diff --git a/openstack-helm/centos/build_srpm.data b/openstack-helm/centos/build_srpm.data index 2950f853..90376583 100644 --- a/openstack-helm/centos/build_srpm.data +++ b/openstack-helm/centos/build_srpm.data @@ -1,8 +1,8 @@ TAR_NAME=openstack-helm -SHA=6c71637222f47d85681038994f02feac92f75bd2 +SHA=82c72367c85ca94270f702661c7b984899c1ae38 VERSION=1.0.0 TAR="$TAR_NAME-$SHA.tar.gz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* " -TIS_PATCH_VER=21 +TIS_PATCH_VER=22 diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index 01224b47..726fa57c 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -1,4 +1,4 @@ -%global sha 6c71637222f47d85681038994f02feac92f75bd2 +%global sha 82c72367c85ca94270f702661c7b984899c1ae38 %global helm_folder /usr/lib/helm %global toolkit_version 0.1.0 %global helmchart_version 0.1.0 @@ -19,27 +19,12 @@ Source2: index.yaml BuildArch: noarch -Patch01: 0001-Add-Aodh-Chart.patch -Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch -Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch -Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch -Patch05: 0005-Nova-console-ip-address-search-optionality.patch -Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch -Patch07: 0007-Horizon-Disable-apache2-status_module.patch -Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch -Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch -Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch -Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch -Patch12: 0012-Add-internal-tenant-id-in-conf.patch -Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch -Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch -Patch15: 0015-Add-Placement-Chart.patch -Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch -Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch -Patch18: 0018-Nova-add-service-token.patch -Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch -Patch20: 0020-Change-cinder-bootstrap-script.patch -Patch21: 0021-Add-config-network-item-for-novncproxy.patch +Patch01: 0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch +Patch02: 0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch +Patch03: 0003-Nova-console-ip-address-search-optionality.patch +Patch04: 0004-Nova-chart-Support-ephemeral-pool-creation.patch +Patch05: 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch +Patch06: 0006-Add-Placement-Chart.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -56,21 +41,6 @@ Openstack Helm charts %patch04 -p1 %patch05 -p1 %patch06 -p1 -%patch07 -p1 -%patch08 -p1 -%patch09 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 %build # initialize helm and build the toolkit diff --git a/openstack-helm/files/0001-Add-Aodh-Chart.patch b/openstack-helm/files/0001-Add-Aodh-Chart.patch deleted file mode 100644 index d8682657..00000000 --- a/openstack-helm/files/0001-Add-Aodh-Chart.patch +++ /dev/null @@ -1,2457 +0,0 @@ -From 5ab3650ea105a53b97f7e0aec2086f141f847aa2 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Wed, 6 Mar 2019 15:26:25 -0500 -Subject: [PATCH 01/11] Add Aodh Chart - -This commit adds a helm chart to deploy aodh. -The default deployment for aodh is ocata. - -Change-Id: Id0312d90f079bd36daa1c80d2a9ecaa5fbfed7cd -Story: 2005022 -Task: 29501 -Signed-off-by: Angie Wang -(cherry picked from commit d9e179a607af74571f0e2df9d52961f57d6ea877) -Signed-off-by: Robert Church ---- - aodh/Chart.yaml | 24 + - aodh/requirements.yaml | 18 + - aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl | 21 + - aodh/templates/bin/_aodh-api.sh.tpl | 43 ++ - aodh/templates/bin/_aodh-evaluator.sh.tpl | 21 + - aodh/templates/bin/_aodh-listener.sh.tpl | 21 + - aodh/templates/bin/_aodh-notifier.sh.tpl | 21 + - aodh/templates/bin/_aodh-test.sh.tpl | 54 ++ - aodh/templates/bin/_bootstrap.sh.tpl | 21 + - aodh/templates/bin/_db-sync.sh.tpl | 21 + - aodh/templates/configmap-bin.yaml | 59 ++ - aodh/templates/configmap-etc.yaml | 120 ++++ - aodh/templates/cron-job-alarms-cleaner.yaml | 84 +++ - aodh/templates/deployment-api.yaml | 122 ++++ - aodh/templates/deployment-evaluator.yaml | 103 +++ - aodh/templates/deployment-listener.yaml | 103 +++ - aodh/templates/deployment-notifier.yaml | 103 +++ - aodh/templates/ingress-api.yaml | 20 + - aodh/templates/job-bootstrap.yaml | 20 + - aodh/templates/job-db-drop.yaml | 20 + - aodh/templates/job-db-init.yaml | 20 + - aodh/templates/job-db-sync.yaml | 20 + - aodh/templates/job-image-repo-sync.yaml | 20 + - aodh/templates/job-ks-endpoints.yaml | 20 + - aodh/templates/job-ks-service.yaml | 20 + - aodh/templates/job-ks-user.yaml | 20 + - aodh/templates/job-rabbit-init.yaml | 20 + - aodh/templates/pdb-api.yaml | 29 + - aodh/templates/pod-aodh-test.yaml | 72 +++ - aodh/templates/secret-db.yaml | 30 + - aodh/templates/secret-keystone.yaml | 30 + - aodh/templates/secret-rabbitmq.yaml | 30 + - aodh/templates/service-api.yaml | 39 ++ - aodh/templates/service-ingress-api.yaml | 20 + - aodh/values.yaml | 700 +++++++++++++++++++++ - tools/deployment/multinode/250-aodh.sh | 34 + - .../{250-ceilometer.sh => 260-ceilometer.sh} | 0 - 37 files changed, 2143 insertions(+) - create mode 100644 aodh/Chart.yaml - create mode 100644 aodh/requirements.yaml - create mode 100644 aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl - create mode 100644 aodh/templates/bin/_aodh-api.sh.tpl - create mode 100644 aodh/templates/bin/_aodh-evaluator.sh.tpl - create mode 100644 aodh/templates/bin/_aodh-listener.sh.tpl - create mode 100644 aodh/templates/bin/_aodh-notifier.sh.tpl - create mode 100644 aodh/templates/bin/_aodh-test.sh.tpl - create mode 100644 aodh/templates/bin/_bootstrap.sh.tpl - create mode 100644 aodh/templates/bin/_db-sync.sh.tpl - create mode 100644 aodh/templates/configmap-bin.yaml - create mode 100644 aodh/templates/configmap-etc.yaml - create mode 100644 aodh/templates/cron-job-alarms-cleaner.yaml - create mode 100644 aodh/templates/deployment-api.yaml - create mode 100644 aodh/templates/deployment-evaluator.yaml - create mode 100644 aodh/templates/deployment-listener.yaml - create mode 100644 aodh/templates/deployment-notifier.yaml - create mode 100644 aodh/templates/ingress-api.yaml - create mode 100644 aodh/templates/job-bootstrap.yaml - create mode 100644 aodh/templates/job-db-drop.yaml - create mode 100644 aodh/templates/job-db-init.yaml - create mode 100644 aodh/templates/job-db-sync.yaml - create mode 100644 aodh/templates/job-image-repo-sync.yaml - create mode 100644 aodh/templates/job-ks-endpoints.yaml - create mode 100644 aodh/templates/job-ks-service.yaml - create mode 100644 aodh/templates/job-ks-user.yaml - create mode 100644 aodh/templates/job-rabbit-init.yaml - create mode 100644 aodh/templates/pdb-api.yaml - create mode 100644 aodh/templates/pod-aodh-test.yaml - create mode 100644 aodh/templates/secret-db.yaml - create mode 100644 aodh/templates/secret-keystone.yaml - create mode 100644 aodh/templates/secret-rabbitmq.yaml - create mode 100644 aodh/templates/service-api.yaml - create mode 100644 aodh/templates/service-ingress-api.yaml - create mode 100644 aodh/values.yaml - create mode 100755 tools/deployment/multinode/250-aodh.sh - rename tools/deployment/multinode/{250-ceilometer.sh => 260-ceilometer.sh} (100%) - -diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml -new file mode 100644 -index 00000000..7cc4d27c ---- /dev/null -+++ b/aodh/Chart.yaml -@@ -0,0 +1,24 @@ -+# Copyright 2019 Wind River Systems, Inc. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+ -+apiVersion: v1 -+description: Openstack-Helm Aodh -+name: aodh -+version: 0.1.0 -+home: https://docs.openstack.org/aodh/latest/ -+sources: -+ - https://git.openstack.org/cgit/openstack/aodh -+ - https://git.openstack.org/cgit/openstack/openstack-helm -+maintainers: -+ - name: OpenStack-Helm Authors -diff --git a/aodh/requirements.yaml b/aodh/requirements.yaml -new file mode 100644 -index 00000000..780e525c ---- /dev/null -+++ b/aodh/requirements.yaml -@@ -0,0 +1,18 @@ -+# Copyright 2019 Wind River Systems, Inc. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+ -+dependencies: -+ - name: helm-toolkit -+ repository: http://localhost:8879/charts -+ version: 0.1.0 -diff --git a/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl b/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl -new file mode 100644 -index 00000000..c7bfe2f3 ---- /dev/null -+++ b/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec aodh-expirer -diff --git a/aodh/templates/bin/_aodh-api.sh.tpl b/aodh/templates/bin/_aodh-api.sh.tpl -new file mode 100644 -index 00000000..4ec8291e ---- /dev/null -+++ b/aodh/templates/bin/_aodh-api.sh.tpl -@@ -0,0 +1,43 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+COMMAND="${@:-start}" -+ -+function start () { -+ -+ cp -a $(type -p aodh-api) /var/www/cgi-bin/aodh/ -+ -+ if [ -f /etc/apache2/envvars ]; then -+ # Loading Apache2 ENV variables -+ source /etc/apache2/envvars -+ fi -+ -+ # Get rid of stale pid file if present. -+ rm -f /var/run/apache2/*.pid -+ -+ # Start Apache2 -+ exec apache2 -DFOREGROUND -+} -+ -+function stop () { -+ apachectl -k graceful-stop -+} -+ -+$COMMAND -diff --git a/aodh/templates/bin/_aodh-evaluator.sh.tpl b/aodh/templates/bin/_aodh-evaluator.sh.tpl -new file mode 100644 -index 00000000..55104009 ---- /dev/null -+++ b/aodh/templates/bin/_aodh-evaluator.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec aodh-evaluator --config-file=/etc/aodh/aodh.conf -diff --git a/aodh/templates/bin/_aodh-listener.sh.tpl b/aodh/templates/bin/_aodh-listener.sh.tpl -new file mode 100644 -index 00000000..b833c974 ---- /dev/null -+++ b/aodh/templates/bin/_aodh-listener.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec aodh-listener --config-file=/etc/aodh/aodh.conf -diff --git a/aodh/templates/bin/_aodh-notifier.sh.tpl b/aodh/templates/bin/_aodh-notifier.sh.tpl -new file mode 100644 -index 00000000..beba9f1e ---- /dev/null -+++ b/aodh/templates/bin/_aodh-notifier.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec aodh-notifier --config-file=/etc/aodh/aodh.conf -diff --git a/aodh/templates/bin/_aodh-test.sh.tpl b/aodh/templates/bin/_aodh-test.sh.tpl -new file mode 100644 -index 00000000..783c8995 ---- /dev/null -+++ b/aodh/templates/bin/_aodh-test.sh.tpl -@@ -0,0 +1,54 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+export HOME=/tmp -+ -+echo "Test: create an alarm" -+aodh alarm create \ -+ --name test_cpu_aggregation \ -+ --type gnocchi_aggregation_by_resources_threshold \ -+ --metric cpu --threshold 214106115 \ -+ --comparison-operator lt \ -+ --aggregation-method mean \ -+ --granularity 300 \ -+ --evaluation-periods 1 \ -+ --alarm-action 'http://localhost:8776/alarm' \ -+ --resource-type instance \ -+ --query '{"=": {"flavor_name": "small"}}' -+sleep 5 -+ -+echo "Test: list alarms" -+aodh alarm list -+sleep 5 -+ -+echo "Test: show an alarm" -+ALARM_UUID=$(aodh alarm list -c alarm_id -f value | head -1) -+aodh alarm show ${ALARM_UUID} -+sleep 5 -+ -+echo "Test: update an alarm" -+aodh alarm update ${ALARM_UUID} --comparison-operator gt -+sleep 5 -+ -+echo "Test: delete an alarm" -+aodh alarm delete ${ALARM_UUID} -+ -+exit 0 -+ -diff --git a/aodh/templates/bin/_bootstrap.sh.tpl b/aodh/templates/bin/_bootstrap.sh.tpl -new file mode 100644 -index 00000000..6deaab5b ---- /dev/null -+++ b/aodh/templates/bin/_bootstrap.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} -diff --git a/aodh/templates/bin/_db-sync.sh.tpl b/aodh/templates/bin/_db-sync.sh.tpl -new file mode 100644 -index 00000000..037db164 ---- /dev/null -+++ b/aodh/templates/bin/_db-sync.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec aodh-dbsync -diff --git a/aodh/templates/configmap-bin.yaml b/aodh/templates/configmap-bin.yaml -new file mode 100644 -index 00000000..db9c65ee ---- /dev/null -+++ b/aodh/templates/configmap-bin.yaml -@@ -0,0 +1,59 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.configmap_bin }} -+{{- $envAll := . }} -+--- -+apiVersion: v1 -+kind: ConfigMap -+metadata: -+ name: aodh-bin -+data: -+{{- if .Values.images.local_registry.active }} -+ image-repo-sync.sh: | -+{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -+{{- end }} -+{{- if .Values.bootstrap.enabled }} -+ bootstrap.sh: | -+{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+{{- end }} -+ aodh-test.sh: | -+{{ tuple "bin/_aodh-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ db-init.py: | -+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} -+ db-sync.sh: | -+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ db-drop.py: | -+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} -+ aodh-api.sh: | -+{{ tuple "bin/_aodh-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ aodh-evaluator.sh: | -+{{ tuple "bin/_aodh-evaluator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ aodh-listener.sh: | -+{{ tuple "bin/_aodh-listener.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ aodh-notifier.sh: | -+{{ tuple "bin/_aodh-notifier.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ aodh-alarms-cleaner.sh: | -+{{ tuple "bin/_aodh-alarms-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ ks-service.sh: | -+{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} -+ ks-endpoints.sh: | -+{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} -+ ks-user.sh: | -+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} -+ rabbit-init.sh: | -+{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} -+{{- end }} -diff --git a/aodh/templates/configmap-etc.yaml b/aodh/templates/configmap-etc.yaml -new file mode 100644 -index 00000000..7cd0dcb1 ---- /dev/null -+++ b/aodh/templates/configmap-etc.yaml -@@ -0,0 +1,120 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.configmap_etc }} -+{{- $envAll := . }} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.auth_uri -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "auth_uri" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.auth_url -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "auth_url" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.region_name -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "region_name" .Values.endpoints.identity.auth.aodh.region_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.project_name -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "project_name" .Values.endpoints.identity.auth.aodh.project_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.project_domain_name -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.aodh.project_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.user_domain_name -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.aodh.user_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.username -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "username" .Values.endpoints.identity.auth.aodh.username -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.password -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "password" .Values.endpoints.identity.auth.aodh.password -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.memcached_servers -}} -+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "memcached_servers" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.keystone_authtoken.memcache_secret_key -}} -+{{- $_ := set .Values.conf.aodh.