Browse Source

Upgrade openstack-helm

Upgrade openstack-helm to below version.
commit 82c72367c85ca94270f702661c7b984899c1ae38
Date:   Sat Sep 14 06:40:03 2019 +0000
    Merge "Add a config item for novncproxy"

Basic deployment test on AIO/Duplex/Multi virtual setup pass
and VM creation pass.

Story:2006544
Task: 36623

Depends-on: https://review.opendev.org/#/c/683910
Change-Id: I691a9feef856d83d82709a428afabd01abdef2ea
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
changes/86/683886/8
zhipengl 3 years ago
parent
commit
64eab01514
  1. 4
      openstack-helm/centos/build_srpm.data
  2. 44
      openstack-helm/centos/openstack-helm.spec
  3. 2457
      openstack-helm/files/0001-Add-Aodh-Chart.patch
  4. 34
      openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
  5. 28
      openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
  6. 21
      openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch
  7. 184
      openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
  8. 29
      openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch
  9. 69
      openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
  10. 0
      openstack-helm/files/0006-Add-Placement-Chart.patch
  11. 30
      openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch
  12. 224
      openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
  13. 60
      openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
  14. 82
      openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
  15. 307
      openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch
  16. 89
      openstack-helm/files/0013-cinder-allow-configuring-the-rbd-app-name.patch
  17. 241
      openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch
  18. 229
      openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch
  19. 305
      openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch
  20. 69
      openstack-helm/files/0018-Nova-add-service-token.patch
  21. 141
      openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
  22. 31
      openstack-helm/files/0020-Change-cinder-bootstrap-script.patch
  23. 42
      openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch

4
openstack-helm/centos/build_srpm.data

@ -1,8 +1,8 @@
TAR_NAME=openstack-helm
SHA=6c71637222f47d85681038994f02feac92f75bd2
SHA=82c72367c85ca94270f702661c7b984899c1ae38
VERSION=1.0.0
TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
TIS_PATCH_VER=21
TIS_PATCH_VER=22

44
openstack-helm/centos/openstack-helm.spec

@ -1,4 +1,4 @@
%global sha 6c71637222f47d85681038994f02feac92f75bd2
%global sha 82c72367c85ca94270f702661c7b984899c1ae38
%global helm_folder /usr/lib/helm
%global toolkit_version 0.1.0
%global helmchart_version 0.1.0
@ -19,27 +19,12 @@ Source2: index.yaml
BuildArch: noarch
Patch01: 0001-Add-Aodh-Chart.patch
Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
Patch05: 0005-Nova-console-ip-address-search-optionality.patch
Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
Patch07: 0007-Horizon-Disable-apache2-status_module.patch
Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
Patch12: 0012-Add-internal-tenant-id-in-conf.patch
Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch
Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch
Patch15: 0015-Add-Placement-Chart.patch
Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
Patch18: 0018-Nova-add-service-token.patch
Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
Patch20: 0020-Change-cinder-bootstrap-script.patch
Patch21: 0021-Add-config-network-item-for-novncproxy.patch
Patch01: 0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
Patch02: 0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
Patch03: 0003-Nova-console-ip-address-search-optionality.patch
Patch04: 0004-Nova-chart-Support-ephemeral-pool-creation.patch
Patch05: 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
Patch06: 0006-Add-Placement-Chart.patch
BuildRequires: helm
BuildRequires: openstack-helm-infra
@ -56,21 +41,6 @@ Openstack Helm charts
%patch04 -p1
%patch05 -p1
%patch06 -p1
%patch07 -p1
%patch08 -p1
%patch09 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%build
# initialize helm and build the toolkit

2457
openstack-helm/files/0001-Add-Aodh-Chart.patch

File diff suppressed because it is too large Load Diff

34
openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch → openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch

@ -1,7 +1,7 @@
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Wed, 6 Mar 2019 18:06:06 -0500
Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
Subject: [PATCH 01] Ceilometer chart: add the ability to publish events to
panko
Ceilometer notification agent sends the events to panko via panko
@ -18,26 +18,14 @@ Signed-off-by: Angie Wang <angie.wang@windriver.com>
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
ceilometer/values.yaml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index e6ae7e3a..9deade59 100644
index 44dda74..1343670 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -728,6 +728,11 @@ conf:
- name: event_sink
publishers:
- notifier://
+ # The following publisher will enable to publish events to panko.
+ # Ocata:
+ # - direct://?dispatcher=panko
+ # Pike:
+ # - panko://
transformers: null
sources:
- events:
@@ -1618,6 +1623,8 @@ dependencies:
@@ -1706,6 +1706,8 @@ dependencies:
service: mongodb
- endpoint: internal
service: metric
@ -46,7 +34,7 @@ index e6ae7e3a..9deade59 100644
tests:
services:
- endpoint: internal
@@ -1739,6 +1746,21 @@ endpoints:
@@ -1827,6 +1829,21 @@ endpoints:
api:
default: 8041
public: 80
@ -68,7 +56,7 @@ index e6ae7e3a..9deade59 100644
alarming:
name: aodh
hosts:
@@ -1865,7 +1887,19 @@ pod:
@@ -1958,7 +1975,19 @@ pod:
init_container: null
ceilometer_notification:
volumeMounts:
@ -85,9 +73,9 @@ index e6ae7e3a..9deade59 100644
+ secret:
+ secretName: panko-etc
+ defaultMode: 0444
replicas:
api: 1
central: 1
ceilometer_db_sync:
ceilometer_db_sync:
volumeMounts:
--
2.16.5
2.7.4

28
openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch → openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch

@ -1,7 +1,7 @@
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 01:33:39 -0500
Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
Subject: [PATCH 02] Remove stale Apache2 service pids when a POD starts.
Stale Apache2 pids will prevent Apache2 from starting and will leave
the POD in a crashed state.
@ -21,24 +21,24 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
index cdb02f79..392873c7 100644
index 25b2f9e..3870b4e 100644
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
@@ -25,6 +25,9 @@ function start () {
source /etc/apache2/envvars
@@ -42,6 +42,9 @@ function start () {
fi
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
}
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index 2f127b94..11726809 100644
index 384ee8b..4c72310 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -31,10 +31,8 @@ function start () {
@@ -43,10 +43,8 @@ function start () {
source /etc/apache2/envvars
fi
@ -50,21 +50,21 @@ index 2f127b94..11726809 100644
+ rm -f /var/run/apache2/*
# Start Apache2
exec apache2 -DFOREGROUND
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
index f9c8d7c5..b4bcf178 100644
index bc15a37..055d079 100644
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
@@ -28,6 +28,9 @@ function start () {
source /etc/apache2/envvars
@@ -33,6 +33,9 @@ function start () {
fi
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
}
{{- if .Values.conf.software.apache2.a2enmod }}
{{- range .Values.conf.software.apache2.a2enmod }}
--
2.16.5
2.7.4

21
openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch → openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch

@ -1,7 +1,7 @@
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH 05/11] Nova console/ip address search optionality
Subject: [PATCH 03] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
@ -20,11 +20,11 @@ Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
nova/values.yaml | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
nova/values.yaml | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index c80da6d6..4927908a 100644
index c80da6d..4927908 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -20,6 +20,10 @@ set -ex
@ -41,25 +41,26 @@ index c80da6d6..4927908a 100644
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 8599027a..0887cecc 100644
index 29512ca..7ba2925 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -440,6 +440,7 @@ console:
@@ -461,7 +461,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
-
+ address_search_enabled: true
ssh:
key_types:
@@ -1433,6 +1434,7 @@ conf:
- rsa
@@ -1598,6 +1598,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
nova:
# This list is the keys to exclude from the config file ingested by nova-compute
--
2.16.5
2.7.4

