Upgrade openstack-helm

Upgrade openstack-helm to below version. commit 82c72367c85ca94270f702661c7b984899c1ae38 Date: Sat Sep 14 06:40:03 2019 +0000 Merge "Add a config item for novncproxy" Basic deployment test on AIO/Duplex/Multi virtual setup pass and VM creation pass. Story:2006544 Task: 36623 Depends-on: https://review.opendev.org/#/c/683910 Change-Id: I691a9feef856d83d82709a428afabd01abdef2ea Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2019-09-24 01:30:08 +08:00 · 2019-09-24 01:30:08 +08:00 · 64eab01514
parent a1fdee220c
commit 64eab01514
23 changed files with 95 additions and 4625 deletions
--- a/openstack-helm/centos/build_srpm.data
+++ b/openstack-helm/centos/build_srpm.data
@ -1,8 +1,8 @@
 TAR_NAME=openstack-helm
-SHA=6c71637222f47d85681038994f02feac92f75bd2
+SHA=82c72367c85ca94270f702661c7b984899c1ae38
 VERSION=1.0.0
 TAR="$TAR_NAME-$SHA.tar.gz"

 COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "

-TIS_PATCH_VER=21
+TIS_PATCH_VER=22
--- a/openstack-helm/centos/openstack-helm.spec
+++ b/openstack-helm/centos/openstack-helm.spec
@ -1,4 +1,4 @@
-%global sha 6c71637222f47d85681038994f02feac92f75bd2
+%global sha 82c72367c85ca94270f702661c7b984899c1ae38
 %global helm_folder  /usr/lib/helm
 %global toolkit_version 0.1.0
 %global helmchart_version 0.1.0
@ -19,27 +19,12 @@ Source2: index.yaml

 BuildArch:     noarch

-Patch01: 0001-Add-Aodh-Chart.patch
-Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
-Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
-Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
-Patch05: 0005-Nova-console-ip-address-search-optionality.patch
-Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
-Patch07: 0007-Horizon-Disable-apache2-status_module.patch
-Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
-Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
-Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
-Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
-Patch12: 0012-Add-internal-tenant-id-in-conf.patch
-Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch
-Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch
-Patch15: 0015-Add-Placement-Chart.patch
-Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
-Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
-Patch18: 0018-Nova-add-service-token.patch
-Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
-Patch20: 0020-Change-cinder-bootstrap-script.patch
-Patch21: 0021-Add-config-network-item-for-novncproxy.patch
+Patch01: 0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
+Patch02: 0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
+Patch03: 0003-Nova-console-ip-address-search-optionality.patch
+Patch04: 0004-Nova-chart-Support-ephemeral-pool-creation.patch
+Patch05: 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
+Patch06: 0006-Add-Placement-Chart.patch

 BuildRequires: helm
 BuildRequires: openstack-helm-infra
@ -56,21 +41,6 @@ Openstack Helm charts
 %patch04 -p1
 %patch05 -p1
 %patch06 -p1
-%patch07 -p1
-%patch08 -p1
-%patch09 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1

 %build
 # initialize helm and build the toolkit
--- a/openstack-helm/files/0001-Add-Aodh-Chart.patch
+++ b/openstack-helm/files/0001-Add-Aodh-Chart.patch
--- a/openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
+++ b/openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
@ -1,7 +1,7 @@
 From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
 From: Angie Wang <angie.wang@windriver.com>
 Date: Wed, 6 Mar 2019 18:06:06 -0500
-Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
+Subject: [PATCH 01] Ceilometer chart: add the ability to publish events to
 panko

 Ceilometer notification agent sends the events to panko via panko
@ -18,26 +18,14 @@ Signed-off-by: Angie Wang <angie.wang@windriver.com>
 (cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
 Signed-off-by: Robert Church <robert.church@windriver.com>
 ---
- ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
- 1 file changed, 34 insertions(+)
+ ceilometer/values.yaml | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)

 diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
-index e6ae7e3a..9deade59 100644
+index 44dda74..1343670 100644
 --- a/ceilometer/values.yaml
 +++ b/ceilometer/values.yaml
-@@ -728,6 +728,11 @@ conf:
-       - name: event_sink
-         publishers:
-           - notifier://
-+          # The following publisher will enable to publish events to panko.
-+          # Ocata:
-+          # - direct://?dispatcher=panko
-+          # Pike:
-+          # - panko://
-         transformers: null
-     sources:
-       - events:
-@@ -1618,6 +1623,8 @@ dependencies:
+@@ -1706,6 +1706,8 @@ dependencies:
           service: mongodb
         - endpoint: internal
           service: metric
@ -46,7 +34,7 @@ index e6ae7e3a..9deade59 100644
     tests:
       services:
         - endpoint: internal
-@@ -1739,6 +1746,21 @@ endpoints:
+@@ -1827,6 +1829,21 @@ endpoints:
       api:
         default: 8041
         public: 80
@ -68,7 +56,7 @@ index e6ae7e3a..9deade59 100644
   alarming:
     name: aodh
     hosts:
-@@ -1865,7 +1887,19 @@ pod:
+@@ -1958,7 +1975,19 @@ pod:
       init_container: null
       ceilometer_notification:
         volumeMounts:
@ -85,9 +73,9 @@ index e6ae7e3a..9deade59 100644
 +            secret:
 +              secretName: panko-etc
 +              defaultMode: 0444
-   replicas:
-     api: 1
-     central: 1
+     ceilometer_db_sync:
+       ceilometer_db_sync:
+         volumeMounts:
 -- 
-2.16.5
+2.7.4

--- a/openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
+++ b/openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
@ -1,7 +1,7 @@
 From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
 From: Chris Friesen <chris.friesen@windriver.com>
 Date: Wed, 28 Nov 2018 01:33:39 -0500
-Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
+Subject: [PATCH 02] Remove stale Apache2 service pids when a POD starts.

 Stale Apache2 pids will prevent Apache2 from starting and will leave
 the POD in a crashed state.
@ -21,24 +21,24 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
 3 files changed, 8 insertions(+), 4 deletions(-)

 diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
-index cdb02f79..392873c7 100644
+index 25b2f9e..3870b4e 100644
 --- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
 +++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
-@@ -25,6 +25,9 @@ function start () {
-     source /etc/apache2/envvars
+@@ -42,6 +42,9 @@ function start () {
+     fi
   fi
 
 +  # Get rid of stale pid file if present.
 +  rm -f /var/run/apache2/*.pid
 +
   # Start Apache2
-   exec apache2 -DFOREGROUND
+   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
 }
 diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
-index 2f127b94..11726809 100644
+index 384ee8b..4c72310 100644
 --- a/keystone/templates/bin/_keystone-api.sh.tpl
 +++ b/keystone/templates/bin/_keystone-api.sh.tpl
-@@ -31,10 +31,8 @@ function start () {
+@@ -43,10 +43,8 @@ function start () {
      source /etc/apache2/envvars
   fi
 
@ -50,21 +50,21 @@ index 2f127b94..11726809 100644
 +  rm -f /var/run/apache2/*
 
   # Start Apache2
-   exec apache2 -DFOREGROUND
+   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
 diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
-index f9c8d7c5..b4bcf178 100644
+index bc15a37..055d079 100644
 --- a/nova/templates/bin/_nova-placement-api.sh.tpl
 +++ b/nova/templates/bin/_nova-placement-api.sh.tpl
-@@ -28,6 +28,9 @@ function start () {
-      source /etc/apache2/envvars
+@@ -33,6 +33,9 @@ function start () {
+      fi
   fi
 
 +  # Get rid of stale pid file if present.
 +  rm -f /var/run/apache2/*.pid
 +
   # Start Apache2
-   exec apache2 -DFOREGROUND
- }
+   {{- if .Values.conf.software.apache2.a2enmod }}
+     {{- range .Values.conf.software.apache2.a2enmod }}
 -- 
-2.16.5
+2.7.4

--- a/openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch
+++ b/openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch
@ -1,7 +1,7 @@
 From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
 From: Gerry Kopec <Gerry.Kopec@windriver.com>
 Date: Wed, 27 Mar 2019 00:35:57 -0400
-Subject: [PATCH 05/11] Nova console/ip address search optionality
+Subject: [PATCH 03] Nova console/ip address search optionality

 Add options to nova to enable/disable the use of:
 1. the vnc or spice server proxyclient address found by the console
@ -20,11 +20,11 @@ Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
 Signed-off-by: Robert Church <robert.church@windriver.com>
 ---
 nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
- nova/values.yaml                        | 2 ++
- 2 files changed, 7 insertions(+), 1 deletion(-)
+ nova/values.yaml                        | 3 ++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)

 diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
-index c80da6d6..4927908a 100644
+index c80da6d..4927908 100644
 --- a/nova/templates/bin/_nova-compute.sh.tpl
 +++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -20,6 +20,10 @@ set -ex
@ -41,25 +41,26 @@ index c80da6d6..4927908a 100644
 +      --config-file /tmp/pod-shared/nova-hypervisor.conf
 +{{- end }}
 diff --git a/nova/values.yaml b/nova/values.yaml
-index 8599027a..0887cecc 100644
+index 29512ca..7ba2925 100644
 --- a/nova/values.yaml
 +++ b/nova/values.yaml
-@@ -440,6 +440,7 @@ console:
+@@ -461,7 +461,7 @@ console:
     vncproxy:
       # IF blank, search default routing interface
       vncserver_proxyclient_interface:
+-
 +  address_search_enabled: true
- 
 ssh:
   key_types:
-@@ -1433,6 +1434,7 @@ conf:
+     - rsa
+@@ -1598,6 +1598,7 @@ conf:
     # If this option is set to None, the hostname of the migration target compute node will be used.
     live_migration_interface:
   hypervisor:
 +    address_search_enabled: true
     # my_ip can be set automatically through this interface name.
     host_interface:
-   nova:
+   # This list is the keys to exclude from the config file ingested by nova-compute
 -- 
-2.16.5
+2.7.4

