starlingx
/
openstack-armada-app
Code Issues Proposed changes

Merge select content originating from repo 'stx-upstream' 

Change-Id: Id9e1fb51f303925b09fe006c76dc413d278d5776
Signed-off-by: Scott Little <scott.little@windriver.com>
This commit is contained in:
Scott Little 2019-09-04 10:10:56 -04:00
parent fad9e95f71 b1234fb0a8
commit c2182633ab
38 changed files with 7126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openstack-helm-infra/Readme.rst Normal file
View File

@ -0,0 +1,8 @@
This repo is for https://github.com/openstack/openstack-helm-infra
Changes to this repo are needed for StarlingX and those changes are
not yet merged.
Rather than clone and diverge the repo, the repo is extracted at a particular
git SHA, and patches are applied on top.
As those patches are merged, the SHA can be updated and the local patches removed.

8
openstack-helm-infra/centos/build_srpm.data Normal file
View File

@ -0,0 +1,8 @@
TAR_NAME=openstack-helm-infra
SHA=aae64213c95fbcea7a0a7671dcb9d8a366f16fa5
VERSION=1.0.0
TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
TIS_PATCH_VER=14

88
openstack-helm-infra/centos/openstack-helm-infra.spec Normal file
View File

@ -0,0 +1,88 @@
%global sha aae64213c95fbcea7a0a7671dcb9d8a366f16fa5
%global helm_folder /usr/lib/helm
Summary: Openstack-Helm-Infra charts
Name: openstack-helm-infra
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: https://github.com/openstack/openstack-helm-infra
Source0: %{name}-%{sha}.tar.gz
Source1: repositories.yaml
BuildArch: noarch
Patch01: 0001-Allow-multiple-containers-per-daemonset-pod.patch
Patch02: 0002-Add-imagePullSecrets-in-service-account.patch
Patch03: 0003-Set-Min-NGINX-handles.patch
Patch04: 0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
Patch05: 0005-Add-a-configmap-for-ingress-controller-config.patch
Patch06: 0006-Add-TLS-support-for-Gnocchi-public-endpoint.patch
Patch07: 0007-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch
Patch08: 0008-Add-io_thread_pool-for-rabbitmq.patch
Patch09: 0009-Enable-override-of-rabbitmq-probe-parameters.patch
BuildRequires: helm
%description
Openstack Helm Infra charts
%prep
%setup -n openstack-helm-infra
%patch01 -p1
%patch02 -p1
%patch03 -p1
%patch04 -p1
%patch05 -p1
%patch06 -p1
%patch07 -p1
%patch08 -p1
%patch09 -p1
%build
# initialize helm and build the toolkit
# helm init --client-only does not work if there is no networking
# The following commands do essentially the same as: helm init
%define helm_home %{getenv:HOME}/.helm
mkdir %{helm_home}
mkdir %{helm_home}/repository
mkdir %{helm_home}/repository/cache
mkdir %{helm_home}/repository/local
mkdir %{helm_home}/plugins
mkdir %{helm_home}/starters
mkdir %{helm_home}/cache
mkdir %{helm_home}/cache/archive
# Stage a repository file that only has a local repo
cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
# Host a server for the charts
helm serve /tmp/charts --address localhost:8879 --url http://localhost:8879/charts &
helm repo rm local
helm repo add local http://localhost:8879/charts
# Make the charts. These produce tgz files
make helm-toolkit
make gnocchi
make ingress
make libvirt
make mariadb
make memcached
make openvswitch
make rabbitmq
make ceph-rgw
# terminate helm server (the last backgrounded task)
kill %1
%install
install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder}
install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder}
%files
%dir %attr(0755,root,root) %{helm_folder}
%defattr(-,root,root,-)
%{helm_folder}/*

40
openstack-helm-infra/files/0001-Allow-multiple-containers-per-daemonset-pod.patch Normal file
View File

@ -0,0 +1,40 @@
From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 9 Jan 2019 20:11:33 -0500
Subject: [PATCH 1/4] Allow multiple containers per daemonset pod
Remove code that restricted daemonset pods to single containers.
Container names will default to name from helm chart template.
Required for nova cold migrations to work.
Story: 2003876
Task: 26735
Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 -------
1 file changed, 7 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index 743bd6b..c02de9e 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -223,13 +223,6 @@ limitations under the License.
{{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }}
{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }}
- {{/* set container name
- assume not more than one container is defined */}}
- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }}
- {{- $_ := set $container "name" $current_dict.dns_1123_name }}
- {{- $cont_list := list $container }}
- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }}
-
{{/* cross-reference configmap name to container volume definitions */}}
{{- $_ := set $context.Values "__volume_list" list }}
{{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }}
--
2.16.5

26
openstack-helm-infra/files/0002-Add-imagePullSecrets-in-service-account.patch Normal file
View File

@ -0,0 +1,26 @@
From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Mon, 11 Feb 2019 11:29:03 -0500
Subject: [PATCH 2/4] Add imagePullSecrets in service account
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index b4cf1a6..2f4113b 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -44,6 +44,8 @@ kind: ServiceAccount
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+imagePullSecrets:
+ - name: default-registry-key
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
--
2.16.5

28
openstack-helm-infra/files/0003-Set-Min-NGINX-handles.patch Normal file
View File

@ -0,0 +1,28 @@
From 93ec2454cba41bf3de1419bada1f145f1ca9dbd9 Mon Sep 17 00:00:00 2001
From: Al Bailey <Al.Bailey@windriver.com>
Date: Wed, 20 Feb 2019 13:56:27 -0600
Subject: [PATCH 3/4] Set Min NGINX handles
Signed-off-by: Robert Church <robert.church@windriver.com>
---
mariadb/files/nginx.tmpl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
index 5ec3d0d..07b7cc5 100644
--- a/mariadb/files/nginx.tmpl
+++ b/mariadb/files/nginx.tmpl
@@ -23,7 +23,9 @@ daemon off;
worker_processes {{ $cfg.WorkerProcesses }};
pid /run/nginx.pid;
-{{ if ne .MaxOpenFiles 0 }}
+{{ if lt .MaxOpenFiles 2048 }}
+worker_rlimit_nofile 2048;
+{{else}}
worker_rlimit_nofile {{ .MaxOpenFiles }};
{{ end }}
--
2.16.5

65
openstack-helm-infra/files/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch Normal file
View File

@ -0,0 +1,65 @@
From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Mon, 8 Apr 2019 02:12:39 -0400
Subject: [PATCH 4/4] Partial revert of
31e3469d28858d7b5eb6355e88b6f49fd62032be
Suspect that new use of mergeOverwrite vs. merge is breaking the
per-host DaemonSet overrides.
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index c02de9e..ef52592 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -48,10 +48,10 @@ limitations under the License.
{{/* apply overrides */}}
{{- $override_conf_copy := $host_data.conf }}
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $current_dict "nodeData" $root_conf_copy4 }}
@@ -87,10 +87,10 @@ limitations under the License.
{{/* apply overrides */}}
{{- $override_conf_copy := $label_data.conf }}
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }}
@@ -185,7 +185,7 @@ limitations under the License.
{{- $root_conf_copy1 := omit $context.Values.conf "overrides" }}
{{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }}
@@ -196,7 +196,7 @@ limitations under the License.
{{- range $current_dict := $context.Values.__daemonset_list }}
{{- $context_novalues := omit $context "Values" }}
- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }}
+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }}
{{- $_ := set $current_dict "nodeData" $merged_dict }}
{{/* Deep copy original daemonset_yaml */}}
{{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }}
--
2.16.5

82
openstack-helm-infra/files/0005-Add-a-configmap-for-ingress-controller-config.patch Normal file
View File

@ -0,0 +1,82 @@
From 9fd9b6276bfd41a01c73321e141ef1d14fcdd15c Mon Sep 17 00:00:00 2001
From: Yi Wang <yi.c.wang@intel.com>
Date: Fri, 17 May 2019 14:56:04 +0800
Subject: [PATCH] Add a configmap for ingress controller config
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
---
.../bin/_mariadb-ingress-controller.sh.tpl | 1 +
mariadb/templates/configmap-ingress-conf.yaml | 27 +++++++++++++++++++
mariadb/values.yaml | 3 +++
3 files changed, 31 insertions(+)
create mode 100755 mariadb/templates/configmap-ingress-conf.yaml
diff --git a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
index af6e0c0..f214ec3 100644
--- a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
+++ b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
@@ -27,6 +27,7 @@ function start () {
--election-id=${RELEASE_NAME} \
--ingress-class=${INGRESS_CLASS} \
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
+ --configmap=${POD_NAMESPACE}/mariadb-ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp
}
diff --git a/mariadb/templates/configmap-ingress-conf.yaml b/mariadb/templates/configmap-ingress-conf.yaml
new file mode 100755
index 0000000..64ffdd1
--- /dev/null
+++ b/mariadb/templates/configmap-ingress-conf.yaml
@@ -0,0 +1,27 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_ingress_conf }}
+{{- $envAll := . }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mariadb-ingress-conf
+data:
+{{ toYaml .Values.conf.ingress_conf | indent 2 }}
+{{- end }}
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
index c0a928e..ca9788b 100644
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@@ -200,6 +200,8 @@ jobs:
conf:
ingress: null
+ ingress_conf:
+ worker-processes: "auto"
backup:
enabled: true
base_path: /var/backup
@@ -322,6 +324,7 @@ network_policy:
manifests:
configmap_bin: true
configmap_etc: true
+ configmap_ingress_conf: true
configmap_services_tcp: true
deployment_error: true
deployment_ingress: true
--
2.17.1

