From f32827ca618771e789da2612145470342ced0b83 Mon Sep 17 00:00:00 2001 From: Robert Church Date: Fri, 22 Mar 2019 04:37:33 -0400 Subject: [PATCH] openstack-helm chart rebase Each patch included in this commit contains a commit message that describes the required purpose of the patch. Change-Id: Ied38e5cbedbe06fd0b6f27612aa0bddf60064dea Depends-On: Ic788a2c86edfbceca1f1ff18dd0344472546c81b Story: 2004520 Task: 29966 Signed-off-by: Robert Church --- openstack-helm/centos/build_srpm.data | 4 +- openstack-helm/centos/openstack-helm.spec | 30 +- ...-Chart.patch => 0001-Add-Aodh-Chart.patch} | 437 ++-- .../files/0001-ceilometer-chart-updates.patch | 2126 ----------------- ...-add-the-ability-to-publish-events-t.patch | 93 + .../files/0003-Add-Panko-Chart.patch | 1693 ------------- ...che2-service-pids-when-a-POD-starts.patch} | 63 +- ...-in-nova-to-support-cold-migrations.patch} | 44 +- ...0005-Add-heat-purge-deleted-cron-job.patch | 209 -- ...onsole-ip-address-search-optionality.patch | 65 + ...art-Support-ephemeral-pool-creation.patch} | 84 +- ...ce-chart-add-images-pool-replication.patch | 55 - ...orizon-Disable-apache2-status_module.patch | 30 + ...ein-Remove-ceilometer-upgrade-option.patch | 27 - ...ort-for-disabling-Readiness-Liveness.patch | 224 ++ ...der-to-include-resource_filters.json.patch | 99 - ...-for-disabling-Readiness-Liveness-pr.patch | 227 ++ ...add-log_config_append-to-neutron-etc.patch | 38 - ...Jewel-support-for-nova-cinder-glance.patch | 176 ++ ...a-console-address-config-optionality.patch | 42 - ...er-host-overrides-of-auto_bridge_add.patch | 205 -- ...rfaces-added-via-ovs-auto_bridge_add.patch | 32 - 22 files changed, 1188 insertions(+), 4815 deletions(-) rename openstack-helm/files/{0002-Add-Aodh-Chart.patch => 0001-Add-Aodh-Chart.patch} (88%) delete mode 100644 openstack-helm/files/0001-ceilometer-chart-updates.patch create mode 100644 openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch delete mode 100644 openstack-helm/files/0003-Add-Panko-Chart.patch rename openstack-helm/files/{Remove-stale-Apache2-service-pids-when-a-POD-starts.patch => 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch} (57%) rename openstack-helm/files/{0006-Enable-cold-migration-in-nova-helm-chart.patch => 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch} (86%) delete mode 100644 openstack-helm/files/0005-Add-heat-purge-deleted-cron-job.patch create mode 100644 openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch rename openstack-helm/files/{0012-Nova-chart-Add-ephemeral-pool.patch => 0006-Nova-chart-Support-ephemeral-pool-creation.patch} (83%) delete mode 100644 openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch create mode 100644 openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch delete mode 100644 openstack-helm/files/0007-Stein-Remove-ceilometer-upgrade-option.patch create mode 100644 openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch delete mode 100644 openstack-helm/files/0008-Stein-Update-Cinder-to-include-resource_filters.json.patch create mode 100644 openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch delete mode 100644 openstack-helm/files/0009-Stein-add-log_config_append-to-neutron-etc.patch create mode 100644 openstack-helm/files/0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch delete mode 100644 openstack-helm/files/0010-Stein-Nova-console-address-config-optionality.patch delete mode 100644 openstack-helm/files/0011-Support-per-host-overrides-of-auto_bridge_add.patch delete mode 100644 openstack-helm/files/0013-neutron-up-interfaces-added-via-ovs-auto_bridge_add.patch diff --git a/openstack-helm/centos/build_srpm.data b/openstack-helm/centos/build_srpm.data index f167d8e9..1fc1ea3c 100644 --- a/openstack-helm/centos/build_srpm.data +++ b/openstack-helm/centos/build_srpm.data @@ -1,8 +1,8 @@ TAR_NAME=openstack-helm -SHA=9d72fe1a501bc609a875eebf7b6274e18600ed70 +SHA=6c71637222f47d85681038994f02feac92f75bd2 VERSION=1.0.0 TAR="$TAR_NAME-$SHA.tar.gz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* " -TIS_PATCH_VER=14 +TIS_PATCH_VER=15 diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index 2d6a3477..03cd544e 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -1,4 +1,4 @@ -%global sha 9d72fe1a501bc609a875eebf7b6274e18600ed70 +%global sha 6c71637222f47d85681038994f02feac92f75bd2 %global helm_folder /usr/lib/helm %global toolkit_version 0.1.0 %global helmchart_version 0.1.0 @@ -19,20 +19,16 @@ Source2: index.yaml BuildArch: noarch -Patch01: 0001-ceilometer-chart-updates.patch -Patch02: 0002-Add-Aodh-Chart.patch -Patch03: 0003-Add-Panko-Chart.patch -Patch04: Remove-stale-Apache2-service-pids-when-a-POD-starts.patch -Patch05: 0005-Add-heat-purge-deleted-cron-job.patch -Patch06: 0006-Enable-cold-migration-in-nova-helm-chart.patch -Patch07: 0007-Glance-chart-add-images-pool-replication.patch -Patch08: 0007-Stein-Remove-ceilometer-upgrade-option.patch -Patch09: 0008-Stein-Update-Cinder-to-include-resource_filters.json.patch -Patch10: 0009-Stein-add-log_config_append-to-neutron-etc.patch -Patch11: 0010-Stein-Nova-console-address-config-optionality.patch -Patch12: 0011-Support-per-host-overrides-of-auto_bridge_add.patch -Patch13: 0012-Nova-chart-Add-ephemeral-pool.patch -Patch14: 0013-neutron-up-interfaces-added-via-ovs-auto_bridge_add.patch +Patch01: 0001-Add-Aodh-Chart.patch +Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch +Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch +Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch +Patch05: 0005-Nova-console-ip-address-search-optionality.patch +Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch +Patch07: 0007-Horizon-Disable-apache2-status_module.patch +Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch +Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch +Patch10: 0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -53,10 +49,6 @@ Openstack Helm charts %patch08 -p1 %patch09 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 %build # initialize helm and build the toolkit diff --git a/openstack-helm/files/0002-Add-Aodh-Chart.patch b/openstack-helm/files/0001-Add-Aodh-Chart.patch similarity index 88% rename from openstack-helm/files/0002-Add-Aodh-Chart.patch rename to openstack-helm/files/0001-Add-Aodh-Chart.patch index c8b3659e..b9aad626 100644 --- a/openstack-helm/files/0002-Add-Aodh-Chart.patch +++ b/openstack-helm/files/0001-Add-Aodh-Chart.patch @@ -1,49 +1,56 @@ -From 656e36a319f48424d61624473b41c95aa610cd04 Mon Sep 17 00:00:00 2001 +From 5ab3650ea105a53b97f7e0aec2086f141f847aa2 Mon Sep 17 00:00:00 2001 From: Angie Wang -Date: Wed, 14 Nov 2018 11:39:55 -0500 -Subject: [PATCH 1/2] Add Aodh Chart +Date: Wed, 6 Mar 2019 15:26:25 -0500 +Subject: [PATCH 01/10] Add Aodh Chart -This commit adds a helm chart to deloy Aodh. +This commit adds a helm chart to deploy aodh. +The default deployment for aodh is ocata. -Aodh chart is created based on the upstream unfinished one: -https://review.openstack.org/#/c/468530/ +Change-Id: Id0312d90f079bd36daa1c80d2a9ecaa5fbfed7cd +Story: 2005022 +Task: 29501 +Signed-off-by: Angie Wang +(cherry picked from commit d9e179a607af74571f0e2df9d52961f57d6ea877) +Signed-off-by: Robert Church --- - aodh/Chart.yaml | 24 + - aodh/requirements.yaml | 18 + - aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl | 21 + - aodh/templates/bin/_aodh-api.sh.tpl | 39 ++ - aodh/templates/bin/_aodh-evaluator.sh.tpl | 21 + - aodh/templates/bin/_aodh-listener.sh.tpl | 21 + - aodh/templates/bin/_aodh-notifier.sh.tpl | 21 + - aodh/templates/bin/_aodh-test.sh.tpl | 54 ++ - aodh/templates/bin/_bootstrap.sh.tpl | 20 + - aodh/templates/bin/_db-sync.sh.tpl | 21 + - aodh/templates/configmap-bin.yaml | 60 +++ - aodh/templates/configmap-etc.yaml | 121 +++++ - aodh/templates/cron-job-alarms-cleaner.yaml | 84 ++++ - aodh/templates/deployment-api.yaml | 121 +++++ - aodh/templates/deployment-evaluator.yaml | 101 ++++ - aodh/templates/deployment-listener.yaml | 102 ++++ - aodh/templates/deployment-notifier.yaml | 103 ++++ - aodh/templates/ingress-api.yaml | 20 + - aodh/templates/job-bootstrap.yaml | 20 + - aodh/templates/job-db-drop.yaml | 20 + - aodh/templates/job-db-init.yaml | 20 + - aodh/templates/job-db-sync.yaml | 20 + - aodh/templates/job-image-repo-sync.yaml | 20 + - aodh/templates/job-ks-endpoints.yaml | 20 + - aodh/templates/job-ks-service.yaml | 20 + - aodh/templates/job-ks-user.yaml | 20 + - aodh/templates/job-rabbit-init.yaml | 20 + - aodh/templates/pdb-api.yaml | 29 ++ - aodh/templates/pod-aodh-test.yaml | 72 +++ - aodh/templates/secret-db.yaml | 30 ++ - aodh/templates/secret-keystone.yaml | 30 ++ - aodh/templates/secret-rabbitmq.yaml | 30 ++ - aodh/templates/service-api.yaml | 39 ++ - aodh/templates/service-ingress-api.yaml | 20 + - aodh/values.yaml | 671 +++++++++++++++++++++++++ - 35 files changed, 2073 insertions(+) + aodh/Chart.yaml | 24 + + aodh/requirements.yaml | 18 + + aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl | 21 + + aodh/templates/bin/_aodh-api.sh.tpl | 43 ++ + aodh/templates/bin/_aodh-evaluator.sh.tpl | 21 + + aodh/templates/bin/_aodh-listener.sh.tpl | 21 + + aodh/templates/bin/_aodh-notifier.sh.tpl | 21 + + aodh/templates/bin/_aodh-test.sh.tpl | 54 ++ + aodh/templates/bin/_bootstrap.sh.tpl | 21 + + aodh/templates/bin/_db-sync.sh.tpl | 21 + + aodh/templates/configmap-bin.yaml | 59 ++ + aodh/templates/configmap-etc.yaml | 120 ++++ + aodh/templates/cron-job-alarms-cleaner.yaml | 84 +++ + aodh/templates/deployment-api.yaml | 122 ++++ + aodh/templates/deployment-evaluator.yaml | 103 +++ + aodh/templates/deployment-listener.yaml | 103 +++ + aodh/templates/deployment-notifier.yaml | 103 +++ + aodh/templates/ingress-api.yaml | 20 + + aodh/templates/job-bootstrap.yaml | 20 + + aodh/templates/job-db-drop.yaml | 20 + + aodh/templates/job-db-init.yaml | 20 + + aodh/templates/job-db-sync.yaml | 20 + + aodh/templates/job-image-repo-sync.yaml | 20 + + aodh/templates/job-ks-endpoints.yaml | 20 + + aodh/templates/job-ks-service.yaml | 20 + + aodh/templates/job-ks-user.yaml | 20 + + aodh/templates/job-rabbit-init.yaml | 20 + + aodh/templates/pdb-api.yaml | 29 + + aodh/templates/pod-aodh-test.yaml | 72 +++ + aodh/templates/secret-db.yaml | 30 + + aodh/templates/secret-keystone.yaml | 30 + + aodh/templates/secret-rabbitmq.yaml | 30 + + aodh/templates/service-api.yaml | 39 ++ + aodh/templates/service-ingress-api.yaml | 20 + + aodh/values.yaml | 700 +++++++++++++++++++++ + tools/deployment/multinode/250-aodh.sh | 34 + + .../{250-ceilometer.sh => 260-ceilometer.sh} | 0 + 37 files changed, 2143 insertions(+) create mode 100644 aodh/Chart.yaml create mode 100644 aodh/requirements.yaml create mode 100644 aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl @@ -79,14 +86,16 @@ https://review.openstack.org/#/c/468530/ create mode 100644 aodh/templates/service-api.yaml create mode 100644 aodh/templates/service-ingress-api.yaml create mode 100644 aodh/values.yaml + create mode 100755 tools/deployment/multinode/250-aodh.sh + rename tools/deployment/multinode/{250-ceilometer.sh => 260-ceilometer.sh} (100%) diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml new file mode 100644 -index 0000000..6f666f0 +index 00000000..7cc4d27c --- /dev/null +++ b/aodh/Chart.yaml @@ -0,0 +1,24 @@ -+# Copyright 2017 The Openstack-Helm Authors. ++# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. @@ -104,7 +113,7 @@ index 0000000..6f666f0 +description: Openstack-Helm Aodh +name: aodh +version: 0.1.0 -+home: https://docs.openstack.org/developer/aodh ++home: https://docs.openstack.org/aodh/latest/ +sources: + - https://git.openstack.org/cgit/openstack/aodh + - https://git.openstack.org/cgit/openstack/openstack-helm @@ -112,11 +121,11 @@ index 0000000..6f666f0 + - name: OpenStack-Helm Authors diff --git a/aodh/requirements.yaml b/aodh/requirements.yaml new file mode 100644 -index 0000000..53782e6 +index 00000000..780e525c --- /dev/null +++ b/aodh/requirements.yaml @@ -0,0 +1,18 @@ -+# Copyright 2017 The Openstack-Helm Authors. ++# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. @@ -136,14 +145,14 @@ index 0000000..53782e6 + version: 0.1.0 diff --git a/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl b/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl new file mode 100644 -index 0000000..8ca0e7c +index 00000000..c7bfe2f3 --- /dev/null +++ b/aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -160,17 +169,17 @@ index 0000000..8ca0e7c + +set -ex + -+aodh-expirer ++exec aodh-expirer diff --git a/aodh/templates/bin/_aodh-api.sh.tpl b/aodh/templates/bin/_aodh-api.sh.tpl new file mode 100644 -index 0000000..708b327 +index 00000000..4ec8291e --- /dev/null +++ b/aodh/templates/bin/_aodh-api.sh.tpl -@@ -0,0 +1,39 @@ +@@ -0,0 +1,43 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -186,6 +195,7 @@ index 0000000..708b327 +*/}} + +set -ex ++ +COMMAND="${@:-start}" + +function start () { @@ -197,6 +207,9 @@ index 0000000..708b327 + source /etc/apache2/envvars + fi + ++ # Get rid of stale pid file if present. ++ rm -f /var/run/apache2/*.pid ++ + # Start Apache2 + exec apache2 -DFOREGROUND +} @@ -208,14 +221,14 @@ index 0000000..708b327 +$COMMAND diff --git a/aodh/templates/bin/_aodh-evaluator.sh.tpl b/aodh/templates/bin/_aodh-evaluator.sh.tpl new file mode 100644 -index 0000000..7c7b07b +index 00000000..55104009 --- /dev/null +++ b/aodh/templates/bin/_aodh-evaluator.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -235,14 +248,14 @@ index 0000000..7c7b07b +exec aodh-evaluator --config-file=/etc/aodh/aodh.conf diff --git a/aodh/templates/bin/_aodh-listener.sh.tpl b/aodh/templates/bin/_aodh-listener.sh.tpl new file mode 100644 -index 0000000..0abeba4 +index 00000000..b833c974 --- /dev/null +++ b/aodh/templates/bin/_aodh-listener.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -262,14 +275,14 @@ index 0000000..0abeba4 +exec aodh-listener --config-file=/etc/aodh/aodh.conf diff --git a/aodh/templates/bin/_aodh-notifier.sh.tpl b/aodh/templates/bin/_aodh-notifier.sh.tpl new file mode 100644 -index 0000000..b1b4f94 +index 00000000..beba9f1e --- /dev/null +++ b/aodh/templates/bin/_aodh-notifier.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -289,14 +302,14 @@ index 0000000..b1b4f94 +exec aodh-notifier --config-file=/etc/aodh/aodh.conf diff --git a/aodh/templates/bin/_aodh-test.sh.tpl b/aodh/templates/bin/_aodh-test.sh.tpl new file mode 100644 -index 0000000..fc95b06 +index 00000000..783c8995 --- /dev/null +++ b/aodh/templates/bin/_aodh-test.sh.tpl @@ -0,0 +1,54 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -312,21 +325,21 @@ index 0000000..fc95b06 +*/}} + +set -ex ++ +export HOME=/tmp + -+RESOURCE_UUID={{ uuidv4 }} +echo "Test: create an alarm" +aodh alarm create \ -+ --name alarm_test \ -+ --type gnocchi_resources_threshold \ -+ --metric ram_util --threshold 10.0 \ -+ --comparison-operator eq \ ++ --name test_cpu_aggregation \ ++ --type gnocchi_aggregation_by_resources_threshold \ ++ --metric cpu --threshold 214106115 \ ++ --comparison-operator lt \ + --aggregation-method mean \ -+ --granularity 300 \ ++ --granularity 300 \ + --evaluation-periods 1 \ + --alarm-action 'http://localhost:8776/alarm' \ -+ --resource-id ${RESOURCE_UUID} \ -+ --resource-type generic ++ --resource-type instance \ ++ --query '{"=": {"flavor_name": "small"}}' +sleep 5 + +echo "Test: list alarms" @@ -349,14 +362,14 @@ index 0000000..fc95b06 + diff --git a/aodh/templates/bin/_bootstrap.sh.tpl b/aodh/templates/bin/_bootstrap.sh.tpl new file mode 100644 -index 0000000..533c0a5 +index 00000000..6deaab5b --- /dev/null +++ b/aodh/templates/bin/_bootstrap.sh.tpl -@@ -0,0 +1,20 @@ +@@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -372,17 +385,18 @@ index 0000000..533c0a5 +*/}} + +set -ex ++ +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/aodh/templates/bin/_db-sync.sh.tpl b/aodh/templates/bin/_db-sync.sh.tpl new file mode 100644 -index 0000000..7eb7bd3 +index 00000000..037db164 --- /dev/null +++ b/aodh/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -399,16 +413,15 @@ index 0000000..7eb7bd3 + +set -ex + -+aodh-dbsync ++exec aodh-dbsync diff --git a/aodh/templates/configmap-bin.yaml b/aodh/templates/configmap-bin.yaml new file mode 100644 -index 0000000..3ee32e7 +index 00000000..db9c65ee --- /dev/null +++ b/aodh/templates/configmap-bin.yaml -@@ -0,0 +1,60 @@ -+ +@@ -0,0 +1,59 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -468,12 +481,12 @@ index 0000000..3ee32e7 +{{- end }} diff --git a/aodh/templates/configmap-etc.yaml b/aodh/templates/configmap-etc.yaml new file mode 100644 -index 0000000..24e4e08 +index 00000000..7cd0dcb1 --- /dev/null +++ b/aodh/templates/configmap-etc.yaml -@@ -0,0 +1,121 @@ +@@ -0,0 +1,120 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -592,15 +605,14 @@ index 0000000..24e4e08 + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_aodh "key" "wsgi-aodh.conf" "format" "Secret" ) | indent 2 }} +{{- end }} -+ diff --git a/aodh/templates/cron-job-alarms-cleaner.yaml b/aodh/templates/cron-job-alarms-cleaner.yaml new file mode 100644 -index 0000000..efb839b +index 00000000..a9b273d0 --- /dev/null +++ b/aodh/templates/cron-job-alarms-cleaner.yaml @@ -0,0 +1,84 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -685,12 +697,12 @@ index 0000000..efb839b +{{- end }} diff --git a/aodh/templates/deployment-api.yaml b/aodh/templates/deployment-api.yaml new file mode 100644 -index 0000000..cfe697b +index 00000000..9f04ab71 --- /dev/null +++ b/aodh/templates/deployment-api.yaml -@@ -0,0 +1,121 @@ +@@ -0,0 +1,122 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -733,10 +745,12 @@ index 0000000..cfe697b + labels: +{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: ++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} ++{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: @@ -748,8 +762,7 @@ index 0000000..cfe697b + - name: aodh-api +{{ tuple $envAll "aodh_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ runAsUser: {{ .Values.pod.user.aodh.uid }} ++{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/aodh-api.sh + - start @@ -812,12 +825,12 @@ index 0000000..cfe697b +{{- end }} diff --git a/aodh/templates/deployment-evaluator.yaml b/aodh/templates/deployment-evaluator.yaml new file mode 100644 -index 0000000..daab9c1 +index 00000000..2df99de6 --- /dev/null +++ b/aodh/templates/deployment-evaluator.yaml -@@ -0,0 +1,101 @@ +@@ -0,0 +1,103 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -831,6 +844,7 @@ index 0000000..daab9c1 +See the License for the specific language governing permissions and +limitations under the License. +*/}} ++ +{{- if .Values.manifests.deployment_evaluator }} +{{- $envAll := . }} + @@ -859,10 +873,12 @@ index 0000000..daab9c1 + labels: +{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: ++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} ++{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "aodh" "evaluator" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: @@ -873,8 +889,7 @@ index 0000000..daab9c1 + - name: aodh-evaluator +{{ tuple $envAll "aodh_evaluator" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.evaluator | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ runAsUser: {{ .Values.pod.user.aodh.uid }} ++{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_evaluator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/aodh-evaluator.sh + - start @@ -919,12 +934,12 @@ index 0000000..daab9c1 +{{- end }} diff --git a/aodh/templates/deployment-listener.yaml b/aodh/templates/deployment-listener.yaml new file mode 100644 -index 0000000..5f90c75 +index 00000000..f24eb584 --- /dev/null +++ b/aodh/templates/deployment-listener.yaml -@@ -0,0 +1,102 @@ +@@ -0,0 +1,103 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -938,6 +953,7 @@ index 0000000..5f90c75 +See the License for the specific language governing permissions and +limitations under the License. +*/}} ++ +{{- if .Values.manifests.deployment_listener }} +{{- $envAll := . }} + @@ -966,10 +982,12 @@ index 0000000..5f90c75 + labels: +{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: ++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} ++{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "aodh" "listener" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: @@ -980,8 +998,7 @@ index 0000000..5f90c75 + - name: aodh-listener +{{ tuple $envAll "aodh_listener" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.listener | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ runAsUser: {{ .Values.pod.user.aodh.uid }} ++{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_listener" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/aodh-listener.sh + - start @@ -1024,15 +1041,14 @@ index 0000000..5f90c75 + defaultMode: 0555 +{{ if $mounts_aodh_listener.volumes }}{{ toYaml $mounts_aodh_listener.volumes | indent 8 }}{{ end }} +{{- end }} -+ diff --git a/aodh/templates/deployment-notifier.yaml b/aodh/templates/deployment-notifier.yaml new file mode 100644 -index 0000000..ee21422 +index 00000000..86094443 --- /dev/null +++ b/aodh/templates/deployment-notifier.yaml @@ -0,0 +1,103 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1075,10 +1091,12 @@ index 0000000..ee21422 + labels: +{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: ++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} ++{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "aodh" "notifier" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: @@ -1089,8 +1107,7 @@ index 0000000..ee21422 + - name: aodh-notifier +{{ tuple $envAll "aodh_notifier" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.notifier | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ runAsUser: {{ .Values.pod.user.aodh.uid }} ++{{ dict "envAll" $envAll "application" "aodh" "container" "aodh_notifier" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/aodh-notifier.sh + - start @@ -1133,15 +1150,14 @@ index 0000000..ee21422 + defaultMode: 0555 +{{ if $mounts_aodh_notifier.volumes }}{{ toYaml $mounts_aodh_notifier.volumes | indent 8 }}{{ end }} +{{- end }} -+ diff --git a/aodh/templates/ingress-api.yaml b/aodh/templates/ingress-api.yaml new file mode 100644 -index 0000000..fe3f31c +index 00000000..f848d55e --- /dev/null +++ b/aodh/templates/ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1162,12 +1178,12 @@ index 0000000..fe3f31c +{{- end }} diff --git a/aodh/templates/job-bootstrap.yaml b/aodh/templates/job-bootstrap.yaml new file mode 100644 -index 0000000..17cea12 +index 00000000..e6b6f7a7 --- /dev/null +++ b/aodh/templates/job-bootstrap.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1188,12 +1204,12 @@ index 0000000..17cea12 +{{- end }} diff --git a/aodh/templates/job-db-drop.yaml b/aodh/templates/job-db-drop.yaml new file mode 100644 -index 0000000..8c2d80c +index 00000000..5f5129a3 --- /dev/null +++ b/aodh/templates/job-db-drop.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1212,15 +1228,14 @@ index 0000000..8c2d80c +{{- $dbDropJob := dict "envAll" . "serviceName" "aodh" -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} -\ No newline at end of file diff --git a/aodh/templates/job-db-init.yaml b/aodh/templates/job-db-init.yaml new file mode 100644 -index 0000000..5d14fb7 +index 00000000..8d0fddeb --- /dev/null +++ b/aodh/templates/job-db-init.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1241,12 +1256,12 @@ index 0000000..5d14fb7 +{{- end }} diff --git a/aodh/templates/job-db-sync.yaml b/aodh/templates/job-db-sync.yaml new file mode 100644 -index 0000000..2428c7f +index 00000000..a642f194 --- /dev/null +++ b/aodh/templates/job-db-sync.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1267,12 +1282,12 @@ index 0000000..2428c7f +{{- end }} diff --git a/aodh/templates/job-image-repo-sync.yaml b/aodh/templates/job-image-repo-sync.yaml new file mode 100644 -index 0000000..0eeef1e +index 00000000..ebab594f --- /dev/null +++ b/aodh/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1293,12 +1308,12 @@ index 0000000..0eeef1e +{{- end }} diff --git a/aodh/templates/job-ks-endpoints.yaml b/aodh/templates/job-ks-endpoints.yaml new file mode 100644 -index 0000000..7fc30c2 +index 00000000..61819c83 --- /dev/null +++ b/aodh/templates/job-ks-endpoints.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1319,12 +1334,12 @@ index 0000000..7fc30c2 +{{- end }} diff --git a/aodh/templates/job-ks-service.yaml b/aodh/templates/job-ks-service.yaml new file mode 100644 -index 0000000..b4120b3 +index 00000000..2c14e1a4 --- /dev/null +++ b/aodh/templates/job-ks-service.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1345,12 +1360,12 @@ index 0000000..b4120b3 +{{- end }} diff --git a/aodh/templates/job-ks-user.yaml b/aodh/templates/job-ks-user.yaml new file mode 100644 -index 0000000..9618931 +index 00000000..d529fa3f --- /dev/null +++ b/aodh/templates/job-ks-user.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1371,12 +1386,12 @@ index 0000000..9618931 +{{- end }} diff --git a/aodh/templates/job-rabbit-init.yaml b/aodh/templates/job-rabbit-init.yaml new file mode 100644 -index 0000000..06cc5a7 +index 00000000..866cbbd4 --- /dev/null +++ b/aodh/templates/job-rabbit-init.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1397,12 +1412,12 @@ index 0000000..06cc5a7 +{{- end }} diff --git a/aodh/templates/pdb-api.yaml b/aodh/templates/pdb-api.yaml new file mode 100644 -index 0000000..1892708 +index 00000000..800b8e98 --- /dev/null +++ b/aodh/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1432,12 +1447,12 @@ index 0000000..1892708 +{{- end }} diff --git a/aodh/templates/pod-aodh-test.yaml b/aodh/templates/pod-aodh-test.yaml new file mode 100644 -index 0000000..a12ec30 +index 00000000..bb029b58 --- /dev/null +++ b/aodh/templates/pod-aodh-test.yaml @@ -0,0 +1,72 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1510,12 +1525,12 @@ index 0000000..a12ec30 +{{- end }} diff --git a/aodh/templates/secret-db.yaml b/aodh/templates/secret-db.yaml new file mode 100644 -index 0000000..85568c1 +index 00000000..14786633 --- /dev/null +++ b/aodh/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1544,15 +1559,14 @@ index 0000000..85568c1 + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} -\ No newline at end of file diff --git a/aodh/templates/secret-keystone.yaml b/aodh/templates/secret-keystone.yaml new file mode 100644 -index 0000000..aef25b2 +index 00000000..76664be5 --- /dev/null +++ b/aodh/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1583,12 +1597,12 @@ index 0000000..aef25b2 +{{- end }} diff --git a/aodh/templates/secret-rabbitmq.yaml b/aodh/templates/secret-rabbitmq.yaml new file mode 100644 -index 0000000..ad65ae3 +index 00000000..19b6474a --- /dev/null +++ b/aodh/templates/secret-rabbitmq.yaml @@ -0,0 +1,30 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1619,12 +1633,12 @@ index 0000000..ad65ae3 +{{- end }} diff --git a/aodh/templates/service-api.yaml b/aodh/templates/service-api.yaml new file mode 100644 -index 0000000..bb9083e +index 00000000..2a786ce2 --- /dev/null +++ b/aodh/templates/service-api.yaml @@ -0,0 +1,39 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1650,9 +1664,9 @@ index 0000000..bb9083e + ports: + - name: a-api + port: {{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ {{ if .Values.network.api.node_port.enabled }} ++ {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} -+ {{ end }} ++ {{ end }} + selector: +{{ tuple $envAll "aodh" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} @@ -1664,12 +1678,12 @@ index 0000000..bb9083e +{{- end }} diff --git a/aodh/templates/service-ingress-api.yaml b/aodh/templates/service-ingress-api.yaml new file mode 100644 -index 0000000..c1b9658 +index 00000000..2749b493 --- /dev/null +++ b/aodh/templates/service-ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* -+Copyright 2017 The Openstack-Helm Authors. ++Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -1690,11 +1704,11 @@ index 0000000..c1b9658 +{{- end }} diff --git a/aodh/values.yaml b/aodh/values.yaml new file mode 100644 -index 0000000..bd7a736 +index 00000000..90c9faca --- /dev/null +++ b/aodh/values.yaml -@@ -0,0 +1,671 @@ -+# Copyright 2017 The Openstack-Helm Authors. +@@ -0,0 +1,700 @@ ++# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. @@ -1710,7 +1724,8 @@ index 0000000..bd7a736 + +# Default values for aodh. +# This is a YAML-formatted file. -+# Declare variables to be passed into your templates. ++# Declare name/value pairs to be passed into your templates. ++# name: value + +release_group: null + @@ -1737,27 +1752,27 @@ index 0000000..bd7a736 + +images: + tags: -+ bootstrap: docker.io/openstackhelm/heat:newton -+ db_init: docker.io/kolla/ubuntu-source-aodh-api:3.0.3 -+ db_drop: docker.io/openstackhelm/heat:newton ++ bootstrap: docker.io/openstackhelm/heat:ocata ++ db_init: docker.io/openstackhelm/heat:ocata ++ db_drop: docker.io/openstackhelm/heat:ocata + rabbit_init: docker.io/rabbitmq:3.7-management -+ aodh_db_sync: docker.io/kolla/ubuntu-source-aodh-api:3.0.3 -+ ks_user: docker.io/openstackhelm/heat:newton -+ ks_service: docker.io/openstackhelm/heat:newton -+ ks_endpoints: docker.io/openstackhelm/heat:newton -+ aodh_api: docker.io/kolla/ubuntu-source-aodh-api:3.0.3 -+ aodh_evaluator: docker.io/kolla/ubuntu-source-aodh-evaluator:3.0.3 -+ aodh_listener: docker.io/kolla/ubuntu-source-aodh-listener:3.0.3 -+ aodh_notifier: docker.io/kolla/ubuntu-source-aodh-notifier:3.0.3 -+ aodh_alarms_cleaner: docker.io/kolla/ubuntu-source-aodh-base:3.0.3 ++ aodh_db_sync: docker.io/kolla/ubuntu-source-aodh-api:ocata ++ ks_user: docker.io/openstackhelm/heat:ocata ++ ks_service: docker.io/openstackhelm/heat:ocata ++ ks_endpoints: docker.io/openstackhelm/heat:ocata ++ aodh_api: docker.io/kolla/ubuntu-source-aodh-api:ocata ++ aodh_evaluator: docker.io/kolla/ubuntu-source-aodh-evaluator:ocata ++ aodh_listener: docker.io/kolla/ubuntu-source-aodh-listener:ocata ++ aodh_notifier: docker.io/kolla/ubuntu-source-aodh-notifier:ocata ++ aodh_alarms_cleaner: docker.io/kolla/ubuntu-source-aodh-base:ocata + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: -+ - dep_check -+ - image_repo_sync ++ - dep_check ++ - image_repo_sync + +jobs: + alarms_cleaner: @@ -1768,9 +1783,22 @@ index 0000000..bd7a736 + failed: 1 + +pod: -+ user: ++ security_context: + aodh: -+ uid: 42424 ++ pod: ++ runAsUser: 42402 ++ container: ++ aodh_api: ++ runAsUser: 0 ++ aodh_evaluator: ++ readOnlyRootFilesystem: true ++ allowPrivilegeEscalation: false ++ aodh_notifier: ++ readOnlyRootFilesystem: true ++ allowPrivilegeEscalation: false ++ aodh_listener: ++ readOnlyRootFilesystem: true ++ allowPrivilegeEscalation: false + affinity: + anti: + type: @@ -1781,24 +1809,38 @@ index 0000000..bd7a736 + aodh_api: + init_container: null + aodh_api: ++ volumeMounts: ++ volumes: + aodh_evaluator: + init_container: null + aodh_evaluator: ++ volumeMounts: ++ volumes: + aodh_listener: + init_container: null + aodh_listener: ++ volumeMounts: ++ volumes: + aodh_notifier: + init_container: null + aodh_notifier: ++ volumeMounts: ++ volumes: + aodh_alarms_cleaner: + init_container: null + aodh_alarms_cleaner: ++ volumeMounts: ++ volumes: + aodh_bootstrap: + init_container: null + aodh_bootstrap: ++ volumeMounts: ++ volumes: + aodh_tests: + init_container: null + aodh_tests: ++ volumeMounts: ++ volumes: + replicas: + api: 1 + evaluator: 1 @@ -2122,6 +2164,8 @@ index 0000000..bd7a736 + DEFAULT: + debug: false + log_config_append: /etc/aodh/logging.conf ++ oslo_middleware: ++ enable_proxy_headers_parsing: true + database: + alarm_history_time_to_live: 86400 + max_retries: -1 @@ -2136,24 +2180,24 @@ index 0000000..bd7a736 + logging: + loggers: + keys: -+ - root -+ - aodh ++ - root ++ - aodh + handlers: + keys: -+ - stdout -+ - stderr -+ - "null" ++ - stdout ++ - stderr ++ - "null" + formatters: + keys: -+ - context -+ - default ++ - context ++ - default + logger_root: -+ level: WARNING -+ handlers: 'null' ++ level: WARNING ++ handlers: 'null' + logger_aodh: + level: INFO + handlers: -+ - stdout ++ - stdout + qualname: aodh + logger_amqp: + level: WARNING @@ -2364,7 +2408,50 @@ index 0000000..bd7a736 + secret_rabbitmq: true + service_api: true + service_ingress_api: true +diff --git a/tools/deployment/multinode/250-aodh.sh b/tools/deployment/multinode/250-aodh.sh +new file mode 100755 +index 00000000..41e398a6 +--- /dev/null ++++ b/tools/deployment/multinode/250-aodh.sh +@@ -0,0 +1,34 @@ ++#!/bin/bash + ++# Copyright 2019 The Openstack-Helm Authors. ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); you may ++# not use this file except in compliance with the License. You may obtain ++# a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT ++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the ++# License for the specific language governing permissions and limitations ++# under the License. ++set -xe ++ ++#NOTE: Wait for deploy ++helm upgrade --install aodh ./aodh \ ++ --namespace=openstack \ ++ --set pod.replicas.api=2 \ ++ --set pod.replicas.evaluator=2 \ ++ --set pod.replicas.listener=2 \ ++ --set pod.replicas.notifier=2 \ ++ ${OSH_EXTRA_HELM_ARGS} \ ++ ${OSH_EXTRA_HELM_ARGS_AODH} ++ ++#NOTE: Wait for deploy ++./tools/deployment/common/wait-for-pods.sh openstack ++ ++#NOTE: Validate Deployment info ++helm status aodh ++export OS_CLOUD=openstack_helm ++openstack service list +diff --git a/tools/deployment/multinode/250-ceilometer.sh b/tools/deployment/multinode/260-ceilometer.sh +similarity index 100% +rename from tools/deployment/multinode/250-ceilometer.sh +rename to tools/deployment/multinode/260-ceilometer.sh -- -1.8.3.1 +2.16.5 diff --git a/openstack-helm/files/0001-ceilometer-chart-updates.patch b/openstack-helm/files/0001-ceilometer-chart-updates.patch deleted file mode 100644 index 3d4b417c..00000000 --- a/openstack-helm/files/0001-ceilometer-chart-updates.patch +++ /dev/null @@ -1,2126 +0,0 @@ -From 56c73d9c0714f4fb5dd673dc84d4cd4579de2306 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Fri, 19 Oct 2018 14:46:27 -0400 -Subject: [PATCH 1/1] ceilometer chart updates - -This commit includes the following changes: -- add polling process with ipmi function -- run ceilometer-upgrade instead of the obsolete command ceilometer-dbsync -- set ceilometer cache server -- update event_definitions.yaml in values.yaml -- add missing defintion yaml files for meter (meters.yaml, polling.yaml) -- configure messaging_urls option to listen to each rabbitmq vhost -- add the ability to push events to panko - -We should try to upstream above changes. ---- - ceilometer/templates/bin/_ceilometer-ipmi.sh.tpl | 13 + - ceilometer/templates/bin/_db-sync.sh.tpl | 2 +- - ceilometer/templates/configmap-bin.yaml | 2 + - ceilometer/templates/configmap-etc.yaml | 6 + - ceilometer/templates/daemonset-compute.yaml | 4 + - ceilometer/templates/daemonset-ipmi.yaml | 113 ++ - ceilometer/templates/deployment-central.yaml | 4 + - ceilometer/templates/deployment-notification.yaml | 20 + - ceilometer/values.yaml | 1532 ++++++++++----------- - 9 files changed, 910 insertions(+), 786 deletions(-) - create mode 100644 ceilometer/templates/bin/_ceilometer-ipmi.sh.tpl - create mode 100644 ceilometer/templates/daemonset-ipmi.yaml - -diff --git a/ceilometer/templates/bin/_ceilometer-ipmi.sh.tpl b/ceilometer/templates/bin/_ceilometer-ipmi.sh.tpl -new file mode 100644 -index 0000000..ad280c3 ---- /dev/null -+++ b/ceilometer/templates/bin/_ceilometer-ipmi.sh.tpl -@@ -0,0 +1,13 @@ -+#!/bin/bash -+ -+{{/* -+Copyright (c) 2018 Wind River Systems, Inc. -+ -+SPDX-License-Identifier: Apache-2.0 -+*/}} -+ -+set -ex -+ -+exec ceilometer-polling \ -+ --polling-namespaces ipmi \ -+ --config-file /etc/ceilometer/ceilometer.conf -diff --git a/ceilometer/templates/bin/_db-sync.sh.tpl b/ceilometer/templates/bin/_db-sync.sh.tpl -index 02f6f5d..ba7c1d8 100644 ---- a/ceilometer/templates/bin/_db-sync.sh.tpl -+++ b/ceilometer/templates/bin/_db-sync.sh.tpl -@@ -18,4 +18,4 @@ limitations under the License. - - set -ex - --exec ceilometer-dbsync -+exec ceilometer-upgrade --skip-metering-database -diff --git a/ceilometer/templates/configmap-bin.yaml b/ceilometer/templates/configmap-bin.yaml -index 6c7d59a..558f24e 100644 ---- a/ceilometer/templates/configmap-bin.yaml -+++ b/ceilometer/templates/configmap-bin.yaml -@@ -53,6 +53,8 @@ data: - {{ tuple "bin/_ceilometer-collector.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - ceilometer-compute.sh: | - {{ tuple "bin/_ceilometer-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ ceilometer-ipmi.sh: | -+{{ tuple "bin/_ceilometer-ipmi.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - ceilometer-notification.sh: | - {{ tuple "bin/_ceilometer-notification.