Merge select content originating from repo 'stx-upstream'
Change-Id: Id9e1fb51f303925b09fe006c76dc413d278d5776 Signed-off-by: Scott Little <scott.little@windriver.com>
This commit is contained in:
commit
c2182633ab
|
@ -0,0 +1,8 @@
|
|||
This repo is for https://github.com/openstack/openstack-helm-infra
|
||||
|
||||
Changes to this repo are needed for StarlingX and those changes are
|
||||
not yet merged.
|
||||
Rather than clone and diverge the repo, the repo is extracted at a particular
|
||||
git SHA, and patches are applied on top.
|
||||
|
||||
As those patches are merged, the SHA can be updated and the local patches removed.
|
|
@ -0,0 +1,8 @@
|
|||
TAR_NAME=openstack-helm-infra
|
||||
SHA=aae64213c95fbcea7a0a7671dcb9d8a366f16fa5
|
||||
VERSION=1.0.0
|
||||
TAR="$TAR_NAME-$SHA.tar.gz"
|
||||
|
||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
|
||||
|
||||
TIS_PATCH_VER=14
|
|
@ -0,0 +1,88 @@
|
|||
%global sha aae64213c95fbcea7a0a7671dcb9d8a366f16fa5
|
||||
%global helm_folder /usr/lib/helm
|
||||
|
||||
Summary: Openstack-Helm-Infra charts
|
||||
Name: openstack-helm-infra
|
||||
Version: 1.0
|
||||
Release: %{tis_patch_ver}%{?_tis_dist}
|
||||
License: Apache-2.0
|
||||
Group: base
|
||||
Packager: Wind River <info@windriver.com>
|
||||
URL: https://github.com/openstack/openstack-helm-infra
|
||||
|
||||
Source0: %{name}-%{sha}.tar.gz
|
||||
Source1: repositories.yaml
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
Patch01: 0001-Allow-multiple-containers-per-daemonset-pod.patch
|
||||
Patch02: 0002-Add-imagePullSecrets-in-service-account.patch
|
||||
Patch03: 0003-Set-Min-NGINX-handles.patch
|
||||
Patch04: 0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
|
||||
Patch05: 0005-Add-a-configmap-for-ingress-controller-config.patch
|
||||
Patch06: 0006-Add-TLS-support-for-Gnocchi-public-endpoint.patch
|
||||
Patch07: 0007-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch
|
||||
Patch08: 0008-Add-io_thread_pool-for-rabbitmq.patch
|
||||
Patch09: 0009-Enable-override-of-rabbitmq-probe-parameters.patch
|
||||
|
||||
BuildRequires: helm
|
||||
|
||||
%description
|
||||
Openstack Helm Infra charts
|
||||
|
||||
%prep
|
||||
%setup -n openstack-helm-infra
|
||||
%patch01 -p1
|
||||
%patch02 -p1
|
||||
%patch03 -p1
|
||||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
%patch06 -p1
|
||||
%patch07 -p1
|
||||
%patch08 -p1
|
||||
%patch09 -p1
|
||||
|
||||
%build
|
||||
# initialize helm and build the toolkit
|
||||
# helm init --client-only does not work if there is no networking
|
||||
# The following commands do essentially the same as: helm init
|
||||
%define helm_home %{getenv:HOME}/.helm
|
||||
mkdir %{helm_home}
|
||||
mkdir %{helm_home}/repository
|
||||
mkdir %{helm_home}/repository/cache
|
||||
mkdir %{helm_home}/repository/local
|
||||
mkdir %{helm_home}/plugins
|
||||
mkdir %{helm_home}/starters
|
||||
mkdir %{helm_home}/cache
|
||||
mkdir %{helm_home}/cache/archive
|
||||
|
||||
# Stage a repository file that only has a local repo
|
||||
cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
|
||||
|
||||
# Host a server for the charts
|
||||
helm serve /tmp/charts --address localhost:8879 --url http://localhost:8879/charts &
|
||||
helm repo rm local
|
||||
helm repo add local http://localhost:8879/charts
|
||||
|
||||
# Make the charts. These produce tgz files
|
||||
make helm-toolkit
|
||||
make gnocchi
|
||||
make ingress
|
||||
make libvirt
|
||||
make mariadb
|
||||
make memcached
|
||||
make openvswitch
|
||||
make rabbitmq
|
||||
make ceph-rgw
|
||||
|
||||
# terminate helm server (the last backgrounded task)
|
||||
kill %1
|
||||
|
||||
%install
|
||||
install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder}
|
||||
install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder}
|
||||
|
||||
%files
|
||||
%dir %attr(0755,root,root) %{helm_folder}
|
||||
%defattr(-,root,root,-)
|
||||
%{helm_folder}/*
|
|
@ -0,0 +1,40 @@
|
|||
From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Wed, 9 Jan 2019 20:11:33 -0500
|
||||
Subject: [PATCH 1/4] Allow multiple containers per daemonset pod
|
||||
|
||||
Remove code that restricted daemonset pods to single containers.
|
||||
Container names will default to name from helm chart template.
|
||||
Required for nova cold migrations to work.
|
||||
|
||||
Story: 2003876
|
||||
Task: 26735
|
||||
Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 -------
|
||||
1 file changed, 7 deletions(-)
|
||||
|
||||
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
index 743bd6b..c02de9e 100644
|
||||
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
@@ -223,13 +223,6 @@ limitations under the License.
|
||||
{{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }}
|
||||
{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }}
|
||||
|
||||
- {{/* set container name
|
||||
- assume not more than one container is defined */}}
|
||||
- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }}
|
||||
- {{- $_ := set $container "name" $current_dict.dns_1123_name }}
|
||||
- {{- $cont_list := list $container }}
|
||||
- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }}
|
||||
-
|
||||
{{/* cross-reference configmap name to container volume definitions */}}
|
||||
{{- $_ := set $context.Values "__volume_list" list }}
|
||||
{{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }}
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Mon, 11 Feb 2019 11:29:03 -0500
|
||||
Subject: [PATCH 2/4] Add imagePullSecrets in service account
|
||||
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||
index b4cf1a6..2f4113b 100644
|
||||
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||
@@ -44,6 +44,8 @@ kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $saName }}
|
||||
namespace: {{ $saNamespace }}
|
||||
+imagePullSecrets:
|
||||
+ - name: default-registry-key
|
||||
{{- range $k, $v := $deps -}}
|
||||
{{- if eq $k "services" }}
|
||||
{{- range $serv := $v }}
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
From 93ec2454cba41bf3de1419bada1f145f1ca9dbd9 Mon Sep 17 00:00:00 2001
|
||||
From: Al Bailey <Al.Bailey@windriver.com>
|
||||
Date: Wed, 20 Feb 2019 13:56:27 -0600
|
||||
Subject: [PATCH 3/4] Set Min NGINX handles
|
||||
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
mariadb/files/nginx.tmpl | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
|
||||
index 5ec3d0d..07b7cc5 100644
|
||||
--- a/mariadb/files/nginx.tmpl
|
||||
+++ b/mariadb/files/nginx.tmpl
|
||||
@@ -23,7 +23,9 @@ daemon off;
|
||||
|
||||
worker_processes {{ $cfg.WorkerProcesses }};
|
||||
pid /run/nginx.pid;
|
||||
-{{ if ne .MaxOpenFiles 0 }}
|
||||
+{{ if lt .MaxOpenFiles 2048 }}
|
||||
+worker_rlimit_nofile 2048;
|
||||
+{{else}}
|
||||
worker_rlimit_nofile {{ .MaxOpenFiles }};
|
||||
{{ end }}
|
||||
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Mon, 8 Apr 2019 02:12:39 -0400
|
||||
Subject: [PATCH 4/4] Partial revert of
|
||||
31e3469d28858d7b5eb6355e88b6f49fd62032be
|
||||
|
||||
Suspect that new use of mergeOverwrite vs. merge is breaking the
|
||||
per-host DaemonSet overrides.
|
||||
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
index c02de9e..ef52592 100644
|
||||
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
@@ -48,10 +48,10 @@ limitations under the License.
|
||||
{{/* apply overrides */}}
|
||||
{{- $override_conf_copy := $host_data.conf }}
|
||||
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
|
||||
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
|
||||
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
|
||||
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
|
||||
{{- $context_values := omit $context.Values "conf" }}
|
||||
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
|
||||
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
|
||||
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
|
||||
{{- $_ := set $current_dict "nodeData" $root_conf_copy4 }}
|
||||
|
||||
@@ -87,10 +87,10 @@ limitations under the License.
|
||||
{{/* apply overrides */}}
|
||||
{{- $override_conf_copy := $label_data.conf }}
|
||||
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
|
||||
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
|
||||
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
|
||||
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
|
||||
{{- $context_values := omit $context.Values "conf" }}
|
||||
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
|
||||
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
|
||||
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
|
||||
{{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }}
|
||||
|
||||
@@ -185,7 +185,7 @@ limitations under the License.
|
||||
{{- $root_conf_copy1 := omit $context.Values.conf "overrides" }}
|
||||
{{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }}
|
||||
{{- $context_values := omit $context.Values "conf" }}
|
||||
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
|
||||
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
|
||||
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
|
||||
{{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }}
|
||||
|
||||
@@ -196,7 +196,7 @@ limitations under the License.
|
||||
{{- range $current_dict := $context.Values.__daemonset_list }}
|
||||
|
||||
{{- $context_novalues := omit $context "Values" }}
|
||||
- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }}
|
||||
+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }}
|
||||
{{- $_ := set $current_dict "nodeData" $merged_dict }}
|
||||
{{/* Deep copy original daemonset_yaml */}}
|
||||
{{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }}
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
From 9fd9b6276bfd41a01c73321e141ef1d14fcdd15c Mon Sep 17 00:00:00 2001
|
||||
From: Yi Wang <yi.c.wang@intel.com>
|
||||
Date: Fri, 17 May 2019 14:56:04 +0800
|
||||
Subject: [PATCH] Add a configmap for ingress controller config
|
||||
|
||||
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
|
||||
---
|
||||
.../bin/_mariadb-ingress-controller.sh.tpl | 1 +
|
||||
mariadb/templates/configmap-ingress-conf.yaml | 27 +++++++++++++++++++
|
||||
mariadb/values.yaml | 3 +++
|
||||
3 files changed, 31 insertions(+)
|
||||
create mode 100755 mariadb/templates/configmap-ingress-conf.yaml
|
||||
|
||||
diff --git a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
|
||||
index af6e0c0..f214ec3 100644
|
||||
--- a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
|
||||
+++ b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
|
||||
@@ -27,6 +27,7 @@ function start () {
|
||||
--election-id=${RELEASE_NAME} \
|
||||
--ingress-class=${INGRESS_CLASS} \
|
||||
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
|
||||
+ --configmap=${POD_NAMESPACE}/mariadb-ingress-conf \
|
||||
--tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp
|
||||
}
|
||||
|
||||
diff --git a/mariadb/templates/configmap-ingress-conf.yaml b/mariadb/templates/configmap-ingress-conf.yaml
|
||||
new file mode 100755
|
||||
index 0000000..64ffdd1
|
||||
--- /dev/null
|
||||
+++ b/mariadb/templates/configmap-ingress-conf.yaml
|
||||
@@ -0,0 +1,27 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.configmap_ingress_conf }}
|
||||
+{{- $envAll := . }}
|
||||
+
|
||||
+---
|
||||
+apiVersion: v1
|
||||
+kind: ConfigMap
|
||||
+metadata:
|
||||
+ name: mariadb-ingress-conf
|
||||
+data:
|
||||
+{{ toYaml .Values.conf.ingress_conf | indent 2 }}
|
||||
+{{- end }}
|
||||
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
|
||||
index c0a928e..ca9788b 100644
|
||||
--- a/mariadb/values.yaml
|
||||
+++ b/mariadb/values.yaml
|
||||
@@ -200,6 +200,8 @@ jobs:
|
||||
|
||||
conf:
|
||||
ingress: null
|
||||
+ ingress_conf:
|
||||
+ worker-processes: "auto"
|
||||
backup:
|
||||
enabled: true
|
||||
base_path: /var/backup
|
||||
@@ -322,6 +324,7 @@ network_policy:
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc: true
|
||||
+ configmap_ingress_conf: true
|
||||
configmap_services_tcp: true
|
||||
deployment_error: true
|
||||
deployment_ingress: true
|
||||
--
|
||||
2.17.1
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
From e2e9b3c707599b4074ebf504f6a2fa5c185481e2 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Tue, 9 Jul 2019 13:37:29 -0400
|
||||
Subject: [PATCH 1/1] Add TLS support for Gnocchi public endpoint
|
||||
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
---
|
||||
gnocchi/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
gnocchi/values.yaml | 12 ++++++++++++
|
||||
2 files changed, 31 insertions(+)
|
||||
create mode 100644 gnocchi/templates/secret-ingress-tls.yaml
|
||||
|
||||
diff --git a/gnocchi/templates/secret-ingress-tls.yaml b/gnocchi/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..fc279cd
|
||||
--- /dev/null
|
||||
+++ b/gnocchi/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "metric" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml
|
||||
index 2d5f48b..73e245f 100644
|
||||
--- a/gnocchi/values.yaml
|
||||
+++ b/gnocchi/values.yaml
|
||||
@@ -470,6 +470,10 @@ secrets:
|
||||
admin: gnocchi-db-indexer-admin
|
||||
gnocchi: gnocchi-db-indexer-user
|
||||
rbd: gnocchi-rbd-keyring
|
||||
+ tls:
|
||||
+ metric:
|
||||
+ api:
|
||||
+ public: gnocchi-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -536,6 +540,13 @@ endpoints:
|
||||
public: gnocchi
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -631,6 +642,7 @@ manifests:
|
||||
pod_gnocchi_test: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
service_statsd: true
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001
|
||||
From: Ovidiu Poncea <ovidiu.poncea@windriver.com>
|
||||
Date: Mon, 29 Jul 2019 08:00:01 -0400
|
||||
Subject: [PATCH] Fix pod restarts on all workers when worker added/removed
|
||||
|
||||
---
|
||||
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++--
|
||||
helm-toolkit/templates/utils/_hash.tpl | 2 +-
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
index ef52592..d7194af 100644
|
||||
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
|
||||
@@ -213,7 +213,7 @@ limitations under the License.