77
openstack-helm-infra/files/0006-Add-TLS-support-for-Gnocchi-public-endpoint.patch Normal file
View File

@ -0,0 +1,77 @@
From e2e9b3c707599b4074ebf504f6a2fa5c185481e2 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Tue, 9 Jul 2019 13:37:29 -0400
Subject: [PATCH 1/1] Add TLS support for Gnocchi public endpoint
Signed-off-by: Angie Wang <angie.wang@windriver.com>
---
gnocchi/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
gnocchi/values.yaml | 12 ++++++++++++
2 files changed, 31 insertions(+)
create mode 100644 gnocchi/templates/secret-ingress-tls.yaml
diff --git a/gnocchi/templates/secret-ingress-tls.yaml b/gnocchi/templates/secret-ingress-tls.yaml
new file mode 100644
index 0000000..fc279cd
--- /dev/null
+++ b/gnocchi/templates/secret-ingress-tls.yaml
@@ -0,0 +1,19 @@
+{{/*
+Copyright 2019 Wind River Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "metric" ) }}
+{{- end }}
diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml
index 2d5f48b..73e245f 100644
--- a/gnocchi/values.yaml
+++ b/gnocchi/values.yaml
@@ -470,6 +470,10 @@ secrets:
admin: gnocchi-db-indexer-admin
gnocchi: gnocchi-db-indexer-user
rbd: gnocchi-rbd-keyring
+ tls:
+ metric:
+ api:
+ public: gnocchi-tls-public
bootstrap:
enabled: false
@@ -536,6 +540,13 @@ endpoints:
public: gnocchi
host_fqdn_override:
default: null
+ # NOTE: this chart supports TLS for fqdn over-ridden public
+ # endpoints using the following format:
+ # public:
+ # host: null
+ # tls:
+ # crt: null
+ # key: null
path:
default: null
scheme:
@@ -631,6 +642,7 @@ manifests:
pod_gnocchi_test: true
secret_db: true
secret_keystone: true
+ secret_ingress_tls: true
service_api: true
service_ingress_api: true
service_statsd: true
--
1.8.3.1

46
openstack-helm-infra/files/0007-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch Normal file
View File

@ -0,0 +1,46 @@
From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001
From: Ovidiu Poncea <ovidiu.poncea@windriver.com>
Date: Mon, 29 Jul 2019 08:00:01 -0400
Subject: [PATCH] Fix pod restarts on all workers when worker added/removed
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++--
helm-toolkit/templates/utils/_hash.tpl | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index ef52592..d7194af 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -213,7 +213,7 @@ limitations under the License.
name uniqueness */}}
{{- $_ := set $current_dict "dns_1123_name" dict }}
{{- if hasKey $current_dict "matchExpressions" }}
- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }}
+ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }}
{{- else }}
{{- $_ := set $current_dict "dns_1123_name" $name_format2 }}
{{- end }}
@@ -256,7 +256,7 @@ limitations under the License.
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }}
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }}
{{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }}
- {{- $values_hash := $cmap | quote | sha256sum }}
+ {{- $values_hash := $cmap | toJson | sha256sum }}
{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }}
{{/* generate configmap */}}
diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl
index 1041ec0..e419e3b 100644
--- a/helm-toolkit/templates/utils/_hash.tpl
+++ b/helm-toolkit/templates/utils/_hash.tpl
@@ -19,5 +19,5 @@ limitations under the License.
{{- $context := index . 1 -}}
{{- $last := base $context.Template.Name }}
{{- $wtf := $context.Template.Name | replace $last $name -}}
-{{- include $wtf $context | sha256sum | quote -}}
+{{- include $wtf $context | toJson | sha256sum | quote -}}
{{- end -}}
--
1.8.3.1

55
openstack-helm-infra/files/0008-Add-io_thread_pool-for-rabbitmq.patch Normal file
View File

@ -0,0 +1,55 @@
From f4c56def0797f093f626720871bd5e525227685e Mon Sep 17 00:00:00 2001
From: Bin Yang <bin.yang@intel.com>
Date: Tue, 13 Aug 2019 10:15:14 +0800
Subject: [PATCH] add io_thread_pool for rabbitmq
Signed-off-by: Bin Yang <bin.yang@intel.com>
---
rabbitmq/templates/statefulset.yaml | 8 ++++++++
rabbitmq/values.yaml | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
index 1016f7f..afe5520 100644
--- a/rabbitmq/templates/statefulset.yaml
+++ b/rabbitmq/templates/statefulset.yaml
@@ -111,6 +111,10 @@ spec:
key: RABBITMQ_ADMIN_PASSWORD
- name: RABBITMQ_DEFINITION_FILE
value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}"
+{{- if $envAll.Values.io_thread_pool.enabled }}
+ - name: RABBITMQ_IO_THREAD_POOL_SIZE
+ value: {{ $envAll.Values.io_thread_pool.size | quote }}
+{{- end }}
volumeMounts:
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
@@ -190,6 +194,10 @@ spec:
value: "{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
- name: PORT_CLUSTERING
value: "{{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}"
+{{- if $envAll.Values.io_thread_pool.enabled }}
+ - name: RABBITMQ_IO_THREAD_POOL_SIZE
+ value: {{ $envAll.Values.io_thread_pool.size | quote }}
+{{- end }}
readinessProbe:
initialDelaySeconds: 10
timeoutSeconds: 10
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
index bdc730a..367058e 100644
--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
@@ -290,6 +290,10 @@ volume:
class_name: general
size: 256Mi
+io_thread_pool:
+ enabled: false
+ size: 64
+
manifests:
configmap_bin: true
configmap_etc: true
--
2.7.4

63
openstack-helm-infra/files/0009-Enable-override-of-rabbitmq-probe-parameters.patch Normal file
View File

@ -0,0 +1,63 @@
From 132df9829fa4c697e0b9701871888708973f9123 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Fri, 16 Aug 2019 14:29:46 -0400
Subject: [PATCH] Enable override of rabbitmq probe parameters
Add variables for initial delay, period and timeout for rabbitmq
liveness and readiness probes.
Change-Id: I8d2685118eb4ce3b8c27952892f7ad553fc5de77
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
---
rabbitmq/templates/statefulset.yaml | 10 ++++++----
rabbitmq/values.yaml | 9 +++++++++
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
index afe5520..7b57c64 100644
--- a/rabbitmq/templates/statefulset.yaml
+++ b/rabbitmq/templates/statefulset.yaml
@@ -199,14 +199,16 @@ spec:
value: {{ $envAll.Values.io_thread_pool.size | quote }}
{{- end }}
readinessProbe:
- initialDelaySeconds: 10
- timeoutSeconds: 10
+ initialDelaySeconds: {{ $envAll.Values.pod.probes.readiness.initialDelaySeconds }}
+ periodSeconds: {{ $envAll.Values.pod.probes.readiness.periodSeconds }}
+ timeoutSeconds: {{ $envAll.Values.pod.probes.readiness.timeoutSeconds }}
exec:
command:
- /tmp/rabbitmq-readiness.sh
livenessProbe:
- initialDelaySeconds: 30
- timeoutSeconds: 10
+ initialDelaySeconds: {{ $envAll.Values.pod.probes.liveness.initialDelaySeconds }}
+ periodSeconds: {{ $envAll.Values.pod.probes.liveness.periodSeconds }}
+ timeoutSeconds: {{ $envAll.Values.pod.probes.liveness.timeoutSeconds }}
exec:
command:
- /tmp/rabbitmq-liveness.sh
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
index 367058e..cfd151c 100644
--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
@@ -102,6 +102,15 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 10
+ liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
conf:
enabled_plugins:
--
1.8.3.1

12
openstack-helm-infra/files/repositories.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
generated: 2019-01-02T15:19:36.215111369-06:00
repositories:
- caFile: ""
cache: /builddir/.helm/repository/cache/local-index.yaml
certFile: ""
keyFile: ""
name: local
password: ""
url: http://127.0.0.1:8879/charts
username: ""

8
openstack-helm/Readme.rst Normal file
View File

@ -0,0 +1,8 @@
This repo is for https://github.com/openstack/openstack-helm
Changes to this repo are needed for StarlingX and those changes are
not yet merged.
Rather than clone and diverge the repo, the repo is extracted at a particular
git SHA, and patches are applied on top.
As those patches are merged, the SHA can be updated and the local patches removed.