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.database.connection -}} -+{{- $_ := tuple "oslo_db" "internal" "aodh" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.aodh.database "connection" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.DEFAULT.transport_url -}} -+{{- $_ := tuple "oslo_messaging" "internal" "aodh" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.aodh.DEFAULT "transport_url" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.auth_url -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.aodh.service_credentials "auth_url" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.region_name -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "region_name" .Values.endpoints.identity.auth.aodh.region_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.project_name -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "project_name" .Values.endpoints.identity.auth.aodh.project_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.project_domain_name -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "project_domain_name" .Values.endpoints.identity.auth.aodh.project_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.user_domain_name -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "user_domain_name" .Values.endpoints.identity.auth.aodh.user_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.username -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "username" .Values.endpoints.identity.auth.aodh.username -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.aodh.service_credentials.password -}} -+{{- $_ := set .Values.conf.aodh.service_credentials "password" .Values.endpoints.identity.auth.aodh.password -}} -+{{- end -}} -+ -+{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} -+{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -+{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} -+{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} -+{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} -+{{- end -}} -+ -+{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} -+{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} -+{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} -+{{- end -}} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: aodh-etc -+type: Opaque -+data: -+ aodh.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.aodh | b64enc }} -+ logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} -+ api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} -+ policy.json: {{ toJson .Values.conf.policy | b64enc }} -+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_aodh "key" "wsgi-aodh.conf" "format" "Secret" ) | indent 2 }} -+{{- end }} -diff --git a/aodh/templates/cron-job-alarms-cleaner.yaml b/aodh/templates/cron-job-alarms-cleaner.yaml -new file mode 100644 -index 00000000..a9b273d0 ---- /dev/null -+++ b/aodh/templates/cron-job-alarms-cleaner.yaml -@@ -0,0 +1,84 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.cron_job_alarms_cleaner }} -+{{- $envAll := . }} -+ -+{{- $mounts_aodh_alarms_cleaner := .Values.pod.mounts.aodh_alarms_cleaner.aodh_alarms_cleaner }} -+{{- $mounts_aodh_alarms_cleaner_init := .Values.pod.mounts.aodh_alarms_cleaner.init_container }} -+ -+{{- $serviceAccountName := "aodh-alarms-cleaner" }} -+{{ tuple $envAll "alarms_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: batch/v1beta1 -+kind: CronJob -+metadata: -+ name: aodh-alarms-cleaner -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ schedule: {{ .Values.jobs.alarms_cleaner.cron | quote }} -+ successfulJobsHistoryLimit: {{ .Values.jobs.alarms_cleaner.history.success }} -+ failedJobsHistoryLimit: {{ .Values.jobs.alarms_cleaner.history.failed }} -+ concurrencyPolicy: Forbid -+ jobTemplate: -+ metadata: -+ labels: -+{{ tuple $envAll "aodh" "alarms-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ spec: -+ template: -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+ restartPolicy: OnFailure -+ nodeSelector: -+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "alarms_cleaner" $mounts_aodh_alarms_cleaner_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} -+ containers: -+ - name: aodh-alarms-cleaner -+{{ tuple $envAll "aodh_alarms_cleaner" | include "helm-toolkit.snippets.image" | indent 14 }} -+{{ tuple $envAll $envAll.Values.pod.resources.jobs.alarms_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} -+ command: -+ - /tmp/aodh-alarms-cleaner.sh -+ volumeMounts: -+ - name: aodh-bin -+ mountPath: /tmp/aodh-alarms-cleaner.sh -+ subPath: aodh-alarms-cleaner.sh -+ readOnly: true -+ - name: pod-etc-aodh -+ mountPath: /etc/aodh -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-etc -+ mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} -+ readOnly: true -+{{ if $mounts_aodh_alarms_cleaner.volumeMounts }}{{ toYaml $mounts_aodh_alarms_cleaner.volumeMounts | indent 14 }}{{ end }} -+ volumes: -+ - name: pod-etc-aodh -+ emptyDir: {} -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_aodh_alarms_cleaner.volumes }}{{ toYaml $mounts_aodh_alarms_cleaner.volumes | indent 10 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/deployment-api.yaml b/aodh/templates/deployment-api.yaml -new file mode 100644 -index 00000000..9f04ab71 ---- /dev/null -+++ b/aodh/templates/deployment-api.yaml -@@ -0,0 +1,122 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.deployment_api }} -+{{- $envAll := . }} -+ -+{{- $mounts_aodh_api := .Values.pod.mounts.aodh_api.aodh_api }} -+{{- $mounts_aodh_api_init := .Values.pod.mounts.aodh_api.init_container }} -+ -+{{- $serviceAccountName := "aodh-api" }} -+{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: Deployment -+metadata: -+ name: aodh-api -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ replicas: {{ .Values.pod.replicas.api }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ affinity: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ nodeSelector: -+ {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} -+ terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} -+ initContainers: -+{{ tuple $envAll "api" $mounts_aodh_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: aodh-api -+{{ tuple $envAll "aodh_api" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ command: -+ - /tmp/aodh-api.sh -+ - start -+ lifecycle: -+ preStop: -+ exec: -+ command: -+ - /tmp/aodh-api.sh -+ - stop -+ ports: -+ - name: a-api -+ containerPort: {{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ readinessProbe: -+ tcpSocket: -+ port: {{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ volumeMounts: -+ - name: wsgi-aodh -+ mountPath: /var/www/cgi-bin/aodh -+ - name: pod-etc-aodh -+ mountPath: /etc/aodh -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-etc -+ mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/aodh/api_paste.ini -+ subPath: api-paste.ini -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/aodh/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/apache2/conf-enabled/wsgi-aodh.conf -+ subPath: wsgi-aodh.conf -+ readOnly: true -+ - name: aodh-bin -+ mountPath: /tmp/aodh-api.sh -+ subPath: aodh-api.sh -+ readOnly: true -+{{ if $mounts_aodh_api.volumeMounts }}{{ toYaml $mounts_aodh_api.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: wsgi-aodh -+ emptyDir: {} -+ - name: pod-etc-aodh -+ emptyDir: {} -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_aodh_api.volumes }}{{ toYaml $mounts_aodh_api.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/deployment-evaluator.yaml b/aodh/templates/deployment-evaluator.yaml -new file mode 100644 -index 00000000..2df99de6 ---- /dev/null -+++ b/aodh/templates/deployment-evaluator.yaml -@@ -0,0 +1,103 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.deployment_evaluator }} -+{{- $envAll := . }} -+ -+{{- $mounts_aodh_evaluator := .Values.pod.mounts.aodh_evaluator.aodh_evaluator }} -+{{- $mounts_aodh_evaluator_init := .Values.pod.mounts.aodh_evaluator.init_container }} -+ -+{{- $serviceAccountName := "aodh-evaluator" }} -+{{ tuple $envAll "evaluator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: Deployment -+metadata: -+ name: aodh-evaluator -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ replicas: {{ .Values.pod.replicas.evaluator }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ affinity: -+{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ nodeSelector: -+ {{ .Values.labels.evaluator.node_selector_key }}: {{ .Values.labels.evaluator.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "evaluator" $mounts_aodh_evaluator_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: aodh-evaluator -+{{ tuple $envAll "aodh_evaluator" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.evaluator | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_evaluator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ command: -+ - /tmp/aodh-evaluator.sh -+ - start -+ lifecycle: -+ preStop: -+ exec: -+ command: -+ - /tmp/aodh-evaluator.sh -+ - stop -+ volumeMounts: -+ - name: pod-etc-aodh -+ mountPath: /etc/aodh -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-etc -+ mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/aodh/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: aodh-bin -+ mountPath: /tmp/aodh-evaluator.sh -+ subPath: aodh-evaluator.sh -+ readOnly: true -+{{ if $mounts_aodh_evaluator.volumeMounts }}{{ toYaml $mounts_aodh_evaluator.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: pod-etc-aodh -+ emptyDir: {} -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_aodh_evaluator.volumes }}{{ toYaml $mounts_aodh_evaluator.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/deployment-listener.yaml b/aodh/templates/deployment-listener.yaml -new file mode 100644 -index 00000000..f24eb584 ---- /dev/null -+++ b/aodh/templates/deployment-listener.yaml -@@ -0,0 +1,103 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.deployment_listener }} -+{{- $envAll := . }} -+ -+{{- $mounts_aodh_listener := .Values.pod.mounts.aodh_listener.aodh_listener }} -+{{- $mounts_aodh_listener_init := .Values.pod.mounts.aodh_listener.init_container }} -+ -+{{- $serviceAccountName := "aodh-listener" }} -+{{ tuple $envAll "listener" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: Deployment -+metadata: -+ name: aodh-listener -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ replicas: {{ .Values.pod.replicas.listener }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ affinity: -+{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ nodeSelector: -+ {{ .Values.labels.listener.node_selector_key }}: {{ .Values.labels.listener.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "listener" $mounts_aodh_listener_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: aodh-listener -+{{ tuple $envAll "aodh_listener" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.listener | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_listener" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ command: -+ - /tmp/aodh-listener.sh -+ - start -+ lifecycle: -+ preStop: -+ exec: -+ command: -+ - /tmp/aodh-listener.sh -+ - stop -+ volumeMounts: -+ - name: pod-etc-aodh -+ mountPath: /etc/aodh -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-etc -+ mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/aodh/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: aodh-bin -+ mountPath: /tmp/aodh-listener.sh -+ subPath: aodh-listener.sh -+ readOnly: true -+{{ if $mounts_aodh_listener.volumeMounts }}{{ toYaml $mounts_aodh_listener.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: pod-etc-aodh -+ emptyDir: {} -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_aodh_listener.volumes }}{{ toYaml $mounts_aodh_listener.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/deployment-notifier.yaml b/aodh/templates/deployment-notifier.yaml -new file mode 100644 -index 00000000..86094443 ---- /dev/null -+++ b/aodh/templates/deployment-notifier.yaml -@@ -0,0 +1,103 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.deployment_notifier }} -+{{- $envAll := . }} -+ -+{{- $mounts_aodh_notifier := .Values.pod.mounts.aodh_notifier.aodh_notifier }} -+{{- $mounts_aodh_notifier_init := .Values.pod.mounts.aodh_notifier.init_container }} -+ -+{{- $serviceAccountName := "aodh-notifier" }} -+{{ tuple $envAll "notifier" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: Deployment -+metadata: -+ name: aodh-notifier -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ replicas: {{ .Values.pod.replicas.notifier }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} -+ affinity: -+{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ nodeSelector: -+ {{ .Values.labels.notifier.node_selector_key }}: {{ .Values.labels.notifier.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "notifier" $mounts_aodh_notifier_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: aodh-notifier -+{{ tuple $envAll "aodh_notifier" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.notifier | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_notifier" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+ command: -+ - /tmp/aodh-notifier.sh -+ - start -+ lifecycle: -+ preStop: -+ exec: -+ command: -+ - /tmp/aodh-notifier.sh -+ - stop -+ volumeMounts: -+ - name: pod-etc-aodh -+ mountPath: /etc/aodh -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-etc -+ mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: aodh-etc -+ mountPath: /etc/aodh/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: aodh-bin -+ mountPath: /tmp/aodh-notifier.sh -+ subPath: aodh-notifier.sh -+ readOnly: true -+{{ if $mounts_aodh_notifier.volumeMounts }}{{ toYaml $mounts_aodh_notifier.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: pod-etc-aodh -+ emptyDir: {} -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_aodh_notifier.volumes }}{{ toYaml $mounts_aodh_notifier.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/ingress-api.yaml b/aodh/templates/ingress-api.yaml -new file mode 100644 -index 00000000..f848d55e ---- /dev/null -+++ b/aodh/templates/ingress-api.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} -+{{- $ingressOpts := dict "envAll" . "backendServiceType" "alarming" "backendPort" "a-api" -}} -+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} -+{{- end }} -diff --git a/aodh/templates/job-bootstrap.yaml b/aodh/templates/job-bootstrap.yaml -new file mode 100644 -index 00000000..e6b6f7a7 ---- /dev/null -+++ b/aodh/templates/job-bootstrap.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} -+{{- $bootstrapJob := dict "envAll" . "serviceName" "aodh" "keystoneUser" .Values.bootstrap.ks_user -}} -+{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} -+{{- end }} -diff --git a/aodh/templates/job-db-drop.yaml b/aodh/templates/job-db-drop.yaml -new file mode 100644 -index 00000000..5f5129a3 ---- /dev/null -+++ b/aodh/templates/job-db-drop.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_drop }} -+{{- $dbDropJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} -+{{- end }} -diff --git a/aodh/templates/job-db-init.yaml b/aodh/templates/job-db-init.yaml -new file mode 100644 -index 00000000..8d0fddeb ---- /dev/null -+++ b/aodh/templates/job-db-init.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_init }} -+{{- $dbInitJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} -+{{- end }} -diff --git a/aodh/templates/job-db-sync.yaml b/aodh/templates/job-db-sync.yaml -new file mode 100644 -index 00000000..a642f194 ---- /dev/null -+++ b/aodh/templates/job-db-sync.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_sync }} -+{{- $dbSyncJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} -+{{- end }} -diff --git a/aodh/templates/job-image-repo-sync.yaml b/aodh/templates/job-image-repo-sync.yaml -new file mode 100644 -index 00000000..ebab594f ---- /dev/null -+++ b/aodh/templates/job-image-repo-sync.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -+{{- end }} -diff --git a/aodh/templates/job-ks-endpoints.yaml b/aodh/templates/job-ks-endpoints.yaml -new file mode 100644 -index 00000000..61819c83 ---- /dev/null -+++ b/aodh/templates/job-ks-endpoints.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_endpoints }} -+{{- $ksServiceJob := dict "envAll" . "serviceName" "aodh" "serviceTypes" ( tuple "alarming" ) -}} -+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} -+{{- end }} -diff --git a/aodh/templates/job-ks-service.yaml b/aodh/templates/job-ks-service.yaml -new file mode 100644 -index 00000000..2c14e1a4 ---- /dev/null -+++ b/aodh/templates/job-ks-service.