|
||||
name uniqueness */}}
|
||||
{{- $_ := set $current_dict "dns_1123_name" dict }}
|
||||
{{- if hasKey $current_dict "matchExpressions" }}
|
||||
- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }}
|
||||
+ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }}
|
||||
{{- else }}
|
||||
{{- $_ := set $current_dict "dns_1123_name" $name_format2 }}
|
||||
{{- end }}
|
||||
@@ -256,7 +256,7 @@ limitations under the License.
|
||||
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }}
|
||||
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }}
|
||||
{{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }}
|
||||
- {{- $values_hash := $cmap | quote | sha256sum }}
|
||||
+ {{- $values_hash := $cmap | toJson | sha256sum }}
|
||||
{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }}
|
||||
|
||||
{{/* generate configmap */}}
|
||||
diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl
|
||||
index 1041ec0..e419e3b 100644
|
||||
--- a/helm-toolkit/templates/utils/_hash.tpl
|
||||
+++ b/helm-toolkit/templates/utils/_hash.tpl
|
||||
@@ -19,5 +19,5 @@ limitations under the License.
|
||||
{{- $context := index . 1 -}}
|
||||
{{- $last := base $context.Template.Name }}
|
||||
{{- $wtf := $context.Template.Name | replace $last $name -}}
|
||||
-{{- include $wtf $context | sha256sum | quote -}}
|
||||
+{{- include $wtf $context | toJson | sha256sum | quote -}}
|
||||
{{- end -}}
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From f4c56def0797f093f626720871bd5e525227685e Mon Sep 17 00:00:00 2001
|
||||
From: Bin Yang <bin.yang@intel.com>
|
||||
Date: Tue, 13 Aug 2019 10:15:14 +0800
|
||||
Subject: [PATCH] add io_thread_pool for rabbitmq
|
||||
|
||||
Signed-off-by: Bin Yang <bin.yang@intel.com>
|
||||
---
|
||||
rabbitmq/templates/statefulset.yaml | 8 ++++++++
|
||||
rabbitmq/values.yaml | 4 ++++
|
||||
2 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
|
||||
index 1016f7f..afe5520 100644
|
||||
--- a/rabbitmq/templates/statefulset.yaml
|
||||
+++ b/rabbitmq/templates/statefulset.yaml
|
||||
@@ -111,6 +111,10 @@ spec:
|
||||
key: RABBITMQ_ADMIN_PASSWORD
|
||||
- name: RABBITMQ_DEFINITION_FILE
|
||||
value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}"
|
||||
+{{- if $envAll.Values.io_thread_pool.enabled }}
|
||||
+ - name: RABBITMQ_IO_THREAD_POOL_SIZE
|
||||
+ value: {{ $envAll.Values.io_thread_pool.size | quote }}
|
||||
+{{- end }}
|
||||
volumeMounts:
|
||||
- name: rabbitmq-data
|
||||
mountPath: /var/lib/rabbitmq
|
||||
@@ -190,6 +194,10 @@ spec:
|
||||
value: "{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||
- name: PORT_CLUSTERING
|
||||
value: "{{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}"
|
||||
+{{- if $envAll.Values.io_thread_pool.enabled }}
|
||||
+ - name: RABBITMQ_IO_THREAD_POOL_SIZE
|
||||
+ value: {{ $envAll.Values.io_thread_pool.size | quote }}
|
||||
+{{- end }}
|
||||
readinessProbe:
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 10
|
||||
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
|
||||
index bdc730a..367058e 100644
|
||||
--- a/rabbitmq/values.yaml
|
||||
+++ b/rabbitmq/values.yaml
|
||||
@@ -290,6 +290,10 @@ volume:
|
||||
class_name: general
|
||||
size: 256Mi
|
||||
|
||||
+io_thread_pool:
|
||||
+ enabled: false
|
||||
+ size: 64
|
||||
+
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc: true
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
From 132df9829fa4c697e0b9701871888708973f9123 Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Fri, 16 Aug 2019 14:29:46 -0400
|
||||
Subject: [PATCH] Enable override of rabbitmq probe parameters
|
||||
|
||||
Add variables for initial delay, period and timeout for rabbitmq
|
||||
liveness and readiness probes.
|
||||
|
||||
Change-Id: I8d2685118eb4ce3b8c27952892f7ad553fc5de77
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
---
|
||||
rabbitmq/templates/statefulset.yaml | 10 ++++++----
|
||||
rabbitmq/values.yaml | 9 +++++++++
|
||||
2 files changed, 15 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
|
||||
index afe5520..7b57c64 100644
|
||||
--- a/rabbitmq/templates/statefulset.yaml
|
||||
+++ b/rabbitmq/templates/statefulset.yaml
|
||||
@@ -199,14 +199,16 @@ spec:
|
||||
value: {{ $envAll.Values.io_thread_pool.size | quote }}
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
- initialDelaySeconds: 10
|
||||
- timeoutSeconds: 10
|
||||
+ initialDelaySeconds: {{ $envAll.Values.pod.probes.readiness.initialDelaySeconds }}
|
||||
+ periodSeconds: {{ $envAll.Values.pod.probes.readiness.periodSeconds }}
|
||||
+ timeoutSeconds: {{ $envAll.Values.pod.probes.readiness.timeoutSeconds }}
|
||||
exec:
|
||||
command:
|
||||
- /tmp/rabbitmq-readiness.sh
|
||||
livenessProbe:
|
||||
- initialDelaySeconds: 30
|
||||
- timeoutSeconds: 10
|
||||
+ initialDelaySeconds: {{ $envAll.Values.pod.probes.liveness.initialDelaySeconds }}
|
||||
+ periodSeconds: {{ $envAll.Values.pod.probes.liveness.periodSeconds }}
|
||||
+ timeoutSeconds: {{ $envAll.Values.pod.probes.liveness.timeoutSeconds }}
|
||||
exec:
|
||||
command:
|
||||
- /tmp/rabbitmq-liveness.sh
|
||||
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
|
||||
index 367058e..cfd151c 100644
|
||||
--- a/rabbitmq/values.yaml
|
||||
+++ b/rabbitmq/values.yaml
|
||||
@@ -102,6 +102,15 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
+ probes:
|
||||
+ readiness:
|
||||
+ initialDelaySeconds: 10
|
||||
+ periodSeconds: 10
|
||||
+ timeoutSeconds: 10
|
||||
+ liveness:
|
||||
+ initialDelaySeconds: 30
|
||||
+ periodSeconds: 10
|
||||
+ timeoutSeconds: 10
|
||||
|
||||
conf:
|
||||
enabled_plugins:
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
generated: 2019-01-02T15:19:36.215111369-06:00
|
||||
repositories:
|
||||
- caFile: ""
|
||||
cache: /builddir/.helm/repository/cache/local-index.yaml
|
||||
certFile: ""
|
||||
keyFile: ""
|
||||
name: local
|
||||
password: ""
|
||||
url: http://127.0.0.1:8879/charts
|
||||
username: ""
|
|
@ -0,0 +1,8 @@
|
|||
This repo is for https://github.com/openstack/openstack-helm
|
||||
|
||||
Changes to this repo are needed for StarlingX and those changes are
|
||||
not yet merged.
|
||||
Rather than clone and diverge the repo, the repo is extracted at a particular
|
||||
git SHA, and patches are applied on top.
|
||||
|
||||
As those patches are merged, the SHA can be updated and the local patches removed.
|
|
@ -0,0 +1,8 @@
|
|||
TAR_NAME=openstack-helm
|
||||
SHA=6c71637222f47d85681038994f02feac92f75bd2
|
||||
VERSION=1.0.0
|
||||
TAR="$TAR_NAME-$SHA.tar.gz"
|
||||
|
||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
|
||||
|
||||
TIS_PATCH_VER=21
|
|
@ -0,0 +1,132 @@
|
|||
%global sha 6c71637222f47d85681038994f02feac92f75bd2
|
||||
%global helm_folder /usr/lib/helm
|
||||
%global toolkit_version 0.1.0
|
||||
%global helmchart_version 0.1.0
|
||||
%global _default_patch_flags --no-backup-if-mismatch --prefix=/tmp/junk
|
||||
|
||||
Summary: Openstack-Helm charts
|
||||
Name: openstack-helm
|
||||
Version: 1.0
|
||||
Release: %{tis_patch_ver}%{?_tis_dist}
|
||||
License: Apache-2.0
|
||||
Group: base
|
||||
Packager: Wind River <info@windriver.com>
|
||||
URL: https://github.com/openstack/openstack-helm
|
||||
|
||||
Source0: %{name}-%{sha}.tar.gz
|
||||
Source1: repositories.yaml
|
||||
Source2: index.yaml
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
Patch01: 0001-Add-Aodh-Chart.patch
|
||||
Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
|
||||
Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
|
||||
Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
|
||||
Patch05: 0005-Nova-console-ip-address-search-optionality.patch
|
||||
Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
|
||||
Patch07: 0007-Horizon-Disable-apache2-status_module.patch
|
||||
Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
|
||||
Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
|
||||
Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
|
||||
Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
|
||||
Patch12: 0012-Add-internal-tenant-id-in-conf.patch
|
||||
Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch
|
||||
Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch
|
||||
Patch15: 0015-Add-Placement-Chart.patch
|
||||
Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
|
||||
Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
|
||||
Patch18: 0018-Nova-add-service-token.patch
|
||||
Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
|
||||
Patch20: 0020-Change-cinder-bootstrap-script.patch
|
||||
|
||||
BuildRequires: helm
|
||||
BuildRequires: openstack-helm-infra
|
||||
Requires: openstack-helm-infra
|
||||
|
||||
%description
|
||||
Openstack Helm charts
|
||||
|
||||
%prep
|
||||
%setup -n openstack-helm
|
||||
%patch01 -p1
|
||||
%patch02 -p1
|
||||
%patch03 -p1
|
||||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
%patch06 -p1
|
||||
%patch07 -p1
|
||||
%patch08 -p1
|
||||
%patch09 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
|
||||
%build
|
||||
# initialize helm and build the toolkit
|
||||
# helm init --client-only does not work if there is no networking
|
||||
# The following commands do essentially the same as: helm init
|
||||
%define helm_home %{getenv:HOME}/.helm
|
||||
mkdir %{helm_home}
|
||||
mkdir %{helm_home}/repository
|
||||
mkdir %{helm_home}/repository/cache
|
||||
mkdir %{helm_home}/repository/local
|
||||
mkdir %{helm_home}/plugins
|
||||
mkdir %{helm_home}/starters
|
||||
mkdir %{helm_home}/cache
|
||||
mkdir %{helm_home}/cache/archive
|
||||
|
||||
# Stage a repository file that only has a local repo
|
||||
cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
|
||||
|
||||
# Stage a local repo index that can be updated by the build
|
||||
cp %{SOURCE2} %{helm_home}/repository/local/index.yaml
|
||||
|
||||
# Stage helm-toolkit in the local repo
|
||||
cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz .
|
||||
|
||||
# Host a server for the charts
|
||||
helm serve --repo-path . &
|
||||
helm repo rm local
|
||||
helm repo add local http://localhost:8879/charts
|
||||
|
||||
# Make the charts. These produce a tgz file
|
||||
make aodh
|
||||
make barbican
|
||||
make ceilometer
|
||||
make cinder
|
||||
make glance
|
||||
make heat
|
||||
make horizon
|
||||
make ironic
|
||||
make keystone
|
||||
make magnum
|
||||
make neutron
|
||||
make nova
|
||||
make panko
|
||||
make placement
|
||||
|
||||
# terminate helm server (the last backgrounded task)
|
||||
kill %1
|
||||
|
||||
# Remove the helm-toolkit tarball
|
||||
rm helm-toolkit-%{toolkit_version}.tgz
|
||||
|
||||
%install
|
||||
# helm_folder is created by openstack-helm-infra
|
||||
install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder}
|
||||
install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder}
|
||||
|
||||
%files
|
||||
#helm_folder is owned by openstack-helm-infra
|
||||
%defattr(-,root,root,-)
|
||||
%{helm_folder}/*
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,93 @@
|
|||
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Wed, 6 Mar 2019 18:06:06 -0500
|
||||
Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
|
||||
panko
|
||||
|
||||
Ceilometer notification agent sends the events to panko via panko
|
||||
dispatcher/publisher which requires the db connection information
|
||||
in /etc/panko/panko.conf.
|
||||
This commit updates to mount the configuration file for panko in
|
||||
ceilometer notification pod.
|
||||
|
||||
Change-Id: I4ca524ed7462f945a245e9dbe1d69493dbc4211d
|
||||
Story: 2005019
|
||||
Task: 29498
|
||||
Depends-On: https://review.openstack.org/#/c/641144/
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 34 insertions(+)
|
||||
|
||||
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
|
||||
index e6ae7e3a..9deade59 100644
|
||||
--- a/ceilometer/values.yaml
|
||||
+++ b/ceilometer/values.yaml
|
||||
@@ -728,6 +728,11 @@ conf:
|
||||
- name: event_sink
|
||||
publishers:
|
||||
- notifier://
|
||||
+ # The following publisher will enable to publish events to panko.
|
||||
+ # Ocata:
|
||||
+ # - direct://?dispatcher=panko
|
||||
+ # Pike:
|
||||
+ # - panko://
|
||||
transformers: null
|
||||
sources:
|
||||
- events:
|
||||
@@ -1618,6 +1623,8 @@ dependencies:
|
||||
service: mongodb
|
||||
- endpoint: internal
|
||||
service: metric
|
||||
+ - endpoint: internal
|
||||
+ service: event
|
||||
tests:
|
||||
services:
|
||||
- endpoint: internal
|
||||
@@ -1739,6 +1746,21 @@ endpoints:
|
||||
api:
|
||||
default: 8041
|
||||
public: 80
|
||||
+ event:
|
||||
+ name: panko
|
||||
+ hosts:
|
||||
+ default: panko-api
|
||||
+ public: panko
|
||||
+ host_fqdn_override:
|
||||
+ default: null
|
||||
+ path:
|
||||
+ default: null
|
||||
+ scheme:
|
||||
+ default: 'http'
|
||||
+ port:
|
||||
+ api:
|
||||
+ default: 8977
|
||||
+ public: 80
|
||||
alarming:
|
||||
name: aodh
|
||||
hosts:
|
||||
@@ -1865,7 +1887,19 @@ pod:
|
||||
init_container: null
|
||||
ceilometer_notification:
|
||||
volumeMounts:
|
||||
+ - name: etcpanko
|
||||
+ mountPath: /etc/panko
|
||||
+ - name: panko-etc
|
||||
+ mountPath: /etc/panko/panko.conf
|
||||
+ subPath: panko.conf
|
||||
+ readOnly: true
|
||||
volumes:
|
||||
+ - name: etcpanko
|
||||
+ emptyDir: {}
|
||||
+ - name: panko-etc
|
||||
+ secret:
|
||||
+ secretName: panko-etc
|
||||
+ defaultMode: 0444
|
||||
replicas:
|
||||
api: 1
|
||||
central: 1
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Friesen <chris.friesen@windriver.com>
|
||||
Date: Wed, 28 Nov 2018 01:33:39 -0500
|
||||
Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
|
||||
|
||||
Stale Apache2 pids will prevent Apache2 from starting and will leave
|
||||
the POD in a crashed state.
|
||||
|
||||
Note: the pid file is somewhat confusingly called
|
||||
/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
|
||||
/var/run/httpd.
|
||||
|
||||
This is loosely based off the in-review upstream commit at
|
||||
https://review.openstack.org/#/c/619747
|
||||
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
|
||||
keystone/templates/bin/_keystone-api.sh.tpl | 6 ++----
|
||||
nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++
|
||||
3 files changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
index cdb02f79..392873c7 100644
|
||||
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
@@ -25,6 +25,9 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
+ # Get rid of stale pid file if present.
|
||||
+ rm -f /var/run/apache2/*.pid
|
||||
+
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
}
|
||||
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
index 2f127b94..11726809 100644
|
||||
--- a/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
@@ -31,10 +31,8 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
- if [ -f /var/run/apache2/apache2.pid ]; then
|
||||
- # Remove the stale pid for debian/ubuntu images
|
||||
- rm -f /var/run/apache2/apache2.pid
|
||||
- fi
|
||||
+ # Get rid of stale pid, shared memory segment and wsgi sock files if present.
|
||||
+ rm -f /var/run/apache2/*
|
||||
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
index f9c8d7c5..b4bcf178 100644
|
||||
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
@@ -28,6 +28,9 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
+ # Get rid of stale pid file if present.
|
||||
+ rm -f /var/run/apache2/*.pid
|
||||
+
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
}
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,184 @@
|
|||
From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Thu, 10 Jan 2019 00:12:21 -0500
|
||||
Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
|
||||
|
||||
- Fix .ssh/config file mapping
|
||||
- Move private key from nova-compute-ssh container to nova-compute
|
||||
container.
|
||||
- Map private and public keys to configmap-ssh which will default to
|
||||
the appropriate file permissions.
|
||||
- Add additional config to /etc/ssh/sshd_config to allow passwordless
|
||||
root logins over appropriate subnet passed in from overrides.
|
||||
- Remove chmods from sshd bash script as they are failing.
|
||||
|
||||
Depends on helm-toolkit supporting multiple containers per daemonset
|
||||
pod.
|
||||
|
||||
Story: 2003463
|
||||
Task: 24723
|
||||
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++---
|
||||
nova/templates/configmap-etc.yaml | 4 ++--
|
||||
nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++
|
||||
nova/templates/daemonset-compute.yaml | 14 +++++++++-----
|
||||
nova/values.yaml | 5 +++++
|
||||
5 files changed, 67 insertions(+), 10 deletions(-)
|
||||
create mode 100755 nova/templates/configmap-ssh.yaml
|
||||
|
||||
diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
|
||||
index 1c10cb07..158090b0 100644
|
||||
--- a/nova/templates/bin/_ssh-start.sh.tpl
|
||||
+++ b/nova/templates/bin/_ssh-start.sh.tpl
|
||||
@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
|
||||
chown nova: ~nova/.ssh
|
||||
fi
|
||||
|
||||
-chmod 0600 ~root/.ssh/authorized_keys
|
||||
-chmod 0600 ~root/.ssh/id_rsa
|
||||
-chmod 0600 ~root/.ssh/id_rsa.pub
|
||||
+{{- if .Values.network.sshd.enabled }}
|
||||
+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
|
||||
+cat > /tmp/sshd_config_extend <<EOF
|
||||
+
|
||||
+# This Match block prevents Password Authentication for root user
|
||||
+Match User root
|
||||
+ PasswordAuthentication no
|
||||
+
|
||||
+# This Match Block is used to allow Root Login exceptions over the
|
||||
+# internal subnet used by Nova Migrations
|
||||
+Match Address $subnet_address
|
||||
+ PermitRootLogin without-password
|
||||
+EOF
|
||||
+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
|
||||
+rm /tmp/sshd_config_extend
|
||||
+{{- end }}
|
||||
|
||||
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
|
||||
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
|
||||
index 55aa3114..0d1e7a5e 100644
|
||||
--- a/nova/templates/configmap-etc.yaml
|
||||
+++ b/nova/templates/configmap-etc.yaml
|
||||
@@ -232,8 +232,8 @@ data:
|
||||
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
|
||||
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
|
||||
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
|
||||
-# FIXME(portdirect): why is this file suffixed .sh?
|
||||
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
|
||||
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
|
||||
+
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
|
||||
new file mode 100755
|
||||
index 00000000..bab8e330
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/configmap-ssh.yaml
|
||||
@@ -0,0 +1,35 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "nova.configmap.ssh" }}
|
||||
+{{- $envAll := index . 1 }}
|
||||
+{{- with $envAll }}
|
||||
+---
|
||||
+apiVersion: v1
|
||||
+kind: Secret
|
||||
+metadata:
|
||||
+ name: nova-ssh
|
||||
+type: Opaque
|
||||
+data:
|
||||
+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
|
||||
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
|
||||
+
|
||||
+{{- end }}
|
||||
+{{- end }}
|
||||
+
|
||||
+{{- if .Values.manifests.configmap_etc }}
|
||||
+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
|
||||
+{{- end }}
|
||||
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
|
||||
index 09627042..4a7b90b5 100644
|
||||
--- a/nova/templates/daemonset-compute.yaml
|
||||
+++ b/nova/templates/daemonset-compute.yaml
|
||||
@@ -258,6 +258,9 @@ spec:
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: ssh-config
|
||||
readOnly: true
|
||||
+ - name: nova-ssh
|
||||
+ mountPath: /root/.ssh/id_rsa
|
||||
+ subPath: ssh-key-private
|
||||
{{- if .Values.conf.ceph.enabled }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -314,13 +317,10 @@ spec:
|
||||
mountPath: /var/lib/nova
|
||||
- name: varliblibvirt
|
||||
mountPath: /var/lib/libvirt
|
||||
- - name: nova-etc
|
||||
- mountPath: /root/.ssh/id_rsa
|
||||
- subPath: ssh-key-private
|
||||
- - name: nova-etc
|
||||
+ - name: nova-ssh
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: ssh-key-public
|
||||
- - name: nova-etc
|
||||
+ - name: nova-ssh
|
||||
mountPath: /root/.ssh/authorized_keys
|
||||
subPath: ssh-key-public
|
||||
- name: nova-bin
|
||||
@@ -336,6 +336,10 @@ spec:
|
||||
secret:
|
||||
secretName: {{ $configMapName }}
|
||||
defaultMode: 0444
|
||||
+ - name: nova-ssh
|
||||
+ secret:
|
||||
+ secretName: nova-ssh
|
||||
+ defaultMode: 0400
|
||||
{{- if .Values.conf.ceph.enabled }}
|
||||
- name: etcceph
|
||||
hostPath:
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 7cb4d553..8599027a 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -211,6 +211,9 @@ network:
|
||||
ssh:
|
||||
name: "nova-ssh"
|
||||
port: 8022
|
||||
+ sshd:
|
||||
+ enabled: false
|
||||
+ from_subnet: 0.0.0.0/24
|
||||
|
||||
dependencies:
|
||||
dynamic:
|
||||
@@ -462,6 +465,8 @@ conf:
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
Port {{ .Values.network.ssh.port }}
|
||||
+ ssh_private: 'null'
|
||||
+ ssh_public: 'null'
|
||||
rally_tests:
|
||||
run_tempest: false
|
||||
tests:
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Wed, 27 Mar 2019 00:35:57 -0400
|
||||
Subject: [PATCH 05/11] Nova console/ip address search optionality
|
||||
|
||||
Add options to nova to enable/disable the use of:
|
||||
1. the vnc or spice server proxyclient address found by the console
|
||||
compute init container
|
||||
2. my_ip hypervisor address found by compute init container
|
||||
|
||||
These options can be used to prevent cases where the found addresses
|
||||
overwrite what has already been defined in nova.conf by per host nova
|
||||
compute daemonset overrides.
