From 7f9029b21fa0d84ee137fe26a4ede9d6600f0b97 Mon Sep 17 00:00:00 2001 From: Heitor Matsui Date: Fri, 8 Oct 2021 16:31:17 -0300 Subject: [PATCH] Decouple pci-irq-affinity-agent service This change is part of an initiative to decouple the pci-irq-affinity agent process from the platform by converting it into a resource to be deployed along with stx-openstack application. Depends-on: https://review.opendev.org/c/starlingx/utilities/+/814031 Story: 2009299 Task: 43656 Change-Id: Iefc1106e01cbfc874119e16b610e48a629771db1 Signed-off-by: Heitor Matsui --- .../armada/manifest_openstack.py | 5 +- .../k8sapp_openstack/common/constants.py | 3 +- .../helm/pci_irq_affinity_agent.py | 55 +++++++ .../k8sapp_openstack/setup.cfg | 1 + .../centos/stx-openstack-helm.spec | 1 + .../pci-irq-affinity-agent/Chart.yaml | 4 + .../pci-irq-affinity-agent/requirements.yaml | 10 ++ .../templates/bin/_health-probe.py.tpl | 85 +++++++++++ .../templates/bin/_patch_keyring.sh.tpl | 13 ++ .../templates/bin/_start.py.tpl | 20 +++ .../templates/bin/_start.sh.tpl | 11 ++ .../templates/configmap-bin.yaml | 26 ++++ .../templates/configmap-etc.yaml | 21 +++ .../templates/daemonset.yaml | 140 ++++++++++++++++++ .../pci-irq-affinity-agent/values.yaml | 122 +++++++++++++++ .../manifests/manifest.yaml | 40 +++++ 16 files changed, 555 insertions(+), 2 deletions(-) create mode 100644 python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/pci_irq_affinity_agent.py create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/Chart.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/requirements.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_health-probe.py.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_patch_keyring.sh.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.py.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.sh.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-bin.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-etc.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/daemonset.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/values.yaml diff --git a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/armada/manifest_openstack.py b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/armada/manifest_openstack.py index d2a95fdb..d56fe690 100644 --- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/armada/manifest_openstack.py +++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/armada/manifest_openstack.py @@ -1,6 +1,6 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # -# Copyright (c) 2019-2020 Wind River Systems, Inc. +# Copyright (c) 2019-2021 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -33,6 +33,7 @@ from k8sapp_openstack.helm.neutron import NeutronHelm from k8sapp_openstack.helm.nginx_ports_control import NginxPortsControlHelm from k8sapp_openstack.helm.nova import NovaHelm from k8sapp_openstack.helm.nova_api_proxy import NovaApiProxyHelm +from k8sapp_openstack.helm.pci_irq_affinity_agent import PciIrqAffinityAgentHelm from k8sapp_openstack.helm.openvswitch import OpenvswitchHelm from k8sapp_openstack.helm.panko import PankoHelm from k8sapp_openstack.helm.placement import PlacementHelm @@ -94,6 +95,7 @@ class OpenstackArmadaManifestOperator(base.ArmadaManifestOperator): NginxPortsControlHelm.CHART: CHART_GROUP_INGRESS_OS, NovaHelm.CHART: CHART_GROUP_COMPUTE_KIT, NovaApiProxyHelm.CHART: CHART_GROUP_COMPUTE_KIT, + PciIrqAffinityAgentHelm.CHART: CHART_GROUP_COMPUTE_KIT, OpenvswitchHelm.CHART: CHART_GROUP_COMPUTE_KIT, PankoHelm.CHART: CHART_GROUP_TELEMETRY, PlacementHelm.CHART: CHART_GROUP_COMPUTE_KIT, @@ -126,6 +128,7 @@ class OpenstackArmadaManifestOperator(base.ArmadaManifestOperator): NginxPortsControlHelm.CHART: 'openstack-nginx-ports-control', NovaHelm.CHART: 'openstack-nova', NovaApiProxyHelm.CHART: 'openstack-nova-api-proxy', + PciIrqAffinityAgentHelm.CHART: 'openstack-pci-irq-affinity-agent', OpenvswitchHelm.CHART: 'openstack-openvswitch', PankoHelm.CHART: 'openstack-panko', PSPRolebindingHelm.CHART: 'openstack-psp-rolebinding', diff --git a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py index 7b99d1f2..2ff02c5f 100644 --- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py +++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2020 Wind River Systems, Inc. +# Copyright (c) 2019-2021 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -29,6 +29,7 @@ HELM_CHART_NEUTRON = 'neutron' HELM_CHART_NGINX_PORTS_CONTROL = "nginx-ports-control" HELM_CHART_NOVA = 'nova' HELM_CHART_NOVA_API_PROXY = 'nova-api-proxy' +HELM_CHART_PCI_IRQ_AFFINITY_AGENT = 'pci-irq-affinity-agent' HELM_CHART_OPENVSWITCH = 'openvswitch' HELM_CHART_PANKO = 'panko' HELM_CHART_PLACEMENT = 'placement' diff --git a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/pci_irq_affinity_agent.py b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/pci_irq_affinity_agent.py new file mode 100644 index 00000000..52f55ad2 --- /dev/null +++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/pci_irq_affinity_agent.py @@ -0,0 +1,55 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from oslo_log import log as logging +from k8sapp_openstack.common import constants as app_constants +from k8sapp_openstack.helm import openstack + +from sysinv.common import exception +from sysinv.helm import common + +LOG = logging.getLogger(__name__) + + +class PciIrqAffinityAgentHelm(openstack.OpenstackBaseHelm): + """Class to encapsulate helm operations for the PCI IRQ affinity agent chart""" + + CHART = app_constants.HELM_CHART_PCI_IRQ_AFFINITY_AGENT + + def __init__(self, operator): + super(PciIrqAffinityAgentHelm, self).__init__(operator) + + def get_overrides(self, namespace=None): + overrides = { + common.HELM_NS_OPENSTACK: { + 'conf': { + 'endpoints': self._get_endpoints_overrides() + } + } + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides + + def _get_endpoints_overrides(self): + nova_oslo_messaging_data = self._get_endpoints_oslo_messaging_overrides( + 'nova', + ['nova'] + )['nova'] + + overrides = { + 'rabbit': { + 'rabbit_userid': nova_oslo_messaging_data['username'], + 'rabbit_password': nova_oslo_messaging_data['password'], + }, + } + + return overrides diff --git a/python-k8sapp-openstack/k8sapp_openstack/setup.cfg b/python-k8sapp-openstack/k8sapp_openstack/setup.cfg index 943a6c51..e1080a0a 100644 --- a/python-k8sapp-openstack/k8sapp_openstack/setup.cfg +++ b/python-k8sapp-openstack/k8sapp_openstack/setup.cfg @@ -62,6 +62,7 @@ systemconfig.helm_plugins.stx_openstack = 027_fm-rest-api = k8sapp_openstack.helm.fm_rest_api:FmRestApiHelm 028_dcdbsync = k8sapp_openstack.helm.dcdbsync:DcdbsyncHelm 029_openstack-psp-rolebinding = k8sapp_openstack.helm.psp_rolebinding:PSPRolebindingHelm + 030_pci-irq-affinity-agent = k8sapp_openstack.helm.pci_irq_affinity_agent:PciIrqAffinityAgentHelm systemconfig.armada.manifest_ops = stx-openstack = k8sapp_openstack.armada.manifest_openstack:OpenstackArmadaManifestOperator diff --git a/stx-openstack-helm/centos/stx-openstack-helm.spec b/stx-openstack-helm/centos/stx-openstack-helm.spec index 5152b90f..230aa21e 100644 --- a/stx-openstack-helm/centos/stx-openstack-helm.spec +++ b/stx-openstack-helm/centos/stx-openstack-helm.spec @@ -42,6 +42,7 @@ helm repo add local http://localhost:8879/charts # Make the charts. These produce a tgz file cd helm-charts make nova-api-proxy +make pci-irq-affinity-agent make garbd make keystone-api-proxy make fm-rest-api diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/Chart.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/Chart.yaml new file mode 100644 index 00000000..2641033d --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: PCI IRQ Affinity Agent +name: pci-irq-affinity-agent +version: 0.1.0 diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/requirements.yaml new file mode 100644 index 00000000..75783ab1 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/requirements.yaml @@ -0,0 +1,10 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: ">= 0.1.0" diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_health-probe.py.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_health-probe.py.tpl new file mode 100644 index 00000000..e35faf52 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_health-probe.py.tpl @@ -0,0 +1,85 @@ +#!