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - rabbit-init.sh: | -diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml -index 17ddb1b..c48a3b8 100644 ---- a/ceilometer/templates/configmap-etc.yaml -+++ b/ceilometer/templates/configmap-etc.yaml -@@ -32,6 +32,10 @@ limitations under the License. - {{- $_ := set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} - {{- end -}} - -+{{- if empty .Values.conf.ceilometer.cache.memcache_servers -}} -+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.cache "memcache_servers" -}} -+{{- end -}} -+ - {{- if empty .Values.conf.ceilometer.database.connection -}} - {{- $_ := tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" -}} - {{- end -}} -@@ -120,5 +124,7 @@ data: - pipeline.yaml: {{ toYaml .Values.conf.pipeline | b64enc }} - event_definitions.yaml: {{ toYaml .Values.conf.event_definitions | b64enc }} - gnocchi_resources.yaml: {{ toYaml .Values.conf.gnocchi_resources | b64enc }} -+ meters.yaml: {{ toYaml .Values.conf.meters | b64enc }} -+ polling.yaml: {{ toYaml .Values.conf.polling | b64enc }} - {{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_ceilometer "key" "wsgi-ceilometer.conf" "format" "Secret" ) | indent 2 }} - {{- end }} -diff --git a/ceilometer/templates/daemonset-compute.yaml b/ceilometer/templates/daemonset-compute.yaml -index 686572a..bff2e15 100644 ---- a/ceilometer/templates/daemonset-compute.yaml -+++ b/ceilometer/templates/daemonset-compute.yaml -@@ -91,6 +91,10 @@ spec: - mountPath: /etc/ceilometer/gnocchi_resources.yaml - subPath: gnocchi_resources.yaml - readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/polling.yaml -+ subPath: polling.yaml -+ readOnly: true - - name: ceilometer-bin - mountPath: /tmp/ceilometer-compute.sh - subPath: ceilometer-compute.sh -diff --git a/ceilometer/templates/daemonset-ipmi.yaml b/ceilometer/templates/daemonset-ipmi.yaml -new file mode 100644 -index 0000000..a41d60d ---- /dev/null -+++ b/ceilometer/templates/daemonset-ipmi.yaml -@@ -0,0 +1,113 @@ -+{{/* -+Copyright (c) 2018 Wind River Systems, Inc. -+ -+SPDX-License-Identifier: Apache-2.0 -+*/}} -+ -+{{- if .Values.manifests.daemonset_ipmi }} -+{{- $envAll := . }} -+ -+{{- $mounts_ceilometer_ipmi := .Values.pod.mounts.ceilometer_ipmi.ceilometer_ipmi }} -+{{- $mounts_ceilometer_ipmi_init := .Values.pod.mounts.ceilometer_ipmi.init_container }} -+ -+{{- $serviceAccountName := "ceilometer-ipmi" }} -+{{ tuple $envAll "ipmi" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: DaemonSet -+metadata: -+ name: ceilometer-ipmi -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "ceilometer" "ipmi" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ selector: -+ matchLabels: -+{{ tuple $envAll "ceilometer" "ipmi" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll "ipmi" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "ceilometer" "ipmi" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+ affinity: -+{{ tuple $envAll "ceilometer" "ipmi" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ hostNetwork: true -+ hostPID: true -+ dnsPolicy: ClusterFirstWithHostNet -+ nodeSelector: -+ {{ .Values.labels.ipmi.node_selector_key }}: {{ .Values.labels.ipmi.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "ipmi" $mounts_ceilometer_ipmi_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: ceilometer-ipmi -+{{ tuple $envAll "ceilometer_ipmi" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.ipmi | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ privileged: true -+ command: -+ - /tmp/ceilometer-ipmi.sh -+ volumeMounts: -+ - name: pod-etc-ceilometer -+ mountPath: /etc/ceilometer -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/ceilometer.conf -+ subPath: ceilometer.conf -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/api_paste.ini -+ subPath: api_paste.ini -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/event_definitions.yaml -+ subPath: event_definitions.yaml -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/event_pipeline.yaml -+ subPath: event_pipeline.yaml -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/pipeline.yaml -+ subPath: pipeline.yaml -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/gnocchi_resources.yaml -+ subPath: gnocchi_resources.yaml -+ readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/polling.yaml -+ subPath: polling.yaml -+ readOnly: true -+ - name: ceilometer-bin -+ mountPath: /tmp/ceilometer-ipmi.sh -+ subPath: ceilometer-ipmi.sh -+ readOnly: true -+ - name: ipmi-device -+ mountPath: {{ .Values.ipmi_device }} -+ readOnly: true -+{{ if $mounts_ceilometer_ipmi.volumeMounts }}{{ toYaml $mounts_ceilometer_ipmi.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: pod-etc-ceilometer -+ emptyDir: {} -+ - name: ceilometer-etc -+ secret: -+ secretName: ceilometer-etc -+ defaultMode: 0444 -+ - name: ceilometer-bin -+ configMap: -+ name: ceilometer-bin -+ defaultMode: 0555 -+ - name: ipmi-device -+ hostPath: -+ path: {{ .Values.ipmi_device }} -+{{ if $mounts_ceilometer_ipmi.volumes }}{{ toYaml $mounts_ceilometer_ipmi.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/ceilometer/templates/deployment-central.yaml b/ceilometer/templates/deployment-central.yaml -index b7a597b..7a6cd2b 100644 ---- a/ceilometer/templates/deployment-central.yaml -+++ b/ceilometer/templates/deployment-central.yaml -@@ -89,6 +89,10 @@ spec: - mountPath: /etc/ceilometer/gnocchi_resources.yaml - subPath: gnocchi_resources.yaml - readOnly: true -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/polling.yaml -+ subPath: polling.yaml -+ readOnly: true - - name: ceilometer-bin - mountPath: /tmp/ceilometer-central.sh - subPath: ceilometer-central.sh -diff --git a/ceilometer/templates/deployment-notification.yaml b/ceilometer/templates/deployment-notification.yaml -index 06fda3d..45d7ecb 100644 ---- a/ceilometer/templates/deployment-notification.yaml -+++ b/ceilometer/templates/deployment-notification.yaml -@@ -89,14 +89,30 @@ spec: - mountPath: /etc/ceilometer/gnocchi_resources.yaml - subPath: gnocchi_resources.yaml - readOnly: true -+ - name: etc-ceilometer-meters -+ mountPath: /etc/ceilometer/meters.d -+ - name: ceilometer-etc -+ mountPath: /etc/ceilometer/meters.d/meters.yaml -+ subPath: meters.yaml -+ readOnly: true - - name: ceilometer-bin - mountPath: /tmp/ceilometer-notification.sh - subPath: ceilometer-notification.sh - readOnly: true -+ - name: etcpanko -+ mountPath: /etc/panko -+ - name: panko-etc -+ mountPath: /etc/panko/panko.conf -+ subPath: panko.conf -+ readOnly: true - {{ if $mounts_ceilometer_notification.volumeMounts }}{{ toYaml $mounts_ceilometer_notification.volumeMounts | indent 12 }}{{ end }} - volumes: - - name: pod-etc-ceilometer - emptyDir: {} -+ - name: etc-ceilometer-meters -+ emptyDir: {} -+ - name: etcpanko -+ emptyDir: {} - - name: ceilometer-etc - secret: - secretName: ceilometer-etc -@@ -105,5 +121,9 @@ spec: - configMap: - name: ceilometer-bin - defaultMode: 0555 -+ - name: panko-etc -+ secret: -+ secretName: panko-etc -+ defaultMode: 0444 - {{ if $mounts_ceilometer_notification.volumes }}{{ toYaml $mounts_ceilometer_notification.volumes | indent 8 }}{{ end }} - {{- end }} -diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml -index 5021967..7947eb7 100644 ---- a/ceilometer/values.yaml -+++ b/ceilometer/values.yaml -@@ -29,6 +29,9 @@ labels: - central: - node_selector_key: openstack-control-plane - node_selector_value: enabled -+ ipmi: -+ node_selector_key: openstack-node -+ node_selector_value: enabled - collector: - node_selector_key: openstack-control-plane - node_selector_value: enabled -@@ -80,6 +83,8 @@ network: - enabled: false - port: 38777 - -+ipmi_device: /dev/ipmi0 -+ - conf: - ceilometer: - DEFAULT: -@@ -113,1041 +118,971 @@ conf: - auth_type: password - interface: internal - notification: -- messaging_urls: null -+ messaging_urls: -+ type: multistring -+ values: -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/ceilometer -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/cinder -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/glance -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/nova -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/keystone -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/neutron -+ - rabbit://rabbitmq:password@rabbitmq.openstack.svc.cluster.local:5672/heat - oslo_messaging_notifications: - driver: messagingv2 - topics: - - notifications - - profiler -+ cache: -+ enabled: true -+ backend: dogpile.cache.memcached - event_definitions: -- - event_type: compute.instance.* -- traits: -- deleted_at: -- fields: payload.deleted_at -- type: datetime -+ - event_type: 'compute.instance.*' -+ traits: &instance_traits -+ tenant_id: -+ fields: payload.tenant_id -+ user_id: -+ fields: payload.user_id -+ instance_id: -+ fields: payload.instance_id -+ resource_id: -+ fields: payload.instance_id -+ host: -+ fields: publisher_id.`split(., 1, 1)` -+ service: -+ fields: publisher_id.`split(., 0, -1)` -+ memory_mb: -+ type: int -+ fields: payload.memory_mb - disk_gb: -+ type: int - fields: payload.disk_gb -+ root_gb: - type: int -+ fields: payload.root_gb - ephemeral_gb: -+ type: int - fields: payload.ephemeral_gb -+ vcpus: - type: int -- host: -- fields: 'publisher_id.`split(., 1, 1)`' -- instance_id: -- fields: payload.instance_id -- instance_type: -- fields: payload.instance_type -+ fields: payload.vcpus - instance_type_id: -- fields: payload.instance_type_id -- type: int -- launched_at: -- fields: payload.launched_at -- type: datetime -- memory_mb: -- fields: payload.memory_mb - type: int -+ fields: payload.instance_type_id -+ instance_type: -+ fields: payload.instance_type -+ state: -+ fields: payload.state - os_architecture: - fields: payload.image_meta.'org.openstack__1__architecture' -- os_distro: -- fields: payload.image_meta.'org.openstack__1__os_distro' - os_version: - fields: payload.image_meta.'org.openstack__1__os_version' -- root_gb: -- fields: payload.root_gb -- type: int -- service: -- fields: 'publisher_id.`split(., 0, -1)`' -- state: -- fields: payload.state -- tenant_id: -- fields: payload.tenant_id -- user_id: -- fields: payload.user_id -- vcpus: -- fields: payload.vcpus -- type: int -+ os_distro: -+ fields: payload.image_meta.'org.openstack__1__os_distro' -+ launched_at: -+ type: datetime -+ fields: payload.launched_at -+ deleted_at: -+ type: datetime -+ fields: payload.deleted_at -+ - event_type: compute.instance.update -+ traits: -+ <<: *instance_traits -+ old_state: -+ fields: payload.old_state - - event_type: compute.instance.exists - traits: -+ <<: *instance_traits - audit_period_beginning: -- fields: payload.audit_period_beginning - type: datetime -+ fields: payload.audit_period_beginning - audit_period_ending: -- fields: payload.audit_period_ending -- type: datetime -- deleted_at: -- fields: payload.deleted_at -- type: datetime -- disk_gb: -- fields: payload.disk_gb -- type: int -- ephemeral_gb: -- fields: payload.ephemeral_gb -- type: int -- host: -- fields: 'publisher_id.`split(., 1, 1)`' -- instance_id: -- fields: payload.instance_id -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- type: int -- launched_at: -- fields: payload.launched_at - type: datetime -- memory_mb: -- fields: payload.memory_mb -- type: int -- os_architecture: -- fields: payload.image_meta.'org.openstack__1__architecture' -- os_distro: -- fields: payload.image_meta.'org.openstack__1__os_distro' -- os_version: -- fields: payload.image_meta.'org.openstack__1__os_version' -- root_gb: -- fields: payload.root_gb -- type: int -- service: -- fields: 'publisher_id.`split(., 0, -1)`' -- state: -- fields: payload.state -- tenant_id: -- fields: payload.tenant_id -+ fields: payload.audit_period_ending -+ - event_type: ['volume.exists', 'volume.create.*', 'volume.delete.*', 'volume.resize.*', 'volume.attach.*', 'volume.detach.*', 'volume.update.*', 'snapshot.exists', 'snapshot.create.*', 'snapshot.delete.*', 'snapshot.update.*'] -+ traits: &cinder_traits - user_id: - fields: payload.user_id -- vcpus: -- fields: payload.vcpus -- type: int -- - event_type: -- - volume.exists -- - volume.create.* -- - volume.delete.* -- - volume.resize.* -- - volume.attach.* -- - volume.detach.* -- - volume.update.* -- - snapshot.exists -- - snapshot.create.* -- - snapshot.delete.* -- - snapshot.update.* -- traits: -+ project_id: -+ fields: payload.tenant_id - availability_zone: - fields: payload.availability_zone -- created_at: -- fields: payload.created_at - display_name: - fields: payload.display_name -- project_id: -- fields: payload.tenant_id - replication_status: - fields: payload.replication_status - status: - fields: payload.status -- user_id: -- fields: payload.user_id -- - event_type: -- - volume.exists -- - volume.create.* -- - volume.delete.* -- - volume.resize.* -- - volume.attach.* -- - volume.detach.* -- - volume.update.* -- traits: -- availability_zone: -- fields: payload.availability_zone - created_at: - fields: payload.created_at -- display_name: -- fields: payload.display_name -- host: -- fields: payload.host -- project_id: -- fields: payload.tenant_id -- replication_status: -- fields: payload.replication_status -+ - event_type: ['volume.exists', 'volume.create.*', 'volume.delete.*', 'volume.resize.*', 'volume.attach.*', 'volume.detach.*', 'volume.update.*'] -+ traits: -+ <<: *cinder_traits - resource_id: - fields: payload.volume_id -+ host: -+ fields: payload.host - size: - fields: payload.size -- status: -- fields: payload.status - type: - fields: payload.volume_type -+ replication_status: -+ fields: payload.replication_status -+ - event_type: ['share.create.*', 'share.delete.*', 'share.extend.*', 'share.shrink.*'] -+ traits: &share_traits -+ share_id: -+ fields: payload.share_id - user_id: - fields: payload.user_id -- - event_type: -- - snapshot.exists -- - snapshot.create.* -- - snapshot.delete.* -- - snapshot.update.* -- traits: -+ project_id: -+ fields: payload.tenant_id -+ snapshot_id: -+ fields: payload.snapshot_id - availability_zone: - fields: payload.availability_zone -+ status: -+ fields: payload.status - created_at: - fields: payload.created_at -- display_name: -- fields: payload.display_name -- project_id: -- fields: payload.tenant_id -- replication_status: -- fields: payload.replication_status -+ share_group_id: -+ fields: payload.share_group_id -+ size: -+ fields: payload.size -+ name: -+ fields: payload.name -+ proto: -+ fields: payload.proto -+ is_public: -+ fields: payload.is_public -+ description: -+ fields: payload.description -+ host: -+ fields: payload.host -+ - event_type: ['snapshot.exists', 'snapshot.create.*', 'snapshot.delete.*', 'snapshot.update.*'] -+ traits: -+ <<: *cinder_traits - resource_id: - fields: payload.snapshot_id -- status: -- fields: payload.status -- user_id: -- fields: payload.user_id - volume_id: - fields: payload.volume_id -- - event_type: -- - image_volume_cache.* -+ - event_type: ['image_volume_cache.*'] - traits: -- host: -- fields: payload.host - image_id: - fields: payload.image_id -- - event_type: -- - image.create -- - image.update -- - image.upload -- - image.delete -- traits: -- created_at: -- fields: payload.created_at -- deleted_at: -- fields: payload.deleted_at -- name: -- fields: payload.name -+ host: -+ fields: payload.host -+ - event_type: ['image.create', 'image.update', 'image.upload', 'image.delete'] -+ traits: &glance_crud - project_id: - fields: payload.owner - resource_id: - fields: payload.id -- size: -- fields: payload.size -+ name: -+ fields: payload.name - status: - fields: payload.status -+ created_at: -+ fields: payload.created_at - user_id: - fields: payload.owner -+ deleted_at: -+ fields: payload.deleted_at -+ size: -+ fields: payload.size - - event_type: image.send -- traits: -- bytes_sent: -- fields: payload.bytes_sent -- type: int -- destination_ip: -- fields: payload.destination_ip -- image_id: -- fields: payload.image_id -+ traits: &glance_send - receiver_project: - fields: payload.receiver_tenant_id - receiver_user: - fields: payload.receiver_user_id - user_id: - fields: payload.owner_id -+ image_id: -+ fields: payload.image_id -+ destination_ip: -+ fields: payload.destination_ip -+ bytes_sent: -+ type: int -+ fields: payload.bytes_sent - - event_type: orchestration.stack.* -- traits: -+ traits: &orchestration_crud - project_id: - fields: payload.tenant_id -+ user_id: -+ fields: ['ctxt.trustor_user_id', 'ctxt.user_id'] - resource_id: - fields: payload.stack_identity -- user_id: -- fields: -- - _context_trustor_user_id -- - _context_user_id - - event_type: sahara.cluster.* -- traits: -+ traits: &sahara_crud - project_id: - fields: payload.project_id -+ user_id: -+ fields: ctxt.user_id - resource_id: - fields: payload.cluster_id -- user_id: -- fields: _context_user_id - - event_type: sahara.cluster.health -- traits: -- created_at: -- fields: payload.created_at -- type: datetime -- health_check_description: -- fields: payload.health_check_description -- health_check_name: -- fields: payload.health_check_name -+ traits: &sahara_health -+ <<: *sahara_crud -+ verification_id: -+ fields: payload.verification_id - health_check_status: - fields: payload.health_check_status -- project_id: -- fields: payload.project_id -- resource_id: -- fields: payload.cluster_id -+ health_check_name: -+ fields: payload.health_check_name -+ health_check_description: -+ fields: payload.health_check_description -+ created_at: -+ type: datetime -+ fields: payload.created_at - updated_at: -- fields: payload.updated_at - type: datetime -- user_id: -- fields: _context_user_id -- verification_id: -- fields: payload.verification_id -- - event_type: -- - identity.user.* -- - identity.project.* -- - identity.group.* -- - identity.role.* -- - 'identity.OS-TRUST:trust.*' -- - identity.region.* -- - identity.service.* -- - identity.endpoint.* -- - identity.policy.* -- traits: -- domain_id: -- fields: payload.initiator.domain_id -+ fields: payload.updated_at -+ - event_type: ['identity.user.*', 'identity.project.*', 'identity.group.*', 'identity.role.*', 'identity.OS-TRUST:trust.*', -+ 'identity.region.*', 'identity.service.*', 'identity.endpoint.*', 'identity.policy.