starlingx/openstack-armada-app
Code Issues Proposed changes

openstack-helm: remove dl_hook

Browse Source 
Add "dl_path" to download the source tarball.

Add "src_files" to copy local files to build directory.

Copy patches to deb_folder/patches, and remove the patching commands
from rules.

Remove dl_hook.

Test Plan:

Pass: successfully build openstack-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43801

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I5686cdab4869f5627422c8e7f99a0ce1bdeac9a7
This commit is contained in:
Yue Tao 2022-01-17 13:35:16 +08:00 committed by Yue Tao
parent 1d2ee5ad30
commit da84f84ecb
15 changed files with 3101 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
openstack-helm/debian/deb_folder/patches/0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch Normal file
View File

@ -0,0 +1,55 @@
From b620ae1fa40aeadb4bbe2164fad7cb5c330acb78 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 01:33:39 -0500
Subject: [PATCH] Remove stale Apache2 service pids when a POD starts.
Stale Apache2 pids will prevent Apache2 from starting and will leave
the POD in a crashed state.
Note: the pid file is somewhat confusingly called
/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
/var/run/httpd.
This is loosely based off the in-review upstream commit at
https://review.openstack.org/#/c/619747
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
keystone/templates/bin/_keystone-api.sh.tpl | 6 ++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
index 3ba90d9..4b77452 100644
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
@@ -40,6 +40,9 @@ function start () {
fi
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
}
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index 5d4286a..85740a0 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -41,10 +41,8 @@ function start () {
source /etc/apache2/envvars
fi
- if [ -f /var/run/apache2/apache2.pid ]; then
- # Remove the stale pid for debian/ubuntu images
- rm -f /var/run/apache2/apache2.pid
- fi
+ # Get rid of stale pid, shared memory segment and wsgi sock files if present.
+ rm -f /var/run/apache2/*
# Start Apache2
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
--
1.8.3.1

66
openstack-helm/debian/deb_folder/patches/0002-Nova-console-ip-address-search-optionality.patch Normal file
View File

@ -0,0 +1,66 @@
From b5ff7217bca8b5af345a8630ce76b360022336b3 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
compute init container
2. my_ip hypervisor address found by compute init container
These options can be used to prevent cases where the found addresses
overwrite what has already been defined in nova.conf by per host nova
compute daemonset overrides.
Story: 2005259
Task: 30066
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 4 ++++
nova/values.yaml | 2 ++
2 files changed, 6 insertions(+)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index 23ce347..60b0272 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -18,9 +18,13 @@ set -ex
exec nova-compute \
--config-file /etc/nova/nova.conf \
+{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
+{{- end }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
{{- if and ( empty .Values.conf.nova.DEFAULT.host ) ( .Values.pod.use_fqdn.compute ) }}
--config-file /tmp/pod-shared/nova-compute-fqdn.conf \
{{- end }}
+{{- if .Values.conf.hypervisor.address_search_enabled }}
--config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 6fb6237..ca92907 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -527,6 +527,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
+ address_search_enabled: true
ceph_client:
configmap: ceph-etc
@@ -1666,6 +1666,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
# This list is the keys to exclude from the config file ingested by nova-compute
--
1.8.3.1

338
openstack-helm/debian/deb_folder/patches/0003-Nova-chart-Support-ephemeral-pool-creation.patch Normal file
View File

@ -0,0 +1,338 @@
From 8d1a2f90284bc5c3a7fcfbae73f0bdb2e5b03320 Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
to make sure this pool exists.
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
Story: 2004922
Task: 29285
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-storage-init.sh.tpl | 73 +++++++++++++
nova/templates/configmap-bin.yaml | 2 +
nova/templates/job-storage-init.yaml | 153 +++++++++++++++++++++++++++
nova/values.yaml | 18 ++++
4 files changed, 246 insertions(+)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 0000000..416297f
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
+ echo "Update its cephx caps"
+ ceph auth caps client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd"
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ else
+ # NOTE: Restrict Nova permissions to what is needed.
+ # MON Read only and RBD access to the Nova ephemeral pool only.
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index c4e47fb..54571ac 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -93,6 +93,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-init.sh: |
{{ tuple "bin/_ssh-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 0000000..3963926
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,156 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if or $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index ca92907..3179231 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_xenial'
nova_spiceproxy: docker.io/openstackhelm/nova:stein-ubuntu_bionic
nova_spiceproxy_assets: docker.io/openstackhelm/nova:stein-ubuntu_bionic
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:2.0.0
image_repo_sync: docker.io/docker:17.07.0
nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
@@ -616,6 +617,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 3
+ rbd_chunk_size: 64
rally_tests:
run_tempest: false
clean_up: |
@@ -1893,6 +1902,7 @@ secrets:
compute_spice_proxy:
spiceproxy:
internal: nova-tls-spiceproxy
+ ephemeral: nova-ephemeral
# typically overridden by environmental
# values, but should include all endpoints
@@ -2572,6 +2582,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2619,6 +2636,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
--
1.8.3.1