--- a/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
+++ b/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
@ -1,184 +0,0 @@
-From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
-From: Gerry Kopec <Gerry.Kopec@windriver.com>
-Date: Thu, 10 Jan 2019 00:12:21 -0500
-Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
-
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
-  container.
- Map private and public keys to configmap-ssh which will default to
-  the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
-  root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
-
-Depends on helm-toolkit supporting multiple containers per daemonset
-pod.
-
-Story: 2003463
-Task: 24723
-Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
-Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
-(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- nova/templates/bin/_ssh-start.sh.tpl  | 19 ++++++++++++++++---
- nova/templates/configmap-etc.yaml     |  4 ++--
- nova/templates/configmap-ssh.yaml     | 35 +++++++++++++++++++++++++++++++++++
- nova/templates/daemonset-compute.yaml | 14 +++++++++-----
- nova/values.yaml                      |  5 +++++
- 5 files changed, 67 insertions(+), 10 deletions(-)
- create mode 100755 nova/templates/configmap-ssh.yaml
-
-diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
-index 1c10cb07..158090b0 100644
--- a/nova/templates/bin/_ssh-start.sh.tpl
-+++ b/nova/templates/bin/_ssh-start.sh.tpl
-@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
-     chown nova: ~nova/.ssh
- fi
- 
-chmod 0600 ~root/.ssh/authorized_keys
-chmod 0600 ~root/.ssh/id_rsa
-chmod 0600 ~root/.ssh/id_rsa.pub
-+{{- if .Values.network.sshd.enabled }}
-+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
-+cat > /tmp/sshd_config_extend <<EOF
-+
-+# This Match block prevents Password Authentication for root user
-+Match User root
-+    PasswordAuthentication no
-+
-+# This Match Block is used to allow Root Login exceptions over the
-+# internal subnet used by Nova Migrations
-+Match Address $subnet_address
-+    PermitRootLogin without-password
-+EOF
-+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
-+rm /tmp/sshd_config_extend
-+{{- end }}
- 
- exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
-diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
-index 55aa3114..0d1e7a5e 100644
--- a/nova/templates/configmap-etc.yaml
-+++ b/nova/templates/configmap-etc.yaml
-@@ -232,8 +232,8 @@ data:
-   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
-   nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
- {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
-# FIXME(portdirect): why is this file suffixed .sh?
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
-+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
-+
- {{- end }}
- {{- end }}
- {{- if .Values.manifests.configmap_etc }}
-diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
-new file mode 100755
-index 00000000..bab8e330
--- /dev/null
-+++ b/nova/templates/configmap-ssh.yaml
-@@ -0,0 +1,35 @@
-+{{/*
-+Copyright 2019 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- define "nova.configmap.ssh" }}
-+{{- $envAll := index . 1 }}
-+{{- with $envAll }}
-+---
-+apiVersion: v1
-+kind: Secret
-+metadata:
-+  name: nova-ssh
-+type: Opaque
-+data:
-+  ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
-+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
-+
-+{{- end }}
-+{{- end }}
-+
-+{{- if .Values.manifests.configmap_etc }}
-+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
-+{{- end }}
-diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
-index 09627042..4a7b90b5 100644
--- a/nova/templates/daemonset-compute.yaml
-+++ b/nova/templates/daemonset-compute.yaml
-@@ -258,6 +258,9 @@ spec:
-               mountPath: /root/.ssh/config
-               subPath: ssh-config
-               readOnly: true
-+            - name: nova-ssh
-+              mountPath: /root/.ssh/id_rsa
-+              subPath: ssh-key-private
-             {{- if .Values.conf.ceph.enabled }}
-             - name: etcceph
-               mountPath: /etc/ceph
-@@ -314,13 +317,10 @@ spec:
-               mountPath: /var/lib/nova
-             - name: varliblibvirt
-               mountPath: /var/lib/libvirt
-            - name: nova-etc
-              mountPath: /root/.ssh/id_rsa
-              subPath: ssh-key-private
-            - name: nova-etc
-+            - name: nova-ssh
-               mountPath: /root/.ssh/id_rsa.pub
-               subPath: ssh-key-public
-            - name: nova-etc
-+            - name: nova-ssh
-               mountPath: /root/.ssh/authorized_keys
-               subPath: ssh-key-public
-             - name: nova-bin
-@@ -336,6 +336,10 @@ spec:
-           secret:
-             secretName: {{ $configMapName }}
-             defaultMode: 0444
-+        - name: nova-ssh
-+          secret:
-+            secretName: nova-ssh
-+            defaultMode: 0400
-         {{- if .Values.conf.ceph.enabled }}
-         - name: etcceph
-           hostPath:
-diff --git a/nova/values.yaml b/nova/values.yaml
-index 7cb4d553..8599027a 100644
--- a/nova/values.yaml
-+++ b/nova/values.yaml
-@@ -211,6 +211,9 @@ network:
-   ssh:
-     name: "nova-ssh"
-     port: 8022
-+  sshd:
-+    enabled: false
-+    from_subnet: 0.0.0.0/24
- 
- dependencies:
-   dynamic:
-@@ -462,6 +465,8 @@ conf:
-       StrictHostKeyChecking no
-       UserKnownHostsFile /dev/null
-       Port {{ .Values.network.ssh.port }}
-+  ssh_private: 'null'
-+  ssh_public: 'null'
-   rally_tests:
-     run_tempest: false
-     tests:
-- 
-2.16.5
-
--- a/openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch
+++ b/openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch
@ -1,7 +1,7 @@
 From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
 From: Irina Mihai <irina.mihai@windriver.com>
 Date: Tue, 26 Feb 2019 17:43:53 +0000
-Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
+Subject: [PATCH 04] Nova chart: Support ephemeral pool creation

 If libvirt images_type is rbd, then we need to have the
 images_rbd_pool present. These changes add a new job
@ -17,14 +17,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
 nova/templates/bin/_nova-storage-init.sh.tpl |  75 +++++++++++++
 nova/templates/configmap-bin.yaml            |   4 +-
 nova/templates/job-storage-init.yaml         | 155 +++++++++++++++++++++++++++
- nova/values.yaml                             |  18 ++++
- 4 files changed, 251 insertions(+), 1 deletion(-)
+ nova/values.yaml                             |  19 +++-
+ 4 files changed, 251 insertions(+), 2 deletions(-)
 create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
 create mode 100644 nova/templates/job-storage-init.yaml

 diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
 new file mode 100644
-index 00000000..f79fcff0
+index 0000000..f79fcff
 --- /dev/null
 +++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,75 @@
@ -104,7 +104,7 @@ index 00000000..f79fcff0
 +fi
 +
 diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
-index c58b90bd..268434fd 100644
+index c58b90b..268434f 100644
 --- a/nova/templates/configmap-bin.yaml
 +++ b/nova/templates/configmap-bin.yaml
@@ -1,5 +1,5 @@
@ -125,7 +125,7 @@ index c58b90bd..268434fd 100644
   cell-setup.sh: |
 diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
 new file mode 100644
-index 00000000..7d057fb9
+index 0000000..7d057fb
 --- /dev/null
 +++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,155 @@
@ -285,18 +285,18 @@ index 00000000..7d057fb9
 +{{- end }}
 +
 diff --git a/nova/values.yaml b/nova/values.yaml
-index 0887cecc..7245cf82 100644
+index 7ba2925..97ef1b5 100644
 --- a/nova/values.yaml
 +++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
     nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
-     nova_spiceproxy: docker.io/openstackhelm/nova:ocata
+     nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial
     nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
 +    nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
     test: docker.io/xrally/xrally-openstack:1.3.0
     image_repo_sync: docker.io/docker:17.07.0
   local_registry:
-@@ -461,6 +462,14 @@ conf:
+@@ -556,6 +557,14 @@ conf:
       user: "cinder"
       keyring: null
       secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
@ -311,7 +311,7 @@ index 0887cecc..7245cf82 100644
   ssh: |
     Host *
       StrictHostKeyChecking no
-@@ -1625,6 +1634,7 @@ secrets:
+@@ -1797,6 +1806,7 @@ secrets:
     placement:
       placement:
         public: placement-tls-public
@ -319,10 +319,11 @@ index 0887cecc..7245cf82 100644
 
 # typically overridden by environmental
 # values, but should include all endpoints
-@@ -2239,6 +2249,13 @@ pod:
+@@ -2482,7 +2492,13 @@ pod:
         limits:
           memory: "1024Mi"
           cpu: "2000m"
+-
 +      storage_init:
 +        requests:
 +          memory: "128Mi"
@ -330,10 +331,10 @@ index 0887cecc..7245cf82 100644
 +        limits:
 +          memory: "1024Mi"
 +          cpu: "2000m"
- 
 network_policy:
   nova:
-@@ -2302,6 +2319,7 @@ manifests:
+     # TODO(lamt): Need to tighten this ingress for security.
+@@ -2545,6 +2561,7 @@ manifests:
   job_ks_placement_service: true
   job_ks_placement_user: true
   job_cell_setup: true
@ -342,5 +343,5 @@ index 0887cecc..7245cf82 100644
   pdb_placement: true
   pdb_osapi: true
 -- 
-2.16.5
+2.7.4

--- a/openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
+++ b/openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
@ -1,7 +1,7 @@
 From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
 From: Robert Church <robert.church@windriver.com>
 Date: Fri, 22 Mar 2019 03:42:08 -0400
-Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
+Subject: [PATCH 05] Nova: Add support for disabling Readiness/Liveness
 probes