/usr/bin/env python + +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +""" +Health probe script PCI IRQ Affinity Agent. + +Script returns failure to Kubernetes only when + a. Fails to call nova to get instances + +sys.stderr.write() writes to pod's events on failures. + +Usage example: +# python health-probe.py + +""" + +import json +import os +import signal +import sys + +import psutil + +from pci_irq_affinity.nova_provider import novaClient + + +def test_rabbit_connection(): + rabbit_ok = False + for p in psutil.process_iter(): + if 'python' in ' '.join(p.cmdline()): + conns = p.connections() + for c in conns: + if c.raddr[1] == 5672 and c.status == 'ESTABLISHED': + rabbit_ok = True + return rabbit_ok + + +def test_nova_availability(): + try: + novaClient.get_nova() + novaClient.get_instances({}) + except: + return False + return True + + +def check_pid_running(pid): + if psutil.pid_exists(int(pid)): + return True + else: + return False + + +if __name__ == "__main__": + if "liveness-probe" in ','.join(sys.argv): + pidfile = "/tmp/liveness.pid" # nosec + else: + pidfile = "/tmp/readiness.pid" # nosec + data = {} + if os.path.isfile(pidfile): + with open(pidfile, 'r') as f: + data = json.load(f) + if check_pid_running(data['pid']): + if data['exit_count'] > 1: + # Third time in, kill the previous process + os.kill(int(data['pid']), signal.SIGTERM) + sys.exit(1) + else: + data['exit_count'] = data['exit_count'] + 1 + with open(pidfile, 'w') as f: + json.dump(data, f) + sys.exit(0) + data['pid'] = os.getpid() + data['exit_count'] = 0 + with open(pidfile, 'w') as f: + json.dump(data, f) + if test_rabbit_connection() and test_nova_availability(): + sys.exit(0) # return success + else: + sys.exit(1) diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_patch_keyring.sh.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_patch_keyring.sh.tpl new file mode 100644 index 00000000..9936b8a9 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_patch_keyring.sh.tpl @@ -0,0 +1,13 @@ +#!/bin/bash + +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Script to patch the keyring library so that it allows automation +# by not asking for user input on the keyring password +# This 'change' was taken from the platform keyring library +KEYRING_LIB=$(find / -name file.py) +sed -i '/self.keyring_key *= *getpass.getpass(/,/)/s/^/#/;/self.keyring_key *= *getpass.getpass/i\ # TAKEN FROM PLATFORM KEYRING CODE\n\ self.keyring_key = "Please set a password for your new keyring: "' $KEYRING_LIB diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.py.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.py.tpl new file mode 100644 index 00000000..950eb713 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.py.tpl @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +""" +Startup script for PCI IRQ Affinity Agent. + +Usage example: +# python start.py + +""" + +from pci_irq_affinity import agent + +if __name__ == '__main__': + agent.process_main() diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.sh.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.sh.tpl new file mode 100644 index 00000000..2464e41b --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/bin/_start.sh.tpl @@ -0,0 +1,11 @@ +#!/bin/bash + +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Script to encapsulate the starting routines +sh -c /tmp/patch_keyring.sh +python /tmp/start.py diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-bin.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-bin.yaml new file mode 100644 index 00000000..e56afc9b --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-bin.yaml @@ -0,0 +1,26 @@ +{{/* +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $configMapName := "pci-irq-affinity-agent-bin" }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $configMapName }} +data: + start.py: | +{{ tuple "bin/_start.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + health-probe.py: | +{{ tuple "bin/_health-probe.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + patch_keyring.sh: | +{{ tuple "bin/_patch_keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-etc.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-etc.yaml new file mode 100644 index 00000000..9f93db41 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/configmap-etc.yaml @@ -0,0 +1,21 @@ +{{/* +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $configMapName := "pci-irq-affinity-agent-etc" }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $configMapName }} +type: Opaque +data: +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.template "key" "config.ini" "format" "Secret") | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.keyring "key" "keyringrc.cfg" "format" "Secret") | indent 2 }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/daemonset.