8
openstack-helm/centos/build_srpm.data Normal file
View File

@ -0,0 +1,8 @@
TAR_NAME=openstack-helm
SHA=6c71637222f47d85681038994f02feac92f75bd2
VERSION=1.0.0
TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
TIS_PATCH_VER=21

132
openstack-helm/centos/openstack-helm.spec Normal file
View File

@ -0,0 +1,132 @@
%global sha 6c71637222f47d85681038994f02feac92f75bd2
%global helm_folder /usr/lib/helm
%global toolkit_version 0.1.0
%global helmchart_version 0.1.0
%global _default_patch_flags --no-backup-if-mismatch --prefix=/tmp/junk
Summary: Openstack-Helm charts
Name: openstack-helm
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: https://github.com/openstack/openstack-helm
Source0: %{name}-%{sha}.tar.gz
Source1: repositories.yaml
Source2: index.yaml
BuildArch: noarch
Patch01: 0001-Add-Aodh-Chart.patch
Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
Patch05: 0005-Nova-console-ip-address-search-optionality.patch
Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
Patch07: 0007-Horizon-Disable-apache2-status_module.patch
Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
Patch12: 0012-Add-internal-tenant-id-in-conf.patch
Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch
Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch
Patch15: 0015-Add-Placement-Chart.patch
Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
Patch18: 0018-Nova-add-service-token.patch
Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
Patch20: 0020-Change-cinder-bootstrap-script.patch
BuildRequires: helm
BuildRequires: openstack-helm-infra
Requires: openstack-helm-infra
%description
Openstack Helm charts
%prep
%setup -n openstack-helm
%patch01 -p1
%patch02 -p1
%patch03 -p1
%patch04 -p1
%patch05 -p1
%patch06 -p1
%patch07 -p1
%patch08 -p1
%patch09 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%build
# initialize helm and build the toolkit
# helm init --client-only does not work if there is no networking
# The following commands do essentially the same as: helm init
%define helm_home %{getenv:HOME}/.helm
mkdir %{helm_home}
mkdir %{helm_home}/repository
mkdir %{helm_home}/repository/cache
mkdir %{helm_home}/repository/local
mkdir %{helm_home}/plugins
mkdir %{helm_home}/starters
mkdir %{helm_home}/cache
mkdir %{helm_home}/cache/archive
# Stage a repository file that only has a local repo
cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
# Stage a local repo index that can be updated by the build
cp %{SOURCE2} %{helm_home}/repository/local/index.yaml
# Stage helm-toolkit in the local repo
cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz .
# Host a server for the charts
helm serve --repo-path . &
helm repo rm local
helm repo add local http://localhost:8879/charts
# Make the charts. These produce a tgz file
make aodh
make barbican
make ceilometer
make cinder
make glance
make heat
make horizon
make ironic
make keystone
make magnum
make neutron
make nova
make panko
make placement
# terminate helm server (the last backgrounded task)
kill %1
# Remove the helm-toolkit tarball
rm helm-toolkit-%{toolkit_version}.tgz
%install
# helm_folder is created by openstack-helm-infra
install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder}
install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder}
%files
#helm_folder is owned by openstack-helm-infra
%defattr(-,root,root,-)
%{helm_folder}/*

2457
openstack-helm/files/0001-Add-Aodh-Chart.patch Normal file
View File

File diff suppressed because it is too large Load Diff

93
openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch Normal file
View File

@ -0,0 +1,93 @@
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Wed, 6 Mar 2019 18:06:06 -0500
Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
panko
Ceilometer notification agent sends the events to panko via panko
dispatcher/publisher which requires the db connection information
in /etc/panko/panko.conf.
This commit updates to mount the configuration file for panko in
ceilometer notification pod.
Change-Id: I4ca524ed7462f945a245e9dbe1d69493dbc4211d
Story: 2005019
Task: 29498
Depends-On: https://review.openstack.org/#/c/641144/
Signed-off-by: Angie Wang <angie.wang@windriver.com>
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index e6ae7e3a..9deade59 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -728,6 +728,11 @@ conf:
- name: event_sink
publishers:
- notifier://
+ # The following publisher will enable to publish events to panko.
+ # Ocata:
+ # - direct://?dispatcher=panko
+ # Pike:
+ # - panko://
transformers: null
sources:
- events:
@@ -1618,6 +1623,8 @@ dependencies:
service: mongodb
- endpoint: internal
service: metric
+ - endpoint: internal
+ service: event
tests:
services:
- endpoint: internal
@@ -1739,6 +1746,21 @@ endpoints:
api:
default: 8041
public: 80
+ event:
+ name: panko
+ hosts:
+ default: panko-api
+ public: panko
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: 'http'
+ port:
+ api:
+ default: 8977
+ public: 80
alarming:
name: aodh
hosts:
@@ -1865,7 +1887,19 @@ pod:
init_container: null
ceilometer_notification:
volumeMounts:
+ - name: etcpanko
+ mountPath: /etc/panko
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
volumes:
+ - name: etcpanko
+ emptyDir: {}
+ - name: panko-etc
+ secret:
+ secretName: panko-etc
+ defaultMode: 0444
replicas:
api: 1
central: 1
--
2.16.5

70
openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch Normal file
View File

@ -0,0 +1,70 @@
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 01:33:39 -0500
Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
Stale Apache2 pids will prevent Apache2 from starting and will leave
the POD in a crashed state.
Note: the pid file is somewhat confusingly called
/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
/var/run/httpd.
This is loosely based off the in-review upstream commit at
https://review.openstack.org/#/c/619747
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
keystone/templates/bin/_keystone-api.sh.tpl | 6 ++----
nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
index cdb02f79..392873c7 100644
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
@@ -25,6 +25,9 @@ function start () {
source /etc/apache2/envvars
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
}
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index 2f127b94..11726809 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -31,10 +31,8 @@ function start () {
source /etc/apache2/envvars
fi
- if [ -f /var/run/apache2/apache2.pid ]; then
- # Remove the stale pid for debian/ubuntu images
- rm -f /var/run/apache2/apache2.pid
- fi
+ # Get rid of stale pid, shared memory segment and wsgi sock files if present.
+ rm -f /var/run/apache2/*
# Start Apache2
exec apache2 -DFOREGROUND
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
index f9c8d7c5..b4bcf178 100644
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
@@ -28,6 +28,9 @@ function start () {
source /etc/apache2/envvars
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
}
--
2.16.5

184
openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch Normal file
View File

@ -0,0 +1,184 @@
From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Thu, 10 Jan 2019 00:12:21 -0500
Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
container.
- Map private and public keys to configmap-ssh which will default to
the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
Depends on helm-toolkit supporting multiple containers per daemonset
pod.
Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++---
nova/templates/configmap-etc.yaml | 4 ++--
nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++
nova/templates/daemonset-compute.yaml | 14 +++++++++-----
nova/values.yaml | 5 +++++
5 files changed, 67 insertions(+), 10 deletions(-)
create mode 100755 nova/templates/configmap-ssh.yaml
diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
index 1c10cb07..158090b0 100644
--- a/nova/templates/bin/_ssh-start.sh.tpl
+++ b/nova/templates/bin/_ssh-start.sh.tpl
@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
chown nova: ~nova/.ssh
fi
-chmod 0600 ~root/.ssh/authorized_keys
-chmod 0600 ~root/.ssh/id_rsa
-chmod 0600 ~root/.ssh/id_rsa.pub
+{{- if .Values.network.sshd.enabled }}
+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
+cat > /tmp/sshd_config_extend <<EOF
+
+# This Match block prevents Password Authentication for root user
+Match User root
+ PasswordAuthentication no
+
+# This Match Block is used to allow Root Login exceptions over the
+# internal subnet used by Nova Migrations
+Match Address $subnet_address
+ PermitRootLogin without-password
+EOF
+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
+rm /tmp/sshd_config_extend
+{{- end }}
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 55aa3114..0d1e7a5e 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -232,8 +232,8 @@ data:
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
-# FIXME(portdirect): why is this file suffixed .sh?
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
+
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
new file mode 100755
index 00000000..bab8e330
--- /dev/null
+++ b/nova/templates/configmap-ssh.yaml
@@ -0,0 +1,35 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "nova.configmap.ssh" }}
+{{- $envAll := index . 1 }}
+{{- with $envAll }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nova-ssh
+type: Opaque
+data:
+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
+
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
+{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 09627042..4a7b90b5 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -258,6 +258,9 @@ spec:
mountPath: /root/.ssh/config
subPath: ssh-config
readOnly: true
+ - name: nova-ssh
+ mountPath: /root/.ssh/id_rsa
+ subPath: ssh-key-private
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
mountPath: /etc/ceph
@@ -314,13 +317,10 @@ spec:
mountPath: /var/lib/nova
- name: varliblibvirt
mountPath: /var/lib/libvirt
- - name: nova-etc
- mountPath: /root/.ssh/id_rsa
- subPath: ssh-key-private
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/id_rsa.pub
subPath: ssh-key-public
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/authorized_keys
subPath: ssh-key-public
- name: nova-bin
@@ -336,6 +336,10 @@ spec:
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: nova-ssh
+ secret:
+ secretName: nova-ssh
+ defaultMode: 0400
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
hostPath:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7cb4d553..8599027a 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -211,6 +211,9 @@ network:
ssh:
name: "nova-ssh"
port: 8022
+ sshd:
+ enabled: false
+ from_subnet: 0.0.0.0/24
dependencies:
dynamic:
@@ -462,6 +465,8 @@ conf:
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Port {{ .Values.network.ssh.port }}
+ ssh_private: 'null'
+ ssh_public: 'null'
rally_tests:
run_tempest: false
tests:
--
2.16.5