 With the introduction of Readiness/Liveness probes in
@ -19,14 +19,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
 nova/templates/deployment-novncproxy.yaml  |  4 ++++
 nova/templates/deployment-scheduler.yaml   |  4 ++++
 nova/templates/deployment-spiceproxy.yaml  |  4 ++++
- nova/values.yaml                           | 27 +++++++++++++++++++++++++++
- 7 files changed, 51 insertions(+)
+ nova/values.yaml                           | 28 ++++++++++++++++++++++++++++
+ 7 files changed, 52 insertions(+)

 diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
-index 4a7b90b5..f508b963 100644
+index feea6ab..86dc2b9 100644
 --- a/nova/templates/daemonset-compute.yaml
 +++ b/nova/templates/daemonset-compute.yaml
-@@ -181,6 +181,7 @@ spec:
+@@ -190,6 +190,7 @@ spec:
             - name: LIBVIRT_CEPH_SECRET_UUID
               value: "{{ .Values.conf.ceph.secret_uuid }}"
           {{ end }}
@ -34,7 +34,7 @@ index 4a7b90b5..f508b963 100644
           readinessProbe:
             exec:
               command:
-@@ -193,6 +194,8 @@ spec:
+@@ -202,6 +203,8 @@ spec:
             initialDelaySeconds: 80
             periodSeconds: 90
             timeoutSeconds: 70
@ -43,7 +43,7 @@ index 4a7b90b5..f508b963 100644
           livenessProbe:
             exec:
               command:
-@@ -206,6 +209,7 @@ spec:
+@@ -215,6 +218,7 @@ spec:
             initialDelaySeconds: 120
             periodSeconds: 90
             timeoutSeconds: 70
@ -52,18 +52,18 @@ index 4a7b90b5..f508b963 100644
             - /tmp/nova-compute.sh
           volumeMounts:
 diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
-index 1e66e419..33d41097 100644
+index f927afa..0caa006 100644
 --- a/nova/templates/deployment-conductor.yaml
 +++ b/nova/templates/deployment-conductor.yaml
-@@ -60,6 +60,7 @@ spec:
+@@ -59,6 +59,7 @@ spec:
+ {{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             allowPrivilegeEscalation: false
+ {{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 +          {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
           readinessProbe:
             exec:
               command:
-@@ -72,6 +73,8 @@ spec:
+@@ -71,6 +72,8 @@ spec:
             initialDelaySeconds: 80
             periodSeconds: 90
             timeoutSeconds: 70
@ -72,7 +72,7 @@ index 1e66e419..33d41097 100644
           livenessProbe:
             exec:
               command:
-@@ -85,6 +88,7 @@ spec:
+@@ -84,6 +87,7 @@ spec:
             initialDelaySeconds: 120
             periodSeconds: 90
             timeoutSeconds: 70
@ -81,18 +81,18 @@ index 1e66e419..33d41097 100644
             - /tmp/nova-conductor.sh
           volumeMounts:
 diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
-index 75b66e79..31013eb7 100644
+index b9cb717..0f590e0 100644
 --- a/nova/templates/deployment-consoleauth.yaml
 +++ b/nova/templates/deployment-consoleauth.yaml
-@@ -60,6 +60,7 @@ spec:
+@@ -59,6 +59,7 @@ spec:
+ {{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             allowPrivilegeEscalation: false
+ {{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 +          {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
           readinessProbe:
             exec:
               command:
-@@ -72,6 +73,8 @@ spec:
+@@ -71,6 +72,8 @@ spec:
             initialDelaySeconds: 80
             periodSeconds: 90
             timeoutSeconds: 70
@ -101,7 +101,7 @@ index 75b66e79..31013eb7 100644
           livenessProbe:
             exec:
               command:
-@@ -85,6 +88,7 @@ spec:
+@@ -84,6 +87,7 @@ spec:
             initialDelaySeconds: 120
             periodSeconds: 90
             timeoutSeconds: 70
@ -110,13 +110,13 @@ index 75b66e79..31013eb7 100644
             - /tmp/nova-consoleauth.sh
           volumeMounts:
 diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
-index cf9fda02..2611ba80 100644
+index 42a52af..495c1ac 100644
 --- a/nova/templates/deployment-novncproxy.yaml
 +++ b/nova/templates/deployment-novncproxy.yaml
-@@ -94,14 +94,18 @@ spec:
-         - name: nova-novncproxy
+@@ -103,14 +103,18 @@ spec:
 {{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 +          {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
           readinessProbe:
             tcpSocket:
@ -133,13 +133,13 @@ index cf9fda02..2611ba80 100644
             - /tmp/nova-console-proxy.sh
           ports:
 diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
-index 9611d950..0350c47c 100644
+index 05ee949..9a30fa6 100644
 --- a/nova/templates/deployment-scheduler.yaml
 +++ b/nova/templates/deployment-scheduler.yaml
-@@ -60,6 +60,7 @@ spec:
+@@ -59,6 +59,7 @@ spec:
+ {{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             allowPrivilegeEscalation: false
+ {{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 +          {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
           readinessProbe:
             exec:
@ -153,7 +153,7 @@ index 9611d950..0350c47c 100644
           livenessProbe:
             exec:
               command:
-@@ -85,6 +88,7 @@ spec:
+@@ -86,6 +89,7 @@ spec:
             initialDelaySeconds: 120
             periodSeconds: 90
             timeoutSeconds: 70
@ -162,13 +162,13 @@ index 9611d950..0350c47c 100644
             - /tmp/nova-scheduler.sh
           volumeMounts:
 diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
-index 4507bde4..1b58ec98 100644
+index a221656..038c85c 100644
 --- a/nova/templates/deployment-spiceproxy.yaml
 +++ b/nova/templates/deployment-spiceproxy.yaml
-@@ -94,14 +94,18 @@ spec:
-         - name: nova-spiceproxy
+@@ -101,14 +101,18 @@ spec:
 {{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 +          {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
           readinessProbe:
             tcpSocket:
@ -185,10 +185,10 @@ index 4507bde4..1b58ec98 100644
             - /tmp/nova-console-proxy.sh
           ports:
 diff --git a/nova/values.yaml b/nova/values.yaml
-index 7245cf82..433ec3af 100644
+index 97ef1b5..4092329 100644
 --- a/nova/values.yaml
 +++ b/nova/values.yaml
-@@ -2256,6 +2256,33 @@ pod:
+@@ -2499,6 +2499,34 @@ pod:
         limits:
           memory: "1024Mi"
           cpu: "2000m"
@ -219,9 +219,10 @@ index 7245cf82..433ec3af 100644
 +        enabled: true
 +      nova_spiceproxy:
 +        enabled: true
- 
+
 network_policy:
   nova:
+     # TODO(lamt): Need to tighten this ingress for security.
 -- 
-2.16.5
+2.7.4