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/daemonset.yaml new file mode 100644 index 00000000..67818faa --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/templates/daemonset.yaml @@ -0,0 +1,140 @@ +{{/* +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.daemonset }} +{{- $daemonset := "pci-irq-affinity-agent" }} +{{- $configMapName := "pci-irq-affinity-agent-etc" }} +{{- $binConfigMapName := "pci-irq-affinity-agent-bin" }} +{{- $envAll := . }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ $daemonset }} + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + nodeSelector: + {{ .Values.labels.agent.pci_irq_affinity_agent.node_selector_key }}: {{ .Values.labels.agent.pci_irq_affinity_agent.node_selector_value }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + containers: + - name: pci-irq-affinity-agent + image: {{ .Values.images.tags.pci_irq_affinity_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /tmp/start.sh + {{- if .Values.pod.probes.readiness.pci_irq_affinity_agent.enabled }} + env: + - name: COMPUTE_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: COMPUTE_PCI_DEVICES + value: {{ .Values.conf.host.mount_path.pci_devices }} + - name: COMPUTE_IRQ + value: {{ .Values.conf.host.mount_path.irq }} + readinessProbe: + exec: + command: + - python + - /tmp/health-probe.py + initialDelaySeconds: 30 + periodSeconds: 180 + timeoutSeconds: 165 + {{- end }} + {{- if .Values.pod.probes.liveness.pci_irq_affinity_agent.enabled }} + livenessProbe: + exec: + command: + - python + - /tmp/health-probe.py + - --liveness-probe + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 55 + {{- end }} + volumeMounts: + - name: {{ $configMapName }} + mountPath: /etc/pci_irq_affinity/config.ini + subPath: config.ini + readOnly: true + - name: {{ $configMapName }} + mountPath: /root/.local/share/python_keyring/keyringrc.cfg + subPath: keyringrc.cfg + readOnly: true + - name: keyring + mountPath: /root/.local/share/python_keyring/crypted_pass.cfg + readOnly: true + - name: libvirt-sock-ro + mountPath: /var/run/libvirt/libvirt-sock-ro + readOnly: true + - name: compute-pci-devices + mountPath: {{ .Values.conf.host.mount_path.pci_devices }} + readOnly: false + - name: compute-irq + mountPath: {{ .Values.conf.host.mount_path.irq }} + readOnly: false + - name: {{ $binConfigMapName }} + mountPath: /tmp/start.py + subPath: start.py + readOnly: true + - name: {{ $binConfigMapName }} + mountPath: /tmp/patch_keyring.sh + subPath: patch_keyring.sh + readOnly: true + - name: {{ $binConfigMapName }} + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: {{ $binConfigMapName }} + mountPath: /tmp/health-probe.py + subPath: health-probe.py + readOnly: true +{{- if .Values.manifests.certificates }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.pci_irq_affinity_agent.agent.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 10 }} +{{- end }} + volumes: + - name: {{ $configMapName }} + secret: + defaultMode: 0644 + secretName: {{ $configMapName }} + - name: keyring + hostPath: + path: /opt/platform/.keyring/21.12/python_keyring/crypted_pass.cfg # TODO (hmatsui): dynamically get version (e.g. 21.12) + type: File + - name: libvirt-sock-ro + hostPath: + path: /var/run/libvirt/libvirt-sock-ro + type: Socket + - name: compute-pci-devices + hostPath: + path: /sys/bus/pci/devices + type: Directory + - name: compute-irq + hostPath: + path: /proc/irq + type: Directory + - name: {{ $binConfigMapName }} + configMap: + defaultMode: 0555 + name: {{ $binConfigMapName }} +{{- if .Values.manifests.certificates }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.pci_irq_affinity_agent.agent.public | include "helm-toolkit.snippets.tls_volume" | indent 6 }} +{{- end }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/values.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/values.yaml new file mode 100644 index 00000000..a734c880 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/pci-irq-affinity-agent/values.yaml @@ -0,0 +1,122 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for pci-irq-affinity-agent. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +release_group: null + +images: + pull_policy: "IfNotPresent" + tags: + pci_irq_affinity_agent: docker.io/starlingx/stx-pci-irq-affinity-agent:master-centos-stable-latest + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + local_registry: + active: false + exclude: + - dep_check + +labels: + agent: + pci_irq_affinity_agent: + node_selector_key: openstack-compute-node + node_selector_value: enabled + +dependencies: + static: + pci_irq_affinity_agent: + services: + - endpoint: internal + service: keystone + - endpoint: internal + service: rabbitmq + - endpoint: internal + service: nova + +pod: + security_context: + pci_irq_affinity_agent: + pod: + runAsUser: 0 + container: + readOnlyRootFilesystem: true + probes: + readiness: + pci_irq_affinity_agent: + enabled: true + liveness: + pci_irq_affinity_agent: + enabled: true + +conf: + endpoints: + identity: + name: keystone + auth: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + cacert: /etc/ssl/certs/openstack-helm.crt + keystone: + openstack_enabled: True + openstack_auth_protocol: http + openstack_auth_host: keystone.openstack.svc.cluster.local + openstack_auth_port: 80 + openstack_keyring_service: CGCS + rabbit: + rabbit_host: rabbitmq.openstack.svc.cluster.local + rabbit_port: 5672 + rabbit_userid: nova + rabbit_password: password + rabbit_virtual_host: nova + template: | + [openstack] + openstack_enabled={{ .Values.conf.endpoints.keystone.openstack_enabled }} + username={{ .Values.conf.endpoints.identity.auth.admin.username }} + tenant={{ .Values.conf.endpoints.identity.auth.admin.username }} + authorization_protocol={{ .Values.conf.endpoints.keystone.openstack_auth_protocol }} + authorization_ip={{ .Values.conf.endpoints.keystone.openstack_auth_host }} + authorization_port={{ .Values.conf.endpoints.keystone.openstack_auth_port }} + user_domain_name={{ .Values.conf.endpoints.identity.auth.admin.user_domain_name }} + project_domain_name={{ .Values.conf.endpoints.identity.auth.admin.project_domain_name}} + project_name={{ .Values.conf.endpoints.identity.auth.admin.project_name }} + keyring_service={{ .Values.conf.endpoints.keystone.openstack_keyring_service }} + auth_url={{ .Values.conf.endpoints.keystone.openstack_auth_protocol }}://{{ .Values.conf.endpoints.keystone.openstack_auth_host }}/v3 + {{- if .Values.manifests.certificates }} + cacert={{ .Values.conf.endpoints.identity.auth.admin.cacert }} + {{- end }} + + [amqp] + host={{ .Values.conf.endpoints.rabbit.rabbit_host }} + port={{ .Values.conf.endpoints.rabbit.rabbit_port }} + user_id={{ .Values.conf.endpoints.rabbit.rabbit_userid }} + password={{ .Values.conf.endpoints.rabbit.rabbit_password }} + virt_host={{ .Values.conf.endpoints.rabbit.rabbit_virtual_host }} + keyring: | + [backend] + default-keyring=keyrings.alt.file.EncryptedKeyring + host: + mount_path: + pci_devices: /compute/sys/bus/pci/devices + irq: /compute/proc/irq + +secrets: + tls: + pci_irq_affinity_agent: + agent: + public: nova-tls-public + +tolerations: [] + +manifests: + certificates: false + configmap_bin: true + configmap_etc: true + daemonset: true diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index 965ffd87..4374c066 100644 --- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -1393,6 +1393,45 @@ data: - helm-toolkit --- schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-pci-irq-affinity-agent +data: + chart_name: pci-irq-affinity-agent + release: openstack-pci-irq-affinity-agent + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-pci-irq-affinity-agent + test: + enabled: false + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + release_group: osh-openstack-pci-irq-affinity-agent + values: + images: + tags: + pci_irq_affinity_agent: docker.io/starlingx/stx-pci-irq-affinity-agent:master-centos-stable-latest + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + source: + type: tar + location: http://172.17.0.1/helm_charts/starlingx/pci-irq-affinity-agent-0.1.0.tgz + subpath: pci-irq-affinity-agent + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: openstack-neutron @@ -3924,6 +3963,7 @@ data: - openstack-libvirt - openstack-nova - openstack-nova-api-proxy + - openstack-pci-irq-affinity-agent - openstack-neutron - openstack-placement ---