65
openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch Normal file
View File

@ -0,0 +1,65 @@
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH 05/11] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
compute init container
2. my_ip hypervisor address found by compute init container
These options can be used to prevent cases where the found addresses
overwrite what has already been defined in nova.conf by per host nova
compute daemonset overrides.
Story: 2005259
Task: 30066
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
nova/values.yaml | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index c80da6d6..4927908a 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -20,6 +20,10 @@ set -ex
exec nova-compute \
--config-file /etc/nova/nova.conf \
+{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
+{{- end }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
- --config-file /tmp/pod-shared/nova-hypervisor.conf
\ No newline at end of file
+{{- if .Values.conf.hypervisor.address_search_enabled }}
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 8599027a..0887cecc 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -440,6 +440,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
+ address_search_enabled: true
ssh:
key_types:
@@ -1433,6 +1434,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
nova:
--
2.16.5

346
openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch Normal file
View File

@ -0,0 +1,346 @@
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
to make sure this pool exists.
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
Story: 2004922
Task: 29285
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
nova/templates/configmap-bin.yaml | 4 +-
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
nova/values.yaml | 18 ++++
4 files changed, 251 insertions(+), 1 deletion(-)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 00000000..f79fcff0
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
+ echo "Update its cephx caps"
+ ceph auth caps client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd"
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ else
+ # NOTE: Restrict Nova permissions to what is needed.
+ # MON Read only and RBD access to the Nova ephemeral pool only.
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index c58b90bd..268434fd 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -1,5 +1,5 @@
{{/*
-Copyright 2017 The Openstack-Helm Authors.
+Copyright 2017-2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -83,6 +83,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cell-setup.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 00000000..7d057fb9
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,155 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if or $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index 0887cecc..7245cf82 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:1.3.0
image_repo_sync: docker.io/docker:17.07.0
local_registry:
@@ -461,6 +462,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 3
+ rbd_chunk_size: 64
ssh: |
Host *
StrictHostKeyChecking no
@@ -1625,6 +1634,7 @@ secrets:
placement:
placement:
public: placement-tls-public
+ ephemeral: nova-ephemeral
# typically overridden by environmental
# values, but should include all endpoints
@@ -2239,6 +2249,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2302,6 +2319,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
--
2.16.5

30
openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch Normal file
View File

@ -0,0 +1,30 @@
From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:29:26 -0400
Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
a2dismod is not present in the StarlingX httpd based images. Try
a2dismod first, then fail back to using sed to remove the module.
Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
Signed-off-by: Robert Church <robert.church@windriver.com>
---
horizon/templates/bin/_horizon.sh.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
index dec000f3..55a2c629 100644
--- a/horizon/templates/bin/_horizon.sh.tpl
+++ b/horizon/templates/bin/_horizon.sh.tpl
@@ -28,7 +28,7 @@ function start () {
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
a2enmod rewrite
- a2dismod status
+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
if [ -f /etc/apache2/envvars ]; then
# Loading Apache2 ENV variables
--
2.16.5

224
openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch Normal file
View File

@ -0,0 +1,224 @@
From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:37:05 -0400
Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
Signed-off-by: Robert Church <robert.church@windriver.com>
---
neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++
neutron/templates/daemonset-l3-agent.yaml | 4 ++++
neutron/templates/daemonset-lb-agent.yaml | 4 ++++
neutron/templates/daemonset-metadata-agent.yaml | 4 ++++
neutron/templates/daemonset-ovs-agent.yaml | 4 ++++
neutron/templates/daemonset-sriov-agent.yaml | 4 ++++
neutron/values.yaml | 27 +++++++++++++++++++++++++
7 files changed, 51 insertions(+)
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 49866f2a..6e1d2928 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-dhcp-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 5e0ec194..29e0f3f7 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-l3-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index c2b432f7..685893d5 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -140,12 +140,16 @@ spec:
privileged: true
command:
- /tmp/neutron-linuxbridge-agent.sh
+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
readinessProbe:
exec:
command:
- bash
- -c
- 'brctl show'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-linuxbridge-agent.sh
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 8e92a675..fba132ed 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -87,6 +87,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
readinessProbe:
exec:
command:
@@ -99,6 +100,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 35
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
livenessProbe:
exec:
command:
@@ -112,6 +115,7 @@ spec:
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 45
+ {{- end }}
command:
- /tmp/neutron-metadata-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 56061e63..69ee1c2c 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -154,6 +154,7 @@ spec:
privileged: true
command:
- /tmp/neutron-openvswitch-agent.sh
+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
# ensures this container can can see a br-int
# bridge before its marked as ready
readinessProbe:
@@ -162,6 +163,8 @@ spec:
- bash
- -c
- 'ovs-vsctl list-br | grep -q br-int'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
livenessProbe:
exec:
command:
@@ -177,6 +180,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-openvswitch-agent.sh
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index a59e4100..c03b3668 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -129,6 +129,7 @@ spec:
privileged: true
command:
- /tmp/neutron-sriov-agent.sh
+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
readinessProbe:
exec:
command:
@@ -141,6 +142,9 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 10
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-sriov-agent.sh
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 5ab4ca12..1cc67b94 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -520,6 +520,33 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
+ liveness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
conf:
rally_tests:
--
2.16.5

227
openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch Normal file
View File

@ -0,0 +1,227 @@
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:42:08 -0400
Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib8e4b93486588320fd2d562c3bc90b65844e52e5, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: Iebe7327055f58fa78ce3fcac968c1fa617c30c2f
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/daemonset-compute.yaml | 4 ++++
nova/templates/deployment-conductor.yaml | 4 ++++
nova/templates/deployment-consoleauth.yaml | 4 ++++
nova/templates/deployment-novncproxy.yaml | 4 ++++
nova/templates/deployment-scheduler.yaml | 4 ++++
nova/templates/deployment-spiceproxy.yaml | 4 ++++
nova/values.yaml | 27 +++++++++++++++++++++++++++
7 files changed, 51 insertions(+)
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 4a7b90b5..f508b963 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -181,6 +181,7 @@ spec:
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.conf.ceph.secret_uuid }}"
{{ end }}
+ {{- if .Values.pod.probes.readiness.nova_compute.enabled }}
readinessProbe:
exec:
command:
@@ -193,6 +194,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_compute.enabled }}
livenessProbe:
exec:
command:
@@ -206,6 +209,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-compute.sh
volumeMounts:
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 1e66e419..33d41097 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_conductor.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-conductor.sh
volumeMounts:
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
index 75b66e79..31013eb7 100644
--- a/nova/templates/deployment-consoleauth.yaml
+++ b/nova/templates/deployment-consoleauth.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_consoleauth.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-consoleauth.sh
volumeMounts:
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index cf9fda02..2611ba80 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-novncproxy
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_novcnproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index 9611d950..0350c47c 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_scheduler.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-scheduler.sh
volumeMounts:
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index 4507bde4..1b58ec98 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-spiceproxy
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_spiceproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7245cf82..433ec3af 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2256,6 +2256,33 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
+ liveness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
network_policy:
nova:
--
2.16.5

60
openstack-helm/files/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch Normal file
View File

@ -0,0 +1,60 @@
From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
From: Mingyuan Qi <mingyuan.qi@intel.com>
Date: Thu, 11 Apr 2019 14:59:11 +0800
Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
Current script does not consider centos distro as base image.
Different folder was checked to copy pxe files to tftpboot folder.
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
---
.../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
index b8c4c4c..5fe595f 100644
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
+
set -ex
-#NOTE(portdirect): this works round a limitation in Kolla images
-if ! dpkg -l ipxe; then
- apt-get update
- apt-get install ipxe -y
+if [[ ! -z $DISTRO_UBUNTU ]]; then
+ #NOTE(portdirect): this works round a limitation in Kolla images
+ if ! dpkg -l ipxe; then
+ apt-get update
+ apt-get install ipxe -y
+ fi
fi
mkdir -p /var/lib/openstack-helm/tftpboot
mkdir -p /var/lib/openstack-helm/tftpboot/master_images
-for FILE in undionly.kpxe ipxe.efi; do
+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
if [ -f /usr/lib/ipxe/$FILE ]; then
cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
fi
+
+ # For CentOS
+ if [[ ! -z $DISTRO_CENTOS ]]; then
+ if [ -f /var/lib/tftpboot/$FILE ]; then
+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ if [ -f /usr/share/ipxe/$FILE ]; then
+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ fi
done
--
1.8.3.1