--- a/openstack-helm/files/0006-Add-Placement-Chart.patch
+++ b/openstack-helm/files/0006-Add-Placement-Chart.patch
--- a/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch
+++ b/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch
@ -1,30 +0,0 @@
-From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
-From: Robert Church <robert.church@windriver.com>
-Date: Fri, 22 Mar 2019 03:29:26 -0400
-Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
-
-a2dismod is not present in the StarlingX httpd based images. Try
-a2dismod first, then fail back to using sed to remove the module.
-
-Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- horizon/templates/bin/_horizon.sh.tpl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
-index dec000f3..55a2c629 100644
--- a/horizon/templates/bin/_horizon.sh.tpl
-+++ b/horizon/templates/bin/_horizon.sh.tpl
-@@ -28,7 +28,7 @@ function start () {
-   chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
- 
-   a2enmod rewrite
-  a2dismod status
-+  a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
- 
-   if [ -f /etc/apache2/envvars ]; then
-      # Loading Apache2 ENV variables
-- 
-2.16.5
-
--- a/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
+++ b/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
@ -1,224 +0,0 @@
-From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
-From: Robert Church <robert.church@windriver.com>
-Date: Fri, 22 Mar 2019 03:37:05 -0400
-Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
- probes
-
-With the introduction of Readiness/Liveness probes in
-Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
-preventing successful armada manifest applies.
-
-Add support to disable the probes.
-
-Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- neutron/templates/daemonset-dhcp-agent.yaml     |  4 ++++
- neutron/templates/daemonset-l3-agent.yaml       |  4 ++++
- neutron/templates/daemonset-lb-agent.yaml       |  4 ++++
- neutron/templates/daemonset-metadata-agent.yaml |  4 ++++
- neutron/templates/daemonset-ovs-agent.yaml      |  4 ++++
- neutron/templates/daemonset-sriov-agent.yaml    |  4 ++++
- neutron/values.yaml                             | 27 +++++++++++++++++++++++++
- 7 files changed, 51 insertions(+)
-
-diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
-index 49866f2a..6e1d2928 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
-+++ b/neutron/templates/daemonset-dhcp-agent.yaml
-@@ -66,6 +66,7 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             privileged: true
-+          {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
-           readinessProbe:
-             exec:
-               command:
-@@ -80,6 +81,8 @@ spec:
-             initialDelaySeconds: 30
-             periodSeconds: 15
-             timeoutSeconds: 65
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
-           livenessProbe:
-             exec:
-               command:
-@@ -95,6 +98,7 @@ spec:
-             initialDelaySeconds: 120
-             periodSeconds: 90
-             timeoutSeconds: 70
-+          {{- end }}
-           command:
-             - /tmp/neutron-dhcp-agent.sh
-           volumeMounts:
-diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
-index 5e0ec194..29e0f3f7 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
-+++ b/neutron/templates/daemonset-l3-agent.yaml
-@@ -66,6 +66,7 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             privileged: true
-+          {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
-           readinessProbe:
-             exec:
-               command:
-@@ -80,6 +81,8 @@ spec:
-             initialDelaySeconds: 30
-             periodSeconds: 15
-             timeoutSeconds: 65
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
-           livenessProbe:
-             exec:
-               command:
-@@ -95,6 +98,7 @@ spec:
-             initialDelaySeconds: 120
-             periodSeconds: 90
-             timeoutSeconds: 70
-+          {{- end }}
-           command:
-             - /tmp/neutron-l3-agent.sh
-           volumeMounts:
-diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
-index c2b432f7..685893d5 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
-+++ b/neutron/templates/daemonset-lb-agent.yaml
-@@ -140,12 +140,16 @@ spec:
-             privileged: true
-           command:
-             - /tmp/neutron-linuxbridge-agent.sh
-+          {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
-           readinessProbe:
-             exec:
-               command:
-                 - bash
-                 - -c
-                 - 'brctl show'
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
-+          {{- end }}
-           volumeMounts:
-             - name: neutron-bin
-               mountPath: /tmp/neutron-linuxbridge-agent.sh
-diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
-index 8e92a675..fba132ed 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
-+++ b/neutron/templates/daemonset-metadata-agent.yaml
-@@ -87,6 +87,7 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           securityContext:
-             privileged: true
-+          {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
-           readinessProbe:
-             exec:
-               command:
-@@ -99,6 +100,8 @@ spec:
-             initialDelaySeconds: 30
-             periodSeconds: 15
-             timeoutSeconds: 35
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
-           livenessProbe:
-             exec:
-               command:
-@@ -112,6 +115,7 @@ spec:
-             initialDelaySeconds: 90
-             periodSeconds: 60
-             timeoutSeconds: 45
-+          {{- end }}
-           command:
-             - /tmp/neutron-metadata-agent.sh
-           volumeMounts:
-diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
-index 56061e63..69ee1c2c 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
-+++ b/neutron/templates/daemonset-ovs-agent.yaml
-@@ -154,6 +154,7 @@ spec:
-             privileged: true
-           command:
-             - /tmp/neutron-openvswitch-agent.sh
-+          {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
-           # ensures this container can can see a br-int
-           # bridge before its marked as ready
-           readinessProbe:
-@@ -162,6 +163,8 @@ spec:
-                 - bash
-                 - -c
-                 - 'ovs-vsctl list-br | grep -q br-int'
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
-           livenessProbe:
-             exec:
-               command:
-@@ -177,6 +180,7 @@ spec:
-             initialDelaySeconds: 120
-             periodSeconds: 90
-             timeoutSeconds: 70
-+          {{- end }}
-           volumeMounts:
-             - name: neutron-bin
-               mountPath: /tmp/neutron-openvswitch-agent.sh
-diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
-index a59e4100..c03b3668 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
-+++ b/neutron/templates/daemonset-sriov-agent.yaml
-@@ -129,6 +129,7 @@ spec:
-             privileged: true
-           command:
-             - /tmp/neutron-sriov-agent.sh
-+          {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
-           readinessProbe:
-             exec:
-               command:
-@@ -141,6 +142,9 @@ spec:
-             initialDelaySeconds: 30
-             periodSeconds: 15
-             timeoutSeconds: 10
-+          {{- end }}
-+          {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
-+          {{- end }}
-           volumeMounts:
-             - name: neutron-bin
-               mountPath: /tmp/neutron-sriov-agent.sh
-diff --git a/neutron/values.yaml b/neutron/values.yaml
-index 5ab4ca12..1cc67b94 100644
--- a/neutron/values.yaml
-+++ b/neutron/values.yaml
-@@ -520,6 +520,33 @@ pod:
-         limits:
-           memory: "1024Mi"
-           cpu: "2000m"
-+  probes:
-+    readiness:
-+      dhcp_agent:
-+        enabled: true
-+      l3_agent:
-+        enabled: true
-+      lb_agent:
-+        enabled: true
-+      metadata_agent:
-+        enabled: true
-+      ovs_agent:
-+        enabled: true
-+      sriov_agent:
-+        enabled: true
-+    liveness:
-+      dhcp_agent:
-+        enabled: true
-+      l3_agent:
-+        enabled: true
-+      lb_agent:
-+        enabled: true
-+      metadata_agent:
-+        enabled: true
-+      ovs_agent:
-+        enabled: true
-+      sriov_agent:
-+        enabled: true
- 
- conf:
-   rally_tests:
-- 
-2.16.5
-
--- a/openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
+++ b/openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
@ -1,60 +0,0 @@
-From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
-From: Mingyuan Qi <mingyuan.qi@intel.com>
-Date: Thu, 11 Apr 2019 14:59:11 +0800
-Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
-
-Current script does not consider centos distro as base image.
-Different folder was checked to copy pxe files to tftpboot folder.
-
-Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
---
- .../bin/_ironic-conductor-pxe-init.sh.tpl          | 25 +++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
-index b8c4c4c..5fe595f 100644
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
-+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
-@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
- 
-+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
-+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
-+
- set -ex
- 
-#NOTE(portdirect): this works round a limitation in Kolla images
-if ! dpkg -l ipxe; then
-  apt-get update
-  apt-get install ipxe -y
-+if [[ ! -z $DISTRO_UBUNTU ]]; then
-+  #NOTE(portdirect): this works round a limitation in Kolla images
-+  if ! dpkg -l ipxe; then
-+    apt-get update
-+    apt-get install ipxe -y
-+  fi
- fi
- 
- mkdir -p /var/lib/openstack-helm/tftpboot
- mkdir -p /var/lib/openstack-helm/tftpboot/master_images
- 
-for FILE in undionly.kpxe ipxe.efi; do
-+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
-   if [ -f /usr/lib/ipxe/$FILE ]; then
-     cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
-   fi
-+
-+  # For CentOS
-+  if [[ ! -z $DISTRO_CENTOS ]]; then
-+    if [ -f /var/lib/tftpboot/$FILE ]; then
-+      cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
-+    fi
-+    if [ -f /usr/share/ipxe/$FILE ]; then
-+      cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
-+    fi
-+  fi
- done
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
+++ b/openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
@ -1,82 +0,0 @@
-From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
-Date: Tue, 9 Apr 2019 10:37:46 +0200
-Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
- alive
-
-Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
-that is passed to the service, just to find out if it is responding. Because
-such method does not exist, it is needed to catch and handle the exception
-that is inevitably thrown by the service.
-
-While this is technically working correctly, the exceptions pollute the
-log files and make it harder for user to see possible real errors.
-
-This is how the error looks like:
-
-ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
-ERROR oslo_messaging.rpc.server Traceback (most recent call last):
-ERROR oslo_messaging.rpc.server   File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
-ERROR oslo_messaging.rpc.server     res = self.dispatcher.dispatch(message)
-ERROR oslo_messaging.rpc.server   File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
-ERROR oslo_messaging.rpc.server     raise UnsupportedVersion(version, method=method)
-ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
-
-This situation is new since https://review.openstack.org/#/c/639711/
-which (correctly) increased the default level of logging. Before 639711
-error messages from oslo (both real and ones that could be ignored) were not
-present in nova logs at all.
-
-Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
-be used for this basic purpose by all nova components.
-
-Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
---
- nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
-index 6434e45..4c1aa45 100644
--- a/nova/templates/bin/_health-probe.py.tpl
-+++ b/nova/templates/bin/_health-probe.py.tpl
-@@ -17,8 +17,8 @@
- """
- Health probe script for OpenStack service that uses RPC/unix domain socket for
- communication. Check's the RPC tcp socket status on the process and send
-message to service through rpc call method and expects a reply. It is expected
-to receive failure from the service's RPC server as the method does not exist.
-+message to service through rpc call method and expects a reply.
-+Use nova's ping method that is designed just for such simple purpose.
- 
- Script returns failure to Kubernetes only when
-   a. TCP socket for the RPC communication are not established.
-@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