*'] -+ traits: &identity_crud -+ resource_id: -+ fields: payload.resource_info - initiator_id: - fields: payload.initiator.id - project_id: - fields: payload.initiator.project_id -- resource_id: -- fields: payload.resource_info -+ domain_id: -+ fields: payload.initiator.domain_id - - event_type: identity.role_assignment.* -- traits: -- domain: -- fields: payload.domain -- group: -- fields: payload.group -- project: -- fields: payload.project -+ traits: &identity_role_assignment - role: - fields: payload.role -+ group: -+ fields: payload.group -+ domain: -+ fields: payload.domain - user: - fields: payload.user -+ project: -+ fields: payload.project - - event_type: identity.authenticate -- traits: -- action: -+ traits: &identity_authenticate -+ typeURI: -+ fields: payload.typeURI -+ id: -+ fields: payload.id -+ action: - fields: payload.action -- eventTime: -- fields: payload.eventTime - eventType: - fields: payload.eventType -- id: -- fields: payload.id -- initiator_host_addr: -- fields: payload.initiator.host.address -- initiator_host_agent: -- fields: payload.initiator.host.agent -+ eventTime: -+ fields: payload.eventTime -+ outcome: -+ fields: payload.outcome -+ initiator_typeURI: -+ fields: payload.initiator.typeURI - initiator_id: - fields: payload.initiator.id - initiator_name: - fields: payload.initiator.name -- initiator_typeURI: -- fields: payload.initiator.typeURI -- observer_id: -- fields: payload.observer.id -- observer_typeURI: -- fields: payload.observer.typeURI -- outcome: -- fields: payload.outcome -- target_id: -- fields: payload.target.id -+ initiator_host_agent: -+ fields: payload.initiator.host.agent -+ initiator_host_addr: -+ fields: payload.initiator.host.address - target_typeURI: - fields: payload.target.typeURI -+ target_id: -+ fields: payload.target.id -+ observer_typeURI: -+ fields: payload.observer.typeURI -+ observer_id: -+ fields: payload.observer.id -+ - event_type: objectstore.http.request -+ traits: &objectstore_request - typeURI: - fields: payload.typeURI -- - event_type: objectstore.http.request -- traits: -+ id: -+ fields: payload.id - action: - fields: payload.action -- eventTime: -- fields: payload.eventTime - eventType: - fields: payload.eventType -- id: -- fields: payload.id -+ eventTime: -+ fields: payload.eventTime -+ outcome: -+ fields: payload.outcome -+ initiator_typeURI: -+ fields: payload.initiator.typeURI - initiator_id: - fields: payload.initiator.id - initiator_project_id: - fields: payload.initiator.project_id -- initiator_typeURI: -- fields: payload.initiator.typeURI -- observer_id: -- fields: payload.observer.id -- outcome: -- fields: payload.outcome -- target_action: -- fields: payload.target.action -+ target_typeURI: -+ fields: payload.target.typeURI - target_id: - fields: payload.target.id -- target_metadata_container: -- fields: payload.target.metadata.container -- target_metadata_object: -- fields: payload.target.metadata.object -+ target_action: -+ fields: payload.target.action - target_metadata_path: - fields: payload.target.metadata.path - target_metadata_version: - fields: payload.target.metadata.version -- target_typeURI: -- fields: payload.target.typeURI -- typeURI: -- fields: payload.typeURI -- - event_type: -- - network.* -- - subnet.* -- - port.* -- - router.* -- - floatingip.* -- - pool.* -- - vip.* -- - member.* -- - health_monitor.* -- - healthmonitor.* -- - listener.* -- - loadbalancer.* -- - firewall.* -- - firewall_policy.* -- - firewall_rule.* -- - vpnservice.* -- - ipsecpolicy.* -- - ikepolicy.* -- - ipsec_site_connection.* -- traits: -- project_id: -- fields: _context_tenant_id -+ target_metadata_container: -+ fields: payload.target.metadata.container -+ target_metadata_object: -+ fields: payload.target.metadata.object -+ observer_id: -+ fields: payload.observer.id -+ - event_type: ['network.*', 'subnet.*', 'port.*', 'router.*', 'floatingip.*', 'pool.*', 'vip.*', 'member.*', 'health_monitor.*', 'healthmonitor.*', 'listener.*', 'loadbalancer.*', 'firewall.*', 'firewall_policy.*', 'firewall_rule.*', 'vpnservice.*', 'ipsecpolicy.*', 'ikepolicy.*', 'ipsec_site_connection.*'] -+ traits: &network_traits - user_id: -- fields: _context_user_id -+ fields: ctxt.user_id -+ project_id: -+ fields: ctxt.tenant_id - - event_type: network.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.network.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.network.id', 'payload.id'] - - event_type: subnet.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.subnet.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.subnet.id', 'payload.id'] - - event_type: port.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.port.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.port.id', 'payload.id'] - - event_type: router.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.router.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.router.id', 'payload.id'] - - event_type: floatingip.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.floatingip.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.floatingip.id', 'payload.id'] - - event_type: pool.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.pool.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.pool.id', 'payload.id'] - - event_type: vip.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.vip.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.vip.id', 'payload.id'] - - event_type: member.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.member.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.member.id', 'payload.id'] - - event_type: health_monitor.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.health_monitor.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.health_monitor.id', 'payload.id'] - - event_type: healthmonitor.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.healthmonitor.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.healthmonitor.id', 'payload.id'] - - event_type: listener.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.listener.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.listener.id', 'payload.id'] - - event_type: loadbalancer.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.loadbalancer.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.loadbalancer.id', 'payload.id'] - - event_type: firewall.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.firewall.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.firewall.id', 'payload.id'] - - event_type: firewall_policy.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.firewall_policy.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.firewall_policy.id', 'payload.id'] - - event_type: firewall_rule.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.firewall_rule.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.firewall_rule.id', 'payload.id'] - - event_type: vpnservice.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.vpnservice.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.vpnservice.id', 'payload.id'] - - event_type: ipsecpolicy.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.ipsecpolicy.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.ipsecpolicy.id', 'payload.id'] - - event_type: ikepolicy.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.ikepolicy.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.ikepolicy.id', 'payload.id'] - - event_type: ipsec_site_connection.* - traits: -- project_id: -- fields: _context_tenant_id -+ <<: *network_traits - resource_id: -- fields: -- - payload.ipsec_site_connection.id -- - payload.id -- user_id: -- fields: _context_user_id -+ fields: ['payload.ipsec_site_connection.id', 'payload.id'] - - event_type: '*http.*' -- traits: -- action: -- fields: payload.action -- eventTime: -- fields: payload.eventTime -- eventType: -- fields: payload.eventType -- id: -- fields: payload.id -- initiator_host_address: -- fields: payload.initiator.host.address -- initiator_id: -- fields: payload.initiator.id -- initiator_name: -- fields: payload.initiator.name -- initiator_typeURI: -- fields: payload.initiator.typeURI -- observer_id: -- fields: payload.observer.id -- outcome: -- fields: payload.outcome -+ traits: &http_audit - project_id: - fields: payload.initiator.project_id -- requestPath: -- fields: payload.requestPath -- target_id: -- fields: payload.target.id -- target_name: -- fields: payload.target.name -- target_typeURI: -- fields: payload.target.typeURI -- typeURI: -- fields: payload.typeURI - user_id: - fields: payload.initiator.id -- - event_type: '*http.response' -- traits: -- action: -- fields: payload.action -- eventTime: -- fields: payload.eventTime -+ typeURI: -+ fields: payload.typeURI - eventType: - fields: payload.eventType -- id: -- fields: payload.id -- initiator_host_address: -- fields: payload.initiator.host.address -- initiator_id: -- fields: payload.initiator.id -- initiator_name: -- fields: payload.initiator.name -- initiator_typeURI: -- fields: payload.initiator.typeURI -- observer_id: -- fields: payload.observer.id -+ action: -+ fields: payload.action - outcome: - fields: payload.outcome -- project_id: -- fields: payload.initiator.project_id -- reason_code: -- fields: payload.reason.reasonCode -+ id: -+ fields: payload.id -+ eventTime: -+ fields: payload.eventTime - requestPath: - fields: payload.requestPath -+ observer_id: -+ fields: payload.observer.id - target_id: - fields: payload.target.id -- target_name: -- fields: payload.target.name - target_typeURI: - fields: payload.target.typeURI -- typeURI: -- fields: payload.typeURI -- user_id: -+ target_name: -+ fields: payload.target.name -+ initiator_typeURI: -+ fields: payload.initiator.typeURI -+ initiator_id: - fields: payload.initiator.id -- - event_type: -- - dns.domain.create -- - dns.domain.update -- - dns.domain.delete -+ initiator_name: -+ fields: payload.initiator.name -+ initiator_host_address: -+ fields: payload.initiator.host.address -+ - event_type: '*http.response' - traits: -- action: -- fields: payload.action -- created_at: -- fields: payload.created_at -- description: -- fields: payload.description -- email: -- fields: payload.email -- expire: -- fields: payload.expire -- name: -- fields: payload.name -- parent_domain_id: -- fields: parent_domain_id -- resource_id: -- fields: payload.id -- retry: -- fields: payload.retry -- serial: -- fields: payload.serial -+ <<: *http_audit -+ reason_code: -+ fields: payload.reason.reasonCode -+ - event_type: ['dns.domain.create', 'dns.domain.update', 'dns.domain.delete'] -+ traits: &dns_domain_traits - status: - fields: payload.status -- ttl: -- fields: payload.ttl -- updated_at: -- fields: payload.updated_at -- version: -- fields: payload.version -- - event_type: dns.domain.exists -- traits: -- action: -- fields: payload.action -- audit_period_beginning: -- fields: payload.audit_period_beginning -- type: datetime -- audit_period_ending: -- fields: payload.audit_period_ending -- type: datetime -- created_at: -- fields: payload.created_at -+ retry: -+ fields: payload.retry - description: - fields: payload.description -- email: -- fields: payload.email - expire: - fields: payload.expire -- name: -- fields: payload.name -- parent_domain_id: -- fields: parent_domain_id -- resource_id: -- fields: payload.id -- retry: -- fields: payload.retry -- serial: -- fields: payload.serial -- status: -- fields: payload.status -- ttl: -- fields: payload.ttl -- updated_at: -- fields: payload.updated_at -- version: -- fields: payload.version -- - event_type: trove.* -- traits: -- created_at: -- fields: payload.created_at -- type: datetime -- instance_name: -- fields: payload.instance_name -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- launched_at: -- fields: payload.launched_at -- type: datetime -- nova_instance_id: -- fields: payload.nova_instance_id -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id -- service_id: -- fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -- - event_type: -- - trove.instance.create -- - trove.instance.modify_volume -- - trove.instance.modify_flavor -- - trove.instance.delete -- traits: -- availability_zone: -- fields: payload.availability_zone -- instance_size: -- fields: payload.instance_size -- type: int -- name: -- fields: payload.name -- nova_volume_id: -- fields: payload.nova_volume_id -- volume_size: -- fields: payload.volume_size -- type: int -- - event_type: trove.instance.create -- traits: -- availability_zone: -- fields: payload.availability_zone -- created_at: -- fields: payload.created_at -- type: datetime -- instance_name: -- fields: payload.instance_name -- instance_size: -- fields: payload.instance_size -- type: int -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- launched_at: -- fields: payload.launched_at -- type: datetime -- name: -- fields: payload.name -- nova_instance_id: -- fields: payload.nova_instance_id -- nova_volume_id: -- fields: payload.nova_volume_id -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id -- service_id: -- fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -- volume_size: -- fields: payload.volume_size -- type: int -- - event_type: trove.instance.modify_volume -- traits: -- availability_zone: -- fields: payload.availability_zone -- created_at: -- fields: payload.created_at -- type: datetime -- instance_name: -- fields: payload.instance_name -- instance_size: -- fields: payload.instance_size -- type: int -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- launched_at: -- fields: payload.launched_at -- type: datetime -- modify_at: -- fields: payload.modify_at -- type: datetime -- name: -- fields: payload.name -- nova_instance_id: -- fields: payload.nova_instance_id -- nova_volume_id: -- fields: payload.nova_volume_id -- old_volume_size: -- fields: payload.old_volume_size -- type: int -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id -- service_id: -- fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -- volume_size: -- fields: payload.volume_size -- type: int -- - event_type: trove.instance.modify_flavor -- traits: -- availability_zone: -- fields: payload.availability_zone -+ email: -+ fields: payload.email -+ ttl: -+ fields: payload.ttl -+ action: -+ fields: payload.action -+ name: -+ fields: payload.name -+ resource_id: -+ fields: payload.id - created_at: - fields: payload.created_at -+ updated_at: -+ fields: payload.updated_at -+ version: -+ fields: payload.version -+ parent_domain_id: -+ fields: parent_domain_id -+ serial: -+ fields: payload.serial -+ - event_type: dns.domain.exists -+ traits: -+ <<: *dns_domain_traits -+ audit_period_beginning: - type: datetime -- instance_name: -- fields: payload.instance_name -- instance_size: -- fields: payload.instance_size -- type: int -+ fields: payload.audit_period_beginning -+ audit_period_ending: -+ type: datetime -+ fields: payload.audit_period_ending -+ - event_type: trove.* -+ traits: &trove_base_traits -+ state: -+ fields: payload.state_description - instance_type: - fields: payload.instance_type -+ user_id: -+ fields: payload.user_id -+ resource_id: -+ fields: payload.instance_id - instance_type_id: - fields: payload.instance_type_id - launched_at: -- fields: payload.launched_at -- type: datetime -- modify_at: -- fields: payload.modify_at - type: datetime -- name: -- fields: payload.name -+ fields: payload.launched_at -+ instance_name: -+ fields: payload.instance_name -+ state: -+ fields: payload.state - nova_instance_id: - fields: payload.nova_instance_id -- nova_volume_id: -- fields: payload.nova_volume_id -- old_instance_size: -- fields: payload.old_instance_size -- type: int -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id - service_id: - fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -- volume_size: -- fields: payload.volume_size -- type: int -- - event_type: trove.instance.delete -- traits: -- availability_zone: -- fields: payload.availability_zone - created_at: -- fields: payload.created_at -- type: datetime -- deleted_at: -- fields: payload.deleted_at - type: datetime -- instance_name: -- fields: payload.instance_name -+ fields: payload.created_at -+ region: -+ fields: payload.region -+ - event_type: ['trove.instance.create', 'trove.instance.modify_volume', 'trove.instance.modify_flavor', 'trove.instance.delete'] -+ traits: &trove_common_traits -+ name: -+ fields: payload.name -+ availability_zone: -+ fields: payload.availability_zone - instance_size: -+ type: int - fields: payload.instance_size -+ volume_size: - type: int -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- launched_at: -- fields: payload.launched_at -- type: datetime -- name: -- fields: payload.name -- nova_instance_id: -- fields: payload.nova_instance_id -+ fields: payload.volume_size - nova_volume_id: - fields: payload.nova_volume_id -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id -- service_id: -- fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -- volume_size: -- fields: payload.volume_size -- type: int -- - event_type: trove.instance.exists -+ - event_type: trove.instance.create - traits: -- audit_period_beginning: -- fields: payload.audit_period_beginning -+ <<: [*trove_base_traits, *trove_common_traits] -+ - event_type: trove.instance.modify_volume -+ traits: -+ <<: [*trove_base_traits, *trove_common_traits] -+ old_volume_size: -+ type: int -+ fields: payload.old_volume_size -+ modify_at: - type: datetime -- audit_period_ending: -- fields: payload.audit_period_ending -+ fields: payload.modify_at -+ - event_type: trove.instance.modify_flavor -+ traits: -+ <<: [*trove_base_traits, *trove_common_traits] -+ old_instance_size: -+ type: int -+ fields: payload.old_instance_size -+ modify_at: - type: datetime -- created_at: -- fields: payload.created_at -+ fields: payload.modify_at -+ - event_type: trove.instance.delete -+ traits: -+ <<: [*trove_base_traits, *trove_common_traits] -+ deleted_at: - type: datetime -+ fields: payload.deleted_at -+ - event_type: trove.instance.exists -+ traits: -+ <<: *trove_base_traits - display_name: - fields: payload.display_name -- instance_name: -- fields: payload.instance_name -- instance_type: -- fields: payload.instance_type -- instance_type_id: -- fields: payload.instance_type_id -- launched_at: -- fields: payload.launched_at -+ audit_period_beginning: - type: datetime -- nova_instance_id: -- fields: payload.nova_instance_id -- region: -- fields: payload.region -- resource_id: -- fields: payload.instance_id -- service_id: -- fields: payload.service_id -- state: -- fields: payload.state -- user_id: -- fields: payload.user_id -+ fields: payload.audit_period_beginning -+ audit_period_ending: -+ type: datetime -+ fields: payload.audit_period_ending - - event_type: profiler.