184
openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch

@ -1,184 +0,0 @@
From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Thu, 10 Jan 2019 00:12:21 -0500
Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
container.
- Map private and public keys to configmap-ssh which will default to
the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
Depends on helm-toolkit supporting multiple containers per daemonset
pod.
Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++---
nova/templates/configmap-etc.yaml | 4 ++--
nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++
nova/templates/daemonset-compute.yaml | 14 +++++++++-----
nova/values.yaml | 5 +++++
5 files changed, 67 insertions(+), 10 deletions(-)
create mode 100755 nova/templates/configmap-ssh.yaml
diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
index 1c10cb07..158090b0 100644
--- a/nova/templates/bin/_ssh-start.sh.tpl
+++ b/nova/templates/bin/_ssh-start.sh.tpl
@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
chown nova: ~nova/.ssh
fi
-chmod 0600 ~root/.ssh/authorized_keys
-chmod 0600 ~root/.ssh/id_rsa
-chmod 0600 ~root/.ssh/id_rsa.pub
+{{- if .Values.network.sshd.enabled }}
+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
+cat > /tmp/sshd_config_extend <<EOF
+
+# This Match block prevents Password Authentication for root user
+Match User root
+ PasswordAuthentication no
+
+# This Match Block is used to allow Root Login exceptions over the
+# internal subnet used by Nova Migrations
+Match Address $subnet_address
+ PermitRootLogin without-password
+EOF
+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
+rm /tmp/sshd_config_extend
+{{- end }}
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 55aa3114..0d1e7a5e 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -232,8 +232,8 @@ data:
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
-# FIXME(portdirect): why is this file suffixed .sh?
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
+
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
new file mode 100755
index 00000000..bab8e330
--- /dev/null
+++ b/nova/templates/configmap-ssh.yaml
@@ -0,0 +1,35 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "nova.configmap.ssh" }}
+{{- $envAll := index . 1 }}
+{{- with $envAll }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nova-ssh
+type: Opaque
+data:
+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
+
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
+{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 09627042..4a7b90b5 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -258,6 +258,9 @@ spec:
mountPath: /root/.ssh/config
subPath: ssh-config
readOnly: true
+ - name: nova-ssh
+ mountPath: /root/.ssh/id_rsa
+ subPath: ssh-key-private
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
mountPath: /etc/ceph
@@ -314,13 +317,10 @@ spec:
mountPath: /var/lib/nova
- name: varliblibvirt
mountPath: /var/lib/libvirt
- - name: nova-etc
- mountPath: /root/.ssh/id_rsa
- subPath: ssh-key-private
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/id_rsa.pub
subPath: ssh-key-public
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/authorized_keys
subPath: ssh-key-public
- name: nova-bin
@@ -336,6 +336,10 @@ spec:
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: nova-ssh
+ secret:
+ secretName: nova-ssh
+ defaultMode: 0400
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
hostPath:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7cb4d553..8599027a 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -211,6 +211,9 @@ network:
ssh:
name: "nova-ssh"
port: 8022
+ sshd:
+ enabled: false
+ from_subnet: 0.0.0.0/24
dependencies:
dynamic:
@@ -462,6 +465,8 @@ conf:
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Port {{ .Values.network.ssh.port }}
+ ssh_private: 'null'
+ ssh_public: 'null'
rally_tests:
run_tempest: false
tests:
--
2.16.5

29
openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch → openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch

@ -1,7 +1,7 @@
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
Subject: [PATCH 04] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
@ -17,14 +17,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
nova/templates/configmap-bin.yaml | 4 +-
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
nova/values.yaml | 18 ++++
4 files changed, 251 insertions(+), 1 deletion(-)
nova/values.yaml | 19 +++-
4 files changed, 251 insertions(+), 2 deletions(-)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 00000000..f79fcff0
index 0000000..f79fcff
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,75 @@
@ -104,7 +104,7 @@ index 00000000..f79fcff0
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index c58b90bd..268434fd 100644
index c58b90b..268434f 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -1,5 +1,5 @@
@ -125,7 +125,7 @@ index c58b90bd..268434fd 100644
cell-setup.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 00000000..7d057fb9
index 0000000..7d057fb
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,155 @@
@ -285,18 +285,18 @@ index 00000000..7d057fb9
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index 0887cecc..7245cf82 100644
index 7ba2925..97ef1b5 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:1.3.0
image_repo_sync: docker.io/docker:17.07.0
local_registry:
@@ -461,6 +462,14 @@ conf:
@@ -556,6 +557,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
@ -311,7 +311,7 @@ index 0887cecc..7245cf82 100644
ssh: |
Host *
StrictHostKeyChecking no
@@ -1625,6 +1634,7 @@ secrets:
@@ -1797,6 +1806,7 @@ secrets:
placement:
placement:
public: placement-tls-public
@ -319,10 +319,11 @@ index 0887cecc..7245cf82 100644
# typically overridden by environmental
# values, but should include all endpoints
@@ -2239,6 +2249,13 @@ pod:
@@ -2482,7 +2492,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
-
+ storage_init:
+ requests:
+ memory: "128Mi"
@ -330,10 +331,10 @@ index 0887cecc..7245cf82 100644
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2302,6 +2319,7 @@ manifests:
# TODO(lamt): Need to tighten this ingress for security.
@@ -2545,6 +2561,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
@ -342,5 +343,5 @@ index 0887cecc..7245cf82 100644
pdb_placement: true
pdb_osapi: true
--
2.16.5
2.7.4

69
openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch → openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch

@ -1,7 +1,7 @@
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:42:08 -0400
Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
Subject: [PATCH 05] Nova: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
@ -19,14 +19,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
nova/templates/deployment-novncproxy.yaml | 4 ++++
nova/templates/deployment-scheduler.yaml | 4 ++++
nova/templates/deployment-spiceproxy.yaml | 4 ++++
nova/values.yaml | 27 +++++++++++++++++++++++++++
7 files changed, 51 insertions(+)
nova/values.yaml | 28 ++++++++++++++++++++++++++++
7 files changed, 52 insertions(+)
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 4a7b90b5..f508b963 100644
index feea6ab..86dc2b9 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -181,6 +181,7 @@ spec:
@@ -190,6 +190,7 @@ spec:
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.conf.ceph.secret_uuid }}"
{{ end }}
@ -34,7 +34,7 @@ index 4a7b90b5..f508b963 100644
readinessProbe:
exec:
command:
@@ -193,6 +194,8 @@ spec:
@@ -202,6 +203,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
@ -43,7 +43,7 @@ index 4a7b90b5..f508b963 100644
livenessProbe:
exec:
command:
@@ -206,6 +209,7 @@ spec:
@@ -215,6 +218,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
@ -52,18 +52,18 @@ index 4a7b90b5..f508b963 100644
- /tmp/nova-compute.sh
volumeMounts:
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 1e66e419..33d41097 100644
index f927afa..0caa006 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -60,6 +60,7 @@ spec:
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
{{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
@@ -71,6 +72,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
@ -72,7 +72,7 @@ index 1e66e419..33d41097 100644
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
@@ -84,6 +87,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
@ -81,18 +81,18 @@ index 1e66e419..33d41097 100644
- /tmp/nova-conductor.sh
volumeMounts:
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
index 75b66e79..31013eb7 100644
index b9cb717..0f590e0 100644
--- a/nova/templates/deployment-consoleauth.yaml
+++ b/nova/templates/deployment-consoleauth.yaml
@@ -60,6 +60,7 @@ spec:
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
@@ -71,6 +72,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
@ -101,7 +101,7 @@ index 75b66e79..31013eb7 100644
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
@@ -84,6 +87,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
@ -110,13 +110,13 @@ index 75b66e79..31013eb7 100644
- /tmp/nova-consoleauth.sh
volumeMounts:
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index cf9fda02..2611ba80 100644
index 42a52af..495c1ac 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-novncproxy
@@ -103,14 +103,18 @@ spec:
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
readinessProbe:
tcpSocket:
@ -133,13 +133,13 @@ index cf9fda02..2611ba80 100644
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index 9611d950..0350c47c 100644
index 05ee949..9a30fa6 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -60,6 +60,7 @@ spec:
@@ -59,6 +59,7 @@ spec:
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
{{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
readinessProbe:
exec:
@ -153,7 +153,7 @@ index 9611d950..0350c47c 100644
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
@@ -86,6 +89,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
@ -162,13 +162,13 @@ index 9611d950..0350c47c 100644
- /tmp/nova-scheduler.sh
volumeMounts:
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index 4507bde4..1b58ec98 100644
index a221656..038c85c 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-spiceproxy
@@ -101,14 +101,18 @@ spec:
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
readinessProbe:
tcpSocket:
@ -185,10 +185,10 @@ index 4507bde4..1b58ec98 100644
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7245cf82..433ec3af 100644
index 97ef1b5..4092329 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2256,6 +2256,33 @@ pod:
@@ -2499,6 +2499,34 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
@ -219,9 +219,10 @@ index 7245cf82..433ec3af 100644
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
+
network_policy:
nova:
# TODO(lamt): Need to tighten this ingress for security.
--
2.16.5
2.7.4