- sys.stderr.write() writes to pod's events on failures.
- 
- Usage example for Nova Compute:
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
-+# python health-probe.py --config-file /etc/nova/nova.conf \
- #  --service-queue-name compute
- 
- """
-@@ -50,12 +50,15 @@ def check_service_status(transport):
-     """Verify service status. Return success if service consumes message"""
-     try:
-         target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
-                                       server=socket.gethostname())
-+                                       server=socket.gethostname(),
-+                                       namespace='baseapi',
-+                                       version="1.1")
-         client = oslo_messaging.RPCClient(transport, target,
-                                           timeout=60,
-                                           retry=2)
-         client.call(context.RequestContext(),
-                    'pod_health_probe_method_ignore_errors')
-+                    'ping',
-+                    arg=None)
-     except oslo_messaging.exceptions.MessageDeliveryFailure:
-         # Log to pod events
-         sys.stderr.write("Health probe unable to reach message bus")
-- 
-2.7.4
-
--- a/openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch
+++ b/openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch
@ -1,307 +0,0 @@
-From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001
-From: Liang Fang <liang.a.fang@intel.com>
-Date: Mon, 25 Mar 2019 10:29:42 -0400
-Subject: [PATCH 12/14] Add internal tenant id in conf
-
-Cinder raw cache feature requires internal tenant id be set in
-/etc/cinder/cinder.conf, something like:
-
-cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
-cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
-
-This patch get or create if not exist intenal user id and project id, and then
-set in cinder.conf
-
-reference: Cinder cache feature:
-https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
-
-Story: 2004869
-Task: 29121
-Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
-Signed-off-by: Liang Fang <liang.a.fang@intel.com>
-(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf)
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- cinder/templates/bin/_cinder-volume.sh.tpl         |  3 +-
- .../bin/_create-internal-tenant-id.sh.tpl          | 31 ++++++++
- .../bin/_retrieve-internal-tenant-id.sh.tpl        | 32 +++++++++
- cinder/templates/configmap-bin.yaml                |  4 ++
- cinder/templates/deployment-volume.yaml            | 31 ++++++++
- cinder/templates/job-create-internal-tenant.yaml   | 83 ++++++++++++++++++++++
- cinder/values.yaml                                 |  4 ++
- 7 files changed, 187 insertions(+), 1 deletion(-)
- create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl
- create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
- create mode 100644 cinder/templates/job-create-internal-tenant.yaml
-
-diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl
-index 64aa3828..a248f352 100644
--- a/cinder/templates/bin/_cinder-volume.sh.tpl
-+++ b/cinder/templates/bin/_cinder-volume.sh.tpl
-@@ -19,4 +19,5 @@ limitations under the License.
- set -ex
- exec cinder-volume \
-      --config-file /etc/cinder/cinder.conf \
-     --config-file /etc/cinder/conf/backends.conf
-+     --config-file /etc/cinder/conf/backends.conf \
-+     --config-file /tmp/pod-shared/internal_tenant.conf
-diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
-new file mode 100755
-index 00000000..10582564
--- /dev/null
-+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
-@@ -0,0 +1,31 @@
-+#!/bin/bash
-+
-+{{/*
-+Copyright 2019 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+set -ex
-+
-+
-+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
-+    --domain="${PROJECT_DOMAIN_ID}" \
-+    "${INTERNAL_PROJECT_NAME}");
-+
-+USER_ID=$(openstack user create --or-show --enable -f value -c id \
-+    --domain="${USER_DOMAIN_ID}" \
-+    --project-domain="${PROJECT_DOMAIN_ID}" \
-+    --project="${USER_PROJECT_ID}" \
-+    "${INTERNAL_USER_NAME}");
-+
-diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
-new file mode 100755
-index 00000000..b85f69fd
--- /dev/null
-+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
-@@ -0,0 +1,32 @@
-+#!/bin/bash
-+
-+{{/*
-+Copyright 2019 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+set -ex
-+
-+
-+USER_PROJECT_ID=$(openstack project show -f value -c id \
-+    "${INTERNAL_PROJECT_NAME}");
-+
-+USER_ID=$(openstack user show -f value -c id \
-+    "${INTERNAL_USER_NAME}");
-+
-+tee /tmp/pod-shared/internal_tenant.conf <<EOF
-+[DEFAULT]
-+cinder_internal_tenant_project_id = ${USER_PROJECT_ID}
-+cinder_internal_tenant_user_id = ${USER_ID}
-+EOF
-diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
-index 0cfd6af2..df96fabf 100644
--- a/cinder/templates/configmap-bin.yaml
-+++ b/cinder/templates/configmap-bin.yaml
-@@ -41,6 +41,10 @@ data:
- {{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
-   ks-user.sh: |
- {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
-+  create-internal-tenant.sh: |
-+{{ tuple "bin/_create-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-+  retrieve-internal-tenant.sh: |
-+{{ tuple "bin/_retrieve-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-   cinder-api.sh: |
- {{ tuple "bin/_cinder-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-   cinder-backup.sh: |
-diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-index a34b4532..17902c02 100644
--- a/cinder/templates/deployment-volume.yaml
-+++ b/cinder/templates/deployment-volume.yaml
-@@ -90,6 +90,33 @@ spec:
-             - name: cinder-coordination
-               mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
-         {{ end }}
-+        - name: init-cinder-conf
-+          image: {{ .Values.images.tags.ks_user }}
-+          imagePullPolicy: {{ .Values.images.pull_policy }}
-+          securityContext:
-+            runAsUser: 0
-+          command:
-+            - /tmp/retrieve-internal-tenant.sh
-+          volumeMounts:
-+            - name: cinder-bin
-+              mountPath: /tmp/retrieve-internal-tenant.sh
-+              subPath: retrieve-internal-tenant.sh
-+              readOnly: true
-+            - name: pod-shared
-+              mountPath: /tmp/pod-shared
-+          env:
-+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
-+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
-+{{- end }}
-+            - name: INTERNAL_PROJECT_NAME
-+              value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
-+            - name: INTERNAL_USER_NAME
-+              value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
-+
-+{{- with $env := dict "ksUserSecret" (index .Values.secrets.identity "cinder" ) }}
-+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
-+{{- end }}
-+
-       containers:
-         - name: cinder-volume
- {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
-@@ -102,6 +129,8 @@ spec:
-               mountPath: /tmp/cinder-volume.sh
-               subPath: cinder-volume.sh
-               readOnly: true
-+            - name: pod-shared
-+              mountPath: /tmp/pod-shared
-             - name: cinder-etc
-               mountPath: /etc/cinder/cinder.conf
-               subPath: cinder.conf
-@@ -168,6 +197,8 @@ spec:
-         {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-         - name: etcceph
-           emptyDir: {}
-+        - name: pod-shared
-+          emptyDir: {}
-         - name: ceph-etc
-           configMap:
-             name: {{ .Values.ceph_client.configmap }}
-diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml
-new file mode 100644
-index 00000000..2371a922
--- /dev/null
-+++ b/cinder/templates/job-create-internal-tenant.yaml
-@@ -0,0 +1,83 @@
-+{{/*
-+Copyright 2019 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.job_create_internal_tenant }}
-+{{- $envAll := . }}
-+
-+{{- $serviceName := "cinder" }}
-+{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
-+{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
-+{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
-+{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
-+
-+{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "create-internal-tenant" }}
-+{{ tuple $envAll "create-internal-tenant" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
-+---
-+apiVersion: batch/v1
-+kind: Job
-+metadata:
-+  name: {{ printf "%s-%s" $serviceUserPretty "create-internal-tenant" | quote }}
-+spec:
-+  template:
-+    metadata:
-+      labels:
-+{{ tuple $envAll $serviceName "create-internal-tenant" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-+    spec:
-+      serviceAccountName: {{ $serviceAccountName | quote }}
-+      restartPolicy: OnFailure
-+      nodeSelector:
-+{{ toYaml $nodeSelector | indent 8 }}
-+      initContainers:
-+{{ tuple $envAll "create_internal_tenant" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-+      containers:
-+        - name: create-internal-tenant
-+          image: {{ $envAll.Values.images.tags.ks_user }}
-+          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
-+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+          command:
-+            - /tmp/create-internal-tenant.sh
-+          volumeMounts:
-+            - name: create-internal-tenant-sh
-+              mountPath: /tmp/create-internal-tenant.sh
-+              subPath: create-internal-tenant.sh
-+              readOnly: true
-+          env:
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
-+{{- end }}
-+            - name: SERVICE_OS_SERVICE_NAME
-+              value: {{ $serviceName | quote }}
-+            - name: INTERNAL_PROJECT_NAME
-+              value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
-+            - name: INTERNAL_USER_NAME
-+              value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
-+
-+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
-+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
-+{{- end }}
-+            - name: SERVICE_OS_ROLES
-+            {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }}
-+            {{- if kindIs "slice" $serviceOsRoles }}
-+              value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }}
-+            {{- else }}
-+              value: {{ $serviceOsRoles | quote }}
-+            {{- end }}
-+      volumes:
-+        - name: create-internal-tenant-sh
-+          configMap:
-+            name: {{ $configMapBin | quote }}
-+            defaultMode: 0555
-+{{- end -}}
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 0256bf3f..39027e9b 100644
--- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -771,6 +771,9 @@ conf:
-       # Backup: Posix options
-       backup_posix_path: /var/lib/cinder/backup
-       auth_strategy: keystone
-+      # Internal tenant id
-+      internal_project_name: internal_cinder
-+      internal_user_name: internal_cinder
-     database:
-       max_retries: -1
-     keystone_authtoken:
-@@ -1349,6 +1352,7 @@ manifests:
-   job_backup_storage_init: true
-   job_bootstrap: true
-   job_clean: true
-+  job_create_internal_tenant: true
-   job_db_init: true
-   job_image_repo_sync: true
-   job_rabbit_init: true
-- 
-2.16.5
-
--- a/openstack-helm/files/0013-cinder-allow-configuring-the-rbd-app-name.patch
+++ b/openstack-helm/files/0013-cinder-allow-configuring-the-rbd-app-name.patch
@ -1,89 +0,0 @@
-From 88656adf554e01d851c297533ceb1dced329bc2c Mon Sep 17 00:00:00 2001
-From: Itxaka <igarcia@suse.com>
-Date: Tue, 28 May 2019 13:21:40 +0200
-Subject: [PATCH 13/14] cinder: allow configuring the rbd app name
-
-Instead of hardcoding it, let us override it with
-custom values for normal volumes and backups
-
-Change-Id: I3abb343877abd0436c592a3371372f82ef581790
-(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc)
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
- cinder/templates/bin/_storage-init.sh.tpl        | 2 +-
- cinder/templates/job-backup-storage-init.yaml    | 2 ++
- cinder/templates/job-storage-init.yaml           | 2 ++
- cinder/values.yaml                               | 4 ++++
- 5 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
-index 52c8e6bf..af9886ad 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
-+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
-@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
-     ceph osd pool set $1 nosizechange ${size_protection}
-     ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
-   }
-  ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
-+  ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
- 
-   if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
-     echo "Cephx user client.${RBD_POOL_USER} already exists"
-diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
-index 9288ec5f..bbc31938 100644
--- a/cinder/templates/bin/_storage-init.sh.tpl
-+++ b/cinder/templates/bin/_storage-init.sh.tpl
