Fix neutron deployment with https configured
After the OSH upversion to caracal, a new pod was being deployed in the controller for Neutron. The rpc server was added as part of the Neutron Helm chart deployment. The problem was that the patches 0007 and 0008 from OSH, was removing some information related to TLS and, because this is a new template, the rpc-server was not included in this cleanup. This review adds the rpc-server to the list of templates that are being cleaned by patches 0007 and 0008. Test Plan: PASS - Build OSH and STX-O tarball PASS - Deploy STX-O in a system with https enabled PASS - Neutron rpc-server pod is running PASS - Create Networks and launch a VM Closes-Bug: #2103801 Change-Id: I84140bbd957ca07a0a53cde2bf58e0ededdb914d Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
This commit is contained in:
Daniel Caires
committed by
Daniel Marques Caires
Daniel Marques Caires
parent
4c77b730a1
commit
8709072253
@ -18,6 +18,8 @@ Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
|
||||
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
|
||||
[ Upversioned openstack-helm base commit to Caracal ]
|
||||
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
|
||||
[ Add changes to rpc-server deployment ]
|
||||
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
|
||||
Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
|
||||
---
|
||||
cinder/templates/bin/_cinder-api.sh.tpl | 40 -----------
|
||||
@ -73,6 +75,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
|
||||
keystone/templates/pod-rally-test.yaml | 16 ++---
|
||||
neutron/templates/certificates.yaml | 17 -----
|
||||
.../templates/daemonset-metadata-agent.yaml | 4 +-
|
||||
neutron/templates/deployment-rpc_server.yaml | 4 +-
|
||||
neutron/templates/deployment-server.yaml | 70 +------------------
|
||||
neutron/templates/ingress-server.yaml | 4 --
|
||||
neutron/templates/job-bootstrap.yaml | 2 +-
|
||||
@ -107,7 +110,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
|
||||
placement/templates/job-ks-endpoints.yaml | 2 +-
|
||||
placement/templates/job-ks-service.yaml | 2 +-
|
||||
placement/templates/job-ks-user.yaml | 2 +-
|
||||
87 files changed, 127 insertions(+), 712 deletions(-)
|
||||
88 files changed, 129 insertions(+), 714 deletions(-)
|
||||
delete mode 100644 cinder/templates/certificates.yaml
|
||||
delete mode 100644 glance/templates/certificates.yaml
|
||||
delete mode 100644 heat/templates/certificates.yaml
|
||||
@ -1443,6 +1446,28 @@ index fc9a75ee..4625765a 100644
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
diff --git a/neutron/templates/deployment-rpc_server.yaml b/neutron/templates/deployment-rpc_server.yaml
|
||||
index 1866e21e..a8a111d7 100644
|
||||
--- a/neutron/templates/deployment-rpc_server.yaml
|
||||
+++ b/neutron/templates/deployment-rpc_server.yaml
|
||||
@@ -194,7 +194,7 @@ spec:
|
||||
subPath: policy.yaml
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_rpc_server.volumeMounts }}{{ toYaml $mounts_neutron_rpc_server.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
@@ -221,7 +221,7 @@ spec:
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_rpc_server.volumes }}{{ toYaml $mounts_neutron_rpc_server.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
|
||||
index b6b634d2..6b236a33 100644
|
||||
--- a/neutron/templates/deployment-server.yaml
|
||||
@ -2330,4 +2355,5 @@ index 056938bd..02602c15 100644
|
||||
{{- if .Values.helm3_hook }}
|
||||
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
|
||||
--
|
||||
2.34.1
|
||||
2.34.1
|
||||
|
||||
|
||||
@ -12,6 +12,8 @@ Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
|
||||
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
|
||||
[ Upversioned openstack-helm base commit to Caracal ]
|
||||
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
|
||||
[ Add changes to rpc-server deployment ]
|
||||
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
|
||||
Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
|
||||
---
|
||||
cinder/templates/configmap-etc.yaml | 4 ----
|
||||
@ -71,6 +73,7 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
|
||||
neutron/templates/daemonset-ovs-agent.yaml | 2 --
|
||||
neutron/templates/daemonset-sriov-agent.yaml | 2 --
|
||||
neutron/templates/deployment-ironic-agent.yaml | 2 --
|
||||
neutron/templates/deployment-rpc_server.yaml | 4 ----
|
||||
neutron/templates/deployment-server.yaml | 4 ----
|
||||
neutron/templates/job-db-drop.yaml | 3 ---
|
||||
neutron/templates/job-db-init.yaml | 3 ---
|
||||
@ -102,7 +105,7 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
|
||||
placement/templates/job-db-init.yaml | 3 ---
|
||||
placement/templates/job-db-sync.yaml | 5 +----
|
||||
placement/templates/secret-db.yaml | 4 ----
|
||||
88 files changed, 3 insertions(+), 315 deletions(-)
|
||||
89 files changed, 3 insertions(+), 319 deletions(-)
|
||||
|
||||
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
|
||||
index 1a26cc4f..2e83f374 100644
|
||||
@ -1128,6 +1131,29 @@ index 014c9adf..90d95d19 100644
|
||||
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
diff --git a/neutron/templates/deployment-rpc_server.yaml b/neutron/templates/deployment-rpc_server.yaml
|
||||
index a8a111d7..ca0cab62 100644
|
||||
--- a/neutron/templates/deployment-rpc_server.yaml
|
||||
+++ b/neutron/templates/deployment-rpc_server.yaml
|
||||
@@ -193,9 +193,7 @@ spec:
|
||||
mountPath: /etc/neutron/policy.yaml
|
||||
subPath: policy.yaml
|
||||
readOnly: true
|
||||
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_rpc_server.volumeMounts }}{{ toYaml $mounts_neutron_rpc_server.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@@ -220,8 +218,6 @@ spec:
|
||||
- name: neutron-plugin-shared
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_rpc_server.volumes }}{{ toYaml $mounts_neutron_rpc_server.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
|
||||
index 6b236a33..f8a2492b 100644
|
||||
--- a/neutron/templates/deployment-server.yaml
|
||||
@ -1687,4 +1713,5 @@ index 0e9214c4..44797b85 100644
|
||||
{{- end }}
|
||||
-{{- end }}
|
||||
--
|
||||
2.34.1
|
||||
2.34.1
|
||||
|
||||
|
||||
Reference in New Issue
Block a user