34
openstack-helm/debian/deb_folder/patches/0004-Support-ingress-creation-for-keystone-admin-endpoint.patch Normal file
View File

@ -0,0 +1,34 @@
From db7a5422e48b963966c5e830d6f4391006a42578 Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Wed, 4 Dec 2019 13:35:44 -0500
Subject: [PATCH] Support ingress creation for keystone admin endpoint
This update added support to create ingress for custom keystone admin
endpoint. It can be used by deployment to expose keytone admin endpoint
to outside of the cluster by ingress.
Story: 2006588
Task: 37747
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
keystone/templates/ingress-api.yaml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml
index de36571..37c3013 100644
--- a/keystone/templates/ingress-api.yaml
+++ b/keystone/templates/ingress-api.yaml
@@ -21,3 +21,11 @@ limitations under the License.
{{- end -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.admin }}
+{{ $ingressNamePublic := tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+{{ $ingressNameAdmin := tuple "identity" "admin" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+{{- if not (eq $ingressNamePublic $ingressNameAdmin) }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "identity" "backendPort" "ks-pub" "endpoint" "admin" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
+{{- end }}
--
1.8.3.1

28
openstack-helm/debian/deb_folder/patches/0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch Normal file
View File

@ -0,0 +1,28 @@
From b272e8ff3a78f38ab82df7995233705611e99f81 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Tue, 1 Sep 2020 00:00:22 -0400
Subject: [PATCH 1/1] Allow set public endpoint url for keystone endpoints
---
keystone/templates/job-db-sync.yaml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
index 56a39b8..3d0681e 100644
--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@@ -20,7 +20,11 @@ env:
- name: OS_BOOTSTRAP_ADMIN_URL
value: {{ tuple "identity" "admin" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: OS_BOOTSTRAP_INTERNAL_URL
+ {{- if and (hasKey $envAll.Values.endpoints.identity "force_public_endpoint") $envAll.Values.endpoints.identity.force_public_endpoint }}
+ value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+ {{- else }}
value: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+ {{- end }}
- name: OS_BOOTSTRAP_PUBLIC_URL
value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: OPENSTACK_CONFIG_FILE
--
1.8.3.1

45
openstack-helm/debian/deb_folder/patches/0006-Wrong-usage-of-rbd_store_chunk_size.patch Normal file
View File

@ -0,0 +1,45 @@
From 2892d1bedf30e7260aa67ad93d94677fad55a760 Mon Sep 17 00:00:00 2001
From: Elena Taivan <elena.taivan@windriver.com>
Date: Wed, 30 Sep 2020 14:14:32 +0000
Subject: [PATCH] Wrong usage of 'rbd_store_chunk_size'
'rbd_store_chunk_size' option represents the size of the chunks
of the objects into which an image is chuncked.
It does not represent the 'pg_num' value of 'images' ceph pool.
Solution: replace 'rdb_store_chunk_size' with 'chunk_size' custom
option.
---
glance/templates/job-storage-init.yaml | 2 +-
glance/values.yaml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml
index 82524086..77ab1c60 100644
--- a/glance/templates/job-storage-init.yaml
+++ b/glance/templates/job-storage-init.yaml
@@ -114,7 +114,7 @@ spec:
- name: RBD_POOL_CRUSH_RULE
value: {{ .Values.conf.glance.glance_store.rbd_store_crush_rule | quote }}
- name: RBD_POOL_CHUNK_SIZE
- value: {{ .Values.conf.glance.glance_store.rbd_store_chunk_size | quote }}
+ value: {{ .Values.conf.glance.glance_store.chunk_size | quote }}
- name: RBD_POOL_SECRET
value: {{ .Values.secrets.rbd | quote }}
{{ end }}
diff --git a/glance/values.yaml b/glance/values.yaml
index 1428c299..a4f74379 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -256,7 +256,7 @@ conf:
auth_version: v3
memcache_security_strategy: ENCRYPT
glance_store:
- rbd_store_chunk_size: 8
+ chunk_size: 8
rbd_store_replication: 3
rbd_store_crush_rule: replicated_rule
rbd_store_pool: glance.images
--
2.17.1