0
openstack-helm/files/0015-Add-Placement-Chart.patch → openstack-helm/files/0006-Add-Placement-Chart.patch

30
openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch

@ -1,30 +0,0 @@
From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:29:26 -0400
Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
a2dismod is not present in the StarlingX httpd based images. Try
a2dismod first, then fail back to using sed to remove the module.
Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
Signed-off-by: Robert Church <robert.church@windriver.com>
---
horizon/templates/bin/_horizon.sh.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
index dec000f3..55a2c629 100644
--- a/horizon/templates/bin/_horizon.sh.tpl
+++ b/horizon/templates/bin/_horizon.sh.tpl
@@ -28,7 +28,7 @@ function start () {
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
a2enmod rewrite
- a2dismod status
+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
if [ -f /etc/apache2/envvars ]; then
# Loading Apache2 ENV variables
--
2.16.5

224
openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch

@ -1,224 +0,0 @@
From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:37:05 -0400
Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
Signed-off-by: Robert Church <robert.church@windriver.com>
---
neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++
neutron/templates/daemonset-l3-agent.yaml | 4 ++++
neutron/templates/daemonset-lb-agent.yaml | 4 ++++
neutron/templates/daemonset-metadata-agent.yaml | 4 ++++
neutron/templates/daemonset-ovs-agent.yaml | 4 ++++
neutron/templates/daemonset-sriov-agent.yaml | 4 ++++
neutron/values.yaml | 27 +++++++++++++++++++++++++
7 files changed, 51 insertions(+)
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 49866f2a..6e1d2928 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-dhcp-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 5e0ec194..29e0f3f7 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-l3-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index c2b432f7..685893d5 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -140,12 +140,16 @@ spec:
privileged: true
command:
- /tmp/neutron-linuxbridge-agent.sh
+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
readinessProbe:
exec:
command:
- bash
- -c
- 'brctl show'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-linuxbridge-agent.sh
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 8e92a675..fba132ed 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -87,6 +87,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
readinessProbe:
exec:
command:
@@ -99,6 +100,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 35
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
livenessProbe:
exec:
command:
@@ -112,6 +115,7 @@ spec:
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 45
+ {{- end }}
command:
- /tmp/neutron-metadata-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 56061e63..69ee1c2c 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -154,6 +154,7 @@ spec:
privileged: true
command:
- /tmp/neutron-openvswitch-agent.sh
+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
# ensures this container can can see a br-int
# bridge before its marked as ready
readinessProbe:
@@ -162,6 +163,8 @@ spec:
- bash
- -c
- 'ovs-vsctl list-br | grep -q br-int'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
livenessProbe:
exec:
command:
@@ -177,6 +180,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-openvswitch-agent.sh
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index a59e4100..c03b3668 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -129,6 +129,7 @@ spec:
privileged: true
command:
- /tmp/neutron-sriov-agent.sh
+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
readinessProbe:
exec:
command:
@@ -141,6 +142,9 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 10
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-sriov-agent.sh
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 5ab4ca12..1cc67b94 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -520,6 +520,33 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
+ liveness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
conf:
rally_tests:
--
2.16.5