-@@ -41,7 +41,7 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
-     ceph osd pool set $1 nosizechange ${size_protection}
-     ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
-   }
-  ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume"
-+  ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
- 
-   if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
-     echo "Cephx user client.${RBD_POOL_USER} already exist."
-diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
-index a073940c..7b0e50e1 100644
--- a/cinder/templates/job-backup-storage-init.yaml
-+++ b/cinder/templates/job-backup-storage-init.yaml
-@@ -109,6 +109,8 @@ spec:
-             {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-             - name: RBD_POOL_NAME
-               value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
-+            - name: RBD_POOL_APP_NAME
-+              value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
-             - name: RBD_POOL_USER
-               value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
-             - name: RBD_POOL_CRUSH_RULE
-diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
-index 1d4819c2..27081816 100644
--- a/cinder/templates/job-storage-init.yaml
-+++ b/cinder/templates/job-storage-init.yaml
-@@ -100,6 +100,8 @@ spec:
-               value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
-             - name: RBD_POOL_NAME
-               value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
-+            - name: RBD_POOL_APP_NAME
-+              value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
-             - name: RBD_POOL_USER
-               value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
-             - name: RBD_POOL_CRUSH_RULE
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 39027e9b..bef7b374 100644
--- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -302,6 +302,10 @@ ceph_client:
-   user_secret_name: pvc-ceph-client-key
- 
- conf:
-+  software:
-+    rbd:
-+      rbd_pool_app_name_backup: cinder-backup
-+      rbd_pool_app_name: cinder-volume
-   paste:
-     composite:osapi_volume:
-       use: call:cinder.api:root_app_factory
-- 
-2.16.5
-
--- a/openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch
+++ b/openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch
@ -1,241 +0,0 @@
-From a5c47db5550926bcf2d4dbd5667ad74e00b2ed97 Mon Sep 17 00:00:00 2001
-From: Robert Church <robert.church@windriver.com>
-Date: Fri, 24 May 2019 02:43:15 -0400
-Subject: [PATCH 14/14] Cinder: Support backup driver specification by module
- or class name
-
-During the Queens cycle, Cinder introduced the ability to specify the
-backup driver via class name and deprecated backup driver initialization
-using the module name. (Id6bee9e7d0da8ead224a04f86fe79ddfb5b286cf)
-
-Legacy support for initialization by module name was dropped in Stein.
-(I3ada2dee1857074746b1893b82dd5f6641c6e579)
-
-This change will support both methods of initialization and leave the
-driver defaults enabled for module based initialization (valid through
-Rocky images).
-
-This change has been tested using the OSH default Cinder (Ocata) images
-and StarlingX images based on master (Train).
-
-Change-Id: Iec7bc6f4dd089aaa08ca652bebd9a10ef49da556
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- cinder/templates/bin/_backup-storage-init.sh.tpl |  8 ++++----
- cinder/templates/configmap-etc.yaml              |  2 +-
- cinder/templates/deployment-backup.yaml          | 16 ++++++++--------
- cinder/templates/job-backup-storage-init.yaml    |  8 ++++----
- cinder/templates/job-clean.yaml                  |  4 ++--
- cinder/templates/pvc-backup.yaml                 |  2 +-
- cinder/values.yaml                               |  4 ++++
- 7 files changed, 24 insertions(+), 20 deletions(-)
-
-diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
-index af9886ad..10069f17 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
-+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
-@@ -17,7 +17,7 @@ limitations under the License.
- */}}
- 
- set -x
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
-+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
-   SECRET=$(mktemp --suffix .yaml)
-   KEYRING=$(mktemp --suffix .keyring)
-   function cleanup {
-@@ -27,10 +27,10 @@ if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
- fi
- 
- set -ex
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.swift" ] || \
-     [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.posix" ]; then
-+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.swift' ]] || \
-+     [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.posix' ]]; then
-   echo "INFO: no action required to use $STORAGE_BACKEND"
-elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
-+elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
-   ceph -s
-   function ensure_pool () {
-     ceph osd pool stats $1 || ceph osd pool create $1 $2
-diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
-index 5ed73db6..e13851ed 100644
--- a/cinder/templates/configmap-etc.yaml
-+++ b/cinder/templates/configmap-etc.yaml
-@@ -63,7 +63,7 @@ limitations under the License.
- {{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "glance_api_servers" -}}
- {{- end -}}
- 
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.swift" }}
-+{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }}
- {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_auth_version -}}
- {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_auth_version" "3" -}}
- {{- end -}}
-diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
-index fdce03a9..bffd774c 100644
--- a/cinder/templates/deployment-backup.yaml
-+++ b/cinder/templates/deployment-backup.yaml
-@@ -54,7 +54,7 @@ spec:
-         {{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
-       initContainers:
- {{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+        {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: ceph-backup-keyring-placement
- {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -98,7 +98,7 @@ spec:
-               subPath: key
-               readOnly: true
-         {{ end }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
-+        {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: ceph-backup-volume-perms
- {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -150,7 +150,7 @@ spec:
-               mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
-               subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
-               readOnly: true
-            {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+            {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             {{- if not .Values.backup.external_ceph_rbd.enabled }}
-@@ -164,7 +164,7 @@ spec:
-               subPath: external-backup-ceph.conf
-               readOnly: true
-             {{- end }}
-            {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+            {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-             - name: ceph-backup-keyring
-               mountPath: /tmp/client-keyring
-               subPath: key
-@@ -176,7 +176,7 @@ spec:
-               readOnly: true
-             {{- end }}
-             {{- end }}
-            {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
-+            {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
-             - name: cinder-backup
-               mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
-             {{- end }}
-@@ -213,7 +213,7 @@ spec:
-           configMap:
-             name: cinder-bin
-             defaultMode: 0555
-        {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+        {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-         - name: etcceph
-           emptyDir: {}
-         - name: ceph-etc
-@@ -221,7 +221,7 @@ spec:
-             name: {{ .Values.ceph_client.configmap }}
-             defaultMode: 0444
-         {{ end }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+        {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: ceph-backup-keyring
-           secret:
-             secretName: {{ .Values.secrets.rbd.backup | quote }}
-@@ -231,7 +231,7 @@ spec:
-           secret:
-             secretName: {{ .Values.secrets.rbd.volume | quote }}
-         {{ end }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
-+        {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: cinder-backup
-           persistentVolumeClaim:
-             claimName: cinder-backup
-diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
-index 7b0e50e1..a43ba998 100644
--- a/cinder/templates/job-backup-storage-init.yaml
-+++ b/cinder/templates/job-backup-storage-init.yaml
-@@ -67,7 +67,7 @@ spec:
-         {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
-       initContainers:
- {{ tuple $envAll "backup_storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+        {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: ceph-keyring-placement
- {{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -106,7 +106,7 @@ spec:
-                   fieldPath: metadata.namespace
-             - name: STORAGE_BACKEND
-               value: {{ .Values.conf.cinder.DEFAULT.backup_driver | quote }}
-            {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+            {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-             - name: RBD_POOL_NAME
-               value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
-             - name: RBD_POOL_APP_NAME
-@@ -129,7 +129,7 @@ spec:
-               mountPath: /tmp/backup-storage-init.sh
-               subPath: backup-storage-init.sh
-               readOnly: true
-            {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+            {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             {{- if not .Values.backup.external_ceph_rbd.enabled }}
-@@ -155,7 +155,7 @@ spec:
-           configMap:
-             name: cinder-bin
-             defaultMode: 0555
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+        {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: etcceph
-           emptyDir: {}
-         - name: ceph-etc
-diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
-index d85234ed..54fd41e7 100644
--- a/cinder/templates/job-clean.yaml
-+++ b/cinder/templates/job-clean.yaml
-@@ -16,7 +16,7 @@ limitations under the License.
- 
- {{- if .Values.manifests.job_clean }}
- {{- $envAll := . }}
-{{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
- 
- {{- $serviceAccountName := print "cinder-clean" }}
- {{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
-@@ -87,7 +87,7 @@ spec:
-               subPath: clean-secrets.sh
-               readOnly: true
-         {{ end }}
-        {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
-+        {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: cinder-volume-backup-secret-clean
- {{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-diff --git a/cinder/templates/pvc-backup.yaml b/cinder/templates/pvc-backup.yaml
-index b2e851dc..94d63d0e 100644
--- a/cinder/templates/pvc-backup.yaml
-+++ b/cinder/templates/pvc-backup.yaml
-@@ -16,7 +16,7 @@ limitations under the License.
- 
- {{- if .Values.manifests.pvc_backup }}
- {{- $envAll := . }}
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
-+{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- ---
- kind: PersistentVolumeClaim
- apiVersion: v1
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index bef7b374..362f6918 100644
--- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -767,6 +767,10 @@ conf:
-       enabled_backends: "rbd1"
-       # NOTE(portdirect): "cinder.backup.drivers.ceph"  and
-       # "cinder.backup.drivers.posix" also supported
-+      # NOTE(rchurch): As of Stein, drivers by class name are required
-+      # - cinder.backup.drivers.swift.SwiftBackupDriver
-+      # - cinder.backup.drivers.ceph.CephBackupDriver
-+      # - cinder.backup.drivers.posix.PosixBackupDriver
-       backup_driver: "cinder.backup.drivers.swift"
-       # Backup: Ceph RBD options
-       backup_ceph_conf: "/etc/ceph/ceph.conf"
-- 
-2.16.5
-
--- a/openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch
+++ b/openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch
@ -1,229 +0,0 @@
-From 4e4a8197f90ba90c5bfbad02698ad351e7e92125 Mon Sep 17 00:00:00 2001
-From: Daniel Badea <daniel.badea@windriver.com>
-Date: Wed, 12 Jun 2019 14:07:17 +0000
-Subject: [PATCH 1/2] Cinder rename is_ceph_volume configured
-
-When using multiple ceph backends there is more than
-one ceph 'volume' configured. Rename template to
-_has_ceph_backend.
---
- cinder/templates/deployment-backup.yaml            |  8 +++----
- cinder/templates/deployment-volume.yaml            |  6 +++---
- cinder/templates/job-clean.yaml                    |  4 ++--
- cinder/templates/job-storage-init.yaml             |  8 +++----