|
||||
|
||||
Story: 2005259
|
||||
Task: 30066
|
||||
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
|
||||
nova/values.yaml | 2 ++
|
||||
2 files changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
|
||||
index c80da6d6..4927908a 100644
|
||||
--- a/nova/templates/bin/_nova-compute.sh.tpl
|
||||
+++ b/nova/templates/bin/_nova-compute.sh.tpl
|
||||
@@ -20,6 +20,10 @@ set -ex
|
||||
|
||||
exec nova-compute \
|
||||
--config-file /etc/nova/nova.conf \
|
||||
+{{- if .Values.console.address_search_enabled }}
|
||||
--config-file /tmp/pod-shared/nova-console.conf \
|
||||
+{{- end }}
|
||||
--config-file /tmp/pod-shared/nova-libvirt.conf \
|
||||
- --config-file /tmp/pod-shared/nova-hypervisor.conf
|
||||
\ No newline at end of file
|
||||
+{{- if .Values.conf.hypervisor.address_search_enabled }}
|
||||
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
|
||||
+{{- end }}
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 8599027a..0887cecc 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -440,6 +440,7 @@ console:
|
||||
vncproxy:
|
||||
# IF blank, search default routing interface
|
||||
vncserver_proxyclient_interface:
|
||||
+ address_search_enabled: true
|
||||
|
||||
ssh:
|
||||
key_types:
|
||||
@@ -1433,6 +1434,7 @@ conf:
|
||||
# If this option is set to None, the hostname of the migration target compute node will be used.
|
||||
live_migration_interface:
|
||||
hypervisor:
|
||||
+ address_search_enabled: true
|
||||
# my_ip can be set automatically through this interface name.
|
||||
host_interface:
|
||||
nova:
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,346 @@
|
|||
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
|
||||
From: Irina Mihai <irina.mihai@windriver.com>
|
||||
Date: Tue, 26 Feb 2019 17:43:53 +0000
|
||||
Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
|
||||
|
||||
If libvirt images_type is rbd, then we need to have the
|
||||
images_rbd_pool present. These changes add a new job
|
||||
to make sure this pool exists.
|
||||
|
||||
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
|
||||
Story: 2004922
|
||||
Task: 29285
|
||||
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
|
||||
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
|
||||
nova/templates/configmap-bin.yaml | 4 +-
|
||||
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
|
||||
nova/values.yaml | 18 ++++
|
||||
4 files changed, 251 insertions(+), 1 deletion(-)
|
||||
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
create mode 100644 nova/templates/job-storage-init.yaml
|
||||
|
||||
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
new file mode 100644
|
||||
index 00000000..f79fcff0
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
@@ -0,0 +1,75 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+set -x
|
||||
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
|
||||
+ SECRET=$(mktemp --suffix .yaml)
|
||||
+ KEYRING=$(mktemp --suffix .keyring)
|
||||
+ function cleanup {
|
||||
+ rm -f ${SECRET} ${KEYRING}
|
||||
+ }
|
||||
+ trap cleanup EXIT
|
||||
+fi
|
||||
+
|
||||
+set -ex
|
||||
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
|
||||
+ ceph -s
|
||||
+ function ensure_pool () {
|
||||
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
|
||||
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
|
||||
+ if [[ ${test_version} -gt 0 ]]; then
|
||||
+ ceph osd pool application enable $1 $3
|
||||
+ fi
|
||||
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
|
||||
+ ceph osd pool set $1 nosizechange 0
|
||||
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
|
||||
+ ceph osd pool set $1 nosizechange ${size_protection}
|
||||
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
|
||||
+ }
|
||||
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
|
||||
+
|
||||
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
|
||||
+ echo "Update its cephx caps"
|
||||
+ ceph auth caps client.${RBD_POOL_USER} \
|
||||
+ mon "profile rbd" \
|
||||
+ osd "profile rbd"
|
||||
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
|
||||
+ else
|
||||
+ # NOTE: Restrict Nova permissions to what is needed.
|
||||
+ # MON Read only and RBD access to the Nova ephemeral pool only.
|
||||
+ ceph auth get-or-create client.${RBD_POOL_USER} \
|
||||
+ mon "profile rbd" \
|
||||
+ osd "profile rbd" \
|
||||
+ -o ${KEYRING}
|
||||
+ fi
|
||||
+
|
||||
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
|
||||
+ cat > ${SECRET} <<EOF
|
||||
+apiVersion: v1
|
||||
+kind: Secret
|
||||
+metadata:
|
||||
+ name: "${RBD_POOL_SECRET}"
|
||||
+type: kubernetes.io/rbd
|
||||
+data:
|
||||
+ key: $( echo ${ENCODED_KEYRING} )
|
||||
+EOF
|
||||
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
|
||||
+
|
||||
+fi
|
||||
+
|
||||
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
|
||||
index c58b90bd..268434fd 100644
|
||||
--- a/nova/templates/configmap-bin.yaml
|
||||
+++ b/nova/templates/configmap-bin.yaml
|
||||
@@ -1,5 +1,5 @@
|
||||
{{/*
|
||||
-Copyright 2017 The Openstack-Helm Authors.
|
||||
+Copyright 2017-2019 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
@@ -83,6 +83,8 @@ data:
|
||||
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
nova-console-proxy-init-assets.sh: |
|
||||
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
+ nova-storage-init.sh: |
|
||||
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ssh-start.sh: |
|
||||
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
cell-setup.sh: |
|
||||
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
|
||||
new file mode 100644
|
||||
index 00000000..7d057fb9
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/job-storage-init.yaml
|
||||
@@ -0,0 +1,155 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.job_storage_init }}
|
||||
+{{- $envAll := . }}
|
||||
+
|
||||
+{{- $serviceAccountName := "nova-storage-init" }}
|
||||
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
+---
|
||||
+apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
+kind: Role
|
||||
+metadata:
|
||||
+ name: {{ $serviceAccountName }}
|
||||
+rules:
|
||||
+ - apiGroups:
|
||||
+ - ""
|
||||
+ resources:
|
||||
+ - secrets
|
||||
+ verbs:
|
||||
+ - get
|
||||
+ - create
|
||||
+ - update
|
||||
+ - patch
|
||||
+---
|
||||
+apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
+kind: RoleBinding
|
||||
+metadata:
|
||||
+ name: {{ $serviceAccountName }}
|
||||
+roleRef:
|
||||
+ apiGroup: rbac.authorization.k8s.io
|
||||
+ kind: Role
|
||||
+ name: {{ $serviceAccountName }}
|
||||
+subjects:
|
||||
+ - kind: ServiceAccount
|
||||
+ name: {{ $serviceAccountName }}
|
||||
+ namespace: {{ $envAll.Release.Namespace }}
|
||||
+---
|
||||
+apiVersion: batch/v1
|
||||
+kind: Job
|
||||
+metadata:
|
||||
+ name: nova-storage-init
|
||||
+spec:
|
||||
+ template:
|
||||
+ metadata:
|
||||
+ labels:
|
||||
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
+ spec:
|
||||
+ serviceAccountName: {{ $serviceAccountName }}
|
||||
+ restartPolicy: OnFailure
|
||||
+ nodeSelector:
|
||||
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
+ initContainers:
|
||||
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
+ {{ if or .Values.conf.ceph.enabled }}
|
||||
+ - name: ceph-keyring-placement
|
||||
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
+ securityContext:
|
||||
+ runAsUser: 0
|
||||
+ command:
|
||||
+ - /tmp/ceph-admin-keyring.sh
|
||||
+ volumeMounts:
|
||||
+ - name: etcceph
|
||||
+ mountPath: /etc/ceph
|
||||
+ - name: nova-bin
|
||||
+ mountPath: /tmp/ceph-admin-keyring.sh
|
||||
+ subPath: ceph-admin-keyring.sh
|
||||
+ readOnly: true
|
||||
+ {{- if empty .Values.conf.ceph.admin_keyring }}
|
||||
+ - name: ceph-keyring
|
||||
+ mountPath: /tmp/client-keyring
|
||||
+ subPath: key
|
||||
+ readOnly: true
|
||||
+ {{ end }}
|
||||
+ {{ end }}
|
||||
+ containers:
|
||||
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
|
||||
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
|
||||
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
+ env:
|
||||
+ - name: NAMESPACE
|
||||
+ valueFrom:
|
||||
+ fieldRef:
|
||||
+ fieldPath: metadata.namespace
|
||||
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
|
||||
+ - name: STORAGE_BACKEND
|
||||
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
|
||||
+ - name: RBD_POOL_NAME
|
||||
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
|
||||
+ - name: RBD_POOL_USER
|
||||
+ value: {{ $ephemeralPool.rbd_user | quote }}
|
||||
+ - name: RBD_POOL_CRUSH_RULE
|
||||
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
|
||||
+ - name: RBD_POOL_REPLICATION
|
||||
+ value: {{ $ephemeralPool.rbd_replication | quote }}
|
||||
+ - name: RBD_POOL_CHUNK_SIZE
|
||||
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
|
||||
+ - name: RBD_POOL_SECRET
|
||||
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
|
||||
+ {{- end }}
|
||||
+ command:
|
||||
+ - /tmp/nova-storage-init.sh
|
||||
+ volumeMounts:
|
||||
+ - name: nova-bin
|
||||
+ mountPath: /tmp/nova-storage-init.sh
|
||||
+ subPath: nova-storage-init.sh
|
||||
+ readOnly: true
|
||||
+ {{ if or $envAll.Values.conf.ceph.enabled }}
|
||||
+ - name: etcceph
|
||||
+ mountPath: /etc/ceph
|
||||
+ - name: ceph-etc
|
||||
+ mountPath: /etc/ceph/ceph.conf
|
||||
+ subPath: ceph.conf
|
||||
+ readOnly: true
|
||||
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
|
||||
+ - name: ceph-keyring
|
||||
+ mountPath: /tmp/client-keyring
|
||||
+ subPath: key
|
||||
+ readOnly: true
|
||||
+ {{- end }}
|
||||
+ {{- end }}
|
||||
+ {{- end }}
|
||||
+ volumes:
|
||||
+ - name: nova-bin
|
||||
+ configMap:
|
||||
+ name: nova-bin
|
||||
+ defaultMode: 0555
|
||||
+ {{ if or .Values.conf.ceph.enabled }}
|
||||
+ - name: etcceph
|
||||
+ emptyDir: {}
|
||||
+ - name: ceph-etc
|
||||
+ configMap:
|
||||
+ name: {{ .Values.ceph_client.configmap }}
|
||||
+ defaultMode: 0444
|
||||
+ {{- if empty .Values.conf.ceph.admin_keyring }}
|
||||
+ - name: ceph-keyring
|
||||
+ secret:
|
||||
+ secretName: {{ .Values.ceph_client.user_secret_name }}
|
||||
+ {{- end }}
|
||||
+ {{- end }}
|
||||
+{{- end }}
|
||||
+
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 0887cecc..7245cf82 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -87,6 +87,7 @@ images:
|
||||
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
|
||||
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
|
||||
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
|
||||
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
|
||||
test: docker.io/xrally/xrally-openstack:1.3.0
|
||||
image_repo_sync: docker.io/docker:17.07.0
|
||||
local_registry:
|
||||
@@ -461,6 +462,14 @@ conf:
|
||||
user: "cinder"
|
||||
keyring: null
|
||||
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
||||
+ ephemeral_storage:
|
||||
+ type: rbd
|
||||
+ rbd_pools:
|
||||
+ - rbd_pool_name: ephemeral
|
||||
+ rbd_user: ephemeral
|
||||
+ rbd_crush_rule: 0
|
||||
+ rbd_replication: 3
|
||||
+ rbd_chunk_size: 64
|
||||
ssh: |
|
||||
Host *
|
||||
StrictHostKeyChecking no
|
||||
@@ -1625,6 +1634,7 @@ secrets:
|
||||
placement:
|
||||
placement:
|
||||
public: placement-tls-public
|
||||
+ ephemeral: nova-ephemeral
|
||||
|
||||
# typically overridden by environmental
|
||||
# values, but should include all endpoints
|
||||
@@ -2239,6 +2249,13 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
+ storage_init:
|
||||
+ requests:
|
||||
+ memory: "128Mi"
|
||||
+ cpu: "100m"
|
||||
+ limits:
|
||||
+ memory: "1024Mi"
|
||||
+ cpu: "2000m"
|
||||
|
||||
network_policy:
|
||||
nova:
|
||||
@@ -2302,6 +2319,7 @@ manifests:
|
||||
job_ks_placement_service: true
|
||||
job_ks_placement_user: true
|
||||
job_cell_setup: true
|
||||
+ job_storage_init: true
|
||||
pdb_metadata: true
|
||||
pdb_placement: true
|
||||
pdb_osapi: true
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:29:26 -0400
|
||||
Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
|
||||
|
||||
a2dismod is not present in the StarlingX httpd based images. Try
|
||||
a2dismod first, then fail back to using sed to remove the module.