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_service }} -+{{- $ksServiceJob := dict "envAll" . "serviceName" "aodh" "serviceTypes" ( tuple "alarming" ) -}} -+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} -+{{- end }} -diff --git a/aodh/templates/job-ks-user.yaml b/aodh/templates/job-ks-user.yaml -new file mode 100644 -index 00000000..d529fa3f ---- /dev/null -+++ b/aodh/templates/job-ks-user.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_user }} -+{{- $ksUserJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} -+{{- end }} -diff --git a/aodh/templates/job-rabbit-init.yaml b/aodh/templates/job-rabbit-init.yaml -new file mode 100644 -index 00000000..866cbbd4 ---- /dev/null -+++ b/aodh/templates/job-rabbit-init.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_rabbit_init }} -+{{- $rmqUserJob := dict "envAll" . "serviceName" "aodh" -}} -+{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} -+{{- end }} -diff --git a/aodh/templates/pdb-api.yaml b/aodh/templates/pdb-api.yaml -new file mode 100644 -index 00000000..800b8e98 ---- /dev/null -+++ b/aodh/templates/pdb-api.yaml -@@ -0,0 +1,29 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.pdb_api }} -+{{- $envAll := . }} -+--- -+apiVersion: policy/v1beta1 -+kind: PodDisruptionBudget -+metadata: -+ name: aodh-api -+spec: -+ minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{- end }} -diff --git a/aodh/templates/pod-aodh-test.yaml b/aodh/templates/pod-aodh-test.yaml -new file mode 100644 -index 00000000..bb029b58 ---- /dev/null -+++ b/aodh/templates/pod-aodh-test.yaml -@@ -0,0 +1,72 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.pod_aodh_test }} -+{{- $envAll := . }} -+ -+{{- $mounts_tests := .Values.pod.mounts.aodh_tests.aodh_tests }} -+{{- $mounts_tests_init := .Values.pod.mounts.aodh_tests.init_container }} -+ -+{{- $serviceAccountName := print $envAll.Release.Name "-test" }} -+{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: v1 -+kind: Pod -+metadata: -+ name: {{ print $envAll.Release.Name "-test" }} -+ labels: -+{{ tuple $envAll "aodh" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ annotations: -+ "helm.sh/hook": test-success -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ restartPolicy: Never -+ nodeSelector: -+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} -+ serviceAccountName: {{ $serviceAccountName }} -+ initContainers: -+{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} -+ containers: -+ - name: {{ .Release.Name }}-test -+{{ tuple $envAll "aodh_api" | include "helm-toolkit.snippets.image" | indent 6 }} -+{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} -+ env: -+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} -+{{- end }} -+ command: -+ - /tmp/aodh-test.sh -+ volumeMounts: -+ - name: aodh-etc -+ mountPath: /etc/aodh/aodh.conf -+ subPath: aodh.conf -+ readOnly: true -+ - name: aodh-bin -+ mountPath: /tmp/aodh-test.sh -+ subPath: aodh-test.sh -+ readOnly: true -+{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} -+ volumes: -+ - name: aodh-etc -+ secret: -+ secretName: aodh-etc -+ defaultMode: 0444 -+ - name: aodh-bin -+ configMap: -+ name: aodh-bin -+ defaultMode: 0555 -+{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} -+{{- end }} -diff --git a/aodh/templates/secret-db.yaml b/aodh/templates/secret-db.yaml -new file mode 100644 -index 00000000..14786633 ---- /dev/null -+++ b/aodh/templates/secret-db.yaml -@@ -0,0 +1,30 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_db }} -+{{- $envAll := . }} -+{{- range $key1, $userClass := tuple "admin" "aodh" }} -+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: {{ $secretName }} -+type: Opaque -+data: -+ DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} -+{{- end }} -+{{- end }} -diff --git a/aodh/templates/secret-keystone.yaml b/aodh/templates/secret-keystone.yaml -new file mode 100644 -index 00000000..76664be5 ---- /dev/null -+++ b/aodh/templates/secret-keystone.yaml -@@ -0,0 +1,30 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_keystone }} -+{{- $envAll := . }} -+{{- range $key1, $userClass := tuple "admin" "aodh" }} -+{{- $secretName := index $envAll.Values.secrets.identity $userClass }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: {{ $secretName }} -+type: Opaque -+data: -+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} -+{{- end }} -+{{- end }} -diff --git a/aodh/templates/secret-rabbitmq.yaml b/aodh/templates/secret-rabbitmq.yaml -new file mode 100644 -index 00000000..19b6474a ---- /dev/null -+++ b/aodh/templates/secret-rabbitmq.yaml -@@ -0,0 +1,30 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_rabbitmq }} -+{{- $envAll := . }} -+{{- range $key1, $userClass := tuple "admin" "aodh" }} -+{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: {{ $secretName }} -+type: Opaque -+data: -+ RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} -+{{- end }} -+{{- end }} -diff --git a/aodh/templates/service-api.yaml b/aodh/templates/service-api.yaml -new file mode 100644 -index 00000000..2a786ce2 ---- /dev/null -+++ b/aodh/templates/service-api.yaml -@@ -0,0 +1,39 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.service_api }} -+{{- $envAll := . }} -+--- -+apiVersion: v1 -+kind: Service -+metadata: -+ name: {{ tuple "alarming" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -+spec: -+ ports: -+ - name: a-api -+ port: {{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ {{ if .Values.network.api.node_port.enabled }} -+ nodePort: {{ .Values.network.api.node_port.port }} -+ {{ end }} -+ selector: -+{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ {{ if .Values.network.api.node_port.enabled }} -+ type: NodePort -+ {{ if .Values.network.api.external_policy_local }} -+ externalTrafficPolicy: Local -+ {{ end }} -+ {{ end }} -+{{- end }} -diff --git a/aodh/templates/service-ingress-api.yaml b/aodh/templates/service-ingress-api.yaml -new file mode 100644 -index 00000000..2749b493 ---- /dev/null -+++ b/aodh/templates/service-ingress-api.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} -+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "alarming" -}} -+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} -+{{- end }} -diff --git a/aodh/values.yaml b/aodh/values.yaml -new file mode 100644 -index 00000000..90c9faca ---- /dev/null -+++ b/aodh/values.yaml -@@ -0,0 +1,700 @@ -+# Copyright 2019 Wind River Systems, Inc. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+ -+# Default values for aodh. -+# This is a YAML-formatted file. -+# Declare name/value pairs to be passed into your templates. -+# name: value -+ -+release_group: null -+ -+labels: -+ api: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ evaluator: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ listener: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ notifier: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ job: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ test: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ -+ -+images: -+ tags: -+ bootstrap: docker.io/openstackhelm/heat:ocata -+ db_init: docker.io/openstackhelm/heat:ocata -+ db_drop: docker.io/openstackhelm/heat:ocata -+ rabbit_init: docker.io/rabbitmq:3.7-management -+ aodh_db_sync: docker.io/kolla/ubuntu-source-aodh-api:ocata -+ ks_user: docker.io/openstackhelm/heat:ocata -+ ks_service: docker.io/openstackhelm/heat:ocata -+ ks_endpoints: docker.io/openstackhelm/heat:ocata -+ aodh_api: docker.io/kolla/ubuntu-source-aodh-api:ocata -+ aodh_evaluator: docker.io/kolla/ubuntu-source-aodh-evaluator:ocata -+ aodh_listener: docker.io/kolla/ubuntu-source-aodh-listener:ocata -+ aodh_notifier: docker.io/kolla/ubuntu-source-aodh-notifier:ocata -+ aodh_alarms_cleaner: docker.io/kolla/ubuntu-source-aodh-base:ocata -+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 -+ image_repo_sync: docker.io/docker:17.07.0 -+ pull_policy: "IfNotPresent" -+ local_registry: -+ active: false -+ exclude: -+ - dep_check -+ - image_repo_sync -+ -+jobs: -+ alarms_cleaner: -+ # daily -+ cron: "0 */24 * * *" -+ history: -+ success: 3 -+ failed: 1 -+ -+pod: -+ security_context: -+ aodh: -+ pod: -+ runAsUser: 42402 -+ container: -+ aodh_api: -+ runAsUser: 0 -+ aodh_evaluator: -+ readOnlyRootFilesystem: true -+ allowPrivilegeEscalation: false -+ aodh_notifier: -+ readOnlyRootFilesystem: true -+ allowPrivilegeEscalation: false -+ aodh_listener: -+ readOnlyRootFilesystem: true -+ allowPrivilegeEscalation: false -+ affinity: -+ anti: -+ type: -+ default: preferredDuringSchedulingIgnoredDuringExecution -+ topologyKey: -+ default: kubernetes.io/hostname -+ mounts: -+ aodh_api: -+ init_container: null -+ aodh_api: -+ volumeMounts: -+ volumes: -+ aodh_evaluator: -+ init_container: null -+ aodh_evaluator: -+ volumeMounts: -+ volumes: -+ aodh_listener: -+ init_container: null -+ aodh_listener: -+ volumeMounts: -+ volumes: -+ aodh_notifier: -+ init_container: null -+ aodh_notifier: -+ volumeMounts: -+ volumes: -+ aodh_alarms_cleaner: -+ init_container: null -+ aodh_alarms_cleaner: -+ volumeMounts: -+ volumes: -+ aodh_bootstrap: -+ init_container: null -+ aodh_bootstrap: -+ volumeMounts: -+ volumes: -+ aodh_tests: -+ init_container: null -+ aodh_tests: -+ volumeMounts: -+ volumes: -+ replicas: -+ api: 1 -+ evaluator: 1 -+ listener: 1 -+ notifier: 1 -+ lifecycle: -+ upgrades: -+ deployments: -+ revision_history: 3 -+ pod_replacement_strategy: RollingUpdate -+ rolling_update: -+ max_unavailable: 1 -+ max_surge: 3 -+ disruption_budget: -+ api: -+ min_available: 0 -+ termination_grace_period: -+ api: -+ timeout: 30 -+ resources: -+ enabled: false -+ api: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ evaluator: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ listener: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ notifier: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ jobs: -+ bootstrap: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ rabbit_init: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_init: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_sync: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_endpoints: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_service: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_user: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ alarms_cleaner: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_drop: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ tests: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ image_repo_sync: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ -+network: -+ api: -+ ingress: -+ public: true -+ classes: -+ namespace: "nginx" -+ cluster: "nginx-cluster" -+ annotations: -+ nginx.ingress.kubernetes.io/rewrite-target: / -+ external_policy_local: false -+ node_port: -+ enabled: false -+ port: 8042 -+ -+dependencies: -+ dynamic: -+ common: -+ local_image_registry: -+ jobs: -+ - aodh-image-repo-sync -+ services: -+ - endpoint: node -+ service: local_image_registry -+ static: -+ api: -+ jobs: -+ - aodh-db-sync -+ - aodh-ks-user -+ - aodh-ks-endpoints -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ evaluator: -+ jobs: -+ - aodh-db-sync -+ - aodh-rabbit-init -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: alarming -+ listener: -+ jobs: -+ - aodh-db-sync -+ - aodh-rabbit-init -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: alarming -+ notifier: -+ jobs: -+ - aodh-db-sync -+ - aodh-rabbit-init -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: alarming -+ rabbit_init: -+ services: -+ - service: oslo_messaging -+ endpoint: internal -+ db_init: -+ services: -+ - endpoint: internal -+ service: oslo_db -+ db_sync: -+ jobs: -+ - aodh-db-init -+ services: -+ - endpoint: internal -+ service: oslo_db -+ db_drop: -+ services: -+ - endpoint: internal -+ service: oslo_db -+ ks_endpoints: -+ jobs: -+ - aodh-ks-service -+ services: -+ - endpoint: internal -+ service: identity -+ ks_service: -+ services: -+ - endpoint: internal -+ service: identity -+ ks_user: -+ services: -+ - endpoint: internal -+ service: identity -+ image_repo_sync: -+ services: -+ - endpoint: internal -+ service: local_image_registry -+ tests: -+ jobs: -+ - aodh-db-sync -+ services: -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: alarming -+ -+conf: -+ wsgi_aodh: | -+ Listen 0.0.0.0:{{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ -+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy -+ -+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded -+ CustomLog /dev/stdout combined env=!forwarded -+ CustomLog /dev/stdout proxy env=forwarded -+ -+ -+ WSGIDaemonProcess aodh processes=1 threads=2 user=aodh group=aodh display-name=%{GROUP} -+ WSGIProcessGroup aodh -+ WSGIScriptAlias / /var/www/cgi-bin/aodh/aodh-api -+ WSGIApplicationGroup %{GLOBAL} -+ = 2.4> -+ ErrorLogFormat "%{cu}t %M" -+ -+ -+ ErrorLog /dev/stdout -+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded -+ CustomLog /dev/stdout combined env=!forwarded -+ CustomLog /dev/stdout proxy env=forwarded -+ -+ paste: -+ composite:aodh+noauth: -+ use: egg:Paste#urlmap -+ /: aodhversions_pipeline -+ /v2: aodhv2_noauth_pipeline -+ /healthcheck: healthcheck -+ composite:aodh+keystone: -+ use: egg:Paste#urlmap -+ /: aodhversions_pipeline -+ /v2: aodhv2_keystone_pipeline -+ /healthcheck: healthcheck -+ app:healthcheck: -+ use: egg:oslo.middleware#healthcheck -+ oslo_config_project: aodh -+ pipeline:aodhversions_pipeline: -+ pipeline: cors http_proxy_to_wsgi aodhversions -+ app:aodhversions: -+ paste.app_factory: aodh.api.app:app_factory -+ root: aodh.api.controllers.root.VersionsController -+ pipeline:aodhv2_keystone_pipeline: -+ pipeline: cors http_proxy_to_wsgi request_id authtoken aodhv2 -+ pipeline:aodhv2_noauth_pipeline: -+ pipeline: cors http_proxy_to_wsgi request_id aodhv2 -+ app:aodhv2: -+ paste.app_factory: aodh.api.app:app_factory -+ root: aodh.api.controllers.v2.root.V2Controller -+ filter:authtoken: -+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory -+ oslo_config_project: aodh -+ filter:request_id: -+ paste.filter_factory: oslo_middleware:RequestId.factory -+ filter:cors: -+ paste.filter_factory: oslo_middleware.cors:filter_factory -+ oslo_config_project: aodh -+ filter:http_proxy_to_wsgi: -+ paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory -+ oslo_config_project: aodh -+ policy: -+ context_is_admin: 'role:admin' -+ segregation: 'rule:context_is_admin' -+ admin_or_owner: 'rule:context_is_admin or project_id:%(project_id)s' -+ default: 'rule:admin_or_owner' -+ telemetry:get_alarm: 'rule:admin_or_owner' -+ telemetry:get_alarms: 'rule:admin_or_owner' -+ telemetry:query_alarm: 'rule:admin_or_owner' -+ telemetry:create_alarm: '' -+ telemetry:change_alarm: 'rule:admin_or_owner' -+ telemetry:delete_alarm: 'rule:admin_or_owner' -+ telemetry:get_alarm_state: 'rule:admin_or_owner' -+ telemetry:change_alarm_state: 'rule:admin_or_owner' -+ telemetry:alarm_history: 'rule:admin_or_owner' -+ telemetry:query_alarm_history: 'rule:admin_or_owner' -+ aodh: -+ DEFAULT: -+ debug: false -+ log_config_append: /etc/aodh/logging.conf -+ oslo_middleware: -+ enable_proxy_headers_parsing: true -+ database: -+ alarm_history_time_to_live: 86400 -+ max_retries: -1 -+ keystone_authtoken: -+ auth_version: v3 -+ auth_type: password -+ memcache_security_strategy: ENCRYPT -+ service_credentials: -+ auth_type: password -+ interface: internal -+ auth_version: v3 -+ logging: -+ loggers: -+ keys: -+ - root -+ - aodh -+ handlers: -+ keys: -+ - stdout -+ - stderr -+ - "null" -+ formatters: -+ keys: -+ - context -+ - default -+ logger_root: -+ level: WARNING -+ handlers: 'null' -+ logger_aodh: -+ level: INFO -+ handlers: -+ - stdout -+ qualname: aodh -+ logger_amqp: -+ level: WARNING -+ handlers: stderr -+ qualname: amqp -+ logger_amqplib: -+ level: WARNING -+ handlers: stderr -+ qualname: amqplib -+ logger_eventletwsgi: -+ level: WARNING -+ handlers: stderr -+ qualname: eventlet.wsgi.server -+ logger_sqlalchemy: -+ level: WARNING -+ handlers: stderr -+ qualname: sqlalchemy -+ logger_boto: -+ level: WARNING -+ handlers: stderr -+ qualname: boto -+ handler_null: -+ class: logging.NullHandler -+ formatter: default -+ args: () -+ handler_stdout: -+ class: StreamHandler -+ args: (sys.stdout,) -+ formatter: context -+ handler_stderr: -+ class: StreamHandler -+ args: (sys.stderr,) -+ formatter: context -+ formatter_context: -+ class: oslo_log.formatters.ContextFormatter -+ formatter_default: -+ format: "%(message)s" -+ -+secrets: -+ identity: -+ admin: aodh-keystone-admin -+ aodh: aodh-keystone-user -+ oslo_db: -+ admin: aodh-db-admin -+ aodh: aodh-db-user -+ oslo_messaging: -+ admin: aodh-rabbitmq-admin -+ aodh: aodh-rabbitmq-user -+ -+bootstrap: -+ enabled: false -+ ks_user: aodh -+ script: | -+ openstack token issue -+ -+# typically overriden by environmental -+# values, but should include all endpoints -+# required by this chart -+endpoints: -+ cluster_domain_suffix: cluster.local -+ local_image_registry: -+ name: docker-registry -+ namespace: docker-registry -+ hosts: -+ default: localhost -+ internal: docker-registry -+ node: localhost -+ host_fqdn_override: -+ default: null -+ port: -+ registry: -+ node: 5000 -+ identity: -+ name: keystone -+ auth: -+ admin: -+ region_name: RegionOne -+ username: admin -+ password: password -+ project_name: admin -+ user_domain_name: default -+ project_domain_name: default -+ aodh: -+ role: admin -+ region_name: RegionOne -+ username: aodh -+ password: password -+ project_name: service -+ user_domain_name: service -+ project_domain_name: service -+ hosts: -+ default: keystone -+ internal: keystone-api -+ host_fqdn_override: -+ default: null -+ path: -+ default: /v3 -+ scheme: -+ default: 'http' -+ port: -+ api: -+ default: 80 -+ internal: 5000 -+ alarming: -+ name: aodh -+ hosts: -+ default: aodh-api -+ public: aodh -+ host_fqdn_override: -+ default: null -+ path: -+ default: null -+ scheme: -+ default: 'http' -+ port: -+ api: -+ default: 8042 -+ public: 80 -+ oslo_db: -+ auth: -+ admin: -+ username: root -+ password: password -+ aodh: -+ username: aodh -+ password: password -+ hosts: -+ default: mariadb -+ host_fqdn_override: -+ default: null -+ path: /aodh -+ scheme: mysql+pymysql -+ port: -+ mysql: -+ default: 3306 -+ oslo_cache: -+ auth: -+ # NOTE: this is used to define the value for keystone -+ # authtoken cache encryption key, if not set it will be populated -+ # automatically with a random value, but to take advantage of -+ # this feature all services should be set to use the same key, -+ # and memcache service. -+ memcache_secret_key: null -+ hosts: -+ default: memcached -+ host_fqdn_override: -+ default: null -+ port: -+ memcache: -+ default: 11211 -+ oslo_messaging: -+ auth: -+ admin: -+ username: rabbitmq -+ password: password -+ aodh: -+ username: aodh -+ password: password -+ hosts: -+ default: rabbitmq -+ host_fqdn_override: -+ default: null -+ path: /aodh -+ scheme: rabbit -+ port: -+ amqp: -+ default: 5672 -+ http: -+ default: 15672 -+ fluentd: -+ namespace: null -+ name: fluentd -+ hosts: -+ default: fluentd-logging -+ host_fqdn_override: -+ default: null -+ path: -+ default: null -+ scheme: 'http' -+ port: -+ service: -+ default: 24224 -+ metrics: -+ default: 24220 -+ -+manifests: -+ configmap_bin: true -+ configmap_etc: true -+ cron_job_alarms_cleaner: true -+ deployment_api: true -+ deployment_evaluator: true -+ deployment_listener: true -+ deployment_notifier: true -+ ingress_api: true -+ job_bootstrap: true -+ job_db_drop: false -+ job_db_init: true -+ job_image_repo_sync: true -+ job_rabbit_init: true -+ job_db_sync: true -+ job_ks_endpoints: true -+ job_ks_service: true -+ job_ks_user: true -+ pdb_api: true -+ pod_aodh_test: true -+ secret_db: true -+ secret_keystone: true -+ secret_rabbitmq: true -+ service_api: true -+ service_ingress_api: true -diff --git a/tools/deployment/multinode/250-aodh.sh b/tools/deployment/multinode/250-aodh.sh -new file mode 100755 -index 00000000..41e398a6 ---- /dev/null -+++ b/tools/deployment/multinode/250-aodh.sh -@@ -0,0 +1,34 @@ -+#!/bin/bash -+ -+# Copyright 2019 The Openstack-Helm Authors. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); you may -+# not use this file except in compliance with the License. You may obtain -+# a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -+# License for the specific language governing permissions and limitations -+# under the License. -+set -xe -+ -+#NOTE: Wait for deploy -+helm upgrade --install aodh ./aodh \ -+ --namespace=openstack \ -+ --set pod.replicas.api=2 \ -+ --set pod.replicas.evaluator=2 \ -+ --set pod.replicas.listener=2 \ -+ --set pod.replicas.notifier=2 \ -+ ${OSH_EXTRA_HELM_ARGS} \ -+ ${OSH_EXTRA_HELM_ARGS_AODH} -+ -+#NOTE: Wait for deploy -+./tools/deployment/common/wait-for-pods.sh openstack -+ -+#NOTE: Validate Deployment info -+helm status aodh -+export OS_CLOUD=openstack_helm -+openstack service list -diff --git a/tools/deployment/multinode/250-ceilometer.sh b/tools/deployment/multinode/260-ceilometer.sh -similarity index 100% -rename from tools/deployment/multinode/250-ceilometer.sh -rename to tools/deployment/multinode/260-ceilometer.sh --- -2.16.5 - diff --git a/openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch b/openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch similarity index 73% rename from openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch rename to openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch index 020a7481..578592b0 100644 --- a/openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch +++ b/openstack-helm/files/0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch @@ -1,7 +1,7 @@ From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001 From: Angie Wang Date: Wed, 6 Mar 2019 18:06:06 -0500 -Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to +Subject: [PATCH 01] Ceilometer chart: add the ability to publish events to panko Ceilometer notification agent sends the events to panko via panko @@ -18,26 +18,14 @@ Signed-off-by: Angie Wang (cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656) Signed-off-by: Robert Church --- - ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) + ceilometer/values.yaml | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml -index e6ae7e3a..9deade59 100644 +index 44dda74..1343670 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml -@@ -728,6 +728,11 @@ conf: - - name: event_sink - publishers: - - notifier:// -+ # The following publisher will enable to publish events to panko. -+ # Ocata: -+ # - direct://?dispatcher=panko -+ # Pike: -+ # - panko:// - transformers: null - sources: - - events: -@@ -1618,6 +1623,8 @@ dependencies: +@@ -1706,6 +1706,8 @@ dependencies: service: mongodb - endpoint: internal service: metric @@ -46,7 +34,7 @@ index e6ae7e3a..9deade59 100644 tests: services: - endpoint: internal -@@ -1739,6 +1746,21 @@ endpoints: +@@ -1827,6 +1829,21 @@ endpoints: api: default: 8041 public: 80 @@ -68,7 +56,7 @@ index e6ae7e3a..9deade59 100644 alarming: name: aodh hosts: -@@ -1865,7 +1887,19 @@ pod: +@@ -1958,7 +1975,19 @@ pod: init_container: null ceilometer_notification: volumeMounts: @@ -85,9 +73,9 @@ index e6ae7e3a..9deade59 100644 + secret: + secretName: panko-etc + defaultMode: 0444 - replicas: - api: 1 - central: 1 + ceilometer_db_sync: + ceilometer_db_sync: + volumeMounts: -- -2.16.5 +2.7.4 diff --git a/openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch b/openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch similarity index 75% rename from openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch rename to openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch index 639fb22c..768673ec 100644 --- a/openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch +++ b/openstack-helm/files/0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch @@ -1,7 +1,7 @@ From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001 From: Chris Friesen Date: Wed, 28 Nov 2018 01:33:39 -0500 -Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts. +Subject: [PATCH 02] Remove stale Apache2 service pids when a POD starts. Stale Apache2 pids will prevent Apache2 from starting and will leave the POD in a crashed state. @@ -21,24 +21,24 @@ Signed-off-by: Robert Church 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl -index cdb02f79..392873c7 100644 +index 25b2f9e..3870b4e 100644 --- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl +++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl -@@ -25,6 +25,9 @@ function start () { - source /etc/apache2/envvars +@@ -42,6 +42,9 @@ function start () { + fi fi + # Get rid of stale pid file if present. + rm -f /var/run/apache2/*.pid + # Start Apache2 - exec apache2 -DFOREGROUND + exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }} } diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl -index 2f127b94..11726809 100644 +index 384ee8b..4c72310 100644 --- a/keystone/templates/bin/_keystone-api.sh.tpl +++ b/keystone/templates/bin/_keystone-api.sh.tpl -@@ -31,10 +31,8 @@ function start () { +@@ -43,10 +43,8 @@ function start () { source /etc/apache2/envvars fi @@ -50,21 +50,21 @@ index 2f127b94..11726809 100644 + rm -f /var/run/apache2/* # Start Apache2 - exec apache2 -DFOREGROUND + exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }} diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl -index f9c8d7c5..b4bcf178 100644 +index bc15a37..055d079 100644 --- a/nova/templates/bin/_nova-placement-api.sh.tpl +++ b/nova/templates/bin/_nova-placement-api.sh.tpl -@@ -28,6 +28,9 @@ function start () { - source /etc/apache2/envvars +@@ -33,6 +33,9 @@ function start () { + fi fi + # Get rid of stale pid file if present. + rm -f /var/run/apache2/*.pid + # Start Apache2 - exec apache2 -DFOREGROUND - } + {{- if .Values.conf.software.apache2.a2enmod }} + {{- range .Values.conf.software.apache2.a2enmod }} -- -2.16.5 +2.7.4 diff --git a/openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch b/openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch similarity index 84% rename from openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch rename to openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch index ef5dd0f5..8a57d194 100644 --- a/openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch +++ b/openstack-helm/files/0003-Nova-console-ip-address-search-optionality.patch @@ -1,7 +1,7 @@ From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001 From: Gerry Kopec Date: Wed, 27 Mar 2019 00:35:57 -0400 -Subject: [PATCH 05/11] Nova console/ip address search optionality +Subject: [PATCH 03] Nova console/ip address search optionality Add options to nova to enable/disable the use of: 1. the vnc or spice server proxyclient address found by the console @@ -20,11 +20,11 @@ Signed-off-by: Gerry Kopec Signed-off-by: Robert Church --- nova/templates/bin/_nova-compute.sh.tpl | 6 +++++- - nova/values.yaml | 2 ++ - 2 files changed, 7 insertions(+), 1 deletion(-) + nova/values.yaml | 3 ++- + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl -index c80da6d6..4927908a 100644 +index c80da6d..4927908 100644 --- a/nova/templates/bin/_nova-compute.sh.tpl +++ b/nova/templates/bin/_nova-compute.sh.tpl @@ -20,6 +20,10 @@ set -ex @@ -41,25 +41,26 @@ index c80da6d6..4927908a 100644 + --config-file /tmp/pod-shared/nova-hypervisor.conf +{{- end }} diff --git a/nova/values.yaml b/nova/values.yaml -index 8599027a..0887cecc 100644 +index 29512ca..7ba2925 100644 --- a/nova/values.yaml +++ b/nova/values.yaml -@@ -440,6 +440,7 @@ console: +@@ -461,7 +461,7 @@ console: vncproxy: # IF blank, search default routing interface vncserver_proxyclient_interface: +- + address_search_enabled: true - ssh: key_types: -@@ -1433,6 +1434,7 @@ conf: + - rsa +@@ -1598,6 +1598,7 @@ conf: # If this option is set to None, the hostname of the migration target compute node will be used. live_migration_interface: hypervisor: + address_search_enabled: true # my_ip can be set automatically through this interface name. host_interface: - nova: + # This list is the keys to exclude from the config file ingested by nova-compute -- -2.16.5 +2.7.4 diff --git a/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch b/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch deleted file mode 100644 index bba2253f..00000000 --- a/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001 -From: Gerry Kopec -Date: Thu, 10 Jan 2019 00:12:21 -0500 -Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations - -- Fix .ssh/config file mapping -- Move private key from nova-compute-ssh container to nova-compute - container. -- Map private and public keys to configmap-ssh which will default to - the appropriate file permissions. -- Add additional config to /etc/ssh/sshd_config to allow passwordless - root logins over appropriate subnet passed in from overrides. -- Remove chmods from sshd bash script as they are failing. - -Depends on helm-toolkit supporting multiple containers per daemonset -pod. - -Story: 2003463 -Task: 24723 -Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff -Signed-off-by: Gerry Kopec -(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d) -Signed-off-by: Robert Church ---- - nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++--- - nova/templates/configmap-etc.yaml | 4 ++-- - nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++ - nova/templates/daemonset-compute.yaml | 14 +++++++++----- - nova/values.yaml | 5 +++++ - 5 files changed, 67 insertions(+), 10 deletions(-) - create mode 100755 nova/templates/configmap-ssh.yaml - -diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl -index 1c10cb07..158090b0 100644 ---- a/nova/templates/bin/_ssh-start.sh.tpl -+++ b/nova/templates/bin/_ssh-start.sh.tpl -@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then - chown nova: ~nova/.ssh - fi - --chmod 0600 ~root/.ssh/authorized_keys --chmod 0600 ~root/.ssh/id_rsa --chmod 0600 ~root/.ssh/id_rsa.pub -+{{- if .Values.network.sshd.enabled }} -+subnet_address="{{- .Values.network.sshd.from_subnet -}}" -+cat > /tmp/sshd_config_extend <> /etc/ssh/sshd_config -+rm /tmp/sshd_config_extend -+{{- end }} - - exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT -diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml -index 55aa3114..0d1e7a5e 100644 ---- a/nova/templates/configmap-etc.yaml -+++ b/nova/templates/configmap-etc.yaml -@@ -232,8 +232,8 @@ data: - logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} - nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }} - {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }} --# FIXME(portdirect): why is this file suffixed .sh? --{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }} -+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }} -+ - {{- end }} - {{- end }} - {{- if .Values.manifests.configmap_etc }} -diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml -new file mode 100755 -index 00000000..bab8e330 ---- /dev/null -+++ b/nova/templates/configmap-ssh.yaml -@@ -0,0 +1,35 @@ -+{{/* -+Copyright 2019 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- define "nova.configmap.ssh" }} -+{{- $envAll := index . 