60
openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch

@ -1,60 +0,0 @@
From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
From: Mingyuan Qi <mingyuan.qi@intel.com>
Date: Thu, 11 Apr 2019 14:59:11 +0800
Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
Current script does not consider centos distro as base image.
Different folder was checked to copy pxe files to tftpboot folder.
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
---
.../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
index b8c4c4c..5fe595f 100644
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
+
set -ex
-#NOTE(portdirect): this works round a limitation in Kolla images
-if ! dpkg -l ipxe; then
- apt-get update
- apt-get install ipxe -y
+if [[ ! -z $DISTRO_UBUNTU ]]; then
+ #NOTE(portdirect): this works round a limitation in Kolla images
+ if ! dpkg -l ipxe; then
+ apt-get update
+ apt-get install ipxe -y
+ fi
fi
mkdir -p /var/lib/openstack-helm/tftpboot
mkdir -p /var/lib/openstack-helm/tftpboot/master_images
-for FILE in undionly.kpxe ipxe.efi; do
+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
if [ -f /usr/lib/ipxe/$FILE ]; then
cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
fi
+
+ # For CentOS
+ if [[ ! -z $DISTRO_CENTOS ]]; then
+ if [ -f /var/lib/tftpboot/$FILE ]; then
+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ if [ -f /usr/share/ipxe/$FILE ]; then
+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ fi
done
--
1.8.3.1

82
openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch

@ -1,82 +0,0 @@
From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
Date: Tue, 9 Apr 2019 10:37:46 +0200
Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
alive
Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
that is passed to the service, just to find out if it is responding. Because
such method does not exist, it is needed to catch and handle the exception
that is inevitably thrown by the service.
While this is technically working correctly, the exceptions pollute the
log files and make it harder for user to see possible real errors.
This is how the error looks like:
ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method)
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
This situation is new since https://review.openstack.org/#/c/639711/
which (correctly) increased the default level of logging. Before 639711
error messages from oslo (both real and ones that could be ignored) were not
present in nova logs at all.
Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
be used for this basic purpose by all nova components.
Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
---
nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
index 6434e45..4c1aa45 100644
--- a/nova/templates/bin/_health-probe.py.tpl
+++ b/nova/templates/bin/_health-probe.py.tpl
@@ -17,8 +17,8 @@
"""
Health probe script for OpenStack service that uses RPC/unix domain socket for
communication. Check's the RPC tcp socket status on the process and send
-message to service through rpc call method and expects a reply. It is expected
-to receive failure from the service's RPC server as the method does not exist.
+message to service through rpc call method and expects a reply.
+Use nova's ping method that is designed just for such simple purpose.
Script returns failure to Kubernetes only when
a. TCP socket for the RPC communication are not established.
@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
sys.stderr.write() writes to pod's events on failures.
Usage example for Nova Compute:
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
+# python health-probe.py --config-file /etc/nova/nova.conf \
# --service-queue-name compute
"""
@@ -50,12 +50,15 @@ def check_service_status(transport):
"""Verify service status. Return success if service consumes message"""
try:
target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
- server=socket.gethostname())
+ server=socket.gethostname(),
+ namespace='baseapi',
+ version="1.1")
client = oslo_messaging.RPCClient(transport, target,
timeout=60,
retry=2)
client.call(context.RequestContext(),
- 'pod_health_probe_method_ignore_errors')
+ 'ping',
+ arg=None)
except oslo_messaging.exceptions.MessageDeliveryFailure:
# Log to pod events
sys.stderr.write("Health probe unable to reach message bus")
--
2.7.4