|
||||
|
||||
Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
horizon/templates/bin/_horizon.sh.tpl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
|
||||
index dec000f3..55a2c629 100644
|
||||
--- a/horizon/templates/bin/_horizon.sh.tpl
|
||||
+++ b/horizon/templates/bin/_horizon.sh.tpl
|
||||
@@ -28,7 +28,7 @@ function start () {
|
||||
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
|
||||
|
||||
a2enmod rewrite
|
||||
- a2dismod status
|
||||
+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
|
||||
|
||||
if [ -f /etc/apache2/envvars ]; then
|
||||
# Loading Apache2 ENV variables
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,224 @@
|
|||
From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:37:05 -0400
|
||||
Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
|
||||
probes
|
||||
|
||||
With the introduction of Readiness/Liveness probes in
|
||||
Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
|
||||
preventing successful armada manifest applies.
|
||||
|
||||
Add support to disable the probes.
|
||||
|
||||
Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-l3-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-lb-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-metadata-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-ovs-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-sriov-agent.yaml | 4 ++++
|
||||
neutron/values.yaml | 27 +++++++++++++++++++++++++
|
||||
7 files changed, 51 insertions(+)
|
||||
|
||||
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
index 49866f2a..6e1d2928 100644
|
||||
--- a/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
@@ -66,6 +66,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -80,6 +81,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 65
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -95,6 +98,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-dhcp-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
|
||||
index 5e0ec194..29e0f3f7 100644
|
||||
--- a/neutron/templates/daemonset-l3-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-l3-agent.yaml
|
||||
@@ -66,6 +66,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -80,6 +81,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 65
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -95,6 +98,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-l3-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
|
||||
index c2b432f7..685893d5 100644
|
||||
--- a/neutron/templates/daemonset-lb-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-lb-agent.yaml
|
||||
@@ -140,12 +140,16 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-linuxbridge-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- 'brctl show'
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-linuxbridge-agent.sh
|
||||
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
|
||||
index 8e92a675..fba132ed 100644
|
||||
--- a/neutron/templates/daemonset-metadata-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-metadata-agent.yaml
|
||||
@@ -87,6 +87,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -99,6 +100,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 35
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -112,6 +115,7 @@ spec:
|
||||
initialDelaySeconds: 90
|
||||
periodSeconds: 60
|
||||
timeoutSeconds: 45
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-metadata-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
|
||||
index 56061e63..69ee1c2c 100644
|
||||
--- a/neutron/templates/daemonset-ovs-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-ovs-agent.yaml
|
||||
@@ -154,6 +154,7 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-openvswitch-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
|
||||
# ensures this container can can see a br-int
|
||||
# bridge before its marked as ready
|
||||
readinessProbe:
|
||||
@@ -162,6 +163,8 @@ spec:
|
||||
- bash
|
||||
- -c
|
||||
- 'ovs-vsctl list-br | grep -q br-int'
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -177,6 +180,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-openvswitch-agent.sh
|
||||
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
|
||||
index a59e4100..c03b3668 100644
|
||||
--- a/neutron/templates/daemonset-sriov-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-sriov-agent.yaml
|
||||
@@ -129,6 +129,7 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-sriov-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -141,6 +142,9 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 10
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-sriov-agent.sh
|
||||
diff --git a/neutron/values.yaml b/neutron/values.yaml
|
||||
index 5ab4ca12..1cc67b94 100644
|
||||
--- a/neutron/values.yaml
|
||||
+++ b/neutron/values.yaml
|
||||
@@ -520,6 +520,33 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
+ probes:
|
||||
+ readiness:
|
||||
+ dhcp_agent:
|
||||
+ enabled: true
|
||||
+ l3_agent:
|
||||
+ enabled: true
|
||||
+ lb_agent:
|
||||
+ enabled: true
|
||||
+ metadata_agent:
|
||||
+ enabled: true
|
||||
+ ovs_agent:
|
||||
+ enabled: true
|
||||
+ sriov_agent:
|
||||
+ enabled: true
|
||||
+ liveness:
|
||||
+ dhcp_agent:
|
||||
+ enabled: true
|
||||
+ l3_agent:
|
||||
+ enabled: true
|
||||
+ lb_agent:
|
||||
+ enabled: true
|
||||
+ metadata_agent:
|
||||
+ enabled: true
|
||||
+ ovs_agent:
|
||||
+ enabled: true
|
||||
+ sriov_agent:
|
||||
+ enabled: true
|
||||
|
||||
conf:
|
||||
rally_tests:
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,227 @@
|
|||
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:42:08 -0400
|
||||
Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
|
||||
probes
|
||||
|
||||
With the introduction of Readiness/Liveness probes in
|
||||
Ib8e4b93486588320fd2d562c3bc90b65844e52e5, some probes are failing and
|
||||
preventing successful armada manifest applies.
|
||||
|
||||
Add support to disable the probes.
|
||||
|
||||
Change-Id: Iebe7327055f58fa78ce3fcac968c1fa617c30c2f
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/daemonset-compute.yaml | 4 ++++
|
||||
nova/templates/deployment-conductor.yaml | 4 ++++
|
||||
nova/templates/deployment-consoleauth.yaml | 4 ++++
|
||||
nova/templates/deployment-novncproxy.yaml | 4 ++++
|
||||
nova/templates/deployment-scheduler.yaml | 4 ++++
|
||||
nova/templates/deployment-spiceproxy.yaml | 4 ++++
|
||||
nova/values.yaml | 27 +++++++++++++++++++++++++++
|
||||
7 files changed, 51 insertions(+)
|
||||
|
||||
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
|
||||
index 4a7b90b5..f508b963 100644
|
||||
--- a/nova/templates/daemonset-compute.yaml
|
||||
+++ b/nova/templates/daemonset-compute.yaml
|
||||
@@ -181,6 +181,7 @@ spec:
|
||||
- name: LIBVIRT_CEPH_SECRET_UUID
|
||||
value: "{{ .Values.conf.ceph.secret_uuid }}"
|
||||
{{ end }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_compute.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -193,6 +194,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_compute.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -206,6 +209,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-compute.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
|
||||
index 1e66e419..33d41097 100644
|
||||
--- a/nova/templates/deployment-conductor.yaml
|
||||
+++ b/nova/templates/deployment-conductor.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -72,6 +73,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_conductor.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-conductor.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
|
||||
index 75b66e79..31013eb7 100644
|
||||
--- a/nova/templates/deployment-consoleauth.yaml
|
||||
+++ b/nova/templates/deployment-consoleauth.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -72,6 +73,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_consoleauth.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-consoleauth.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
|
||||
index cf9fda02..2611ba80 100644
|
||||
--- a/nova/templates/deployment-novncproxy.yaml
|
||||
+++ b/nova/templates/deployment-novncproxy.yaml
|
||||
@@ -94,14 +94,18 @@ spec:
|
||||
- name: nova-novncproxy
|
||||
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
initialDelaySeconds: 30
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_novcnproxy.enabled }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
initialDelaySeconds: 30
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-console-proxy.sh
|
||||
ports:
|
||||
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
|
||||
index 9611d950..0350c47c 100644
|
||||
--- a/nova/templates/deployment-scheduler.yaml
|
||||
+++ b/nova/templates/deployment-scheduler.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -72,6 +73,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_scheduler.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-scheduler.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
|
||||
index 4507bde4..1b58ec98 100644
|
||||
--- a/nova/templates/deployment-spiceproxy.yaml
|
||||
+++ b/nova/templates/deployment-spiceproxy.yaml
|
||||
@@ -94,14 +94,18 @@ spec:
|
||||
- name: nova-spiceproxy
|
||||
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
initialDelaySeconds: 30
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.nova_spiceproxy.enabled }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
initialDelaySeconds: 30
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/nova-console-proxy.sh
|
||||
ports:
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 7245cf82..433ec3af 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -2256,6 +2256,33 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
+ probes:
|
||||
+ readiness:
|
||||
+ nova_compute:
|
||||
+ enabled: true
|
||||
+ nova_conductor:
|
||||
+ enabled: true
|
||||
+ nova_consoleauth:
|
||||
+ enabled: true
|
||||
+ nova_novcnproxy:
|
||||
+ enabled: true
|
||||
+ nova_scheduler:
|
||||
+ enabled: true
|
||||
+ nova_spiceproxy:
|
||||
+ enabled: true
|
||||
+ liveness:
|
||||
+ nova_compute:
|
||||
+ enabled: true
|
||||
+ nova_conductor:
|
||||
+ enabled: true
|
||||
+ nova_consoleauth:
|
||||
+ enabled: true
|
||||
+ nova_novcnproxy:
|
||||
+ enabled: true
|
||||
+ nova_scheduler:
|
||||
+ enabled: true
|
||||
+ nova_spiceproxy:
|
||||
+ enabled: true
|
||||
|
||||
network_policy:
|
||||
nova:
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
|
||||
From: Mingyuan Qi <mingyuan.qi@intel.com>
|
||||
Date: Thu, 11 Apr 2019 14:59:11 +0800
|
||||
Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
|
||||
|
||||
Current script does not consider centos distro as base image.
|
||||
Different folder was checked to copy pxe files to tftpboot folder.
|
||||
|
||||
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
|
||||
---
|
||||
.../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++-----
|
||||
1 file changed, 20 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
index b8c4c4c..5fe595f 100644
|
||||
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
|
||||
+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
|
||||
+
|
||||
set -ex
|
||||
|
||||
-#NOTE(portdirect): this works round a limitation in Kolla images
|
||||
-if ! dpkg -l ipxe; then
|
||||
- apt-get update
|
||||
- apt-get install ipxe -y
|
||||
+if [[ ! -z $DISTRO_UBUNTU ]]; then
|
||||
+ #NOTE(portdirect): this works round a limitation in Kolla images
|
||||
+ if ! dpkg -l ipxe; then
|
||||
+ apt-get update
|
||||
+ apt-get install ipxe -y
|
||||
+ fi
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/openstack-helm/tftpboot
|
||||
mkdir -p /var/lib/openstack-helm/tftpboot/master_images
|
||||
|
||||
-for FILE in undionly.kpxe ipxe.efi; do
|
||||
+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
|
||||
if [ -f /usr/lib/ipxe/$FILE ]; then
|
||||
cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
|
||||
fi
|
||||
+
|
||||
+ # For CentOS
|
||||
+ if [[ ! -z $DISTRO_CENTOS ]]; then
|
||||
+ if [ -f /var/lib/tftpboot/$FILE ]; then
|
||||
+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
|
||||
+ fi
|
||||
+ if [ -f /usr/share/ipxe/$FILE ]; then
|
||||
+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
|
||||
+ fi
|
||||
+ fi
|
||||
done
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
|
||||
Date: Tue, 9 Apr 2019 10:37:46 +0200
|
||||
Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
|
||||
alive
|
||||
|
||||
Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
|
||||
that is passed to the service, just to find out if it is responding. Because
|
||||
such method does not exist, it is needed to catch and handle the exception
|
||||
that is inevitably thrown by the service.
|
||||
|
||||
While this is technically working correctly, the exceptions pollute the
|
||||
log files and make it harder for user to see possible real errors.
|
||||
|
||||
This is how the error looks like:
|
||||
|
||||
ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
|
||||
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
|
||||
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
|
||||
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
|
||||
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
|
||||
ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method)
|
||||
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
|
||||
|
||||
This situation is new since https://review.openstack.org/#/c/639711/
|
||||
which (correctly) increased the default level of logging. Before 639711
|
||||
error messages from oslo (both real and ones that could be ignored) were not
|
||||
present in nova logs at all.
