight_multiplier: 0.0
disk_weight_multiplier: 0.0
enabled_filters:
- RetryFilter
- ComputeFilter
- AvailabilityZoneFilter
- AggregateInstanceExtraSpecsFilter
- ComputeCapabilitiesFilter
- ImagePropertiesFilter
- NUMATopologyFilter
- ServerGroupAffinityFilter
- ServerGroupAntiAffinityFilter
- PciPassthroughFilter
pci_weight_multiplier: 0.0
ram_weight_multiplier: 0.0
shuffle_best_same_weighed_hosts: true
soft_affinity_weight_multiplier: 20.0
soft_anti_affinity_weight_multiplier: 20.0
scheduler:
workers: 1
discover_hosts_in_cells_interval: 30
periodic_task_interval: -1
service_user:
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
send_service_user_token: true
metrics:
required: false
workarounds:
enable_numa_live_migration: true
hypervisor:
address_search_enabled: false
ssh: |
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Port {{ .Values.network.ssh.port }}
network:
ssh:
enabled: true
console:
address_search_enabled: false
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: openvswitch
labels:
chart_group: openstack-openvswitch
spec:
releaseName: osh-openstack-openvswitch
chart:
spec:
chart: openvswitch
version: 0.1.5
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: placement
namespace: openstack
valuesFrom:
- kind: Secret
name: openvswitch-static-overrides
valuesKey: openvswitch-static-overrides.yaml
- kind: Secret
name: openvswitch-system-overrides
valuesKey: openvswitch-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: openvswitch-static-overrides
files:
- openvswitch-static-overrides.yaml
- name: openvswitch-system-overrides
files:
- openvswitch-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,29 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-openvswitch
labels:
ovs:
node_selector_key: openvswitch
node_selector_value: enabled
images:
tags:
image_repo_sync: null
openvswitch_db_server: docker.io/starlingx/stx-ovs:master-centos-stable-latest
openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest
pod:
tolerations:
openvswitch:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: pci-irq-affinity-agent
labels:
chart_group: openstack-pci-irq-affinity-agent
spec:
releaseName: osh-openstack-pci-irq-affinity-agent
chart:
spec:
chart: pci-irq-affinity-agent
version: 0.1.0
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: nova
namespace: openstack
valuesFrom:
- kind: Secret
name: pci-irq-affinity-agent-static-overrides
valuesKey: pci-irq-affinity-agent-static-overrides.yaml
- kind: Secret
name: pci-irq-affinity-agent-system-overrides
valuesKey: pci-irq-affinity-agent-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: pci-irq-affinity-agent-static-overrides
files:
- pci-irq-affinity-agent-static-overrides.yaml
- name: pci-irq-affinity-agent-system-overrides
files:
- pci-irq-affinity-agent-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,19 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-pci-irq-affinity-agent
images:
tags:
pci_irq_affinity_agent: docker.io/starlingx/stx-pci-irq-affinity-agent:master-centos-stable-latest
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
...

View File

@ -0,0 +1,41 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: placement
labels:
chart_group: openstack-placement
spec:
releaseName: osh-openstack-placement
chart:
spec:
chart: placement
version: 0.2.4
sourceRef:
kind: HelmRepository
name: starlingx
interval: 5m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
dependsOn:
- name: cinder
namespace: openstack
valuesFrom:
- kind: Secret
name: placement-static-overrides
valuesKey: placement-static-overrides.yaml
- kind: Secret
name: placement-system-overrides
valuesKey: placement-system-overrides.yaml
...

View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: openstack
resources:
- helmrelease.yaml
secretGenerator:
- name: placement-static-overrides
files:
- placement-static-overrides.yaml
- name: placement-system-overrides
files:
- placement-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true
...

View File

@ -0,0 +1,84 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
release_group: osh-openstack-placement
endpoints:
identity:
force_public_endpoint: true
labels:
placement:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
db_drop: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_init: docker.io/starlingx/stx-heat:master-centos-stable-latest
db_migrate: quay.io/airshipit/porthole-mysqlclient-utility:179e19a91fc75052da2f5d1de5c1a273d5407c3b-ubuntu_bionic
image_repo_sync: null
ks_user: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-centos-stable-latest
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
placement: docker.io/starlingx/stx-placement:master-centos-stable-latest
placement_db_sync: docker.io/starlingx/stx-placement:master-centos-stable-latest
pod:
replicas:
placement: 1
affinity:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
placement:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: openstack-compute-node
operator: Exists
effect: NoSchedule
conf:
placement:
DEFAULT:
log_config_append: /etc/placement/logging.conf
keystone_authtoken:
auth_uri: http://keystone.openstack.svc.cluster.local:80/v3
auth_url: http://keystone.openstack.svc.cluster.local:80/v3
wsgi_placement: |
Listen :::{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
WSGISocketPrefix /var/run/httpd/wsgi
<VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP} python-home=/var/lib/openstack socket-user=apache
WSGIProcessGroup placement-api
WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stdout
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
Alias /placement /var/www/cgi-bin/placement/placement-api
<Location /placement>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
...