307
openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch

@ -1,307 +0,0 @@
From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001
From: Liang Fang <liang.a.fang@intel.com>
Date: Mon, 25 Mar 2019 10:29:42 -0400
Subject: [PATCH 12/14] Add internal tenant id in conf
Cinder raw cache feature requires internal tenant id be set in
/etc/cinder/cinder.conf, something like:
cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
This patch get or create if not exist intenal user id and project id, and then
set in cinder.conf
reference: Cinder cache feature:
https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
Story: 2004869
Task: 29121
Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_cinder-volume.sh.tpl | 3 +-
.../bin/_create-internal-tenant-id.sh.tpl | 31 ++++++++
.../bin/_retrieve-internal-tenant-id.sh.tpl | 32 +++++++++
cinder/templates/configmap-bin.yaml | 4 ++
cinder/templates/deployment-volume.yaml | 31 ++++++++
cinder/templates/job-create-internal-tenant.yaml | 83 ++++++++++++++++++++++
cinder/values.yaml | 4 ++
7 files changed, 187 insertions(+), 1 deletion(-)
create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl
create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
create mode 100644 cinder/templates/job-create-internal-tenant.yaml
diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl
index 64aa3828..a248f352 100644
--- a/cinder/templates/bin/_cinder-volume.sh.tpl
+++ b/cinder/templates/bin/_cinder-volume.sh.tpl
@@ -19,4 +19,5 @@ limitations under the License.
set -ex
exec cinder-volume \
--config-file /etc/cinder/cinder.conf \
- --config-file /etc/cinder/conf/backends.conf
+ --config-file /etc/cinder/conf/backends.conf \
+ --config-file /tmp/pod-shared/internal_tenant.conf
diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
new file mode 100755
index 00000000..10582564
--- /dev/null
+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+
+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
+ --domain="${PROJECT_DOMAIN_ID}" \
+ "${INTERNAL_PROJECT_NAME}");
+
+USER_ID=$(openstack user create --or-show --enable -f value -c id \
+ --domain="${USER_DOMAIN_ID}" \
+ --project-domain="${PROJECT_DOMAIN_ID}" \
+ --project="${USER_PROJECT_ID}" \
+ "${INTERNAL_USER_NAME}");
+
diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
new file mode 100755
index 00000000..b85f69fd
--- /dev/null
+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+
+USER_PROJECT_ID=$(openstack project show -f value -c id \
+ "${INTERNAL_PROJECT_NAME}");
+
+USER_ID=$(openstack user show -f value -c id \
+ "${INTERNAL_USER_NAME}");
+
+tee /tmp/pod-shared/internal_tenant.conf <<EOF
+[DEFAULT]
+cinder_internal_tenant_project_id = ${USER_PROJECT_ID}
+cinder_internal_tenant_user_id = ${USER_ID}
+EOF
diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
index 0cfd6af2..df96fabf 100644
--- a/cinder/templates/configmap-bin.yaml
+++ b/cinder/templates/configmap-bin.yaml
@@ -41,6 +41,10 @@ data:
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
+ create-internal-tenant.sh: |
+{{ tuple "bin/_create-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ retrieve-internal-tenant.sh: |
+{{ tuple "bin/_retrieve-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cinder-api.sh: |
{{ tuple "bin/_cinder-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cinder-backup.sh: |
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index a34b4532..17902c02 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -90,6 +90,33 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{ end }}
+ - name: init-cinder-conf
+ image: {{ .Values.images.tags.ks_user }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/retrieve-internal-tenant.sh
+ volumeMounts:
+ - name: cinder-bin
+ mountPath: /tmp/retrieve-internal-tenant.sh
+ subPath: retrieve-internal-tenant.sh
+ readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: INTERNAL_PROJECT_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
+ - name: INTERNAL_USER_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
+
+{{- with $env := dict "ksUserSecret" (index .Values.secrets.identity "cinder" ) }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