|
||||
|
||||
Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
|
||||
be used for this basic purpose by all nova components.
|
||||
|
||||
Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
|
||||
---
|
||||
nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
|
||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
|
||||
index 6434e45..4c1aa45 100644
|
||||
--- a/nova/templates/bin/_health-probe.py.tpl
|
||||
+++ b/nova/templates/bin/_health-probe.py.tpl
|
||||
@@ -17,8 +17,8 @@
|
||||
"""
|
||||
Health probe script for OpenStack service that uses RPC/unix domain socket for
|
||||
communication. Check's the RPC tcp socket status on the process and send
|
||||
-message to service through rpc call method and expects a reply. It is expected
|
||||
-to receive failure from the service's RPC server as the method does not exist.
|
||||
+message to service through rpc call method and expects a reply.
|
||||
+Use nova's ping method that is designed just for such simple purpose.
|
||||
|
||||
Script returns failure to Kubernetes only when
|
||||
a. TCP socket for the RPC communication are not established.
|
||||
@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
|
||||
sys.stderr.write() writes to pod's events on failures.
|
||||
|
||||
Usage example for Nova Compute:
|
||||
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
|
||||
+# python health-probe.py --config-file /etc/nova/nova.conf \
|
||||
# --service-queue-name compute
|
||||
|
||||
"""
|
||||
@@ -50,12 +50,15 @@ def check_service_status(transport):
|
||||
"""Verify service status. Return success if service consumes message"""
|
||||
try:
|
||||
target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
|
||||
- server=socket.gethostname())
|
||||
+ server=socket.gethostname(),
|
||||
+ namespace='baseapi',
|
||||
+ version="1.1")
|
||||
client = oslo_messaging.RPCClient(transport, target,
|
||||
timeout=60,
|
||||
retry=2)
|
||||
client.call(context.RequestContext(),
|
||||
- 'pod_health_probe_method_ignore_errors')
|
||||
+ 'ping',
|
||||
+ arg=None)
|
||||
except oslo_messaging.exceptions.MessageDeliveryFailure:
|
||||
# Log to pod events
|
||||
sys.stderr.write("Health probe unable to reach message bus")
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -0,0 +1,307 @@
|
|||
From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001
|
||||
From: Liang Fang <liang.a.fang@intel.com>
|
||||
Date: Mon, 25 Mar 2019 10:29:42 -0400
|
||||
Subject: [PATCH 12/14] Add internal tenant id in conf
|
||||
|
||||
Cinder raw cache feature requires internal tenant id be set in
|
||||
/etc/cinder/cinder.conf, something like:
|
||||
|
||||
cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
|
||||
cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
|
||||
|
||||
This patch get or create if not exist intenal user id and project id, and then
|
||||
set in cinder.conf
|
||||
|
||||
reference: Cinder cache feature:
|
||||
https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
|
||||
|
||||
Story: 2004869
|
||||
Task: 29121
|
||||
Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
|
||||
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
|
||||
(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_cinder-volume.sh.tpl | 3 +-
|
||||
.../bin/_create-internal-tenant-id.sh.tpl | 31 ++++++++
|
||||
.../bin/_retrieve-internal-tenant-id.sh.tpl | 32 +++++++++
|
||||
cinder/templates/configmap-bin.yaml | 4 ++
|
||||
cinder/templates/deployment-volume.yaml | 31 ++++++++
|
||||
cinder/templates/job-create-internal-tenant.yaml | 83 ++++++++++++++++++++++
|
||||
cinder/values.yaml | 4 ++
|
||||
7 files changed, 187 insertions(+), 1 deletion(-)
|
||||
create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
create mode 100644 cinder/templates/job-create-internal-tenant.yaml
|
||||
|
||||
diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
index 64aa3828..a248f352 100644
|
||||
--- a/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
+++ b/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
@@ -19,4 +19,5 @@ limitations under the License.
|
||||
set -ex
|
||||
exec cinder-volume \
|
||||
--config-file /etc/cinder/cinder.conf \
|
||||
- --config-file /etc/cinder/conf/backends.conf
|
||||
+ --config-file /etc/cinder/conf/backends.conf \
|
||||
+ --config-file /tmp/pod-shared/internal_tenant.conf
|
||||
diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
new file mode 100755
|
||||
index 00000000..10582564
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
@@ -0,0 +1,31 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+set -ex
|
||||
+
|
||||
+
|
||||
+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
|
||||
+ --domain="${PROJECT_DOMAIN_ID}" \
|
||||
+ "${INTERNAL_PROJECT_NAME}");
|
||||
+
|
||||
+USER_ID=$(openstack user create --or-show --enable -f value -c id \
|
||||
+ --domain="${USER_DOMAIN_ID}" \
|
||||
+ --project-domain="${PROJECT_DOMAIN_ID}" \
|
||||
+ --project="${USER_PROJECT_ID}" \
|
||||
+ "${INTERNAL_USER_NAME}");
|
||||
+
|
||||
diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
new file mode 100755
|
||||
index 00000000..b85f69fd
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
@@ -0,0 +1,32 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+set -ex
|
||||
+
|
||||
+
|
||||
+USER_PROJECT_ID=$(openstack project show -f value -c id \
|
||||
+ "${INTERNAL_PROJECT_NAME}");
|
||||
+
|
||||
+USER_ID=$(openstack user show -f value -c id \
|
||||
+ "${INTERNAL_USER_NAME}");
|
||||
+
|
||||
+tee /tmp/pod-shared/internal_tenant.conf <<EOF
|
||||
+[DEFAULT]
|
||||
+cinder_internal_tenant_project_id = ${USER_PROJECT_ID}
|
||||
+cinder_internal_tenant_user_id = ${USER_ID}
|
||||
+EOF
|
||||
diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
|
||||
index 0cfd6af2..df96fabf 100644
|
||||
--- a/cinder/templates/configmap-bin.yaml
|
||||
+++ b/cinder/templates/configmap-bin.yaml
|
||||
@@ -41,6 +41,10 @@ data:
|
||||
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
|
||||
ks-user.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
|
||||
+ create-internal-tenant.sh: |
|
||||
+{{ tuple "bin/_create-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
+ retrieve-internal-tenant.sh: |
|
||||
+{{ tuple "bin/_retrieve-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
cinder-api.sh: |
|
||||
{{ tuple "bin/_cinder-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
cinder-backup.sh: |
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
index a34b4532..17902c02 100644
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -90,6 +90,33 @@ spec:
|
||||
- name: cinder-coordination
|
||||
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
|
||||
{{ end }}
|
||||
+ - name: init-cinder-conf
|
||||
+ image: {{ .Values.images.tags.ks_user }}
|
||||
+ imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
+ securityContext:
|
||||
+ runAsUser: 0
|
||||
+ command:
|
||||
+ - /tmp/retrieve-internal-tenant.sh
|
||||
+ volumeMounts:
|
||||
+ - name: cinder-bin
|
||||
+ mountPath: /tmp/retrieve-internal-tenant.sh
|
||||
+ subPath: retrieve-internal-tenant.sh
|
||||
+ readOnly: true
|
||||
+ - name: pod-shared
|
||||
+ mountPath: /tmp/pod-shared
|
||||
+ env:
|
||||
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: INTERNAL_PROJECT_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
|
||||
+ - name: INTERNAL_USER_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
|
||||
+
|
||||
+{{- with $env := dict "ksUserSecret" (index .Values.secrets.identity "cinder" ) }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+
|
||||
containers:
|
||||
- name: cinder-volume
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
@@ -102,6 +129,8 @@ spec:
|
||||
mountPath: /tmp/cinder-volume.sh
|
||||
subPath: cinder-volume.sh
|
||||
readOnly: true
|
||||
+ - name: pod-shared
|
||||
+ mountPath: /tmp/pod-shared
|
||||
- name: cinder-etc
|
||||
mountPath: /etc/cinder/cinder.conf
|
||||
subPath: cinder.conf
|
||||
@@ -168,6 +197,8 @@ spec:
|
||||
{{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
+ - name: pod-shared
|
||||
+ emptyDir: {}
|
||||
- name: ceph-etc
|
||||
configMap:
|
||||
name: {{ .Values.ceph_client.configmap }}
|
||||
diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml
|
||||
new file mode 100644
|
||||
index 00000000..2371a922
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/job-create-internal-tenant.yaml
|
||||
@@ -0,0 +1,83 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.job_create_internal_tenant }}
|
||||
+{{- $envAll := . }}
|
||||
+
|
||||
+{{- $serviceName := "cinder" }}
|
||||
+{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
|
||||
+{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
|
||||
+{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
|
||||
+{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
|
||||
+
|
||||
+{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "create-internal-tenant" }}
|
||||
+{{ tuple $envAll "create-internal-tenant" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
+---
|
||||
+apiVersion: batch/v1
|
||||
+kind: Job
|
||||
+metadata:
|
||||
+ name: {{ printf "%s-%s" $serviceUserPretty "create-internal-tenant" | quote }}
|
||||
+spec:
|
||||
+ template:
|
||||
+ metadata:
|
||||
+ labels:
|
||||
+{{ tuple $envAll $serviceName "create-internal-tenant" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
+ spec:
|
||||
+ serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
+ restartPolicy: OnFailure
|
||||
+ nodeSelector:
|
||||
+{{ toYaml $nodeSelector | indent 8 }}
|
||||
+ initContainers:
|
||||
+{{ tuple $envAll "create_internal_tenant" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
+ containers:
|
||||
+ - name: create-internal-tenant
|
||||
+ image: {{ $envAll.Values.images.tags.ks_user }}
|
||||
+ imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
+ command:
|
||||
+ - /tmp/create-internal-tenant.sh
|
||||
+ volumeMounts:
|
||||
+ - name: create-internal-tenant-sh
|
||||
+ mountPath: /tmp/create-internal-tenant.sh
|
||||
+ subPath: create-internal-tenant.sh
|
||||
+ readOnly: true
|
||||
+ env:
|
||||
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: SERVICE_OS_SERVICE_NAME
|
||||
+ value: {{ $serviceName | quote }}
|
||||
+ - name: INTERNAL_PROJECT_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
|
||||
+ - name: INTERNAL_USER_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
|
||||
+
|
||||
+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: SERVICE_OS_ROLES
|
||||
+ {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }}
|
||||
+ {{- if kindIs "slice" $serviceOsRoles }}
|
||||
+ value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }}
|
||||
+ {{- else }}
|
||||
+ value: {{ $serviceOsRoles | quote }}
|
||||
+ {{- end }}
|
||||
+ volumes:
|
||||
+ - name: create-internal-tenant-sh
|
||||
+ configMap:
|
||||
+ name: {{ $configMapBin | quote }}
|
||||
+ defaultMode: 0555
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 0256bf3f..39027e9b 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -771,6 +771,9 @@ conf:
|
||||
# Backup: Posix options
|
||||
backup_posix_path: /var/lib/cinder/backup
|
||||
auth_strategy: keystone
|
||||
+ # Internal tenant id
|
||||
+ internal_project_name: internal_cinder
|
||||
+ internal_user_name: internal_cinder
|
||||
database:
|
||||
max_retries: -1
|
||||
keystone_authtoken:
|
||||
@@ -1349,6 +1352,7 @@ manifests:
|
||||
job_backup_storage_init: true
|
||||
job_bootstrap: true
|
||||
job_clean: true
|
||||
+ job_create_internal_tenant: true
|
||||
job_db_init: true
|
||||
job_image_repo_sync: true
|
||||
job_rabbit_init: true
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,89 @@
|
|||
From 88656adf554e01d851c297533ceb1dced329bc2c Mon Sep 17 00:00:00 2001
|
||||
From: Itxaka <igarcia@suse.com>
|
||||
Date: Tue, 28 May 2019 13:21:40 +0200
|
||||
Subject: [PATCH 13/14] cinder: allow configuring the rbd app name
|
||||
|
||||
Instead of hardcoding it, let us override it with
|
||||
custom values for normal volumes and backups
|
||||
|
||||
Change-Id: I3abb343877abd0436c592a3371372f82ef581790
|
||||
(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
|
||||
cinder/templates/bin/_storage-init.sh.tpl | 2 +-
|
||||
cinder/templates/job-backup-storage-init.yaml | 2 ++
|
||||
cinder/templates/job-storage-init.yaml | 2 ++
|
||||
cinder/values.yaml | 4 ++++
|
||||
5 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
index 52c8e6bf..af9886ad 100644
|
||||
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
ceph osd pool set $1 nosizechange ${size_protection}
|
||||
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
|
||||
}
|
||||
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
|
||||
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
|
||||
|
||||
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
echo "Cephx user client.${RBD_POOL_USER} already exists"
|
||||
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
|
||||
index 9288ec5f..bbc31938 100644
|
||||
--- a/cinder/templates/bin/_storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_storage-init.sh.tpl
|
||||
@@ -41,7 +41,7 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
|
||||
ceph osd pool set $1 nosizechange ${size_protection}
|
||||
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
|
||||
}
|
||||
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume"
|
||||
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
|
||||
|
||||
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
echo "Cephx user client.${RBD_POOL_USER} already exist."