113
openstack-helm/debian/deb_folder/patches/0007-Add-stx_admin-account.patch Normal file
View File

@ -0,0 +1,113 @@
From 50e5e101857767fa5b20a3f548e3f28ffb8664ed Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Wed, 28 Oct 2020 15:17:34 +0800
Subject: [PATCH] Add stx_admin account for host to communicate with openstack
app
lcavalca: changed content to support tls keystone
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: Iedcd131578f4e33efd3c3d7c47cbef83331b143a
---
keystone/templates/job-ks-user.yaml | 21 +++++++++++++++++++++
keystone/templates/secret-keystone.yaml | 2 +-
keystone/values.yaml | 17 +++++++++++++++++
3 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 keystone/templates/job-ks-user.yaml
diff --git a/keystone/templates/job-ks-user.yaml b/keystone/templates/job-ks-user.yaml
new file mode 100644
index 00000000..91f990f3
--- /dev/null
+++ b/keystone/templates/job-ks-user.yaml
@@ -0,0 +1,24 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_ks_user }}
+{{- $ksUserJob := dict "envAll" . "serviceName" "keystone" "serviceUser" "stx_admin" -}}
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
+{{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
+{{- end }}
diff --git a/keystone/templates/secret-keystone.yaml b/keystone/templates/secret-keystone.yaml
index 5aa87ab5..0e471f13 100644
--- a/keystone/templates/secret-keystone.yaml
+++ b/keystone/templates/secret-keystone.yaml
@@ -14,7 +14,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
-{{- range $key1, $userClass := tuple "admin" "test" }}
+{{- range $key1, $userClass := tuple "admin" "test" "stx_admin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 5f0e7aa1..ff4493f3 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -141,6 +141,10 @@ dependencies:
services:
- endpoint: internal
service: oslo_db
+ ks_user:
+ services:
+ - endpoint: internal
+ service: identity
domain_manage:
services:
- endpoint: internal
@@ -1047,6 +1051,7 @@ secrets:
identity:
admin: keystone-keystone-admin
test: keystone-keystone-test
+ stx_admin: keystone-keystone-stxadmin
oslo_db:
admin: keystone-db-admin
keystone: keystone-db-user
@@ -1090,6 +1095,17 @@ endpoints:
user_domain_name: default
project_domain_name: default
default_domain_id: default
+ stx_admin:
+ role:
+ - admin
+ - member
+ region_name: RegionOne
+ username: stx_admin
+ password: password
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ default_domain_id: default
test:
role: admin
region_name: RegionOne
@@ -1247,6 +1263,7 @@ manifests:
job_domain_manage: true
job_fernet_setup: true
job_image_repo_sync: true
+ job_ks_user: true
job_rabbit_init: true
pdb_api: true
pod_rally_test: true
--
2.17.1

130
openstack-helm/debian/deb_folder/patches/0008-Disabling-helm3_hook.patch Normal file
View File