82
openstack-helm/files/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch Normal file
View File

@ -0,0 +1,82 @@
From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
Date: Tue, 9 Apr 2019 10:37:46 +0200
Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
alive
Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
that is passed to the service, just to find out if it is responding. Because
such method does not exist, it is needed to catch and handle the exception
that is inevitably thrown by the service.
While this is technically working correctly, the exceptions pollute the
log files and make it harder for user to see possible real errors.
This is how the error looks like:
ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method)
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
This situation is new since https://review.openstack.org/#/c/639711/
which (correctly) increased the default level of logging. Before 639711
error messages from oslo (both real and ones that could be ignored) were not
present in nova logs at all.
Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
be used for this basic purpose by all nova components.
Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
---
nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
index 6434e45..4c1aa45 100644
--- a/nova/templates/bin/_health-probe.py.tpl
+++ b/nova/templates/bin/_health-probe.py.tpl
@@ -17,8 +17,8 @@
"""
Health probe script for OpenStack service that uses RPC/unix domain socket for
communication. Check's the RPC tcp socket status on the process and send
-message to service through rpc call method and expects a reply. It is expected
-to receive failure from the service's RPC server as the method does not exist.
+message to service through rpc call method and expects a reply.
+Use nova's ping method that is designed just for such simple purpose.
Script returns failure to Kubernetes only when
a. TCP socket for the RPC communication are not established.
@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
sys.stderr.write() writes to pod's events on failures.
Usage example for Nova Compute:
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
+# python health-probe.py --config-file /etc/nova/nova.conf \
# --service-queue-name compute
"""
@@ -50,12 +50,15 @@ def check_service_status(transport):
"""Verify service status. Return success if service consumes message"""
try:
target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
- server=socket.gethostname())
+ server=socket.gethostname(),
+ namespace='baseapi',
+ version="1.1")
client = oslo_messaging.RPCClient(transport, target,
timeout=60,
retry=2)
client.call(context.RequestContext(),
- 'pod_health_probe_method_ignore_errors')
+ 'ping',
+ arg=None)
except oslo_messaging.exceptions.MessageDeliveryFailure:
# Log to pod events
sys.stderr.write("Health probe unable to reach message bus")
--
2.7.4

307
openstack-helm/files/0012-Add-internal-tenant-id-in-conf.patch Normal file
View File

@ -0,0 +1,307 @@
From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001
From: Liang Fang <liang.a.fang@intel.com>
Date: Mon, 25 Mar 2019 10:29:42 -0400
Subject: [PATCH 12/14] Add internal tenant id in conf
Cinder raw cache feature requires internal tenant id be set in
/etc/cinder/cinder.conf, something like:
cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
This patch get or create if not exist intenal user id and project id, and then
set in cinder.conf
reference: Cinder cache feature:
https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
Story: 2004869
Task: 29121
Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_cinder-volume.sh.tpl | 3 +-
.../bin/_create-internal-tenant-id.sh.tpl | 31 ++++++++
.../bin/_retrieve-internal-tenant-id.sh.tpl | 32 +++++++++
cinder/templates/configmap-bin.yaml | 4 ++
cinder/templates/deployment-volume.yaml | 31 ++++++++
cinder/templates/job-create-internal-tenant.yaml | 83 ++++++++++++++++++++++
cinder/values.yaml | 4 ++
7 files changed, 187 insertions(+), 1 deletion(-)
create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl
create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
create mode 100644 cinder/templates/job-create-internal-tenant.yaml
diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl
index 64aa3828..a248f352 100644
--- a/cinder/templates/bin/_cinder-volume.sh.tpl
+++ b/cinder/templates/bin/_cinder-volume.sh.tpl
@@ -19,4 +19,5 @@ limitations under the License.
set -ex
exec cinder-volume \
--config-file /etc/cinder/cinder.conf \
- --config-file /etc/cinder/conf/backends.conf
+ --config-file /etc/cinder/conf/backends.conf \
+ --config-file /tmp/pod-shared/internal_tenant.conf
diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
new file mode 100755
index 00000000..10582564
--- /dev/null
+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+
+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
+ --domain="${PROJECT_DOMAIN_ID}" \
+ "${INTERNAL_PROJECT_NAME}");
+
+USER_ID=$(openstack user create --or-show --enable -f value -c id \
+ --domain="${USER_DOMAIN_ID}" \
+ --project-domain="${PROJECT_DOMAIN_ID}" \
+ --project="${USER_PROJECT_ID}" \
+ "${INTERNAL_USER_NAME}");
+
diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
new file mode 100755
index 00000000..b85f69fd
--- /dev/null
+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+
+USER_PROJECT_ID=$(openstack project show -f value -c id \
+ "${INTERNAL_PROJECT_NAME}");
+
+USER_ID=$(openstack user show -f value -c id \
+ "${INTERNAL_USER_NAME}");
+
+tee /tmp/pod-shared/internal_tenant.conf <<EOF
+[DEFAULT]
+cinder_internal_tenant_project_id = ${USER_PROJECT_ID}
+cinder_internal_tenant_user_id = ${USER_ID}
+EOF
diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
index 0cfd6af2..df96fabf 100644
--- a/cinder/templates/configmap-bin.yaml
+++ b/cinder/templates/configmap-bin.yaml
@@ -41,6 +41,10 @@ data:
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
+ create-internal-tenant.sh: |
+{{ tuple "bin/_create-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ retrieve-internal-tenant.sh: |
+{{ tuple "bin/_retrieve-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cinder-api.sh: |
{{ tuple "bin/_cinder-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cinder-backup.sh: |
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index a34b4532..17902c02 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -90,6 +90,33 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{ end }}
+ - name: init-cinder-conf
+ image: {{ .Values.images.tags.ks_user }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/retrieve-internal-tenant.sh
+ volumeMounts:
+ - name: cinder-bin
+ mountPath: /tmp/retrieve-internal-tenant.sh
+ subPath: retrieve-internal-tenant.sh
+ readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: INTERNAL_PROJECT_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
+ - name: INTERNAL_USER_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
+
+{{- with $env := dict "ksUserSecret" (index .Values.secrets.identity "cinder" ) }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
+{{- end }}
+
containers:
- name: cinder-volume
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -102,6 +129,8 @@ spec:
mountPath: /tmp/cinder-volume.sh
subPath: cinder-volume.sh
readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: cinder-etc
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
@@ -168,6 +197,8 @@ spec:
{{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
- name: etcceph
emptyDir: {}
+ - name: pod-shared
+ emptyDir: {}
- name: ceph-etc
configMap:
name: {{ .Values.ceph_client.configmap }}
diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml
new file mode 100644
index 00000000..2371a922
--- /dev/null
+++ b/cinder/templates/job-create-internal-tenant.yaml
@@ -0,0 +1,83 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_create_internal_tenant }}
+{{- $envAll := . }}
+
+{{- $serviceName := "cinder" }}
+{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
+{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
+{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
+
+{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "create-internal-tenant" }}
+{{ tuple $envAll "create-internal-tenant" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ printf "%s-%s" $serviceUserPretty "create-internal-tenant" | quote }}
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll $serviceName "create-internal-tenant" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName | quote }}
+ restartPolicy: OnFailure
+ nodeSelector:
+{{ toYaml $nodeSelector | indent 8 }}
+ initContainers:
+{{ tuple $envAll "create_internal_tenant" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: create-internal-tenant
+ image: {{ $envAll.Values.images.tags.ks_user }}
+ imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ command:
+ - /tmp/create-internal-tenant.sh
+ volumeMounts:
+ - name: create-internal-tenant-sh
+ mountPath: /tmp/create-internal-tenant.sh
+ subPath: create-internal-tenant.sh
+ readOnly: true
+ env:
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: SERVICE_OS_SERVICE_NAME
+ value: {{ $serviceName | quote }}
+ - name: INTERNAL_PROJECT_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
+ - name: INTERNAL_USER_NAME
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
+
+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
+{{- end }}
+ - name: SERVICE_OS_ROLES
+ {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }}
+ {{- if kindIs "slice" $serviceOsRoles }}
+ value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }}
+ {{- else }}
+ value: {{ $serviceOsRoles | quote }}
+ {{- end }}
+ volumes:
+ - name: create-internal-tenant-sh
+ configMap:
+ name: {{ $configMapBin | quote }}
+ defaultMode: 0555
+{{- end -}}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 0256bf3f..39027e9b 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -771,6 +771,9 @@ conf:
# Backup: Posix options
backup_posix_path: /var/lib/cinder/backup
auth_strategy: keystone
+ # Internal tenant id
+ internal_project_name: internal_cinder
+ internal_user_name: internal_cinder
database:
max_retries: -1
keystone_authtoken:
@@ -1349,6 +1352,7 @@ manifests:
job_backup_storage_init: true
job_bootstrap: true
job_clean: true
+ job_create_internal_tenant: true
job_db_init: true
job_image_repo_sync: true
job_rabbit_init: true
--
2.16.5