1 }} -+{{- with $envAll }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: nova-ssh -+type: Opaque -+data: -+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }} -+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }} -+ -+{{- end }} -+{{- end }} -+ -+{{- if .Values.manifests.configmap_etc }} -+{{- list "nova-ssh" . | include "nova.configmap.ssh" }} -+{{- end }} -diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml -index 09627042..4a7b90b5 100644 ---- a/nova/templates/daemonset-compute.yaml -+++ b/nova/templates/daemonset-compute.yaml -@@ -258,6 +258,9 @@ spec: - mountPath: /root/.ssh/config - subPath: ssh-config - readOnly: true -+ - name: nova-ssh -+ mountPath: /root/.ssh/id_rsa -+ subPath: ssh-key-private - {{- if .Values.conf.ceph.enabled }} - - name: etcceph - mountPath: /etc/ceph -@@ -314,13 +317,10 @@ spec: - mountPath: /var/lib/nova - - name: varliblibvirt - mountPath: /var/lib/libvirt -- - name: nova-etc -- mountPath: /root/.ssh/id_rsa -- subPath: ssh-key-private -- - name: nova-etc -+ - name: nova-ssh - mountPath: /root/.ssh/id_rsa.pub - subPath: ssh-key-public -- - name: nova-etc -+ - name: nova-ssh - mountPath: /root/.ssh/authorized_keys - subPath: ssh-key-public - - name: nova-bin -@@ -336,6 +336,10 @@ spec: - secret: - secretName: {{ $configMapName }} - defaultMode: 0444 -+ - name: nova-ssh -+ secret: -+ secretName: nova-ssh -+ defaultMode: 0400 - {{- if .Values.conf.ceph.enabled }} - - name: etcceph - hostPath: -diff --git a/nova/values.yaml b/nova/values.yaml -index 7cb4d553..8599027a 100644 ---- a/nova/values.yaml -+++ b/nova/values.yaml -@@ -211,6 +211,9 @@ network: - ssh: - name: "nova-ssh" - port: 8022 -+ sshd: -+ enabled: false -+ from_subnet: 0.0.0.0/24 - - dependencies: - dynamic: -@@ -462,6 +465,8 @@ conf: - StrictHostKeyChecking no - UserKnownHostsFile /dev/null - Port {{ .Values.network.ssh.port }} -+ ssh_private: 'null' -+ ssh_public: 'null' - rally_tests: - run_tempest: false - tests: --- -2.16.5 - diff --git a/openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch b/openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch similarity index 95% rename from openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch rename to openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch index de0398eb..6e66796a 100644 --- a/openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch +++ b/openstack-helm/files/0004-Nova-chart-Support-ephemeral-pool-creation.patch @@ -1,7 +1,7 @@ From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001 From: Irina Mihai Date: Tue, 26 Feb 2019 17:43:53 +0000 -Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation +Subject: [PATCH 04] Nova chart: Support ephemeral pool creation If libvirt images_type is rbd, then we need to have the images_rbd_pool present. These changes add a new job @@ -17,14 +17,14 @@ Signed-off-by: Robert Church nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++ nova/templates/configmap-bin.yaml | 4 +- nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++ - nova/values.yaml | 18 ++++ - 4 files changed, 251 insertions(+), 1 deletion(-) + nova/values.yaml | 19 +++- + 4 files changed, 251 insertions(+), 2 deletions(-) create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl create mode 100644 nova/templates/job-storage-init.yaml diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl new file mode 100644 -index 00000000..f79fcff0 +index 0000000..f79fcff --- /dev/null +++ b/nova/templates/bin/_nova-storage-init.sh.tpl @@ -0,0 +1,75 @@ @@ -104,7 +104,7 @@ index 00000000..f79fcff0 +fi + diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml -index c58b90bd..268434fd 100644 +index c58b90b..268434f 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -1,5 +1,5 @@ @@ -125,7 +125,7 @@ index c58b90bd..268434fd 100644 cell-setup.sh: | diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml new file mode 100644 -index 00000000..7d057fb9 +index 0000000..7d057fb --- /dev/null +++ b/nova/templates/job-storage-init.yaml @@ -0,0 +1,155 @@ @@ -285,18 +285,18 @@ index 00000000..7d057fb9 +{{- end }} + diff --git a/nova/values.yaml b/nova/values.yaml -index 0887cecc..7245cf82 100644 +index 7ba2925..97ef1b5 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -87,6 +87,7 @@ images: nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3' - nova_spiceproxy: docker.io/openstackhelm/nova:ocata + nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata' + nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3' test: docker.io/xrally/xrally-openstack:1.3.0 image_repo_sync: docker.io/docker:17.07.0 local_registry: -@@ -461,6 +462,14 @@ conf: +@@ -556,6 +557,14 @@ conf: user: "cinder" keyring: null secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 @@ -311,7 +311,7 @@ index 0887cecc..7245cf82 100644 ssh: | Host * StrictHostKeyChecking no -@@ -1625,6 +1634,7 @@ secrets: +@@ -1797,6 +1806,7 @@ secrets: placement: placement: public: placement-tls-public @@ -319,10 +319,11 @@ index 0887cecc..7245cf82 100644 # typically overridden by environmental # values, but should include all endpoints -@@ -2239,6 +2249,13 @@ pod: +@@ -2482,7 +2492,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" +- + storage_init: + requests: + memory: "128Mi" @@ -330,10 +331,10 @@ index 0887cecc..7245cf82 100644 + limits: + memory: "1024Mi" + cpu: "2000m" - network_policy: nova: -@@ -2302,6 +2319,7 @@ manifests: + # TODO(lamt): Need to tighten this ingress for security. +@@ -2545,6 +2561,7 @@ manifests: job_ks_placement_service: true job_ks_placement_user: true job_cell_setup: true @@ -342,5 +343,5 @@ index 0887cecc..7245cf82 100644 pdb_placement: true pdb_osapi: true -- -2.16.5 +2.7.4 diff --git a/openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch b/openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch similarity index 79% rename from openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch rename to openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch index 100362b6..2d89230e 100644 --- a/openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch +++ b/openstack-helm/files/0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch @@ -1,7 +1,7 @@ From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001 From: Robert Church Date: Fri, 22 Mar 2019 03:42:08 -0400 -Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness +Subject: [PATCH 05] Nova: Add support for disabling Readiness/Liveness probes With the introduction of Readiness/Liveness probes in @@ -19,14 +19,14 @@ Signed-off-by: Robert Church nova/templates/deployment-novncproxy.yaml | 4 ++++ nova/templates/deployment-scheduler.yaml | 4 ++++ nova/templates/deployment-spiceproxy.yaml | 4 ++++ - nova/values.yaml | 27 +++++++++++++++++++++++++++ - 7 files changed, 51 insertions(+) + nova/values.yaml | 28 ++++++++++++++++++++++++++++ + 7 files changed, 52 insertions(+) diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml -index 4a7b90b5..f508b963 100644 +index feea6ab..86dc2b9 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml -@@ -181,6 +181,7 @@ spec: +@@ -190,6 +190,7 @@ spec: - name: LIBVIRT_CEPH_SECRET_UUID value: "{{ .Values.conf.ceph.secret_uuid }}" {{ end }} @@ -34,7 +34,7 @@ index 4a7b90b5..f508b963 100644 readinessProbe: exec: command: -@@ -193,6 +194,8 @@ spec: +@@ -202,6 +203,8 @@ spec: initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 @@ -43,7 +43,7 @@ index 4a7b90b5..f508b963 100644 livenessProbe: exec: command: -@@ -206,6 +209,7 @@ spec: +@@ -215,6 +218,7 @@ spec: initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 @@ -52,18 +52,18 @@ index 4a7b90b5..f508b963 100644 - /tmp/nova-compute.sh volumeMounts: diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml -index 1e66e419..33d41097 100644 +index f927afa..0caa006 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml -@@ -60,6 +60,7 @@ spec: +@@ -59,6 +59,7 @@ spec: + {{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - allowPrivilegeEscalation: false + {{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{- if .Values.pod.probes.readiness.nova_conductor.enabled }} readinessProbe: exec: command: -@@ -72,6 +73,8 @@ spec: +@@ -71,6 +72,8 @@ spec: initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 @@ -72,7 +72,7 @@ index 1e66e419..33d41097 100644 livenessProbe: exec: command: -@@ -85,6 +88,7 @@ spec: +@@ -84,6 +87,7 @@ spec: initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 @@ -81,18 +81,18 @@ index 1e66e419..33d41097 100644 - /tmp/nova-conductor.sh volumeMounts: diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml -index 75b66e79..31013eb7 100644 +index b9cb717..0f590e0 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml -@@ -60,6 +60,7 @@ spec: +@@ -59,6 +59,7 @@ spec: + {{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - allowPrivilegeEscalation: false + {{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }} readinessProbe: exec: command: -@@ -72,6 +73,8 @@ spec: +@@ -71,6 +72,8 @@ spec: initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 @@ -101,7 +101,7 @@ index 75b66e79..31013eb7 100644 livenessProbe: exec: command: -@@ -85,6 +88,7 @@ spec: +@@ -84,6 +87,7 @@ spec: initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 @@ -110,13 +110,13 @@ index 75b66e79..31013eb7 100644 - /tmp/nova-consoleauth.sh volumeMounts: diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml -index cf9fda02..2611ba80 100644 +index 42a52af..495c1ac 100644 --- a/nova/templates/deployment-novncproxy.yaml +++ b/nova/templates/deployment-novncproxy.yaml -@@ -94,14 +94,18 @@ spec: - - name: nova-novncproxy +@@ -103,14 +103,18 @@ spec: {{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + {{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }} readinessProbe: tcpSocket: @@ -133,13 +133,13 @@ index cf9fda02..2611ba80 100644 - /tmp/nova-console-proxy.sh ports: diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml -index 9611d950..0350c47c 100644 +index 05ee949..9a30fa6 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml -@@ -60,6 +60,7 @@ spec: +@@ -59,6 +59,7 @@ spec: + {{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - allowPrivilegeEscalation: false + {{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }} readinessProbe: exec: @@ -153,7 +153,7 @@ index 9611d950..0350c47c 100644 livenessProbe: exec: command: -@@ -85,6 +88,7 @@ spec: +@@ -86,6 +89,7 @@ spec: initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 @@ -162,13 +162,13 @@ index 9611d950..0350c47c 100644 - /tmp/nova-scheduler.sh volumeMounts: diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml -index 4507bde4..1b58ec98 100644 +index a221656..038c85c 100644 --- a/nova/templates/deployment-spiceproxy.yaml +++ b/nova/templates/deployment-spiceproxy.yaml -@@ -94,14 +94,18 @@ spec: - - name: nova-spiceproxy +@@ -101,14 +101,18 @@ spec: {{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + {{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }} readinessProbe: tcpSocket: @@ -185,10 +185,10 @@ index 4507bde4..1b58ec98 100644 - /tmp/nova-console-proxy.sh ports: diff --git a/nova/values.yaml b/nova/values.yaml -index 7245cf82..433ec3af 100644 +index 97ef1b5..4092329 100644 --- a/nova/values.yaml +++ b/nova/values.yaml -@@ -2256,6 +2256,33 @@ pod: +@@ -2499,6 +2499,34 @@ pod: limits: memory: "1024Mi" cpu: "2000m" @@ -219,9 +219,10 @@ index 7245cf82..433ec3af 100644 + enabled: true + nova_spiceproxy: + enabled: true - ++ network_policy: nova: + # TODO(lamt): Need to tighten this ingress for security. -- -2.16.5 +2.7.4 diff --git a/openstack-helm/files/0015-Add-Placement-Chart.patch b/openstack-helm/files/0006-Add-Placement-Chart.patch similarity index 100% rename from openstack-helm/files/0015-Add-Placement-Chart.patch rename to openstack-helm/files/0006-Add-Placement-Chart.patch diff --git a/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch b/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch deleted file mode 100644 index c83b15e0..00000000 --- a/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Fri, 22 Mar 2019 03:29:26 -0400 -Subject: [PATCH 07/11] Horizon: Disable apache2 status_module - -a2dismod is not present in the StarlingX httpd based images. Try -a2dismod first, then fail back to using sed to remove the module. - -Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6 -Signed-off-by: Robert Church ---- - horizon/templates/bin/_horizon.sh.tpl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl -index dec000f3..55a2c629 100644 ---- a/horizon/templates/bin/_horizon.sh.tpl -+++ b/horizon/templates/bin/_horizon.sh.tpl -@@ -28,7 +28,7 @@ function start () { - chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/ - - a2enmod rewrite -- a2dismod status -+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf - - if [ -f /etc/apache2/envvars ]; then - # Loading Apache2 ENV variables --- -2.16.5 - diff --git a/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch b/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch deleted file mode 100644 index 8490bd6f..00000000 --- a/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch +++ /dev/null @@ -1,224 +0,0 @@ -From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Fri, 22 Mar 2019 03:37:05 -0400 -Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness - probes - -With the introduction of Readiness/Liveness probes in -Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and -preventing successful armada manifest applies. - -Add support to disable the probes. - -Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569 -Signed-off-by: Robert Church ---- - neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++ - neutron/templates/daemonset-l3-agent.yaml | 4 ++++ - neutron/templates/daemonset-lb-agent.yaml | 4 ++++ - neutron/templates/daemonset-metadata-agent.yaml | 4 ++++ - neutron/templates/daemonset-ovs-agent.yaml | 4 ++++ - neutron/templates/daemonset-sriov-agent.yaml | 4 ++++ - neutron/values.yaml | 27 +++++++++++++++++++++++++ - 7 files changed, 51 insertions(+) - -diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml -index 49866f2a..6e1d2928 100644 ---- a/neutron/templates/daemonset-dhcp-agent.yaml -+++ b/neutron/templates/daemonset-dhcp-agent.yaml -@@ -66,6 +66,7 @@ spec: - {{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - privileged: true -+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }} - readinessProbe: - exec: - command: -@@ -80,6 +81,8 @@ spec: - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 65 -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }} - livenessProbe: - exec: - command: -@@ -95,6 +98,7 @@ spec: - initialDelaySeconds: 120 - periodSeconds: 90 - timeoutSeconds: 70 -+ {{- end }} - command: - - /tmp/neutron-dhcp-agent.sh - volumeMounts: -diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml -index 5e0ec194..29e0f3f7 100644 ---- a/neutron/templates/daemonset-l3-agent.yaml -+++ b/neutron/templates/daemonset-l3-agent.yaml -@@ -66,6 +66,7 @@ spec: - {{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - privileged: true -+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }} - readinessProbe: - exec: - command: -@@ -80,6 +81,8 @@ spec: - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 65 -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }} - livenessProbe: - exec: - command: -@@ -95,6 +98,7 @@ spec: - initialDelaySeconds: 120 - periodSeconds: 90 - timeoutSeconds: 70 -+ {{- end }} - command: - - /tmp/neutron-l3-agent.sh - volumeMounts: -diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml -index c2b432f7..685893d5 100644 ---- a/neutron/templates/daemonset-lb-agent.yaml -+++ b/neutron/templates/daemonset-lb-agent.yaml -@@ -140,12 +140,16 @@ spec: - privileged: true - command: - - /tmp/neutron-linuxbridge-agent.sh -+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }} - readinessProbe: - exec: - command: - - bash - - -c - - 'brctl show' -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }} -+ {{- end }} - volumeMounts: - - name: neutron-bin - mountPath: /tmp/neutron-linuxbridge-agent.sh -diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml -index 8e92a675..fba132ed 100644 ---- a/neutron/templates/daemonset-metadata-agent.yaml -+++ b/neutron/templates/daemonset-metadata-agent.yaml -@@ -87,6 +87,7 @@ spec: - {{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - privileged: true -+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }} - readinessProbe: - exec: - command: -@@ -99,6 +100,8 @@ spec: - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 35 -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }} - livenessProbe: - exec: - command: -@@ -112,6 +115,7 @@ spec: - initialDelaySeconds: 90 - periodSeconds: 60 - timeoutSeconds: 45 -+ {{- end }} - command: - - /tmp/neutron-metadata-agent.sh - volumeMounts: -diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml -index 56061e63..69ee1c2c 100644 ---- a/neutron/templates/daemonset-ovs-agent.yaml -+++ b/neutron/templates/daemonset-ovs-agent.yaml -@@ -154,6 +154,7 @@ spec: - privileged: true - command: - - /tmp/neutron-openvswitch-agent.sh -+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }} - # ensures this container can can see a br-int - # bridge before its marked as ready - readinessProbe: -@@ -162,6 +163,8 @@ spec: - - bash - - -c - - 'ovs-vsctl list-br | grep -q br-int' -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }} - livenessProbe: - exec: - command: -@@ -177,6 +180,7 @@ spec: - initialDelaySeconds: 120 - periodSeconds: 90 - timeoutSeconds: 70 -+ {{- end }} - volumeMounts: - - name: neutron-bin - mountPath: /tmp/neutron-openvswitch-agent.sh -diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml -index a59e4100..c03b3668 100644 ---- a/neutron/templates/daemonset-sriov-agent.yaml -+++ b/neutron/templates/daemonset-sriov-agent.yaml -@@ -129,6 +129,7 @@ spec: - privileged: true - command: - - /tmp/neutron-sriov-agent.sh -+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }} - readinessProbe: - exec: - command: -@@ -141,6 +142,9 @@ spec: - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 10 -+ {{- end }} -+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }} -+ {{- end }} - volumeMounts: - - name: neutron-bin - mountPath: /tmp/neutron-sriov-agent.sh -diff --git a/neutron/values.yaml b/neutron/values.yaml -index 5ab4ca12..1cc67b94 100644 ---- a/neutron/values.yaml -+++ b/neutron/values.yaml -@@ -520,6 +520,33 @@ pod: - limits: - memory: "1024Mi" - cpu: "2000m" -+ probes: -+ readiness: -+ dhcp_agent: -+ enabled: true -+ l3_agent: -+ enabled: true -+ lb_agent: -+ enabled: true -+ metadata_agent: -+ enabled: true -+ ovs_agent: -+ enabled: true -+ sriov_agent: -+ enabled: true -+ liveness: -+ dhcp_agent: -+ enabled: true -+ l3_agent: -+ enabled: true -+ lb_agent: -+ enabled: true -+ metadata_agent: -+ enabled: true -+ ovs_agent: -+ enabled: true -+ sriov_agent: -+ enabled: true - - conf: - rally_tests: --- -2.16.5 - diff --git a/openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch b/openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch deleted file mode 100644 index 05414d52..00000000 --- a/openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001 -From: Mingyuan Qi -Date: Thu, 11 Apr 2019 14:59:11 +0800 -Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image - -Current script does not consider centos distro as base image. -Different folder was checked to copy pxe files to tftpboot folder. - -Signed-off-by: Mingyuan Qi ---- - .../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++----- - 1 file changed, 20 insertions(+), 5 deletions(-) - -diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl -index b8c4c4c..5fe595f 100644 ---- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl -+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl -@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and - limitations under the License. - */}} - -+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu) -+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS) -+ - set -ex - --#NOTE(portdirect): this works round a limitation in Kolla images --if ! dpkg -l ipxe; then -- apt-get update -- apt-get install ipxe -y -+if [[ ! -z $DISTRO_UBUNTU ]]; then -+ #NOTE(portdirect): this works round a limitation in Kolla images -+ if ! dpkg -l ipxe; then -+ apt-get update -+ apt-get install ipxe -y -+ fi - fi - - mkdir -p /var/lib/openstack-helm/tftpboot - mkdir -p /var/lib/openstack-helm/tftpboot/master_images - --for FILE in undionly.kpxe ipxe.efi; do -+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do - if [ -f /usr/lib/ipxe/$FILE ]; then - cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot - fi -+ -+ # For CentOS -+ if [[ ! -z $DISTRO_CENTOS ]]; then -+ if [ -f /var/lib/tftpboot/$FILE ]; then -+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot -+ fi -+ if [ -f /usr/share/ipxe/$FILE ]; then -+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot -+ fi -+ fi - done --- -1.8.3.1 - diff --git a/openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch b/openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch deleted file mode 100644 index 2b0e0d2c..00000000 --- a/openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch +++ /dev/null @@ -1,82 +0,0 @@ -From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= -Date: Tue, 9 Apr 2019 10:37:46 +0200 -Subject: [PATCH 11/11] Use nova's ping method to find out if the service is - alive - -Currently there is fake rpc call "pod_health_probe_method_ignore_errors" -that is passed to the service, just to find out if it is responding. Because -such method does not exist, it is needed to catch and handle the exception -that is inevitably thrown by the service. - -While this is technically working correctly, the exceptions pollute the -log files and make it harder for user to see possible real errors. - -This is how the error looks like: - -ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors -ERROR oslo_messaging.rpc.server Traceback (most recent call last): -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming -ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) -ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch -ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method) -ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors - -This situation is new since https://review.openstack.org/#/c/639711/ -which (correctly) increased the default level of logging. Before 639711 -error messages from oslo (both real and ones that could be ignored) were not -present in nova logs at all. - -Fortunatelly, nova's BaseAPI class provides 'ping' method that is can -be used for this basic purpose by all nova components. - -Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3 ---- - nova/templates/bin/_health-probe.py.tpl | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl -index 6434e45..4c1aa45 100644 ---- a/nova/templates/bin/_health-probe.py.tpl -+++ b/nova/templates/bin/_health-probe.py.tpl -@@ -17,8 +17,8 @@ - """ - Health probe script for OpenStack service that uses RPC/unix domain socket for - communication. Check's the RPC tcp socket status on the process and send --message to service through rpc call method and expects a reply. It is expected --to receive failure from the service's RPC server as the method does not exist. -+message to service through rpc call method and expects a reply. -+Use nova's ping method that is designed just for such simple purpose. - - Script returns failure to Kubernetes only when - a. TCP socket for the RPC communication are not established. -@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when - sys.stderr.write() writes to pod's events on failures. - - Usage example for Nova Compute: --# python health-probe-rpc.py --config-file /etc/nova/nova.conf \ -+# python health-probe.py --config-file /etc/nova/nova.conf \ - # --service-queue-name compute - - """ -@@ -50,12 +50,15 @@ def check_service_status(transport): - """Verify service status. Return success if service consumes message""" - try: - target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name, -- server=socket.gethostname()) -+ server=socket.gethostname(), -+ namespace='baseapi', -+ version="1.1") - client = oslo_messaging.RPCClient(transport, target, - timeout=60, - retry=2) - client.call(context.RequestContext(), -- 'pod_health_probe_method_ignore_errors') -+ 'ping', -+ arg=None) - except oslo_messaging.exceptions.MessageDeliveryFailure: - # Log to pod events - sys.stderr.write("Health probe unable to reach message bus") --- -2.7.4 - diff --git a/openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch b/openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch deleted file mode 100644 index 318cd523..00000000 --- a/openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch +++ /dev/null @@ -1,307 +0,0 @@ -From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001 -From: Liang Fang -Date: Mon, 25 Mar 2019 10:29:42 -0400 -Subject: [PATCH 12/14] Add internal tenant id in conf - -Cinder raw cache feature requires internal tenant id be set in -/etc/cinder/cinder.conf, something like: - -cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c -cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef - -This patch get or create if not exist intenal user id and project id, and then -set in cinder.conf - -reference: Cinder cache feature: -https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html - -Story: 2004869 -Task: 29121 -Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea -Signed-off-by: Liang Fang -(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf) -Signed-off-by: Robert Church ---- - cinder/templates/bin/_cinder-volume.sh.tpl | 3 +- - .../bin/_create-internal-tenant-id.sh.tpl | 31 ++++++++ - .../bin/_retrieve-internal-tenant-id.sh.tpl | 32 +++++++++ - cinder/templates/configmap-bin.yaml | 4 ++ - cinder/templates/deployment-volume.yaml | 31 ++++++++ - cinder/templates/job-create-internal-tenant.yaml | 83 ++++++++++++++++++++++ - cinder/values.yaml | 4 ++ - 7 files changed, 187 insertions(+), 1 deletion(-) - create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl - create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl - create mode 100644 cinder/templates/job-create-internal-tenant.yaml - -diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl -index 64aa3828..a248f352 100644 ---- a/cinder/templates/bin/_cinder-volume.sh.tpl -+++ b/cinder/templates/bin/_cinder-volume.sh.tpl -@@ -19,4 +19,5 @@ limitations under the License. - set -ex - exec cinder-volume \ - --config-file /etc/cinder/cinder.conf \ -- --config-file /etc/cinder/conf/backends.conf -+ --config-file /etc/cinder/conf/backends.conf \ -+ --config-file /tmp/pod-shared/internal_tenant.conf -diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl -new file mode 100755 -index 00000000..10582564 ---- /dev/null -+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl -@@ -0,0 +1,31 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+ -+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ -+ --domain="${PROJECT_DOMAIN_ID}" \ -+ "${INTERNAL_PROJECT_NAME}"); -+ -+USER_ID=$(openstack user create --or-show --enable -f value -c id \ -+ --domain="${USER_DOMAIN_ID}" \ -+ --project-domain="${PROJECT_DOMAIN_ID}" \ -+ --project="${USER_PROJECT_ID}" \ -+ "${INTERNAL_USER_NAME}"); -+ -diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl -new file mode 100755 -index 00000000..b85f69fd ---- /dev/null -+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl -@@ -0,0 +1,32 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2019 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+ -+USER_PROJECT_ID=$(openstack project show -f value -c id \ -+ "${INTERNAL_PROJECT_NAME}"); -+ -+USER_ID=$(openstack user show -f value -c id \ -+ "${INTERNAL_USER_NAME}"); -+ -+tee /tmp/pod-shared/internal_tenant.conf < -Date: Tue, 28 May 2019 13:21:40 +0200 -Subject: [PATCH 13/14] cinder: allow configuring the rbd app name - -Instead of hardcoding it, let us override it with -custom values for normal volumes and backups - -Change-Id: I3abb343877abd0436c592a3371372f82ef581790 -(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc) -Signed-off-by: Robert Church ---- - cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +- - cinder/templates/bin/_storage-init.sh.tpl | 2 +- - cinder/templates/job-backup-storage-init.yaml | 2 ++ - cinder/templates/job-storage-init.yaml | 2 ++ - cinder/values.yaml | 4 ++++ - 5 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl -index 52c8e6bf..af9886ad 100644 ---- a/cinder/templates/bin/_backup-storage-init.sh.tpl -+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl -@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then - ceph osd pool set $1 nosizechange ${size_protection} - ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}" - } -- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup" -+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME} - - if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then - echo "Cephx user client.${RBD_POOL_USER} already exists" -diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl -index 9288ec5f..bbc31938 100644 ---- a/cinder/templates/bin/_storage-init.sh.tpl -+++ b/cinder/templates/bin/_storage-init.sh.tpl -@@ -41,7 +41,7 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then - ceph osd pool set $1 nosizechange ${size_protection} - ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}" - } -- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume" -+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME} - - if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then - echo "Cephx user client.${RBD_POOL_USER} already exist." -diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml -index a073940c..7b0e50e1 100644 ---- a/cinder/templates/job-backup-storage-init.yaml -+++ b/cinder/templates/job-backup-storage-init.yaml -@@ -109,6 +109,8 @@ spec: - {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} - - name: RBD_POOL_NAME - value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }} -+ - name: RBD_POOL_APP_NAME -+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }} - - name: RBD_POOL_USER - value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }} - - name: RBD_POOL_CRUSH_RULE -diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml -index 1d4819c2..27081816 100644 ---- a/cinder/templates/job-storage-init.yaml -+++ b/cinder/templates/job-storage-init.yaml -@@ -100,6 +100,8 @@ spec: - value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }} - - name: RBD_POOL_NAME - value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }} -+ - name: RBD_POOL_APP_NAME -+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }} - - name: RBD_POOL_USER - value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} - - name: RBD_POOL_CRUSH_RULE -diff --git a/cinder/values.yaml b/cinder/values.yaml -index 39027e9b..bef7b374 100644 ---- a/cinder/values.yaml -+++ b/cinder/values.yaml -@@ -302,6 +302,10 @@ ceph_client: - user_secret_name: pvc-ceph-client-key - - conf: -+ software: -+ rbd: -+ rbd_pool_app_name_backup: cinder-backup -+ rbd_pool_app_name: cinder-volume - paste: - composite:osapi_volume: - use: call:cinder.api:root_app_factory --- -2.16.5 - diff --git a/openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch b/openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch deleted file mode 100644 index 0ade8aad..00000000 --- a/openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch +++ /dev/null @@ -1,241 +0,0 @@ -From a5c47db5550926bcf2d4dbd5667ad74e00b2ed97 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Fri, 24 May 2019 02:43:15 -0400 -Subject: [PATCH 14/14] Cinder: Support backup driver specification by module - or class name - -During the Queens cycle, Cinder introduced the ability to specify the -backup driver via class name and deprecated backup driver initialization -using the module name. (Id6bee9e7d0da8ead224a04f86fe79ddfb5b286cf) - -Legacy support for initialization by module name was dropped in Stein. -(I3ada2dee1857074746b1893b82dd5f6641c6e579) - -This change will support both methods of initialization and leave the -driver defaults enabled for module based initialization (valid through -Rocky images). - -This change has been tested using the OSH default Cinder (Ocata) images -and StarlingX images based on master (Train). - -Change-Id: Iec7bc6f4dd089aaa08ca652bebd9a10ef49da556 -Signed-off-by: Robert Church ---- - cinder/templates/bin/_backup-storage-init.sh.tpl | 8 ++++---- - cinder/templates/configmap-etc.yaml | 2 +- - cinder/templates/deployment-backup.yaml | 16 ++++++++-------- - cinder/templates/job-backup-storage-init.yaml | 8 ++++---- - cinder/templates/job-clean.yaml | 4 ++-- - cinder/templates/pvc-backup.yaml | 2 +- - cinder/values.yaml | 4 ++++ - 7 files changed, 24 insertions(+), 20 deletions(-) - -diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl -index af9886ad..10069f17 100644 ---- a/cinder/templates/bin/_backup-storage-init.sh.tpl -+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl -@@ -17,7 +17,7 @@ limitations under the License. - */}} - - set -x --if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then -+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then - SECRET=$(mktemp --suffix .yaml) - KEYRING=$(mktemp --suffix .keyring) - function cleanup { -@@ -27,10 +27,10 @@ if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then - fi - - set -ex --if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.swift" ] || \ -- [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.posix" ]; then -+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.swift' ]] || \ -+ [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.posix' ]]; then - echo "INFO: no action required to use $STORAGE_BACKEND" --elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then -+elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then - ceph -s - function ensure_pool () { - ceph osd pool stats $1 || ceph osd pool create $1 $2 -diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml -index 5ed73db6..e13851ed 100644 ---- a/cinder/templates/configmap-etc.yaml -+++ b/cinder/templates/configmap-etc.yaml -@@ -63,7 +63,7 @@ limitations under the License. - {{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "glance_api_servers" -}} - {{- end -}} - --{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.swift" }} -+{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }} - {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_auth_version -}} - {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_auth_version" "3" -}} - {{- end -}} -diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml -index fdce03a9..bffd774c 100644 ---- a/cinder/templates/deployment-backup.yaml -+++ b/cinder/templates/deployment-backup.yaml -@@ -54,7 +54,7 @@ spec: - {{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }} - initContainers: - {{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-backup-keyring-placement - {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -98,7 +98,7 @@ spec: - subPath: key - readOnly: true - {{ end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }} -+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-backup-volume-perms - {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -150,7 +150,7 @@ spec: - mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }} - readOnly: true -- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} - - name: etcceph - mountPath: /etc/ceph - {{- if not .Values.backup.external_ceph_rbd.enabled }} -@@ -164,7 +164,7 @@ spec: - subPath: external-backup-ceph.conf - readOnly: true - {{- end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-backup-keyring - mountPath: /tmp/client-keyring - subPath: key -@@ -176,7 +176,7 @@ spec: - readOnly: true - {{- end }} - {{- end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }} -+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: cinder-backup - mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }} - {{- end }} -@@ -213,7 +213,7 @@ spec: - configMap: - name: cinder-bin - defaultMode: 0555 -- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} - - name: etcceph - emptyDir: {} - - name: ceph-etc -@@ -221,7 +221,7 @@ spec: - name: {{ .Values.ceph_client.configmap }} - defaultMode: 0444 - {{ end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-backup-keyring - secret: - secretName: {{ .Values.secrets.rbd.backup | quote }} -@@ -231,7 +231,7 @@ spec: - secret: - secretName: {{ .Values.secrets.rbd.volume | quote }} - {{ end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }} -+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: cinder-backup - persistentVolumeClaim: - claimName: cinder-backup -diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml -index 7b0e50e1..a43ba998 100644 ---- a/cinder/templates/job-backup-storage-init.yaml -+++ b/cinder/templates/job-backup-storage-init.yaml -@@ -67,7 +67,7 @@ spec: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: - {{ tuple $envAll "backup_storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-keyring-placement - {{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -106,7 +106,7 @@ spec: - fieldPath: metadata.namespace - - name: STORAGE_BACKEND - value: {{ .Values.conf.cinder.DEFAULT.backup_driver | quote }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: RBD_POOL_NAME - value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }} - - name: RBD_POOL_APP_NAME -@@ -129,7 +129,7 @@ spec: - mountPath: /tmp/backup-storage-init.sh - subPath: backup-storage-init.sh - readOnly: true -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: etcceph - mountPath: /etc/ceph - {{- if not .Values.backup.external_ceph_rbd.enabled }} -@@ -155,7 +155,7 @@ spec: - configMap: - name: cinder-bin - defaultMode: 0555 -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: etcceph - emptyDir: {} - - name: ceph-etc -diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml -index d85234ed..54fd41e7 100644 ---- a/cinder/templates/job-clean.yaml -+++ b/cinder/templates/job-clean.yaml -@@ -16,7 +16,7 @@ limitations under the License. - - {{- if .Values.manifests.job_clean }} - {{- $envAll := . }} --{{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} - - {{- $serviceAccountName := print "cinder-clean" }} - {{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -@@ -87,7 +87,7 @@ spec: - subPath: clean-secrets.sh - readOnly: true - {{ end }} -- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }} -+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: cinder-volume-backup-secret-clean - {{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} - {{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -diff --git a/cinder/templates/pvc-backup.yaml b/cinder/templates/pvc-backup.yaml -index b2e851dc..94d63d0e 100644 ---- a/cinder/templates/pvc-backup.yaml -+++ b/cinder/templates/pvc-backup.yaml -@@ -16,7 +16,7 @@ limitations under the License. - - {{- if .Values.manifests.pvc_backup }} - {{- $envAll := . }} --{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }} -+{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} - --- - kind: PersistentVolumeClaim - apiVersion: v1 -diff --git a/cinder/values.yaml b/cinder/values.yaml -index bef7b374..362f6918 100644 ---- a/cinder/values.yaml -+++ b/cinder/values.yaml -@@ -767,6 +767,10 @@ conf: - enabled_backends: "rbd1" - # NOTE(portdirect): "cinder.backup.drivers.ceph" and - # "cinder.backup.drivers.posix" also supported -+ # NOTE(rchurch): As of Stein, drivers by class name are required -+ # - cinder.backup.drivers.swift.SwiftBackupDriver -+ # - cinder.backup.drivers.ceph.CephBackupDriver -+ # - cinder.backup.drivers.posix.PosixBackupDriver - backup_driver: "cinder.backup.drivers.swift" - # Backup: Ceph RBD options - backup_ceph_conf: "/etc/ceph/ceph.conf" --- -2.16.5 - diff --git a/openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch b/openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch deleted file mode 100644 index d10d24c0..00000000 --- a/openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch +++ /dev/null @@ -1,229 +0,0 @@ -From 4e4a8197f90ba90c5bfbad02698ad351e7e92125 Mon Sep 17 00:00:00 2001 -From: Daniel Badea -Date: Wed, 12 Jun 2019 14:07:17 +0000 -Subject: [PATCH 1/2] Cinder rename is_ceph_volume configured - -When using multiple ceph backends there is more than -one ceph 'volume' configured. Rename template to -_has_ceph_backend. ---- - cinder/templates/deployment-backup.yaml | 8 +++---- - cinder/templates/deployment-volume.yaml | 6 +++--- - cinder/templates/job-clean.yaml | 4 ++-- - cinder/templates/job-storage-init.yaml | 8 +++---- - cinder/templates/utils/_has_ceph_backend.tpl | 25 ++++++++++++++++++++++ - .../templates/utils/_is_ceph_volume_configured.tpl | 25 ---------------------- - 6 files changed, 38 insertions(+), 38 deletions(-) - mode change 100644 => 100755 cinder/templates/deployment-backup.yaml - mode change 100644 => 100755 cinder/templates/deployment-volume.yaml - mode change 100644 => 100755 cinder/templates/job-clean.yaml - mode change 100644 => 100755 cinder/templates/job-storage-init.yaml - create mode 100644 cinder/templates/utils/_has_ceph_backend.tpl - delete mode 100644 cinder/templates/utils/_is_ceph_volume_configured.tpl - -diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml -old mode 100644 -new mode 100755 -index bffd774..74e38ba ---- a/cinder/templates/deployment-backup.yaml -+++ b/cinder/templates/deployment-backup.yaml -@@ -76,7 +76,7 @@ spec: - subPath: key - readOnly: true - {{ end }} -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: ceph-keyring-placement - {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -150,7 +150,7 @@ spec: - mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }} - readOnly: true -- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }} - - name: etcceph - mountPath: /etc/ceph - {{- if not .Values.backup.external_ceph_rbd.enabled }} -@@ -213,7 +213,7 @@ spec: - configMap: - name: cinder-bin - defaultMode: 0555 -- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }} - - name: etcceph - emptyDir: {} - - name: ceph-etc -@@ -226,7 +226,7 @@ spec: - secret: - secretName: {{ .Values.secrets.rbd.backup | quote }} - {{ end }} -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: ceph-keyring - secret: - secretName: {{ .Values.secrets.rbd.volume | quote }} -diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml -old mode 100644 -new mode 100755 -index 17902c0..a274d12 ---- a/cinder/templates/deployment-volume.yaml -+++ b/cinder/templates/deployment-volume.yaml -@@ -54,7 +54,7 @@ spec: - {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }} - initContainers: - {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: ceph-keyring-placement - {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -143,7 +143,7 @@ spec: - mountPath: /etc/cinder/conf/backends.conf - subPath: backends.conf - readOnly: true -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: etcceph - mountPath: /etc/ceph - - name: ceph-etc -@@ -194,7 +194,7 @@ spec: - secret: - secretName: cinder-etc - defaultMode: 0444 -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: etcceph - emptyDir: {} - - name: pod-shared -diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml -old mode 100644 -new mode 100755 -index 54fd41e..f0da8d4 ---- a/cinder/templates/job-clean.yaml -+++ b/cinder/templates/job-clean.yaml -@@ -16,7 +16,7 @@ limitations under the License. - - {{- if .Values.manifests.job_clean }} - {{- $envAll := . }} --{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }} -+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }} - - {{- $serviceAccountName := print "cinder-clean" }} - {{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -@@ -68,7 +68,7 @@ spec: - initContainers: - {{ tuple $envAll "clean" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: cinder-volume-rbd-secret-clean - {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} - {{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml -old mode 100644 -new mode 100755 -index 2708181..99128db ---- a/cinder/templates/job-storage-init.yaml -+++ b/cinder/templates/job-storage-init.yaml -@@ -65,7 +65,7 @@ spec: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: - {{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: ceph-keyring-placement - {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: -@@ -95,7 +95,7 @@ spec: - valueFrom: - fieldRef: - fieldPath: metadata.namespace -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: STORAGE_BACKEND - value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }} - - name: RBD_POOL_NAME -@@ -120,7 +120,7 @@ spec: - mountPath: /tmp/storage-init.sh - subPath: storage-init.sh - readOnly: true -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: etcceph - mountPath: /etc/ceph - - name: ceph-etc -@@ -139,7 +139,7 @@ spec: - configMap: - name: cinder-bin - defaultMode: 0555 -- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} -+ {{- if include "cinder.utils.has_ceph_backend" $envAll }} - - name: etcceph - emptyDir: {} - - name: ceph-etc -diff --git a/cinder/templates/utils/_has_ceph_backend.tpl b/cinder/templates/utils/_has_ceph_backend.tpl -new file mode 100644 -index 0000000..0ff7ae5 ---- /dev/null -+++ b/cinder/templates/utils/_has_ceph_backend.tpl -@@ -0,0 +1,25 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- define "cinder.utils.has_ceph_backend" -}} -+ {{- $has_ceph := false -}} -+ {{- range $_, $backend := .Values.conf.backends -}} -+ {{- if kindIs "map" $backend -}} -+ {{- $has_ceph = or $has_ceph (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}} -+ {{- end -}} -+ {{- end -}} -+ {{- $has_ceph -}} -+{{- end -}} -diff --git a/cinder/templates/utils/_is_ceph_volume_configured.tpl b/cinder/templates/utils/_is_ceph_volume_configured.tpl -deleted file mode 100644 -index 63f2a73..0000000 ---- a/cinder/templates/utils/_is_ceph_volume_configured.tpl -+++ /dev/null -@@ -1,25 +0,0 @@ --{{/* --Copyright 2017 The Openstack-Helm Authors. -- --Licensed under the Apache License, Version 2.0 (the "License"); --you may not use this file except in compliance with the License. --You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- --Unless required by applicable law or agreed to in writing, software --distributed under the License is distributed on an "AS IS" BASIS, --WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --See the License for the specific language governing permissions and --limitations under the License. --*/}} -- --{{- define "cinder.utils.is_ceph_volume_configured" -}} --{{- range $section, $values := .Values.conf.backends -}} --{{- if kindIs "map" $values -}} --{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}} --true --{{- end -}} --{{- end -}} --{{- end -}} --{{- end -}} --- -1.8.3.1 - diff --git a/openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch b/openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch deleted file mode 100644 index 2c3b7655..00000000 --- a/openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch +++ /dev/null @@ -1,305 +0,0 @@ -From 05919ef2fd1ffc24ca389e4d9ecb54bf621031bd Mon Sep 17 00:00:00 2001 -From: Daniel Badea -Date: Wed, 12 Jun 2019 15:03:43 +0000 -Subject: [PATCH 2/2] Cinder support multiple ceph volume backends - -Add support for multiple cinder volume ceph backends. ---- - cinder/templates/deployment-backup.yaml | 9 +++--- - cinder/templates/deployment-volume.yaml | 9 +++--- - cinder/templates/job-backup-storage-init.yaml | 2 +- - cinder/templates/job-storage-init.yaml | 28 +++++++++-------- - cinder/templates/utils/_ceph_backend_list.tpl | 36 ++++++++++++++++++++++ - .../templates/utils/_ceph_volume_section_name.tpl | 25 --------------- - cinder/templates/utils/_is_ceph_backend.tpl | 21 +++++++++++++ - cinder/values.yaml | 6 ++-- - 8 files changed, 86 insertions(+), 50 deletions(-) - create mode 100644 cinder/templates/utils/_ceph_backend_list.tpl - delete mode 100644 cinder/templates/utils/_ceph_volume_section_name.tpl - create mode 100644 cinder/templates/utils/_is_ceph_backend.tpl - -diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml -index 74e38ba..23b67fe 100755 ---- a/cinder/templates/deployment-backup.yaml -+++ b/cinder/templates/deployment-backup.yaml -@@ -76,8 +76,9 @@ spec: - subPath: key - readOnly: true - {{ end }} -- {{- if include "cinder.utils.has_ceph_backend" $envAll }} -- - name: ceph-keyring-placement -+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }} -+ {{- $backend := index $envAll.Values.conf.backends $name }} -+ - name: ceph-keyring-placement-{{$name}} - {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: 0 -@@ -85,7 +86,7 @@ spec: - - /tmp/ceph-keyring.sh - env: - - name: RBD_USER -- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} -+ value: {{ $backend.rbd_user | quote }} - volumeMounts: - - name: etcceph - mountPath: /etc/ceph -@@ -97,7 +98,7 @@ spec: - mountPath: /tmp/client-keyring - subPath: key - readOnly: true -- {{ end }} -+ {{- end }} - {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} - - name: ceph-backup-volume-perms - {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} -diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml -index a274d12..f791cfa 100755 ---- a/cinder/templates/deployment-volume.yaml -+++ b/cinder/templates/deployment-volume.yaml -@@ -54,8 +54,9 @@ spec: - {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }} - initContainers: - {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -- {{- if include "cinder.utils.has_ceph_backend" $envAll }} -- - name: ceph-keyring-placement -+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }} -+ {{- $backend := index $envAll.Values.conf.backends $name }} -+ - name: ceph-keyring-placement-{{$name}} - {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: 0 -@@ -63,7 +64,7 @@ spec: - - /tmp/ceph-keyring.sh - env: - - name: RBD_USER -- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} -+ value: {{ $backend.rbd_user | quote }} - volumeMounts: - - name: etcceph - mountPath: /etc/ceph -@@ -75,7 +76,7 @@ spec: - mountPath: /tmp/client-keyring - subPath: key - readOnly: true -- {{ end }} -+ {{- end }} - {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} - - name: ceph-coordination-volume-perms - {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }} -diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml -index a43ba99..f3a83a9 100644 ---- a/cinder/templates/job-backup-storage-init.yaml -+++ b/cinder/templates/job-backup-storage-init.yaml -@@ -110,7 +110,7 @@ spec: - - name: RBD_POOL_NAME - value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }} - - name: RBD_POOL_APP_NAME -- value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }} -+ value: {{ .Values.conf.ceph.pools.backup.app_name | quote }} - - name: RBD_POOL_USER - value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }} - - name: RBD_POOL_CRUSH_RULE -diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml -index 99128db..5635feb 100755 ---- a/cinder/templates/job-storage-init.yaml -+++ b/cinder/templates/job-storage-init.yaml -@@ -87,7 +87,9 @@ spec: - {{ end }} - {{ end }} - containers: -- - name: cinder-storage-init -+ {{- range $name, $backend := .Values.conf.backends }} -+ {{- if kindIs "map" $backend }} -+ - name: cinder-storage-init-{{$name}} - {{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} - {{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: -@@ -95,23 +97,23 @@ spec: - valueFrom: - fieldRef: - fieldPath: metadata.namespace -- {{- if include "cinder.utils.has_ceph_backend" $envAll }} -+ {{- if include "cinder.utils.is_ceph_backend" $backend }} - - name: STORAGE_BACKEND -- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }} -+ value: {{ $backend.volume_driver | quote }} - - name: RBD_POOL_NAME -- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }} -+ value: {{ $backend.rbd_pool | quote }} - - name: RBD_POOL_APP_NAME -- value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }} -+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).app_name | quote }} - - name: RBD_POOL_USER -- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} -+ value: {{ $backend.rbd_user | quote }} - - name: RBD_POOL_CRUSH_RULE -- value: {{ .Values.conf.ceph.pools.volume.crush_rule | quote }} -+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).crush_rule | quote }} - - name: RBD_POOL_REPLICATION -- value: {{ .Values.conf.ceph.pools.volume.replication | quote }} -+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).replication | quote }} - - name: RBD_POOL_CHUNK_SIZE -- value: {{ .Values.conf.ceph.pools.volume.chunk_size | quote }} -+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).chunk_size | quote }} - - name: RBD_POOL_SECRET -- value: {{ .Values.secrets.rbd.volume | quote }} -+ value: {{ $envAll.Values.secrets.rbd.volume | quote }} - {{- end }} - command: - - /tmp/storage-init.sh -@@ -120,20 +122,22 @@ spec: - mountPath: /tmp/storage-init.sh - subPath: storage-init.sh - readOnly: true -- {{- if include "cinder.utils.has_ceph_backend" $envAll }} -+ {{- if include "cinder.utils.is_ceph_backend" $backend }} - - name: etcceph - mountPath: /etc/ceph - - name: ceph-etc - mountPath: /etc/ceph/ceph.conf - subPath: ceph.conf - readOnly: true -- {{- if empty .Values.conf.ceph.admin_keyring }} -+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - - name: ceph-keyring - mountPath: /tmp/client-keyring - subPath: key - readOnly: true - {{- end }} - {{- end }} -+ {{- end }} -+ {{- end }} - volumes: - - name: cinder-bin - configMap: -diff --git a/cinder/templates/utils/_ceph_backend_list.tpl b/cinder/templates/utils/_ceph_backend_list.tpl -new file mode 100644 -index 0000000..bd681e6 ---- /dev/null -+++ b/cinder/templates/utils/_ceph_backend_list.tpl -@@ -0,0 +1,36 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- /* -+ Return string with all ceph backends separated by comma. The list -+ is either empty or it starts with a comma. Assuming "a", "b" and -+ "c" are ceph backends then ceph_backend_list returns ",a,b,c". -+ This means the first element in the returned list representation -+ can always be skipped. -+ -+ Usage: -+ range $name := rest (splitList include "cinder.utils.ceph_backend_list" $) -+*/ -}} -+{{- define "cinder.utils.ceph_backend_list" -}} -+ {{- range $name, $backend := .Values.conf.backends -}} -+ {{- if kindIs "map" $backend }} -+ {{- if (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}} -+ {{- "," -}} -+ {{- $name -}} -+ {{- end -}} -+ {{- end -}} -+ {{- end -}} -+{{- end -}} -diff --git a/cinder/templates/utils/_ceph_volume_section_name.tpl b/cinder/templates/utils/_ceph_volume_section_name.tpl -deleted file mode 100644 -index af16d6a..0000000 ---- a/cinder/templates/utils/_ceph_volume_section_name.tpl -+++ /dev/null -@@ -1,25 +0,0 @@ --{{/* --Copyright 2017 The Openstack-Helm Authors. -- --Licensed under the Apache License, Version 2.0 (the "License"); --you may not use this file except in compliance with the License. --You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- --Unless required by applicable law or agreed to in writing, software --distributed under the License is distributed on an "AS IS" BASIS, --WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --See the License for the specific language governing permissions and --limitations under the License. --*/}} -- --{{- define "cinder.utils.ceph_volume_section_name" -}} --{{- range $section, $values := .Values.conf.backends -}} --{{- if kindIs "map" $values -}} --{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}} --{{ $section }} --{{- end -}} --{{- end -}} --{{- end -}} --{{- end -}} -diff --git a/cinder/templates/utils/_is_ceph_backend.tpl b/cinder/templates/utils/_is_ceph_backend.tpl -new file mode 100644 -index 0000000..3d5c3be ---- /dev/null -+++ b/cinder/templates/utils/_is_ceph_backend.tpl -@@ -0,0 +1,21 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- define "cinder.utils.is_ceph_backend" -}} -+ {{- if kindIs "map" . -}} -+ {{- eq .volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}} -+ {{- end -}} -+{{- end -}} -diff --git a/cinder/values.yaml b/cinder/values.yaml -index 362f691..839f7fb 100644 ---- a/cinder/values.yaml -+++ b/cinder/values.yaml -@@ -302,10 +302,6 @@ ceph_client: - user_secret_name: pvc-ceph-client-key - - conf: -- software: -- rbd: -- rbd_pool_app_name_backup: cinder-backup -- rbd_pool_app_name: cinder-volume - paste: - composite:osapi_volume: - use: call:cinder.api:root_app_factory -@@ -745,10 +741,12 @@ conf: - replication: 3 - crush_rule: replicated_rule - chunk_size: 8 -+ app_name: cinder-backup - volume: - replication: 3 - crush_rule: replicated_rule - chunk_size: 8 -+ app_name: cinder-volume - cinder: - DEFAULT: - resource_query_filters_file: /etc/cinder/resource_filters.json --- -1.8.3.1 - diff --git a/openstack-helm/files/0018-Nova-add-service-token.patch b/openstack-helm/files/0018-Nova-add-service-token.patch deleted file mode 100644 index b4ac119a..00000000 --- a/openstack-helm/files/0018-Nova-add-service-token.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0ce54f2f141d24d1cf5795db8679039c67ffac50 Mon Sep 17 00:00:00 2001 -From: Gerry Kopec -Date: Tue, 25 Jun 2019 20:20:41 -0400 -Subject: [PATCH] Nova: add service token - -Add capability for nova to send service token. Default to disabled. -Config setup is similar to keystone_authtoken. - -Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3 -Signed-off-by: Gerry Kopec ---- - nova/templates/configmap-etc.yaml | 26 ++++++++++++++++++++++++++ - nova/values.yaml | 3 +++ - 2 files changed, 29 insertions(+) - -diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml -index 0d1e7a5..5446830 100644 ---- a/nova/templates/configmap-etc.yaml -+++ b/nova/templates/configmap-etc.yaml -@@ -52,6 +52,32 @@ limitations under the License. - {{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} - {{- end -}} - -+{{- if .Values.conf.nova.service_user.send_service_user_token -}} -+ -+{{- if empty .Values.conf.nova.service_user.auth_url -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.region_name -}} -+{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.project_name -}} -+{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.project_domain_name -}} -+{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.user_domain_name -}} -+{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.username -}} -+{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}} -+{{- end -}} -+{{- if empty .Values.conf.nova.service_user.password -}} -+{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}} -+{{- end -}} -+ -+{{- end -}} -+ - {{- if empty .Values.conf.nova.database.connection -}} - {{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}} - {{- end -}} -diff --git a/nova/values.yaml b/nova/values.yaml -index 433ec3a..ee00591 100644 ---- a/nova/values.yaml -+++ b/nova/values.yaml -@@ -1507,6 +1507,9 @@ conf: - auth_type: password - auth_version: v3 - memcache_security_strategy: ENCRYPT -+ service_user: -+ auth_type: password -+ send_service_user_token: false - libvirt: - connection_uri: "qemu+tcp://127.0.0.1/system" - images_type: qcow2 --- -1.8.3.1 - diff --git a/openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch b/openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch deleted file mode 100644 index 80ad8545..00000000 --- a/openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch +++ /dev/null @@ -1,141 +0,0 @@ -From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Tue, 9 Jul 2019 14:22:02 -0400 -Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints - -Signed-off-by: Angie Wang ---- - aodh/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++ - aodh/values.yaml | 12 ++++++++++++ - panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++ - panko/values.yaml | 12 ++++++++++++ - 4 files changed, 62 insertions(+) - create mode 100644 aodh/templates/secret-ingress-tls.yaml - create mode 100644 panko/templates/secret-ingress-tls.yaml - -diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml -new file mode 100644 -index 0000000..707b38c ---- /dev/null -+++ b/aodh/templates/secret-ingress-tls.yaml -@@ -0,0 +1,19 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_ingress_tls }} -+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }} -+{{- end }} -diff --git a/aodh/values.yaml b/aodh/values.yaml -index 90c9fac..cf7c6d7 100644 ---- a/aodh/values.yaml -+++ b/aodh/values.yaml -@@ -536,6 +536,10 @@ secrets: - oslo_messaging: - admin: aodh-rabbitmq-admin - aodh: aodh-rabbitmq-user -+ tls: -+ alarming: -+ api: -+ public: aodh-tls-public - - bootstrap: - enabled: false -@@ -598,6 +602,13 @@ endpoints: - public: aodh - host_fqdn_override: - default: null -+ # NOTE: this chart supports TLS for fqdn over-ridden public -+ # endpoints using the following format: -+ # public: -+ # host: null -+ # tls: -+ # crt: null -+ # key: null - path: - default: null - scheme: -@@ -696,5 +707,6 @@ manifests: - secret_db: true - secret_keystone: true - secret_rabbitmq: true -+ secret_ingress_tls: true - service_api: true - service_ingress_api: true -diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml -new file mode 100644 -index 0000000..9773f53 ---- /dev/null -+++ b/panko/templates/secret-ingress-tls.yaml -@@ -0,0 +1,19 @@ -+{{/* -+Copyright 2019 Wind River Systems, Inc. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_ingress_tls }} -+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }} -+{{- end }} -diff --git a/panko/values.yaml b/panko/values.yaml -index 7adefd0..3acaf06 100644 ---- a/panko/values.yaml -+++ b/panko/values.yaml -@@ -159,6 +159,10 @@ secrets: - oslo_db: - admin: panko-db-admin - panko: panko-db-user -+ tls: -+ event: -+ api: -+ public: panko-tls-public - - bootstrap: - enabled: false -@@ -374,6 +378,13 @@ endpoints: - public: panko - host_fqdn_override: - default: null -+ # NOTE: this chart supports TLS for fqdn over-ridden public -+ # endpoints using the following format: -+ # public: -+ # host: null -+ # tls: -+ # crt: null -+ # key: null - path: - default: null - scheme: -@@ -580,6 +591,7 @@ manifests: - pod_rally_test: true - secret_db: true - secret_keystone: true -+ secret_ingress_tls: true - service_api: true - service_ingress_api: true - --- -1.8.3.1 - diff --git a/openstack-helm/files/0020-Change-cinder-bootstrap-script.patch b/openstack-helm/files/0020-Change-cinder-bootstrap-script.patch deleted file mode 100644 index 4ef14ffe..00000000 --- a/openstack-helm/files/0020-Change-cinder-bootstrap-script.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 7de7cf2f14a58255d85149d08577dd63662aa6d9 Mon Sep 17 00:00:00 2001 -From: Teresa Ho -Date: Mon, 15 Jul 2019 10:30:58 -0400 -Subject: [PATCH] Change cinder bootstrap script - -This commit changes the cinder template bootstrap script -to use the openstack client instead of the cinder client -to list volume types. - -Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0 -Signed-off-by: Teresa Ho ---- - cinder/templates/bin/_bootstrap.sh.tpl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cinder/templates/bin/_bootstrap.sh.tpl b/cinder/templates/bin/_bootstrap.sh.tpl -index 6592d19..bd60fd8 100644 ---- a/cinder/templates/bin/_bootstrap.sh.tpl -+++ b/cinder/templates/bin/_bootstrap.sh.tpl -@@ -48,7 +48,7 @@ openstack volume type show {{ $name }} || \ - {{- end }} - - {{- /* Check volume type and properties were added */}} --cinder extra-specs-list -+openstack volume type list --long - - {{- end }} - --- -1.8.3.1 - diff --git a/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch b/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch deleted file mode 100644 index ff4a7194..00000000 --- a/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 6fba31f6ba8627c7314a46f5b54d59fd17858848 Mon Sep 17 00:00:00 2001 -From: zhipengl -Date: Wed, 4 Sep 2019 13:24:12 +0800 -Subject: [PATCH] Patch21: 0021-Add-config-network-item-for-novncproxy.patch - -Signed-off-by: zhipengl ---- - nova/templates/deployment-novncproxy.yaml | 2 ++ - nova/values.yaml | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml -index 2611ba8..1eebcfd 100644 ---- a/nova/templates/deployment-novncproxy.yaml -+++ b/nova/templates/deployment-novncproxy.yaml -@@ -52,8 +52,10 @@ spec: - {{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }} -+{{- if .Values.pod.useHostNetwork.novncproxy }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -+{{- end }} - initContainers: - {{ tuple $envAll "novncproxy" $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: nova-novncproxy-init -diff --git a/nova/values.yaml b/nova/values.yaml -index ee00591..db86621 100644 ---- a/nova/values.yaml -+++ b/nova/values.yaml -@@ -2050,6 +2050,8 @@ pod: - nova_spiceproxy: - volumeMounts: - volumes: -+ useHostNetwork: -+ novncproxy: true - replicas: - api_metadata: 1 - compute_ironic: 1 --- -1.8.3.1 -