@ -0,0 +1,130 @@
198597ee329c4c205f8852779e6a49 Mon Sep 17 00:00:00 2001
From: Thiago Brito <thiago.brito@windriver.com>
Date: Mon, 4 Oct 2021 10:04:21 -0300
Subject: [PATCH] Disabling helm3_hook
Since openstack-helm now defaults to use helmv3 hooks, this
changes disables it to maintain compatibility with the helm
version in use on StarlingX.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I2a343805be2bb20f39b2dd8cc8d2e8716961ea28
---
barbican/values.yaml | 2 +-
cinder/values.yaml | 2 +-
glance/values.yaml | 2 +-
heat/values.yaml | 2 +-
keystone/values.yaml | 2 +-
neutron/values.yaml | 2 +-
nova/values.yaml | 2 +-
placement/values.yaml | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 72efd88c..44d3b76b 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -31,7 +31,7 @@ release_group: null
# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
# Set to false to upgrade using helm2
-helm3_hook: true
+helm3_hook: false
images:
tags:
diff --git a/cinder/values.yaml b/cinder/values.yaml
index a70ed72a..30a2e47a 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -1516,7 +1516,7 @@ network_policy:
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
diff --git a/glance/values.yaml b/glance/values.yaml
index a03a69a1..459f04bc 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -1052,7 +1052,7 @@ pod:
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
diff --git a/heat/values.yaml b/heat/values.yaml
index 58f786b6..9e9ea64b 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -1293,7 +1293,7 @@ network_policy:
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
diff --git a/keystone/values.yaml b/keystone/values.yaml
index ff4493f3..84b8fe48 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -31,7 +31,7 @@ release_group: null
# NOTE(gagehugo): the pre-install hook breaks upgrade for helm2
# Set to false to upgrade using helm2
-helm3_hook: true
+helm3_hook: false
images:
tags:
diff --git a/neutron/values.yaml b/neutron/values.yaml
index c72a55b5..6073c6a3 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -2514,7 +2514,7 @@ network_policy:
egress:
- {}
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
diff --git a/nova/values.yaml b/nova/values.yaml
index 6b51b3d5..56f1dc9a 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2563,7 +2563,7 @@ network_policy:
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
diff --git a/placement/values.yaml b/placement/values.yaml
index 57d9eb48..2811b200 100644
--- a/placement/values.yaml
+++ b/placement/values.yaml
@@ -485,7 +485,7 @@ dependencies:
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
-helm3_hook: true
+helm3_hook: false
manifests:
certificates: false
--
2.17.1

75
openstack-helm/debian/deb_folder/patches/0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch Normal file
View File

@ -0,0 +1,75 @@
From 6d54af3aa180b3b82614ebc0cedd8b4d7d9f5db6 Mon Sep 17 00:00:00 2001
From: rferraz <RogerioOliveira.Ferraz@windriver.com>
Date: Wed, 17 Nov 2021 11:32:23 -0300
Subject: [PATCH] Add-flavor-extra-spec-hw-pci_irq_affinity_mask
---
glance/templates/configmap-etc.yaml | 3 +++
glance/templates/deployment-api.yaml | 6 ++++++
glance/templates/job-metadefs-load.yaml | 6 ++++++
glance/values.yaml | 1 +
4 files changed, 16 insertions(+)
diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
index 97f19fbc..f9be6bfb 100644
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@@ -195,6 +195,9 @@ data:
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
glance-registry.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_registry | b64enc }}
glance-registry-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste_registry | b64enc }}
+{{- range $key, $val := .Values.conf.extra_metadata }}
+ compute_{{ $key }}.json: {{ toJson $val | b64enc }}
+{{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 78e16715..81711967 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -183,6 +183,12 @@ spec:
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
+ {{- range $key, $val := .Values.conf.extra_metadata }}
+ - name: glance-etc
+ mountPath: /var/lib/openstack/etc/glance/metadefs/compute_{{ $key }}.json
+ subPath: compute_{{ $key }}.json
+ readOnly: true
+ {{- end }}
{{- if .Values.conf.glance.DEFAULT.log_config_append }}
- name: glance-etc
mountPath: {{ .Values.conf.glance.DEFAULT.log_config_append }}
diff --git a/glance/templates/job-metadefs-load.yaml b/glance/templates/job-metadefs-load.yaml
index 5c162a5f..47c4286a 100644
--- a/glance/templates/job-metadefs-load.yaml
+++ b/glance/templates/job-metadefs-load.yaml
@@ -64,6 +64,12 @@ spec:
mountPath: /tmp/metadefs-load.sh
subPath: metadefs-load.sh
readOnly: true
+ {{- range $key, $val := .Values.conf.extra_metadata }}
+ - name: glance-etc
+ mountPath: /var/lib/openstack/etc/glance/metadefs/compute_{{ $key }}.json
+ subPath: compute_{{ $key }}.json
+ readOnly: true
+ {{- end }}
- name: etcglance
mountPath: /etc/glance
- name: glance-etc
diff --git a/glance/values.yaml b/glance/values.yaml
index 459f04bc..0d1c2fdb 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -193,6 +193,7 @@ conf:
oslo_config_program: glance-api
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
+ extra_metadata: {}
policy:
metadef_default: ''
metadef_admin: 'role:admin'
--
2.17.1