89
openstack-helm/files/0013-cinder-allow-configuring-the-rbd-app-name.patch Normal file
View File

@ -0,0 +1,89 @@
From 88656adf554e01d851c297533ceb1dced329bc2c Mon Sep 17 00:00:00 2001
From: Itxaka <igarcia@suse.com>
Date: Tue, 28 May 2019 13:21:40 +0200
Subject: [PATCH 13/14] cinder: allow configuring the rbd app name
Instead of hardcoding it, let us override it with
custom values for normal volumes and backups
Change-Id: I3abb343877abd0436c592a3371372f82ef581790
(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
cinder/templates/bin/_storage-init.sh.tpl | 2 +-
cinder/templates/job-backup-storage-init.yaml | 2 ++
cinder/templates/job-storage-init.yaml | 2 ++
cinder/values.yaml | 4 ++++
5 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index 52c8e6bf..af9886ad 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
echo "Cephx user client.${RBD_POOL_USER} already exists"
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
index 9288ec5f..bbc31938 100644
--- a/cinder/templates/bin/_storage-init.sh.tpl
+++ b/cinder/templates/bin/_storage-init.sh.tpl
@@ -41,7 +41,7 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume"
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
echo "Cephx user client.${RBD_POOL_USER} already exist."
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index a073940c..7b0e50e1 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -109,6 +109,8 @@ spec:
{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
- name: RBD_POOL_NAME
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
+ - name: RBD_POOL_APP_NAME
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
- name: RBD_POOL_USER
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
- name: RBD_POOL_CRUSH_RULE
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
index 1d4819c2..27081816 100644
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -100,6 +100,8 @@ spec:
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
- name: RBD_POOL_NAME
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
+ - name: RBD_POOL_APP_NAME
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
- name: RBD_POOL_USER
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
- name: RBD_POOL_CRUSH_RULE
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 39027e9b..bef7b374 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -302,6 +302,10 @@ ceph_client:
user_secret_name: pvc-ceph-client-key
conf:
+ software:
+ rbd:
+ rbd_pool_app_name_backup: cinder-backup
+ rbd_pool_app_name: cinder-volume
paste:
composite:osapi_volume:
use: call:cinder.api:root_app_factory
--
2.16.5

241
openstack-helm/files/0014-Cinder-Support-backup-driver-specification-by-module.patch Normal file
View File

@ -0,0 +1,241 @@
From a5c47db5550926bcf2d4dbd5667ad74e00b2ed97 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 24 May 2019 02:43:15 -0400
Subject: [PATCH 14/14] Cinder: Support backup driver specification by module
or class name
During the Queens cycle, Cinder introduced the ability to specify the
backup driver via class name and deprecated backup driver initialization
using the module name. (Id6bee9e7d0da8ead224a04f86fe79ddfb5b286cf)
Legacy support for initialization by module name was dropped in Stein.
(I3ada2dee1857074746b1893b82dd5f6641c6e579)
This change will support both methods of initialization and leave the
driver defaults enabled for module based initialization (valid through
Rocky images).
This change has been tested using the OSH default Cinder (Ocata) images
and StarlingX images based on master (Train).
Change-Id: Iec7bc6f4dd089aaa08ca652bebd9a10ef49da556
Signed-off-by: Robert Church <robert.church@windriver.com>
---
cinder/templates/bin/_backup-storage-init.sh.tpl | 8 ++++----
cinder/templates/configmap-etc.yaml | 2 +-
cinder/templates/deployment-backup.yaml | 16 ++++++++--------
cinder/templates/job-backup-storage-init.yaml | 8 ++++----
cinder/templates/job-clean.yaml | 4 ++--
cinder/templates/pvc-backup.yaml | 2 +-
cinder/values.yaml | 4 ++++
7 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index af9886ad..10069f17 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -17,7 +17,7 @@ limitations under the License.
*/}}
set -x
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
SECRET=$(mktemp --suffix .yaml)
KEYRING=$(mktemp --suffix .keyring)
function cleanup {
@@ -27,10 +27,10 @@ if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
fi
set -ex
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.swift" ] || \
- [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.posix" ]; then
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.swift' ]] || \
+ [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.posix' ]]; then
echo "INFO: no action required to use $STORAGE_BACKEND"
-elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
+elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
ceph -s
function ensure_pool () {
ceph osd pool stats $1 || ceph osd pool create $1 $2
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
index 5ed73db6..e13851ed 100644
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@@ -63,7 +63,7 @@ limitations under the License.
{{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "glance_api_servers" -}}
{{- end -}}
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.swift" }}
+{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_auth_version -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_auth_version" "3" -}}
{{- end -}}
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index fdce03a9..bffd774c 100644
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -54,7 +54,7 @@ spec:
{{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
initContainers:
{{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-keyring-placement
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -98,7 +98,7 @@ spec:
subPath: key
readOnly: true
{{ end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-volume-perms
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -150,7 +150,7 @@ spec:
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
- name: etcceph
mountPath: /etc/ceph
{{- if not .Values.backup.external_ceph_rbd.enabled }}
@@ -164,7 +164,7 @@ spec:
subPath: external-backup-ceph.conf
readOnly: true
{{- end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-keyring
mountPath: /tmp/client-keyring
subPath: key
@@ -176,7 +176,7 @@ spec:
readOnly: true
{{- end }}
{{- end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: cinder-backup
mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
{{- end }}
@@ -213,7 +213,7 @@ spec:
configMap:
name: cinder-bin
defaultMode: 0555
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
- name: etcceph
emptyDir: {}
- name: ceph-etc
@@ -221,7 +221,7 @@ spec:
name: {{ .Values.ceph_client.configmap }}
defaultMode: 0444
{{ end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-keyring
secret:
secretName: {{ .Values.secrets.rbd.backup | quote }}
@@ -231,7 +231,7 @@ spec:
secret:
secretName: {{ .Values.secrets.rbd.volume | quote }}
{{ end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: cinder-backup
persistentVolumeClaim:
claimName: cinder-backup
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index 7b0e50e1..a43ba998 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -67,7 +67,7 @@ spec:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll "backup_storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-keyring-placement
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -106,7 +106,7 @@ spec:
fieldPath: metadata.namespace
- name: STORAGE_BACKEND
value: {{ .Values.conf.cinder.DEFAULT.backup_driver | quote }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: RBD_POOL_NAME
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
- name: RBD_POOL_APP_NAME
@@ -129,7 +129,7 @@ spec:
mountPath: /tmp/backup-storage-init.sh
subPath: backup-storage-init.sh
readOnly: true
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: etcceph
mountPath: /etc/ceph
{{- if not .Values.backup.external_ceph_rbd.enabled }}
@@ -155,7 +155,7 @@ spec:
configMap:
name: cinder-bin
defaultMode: 0555
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: etcceph
emptyDir: {}
- name: ceph-etc
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
index d85234ed..54fd41e7 100644
--- a/cinder/templates/job-clean.yaml
+++ b/cinder/templates/job-clean.yaml
@@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.job_clean }}
{{- $envAll := . }}
-{{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
{{- $serviceAccountName := print "cinder-clean" }}
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -87,7 +87,7 @@ spec:
subPath: clean-secrets.sh
readOnly: true
{{ end }}
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: cinder-volume-backup-secret-clean
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/cinder/templates/pvc-backup.yaml b/cinder/templates/pvc-backup.yaml
index b2e851dc..94d63d0e 100644
--- a/cinder/templates/pvc-backup.yaml
+++ b/cinder/templates/pvc-backup.yaml
@@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.pvc_backup }}
{{- $envAll := . }}
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
+{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
---
kind: PersistentVolumeClaim
apiVersion: v1
diff --git a/cinder/values.yaml b/cinder/values.yaml
index bef7b374..362f6918 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -767,6 +767,10 @@ conf:
enabled_backends: "rbd1"
# NOTE(portdirect): "cinder.backup.drivers.ceph" and
# "cinder.backup.drivers.posix" also supported
+ # NOTE(rchurch): As of Stein, drivers by class name are required
+ # - cinder.backup.drivers.swift.SwiftBackupDriver
+ # - cinder.backup.drivers.ceph.CephBackupDriver
+ # - cinder.backup.drivers.posix.PosixBackupDriver
backup_driver: "cinder.backup.drivers.swift"
# Backup: Ceph RBD options
backup_ceph_conf: "/etc/ceph/ceph.conf"
--
2.16.5

1114
openstack-helm/files/0015-Add-Placement-Chart.patch Normal file
View File

File diff suppressed because it is too large Load Diff

229
openstack-helm/files/0016-Cinder-rename-is_ceph_volume-configured.patch Normal file
View File