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index a073940c..7b0e50e1 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -109,6 +109,8 @@ spec:
|
||||
{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
+ - name: RBD_POOL_APP_NAME
|
||||
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
index 1d4819c2..27081816 100644
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -100,6 +100,8 @@ spec:
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
|
||||
+ - name: RBD_POOL_APP_NAME
|
||||
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 39027e9b..bef7b374 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -302,6 +302,10 @@ ceph_client:
|
||||
user_secret_name: pvc-ceph-client-key
|
||||
|
||||
conf:
|
||||
+ software:
|
||||
+ rbd:
|
||||
+ rbd_pool_app_name_backup: cinder-backup
|
||||
+ rbd_pool_app_name: cinder-volume
|
||||
paste:
|
||||
composite:osapi_volume:
|
||||
use: call:cinder.api:root_app_factory
|
||||
--
|
||||
2.16.5
|
||||
|
|
@ -0,0 +1,241 @@
|
|||
From a5c47db5550926bcf2d4dbd5667ad74e00b2ed97 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 24 May 2019 02:43:15 -0400
|
||||
Subject: [PATCH 14/14] Cinder: Support backup driver specification by module
|
||||
or class name
|
||||
|
||||
During the Queens cycle, Cinder introduced the ability to specify the
|
||||
backup driver via class name and deprecated backup driver initialization
|
||||
using the module name. (Id6bee9e7d0da8ead224a04f86fe79ddfb5b286cf)
|
||||
|
||||
Legacy support for initialization by module name was dropped in Stein.
|
||||
(I3ada2dee1857074746b1893b82dd5f6641c6e579)
|
||||
|
||||
This change will support both methods of initialization and leave the
|
||||
driver defaults enabled for module based initialization (valid through
|
||||
Rocky images).
|
||||
|
||||
This change has been tested using the OSH default Cinder (Ocata) images
|
||||
and StarlingX images based on master (Train).
|
||||
|
||||
Change-Id: Iec7bc6f4dd089aaa08ca652bebd9a10ef49da556
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_backup-storage-init.sh.tpl | 8 ++++----
|
||||
cinder/templates/configmap-etc.yaml | 2 +-
|
||||
cinder/templates/deployment-backup.yaml | 16 ++++++++--------
|
||||
cinder/templates/job-backup-storage-init.yaml | 8 ++++----
|
||||
cinder/templates/job-clean.yaml | 4 ++--
|
||||
cinder/templates/pvc-backup.yaml | 2 +-
|
||||
cinder/values.yaml | 4 ++++
|
||||
7 files changed, 24 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
index af9886ad..10069f17 100644
|
||||
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
@@ -17,7 +17,7 @@ limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -x
|
||||
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
|
||||
SECRET=$(mktemp --suffix .yaml)
|
||||
KEYRING=$(mktemp --suffix .keyring)
|
||||
function cleanup {
|
||||
@@ -27,10 +27,10 @@ if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
fi
|
||||
|
||||
set -ex
|
||||
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.swift" ] || \
|
||||
- [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.posix" ]; then
|
||||
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.swift' ]] || \
|
||||
+ [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.posix' ]]; then
|
||||
echo "INFO: no action required to use $STORAGE_BACKEND"
|
||||
-elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
+elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
|
||||
ceph -s
|
||||
function ensure_pool () {
|
||||
ceph osd pool stats $1 || ceph osd pool create $1 $2
|
||||
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
|
||||
index 5ed73db6..e13851ed 100644
|
||||
--- a/cinder/templates/configmap-etc.yaml
|
||||
+++ b/cinder/templates/configmap-etc.yaml
|
||||
@@ -63,7 +63,7 @@ limitations under the License.
|
||||
{{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "glance_api_servers" -}}
|
||||
{{- end -}}
|
||||
|
||||
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.swift" }}
|
||||
+{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_auth_version -}}
|
||||
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_auth_version" "3" -}}
|
||||
{{- end -}}
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
index fdce03a9..bffd774c 100644
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
{{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -98,7 +98,7 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-volume-perms
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -150,7 +150,7 @@ spec:
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
readOnly: true
|
||||
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -164,7 +164,7 @@ spec:
|
||||
subPath: external-backup-ceph.conf
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
@@ -176,7 +176,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-backup
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
|
||||
{{- end }}
|
||||
@@ -213,7 +213,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
@@ -221,7 +221,7 @@ spec:
|
||||
name: {{ .Values.ceph_client.configmap }}
|
||||
defaultMode: 0444
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.backup | quote }}
|
||||
@@ -231,7 +231,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.volume | quote }}
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-backup
|
||||
persistentVolumeClaim:
|
||||
claimName: cinder-backup
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index 7b0e50e1..a43ba998 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "backup_storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -106,7 +106,7 @@ spec:
|
||||
fieldPath: metadata.namespace
|
||||
- name: STORAGE_BACKEND
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_driver | quote }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
@@ -129,7 +129,7 @@ spec:
|
||||
mountPath: /tmp/backup-storage-init.sh
|
||||
subPath: backup-storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -155,7 +155,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
|
||||
index d85234ed..54fd41e7 100644
|
||||
--- a/cinder/templates/job-clean.yaml
|
||||
+++ b/cinder/templates/job-clean.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
-{{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
|
||||
{{- $serviceAccountName := print "cinder-clean" }}
|
||||
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
subPath: clean-secrets.sh
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-volume-backup-secret-clean
|
||||
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
diff --git a/cinder/templates/pvc-backup.yaml b/cinder/templates/pvc-backup.yaml
|
||||
index b2e851dc..94d63d0e 100644
|
||||
--- a/cinder/templates/pvc-backup.yaml
|
||||
+++ b/cinder/templates/pvc-backup.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.pvc_backup }}
|
||||
{{- $envAll := . }}
|
||||
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index bef7b374..362f6918 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -767,6 +767,10 @@ conf:
|
||||
enabled_backends: "rbd1"
|
||||
# NOTE(portdirect): "cinder.backup.drivers.ceph" and
|
||||
# "cinder.backup.drivers.posix" also supported
|
||||
+ # NOTE(rchurch): As of Stein, drivers by class name are required
|
||||
+ # - cinder.backup.drivers.swift.SwiftBackupDriver
|
||||
+ # - cinder.backup.drivers.ceph.CephBackupDriver
|
||||
+ # - cinder.backup.drivers.posix.PosixBackupDriver
|
||||
backup_driver: "cinder.backup.drivers.swift"
|
||||
# Backup: Ceph RBD options
|
||||
backup_ceph_conf: "/etc/ceph/ceph.conf"
|
||||
--
|
||||
2.16.5
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,229 @@
|
|||
From 4e4a8197f90ba90c5bfbad02698ad351e7e92125 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Badea <daniel.badea@windriver.com>
|
||||
Date: Wed, 12 Jun 2019 14:07:17 +0000
|
||||
Subject: [PATCH 1/2] Cinder rename is_ceph_volume configured
|
||||
|
||||
When using multiple ceph backends there is more than
|
||||
one ceph 'volume' configured. Rename template to
|
||||
_has_ceph_backend.
|
||||
---
|
||||
cinder/templates/deployment-backup.yaml | 8 +++----
|
||||
cinder/templates/deployment-volume.yaml | 6 +++---
|
||||
cinder/templates/job-clean.yaml | 4 ++--
|
||||
cinder/templates/job-storage-init.yaml | 8 +++----
|
||||
cinder/templates/utils/_has_ceph_backend.tpl | 25 ++++++++++++++++++++++
|
||||
.../templates/utils/_is_ceph_volume_configured.tpl | 25 ----------------------
|
||||
6 files changed, 38 insertions(+), 38 deletions(-)
|
||||
mode change 100644 => 100755 cinder/templates/deployment-backup.yaml
|
||||
mode change 100644 => 100755 cinder/templates/deployment-volume.yaml
|
||||
mode change 100644 => 100755 cinder/templates/job-clean.yaml
|
||||
mode change 100644 => 100755 cinder/templates/job-storage-init.yaml
|
||||
create mode 100644 cinder/templates/utils/_has_ceph_backend.tpl
|
||||
delete mode 100644 cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index bffd774..74e38ba
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -150,7 +150,7 @@ spec:
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
readOnly: true
|
||||
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -213,7 +213,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
@@ -226,7 +226,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.backup | quote }}
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.volume | quote }}
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 17902c0..a274d12
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -143,7 +143,7 @@ spec:
|
||||
mountPath: /etc/cinder/conf/backends.conf
|
||||
subPath: backends.conf
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
@@ -194,7 +194,7 @@ spec:
|
||||
secret:
|
||||
secretName: cinder-etc
|
||||
defaultMode: 0444
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: pod-shared
|
||||
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 54fd41e..f0da8d4
|
||||
--- a/cinder/templates/job-clean.yaml
|
||||
+++ b/cinder/templates/job-clean.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
-{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
|
||||
{{- $serviceAccountName := print "cinder-clean" }}
|
||||
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll "clean" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: cinder-volume-rbd-secret-clean
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 2708181..99128db
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -65,7 +65,7 @@ spec:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -95,7 +95,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: STORAGE_BACKEND
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
@@ -120,7 +120,7 @@ spec:
|
||||
mountPath: /tmp/storage-init.sh
|
||||
subPath: storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
@@ -139,7 +139,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
diff --git a/cinder/templates/utils/_has_ceph_backend.tpl b/cinder/templates/utils/_has_ceph_backend.tpl
|
||||
new file mode 100644
|
||||
index 0000000..0ff7ae5
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_has_ceph_backend.tpl
|
||||
@@ -0,0 +1,25 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "cinder.utils.has_ceph_backend" -}}
|
||||
+ {{- $has_ceph := false -}}
|
||||
+ {{- range $_, $backend := .Values.conf.backends -}}
|
||||
+ {{- if kindIs "map" $backend -}}
|
||||
+ {{- $has_ceph = or $has_ceph (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+ {{- $has_ceph -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_is_ceph_volume_configured.tpl b/cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
deleted file mode 100644
|
||||
index 63f2a73..0000000
|
||||
--- a/cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
+++ /dev/null
|
||||
@@ -1,25 +0,0 @@
|
||||
-{{/*
|
||||
-Copyright 2017 The Openstack-Helm Authors.
|
||||
-
|
||||
-Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-you may not use this file except in compliance with the License.
|
||||
-You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
-Unless required by applicable law or agreed to in writing, software
|
||||
-distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-See the License for the specific language governing permissions and
|
||||
-limitations under the License.
|
||||
-*/}}
|
||||
-
|
||||
-{{- define "cinder.utils.is_ceph_volume_configured" -}}
|
||||
-{{- range $section, $values := .Values.conf.backends -}}
|
||||
-{{- if kindIs "map" $values -}}
|
||||
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
-true
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,305 @@
|
|||
From 05919ef2fd1ffc24ca389e4d9ecb54bf621031bd Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Badea <daniel.badea@windriver.com>
|
||||
Date: Wed, 12 Jun 2019 15:03:43 +0000
|
||||
Subject: [PATCH 2/2] Cinder support multiple ceph volume backends
|
||||
|
||||
Add support for multiple cinder volume ceph backends.