- cinder/templates/utils/_has_ceph_backend.tpl       | 25 ++++++++++++++++++++++
- .../templates/utils/_is_ceph_volume_configured.tpl | 25 ----------------------
- 6 files changed, 38 insertions(+), 38 deletions(-)
- mode change 100644 => 100755 cinder/templates/deployment-backup.yaml
- mode change 100644 => 100755 cinder/templates/deployment-volume.yaml
- mode change 100644 => 100755 cinder/templates/job-clean.yaml
- mode change 100644 => 100755 cinder/templates/job-storage-init.yaml
- create mode 100644 cinder/templates/utils/_has_ceph_backend.tpl
- delete mode 100644 cinder/templates/utils/_is_ceph_volume_configured.tpl
-
-diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
-old mode 100644
-new mode 100755
-index bffd774..74e38ba
--- a/cinder/templates/deployment-backup.yaml
-+++ b/cinder/templates/deployment-backup.yaml
-@@ -76,7 +76,7 @@ spec:
-               subPath: key
-               readOnly: true
-         {{ end }}
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: ceph-keyring-placement
- {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -150,7 +150,7 @@ spec:
-               mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
-               subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
-               readOnly: true
-            {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+            {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             {{- if not .Values.backup.external_ceph_rbd.enabled }}
-@@ -213,7 +213,7 @@ spec:
-           configMap:
-             name: cinder-bin
-             defaultMode: 0555
-        {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+        {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
-         - name: etcceph
-           emptyDir: {}
-         - name: ceph-etc
-@@ -226,7 +226,7 @@ spec:
-           secret:
-             secretName: {{ .Values.secrets.rbd.backup | quote }}
-         {{ end }}
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: ceph-keyring
-           secret:
-             secretName: {{ .Values.secrets.rbd.volume | quote }}
-diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-old mode 100644
-new mode 100755
-index 17902c0..a274d12
--- a/cinder/templates/deployment-volume.yaml
-+++ b/cinder/templates/deployment-volume.yaml
-@@ -54,7 +54,7 @@ spec:
-         {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
-       initContainers:
- {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: ceph-keyring-placement
- {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -143,7 +143,7 @@ spec:
-               mountPath: /etc/cinder/conf/backends.conf
-               subPath: backends.conf
-               readOnly: true
-            {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+            {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             - name: ceph-etc
-@@ -194,7 +194,7 @@ spec:
-           secret:
-             secretName: cinder-etc
-             defaultMode: 0444
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: etcceph
-           emptyDir: {}
-         - name: pod-shared
-diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
-old mode 100644
-new mode 100755
-index 54fd41e..f0da8d4
--- a/cinder/templates/job-clean.yaml
-+++ b/cinder/templates/job-clean.yaml
-@@ -16,7 +16,7 @@ limitations under the License.
- 
- {{- if .Values.manifests.job_clean }}
- {{- $envAll := . }}
-{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
-+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
- 
- {{- $serviceAccountName := print "cinder-clean" }}
- {{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
-@@ -68,7 +68,7 @@ spec:
-       initContainers:
- {{ tuple $envAll "clean" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-       containers:
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: cinder-volume-rbd-secret-clean
- {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
-old mode 100644
-new mode 100755
-index 2708181..99128db
--- a/cinder/templates/job-storage-init.yaml
-+++ b/cinder/templates/job-storage-init.yaml
-@@ -65,7 +65,7 @@ spec:
-         {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
-       initContainers:
- {{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: ceph-keyring-placement
- {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-@@ -95,7 +95,7 @@ spec:
-               valueFrom:
-                 fieldRef:
-                   fieldPath: metadata.namespace
-            {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+            {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-             - name: STORAGE_BACKEND
-               value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
-             - name: RBD_POOL_NAME
-@@ -120,7 +120,7 @@ spec:
-               mountPath: /tmp/storage-init.sh
-               subPath: storage-init.sh
-               readOnly: true
-            {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+            {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             - name: ceph-etc
-@@ -139,7 +139,7 @@ spec:
-           configMap:
-             name: cinder-bin
-             defaultMode: 0555
-        {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
-+        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-         - name: etcceph
-           emptyDir: {}
-         - name: ceph-etc
-diff --git a/cinder/templates/utils/_has_ceph_backend.tpl b/cinder/templates/utils/_has_ceph_backend.tpl
-new file mode 100644
-index 0000000..0ff7ae5
--- /dev/null
-+++ b/cinder/templates/utils/_has_ceph_backend.tpl
-@@ -0,0 +1,25 @@
-+{{/*
-+Copyright 2017 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- define "cinder.utils.has_ceph_backend" -}}
-+  {{- $has_ceph := false -}}
-+  {{- range $_, $backend := .Values.conf.backends -}}
-+    {{- if kindIs "map" $backend -}}
-+      {{- $has_ceph = or $has_ceph (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
-+    {{- end -}}
-+  {{- end -}}
-+  {{- $has_ceph -}}
-+{{- end -}}
-diff --git a/cinder/templates/utils/_is_ceph_volume_configured.tpl b/cinder/templates/utils/_is_ceph_volume_configured.tpl
-deleted file mode 100644
-index 63f2a73..0000000
--- a/cinder/templates/utils/_is_ceph_volume_configured.tpl
-+++ /dev/null
-@@ -1,25 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "cinder.utils.is_ceph_volume_configured" -}}
-{{- range $section, $values := .Values.conf.backends -}}
-{{- if kindIs "map" $values -}}
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
-true
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch
+++ b/openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch
@ -1,305 +0,0 @@
-From 05919ef2fd1ffc24ca389e4d9ecb54bf621031bd Mon Sep 17 00:00:00 2001
-From: Daniel Badea <daniel.badea@windriver.com>
-Date: Wed, 12 Jun 2019 15:03:43 +0000
-Subject: [PATCH 2/2] Cinder support multiple ceph volume backends
-
-Add support for multiple cinder volume ceph backends.
---
- cinder/templates/deployment-backup.yaml            |  9 +++---
- cinder/templates/deployment-volume.yaml            |  9 +++---
- cinder/templates/job-backup-storage-init.yaml      |  2 +-
- cinder/templates/job-storage-init.yaml             | 28 +++++++++--------
- cinder/templates/utils/_ceph_backend_list.tpl      | 36 ++++++++++++++++++++++
- .../templates/utils/_ceph_volume_section_name.tpl  | 25 ---------------
- cinder/templates/utils/_is_ceph_backend.tpl        | 21 +++++++++++++
- cinder/values.yaml                                 |  6 ++--
- 8 files changed, 86 insertions(+), 50 deletions(-)
- create mode 100644 cinder/templates/utils/_ceph_backend_list.tpl
- delete mode 100644 cinder/templates/utils/_ceph_volume_section_name.tpl
- create mode 100644 cinder/templates/utils/_is_ceph_backend.tpl
-
-diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
-index 74e38ba..23b67fe 100755
--- a/cinder/templates/deployment-backup.yaml
-+++ b/cinder/templates/deployment-backup.yaml
-@@ -76,8 +76,9 @@ spec:
-               subPath: key
-               readOnly: true
-         {{ end }}
-        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-        - name: ceph-keyring-placement
-+        {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
-+          {{- $backend := index $envAll.Values.conf.backends $name }}
-+        - name: ceph-keyring-placement-{{$name}}
- {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-             runAsUser: 0
-@@ -85,7 +86,7 @@ spec:
-             - /tmp/ceph-keyring.sh
-           env:
-             - name: RBD_USER
-              value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
-+              value: {{ $backend.rbd_user | quote }}
-           volumeMounts:
-             - name: etcceph
-               mountPath: /etc/ceph
-@@ -97,7 +98,7 @@ spec:
-               mountPath: /tmp/client-keyring
-               subPath: key
-               readOnly: true
-        {{ end }}
-+        {{- end }}
-         {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
-         - name: ceph-backup-volume-perms
- {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
-diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-index a274d12..f791cfa 100755
--- a/cinder/templates/deployment-volume.yaml
-+++ b/cinder/templates/deployment-volume.yaml
-@@ -54,8 +54,9 @@ spec:
-         {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
-       initContainers:
- {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-        - name: ceph-keyring-placement
-+        {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
-+          {{- $backend := index $envAll.Values.conf.backends $name }}
-+        - name: ceph-keyring-placement-{{$name}}
- {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
-           securityContext:
-             runAsUser: 0
-@@ -63,7 +64,7 @@ spec:
-             - /tmp/ceph-keyring.sh
-           env:
-             - name: RBD_USER
-              value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
-+              value: {{ $backend.rbd_user | quote }}
-           volumeMounts:
-             - name: etcceph
-               mountPath: /etc/ceph
-@@ -75,7 +76,7 @@ spec:
-               mountPath: /tmp/client-keyring
-               subPath: key
-               readOnly: true
-        {{ end }}
-+        {{- end }}
-         {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
-         - name: ceph-coordination-volume-perms
- {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
-diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
-index a43ba99..f3a83a9 100644
--- a/cinder/templates/job-backup-storage-init.yaml
-+++ b/cinder/templates/job-backup-storage-init.yaml
-@@ -110,7 +110,7 @@ spec:
-             - name: RBD_POOL_NAME
-               value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
-             - name: RBD_POOL_APP_NAME
-              value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
-+              value: {{ .Values.conf.ceph.pools.backup.app_name | quote }}
-             - name: RBD_POOL_USER
-               value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
-             - name: RBD_POOL_CRUSH_RULE
-diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
-index 99128db..5635feb 100755
--- a/cinder/templates/job-storage-init.yaml
-+++ b/cinder/templates/job-storage-init.yaml
-@@ -87,7 +87,9 @@ spec:
-             {{ end }}
-         {{ end }}
-       containers:
-        - name: cinder-storage-init
-+        {{- range $name, $backend := .Values.conf.backends }}
-+          {{- if kindIs "map" $backend }}
-+        - name: cinder-storage-init-{{$name}}
- {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-           env:
-@@ -95,23 +97,23 @@ spec:
-               valueFrom:
-                 fieldRef:
-                   fieldPath: metadata.namespace
-            {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-+            {{- if include "cinder.utils.is_ceph_backend" $backend }}
-             - name: STORAGE_BACKEND
-              value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
-+              value: {{ $backend.volume_driver | quote }}
-             - name: RBD_POOL_NAME
-              value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
-+              value: {{ $backend.rbd_pool | quote }}
-             - name: RBD_POOL_APP_NAME
-              value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
-+              value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).app_name | quote }}
-             - name: RBD_POOL_USER
-              value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
-+              value: {{ $backend.rbd_user | quote }}
-             - name: RBD_POOL_CRUSH_RULE
-              value: {{ .Values.conf.ceph.pools.volume.crush_rule | quote }}
-+              value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).crush_rule | quote }}
-             - name: RBD_POOL_REPLICATION
-              value: {{ .Values.conf.ceph.pools.volume.replication | quote }}