@ -0,0 +1,229 @@
From 4e4a8197f90ba90c5bfbad02698ad351e7e92125 Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Wed, 12 Jun 2019 14:07:17 +0000
Subject: [PATCH 1/2] Cinder rename is_ceph_volume configured
When using multiple ceph backends there is more than
one ceph 'volume' configured. Rename template to
_has_ceph_backend.
---
cinder/templates/deployment-backup.yaml | 8 +++----
cinder/templates/deployment-volume.yaml | 6 +++---
cinder/templates/job-clean.yaml | 4 ++--
cinder/templates/job-storage-init.yaml | 8 +++----
cinder/templates/utils/_has_ceph_backend.tpl | 25 ++++++++++++++++++++++
.../templates/utils/_is_ceph_volume_configured.tpl | 25 ----------------------
6 files changed, 38 insertions(+), 38 deletions(-)
mode change 100644 => 100755 cinder/templates/deployment-backup.yaml
mode change 100644 => 100755 cinder/templates/deployment-volume.yaml
mode change 100644 => 100755 cinder/templates/job-clean.yaml
mode change 100644 => 100755 cinder/templates/job-storage-init.yaml
create mode 100644 cinder/templates/utils/_has_ceph_backend.tpl
delete mode 100644 cinder/templates/utils/_is_ceph_volume_configured.tpl
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
old mode 100644
new mode 100755
index bffd774..74e38ba
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -76,7 +76,7 @@ spec:
subPath: key
readOnly: true
{{ end }}
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: ceph-keyring-placement
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -150,7 +150,7 @@ spec:
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
- name: etcceph
mountPath: /etc/ceph
{{- if not .Values.backup.external_ceph_rbd.enabled }}
@@ -213,7 +213,7 @@ spec:
configMap:
name: cinder-bin
defaultMode: 0555
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
- name: etcceph
emptyDir: {}
- name: ceph-etc
@@ -226,7 +226,7 @@ spec:
secret:
secretName: {{ .Values.secrets.rbd.backup | quote }}
{{ end }}
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: ceph-keyring
secret:
secretName: {{ .Values.secrets.rbd.volume | quote }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
old mode 100644
new mode 100755
index 17902c0..a274d12
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -54,7 +54,7 @@ spec:
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
initContainers:
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: ceph-keyring-placement
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -143,7 +143,7 @@ spec:
mountPath: /etc/cinder/conf/backends.conf
subPath: backends.conf
readOnly: true
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
@@ -194,7 +194,7 @@ spec:
secret:
secretName: cinder-etc
defaultMode: 0444
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: etcceph
emptyDir: {}
- name: pod-shared
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
old mode 100644
new mode 100755
index 54fd41e..f0da8d4
--- a/cinder/templates/job-clean.yaml
+++ b/cinder/templates/job-clean.yaml
@@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.job_clean }}
{{- $envAll := . }}
-{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
{{- $serviceAccountName := print "cinder-clean" }}
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -68,7 +68,7 @@ spec:
initContainers:
{{ tuple $envAll "clean" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: cinder-volume-rbd-secret-clean
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
old mode 100644
new mode 100755
index 2708181..99128db
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -65,7 +65,7 @@ spec:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: ceph-keyring-placement
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
@@ -95,7 +95,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: STORAGE_BACKEND
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
- name: RBD_POOL_NAME
@@ -120,7 +120,7 @@ spec:
mountPath: /tmp/storage-init.sh
subPath: storage-init.sh
readOnly: true
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
@@ -139,7 +139,7 @@ spec:
configMap:
name: cinder-bin
defaultMode: 0555
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- name: etcceph
emptyDir: {}
- name: ceph-etc
diff --git a/cinder/templates/utils/_has_ceph_backend.tpl b/cinder/templates/utils/_has_ceph_backend.tpl
new file mode 100644
index 0000000..0ff7ae5
--- /dev/null
+++ b/cinder/templates/utils/_has_ceph_backend.tpl
@@ -0,0 +1,25 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "cinder.utils.has_ceph_backend" -}}
+ {{- $has_ceph := false -}}
+ {{- range $_, $backend := .Values.conf.backends -}}
+ {{- if kindIs "map" $backend -}}
+ {{- $has_ceph = or $has_ceph (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
+ {{- end -}}
+ {{- end -}}
+ {{- $has_ceph -}}
+{{- end -}}
diff --git a/cinder/templates/utils/_is_ceph_volume_configured.tpl b/cinder/templates/utils/_is_ceph_volume_configured.tpl
deleted file mode 100644
index 63f2a73..0000000
--- a/cinder/templates/utils/_is_ceph_volume_configured.tpl
+++ /dev/null
@@ -1,25 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "cinder.utils.is_ceph_volume_configured" -}}
-{{- range $section, $values := .Values.conf.backends -}}
-{{- if kindIs "map" $values -}}
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
-true
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
--
1.8.3.1

305
openstack-helm/files/0017-Cinder-support-multiple-ceph-volume-backends.patch Normal file
View File

@ -0,0 +1,305 @@
From 05919ef2fd1ffc24ca389e4d9ecb54bf621031bd Mon Sep 17 00:00:00 2001
From: Daniel Badea <daniel.badea@windriver.com>
Date: Wed, 12 Jun 2019 15:03:43 +0000
Subject: [PATCH 2/2] Cinder support multiple ceph volume backends
Add support for multiple cinder volume ceph backends.
---
cinder/templates/deployment-backup.yaml | 9 +++---
cinder/templates/deployment-volume.yaml | 9 +++---
cinder/templates/job-backup-storage-init.yaml | 2 +-
cinder/templates/job-storage-init.yaml | 28 +++++++++--------
cinder/templates/utils/_ceph_backend_list.tpl | 36 ++++++++++++++++++++++
.../templates/utils/_ceph_volume_section_name.tpl | 25 ---------------
cinder/templates/utils/_is_ceph_backend.tpl | 21 +++++++++++++
cinder/values.yaml | 6 ++--
8 files changed, 86 insertions(+), 50 deletions(-)
create mode 100644 cinder/templates/utils/_ceph_backend_list.tpl
delete mode 100644 cinder/templates/utils/_ceph_volume_section_name.tpl
create mode 100644 cinder/templates/utils/_is_ceph_backend.tpl
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index 74e38ba..23b67fe 100755
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -76,8 +76,9 @@ spec:
subPath: key
readOnly: true
{{ end }}
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- - name: ceph-keyring-placement
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
+ {{- $backend := index $envAll.Values.conf.backends $name }}
+ - name: ceph-keyring-placement-{{$name}}
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
runAsUser: 0
@@ -85,7 +86,7 @@ spec:
- /tmp/ceph-keyring.sh
env:
- name: RBD_USER
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
+ value: {{ $backend.rbd_user | quote }}
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
@@ -97,7 +98,7 @@ spec:
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
- {{ end }}
+ {{- end }}
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-volume-perms
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index a274d12..f791cfa 100755
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -54,8 +54,9 @@ spec:
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
initContainers:
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
- - name: ceph-keyring-placement
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
+ {{- $backend := index $envAll.Values.conf.backends $name }}
+ - name: ceph-keyring-placement-{{$name}}
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
runAsUser: 0
@@ -63,7 +64,7 @@ spec:
- /tmp/ceph-keyring.sh
env:
- name: RBD_USER
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
+ value: {{ $backend.rbd_user | quote }}
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
@@ -75,7 +76,7 @@ spec:
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
- {{ end }}
+ {{- end }}
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
- name: ceph-coordination-volume-perms
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index a43ba99..f3a83a9 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -110,7 +110,7 @@ spec:
- name: RBD_POOL_NAME
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
- name: RBD_POOL_APP_NAME
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
+ value: {{ .Values.conf.ceph.pools.backup.app_name | quote }}
- name: RBD_POOL_USER
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
- name: RBD_POOL_CRUSH_RULE
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
index 99128db..5635feb 100755
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -87,7 +87,9 @@ spec:
{{ end }}
{{ end }}
containers:
- - name: cinder-storage-init
+ {{- range $name, $backend := .Values.conf.backends }}
+ {{- if kindIs "map" $backend }}
+ - name: cinder-storage-init-{{$name}}
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
@@ -95,23 +97,23 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
- name: STORAGE_BACKEND
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
+ value: {{ $backend.volume_driver | quote }}
- name: RBD_POOL_NAME
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
+ value: {{ $backend.rbd_pool | quote }}
- name: RBD_POOL_APP_NAME
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).app_name | quote }}
- name: RBD_POOL_USER
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
+ value: {{ $backend.rbd_user | quote }}
- name: RBD_POOL_CRUSH_RULE
- value: {{ .Values.conf.ceph.pools.volume.crush_rule | quote }}
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).crush_rule | quote }}
- name: RBD_POOL_REPLICATION
- value: {{ .Values.conf.ceph.pools.volume.replication | quote }}
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).replication | quote }}
- name: RBD_POOL_CHUNK_SIZE
- value: {{ .Values.conf.ceph.pools.volume.chunk_size | quote }}
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).chunk_size | quote }}
- name: RBD_POOL_SECRET
- value: {{ .Values.secrets.rbd.volume | quote }}
+ value: {{ $envAll.Values.secrets.rbd.volume | quote }}
{{- end }}
command:
- /tmp/storage-init.sh
@@ -120,20 +122,22 @@ spec:
mountPath: /tmp/storage-init.sh
subPath: storage-init.sh
readOnly: true
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- {{- if empty .Values.conf.ceph.admin_keyring }}
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
{{- end }}
{{- end }}
+ {{- end }}
+ {{- end }}
volumes:
- name: cinder-bin
configMap:
diff --git a/cinder/templates/utils/_ceph_backend_list.tpl b/cinder/templates/utils/_ceph_backend_list.tpl
new file mode 100644
index 0000000..bd681e6
--- /dev/null
+++ b/cinder/templates/utils/_ceph_backend_list.tpl
@@ -0,0 +1,36 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- /*
+ Return string with all ceph backends separated by comma. The list
+ is either empty or it starts with a comma. Assuming "a", "b" and
+ "c" are ceph backends then ceph_backend_list returns ",a,b,c".
+ This means the first element in the returned list representation
+ can always be skipped.
+
+ Usage:
+ range $name := rest (splitList include "cinder.utils.ceph_backend_list" $)
+*/ -}}
+{{- define "cinder.utils.ceph_backend_list" -}}
+ {{- range $name, $backend := .Values.conf.backends -}}
+ {{- if kindIs "map" $backend }}
+ {{- if (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
+ {{- "," -}}
+ {{- $name -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
diff --git a/cinder/templates/utils/_ceph_volume_section_name.tpl b/cinder/templates/utils/_ceph_volume_section_name.tpl
deleted file mode 100644
index af16d6a..0000000
--- a/cinder/templates/utils/_ceph_volume_section_name.tpl
+++ /dev/null
@@ -1,25 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "cinder.utils.ceph_volume_section_name" -}}
-{{- range $section, $values := .Values.conf.backends -}}
-{{- if kindIs "map" $values -}}
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
-{{ $section }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/cinder/templates/utils/_is_ceph_backend.tpl b/cinder/templates/utils/_is_ceph_backend.tpl
new file mode 100644
index 0000000..3d5c3be
--- /dev/null
+++ b/cinder/templates/utils/_is_ceph_backend.tpl
@@ -0,0 +1,21 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "cinder.utils.is_ceph_backend" -}}
+ {{- if kindIs "map" . -}}
+ {{- eq .volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
+ {{- end -}}
+{{- end -}}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 362f691..839f7fb 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -302,10 +302,6 @@ ceph_client:
user_secret_name: pvc-ceph-client-key
conf:
- software:
- rbd:
- rbd_pool_app_name_backup: cinder-backup
- rbd_pool_app_name: cinder-volume
paste:
composite:osapi_volume:
use: call:cinder.api:root_app_factory
@@ -745,10 +741,12 @@ conf:
replication: 3
crush_rule: replicated_rule
chunk_size: 8
+ app_name: cinder-backup
volume:
replication: 3
crush_rule: replicated_rule
chunk_size: 8
+ app_name: cinder-volume
cinder:
DEFAULT:
resource_query_filters_file: /etc/cinder/resource_filters.json
--
1.8.3.1