* - traits: -- base_id: -- fields: payload.base_id -- db.params: -- fields: payload.info.db.params -- db.statement: -- fields: payload.info.db.statement -- host: -- fields: payload.info.host -- method: -- fields: payload.info.request.method -+ project: -+ fields: payload.project -+ service: -+ fields: payload.service - name: - fields: payload.name -+ base_id: -+ fields: payload.base_id -+ trace_id: -+ fields: payload.trace_id - parent_id: - fields: payload.parent_id -+ timestamp: -+ fields: payload.timestamp -+ host: -+ fields: payload.info.host - path: - fields: payload.info.request.path -- project: -- fields: payload.project - query: - fields: payload.info.request.query -+ method: -+ fields: payload.info.request.method - scheme: - fields: payload.info.request.scheme -- service: -- fields: payload.service -- timestamp: -- fields: payload.timestamp -- trace_id: -- fields: payload.trace_id -- - event_type: magnum.bay.* -- traits: -- action: -- fields: payload.action -- eventTime: -- fields: payload.eventTime -- eventType: -- fields: payload.eventType -+ db.statement: -+ fields: payload.info.db.statement -+ db.params: -+ fields: payload.info.db.params -+ - event_type: 'magnum.bay.*' -+ traits: &magnum_bay_crud - id: - fields: payload.id -- initiator_host_address: -- fields: payload.initiator.host.address -- initiator_host_agent: -- fields: payload.initiator.host.agent -+ typeURI: -+ fields: payload.typeURI -+ eventType: -+ fields: payload.eventType -+ eventTime: -+ fields: payload.eventTime -+ action: -+ fields: payload.action -+ outcome: -+ fields: payload.outcome - initiator_id: - fields: payload.initiator.id -- initiator_name: -- fields: payload.initiator.name - initiator_typeURI: - fields: payload.initiator.typeURI -- observer_id: -- fields: payload.observer.id -- observer_typeURI: -- fields: payload.observer.typeURI -- outcome: -- fields: payload.outcome -+ initiator_name: -+ fields: payload.initiator.name -+ initiator_host_agent: -+ fields: payload.initiator.host.agent -+ initiator_host_address: -+ fields: payload.initiator.host.address - target_id: - fields: payload.target.id - target_typeURI: - fields: payload.target.typeURI -- typeURI: -- fields: payload.typeURI -+ observer_id: -+ fields: payload.observer.id -+ observer_typeURI: -+ fields: payload.observer.typeURI -+ meters: -+ metric: -+ # Image -+ - name: "image.size" -+ event_type: -+ - "image.upload" -+ - "image.delete" -+ - "image.update" -+ type: "gauge" -+ unit: B -+ volume: $.payload.size -+ resource_id: $.payload.id -+ project_id: $.payload.owner -+ - name: "image.download" -+ event_type: "image.send" -+ type: "delta" -+ unit: "B" -+ volume: $.payload.bytes_sent -+ resource_id: $.payload.image_id -+ user_id: $.payload.receiver_user_id -+ project_id: $.payload.receiver_tenant_id -+ - name: "image.serve" -+ event_type: "image.send" -+ type: "delta" -+ unit: "B" -+ volume: $.payload.bytes_sent -+ resource_id: $.payload.image_id -+ project_id: $.payload.owner_id -+ - name: 'volume.size' -+ event_type: -+ - 'volume.exists' -+ - 'volume.create.*' -+ - 'volume.delete.*' -+ - 'volume.resize.*' -+ - 'volume.attach.*' -+ - 'volume.detach.*' -+ - 'volume.update.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.size -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.volume_id -+ metadata: -+ display_name: $.payload.display_name -+ volume_type: $.payload.volume_type -+ - name: 'snapshot.size' -+ event_type: -+ - 'snapshot.exists' -+ - 'snapshot.create.*' -+ - 'snapshot.delete.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.volume_size -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.snapshot_id -+ metadata: -+ display_name: $.payload.display_name -+ - name: 'backup.size' -+ event_type: -+ - 'backup.exists' -+ - 'backup.create.*' -+ - 'backup.delete.*' -+ - 'backup.restore.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.size -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.backup_id -+ metadata: -+ display_name: $.payload.display_name -+ # Magnum -+ - name: $.payload.metrics.[*].name -+ event_type: 'magnum.bay.metrics.*' -+ type: 'gauge' -+ unit: $.payload.metrics.[*].unit -+ volume: $.payload.metrics.[*].value -+ user_id: $.payload.user_id -+ project_id: $.payload.project_id -+ resource_id: $.payload.resource_id -+ lookup: ['name', 'unit', 'volume'] -+ # Swift -+ - name: $.payload.measurements.[*].metric.[*].name -+ event_type: 'objectstore.http.request' -+ type: 'delta' -+ unit: $.payload.measurements.[*].metric.[*].unit -+ volume: $.payload.measurements.[*].result -+ resource_id: $.payload.target.id -+ user_id: $.payload.initiator.id -+ project_id: $.payload.initiator.project_id -+ lookup: ['name', 'unit', 'volume'] -+ - name: 'memory' -+ event_type: 'compute.instance.*' -+ type: 'gauge' -+ unit: 'MB' -+ volume: $.payload.memory_mb -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_metadata: $.payload.metadata -+ metadata: &instance_meta -+ host: $.payload.host -+ flavor_id: $.payload.instance_flavor_id -+ flavor_name: $.payload.instance_type -+ display_name: $.payload.display_name -+ host: $.payload.host -+ image_ref: $.payload.image_meta.base_image_ref -+ - name: 'vcpus' -+ event_type: 'compute.instance.*' -+ type: 'gauge' -+ unit: 'vcpu' -+ volume: $.payload.vcpus -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_metadata: $.payload.metadata -+ metadata: -+ <<: *instance_meta -+ - name: 'compute.instance.booting.time' -+ event_type: 'compute.instance.create.end' -+ type: 'gauge' -+ unit: 'sec' -+ volume: -+ fields: [$.payload.created_at, $.payload.launched_at] -+ plugin: 'timedelta' -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_metadata: $.payload.metadata -+ metadata: -+ <<: *instance_meta -+ - name: 'disk.root.size' -+ event_type: 'compute.instance.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.root_gb -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_metadata: $.payload.metadata -+ metadata: -+ <<: *instance_meta -+ - name: 'disk.ephemeral.size' -+ event_type: 'compute.instance.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.ephemeral_gb -+ user_id: $.payload.user_id -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_metadata: $.payload.metadata -+ metadata: -+ <<: *instance_meta -+ - name: 'bandwidth' -+ event_type: 'l3.meter' -+ type: 'delta' -+ unit: 'B' -+ volume: $.payload.bytes -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.label_id -+ - name: 'compute.node.cpu.frequency' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'MHz' -+ volume: $.payload.metrics[?(@.name='cpu.frequency')].value -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.frequency')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.frequency')].source -+ - name: 'compute.node.cpu.user.time' -+ event_type: 'compute.metrics.update' -+ type: 'cumulative' -+ unit: 'ns' -+ volume: $.payload.metrics[?(@.name='cpu.user.time')].value -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.user.time')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.user.time')].source -+ - name: 'compute.node.cpu.kernel.time' -+ event_type: 'compute.metrics.update' -+ type: 'cumulative' -+ unit: 'ns' -+ volume: $.payload.metrics[?(@.name='cpu.kernel.time')].value -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.kernel.time')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.kernel.time')].source -+ - name: 'compute.node.cpu.idle.time' -+ event_type: 'compute.metrics.update' -+ type: 'cumulative' -+ unit: 'ns' -+ volume: $.payload.metrics[?(@.name='cpu.idle.time')].value -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.idle.time')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.idle.time')].source -+ - name: 'compute.node.cpu.iowait.time' -+ event_type: 'compute.metrics.update' -+ type: 'cumulative' -+ unit: 'ns' -+ volume: $.payload.metrics[?(@.name='cpu.iowait.time')].value -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.iowait.time')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.iowait.time')].source -+ - name: 'compute.node.cpu.kernel.percent' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'percent' -+ volume: $.payload.metrics[?(@.name='cpu.kernel.percent')].value * 100 -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.kernel.percent')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.kernel.percent')].source -+ - name: 'compute.node.cpu.idle.percent' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'percent' -+ volume: $.payload.metrics[?(@.name='cpu.idle.percent')].value * 100 -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.idle.percent')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.idle.percent')].source -+ - name: 'compute.node.cpu.user.percent' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'percent' -+ volume: $.payload.metrics[?(@.name='cpu.user.percent')].value * 100 -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.user.percent')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.user.percent')].source -+ - name: 'compute.node.cpu.iowait.percent' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'percent' -+ volume: $.payload.metrics[?(@.name='cpu.iowait.percent')].value * 100 -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.iowait.percent')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.iowait.percent')].source -+ - name: 'compute.node.cpu.percent' -+ event_type: 'compute.metrics.update' -+ type: 'gauge' -+ unit: 'percent' -+ volume: $.payload.metrics[?(@.name='cpu.percent')].value * 100 -+ resource_id: $.payload.host + "_" + $.payload.nodename -+ timestamp: $.payload.metrics[?(@.name='cpu.percent')].timestamp -+ metadata: -+ event_type: $.event_type -+ host: $.publisher_id -+ source: $.payload.metrics[?(@.name='cpu.percent')].source -+ # Identity -+ # NOTE(gordc): hack because jsonpath-rw-ext can't concat starting with string. -+ - name: $.payload.outcome - $.payload.outcome + 'identity.authenticate.' + $.payload.outcome -+ type: 'delta' -+ unit: 'user' -+ volume: 1 -+ event_type: -+ - 'identity.authenticate' -+ resource_id: $.payload.initiator.id -+ user_id: $.payload.initiator.id -+ # DNS -+ - name: 'dns.domain.exists' -+ event_type: 'dns.domain.exists' -+ type: 'cumulative' -+ unit: 's' -+ volume: -+ fields: [$.payload.audit_period_beginning, $.payload.audit_period_ending] -+ plugin: 'timedelta' -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.id -+ user_id: $.ctxt.user -+ metadata: -+ status: $.payload.status -+ pool_id: $.payload.pool_id -+ host: $.publisher_id -+ # Trove -+ - name: 'trove.instance.exists' -+ event_type: 'trove.instance.exists' -+ type: 'cumulative' -+ unit: 's' -+ volume: -+ fields: [$.payload.audit_period_beginning, $.payload.audit_period_ending] -+ plugin: 'timedelta' -+ project_id: $.payload.tenant_id -+ resource_id: $.payload.instance_id -+ user_id: $.payload.user_id -+ metadata: -+ nova_instance_id: $.payload.nova_instance_id -+ state: $.payload.state -+ service_id: $.payload.service_id -+ instance_type: $.payload.instance_type -+ instance_type_id: $.payload.instance_type_id -+ # Manila -+ - name: 'manila.share.size' -+ event_type: -+ - 'share.create.*' -+ - 'share.delete.*' -+ - 'share.extend.*' -+ - 'share.shrink.*' -+ type: 'gauge' -+ unit: 'GB' -+ volume: $.payload.size -+ user_id: $.payload.user_id -+ project_id: $.payload.project_id -+ resource_id: $.payload.share_id -+ metadata: -+ name: $.payload.name -+ host: $.payload.host -+ status: $.payload.status -+ availability_zone: $.payload.availability_zone -+ protocol: $.payload.proto - event_pipeline: - sinks: - - name: event_sink -@@ -1620,6 +1555,22 @@ dependencies: - service: mongodb - - endpoint: internal - service: metric -+ ipmi: -+ jobs: -+ - ceilometer-db-init-mongodb -+ - ceilometer-db-sync -+ - ceilometer-rabbit-init -+ - ceilometer-ks-user -+ - ceilometer-ks-endpoints -+ services: -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: mongodb -+ - endpoint: internal -+ service: metric - collector: - jobs: - - ceilometer-db-init-mongodb -@@ -1928,6 +1879,9 @@ pod: - ceilometer_central: - init_container: null - ceilometer_central: -+ ceilometer_ipmi: -+ init_container: null -+ ceilometer_ipmi: - ceilometer_collector: - init_container: null - ceilometer_collector: -@@ -1996,6 +1950,13 @@ pod: - limits: - memory: "1024Mi" - cpu: "2000m" -+ ipmi: -+ requests: -+ memory: "124Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" - jobs: - db_init: - requests: -@@ -2073,6 +2034,7 @@ manifests: - deployment_central: true - deployment_collector: true - daemonset_compute: true -+ daemonset_ipmi: true - deployment_notification: true - ingress_api: true - job_bootstrap: true --- -1.8.3.1 - diff --git a/openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch b/openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch new file mode 100644 index 00000000..6f28f091 --- /dev/null +++ b/openstack-helm/files/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch @@ -0,0 +1,93 @@ +From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001 +From: Angie Wang +Date: Wed, 6 Mar 2019 18:06:06 -0500 +Subject: [PATCH 02/10] Ceilometer chart: add the ability to publish events to + panko + +Ceilometer notification agent sends the events to panko via panko +dispatcher/publisher which requires the db connection information +in /etc/panko/panko.conf. +This commit updates to mount the configuration file for panko in +ceilometer notification pod. + +Change-Id: I4ca524ed7462f945a245e9dbe1d69493dbc4211d +Story: 2005019 +Task: 29498 +Depends-On: https://review.openstack.org/#/c/641144/ +Signed-off-by: Angie Wang +(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656) +Signed-off-by: Robert Church +--- + ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml +index e6ae7e3a..9deade59 100644 +--- a/ceilometer/values.yaml ++++ b/ceilometer/values.yaml +@@ -728,6 +728,11 @@ conf: + - name: event_sink + publishers: + - notifier:// ++ # The following publisher will enable to publish events to panko. ++ # Ocata: ++ # - direct://?dispatcher=panko ++ # Pike: ++ # - panko:// + transformers: null + sources: + - events: +@@ -1618,6 +1623,8 @@ dependencies: + service: mongodb + - endpoint: internal + service: metric ++ - endpoint: internal ++ service: event + tests: + services: + - endpoint: internal +@@ -1739,6 +1746,21 @@ endpoints: + api: + default: 8041 + public: 80 ++ event: ++ name: panko ++ hosts: ++ default: panko-api ++ public: panko ++ host_fqdn_override: ++ default: null ++ path: ++ default: null ++ scheme: ++ default: 'http' ++ port: ++ api: ++ default: 8977 ++ public: 80 + alarming: + name: aodh + hosts: +@@ -1865,7 +1887,19 @@ pod: + init_container: null + ceilometer_notification: + volumeMounts: ++ - name: etcpanko ++ mountPath: /etc/panko ++ - name: panko-etc ++ mountPath: /etc/panko/panko.conf ++ subPath: panko.conf ++ readOnly: true + volumes: ++ - name: etcpanko ++ emptyDir: {} ++ - name: panko-etc ++ secret: ++ secretName: panko-etc ++ defaultMode: 0444 + replicas: + api: 1 + central: 1 +-- +2.16.5 + diff --git a/openstack-helm/files/0003-Add-Panko-Chart.patch b/openstack-helm/files/0003-Add-Panko-Chart.patch deleted file mode 100644 index c789dc80..00000000 --- a/openstack-helm/files/0003-Add-Panko-Chart.patch +++ /dev/null @@ -1,1693 +0,0 @@ -From 8b9997083fed316cc5be1316868c2e58a9ba5197 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Wed, 14 Nov 2018 11:58:17 -0500 -Subject: [PATCH 1/1] Add Panko Chart - -This commit adds a helm chart to deploy Panko. - -Panko chart is created based on the upstream unfinished one: -https://review.openstack.org/#/c/469180/ ---- - panko/Chart.yaml | 24 + - panko/requirements.yaml | 18 + - panko/templates/bin/_bootstrap.sh.tpl | 20 + - panko/templates/bin/_db-sync.sh.tpl | 21 + - panko/templates/bin/_panko-api.sh.tpl | 40 ++ - panko/templates/bin/_panko-events-cleaner.sh.tpl | 21 + - panko/templates/bin/_panko-test.sh.tpl | 29 ++ - panko/templates/configmap-bin.yaml | 51 +++ - panko/templates/configmap-etc.yaml | 88 ++++ - panko/templates/cron-job-events-cleaner.yaml | 84 ++++ - panko/templates/deployment-api.yaml | 121 +++++ - panko/templates/ingress-api.yaml | 20 + - panko/templates/job-bootstrap.yaml | 20 + - panko/templates/job-db-drop.yaml | 20 + - panko/templates/job-db-init.yaml | 20 + - panko/templates/job-db-sync.yaml | 20 + - panko/templates/job-image-repo-sync.yaml | 20 + - panko/templates/job-ks-endpoints.yaml | 20 + - panko/templates/job-ks-service.yaml | 20 + - panko/templates/job-ks-user.yaml | 20 + - panko/templates/pdb-api.yaml | 29 ++ - panko/templates/pod-panko-test.yaml | 72 +++ - panko/templates/secret-db.yaml | 30 ++ - panko/templates/secret-keystone.yaml | 30 ++ - panko/templates/service-api.yaml | 39 ++ - panko/templates/service-ingress-api.yaml | 20 + - panko/values.yaml | 535 +++++++++++++++++++++++ - 27 files changed, 1452 insertions(+) - create mode 100755 panko/Chart.yaml - create mode 100755 panko/requirements.yaml - create mode 100755 panko/templates/bin/_bootstrap.sh.tpl - create mode 100755 panko/templates/bin/_db-sync.sh.tpl - create mode 100755 panko/templates/bin/_panko-api.sh.tpl - create mode 100755 panko/templates/bin/_panko-events-cleaner.sh.tpl - create mode 100755 panko/templates/bin/_panko-test.sh.tpl - create mode 100755 panko/templates/configmap-bin.yaml - create mode 100755 panko/templates/configmap-etc.yaml - create mode 100755 panko/templates/cron-job-events-cleaner.yaml - create mode 100755 panko/templates/deployment-api.yaml - create mode 100755 panko/templates/ingress-api.yaml - create mode 100755 panko/templates/job-bootstrap.yaml - create mode 100755 panko/templates/job-db-drop.yaml - create mode 100755 panko/templates/job-db-init.yaml - create mode 100755 panko/templates/job-db-sync.yaml - create mode 100755 panko/templates/job-image-repo-sync.yaml - create mode 100755 panko/templates/job-ks-endpoints.yaml - create mode 100755 panko/templates/job-ks-service.yaml - create mode 100755 panko/templates/job-ks-user.yaml - create mode 100755 panko/templates/pdb-api.yaml - create mode 100755 panko/templates/pod-panko-test.yaml - create mode 100755 panko/templates/secret-db.yaml - create mode 100755 panko/templates/secret-keystone.yaml - create mode 100755 panko/templates/service-api.yaml - create mode 100755 panko/templates/service-ingress-api.yaml - create mode 100755 panko/values.yaml - -diff --git a/panko/Chart.yaml b/panko/Chart.yaml -new file mode 100755 -index 0000000..7c5842a ---- /dev/null -+++ b/panko/Chart.yaml -@@ -0,0 +1,24 @@ -+# Copyright 2017 The Openstack-Helm Authors. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+ -+apiVersion: v1 -+description: Openstack-Helm Panko -+name: panko -+version: 0.1.0 -+home: https://docs.openstack.org/developer/panko -+sources: -+ - https://git.openstack.org/cgit/openstack/panko -+ - https://git.openstack.org/cgit/openstack/openstack-helm -+maintainers: -+ - name: OpenStack-Helm Authors -diff --git a/panko/requirements.yaml b/panko/requirements.yaml -new file mode 100755 -index 0000000..53782e6 ---- /dev/null -+++ b/panko/requirements.yaml -@@ -0,0 +1,18 @@ -+# Copyright 2017 The Openstack-Helm Authors. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+ -+dependencies: -+ - name: helm-toolkit -+ repository: http://localhost:8879/charts -+ version: 0.1.0 -diff --git a/panko/templates/bin/_bootstrap.sh.tpl b/panko/templates/bin/_bootstrap.sh.tpl -new file mode 100755 -index 0000000..81a93b4 ---- /dev/null -+++ b/panko/templates/bin/_bootstrap.sh.tpl -@@ -0,0 +1,20 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} -\ No newline at end of file -diff --git a/panko/templates/bin/_db-sync.sh.tpl b/panko/templates/bin/_db-sync.sh.tpl -new file mode 100755 -index 0000000..8ca583a ---- /dev/null -+++ b/panko/templates/bin/_db-sync.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+exec panko-dbsync -diff --git a/panko/templates/bin/_panko-api.sh.tpl b/panko/templates/bin/_panko-api.sh.tpl -new file mode 100755 -index 0000000..bd08a43 ---- /dev/null -+++ b/panko/templates/bin/_panko-api.sh.tpl -@@ -0,0 +1,40 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+COMMAND="${@:-start}" -+ -+function start () { -+ -+ cp -a $(type -p panko-api) /var/www/cgi-bin/panko/ -+ -+ if [ -f /etc/apache2/envvars ]; then -+ # Loading Apache2 ENV variables -+ source /etc/apache2/envvars -+ fi -+ -+ # Start Apache2 -+ exec apache2 -DFOREGROUND -+} -+ -+function stop () { -+ kill -TERM 1 -+} -+ -+$COMMAND -+ -diff --git a/panko/templates/bin/_panko-events-cleaner.sh.tpl b/panko/templates/bin/_panko-events-cleaner.sh.tpl -new file mode 100755 -index 0000000..10f3a86 ---- /dev/null -+++ b/panko/templates/bin/_panko-events-cleaner.sh.tpl -@@ -0,0 +1,21 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+ -+panko-expirer -diff --git a/panko/templates/bin/_panko-test.sh.tpl b/panko/templates/bin/_panko-test.sh.tpl -new file mode 100755 -index 0000000..28273f9 ---- /dev/null -+++ b/panko/templates/bin/_panko-test.sh.tpl -@@ -0,0 +1,29 @@ -+#!/bin/bash -+ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+set -ex -+export HOME=/tmp -+ -+echo "Test: list event types" -+openstack event type list -+sleep 5 -+ -+echo "Test: list events" -+openstack event list -+ -+exit 0 -diff --git a/panko/templates/configmap-bin.yaml b/panko/templates/configmap-bin.yaml -new file mode 100755 -index 0000000..2eb73f4 ---- /dev/null -+++ b/panko/templates/configmap-bin.yaml -@@ -0,0 +1,51 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.configmap_bin }} -+{{- $envAll := . }} -+--- -+apiVersion: v1 -+kind: ConfigMap -+metadata: -+ name: panko-bin -+data: -+{{- if .Values.images.local_registry.active }} -+ image-repo-sync.sh: | -+{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -+{{- end }} -+{{- if .Values.bootstrap.enabled }} -+ bootstrap.sh: | -+{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+{{- end }} -+ panko-test.sh: | -+{{ tuple "bin/_panko-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ db-init.py: | -+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} -+ db-sync.sh: | -+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ db-drop.py: | -+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} -+ panko-api.sh: | -+{{ tuple "bin/_panko-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ panko-events-cleaner.sh: | -+{{ tuple "bin/_panko-events-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ ks-service.sh: | -+{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} -+ ks-endpoints.sh: | -+{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} -+ ks-user.sh: | -+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} -+{{- end }} -diff --git a/panko/templates/configmap-etc.yaml b/panko/templates/configmap-etc.yaml -new file mode 100755 -index 0000000..ed49927 ---- /dev/null -+++ b/panko/templates/configmap-etc.yaml -@@ -0,0 +1,88 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.configmap_etc }} -+{{- $envAll := . }} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.auth_uri -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_uri" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.auth_url -}} -+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_url" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.region_name -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "region_name" .Values.endpoints.identity.auth.panko.region_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.project_name -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "project_name" .Values.endpoints.identity.auth.panko.project_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.project_domain_name -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.panko.project_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.user_domain_name -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.panko.user_domain_name -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.username -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "username" .Values.endpoints.identity.auth.panko.username -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.password -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "password" .Values.endpoints.identity.auth.panko.password -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.memcached_servers -}} -+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}} -+{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} -+{{- end -}} -+ -+{{- if empty .Values.conf.panko.database.connection -}} -+{{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}} -+{{- end -}} -+ -+{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} -+{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -+{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} -+{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} -+{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} -+{{- end -}} -+ -+{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} -+{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} -+{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} -+{{- end -}} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: panko-etc -+type: Opaque -+data: -+ panko.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.panko | b64enc }} -+ logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} -+ api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} -+ policy.json: {{ toJson .Values.conf.policy | b64enc }} -+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_panko "key" "wsgi-panko.conf" "format" "Secret" ) | indent 2 }} -+{{- end }} -diff --git a/panko/templates/cron-job-events-cleaner.yaml b/panko/templates/cron-job-events-cleaner.yaml -new file mode 100755 -index 0000000..941404c ---- /dev/null -+++ b/panko/templates/cron-job-events-cleaner.yaml -@@ -0,0 +1,84 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.cron_job_events_cleaner }} -+{{- $envAll := . }} -+ -+{{- $mounts_panko_events_cleaner := .Values.pod.mounts.panko_events_cleaner.panko_events_cleaner }} -+{{- $mounts_panko_events_cleaner_init := .Values.pod.mounts.panko_events_cleaner.init_container }} -+ -+{{- $serviceAccountName := "panko-events-cleaner" }} -+{{ tuple $envAll "events_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: batch/v1beta1 -+kind: CronJob -+metadata: -+ name: panko-events-cleaner -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ schedule: {{ .Values.jobs.events_cleaner.cron | quote }} -+ successfulJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.success }} -+ failedJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.failed }} -+ concurrencyPolicy: Forbid -+ jobTemplate: -+ metadata: -+ labels: -+{{ tuple $envAll "panko" "events-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ spec: -+ template: -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+ restartPolicy: OnFailure -+ nodeSelector: -+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "events_cleaner" $mounts_panko_events_cleaner_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} -+ containers: -+ - name: panko-events-cleaner -+{{ tuple $envAll "panko_events_cleaner" | include "helm-toolkit.snippets.image" | indent 14 }} -+{{ tuple $envAll $envAll.Values.pod.resources.jobs.events_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} -+ command: -+ - /tmp/panko-events-cleaner.sh -+ volumeMounts: -+ - name: panko-bin -+ mountPath: /tmp/panko-events-cleaner.sh -+ subPath: panko-events-cleaner.sh -+ readOnly: true -+ - name: etcpanko -+ mountPath: /etc/panko -+ - name: panko-etc -+ mountPath: /etc/panko/panko.conf -+ subPath: panko.conf -+ readOnly: true -+ - name: panko-etc -+ mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} -+ readOnly: true -+{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 14 }}{{ end }} -+ volumes: -+ - name: etcpanko -+ emptyDir: {} -+ - name: panko-etc -+ secret: -+ secretName: panko-etc -+ defaultMode: 0444 -+ - name: panko-bin -+ configMap: -+ name: panko-bin -+ defaultMode: 0555 -+{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 10 }}{{ end }} -+{{- end }} -diff --git a/panko/templates/deployment-api.yaml b/panko/templates/deployment-api.yaml -new file mode 100755 -index 0000000..8f40424 ---- /dev/null -+++ b/panko/templates/deployment-api.yaml -@@ -0,0 +1,121 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.deployment_api }} -+{{- $envAll := . }} -+ -+{{- $mounts_panko_api := .Values.pod.mounts.panko_api.panko_api }} -+{{- $mounts_panko_api_init := .Values.pod.mounts.panko_api.init_container }} -+ -+{{- $serviceAccountName := "panko-api" }} -+{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: apps/v1 -+kind: Deployment -+metadata: -+ name: panko-api -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+ labels: -+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+spec: -+ replicas: {{ .Values.pod.replicas.api }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ annotations: -+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+ affinity: -+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} -+ nodeSelector: -+ {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} -+ terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} -+ initContainers: -+{{ tuple $envAll "api" $mounts_panko_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ containers: -+ - name: panko-api -+{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 10 }} -+{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -+ securityContext: -+ runAsUser: {{ .Values.pod.user.panko.uid }} -+ command: -+ - /tmp/panko-api.sh -+ - start -+ lifecycle: -+ preStop: -+ exec: -+ command: -+ - /tmp/panko-api.sh -+ - stop -+ ports: -+ - name: p-api -+ containerPort: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ readinessProbe: -+ tcpSocket: -+ port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ volumeMounts: -+ - name: wsgi-panko -+ mountPath: /var/www/cgi-bin/panko -+ - name: etcpanko -+ mountPath: /etc/panko -+ - name: panko-etc -+ mountPath: /etc/panko/panko.conf -+ subPath: panko.conf -+ readOnly: true -+ - name: panko-etc -+ mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: panko-etc -+ mountPath: /etc/panko/api_paste.ini -+ subPath: api_paste.ini -+ readOnly: true -+ - name: panko-etc -+ mountPath: /etc/panko/policy.json -+ subPath: policy.json -+ readOnly: true -+ - name: panko-etc -+ mountPath: /etc/apache2/conf-enabled/wsgi-panko.conf -+ subPath: wsgi-panko.conf -+ readOnly: true -+ - name: panko-bin -+ mountPath: /tmp/panko-api.sh -+ subPath: panko-api.sh -+ readOnly: true -+{{ if $mounts_panko_api.volumeMounts }}{{ toYaml $mounts_panko_api.volumeMounts | indent 12 }}{{ end }} -+ volumes: -+ - name: wsgi-panko -+ emptyDir: {} -+ - name: etcpanko -+ emptyDir: {} -+ - name: panko-etc -+ secret: -+ secretName: panko-etc -+ defaultMode: 0444 -+ - name: panko-bin -+ configMap: -+ name: panko-bin -+ defaultMode: 0555 -+{{ if $mounts_panko_api.volumes }}{{ toYaml $mounts_panko_api.volumes | indent 8 }}{{ end }} -+{{- end }} -diff --git a/panko/templates/ingress-api.yaml b/panko/templates/ingress-api.yaml -new file mode 100755 -index 0000000..d6d0e88 ---- /dev/null -+++ b/panko/templates/ingress-api.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} -+{{- $ingressOpts := dict "envAll" . "backendServiceType" "event" "backendPort" "p-api" -}} -+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} -+{{- end }} -diff --git a/panko/templates/job-bootstrap.yaml b/panko/templates/job-bootstrap.yaml -new file mode 100755 -index 0000000..7321d4b ---- /dev/null -+++ b/panko/templates/job-bootstrap.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} -+{{- $bootstrapJob := dict "envAll" . "serviceName" "panko" "keystoneUser" .Values.bootstrap.ks_user -}} -+{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} -+{{- end }} -diff --git a/panko/templates/job-db-drop.yaml b/panko/templates/job-db-drop.yaml -new file mode 100755 -index 0000000..7e50dbe ---- /dev/null -+++ b/panko/templates/job-db-drop.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_drop }} -+{{- $dbDropJob := dict "envAll" . "serviceName" "panko" -}} -+{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-db-init.yaml b/panko/templates/job-db-init.yaml -new file mode 100755 -index 0000000..22f4ddb ---- /dev/null -+++ b/panko/templates/job-db-init.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_init }} -+{{- $dbInitJob := dict "envAll" . "serviceName" "panko" -}} -+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-db-sync.yaml b/panko/templates/job-db-sync.yaml -new file mode 100755 -index 0000000..4b2fe73 ---- /dev/null -+++ b/panko/templates/job-db-sync.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_db_sync }} -+{{- $dbSyncJob := dict "envAll" . "serviceName" "panko" -}} -+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-image-repo-sync.yaml b/panko/templates/job-image-repo-sync.yaml -new file mode 100755 -index 0000000..8faed5b ---- /dev/null -+++ b/panko/templates/job-image-repo-sync.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "panko" -}} -+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-ks-endpoints.yaml b/panko/templates/job-ks-endpoints.yaml -new file mode 100755 -index 0000000..77457ba ---- /dev/null -+++ b/panko/templates/job-ks-endpoints.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_endpoints }} -+{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} -+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-ks-service.yaml b/panko/templates/job-ks-service.yaml -new file mode 100755 -index 0000000..1531564 ---- /dev/null -+++ b/panko/templates/job-ks-service.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_service }} -+{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} -+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/job-ks-user.yaml b/panko/templates/job-ks-user.yaml -new file mode 100755 -index 0000000..bff96ed ---- /dev/null -+++ b/panko/templates/job-ks-user.