2027
openstack-helm/debian/deb_folder/patches/0010-Enable-taint-toleration-for-Openstack-services.patch Normal file
View File

File diff suppressed because it is too large Load Diff

172
openstack-helm/debian/deb_folder/patches/0011-Fix-nova-compute-ssh-init-to-execute-as-runAsUser.patch Normal file
View File

@ -0,0 +1,172 @@
From fc736ec3993ff18b6380d2016060991e2c3a11f4 Mon Sep 17 00:00:00 2001
From: Thiago Brito <thiago.brito@windriver.com>
Date: Fri, 7 Jan 2022 15:59:41 -0300
Subject: [PATCH] Fix nova-compute-ssh init to execute as runAsUser
On _ssh-init.sh.tpl, despite one change the runAsUser for the
nova-compute container on the securityContext, the ssh keys are always
being copied into the 'nova' user's folder. This change fixes it by
getting the correct user defined on the securityContext and copying the
keys to its correct folder.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ia7883dc4626a295892eb4637ef717b0b1725ac89
---
nova/templates/bin/_ssh-init.sh.tpl | 13 ++++++++-----
nova/templates/daemonset-compute.yaml | 16 ++++++++++++----
nova/values.yaml | 4 +++-
3 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/nova/templates/bin/_ssh-init.sh.tpl b/nova/templates/bin/_ssh-init.sh.tpl
index be2e33a4..fbd96f04 100644
--- a/nova/templates/bin/_ssh-init.sh.tpl
+++ b/nova/templates/bin/_ssh-init.sh.tpl
@@ -16,10 +16,13 @@ limitations under the License.
set -ex
-mkdir -p ~nova/.ssh
-chown -R nova:nova ~nova/.ssh
+export NOVA_USERNAME=$(id -u ${NOVA_USER_UID} -n)
+export NOVA_USER_HOME=$(eval echo ~${NOVA_USERNAME})
-cat > ~nova/.ssh/config <<EOF
+mkdir -p ${NOVA_USER_HOME}/.ssh
+chown -R ${NOVA_USERNAME}:${NOVA_USERNAME} ${NOVA_USER_HOME}/.ssh
+
+cat > ${NOVA_USER_HOME}/.ssh/config <<EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
@@ -27,5 +30,5 @@ Host *
IdentitiesOnly yes
EOF
-cp /tmp/nova-ssh/* ~nova/.ssh/
-chmod 600 ~nova/.ssh/id_rsa
+cp /tmp/nova-ssh/* ${NOVA_USER_HOME}/.ssh/
+chmod 600 ${NOVA_USER_HOME}/.ssh/id_rsa
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 4c690d61..2b23e334 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -104,6 +104,7 @@ spec:
mountPath: /var/lib/nova
- name: pod-shared
mountPath: /tmp/pod-shared
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.conf.ceph.enabled }}
- name: ceph-perms
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -119,6 +120,7 @@ spec:
mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if empty .Values.conf.ceph.cinder.keyring }}
- name: ceph-admin-keyring-placement
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -141,6 +143,7 @@ spec:
subPath: key
readOnly: true
{{ end }}
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
- name: ceph-keyring-placement
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -169,6 +172,7 @@ spec:
mountPath: /etc/ceph/ceph.conf.template
subPath: ceph.conf
readOnly: true
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
{{- if eq .Values.console.console_kind "novnc"}}
- name: nova-compute-vnc-init
@@ -187,6 +191,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
{{- if eq .Values.console.console_kind "spice"}}
- name: nova-compute-spice-init
@@ -205,6 +210,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
- name: tungstenfabric-compute-init
@@ -217,15 +223,19 @@ spec:
mountPath: /opt/plugin
- name: tf-plugin-bin
mountPath: /opt/plugin/bin
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- end }}
{{- if .Values.network.ssh.enabled }}
- name: nova-compute-ssh-init
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
terminationMessagePath: /var/log/termination-log
env:
- name: SSH_PORT
value: {{ .Values.network.ssh.port | quote }}
+ - name: NOVA_USER_UID
+ value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
command:
- /tmp/ssh-init.sh
volumeMounts:
@@ -241,14 +251,13 @@ spec:
mountPath: /tmp/ssh-init.sh
subPath: ssh-init.sh
readOnly: true
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- end }}
containers:
- name: nova-compute
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- securityContext:
- privileged: true
env:
{{- if .Values.conf.ceph.enabled }}
- name: CEPH_CINDER_USER
@@ -431,8 +440,6 @@ spec:
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- securityContext:
- privileged: true
env:
- name: KEY_TYPES
value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.network.ssh.key_types | quote }}
@@ -455,6 +462,7 @@ spec:
subPath: ssh-start.sh
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
volumes:
- name: pod-tmp
diff --git a/nova/values.yaml b/nova/values.yaml
index cdb14575..72dd0d11 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2155,8 +2155,10 @@ pod:
readOnlyRootFilesystem: true
privileged: true
nova_compute_ssh:
- readOnlyRootFilesystem: true
privileged: true
+ runAsUser: 0
+ nova_compute_ssh_init:
+ runAsUser: 0
nova_api_metadata_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
--
2.17.1