69
openstack-helm/files/0018-Nova-add-service-token.patch Normal file
View File

@ -0,0 +1,69 @@
From 0ce54f2f141d24d1cf5795db8679039c67ffac50 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Tue, 25 Jun 2019 20:20:41 -0400
Subject: [PATCH] Nova: add service token
Add capability for nova to send service token. Default to disabled.
Config setup is similar to keystone_authtoken.
Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
---
nova/templates/configmap-etc.yaml | 26 ++++++++++++++++++++++++++
nova/values.yaml | 3 +++
2 files changed, 29 insertions(+)
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 0d1e7a5..5446830 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -52,6 +52,32 @@ limitations under the License.
{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
+{{- if .Values.conf.nova.service_user.send_service_user_token -}}
+
+{{- if empty .Values.conf.nova.service_user.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.region_name -}}
+{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.project_name -}}
+{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.project_domain_name -}}
+{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.user_domain_name -}}
+{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.username -}}
+{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.service_user.password -}}
+{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}}
+{{- end -}}
+
+{{- end -}}
+
{{- if empty .Values.conf.nova.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}}
{{- end -}}
diff --git a/nova/values.yaml b/nova/values.yaml
index 433ec3a..ee00591 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -1507,6 +1507,9 @@ conf:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_user:
+ auth_type: password
+ send_service_user_token: false
libvirt:
connection_uri: "qemu+tcp://127.0.0.1/system"
images_type: qcow2
--
1.8.3.1

141
openstack-helm/files/0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch Normal file
View File

@ -0,0 +1,141 @@
From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Tue, 9 Jul 2019 14:22:02 -0400
Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints
Signed-off-by: Angie Wang <angie.wang@windriver.com>
---
aodh/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
aodh/values.yaml | 12 ++++++++++++
panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
panko/values.yaml | 12 ++++++++++++
4 files changed, 62 insertions(+)
create mode 100644 aodh/templates/secret-ingress-tls.yaml
create mode 100644 panko/templates/secret-ingress-tls.yaml
diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml
new file mode 100644
index 0000000..707b38c
--- /dev/null
+++ b/aodh/templates/secret-ingress-tls.yaml
@@ -0,0 +1,19 @@
+{{/*
+Copyright 2019 Wind River Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
+{{- end }}
diff --git a/aodh/values.yaml b/aodh/values.yaml
index 90c9fac..cf7c6d7 100644
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@@ -536,6 +536,10 @@ secrets:
oslo_messaging:
admin: aodh-rabbitmq-admin
aodh: aodh-rabbitmq-user
+ tls:
+ alarming:
+ api:
+ public: aodh-tls-public
bootstrap:
enabled: false
@@ -598,6 +602,13 @@ endpoints:
public: aodh
host_fqdn_override:
default: null
+ # NOTE: this chart supports TLS for fqdn over-ridden public
+ # endpoints using the following format:
+ # public:
+ # host: null
+ # tls:
+ # crt: null
+ # key: null
path:
default: null
scheme:
@@ -696,5 +707,6 @@ manifests:
secret_db: true
secret_keystone: true
secret_rabbitmq: true
+ secret_ingress_tls: true
service_api: true
service_ingress_api: true
diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml
new file mode 100644
index 0000000..9773f53
--- /dev/null
+++ b/panko/templates/secret-ingress-tls.yaml
@@ -0,0 +1,19 @@
+{{/*
+Copyright 2019 Wind River Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
+{{- end }}
diff --git a/panko/values.yaml b/panko/values.yaml
index 7adefd0..3acaf06 100644
--- a/panko/values.yaml
+++ b/panko/values.yaml
@@ -159,6 +159,10 @@ secrets:
oslo_db:
admin: panko-db-admin
panko: panko-db-user
+ tls:
+ event:
+ api:
+ public: panko-tls-public
bootstrap:
enabled: false
@@ -374,6 +378,13 @@ endpoints:
public: panko
host_fqdn_override:
default: null
+ # NOTE: this chart supports TLS for fqdn over-ridden public
+ # endpoints using the following format:
+ # public:
+ # host: null
+ # tls:
+ # crt: null
+ # key: null
path:
default: null
scheme:
@@ -580,6 +591,7 @@ manifests:
pod_rally_test: true
secret_db: true
secret_keystone: true
+ secret_ingress_tls: true
service_api: true
service_ingress_api: true
--
1.8.3.1

31
openstack-helm/files/0020-Change-cinder-bootstrap-script.patch Normal file
View File

@ -0,0 +1,31 @@
From 7de7cf2f14a58255d85149d08577dd63662aa6d9 Mon Sep 17 00:00:00 2001
From: Teresa Ho <teresa.ho@windriver.com>
Date: Mon, 15 Jul 2019 10:30:58 -0400
Subject: [PATCH] Change cinder bootstrap script
This commit changes the cinder template bootstrap script
to use the openstack client instead of the cinder client
to list volume types.
Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
---
cinder/templates/bin/_bootstrap.sh.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cinder/templates/bin/_bootstrap.sh.tpl b/cinder/templates/bin/_bootstrap.sh.tpl
index 6592d19..bd60fd8 100644
--- a/cinder/templates/bin/_bootstrap.sh.tpl
+++ b/cinder/templates/bin/_bootstrap.sh.tpl
@@ -48,7 +48,7 @@ openstack volume type show {{ $name }} || \
{{- end }}
{{- /* Check volume type and properties were added */}}
-cinder extra-specs-list
+openstack volume type list --long
{{- end }}
--
1.8.3.1

4
openstack-helm/files/index.yaml Normal file
View File

@ -0,0 +1,4 @@
---
apiVersion: v1
entries: {}
generated: 2019-01-07T12:33:46.098166523-06:00

12
openstack-helm/files/repositories.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
generated: 2019-01-02T15:19:36.215111369-06:00
repositories:
- caFile: ""
cache: /builddir/.helm/repository/cache/local-index.yaml
certFile: ""
keyFile: ""
name: local
password: ""
url: http://127.0.0.1:8879/charts
username: ""