|
||||
---
|
||||
cinder/templates/deployment-backup.yaml | 9 +++---
|
||||
cinder/templates/deployment-volume.yaml | 9 +++---
|
||||
cinder/templates/job-backup-storage-init.yaml | 2 +-
|
||||
cinder/templates/job-storage-init.yaml | 28 +++++++++--------
|
||||
cinder/templates/utils/_ceph_backend_list.tpl | 36 ++++++++++++++++++++++
|
||||
.../templates/utils/_ceph_volume_section_name.tpl | 25 ---------------
|
||||
cinder/templates/utils/_is_ceph_backend.tpl | 21 +++++++++++++
|
||||
cinder/values.yaml | 6 ++--
|
||||
8 files changed, 86 insertions(+), 50 deletions(-)
|
||||
create mode 100644 cinder/templates/utils/_ceph_backend_list.tpl
|
||||
delete mode 100644 cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
create mode 100644 cinder/templates/utils/_is_ceph_backend.tpl
|
||||
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
index 74e38ba..23b67fe 100755
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -76,8 +76,9 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- - name: ceph-keyring-placement
|
||||
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
|
||||
+ {{- $backend := index $envAll.Values.conf.backends $name }}
|
||||
+ - name: ceph-keyring-placement-{{$name}}
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -85,7 +86,7 @@ spec:
|
||||
- /tmp/ceph-keyring.sh
|
||||
env:
|
||||
- name: RBD_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
volumeMounts:
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -97,7 +98,7 @@ spec:
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
- {{ end }}
|
||||
+ {{- end }}
|
||||
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-volume-perms
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
index a274d12..f791cfa 100755
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -54,8 +54,9 @@ spec:
|
||||
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- - name: ceph-keyring-placement
|
||||
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
|
||||
+ {{- $backend := index $envAll.Values.conf.backends $name }}
|
||||
+ - name: ceph-keyring-placement-{{$name}}
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -63,7 +64,7 @@ spec:
|
||||
- /tmp/ceph-keyring.sh
|
||||
env:
|
||||
- name: RBD_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
volumeMounts:
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -75,7 +76,7 @@ spec:
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
- {{ end }}
|
||||
+ {{- end }}
|
||||
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
|
||||
- name: ceph-coordination-volume-perms
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index a43ba99..f3a83a9 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -110,7 +110,7 @@ spec:
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
|
||||
+ value: {{ .Values.conf.ceph.pools.backup.app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
index 99128db..5635feb 100755
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -87,7 +87,9 @@ spec:
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
containers:
|
||||
- - name: cinder-storage-init
|
||||
+ {{- range $name, $backend := .Values.conf.backends }}
|
||||
+ {{- if kindIs "map" $backend }}
|
||||
+ - name: cinder-storage-init-{{$name}}
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
@@ -95,23 +97,23 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
|
||||
- name: STORAGE_BACKEND
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
+ value: {{ $backend.volume_driver | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
|
||||
+ value: {{ $backend.rbd_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
- value: {{ .Values.conf.ceph.pools.volume.crush_rule | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).crush_rule | quote }}
|
||||
- name: RBD_POOL_REPLICATION
|
||||
- value: {{ .Values.conf.ceph.pools.volume.replication | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).replication | quote }}
|
||||
- name: RBD_POOL_CHUNK_SIZE
|
||||
- value: {{ .Values.conf.ceph.pools.volume.chunk_size | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).chunk_size | quote }}
|
||||
- name: RBD_POOL_SECRET
|
||||
- value: {{ .Values.secrets.rbd.volume | quote }}
|
||||
+ value: {{ $envAll.Values.secrets.rbd.volume | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/storage-init.sh
|
||||
@@ -120,20 +122,22 @@ spec:
|
||||
mountPath: /tmp/storage-init.sh
|
||||
subPath: storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
- {{- if empty .Values.conf.ceph.admin_keyring }}
|
||||
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
|
||||
- name: ceph-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+ {{- end }}
|
||||
+ {{- end }}
|
||||
volumes:
|
||||
- name: cinder-bin
|
||||
configMap:
|
||||
diff --git a/cinder/templates/utils/_ceph_backend_list.tpl b/cinder/templates/utils/_ceph_backend_list.tpl
|
||||
new file mode 100644
|
||||
index 0000000..bd681e6
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_ceph_backend_list.tpl
|
||||
@@ -0,0 +1,36 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- /*
|
||||
+ Return string with all ceph backends separated by comma. The list
|
||||
+ is either empty or it starts with a comma. Assuming "a", "b" and
|
||||
+ "c" are ceph backends then ceph_backend_list returns ",a,b,c".
|
||||
+ This means the first element in the returned list representation
|
||||
+ can always be skipped.
|
||||
+
|
||||
+ Usage:
|
||||
+ range $name := rest (splitList include "cinder.utils.ceph_backend_list" $)
|
||||
+*/ -}}
|
||||
+{{- define "cinder.utils.ceph_backend_list" -}}
|
||||
+ {{- range $name, $backend := .Values.conf.backends -}}
|
||||
+ {{- if kindIs "map" $backend }}
|
||||
+ {{- if (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
|
||||
+ {{- "," -}}
|
||||
+ {{- $name -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_ceph_volume_section_name.tpl b/cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
deleted file mode 100644
|
||||
index af16d6a..0000000
|
||||
--- a/cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
+++ /dev/null
|
||||
@@ -1,25 +0,0 @@
|
||||
-{{/*
|
||||
-Copyright 2017 The Openstack-Helm Authors.
|
||||
-
|
||||
-Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-you may not use this file except in compliance with the License.
|
||||
-You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
-Unless required by applicable law or agreed to in writing, software
|
||||
-distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-See the License for the specific language governing permissions and
|
||||
-limitations under the License.
|
||||
-*/}}
|
||||
-
|
||||
-{{- define "cinder.utils.ceph_volume_section_name" -}}
|
||||
-{{- range $section, $values := .Values.conf.backends -}}
|
||||
-{{- if kindIs "map" $values -}}
|
||||
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
-{{ $section }}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_is_ceph_backend.tpl b/cinder/templates/utils/_is_ceph_backend.tpl
|
||||
new file mode 100644
|
||||
index 0000000..3d5c3be
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_is_ceph_backend.tpl
|
||||
@@ -0,0 +1,21 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "cinder.utils.is_ceph_backend" -}}
|
||||
+ {{- if kindIs "map" . -}}
|
||||
+ {{- eq .volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
+ {{- end -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 362f691..839f7fb 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -302,10 +302,6 @@ ceph_client:
|
||||
user_secret_name: pvc-ceph-client-key
|
||||
|
||||
conf:
|
||||
- software:
|
||||
- rbd:
|
||||
- rbd_pool_app_name_backup: cinder-backup
|
||||
- rbd_pool_app_name: cinder-volume
|
||||
paste:
|
||||
composite:osapi_volume:
|
||||
use: call:cinder.api:root_app_factory
|
||||
@@ -745,10 +741,12 @@ conf:
|
||||
replication: 3
|
||||
crush_rule: replicated_rule
|
||||
chunk_size: 8
|
||||
+ app_name: cinder-backup
|
||||
volume:
|
||||
replication: 3
|
||||
crush_rule: replicated_rule
|
||||
chunk_size: 8
|
||||
+ app_name: cinder-volume
|
||||
cinder:
|
||||
DEFAULT:
|
||||
resource_query_filters_file: /etc/cinder/resource_filters.json
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
From 0ce54f2f141d24d1cf5795db8679039c67ffac50 Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Tue, 25 Jun 2019 20:20:41 -0400
|
||||
Subject: [PATCH] Nova: add service token
|
||||
|
||||
Add capability for nova to send service token. Default to disabled.
|
||||
Config setup is similar to keystone_authtoken.
|
||||
|
||||
Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
---
|
||||
nova/templates/configmap-etc.yaml | 26 ++++++++++++++++++++++++++
|
||||
nova/values.yaml | 3 +++
|
||||
2 files changed, 29 insertions(+)
|
||||
|
||||
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
|
||||
index 0d1e7a5..5446830 100644
|
||||
--- a/nova/templates/configmap-etc.yaml
|
||||
+++ b/nova/templates/configmap-etc.yaml
|
||||
@@ -52,6 +52,32 @@ limitations under the License.
|
||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
|
||||
{{- end -}}
|
||||
|
||||
+{{- if .Values.conf.nova.service_user.send_service_user_token -}}
|
||||
+
|
||||
+{{- if empty .Values.conf.nova.service_user.auth_url -}}
|
||||
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.region_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.project_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.project_domain_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.user_domain_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.username -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.password -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}}
|
||||
+{{- end -}}
|
||||
+
|
||||
+{{- end -}}
|
||||
+
|
||||
{{- if empty .Values.conf.nova.database.connection -}}
|
||||
{{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}}
|
||||
{{- end -}}
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 433ec3a..ee00591 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -1507,6 +1507,9 @@ conf:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
+ service_user:
|
||||
+ auth_type: password
|
||||
+ send_service_user_token: false
|
||||
libvirt:
|
||||
connection_uri: "qemu+tcp://127.0.0.1/system"
|
||||
images_type: qcow2
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,141 @@
|
|||
From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Tue, 9 Jul 2019 14:22:02 -0400
|
||||
Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints
|
||||
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
---
|
||||
aodh/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
aodh/values.yaml | 12 ++++++++++++
|
||||
panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
panko/values.yaml | 12 ++++++++++++
|
||||
4 files changed, 62 insertions(+)
|
||||
create mode 100644 aodh/templates/secret-ingress-tls.yaml
|
||||
create mode 100644 panko/templates/secret-ingress-tls.yaml
|
||||
|
||||
diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..707b38c
|
||||
--- /dev/null
|
||||
+++ b/aodh/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/aodh/values.yaml b/aodh/values.yaml
|
||||
index 90c9fac..cf7c6d7 100644
|
||||
--- a/aodh/values.yaml
|
||||
+++ b/aodh/values.yaml
|
||||
@@ -536,6 +536,10 @@ secrets:
|
||||
oslo_messaging:
|
||||
admin: aodh-rabbitmq-admin
|
||||
aodh: aodh-rabbitmq-user
|
||||
+ tls:
|
||||
+ alarming:
|
||||
+ api:
|
||||
+ public: aodh-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -598,6 +602,13 @@ endpoints:
|
||||
public: aodh
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -696,5 +707,6 @@ manifests:
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
secret_rabbitmq: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..9773f53
|
||||
--- /dev/null
|
||||
+++ b/panko/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/panko/values.yaml b/panko/values.yaml
|
||||
index 7adefd0..3acaf06 100644
|
||||
--- a/panko/values.yaml
|
||||
+++ b/panko/values.yaml
|
||||
@@ -159,6 +159,10 @@ secrets:
|
||||
oslo_db:
|
||||
admin: panko-db-admin
|
||||
panko: panko-db-user
|
||||
+ tls:
|
||||
+ event:
|
||||
+ api:
|
||||
+ public: panko-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -374,6 +378,13 @@ endpoints:
|
||||
public: panko
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -580,6 +591,7 @@ manifests:
|
||||
pod_rally_test: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 7de7cf2f14a58255d85149d08577dd63662aa6d9 Mon Sep 17 00:00:00 2001
|
||||
From: Teresa Ho <teresa.ho@windriver.com>
|
||||
Date: Mon, 15 Jul 2019 10:30:58 -0400
|
||||
Subject: [PATCH] Change cinder bootstrap script
|
||||
|
||||
This commit changes the cinder template bootstrap script
|
||||
to use the openstack client instead of the cinder client
|
||||
to list volume types.
|
||||
|
||||
Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
|
||||
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_bootstrap.sh.tpl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_bootstrap.sh.tpl b/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
index 6592d19..bd60fd8 100644
|
||||
--- a/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
+++ b/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
@@ -48,7 +48,7 @@ openstack volume type show {{ $name }} || \
|
||||
{{- end }}
|
||||
|
||||
{{- /* Check volume type and properties were added */}}
|
||||
-cinder extra-specs-list
|
||||
+openstack volume type list --long
|
||||
|
||||
{{- end }}
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
entries: {}
|
||||
generated: 2019-01-07T12:33:46.098166523-06:00
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
generated: 2019-01-02T15:19:36.215111369-06:00
|
||||
repositories:
|
||||
- caFile: ""
|
||||
cache: /builddir/.helm/repository/cache/local-index.yaml
|
||||
certFile: ""
|
||||
keyFile: ""
|
||||
name: local
|
||||
password: ""
|
||||
url: http://127.0.0.1:8879/charts
|
||||
username: ""
|
Loading…
Reference in New Issue