-+              value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).replication | quote }}
-             - name: RBD_POOL_CHUNK_SIZE
-              value: {{ .Values.conf.ceph.pools.volume.chunk_size | quote }}
-+              value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).chunk_size | quote }}
-             - name: RBD_POOL_SECRET
-              value: {{ .Values.secrets.rbd.volume | quote }}
-+              value: {{ $envAll.Values.secrets.rbd.volume | quote }}
-             {{- end }}
-           command:
-             - /tmp/storage-init.sh
-@@ -120,20 +122,22 @@ spec:
-               mountPath: /tmp/storage-init.sh
-               subPath: storage-init.sh
-               readOnly: true
-            {{- if include "cinder.utils.has_ceph_backend" $envAll }}
-+            {{- if include "cinder.utils.is_ceph_backend" $backend }}
-             - name: etcceph
-               mountPath: /etc/ceph
-             - name: ceph-etc
-               mountPath: /etc/ceph/ceph.conf
-               subPath: ceph.conf
-               readOnly: true
-            {{- if empty .Values.conf.ceph.admin_keyring }}
-+            {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
-             - name: ceph-keyring
-               mountPath: /tmp/client-keyring
-               subPath: key
-               readOnly: true
-             {{- end }}
-             {{- end }}
-+        {{- end }}
-+      {{- end }}
-       volumes:
-         - name: cinder-bin
-           configMap:
-diff --git a/cinder/templates/utils/_ceph_backend_list.tpl b/cinder/templates/utils/_ceph_backend_list.tpl
-new file mode 100644
-index 0000000..bd681e6
--- /dev/null
-+++ b/cinder/templates/utils/_ceph_backend_list.tpl
-@@ -0,0 +1,36 @@
-+{{/*
-+Copyright 2017 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- /*
-+    Return string with all ceph backends separated by comma. The list
-+    is either empty or it starts with a comma. Assuming "a", "b" and
-+    "c" are ceph backends then ceph_backend_list returns ",a,b,c".
-+    This means the first element in the returned list representation
-+    can always be skipped.
-+
-+    Usage: 
-+        range $name := rest (splitList include "cinder.utils.ceph_backend_list" $)
-+*/ -}}
-+{{- define "cinder.utils.ceph_backend_list" -}}
-+  {{- range $name, $backend := .Values.conf.backends -}}
-+    {{- if kindIs "map" $backend }}
-+      {{- if (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
-+        {{- "," -}}
-+        {{- $name -}}
-+      {{- end -}}
-+    {{- end -}}
-+  {{- end -}}
-+{{- end -}}
-diff --git a/cinder/templates/utils/_ceph_volume_section_name.tpl b/cinder/templates/utils/_ceph_volume_section_name.tpl
-deleted file mode 100644
-index af16d6a..0000000
--- a/cinder/templates/utils/_ceph_volume_section_name.tpl
-+++ /dev/null
-@@ -1,25 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "cinder.utils.ceph_volume_section_name" -}}
-{{- range $section, $values := .Values.conf.backends -}}
-{{- if kindIs "map" $values -}}
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
-{{ $section }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-diff --git a/cinder/templates/utils/_is_ceph_backend.tpl b/cinder/templates/utils/_is_ceph_backend.tpl
-new file mode 100644
-index 0000000..3d5c3be
--- /dev/null
-+++ b/cinder/templates/utils/_is_ceph_backend.tpl
-@@ -0,0 +1,21 @@
-+{{/*
-+Copyright 2017 The Openstack-Helm Authors.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- define "cinder.utils.is_ceph_backend" -}}
-+  {{- if kindIs "map" . -}}
-+    {{- eq .volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
-+  {{- end -}}
-+{{- end -}}
-diff --git a/cinder/values.yaml b/cinder/values.yaml
-index 362f691..839f7fb 100644
--- a/cinder/values.yaml
-+++ b/cinder/values.yaml
-@@ -302,10 +302,6 @@ ceph_client:
-   user_secret_name: pvc-ceph-client-key
- 
- conf:
-  software:
-    rbd:
-      rbd_pool_app_name_backup: cinder-backup
-      rbd_pool_app_name: cinder-volume
-   paste:
-     composite:osapi_volume:
-       use: call:cinder.api:root_app_factory
-@@ -745,10 +741,12 @@ conf:
-         replication: 3
-         crush_rule: replicated_rule
-         chunk_size: 8
-+        app_name: cinder-backup
-       volume:
-         replication: 3
-         crush_rule: replicated_rule
-         chunk_size: 8
-+        app_name: cinder-volume
-   cinder:
-     DEFAULT:
-       resource_query_filters_file: /etc/cinder/resource_filters.json
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0018-Nova-add-service-token.patch
+++ b/openstack-helm/files/0018-Nova-add-service-token.patch
@ -1,69 +0,0 @@
-From 0ce54f2f141d24d1cf5795db8679039c67ffac50 Mon Sep 17 00:00:00 2001
-From: Gerry Kopec <Gerry.Kopec@windriver.com>
-Date: Tue, 25 Jun 2019 20:20:41 -0400
-Subject: [PATCH] Nova: add service token
-
-Add capability for nova to send service token.  Default to disabled.
-Config setup is similar to keystone_authtoken.
-
-Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
-Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
---
- nova/templates/configmap-etc.yaml | 26 ++++++++++++++++++++++++++
- nova/values.yaml                  |  3 +++
- 2 files changed, 29 insertions(+)
-
-diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
-index 0d1e7a5..5446830 100644
--- a/nova/templates/configmap-etc.yaml
-+++ b/nova/templates/configmap-etc.yaml
-@@ -52,6 +52,32 @@ limitations under the License.
- {{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
- {{- end -}}
- 
-+{{- if .Values.conf.nova.service_user.send_service_user_token -}}
-+
-+{{- if empty .Values.conf.nova.service_user.auth_url -}}
-+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.region_name -}}
-+{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.project_name -}}
-+{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.project_domain_name -}}
-+{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.user_domain_name -}}
-+{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.username -}}
-+{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}}
-+{{- end -}}
-+{{- if empty .Values.conf.nova.service_user.password -}}
-+{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}}
-+{{- end -}}
-+
-+{{- end -}}
-+
- {{- if empty .Values.conf.nova.database.connection -}}
- {{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}}
- {{- end -}}
-diff --git a/nova/values.yaml b/nova/values.yaml
-index 433ec3a..ee00591 100644
--- a/nova/values.yaml
-+++ b/nova/values.yaml
-@@ -1507,6 +1507,9 @@ conf:
-       auth_type: password
-       auth_version: v3
-       memcache_security_strategy: ENCRYPT
-+    service_user:
-+      auth_type: password
-+      send_service_user_token: false
-     libvirt:
-       connection_uri: "qemu+tcp://127.0.0.1/system"
-       images_type: qcow2
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
+++ b/openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
@ -1,141 +0,0 @@
-From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001
-From: Angie Wang <angie.wang@windriver.com>
-Date: Tue, 9 Jul 2019 14:22:02 -0400
-Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints
-
-Signed-off-by: Angie Wang <angie.wang@windriver.com>
---
- aodh/templates/secret-ingress-tls.yaml  | 19 +++++++++++++++++++
- aodh/values.yaml                        | 12 ++++++++++++
- panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
- panko/values.yaml                       | 12 ++++++++++++
- 4 files changed, 62 insertions(+)
- create mode 100644 aodh/templates/secret-ingress-tls.yaml
- create mode 100644 panko/templates/secret-ingress-tls.yaml
-
-diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml
-new file mode 100644
-index 0000000..707b38c
--- /dev/null
-+++ b/aodh/templates/secret-ingress-tls.yaml
-@@ -0,0 +1,19 @@
-+{{/*
-+Copyright 2019 Wind River Systems, Inc.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.secret_ingress_tls }}
-+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
-+{{- end }}
-diff --git a/aodh/values.yaml b/aodh/values.yaml
-index 90c9fac..cf7c6d7 100644
--- a/aodh/values.yaml
-+++ b/aodh/values.yaml
-@@ -536,6 +536,10 @@ secrets:
-   oslo_messaging:
-     admin: aodh-rabbitmq-admin
-     aodh: aodh-rabbitmq-user
-+  tls:
-+    alarming:
-+      api:
-+        public: aodh-tls-public
- 
- bootstrap:
-   enabled: false
-@@ -598,6 +602,13 @@ endpoints:
-       public: aodh
-     host_fqdn_override:
-       default: null
-+      # NOTE: this chart supports TLS for fqdn over-ridden public
-+      # endpoints using the following format:
-+      # public:
-+      #   host: null
-+      #   tls:
-+      #     crt: null
-+      #     key: null
-     path:
-       default: null
-     scheme:
-@@ -696,5 +707,6 @@ manifests:
-   secret_db: true
-   secret_keystone: true
-   secret_rabbitmq: true
-+  secret_ingress_tls: true
-   service_api: true
-   service_ingress_api: true
-diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml
-new file mode 100644
-index 0000000..9773f53
--- /dev/null
-+++ b/panko/templates/secret-ingress-tls.yaml
-@@ -0,0 +1,19 @@
-+{{/*
-+Copyright 2019 Wind River Systems, Inc.
-+
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+   http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+
-+{{- if .Values.manifests.secret_ingress_tls }}
-+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
-+{{- end }}
-diff --git a/panko/values.yaml b/panko/values.yaml
-index 7adefd0..3acaf06 100644
--- a/panko/values.yaml
-+++ b/panko/values.yaml
-@@ -159,6 +159,10 @@ secrets:
-   oslo_db:
-     admin: panko-db-admin
-     panko: panko-db-user
-+  tls:
-+    event:
-+      api:
-+        public: panko-tls-public
- 
- bootstrap:
-   enabled: false
-@@ -374,6 +378,13 @@ endpoints:
-       public: panko
-     host_fqdn_override:
-       default: null
-+      # NOTE: this chart supports TLS for fqdn over-ridden public
-+      # endpoints using the following format:
-+      # public:
-+      #   host: null
-+      #   tls:
-+      #     crt: null
-+      #     key: null
-     path:
-       default: null
-     scheme:
-@@ -580,6 +591,7 @@ manifests:
-   pod_rally_test: true
-   secret_db: true
-   secret_keystone: true
-+  secret_ingress_tls: true
-   service_api: true
-   service_ingress_api: true
- 
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0020-Change-cinder-bootstrap-script.patch
+++ b/openstack-helm/files/0020-Change-cinder-bootstrap-script.patch
@ -1,31 +0,0 @@
-From 7de7cf2f14a58255d85149d08577dd63662aa6d9 Mon Sep 17 00:00:00 2001
-From: Teresa Ho <teresa.ho@windriver.com>
-Date: Mon, 15 Jul 2019 10:30:58 -0400
-Subject: [PATCH] Change cinder bootstrap script
-
-This commit changes the cinder template bootstrap script
-to use the openstack client instead of the cinder client
-to list volume types.
-
-Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
-Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
---
- cinder/templates/bin/_bootstrap.sh.tpl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cinder/templates/bin/_bootstrap.sh.tpl b/cinder/templates/bin/_bootstrap.sh.tpl
-index 6592d19..bd60fd8 100644
--- a/cinder/templates/bin/_bootstrap.sh.tpl
-+++ b/cinder/templates/bin/_bootstrap.sh.tpl
-@@ -48,7 +48,7 @@ openstack volume type show {{ $name }} || \
-   {{- end }}
- 
- {{- /* Check volume type and properties were added */}}
-cinder extra-specs-list
-+openstack volume type list --long
- 
- {{- end }}
- 
-- 
-1.8.3.1
-
--- a/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch
+++ b/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch
@ -1,42 +0,0 @@
-From 6fba31f6ba8627c7314a46f5b54d59fd17858848 Mon Sep 17 00:00:00 2001
-From: zhipengl <zhipengs.liu@intel.com>
-Date: Wed, 4 Sep 2019 13:24:12 +0800
-Subject: [PATCH] Patch21: 0021-Add-config-network-item-for-novncproxy.patch
-
-Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
- nova/templates/deployment-novncproxy.yaml | 2 ++
- nova/values.yaml                          | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
-index 2611ba8..1eebcfd 100644
--- a/nova/templates/deployment-novncproxy.yaml
-+++ b/nova/templates/deployment-novncproxy.yaml
-@@ -52,8 +52,10 @@ spec:
- {{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
-       nodeSelector:
-         {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
-+{{- if .Values.pod.useHostNetwork.novncproxy }}
-       hostNetwork: true
-       dnsPolicy: ClusterFirstWithHostNet
-+{{- end }}
-       initContainers:
- {{ tuple $envAll "novncproxy" $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-         - name: nova-novncproxy-init
-diff --git a/nova/values.yaml b/nova/values.yaml
-index ee00591..db86621 100644
--- a/nova/values.yaml
-+++ b/nova/values.yaml
-@@ -2050,6 +2050,8 @@ pod:
-       nova_spiceproxy:
-         volumeMounts:
-         volumes:
-+  useHostNetwork:
-+    novncproxy: true
-   replicas:
-     api_metadata: 1
-     compute_ironic: 1
-- 
-1.8.3.1
-