11
openstack-helm/debian/deb_folder/patches/series Normal file
View File

@ -0,0 +1,11 @@
0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
0002-Nova-console-ip-address-search-optionality.patch
0003-Nova-chart-Support-ephemeral-pool-creation.patch
0004-Support-ingress-creation-for-keystone-admin-endpoint.patch
0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
0006-Wrong-usage-of-rbd_store_chunk_size.patch
0007-Add-stx_admin-account.patch
0008-Disabling-helm3_hook.patch
0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
0010-Enable-taint-toleration-for-Openstack-services.patch
0011-Fix-nova-compute-ssh-init-to-execute-as-runAsUser.patch

14
openstack-helm/debian/deb_folder/rules
View File

@ -11,22 +11,8 @@ export TOOLKIT_VERSION = 0.2.19
dh $@
override_dh_auto_build:
# Move the source files from the extracted root directory to build root.
mv openstack-helm/* .
# Stage helm-toolkit in the local repo.
cp $(HELM_FOLDER)/helm-toolkit-$(TOOLKIT_VERSION).tgz .
# Apply the openstack-helm patches.
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0002-Nova-console-ip-address-search-optionality.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0003-Nova-chart-Support-ephemeral-pool-creation.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0004-Support-ingress-creation-for-keystone-admin-endpoint.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0006-Wrong-usage-of-rbd_store_chunk_size.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0007-Add-stx_admin-account.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0008-Disabling-helm3_hook.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0010-Enable-taint-toleration-for-Openstack-services.patch
patch --no-backup-if-mismatch --fuzz=0 -p1 < 0011-Fix-nova-compute-ssh-init-to-execute-as-runAsUser.patch
# Host a server for the helm charts.
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" \
--storage-local-rootdir="." &

26
openstack-helm/debian/dl_hook
View File

@ -1,26 +0,0 @@
#!/bin/bash
set -x
PKG_BUILD_NAME=$1
PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME})
PKG_DIR="openstack-helm"
STX_BASE=$(realpath ${MY_REPO}/stx)
SRC=$(realpath ${STX_BASE}/openstack-armada-app/${PKG_DIR})
mkdir -p ${PKG_BUILD_ROOT}
pushd ${PKG_BUILD_ROOT}
# Local mirror workaround until CGCS_BASE mirror is supported.
STX_MIRROR=$(realpath "/import/mirrors/starlingx")
# Download openstack-helm source package.
SHA="7803000a545687ec40b0ddc41d46a6b377dea45f"
OPENSTACK_PKG="openstack-helm-${SHA}.tar.gz"
OPENSTACK_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${OPENSTACK_PKG})
cp ${OPENSTACK_SRC_PATH} ${PKG_BUILD_ROOT}
# Extract the openstack-helm tar file.
tar xfz ${OPENSTACK_PKG}
# Copy source files to the build directory.
cp -pr ${SRC}/files/* ${PKG_BUILD_ROOT}

8
openstack-helm/debian/meta_data.yaml
View File

@ -1,7 +1,13 @@
---
debname: openstack-helm
debver: 1.0-1
dl_hook: dl_hook
dl_path:
name: openstack-helm-7803000a545687ec40b0ddc41d46a6b377dea45f.tar.gz
url: https://github.com/openstack/openstack-helm/archive/7803000a545687ec40b0ddc41d46a6b377dea45f.tar.gz
md5sum: 52ec52b5c7c04211596c730651b4deac
src_files:
- files/index.yaml
- files/repositories.yaml
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true