+{{- end }}
+
containers:
- name: cinder-volume
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -102,6 +129,8 @@ spec:
mountPath: /tmp/cinder-volume.sh
subPath: cinder-volume.sh
readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: cinder-etc
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
@@ -168,6 +197,8 @@ spec:
{{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
- name: etcceph
emptyDir: {}
+ - name: pod-shared
+ emptyDir: {}
- name: ceph-etc
configMap:
name: {{ .Values.ceph_client.configmap }}
diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml
new file mode 100644
index 00000000..2371a922
--- /dev/null
+++ b/cinder/templates/job-create-internal-tenant.yaml
@@ -0,0 +1,83 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_create_internal_tenant }}
+{{- $envAll := . }}
+
+{{- $serviceName := "cinder" }}
+{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
+{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
+{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
+
+{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "create-internal-tenant" }}
+{{ tuple $envAll "create-internal-tenant" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ printf "%s-%s" $serviceUserPretty "create-internal-tenant" | quote }}
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll $serviceName "create-internal-tenant" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName | quote }}
+ restartPolicy: OnFailure
+ nodeSelector:
+{{ toYaml $nodeSelector | indent 8 }}
+ initContainers:
+{{ tuple $envAll "create_internal_tenant" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: create-internal-tenant
+ image: {{ $envAll.Values.images.tags.ks_user }}
+ imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ command:
+ - /tmp/create-internal-tenant.sh
+ volumeMounts:
+ - name: create-internal-tenant-sh
+ mountPath: /tmp/create-internal-tenant.sh
+ subPath: create-internal-tenant.sh
+ readOnly: true
+ env:
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: SERVICE_OS_SERVICE_NAME
+ value: {{ $serviceName | quote }}
+ - name: INTERNAL_PROJECT_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
+ - name: INTERNAL_USER_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
+
+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: SERVICE_OS_ROLES
+ {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }}
+ {{- if kindIs "slice" $serviceOsRoles }}
+ value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }}
+ {{- else }}
+ value: {{ $serviceOsRoles | quote }}
+ {{- end }}
+ volumes:
+ - name: create-internal-tenant-sh
+ configMap:
+ name: {{ $configMapBin | quote }}
+ defaultMode: 0555
+{{- end -}}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 0256bf3f..39027e9b 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -771,6 +771,9 @@ conf:
# Backup: Posix options
backup_posix_path: /var/lib/cinder/backup
auth_strategy: keystone
+ # Internal tenant id
+ internal_project_name: internal_cinder
+ internal_user_name: internal_cinder
database:
max_retries: -1
keystone_authtoken:
@@ -1349,6 +1352,7 @@ manifests:
job_backup_storage_init: true
job_bootstrap: true
job_clean: true
+ job_create_internal_tenant: true
job_db_init: true
job_image_repo_sync: true
job_rabbit_init: true
--
2.16.5

89
openstack-helm/files/0013-cinder-allow-configuring-the-rbd-app-name.patch

@ -1,89 +0,0 @@
From 88656adf554e01d851c297533ceb1dced329bc2c Mon Sep 17 00:00:00 2001
From: Itxaka <igarcia@suse.com>
Date: Tue, 28 May 2019 13:21:40 +0200
Subject: [PATCH 13/14] cinder: allow configuring the rbd app name
Instead of hardcoding it, let us override it with
custom values for normal volumes and backups
Change-Id: I3abb343877abd0436c592a3371372f82ef581790
(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
cinder/templates/bin/_storage-init.sh.tpl | 2 +-
cinder/templates/job-backup-storage-init.yaml | 2 ++
cinder/templates/job-storage-init.yaml | 2 ++
cinder/values.yaml | 4 ++++
5 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index 52c8e6bf..af9886ad 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then