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.job_ks_user }} -+{{- $ksUserJob := dict "envAll" . "serviceName" "panko" -}} -+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/pdb-api.yaml b/panko/templates/pdb-api.yaml -new file mode 100755 -index 0000000..fc6fcd0 ---- /dev/null -+++ b/panko/templates/pdb-api.yaml -@@ -0,0 +1,29 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.pdb_api }} -+{{- $envAll := . }} -+--- -+apiVersion: policy/v1beta1 -+kind: PodDisruptionBudget -+metadata: -+ name: panko-api -+spec: -+ minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} -+ selector: -+ matchLabels: -+{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -+{{- end }} -diff --git a/panko/templates/pod-panko-test.yaml b/panko/templates/pod-panko-test.yaml -new file mode 100755 -index 0000000..cf162bf ---- /dev/null -+++ b/panko/templates/pod-panko-test.yaml -@@ -0,0 +1,72 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.pod_panko_test }} -+{{- $envAll := . }} -+ -+{{- $mounts_tests := .Values.pod.mounts.panko_tests.panko_tests }} -+{{- $mounts_tests_init := .Values.pod.mounts.panko_tests.init_container }} -+ -+{{- $serviceAccountName := print $envAll.Release.Name "-test" }} -+{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: v1 -+kind: Pod -+metadata: -+ name: {{ print $envAll.Release.Name "-test" }} -+ labels: -+{{ tuple $envAll "panko" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ annotations: -+ "helm.sh/hook": test-success -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ restartPolicy: Never -+ nodeSelector: -+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} -+ serviceAccountName: {{ $serviceAccountName }} -+ initContainers: -+{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} -+ containers: -+ - name: {{ .Release.Name }}-test -+{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 6 }} -+{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} -+ env: -+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} -+{{- end }} -+ command: -+ - /tmp/panko-test.sh -+ volumeMounts: -+ - name: panko-etc -+ mountPath: /etc/panko/panko.conf -+ subPath: panko.conf -+ readOnly: true -+ - name: panko-bin -+ mountPath: /tmp/panko-test.sh -+ subPath: panko-test.sh -+ readOnly: true -+{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} -+ volumes: -+ - name: panko-etc -+ secret: -+ secretName: panko-etc -+ defaultMode: 0444 -+ - name: panko-bin -+ configMap: -+ name: panko-bin -+ defaultMode: 0555 -+{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} -+{{- end }} -diff --git a/panko/templates/secret-db.yaml b/panko/templates/secret-db.yaml -new file mode 100755 -index 0000000..58edac4 ---- /dev/null -+++ b/panko/templates/secret-db.yaml -@@ -0,0 +1,30 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_db }} -+{{- $envAll := . }} -+{{- range $key1, $userClass := tuple "admin" "panko" }} -+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: {{ $secretName }} -+type: Opaque -+data: -+ DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} -+{{- end }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/templates/secret-keystone.yaml b/panko/templates/secret-keystone.yaml -new file mode 100755 -index 0000000..9b44ceb ---- /dev/null -+++ b/panko/templates/secret-keystone.yaml -@@ -0,0 +1,30 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.secret_keystone }} -+{{- $envAll := . }} -+{{- range $key1, $userClass := tuple "admin" "panko" }} -+{{- $secretName := index $envAll.Values.secrets.identity $userClass }} -+--- -+apiVersion: v1 -+kind: Secret -+metadata: -+ name: {{ $secretName }} -+type: Opaque -+data: -+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} -+{{- end }} -+{{- end }} -diff --git a/panko/templates/service-api.yaml b/panko/templates/service-api.yaml -new file mode 100755 -index 0000000..893d9e3 ---- /dev/null -+++ b/panko/templates/service-api.yaml -@@ -0,0 +1,39 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if .Values.manifests.service_api }} -+{{- $envAll := . }} -+--- -+apiVersion: v1 -+kind: Service -+metadata: -+ name: {{ tuple "event" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -+spec: -+ ports: -+ - name: p-api -+ port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ {{ if .Values.network.api.node_port.enabled }} -+ nodePort: {{ .Values.network.api.node_port.port }} -+ {{ end }} -+ selector: -+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -+ {{ if .Values.network.api.node_port.enabled }} -+ type: NodePort -+ {{ if .Values.network.api.external_policy_local }} -+ externalTrafficPolicy: Local -+ {{ end }} -+ {{ end }} -+{{- end }} -diff --git a/panko/templates/service-ingress-api.yaml b/panko/templates/service-ingress-api.yaml -new file mode 100755 -index 0000000..422e74d ---- /dev/null -+++ b/panko/templates/service-ingress-api.yaml -@@ -0,0 +1,20 @@ -+{{/* -+Copyright 2017 The Openstack-Helm Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+ -+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} -+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "event" -}} -+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} -+{{- end }} -\ No newline at end of file -diff --git a/panko/values.yaml b/panko/values.yaml -new file mode 100755 -index 0000000..bae4278 ---- /dev/null -+++ b/panko/values.yaml -@@ -0,0 +1,535 @@ -+# Default values for panko. -+# This is a YAML-formatted file. -+# Declare variables to be passed into your templates. -+ -+release_group: null -+ -+labels: -+ api: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ job: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ test: -+ node_selector_key: openstack-control-plane -+ node_selector_value: enabled -+ -+images: -+ tags: -+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 -+ db_init: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 -+ db_drop: docker.io/openstackhelm/heat:newton -+ bootstrap: docker.io/openstackhelm/heat:newton -+ panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 -+ ks_user: docker.io/openstackhelm/heat:newton -+ ks_service: docker.io/openstackhelm/heat:newton -+ ks_endpoints: docker.io/openstackhelm/heat:newton -+ panko_api: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 -+ panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:3.0.3-beta.1 -+ image_repo_sync: docker.io/docker:17.07.0 -+ pull_policy: "IfNotPresent" -+ local_registry: -+ active: false -+ exclude: -+ - dep_check -+ - image_repo_sync -+ -+jobs: -+ events_cleaner: -+ # hourly -+ cron: "0 * * * *" -+ history: -+ success: 3 -+ failed: 1 -+ -+network: -+ api: -+ ingress: -+ public: true -+ classes: -+ namespace: "nginx" -+ cluster: "nginx-cluster" -+ annotations: -+ nginx.ingress.kubernetes.io/rewrite-target: / -+ external_policy_local: false -+ node_port: -+ enabled: false -+ port: 8977 -+ -+dependencies: -+ dynamic: -+ common: -+ local_image_registry: -+ jobs: -+ - panko-image-repo-sync -+ services: -+ - endpoint: node -+ service: local_image_registry -+ static: -+ api: -+ jobs: -+ - panko-db-sync -+ - panko-ks-user -+ - panko-ks-endpoints -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ events_cleaner: -+ jobs: -+ - panko-db-sync -+ - panko-ks-user -+ - panko-ks-endpoints -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: identity -+ bootstrap: -+ services: -+ - endpoint: internal -+ service: identity -+ db_init: -+ services: -+ - endpoint: internal -+ service: oslo_db -+ db_sync: -+ jobs: -+ - panko-db-init -+ services: -+ - endpoint: internal -+ service: oslo_db -+ db_drop: -+ services: -+ - endpoint: internal -+ service: oslo_db -+ ks_endpoints: -+ jobs: -+ - panko-ks-service -+ services: -+ - endpoint: internal -+ service: identity -+ ks_service: -+ services: -+ - endpoint: internal -+ service: identity -+ ks_user: -+ services: -+ - endpoint: internal -+ service: identity -+ image_repo_sync: -+ services: -+ - endpoint: internal -+ service: local_image_registry -+ tests: -+ jobs: -+ - panko-db-sync -+ services: -+ - endpoint: internal -+ service: identity -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: event -+ -+# Names of secrets used by bootstrap and environmental checks -+secrets: -+ identity: -+ admin: panko-keystone-admin -+ panko: panko-keystone-user -+ oslo_db: -+ admin: panko-db-admin -+ panko: panko-db-user -+ -+bootstrap: -+ enabled: false -+ ks_user: panko -+ script: | -+ openstack token issue -+ -+conf: -+ wsgi_panko: | -+ Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ -+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy -+ -+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded -+ CustomLog /dev/stdout combined env=!forwarded -+ CustomLog /dev/stdout proxy env=forwarded -+ -+ -+ WSGIDaemonProcess panko processes=1 threads=2 user=panko group=panko display-name=%{GROUP} -+ WSGIProcessGroup panko -+ WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api -+ WSGIApplicationGroup %{GLOBAL} -+ = 2.4> -+ ErrorLogFormat "%{cu}t %M" -+ -+ -+ ErrorLog /dev/stdout -+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded -+ CustomLog /dev/stdout combined env=!forwarded -+ CustomLog /dev/stdout proxy env=forwarded -+ -+ paste: -+ composite:panko+noauth: -+ use: egg:Paste#urlmap -+ /: pankoversions_pipeline -+ /v2: pankov2_noauth_pipeline -+ composite:panko+keystone: -+ use: egg:Paste#urlmap -+ /: pankoversions_pipeline -+ /v2: pankov2_keystone_pipeline -+ pipeline:pankoversions_pipeline: -+ pipeline: cors http_proxy_to_wsgi pankoversions -+ app:pankoversions: -+ paste.app_factory: panko.api.app:app_factory -+ root: panko.api.controllers.root.VersionsController -+ pipeline:pankov2_keystone_pipeline: -+ pipeline: cors http_proxy_to_wsgi request_id authtoken pankov2 -+ pipeline:pankov2_noauth_pipeline: -+ pipeline: cors http_proxy_to_wsgi request_id pankov2 -+ app:pankov2: -+ paste.app_factory: panko.api.app:app_factory -+ root: panko.api.controllers.v2.root.V2Controller -+ filter:authtoken: -+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory -+ oslo_config_project: panko -+ filter:request_id: -+ paste.filter_factory: oslo_middleware:RequestId.factory -+ filter:cors: -+ paste.filter_factory: oslo_middleware.cors:filter_factory -+ oslo_config_project: panko -+ filter:http_proxy_to_wsgi: -+ paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory -+ oslo_config_project: panko -+ policy: -+ context_is_admin: role:admin -+ segregation: rule:context_is_admin -+ telemetry:events:index: '' -+ telemetry:events:show: '' -+ panko: -+ DEFAULT: -+ debug: false -+ log_config_append: /etc/panko/logging.conf -+ database: -+ event_time_to_live: 86400 -+ max_retries: -1 -+ keystone_authtoken: -+ auth_version: v3 -+ auth_type: password -+ memcache_security_strategy: ENCRYPT -+ logging: -+ loggers: -+ keys: -+ - root -+ - panko -+ handlers: -+ keys: -+ - stdout -+ - stderr -+ - "null" -+ formatters: -+ keys: -+ - context -+ - default -+ logger_root: -+ level: WARNING -+ handlers: 'null' -+ logger_panko: -+ level: INFO -+ handlers: -+ - stdout -+ qualname: panko -+ logger_amqp: -+ level: WARNING -+ handlers: stderr -+ qualname: amqp -+ logger_amqplib: -+ level: WARNING -+ handlers: stderr -+ qualname: amqplib -+ logger_eventletwsgi: -+ level: WARNING -+ handlers: stderr -+ qualname: eventlet.wsgi.server -+ logger_sqlalchemy: -+ level: WARNING -+ handlers: stderr -+ qualname: sqlalchemy -+ logger_boto: -+ level: WARNING -+ handlers: stderr -+ qualname: boto -+ handler_null: -+ class: logging.NullHandler -+ formatter: default -+ args: () -+ handler_stdout: -+ class: StreamHandler -+ args: (sys.stdout,) -+ formatter: context -+ handler_stderr: -+ class: StreamHandler -+ args: (sys.stderr,) -+ formatter: context -+ formatter_context: -+ class: oslo_log.formatters.ContextFormatter -+ formatter_default: -+ format: "%(message)s" -+ -+# typically overriden by environmental -+# values, but should include all endpoints -+# required by this chart -+endpoints: -+ cluster_domain_suffix: cluster.local -+ local_image_registry: -+ name: docker-registry -+ namespace: docker-registry -+ hosts: -+ default: localhost -+ internal: docker-registry -+ node: localhost -+ host_fqdn_override: -+ default: null -+ port: -+ registry: -+ node: 5000 -+ identity: -+ name: keystone -+ auth: -+ admin: -+ region_name: RegionOne -+ username: admin -+ password: password -+ project_name: admin -+ user_domain_name: default -+ project_domain_name: default -+ panko: -+ role: admin -+ region_name: RegionOne -+ username: panko -+ password: password -+ project_name: service -+ user_domain_name: service -+ project_domain_name: service -+ hosts: -+ default: keystone -+ internal: keystone-api -+ host_fqdn_override: -+ default: null -+ path: -+ default: /v3 -+ scheme: -+ default: 'http' -+ port: -+ api: -+ default: 80 -+ internal: 5000 -+ event: -+ name: panko -+ hosts: -+ default: panko-api -+ public: panko -+ host_fqdn_override: -+ default: null -+ path: -+ default: null -+ scheme: -+ default: 'http' -+ port: -+ api: -+ default: 8977 -+ public: 80 -+ oslo_db: -+ auth: -+ admin: -+ username: root -+ password: password -+ panko: -+ username: panko -+ password: password -+ hosts: -+ default: mariadb -+ host_fqdn_override: -+ default: null -+ path: /panko -+ scheme: mysql+pymysql -+ port: -+ mysql: -+ default: 3306 -+ oslo_cache: -+ auth: -+ # NOTE: this is used to define the value for keystone -+ # authtoken cache encryption key, if not set it will be populated -+ # automatically with a random value, but to take advantage of -+ # this feature all services should be set to use the same key, -+ # and memcache service. -+ memcache_secret_key: null -+ hosts: -+ default: memcached -+ host_fqdn_override: -+ default: null -+ port: -+ memcache: -+ default: 11211 -+ fluentd: -+ namespace: null -+ name: fluentd -+ hosts: -+ default: fluentd-logging -+ host_fqdn_override: -+ default: null -+ path: -+ default: null -+ scheme: 'http' -+ port: -+ service: -+ default: 24224 -+ metrics: -+ default: 24220 -+ -+pod: -+ user: -+ panko: -+ uid: 42424 -+ affinity: -+ anti: -+ type: -+ default: preferredDuringSchedulingIgnoredDuringExecution -+ topologyKey: -+ default: kubernetes.io/hostname -+ mounts: -+ panko_api: -+ init_container: null -+ panko_api: -+ panko_events_cleaner: -+ init_container: null -+ panko_events_cleaner: -+ panko_bootstrap: -+ init_container: null -+ panko_bootstrap: -+ panko_tests: -+ init_container: null -+ panko_tests: -+ replicas: -+ api: 1 -+ lifecycle: -+ upgrades: -+ deployments: -+ revision_history: 3 -+ pod_replacement_strategy: RollingUpdate -+ rolling_update: -+ max_unavailable: 1 -+ max_surge: 3 -+ disruption_budget: -+ api: -+ min_available: 0 -+ termination_grace_period: -+ api: -+ timeout: 600 -+ resources: -+ enabled: false -+ api: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ jobs: -+ bootstrap: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_sync: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_init: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_user: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_service: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ ks_endpoints: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ events_cleaner: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ db_drop: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ tests: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ image_repo_sync: -+ requests: -+ memory: "128Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" -+ -+manifests: -+ configmap_bin: true -+ configmap_etc: true -+ cron_job_events_cleaner: true -+ deployment_api: true -+ ingress_api: true -+ job_bootstrap: true -+ job_db_drop: false -+ job_db_init: true -+ job_image_repo_sync: true -+ job_db_sync: true -+ job_ks_endpoints: true -+ job_ks_service: true -+ job_ks_user: true -+ pdb_api: true -+ pod_panko_test: true -+ secret_db: true -+ secret_keystone: true -+ service_api: true -+ service_ingress_api: true -+ --- -1.8.3.1 - diff --git a/openstack-helm/files/Remove-stale-Apache2-service-pids-when-a-POD-starts.patch b/openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch similarity index 57% rename from openstack-helm/files/Remove-stale-Apache2-service-pids-when-a-POD-starts.patch rename to openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch index 29b4c913..71a5fa8f 100644 --- a/openstack-helm/files/Remove-stale-Apache2-service-pids-when-a-POD-starts.patch +++ b/openstack-helm/files/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch @@ -1,7 +1,7 @@ -From 44b9b086f22a561cec91519d03750c3e501d5739 Mon Sep 17 00:00:00 2001 +From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001 From: Chris Friesen Date: Wed, 28 Nov 2018 01:33:39 -0500 -Subject: [PATCH] Remove stale Apache2 service pids when a POD starts. +Subject: [PATCH 03/10] Remove stale Apache2 service pids when a POD starts. Stale Apache2 pids will prevent Apache2 from starting and will leave the POD in a crashed state. @@ -12,30 +12,16 @@ Note: the pid file is somewhat confusingly called This is loosely based off the in-review upstream commit at https://review.openstack.org/#/c/619747 ---- - aodh/templates/bin/_aodh-api.sh.tpl | 3 +++ - ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++ - keystone/templates/bin/_keystone-api.sh.tpl | 3 +++ - nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++ - panko/templates/bin/_panko-api.sh.tpl | 3 +++ - 5 files changed, 15 insertions(+) -diff --git a/aodh/templates/bin/_aodh-api.sh.tpl b/aodh/templates/bin/_aodh-api.sh.tpl -index 708b327..dfc7abc 100644 ---- a/aodh/templates/bin/_aodh-api.sh.tpl -+++ b/aodh/templates/bin/_aodh-api.sh.tpl -@@ -28,6 +28,9 @@ function start () { - source /etc/apache2/envvars - fi - -+ # Get rid of stale pid file if present. -+ rm -f /var/run/apache2/*.pid -+ - # Start Apache2 - exec apache2 -DFOREGROUND - } +Signed-off-by: Robert Church +--- + ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++ + keystone/templates/bin/_keystone-api.sh.tpl | 6 ++---- + nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++ + 3 files changed, 8 insertions(+), 4 deletions(-) + diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl -index cdb02f7..0950f03 100644 +index cdb02f79..392873c7 100644 --- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl +++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl @@ -25,6 +25,9 @@ function start () { @@ -49,41 +35,30 @@ index cdb02f7..0950f03 100644 exec apache2 -DFOREGROUND } diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl -index 217d942..a5950a4 100644 +index 2f127b94..11726809 100644 --- a/keystone/templates/bin/_keystone-api.sh.tpl +++ b/keystone/templates/bin/_keystone-api.sh.tpl -@@ -31,6 +31,9 @@ function start () { +@@ -31,10 +31,8 @@ function start () { source /etc/apache2/envvars fi +- if [ -f /var/run/apache2/apache2.pid ]; then +- # Remove the stale pid for debian/ubuntu images +- rm -f /var/run/apache2/apache2.pid +- fi + # Get rid of stale pid, shared memory segment and wsgi sock files if present. + rm -f /var/run/apache2/* -+ + # Start Apache2 exec apache2 -DFOREGROUND - } diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl -index f9c8d7c..a7d753e 100644 +index f9c8d7c5..b4bcf178 100644 --- a/nova/templates/bin/_nova-placement-api.sh.tpl +++ b/nova/templates/bin/_nova-placement-api.sh.tpl @@ -28,6 +28,9 @@ function start () { source /etc/apache2/envvars fi -+ # Get rid of stale pid file if present. -+ rm -f /var/run/apache2/*.pid -+ - # Start Apache2 - exec apache2 -DFOREGROUND - } -diff --git a/panko/templates/bin/_panko-api.sh.tpl b/panko/templates/bin/_panko-api.sh.tpl -index bd08a43..c4ffc3f 100755 ---- a/panko/templates/bin/_panko-api.sh.tpl -+++ b/panko/templates/bin/_panko-api.sh.tpl -@@ -28,6 +28,9 @@ function start () { - source /etc/apache2/envvars - fi - + # Get rid of stale pid file if present. + rm -f /var/run/apache2/*.pid + @@ -91,5 +66,5 @@ index bd08a43..c4ffc3f 100755 exec apache2 -DFOREGROUND } -- -1.8.3.1 +2.16.5 diff --git a/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch b/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch similarity index 86% rename from openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch rename to openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch index 29227af0..1118ea68 100644 --- a/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch +++ b/openstack-helm/files/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch @@ -1,16 +1,26 @@ -From 7760815c98231ffd431f053f8fac35902f420118 Mon Sep 17 00:00:00 2001 +From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001 From: Gerry Kopec Date: Thu, 10 Jan 2019 00:12:21 -0500 -Subject: [PATCH] Enable cold migration in nova helm chart +Subject: [PATCH 04/10] Fix ssh config in nova to support cold migrations -- Move private key from sshd container to nova-compute container. +- Fix .ssh/config file mapping +- Move private key from nova-compute-ssh container to nova-compute + container. - Map private and public keys to configmap-ssh which will default to - correct file permissions. + the appropriate file permissions. - Add additional config to /etc/ssh/sshd_config to allow passwordless root logins over appropriate subnet passed in from overrides. - Remove chmods from sshd bash script as they are failing. -Depends on helm-toolkit supporting multiple containers per pod. +Depends on helm-toolkit supporting multiple containers per daemonset +pod. + +Story: 2003463 +Task: 24723 +Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff +Signed-off-by: Gerry Kopec +(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d) +Signed-off-by: Robert Church --- nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++--- nova/templates/configmap-etc.yaml | 4 ++-- @@ -21,7 +31,7 @@ Depends on helm-toolkit supporting multiple containers per pod. create mode 100755 nova/templates/configmap-ssh.yaml diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl -index 1c10cb0..158090b 100644 +index 1c10cb07..158090b0 100644 --- a/nova/templates/bin/_ssh-start.sh.tpl +++ b/nova/templates/bin/_ssh-start.sh.tpl @@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then @@ -50,7 +60,7 @@ index 1c10cb0..158090b 100644 exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml -index 55aa311..0d1e7a5 100644 +index 55aa3114..0d1e7a5e 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -232,8 +232,8 @@ data: @@ -66,7 +76,7 @@ index 55aa311..0d1e7a5 100644 {{- if .Values.manifests.configmap_etc }} diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml new file mode 100755 -index 0000000..bab8e33 +index 00000000..bab8e330 --- /dev/null +++ b/nova/templates/configmap-ssh.yaml @@ -0,0 +1,35 @@ @@ -106,10 +116,10 @@ index 0000000..bab8e33 +{{- list "nova-ssh" . | include "nova.configmap.ssh" }} +{{- end }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml -index 850f0b0..82f185f 100644 +index 09627042..4a7b90b5 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml -@@ -217,6 +217,9 @@ spec: +@@ -258,6 +258,9 @@ spec: mountPath: /root/.ssh/config subPath: ssh-config readOnly: true @@ -119,7 +129,7 @@ index 850f0b0..82f185f 100644 {{- if .Values.conf.ceph.enabled }} - name: etcceph mountPath: /etc/ceph -@@ -273,13 +276,10 @@ spec: +@@ -314,13 +317,10 @@ spec: mountPath: /var/lib/nova - name: varliblibvirt mountPath: /var/lib/libvirt @@ -135,7 +145,7 @@ index 850f0b0..82f185f 100644 mountPath: /root/.ssh/authorized_keys subPath: ssh-key-public - name: nova-bin -@@ -295,6 +295,10 @@ spec: +@@ -336,6 +336,10 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 @@ -145,12 +155,12 @@ index 850f0b0..82f185f 100644 + defaultMode: 0400 {{- if .Values.conf.ceph.enabled }} - name: etcceph - emptyDir: {} + hostPath: diff --git a/nova/values.yaml b/nova/values.yaml -index 4edf5c6..9646ded 100644 +index 7cb4d553..8599027a 100644 --- a/nova/values.yaml +++ b/nova/values.yaml -@@ -209,6 +209,9 @@ network: +@@ -211,6 +211,9 @@ network: ssh: name: "nova-ssh" port: 8022 @@ -160,7 +170,7 @@ index 4edf5c6..9646ded 100644 dependencies: dynamic: -@@ -460,6 +463,8 @@ conf: +@@ -462,6 +465,8 @@ conf: StrictHostKeyChecking no UserKnownHostsFile /dev/null Port {{ .Values.network.ssh.port }} @@ -170,5 +180,5 @@ index 4edf5c6..9646ded 100644 run_tempest: false tests: -- -1.8.3.1 +2.16.5 diff --git a/openstack-helm/files/0005-Add-heat-purge-deleted-cron-job.patch b/openstack-helm/files/0005-Add-heat-purge-deleted-cron-job.patch deleted file mode 100644 index bcb102cf..00000000 --- a/openstack-helm/files/0005-Add-heat-purge-deleted-cron-job.patch +++ /dev/null @@ -1,209 +0,0 @@ -From bd5c50427b8a453cd993cce39c5dc49bb94acd82 Mon Sep 17 00:00:00 2001 -From: David Sullivan -Date: Fri, 23 Nov 2018 14:00:56 -0500 -Subject: [PATCH] Add heat-purge-deleted cron job - -This adds a cron job to purge deleted items from the heat db every 24h. - -This should be upstreamed. ---- - .../bin/_heat-purge-deleted-active.sh.tpl | 10 +++ - heat/templates/configmap-bin.yaml | 2 + - heat/templates/cron-job-purge-deleted.yaml | 76 ++++++++++++++++++++++ - heat/values.yaml | 32 +++++++++ - 4 files changed, 120 insertions(+) - create mode 100644 heat/templates/bin/_heat-purge-deleted-active.sh.tpl - create mode 100644 heat/templates/cron-job-purge-deleted.yaml - -diff --git a/heat/templates/bin/_heat-purge-deleted-active.sh.tpl b/heat/templates/bin/_heat-purge-deleted-active.sh.tpl -new file mode 100644 -index 0000000..dc38caf ---- /dev/null -+++ b/heat/templates/bin/_heat-purge-deleted-active.sh.tpl -@@ -0,0 +1,10 @@ -+#!/bin/bash -+ -+# Copyright (c) 2017-2018 Wind River Systems, Inc. -+# -+# SPDX-License-Identifier: Apache-2.0 -+# -+ -+set -ex -+ -+heat-manage purge_deleted -g hours 1 -diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml -index b432097..1463be5 100644 ---- a/heat/templates/configmap-bin.yaml -+++ b/heat/templates/configmap-bin.yaml -@@ -59,6 +59,8 @@ data: - {{ tuple "bin/_heat-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - heat-engine-cleaner.sh: | - {{ tuple "bin/_heat-engine-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -+ heat-purge-deleted-active.sh: | -+{{ tuple "bin/_heat-purge-deleted-active.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - rabbit-init.sh: | - {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} - {{- end }} -diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml -new file mode 100644 -index 0000000..8b8fb24 ---- /dev/null -+++ b/heat/templates/cron-job-purge-deleted.yaml -@@ -0,0 +1,76 @@ -+# Copyright (c) 2017-2018 Wind River Systems, Inc. -+# -+# SPDX-License-Identifier: Apache-2.0 -+# -+ -+{{- if .Values.manifests.cron_job_purge_deleted }} -+{{- $envAll := . }} -+ -+{{- $mounts_heat_purge_deleted := .Values.pod.mounts.heat_purge_deleted.heat_purge_deleted }} -+{{- $mounts_heat_purge_deleted_init := .Values.pod.mounts.heat_purge_deleted.init_container }} -+ -+{{- $serviceAccountName := "heat-purge-deleted" }} -+{{ tuple $envAll "purge_deleted" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} -+--- -+apiVersion: batch/v1beta1 -+kind: CronJob -+metadata: -+ name: heat-purge-deleted -+ annotations: -+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -+spec: -+ schedule: {{ .Values.jobs.purge_deleted.cron | quote }} -+ successfulJobsHistoryLimit: {{ .Values.jobs.purge_deleted.history.success }} -+ failedJobsHistoryLimit: {{ .Values.jobs.purge_deleted.history.failed }} -+ concurrencyPolicy: Forbid -+ jobTemplate: -+ metadata: -+ labels: -+{{ tuple $envAll "heat" "purge-deleted" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} -+ spec: -+ template: -+ metadata: -+ labels: -+{{ tuple $envAll "heat" "purge-deleted" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} -+ spec: -+ serviceAccountName: {{ $serviceAccountName }} -+ restartPolicy: OnFailure -+ nodeSelector: -+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} -+ initContainers: -+{{ tuple $envAll "purge_deleted" $mounts_heat_purge_deleted_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} -+ containers: -+ - name: heat-purge-deleted -+{{ tuple $envAll "heat_purge_deleted" | include "helm-toolkit.snippets.image" | indent 14 }} -+{{ tuple $envAll $envAll.Values.pod.resources.jobs.purge_deleted | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} -+ command: -+ - /tmp/heat-purge-deleted-active.sh -+ volumeMounts: -+ - name: heat-bin -+ mountPath: /tmp/heat-purge-deleted-active.sh -+ subPath: heat-purge-deleted-active.sh -+ readOnly: true -+ - name: etcheat -+ mountPath: /etc/heat -+ - name: heat-etc -+ mountPath: /etc/heat/heat.conf -+ subPath: heat.conf -+ readOnly: true -+ - name: heat-etc -+ mountPath: {{ .Values.conf.heat.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }} -+ readOnly: true -+{{ if $mounts_heat_purge_deleted.volumeMounts }}{{ toYaml $mounts_heat_purge_deleted.volumeMounts | indent 14 }}{{ end }} -+ volumes: -+ - name: etcheat -+ emptyDir: {} -+ - name: heat-etc -+ secret: -+ secretName: heat-etc -+ defaultMode: 0444 -+ - name: heat-bin -+ configMap: -+ name: heat-bin -+ defaultMode: 0555 -+{{ if $mounts_heat_purge_deleted.volumes }}{{ toYaml $mounts_heat_purge_deleted.volumes | indent 10 }}{{ end }} -+{{- end }} -diff --git a/heat/values.yaml b/heat/values.yaml -index 5d37081..51a7b42 100644 ---- a/heat/values.yaml -+++ b/heat/values.yaml -@@ -55,6 +55,7 @@ images: - heat_cloudwatch: docker.io/openstackhelm/heat:ocata - heat_engine: docker.io/openstackhelm/heat:ocata - heat_engine_cleaner: docker.io/openstackhelm/heat:ocata -+ heat_purge_deleted: docker.io/openstackhelm/heat:ocata - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" -@@ -70,6 +71,12 @@ jobs: - history: - success: 3 - failed: 1 -+ -+ purge_deleted: -+ cron: "20 */24 * * *" -+ history: -+ success: 3 -+ failed: 1 - - conf: - rally_tests: -@@ -677,6 +684,20 @@ dependencies: - service: oslo_messaging - - endpoint: internal - service: identity -+ purge_deleted: -+ jobs: -+ - heat-db-sync -+ - heat-ks-user -+ - heat-trustee-ks-user -+ - heat-domain-ks-user -+ - heat-ks-endpoints -+ services: -+ - endpoint: internal -+ service: oslo_db -+ - endpoint: internal -+ service: oslo_messaging -+ - endpoint: internal -+ service: identity - ks_endpoints: - jobs: - - heat-ks-service -@@ -968,6 +989,9 @@ pod: - heat_engine_cleaner: - init_container: null - heat_engine_cleaner: -+ heat_purge_deleted: -+ init_container: null -+ heat_purge_deleted: - heat_tests: - init_container: null - heat_tests: -@@ -1108,6 +1132,13 @@ pod: - limits: - memory: "1024Mi" - cpu: "2000m" -+ purge_deleted: -+ requests: -+ memory: "124Mi" -+ cpu: "100m" -+ limits: -+ memory: "1024Mi" -+ cpu: "2000m" - image_repo_sync: - requests: - memory: "128Mi" -@@ -1143,6 +1174,7 @@ manifests: - configmap_bin: true - configmap_etc: true - cron_job_engine_cleaner: true -+ cron_job_purge_deleted: true - deployment_api: true - deployment_cfn: true - deployment_cloudwatch: false --- -1.8.3.1 - diff --git a/openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch b/openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch new file mode 100644 index 00000000..045ac529 --- /dev/null +++ b/openstack-helm/files/0005-Nova-console-ip-address-search-optionality.patch @@ -0,0 +1,65 @@ +From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001 +From: Gerry Kopec +Date: Wed, 27 Mar 2019 00:35:57 -0400 +Subject: [PATCH 05/10] Nova console/ip address search optionality + +Add options to nova to enable/disable the use of: +1. the vnc or spice server proxyclient address found by the console + compute init container +2. my_ip hypervisor address found by compute init container + +These options can be used to prevent cases where the found addresses +overwrite what has already been defined in nova.conf by per host nova +compute daemonset overrides. + +Story: 2005259 +Task: 30066 +Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8 +Signed-off-by: Gerry Kopec +(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41) +Signed-off-by: Robert Church +--- + nova/templates/bin/_nova-compute.sh.tpl | 6 +++++- + nova/values.yaml | 2 ++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl +index c80da6d6..4927908a 100644 +--- a/nova/templates/bin/_nova-compute.sh.tpl ++++ b/nova/templates/bin/_nova-compute.sh.tpl +@@ -20,6 +20,10 @@ set -ex + + exec nova-compute \ + --config-file /etc/nova/nova.conf \ ++{{- if .Values.console.address_search_enabled }} + --config-file /tmp/pod-shared/nova-console.conf \ ++{{- end }} + --config-file /tmp/pod-shared/nova-libvirt.conf \ +- --config-file /tmp/pod-shared/nova-hypervisor.conf +\ No newline at end of file ++{{- if .Values.conf.hypervisor.address_search_enabled }} ++ --config-file /tmp/pod-shared/nova-hypervisor.conf ++{{- end }} +diff --git a/nova/values.yaml b/nova/values.yaml +index 8599027a..0887cecc 100644 +--- a/nova/values.yaml ++++ b/nova/values.yaml +@@ -440,6 +440,7 @@ console: + vncproxy: + # IF blank, search default routing interface + vncserver_proxyclient_interface: ++ address_search_enabled: true + + ssh: + key_types: +@@ -1433,6 +1434,7 @@ conf: + # If this option is set to None, the hostname of the migration target compute node will be used. + live_migration_interface: + hypervisor: ++ address_search_enabled: true + # my_ip can be set automatically through this interface name. + host_interface: + nova: +-- +2.16.5 + diff --git a/openstack-helm/files/0012-Nova-chart-Add-ephemeral-pool.patch b/openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch similarity index 83% rename from openstack-helm/files/0012-Nova-chart-Add-ephemeral-pool.patch rename to openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch index 93235353..e37bba06 100644 --- a/openstack-helm/files/0012-Nova-chart-Add-ephemeral-pool.patch +++ b/openstack-helm/files/0006-Nova-chart-Support-ephemeral-pool-creation.patch @@ -1,23 +1,33 @@ -From a69da80225eda187df707b7c1fc8ef1d2c1edb57 Mon Sep 17 00:00:00 2001 +From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001 From: Irina Mihai -Date: Fri, 15 Feb 2019 11:06:49 -0500 -Subject: [PATCH] Add support for ephemeral pool creation +Date: Tue, 26 Feb 2019 17:43:53 +0000 +Subject: [PATCH 06/10] Nova chart: Support ephemeral pool creation +If libvirt images_type is rbd, then we need to have the +images_rbd_pool present. These changes add a new job +to make sure this pool exists. + +Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8 +Story: 2004922 +Task: 29285 +Signed-off-by: Irina Mihai +(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81) +Signed-off-by: Robert Church --- - nova/templates/bin/_nova-storage-init.sh.tpl | 73 +++++++++++++++ - nova/templates/configmap-bin.yaml | 2 + - nova/templates/job-storage-init.yaml | 154 ++++++++++++++++++++++++++++++++ + nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++ + nova/templates/configmap-bin.yaml | 4 +- + nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++ nova/values.yaml | 18 ++++ - 4 files changed, 247 insertions(+) + 4 files changed, 251 insertions(+), 1 deletion(-) create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl create mode 100644 nova/templates/job-storage-init.yaml diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl new file mode 100644 -index 0000000..571cce5 +index 00000000..f79fcff0 --- /dev/null +++ b/nova/templates/bin/_nova-storage-init.sh.tpl -@@ -0,0 +1,73 @@ +@@ -0,0 +1,75 @@ +#!/bin/bash + +{{/* @@ -63,17 +73,19 @@ index 0000000..571cce5 + } + ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral" + -+ # TODO: Rework this part for the nova/glance/cinder charts to preserve this -+ # on the next chart rebase to latest if the ceph mimic rebase isn't complete. + if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then -+ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') -+ echo $KEYSTR > ${KEYRING} ++ echo "Cephx user client.${RBD_POOL_USER} already exist." ++ echo "Update its cephx caps" ++ ceph auth caps client.${RBD_POOL_USER} \ ++ mon "profile rbd" \ ++ osd "profile rbd" ++ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING} + else -+ #NOTE(Portdirect): Determine proper privs to assign keyring ++ # NOTE: Restrict Nova permissions to what is needed. ++ # MON Read only and RBD access to the Nova ephemeral pool only. + ceph auth get-or-create client.${RBD_POOL_USER} \ -+ mon "allow *" \ -+ osd "allow *" \ -+ mgr "allow *" \ ++ mon "profile rbd" \ ++ osd "profile rbd" \ + -o ${KEYRING} + fi + @@ -92,10 +104,17 @@ index 0000000..571cce5 +fi + diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml -index e422b62..97b4c57 100755 +index c58b90bd..268434fd 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml -@@ -81,6 +81,8 @@ data: +@@ -1,5 +1,5 @@ + {{/* +-Copyright 2017 The Openstack-Helm Authors. ++Copyright 2017-2019 The Openstack-Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. +@@ -83,6 +83,8 @@ data: {{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} nova-console-proxy-init-assets.sh: | {{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} @@ -106,10 +125,10 @@ index e422b62..97b4c57 100755 cell-setup.sh: | diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml new file mode 100644 -index 0000000..60f8c2d +index 00000000..7d057fb9 --- /dev/null +++ b/nova/templates/job-storage-init.yaml -@@ -0,0 +1,154 @@ +@@ -0,0 +1,155 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + @@ -176,7 +195,7 @@ index 0000000..60f8c2d + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -+ {{ if .Values.conf.ceph.enabled }} ++ {{ if or .Values.conf.ceph.enabled }} + - name: ceph-keyring-placement +{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: @@ -230,7 +249,7 @@ index 0000000..60f8c2d + mountPath: /tmp/nova-storage-init.sh + subPath: nova-storage-init.sh + readOnly: true -+ {{ if $envAll.Values.conf.ceph.enabled }} ++ {{ if or $envAll.Values.conf.ceph.enabled }} + - name: etcceph + mountPath: /etc/ceph + - name: ceph-etc @@ -250,7 +269,7 @@ index 0000000..60f8c2d + configMap: + name: nova-bin + defaultMode: 0555 -+ {{ if .Values.conf.ceph.enabled }} ++ {{ if or .Values.conf.ceph.enabled }} + - name: etcceph + emptyDir: {} + - name: ceph-etc @@ -264,19 +283,20 @@ index 0000000..60f8c2d + {{- end }} + {{- end }} +{{- end }} ++ diff --git a/nova/values.yaml b/nova/values.yaml -index 4edf5c6..179fb29 100755 +index 0887cecc..7245cf82 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -87,6 +87,7 @@ images: nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3' nova_spiceproxy: docker.io/openstackhelm/nova:ocata nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata' -+ nova_storage_init: 192.168.204.2:9001/docker.io/port/ceph-config-helper:v1.10.3 - test: 'docker.io/kolla/ubuntu-source-rally:4.0.0' ++ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3' + test: docker.io/xrally/xrally-openstack:1.3.0 image_repo_sync: docker.io/docker:17.07.0 local_registry: -@@ -459,6 +460,14 @@ conf: +@@ -461,6 +462,14 @@ conf: user: "cinder" keyring: null secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 @@ -286,12 +306,12 @@ index 4edf5c6..179fb29 100755 + - rbd_pool_name: ephemeral + rbd_user: ephemeral + rbd_crush_rule: 0 -+ rbd_replication: 2 ++ rbd_replication: 3 + rbd_chunk_size: 64 ssh: | Host * StrictHostKeyChecking no -@@ -1666,6 +1675,7 @@ secrets: +@@ -1625,6 +1634,7 @@ secrets: placement: placement: public: placement-tls-public @@ -313,7 +333,7 @@ index 4edf5c6..179fb29 100755 network_policy: nova: -@@ -2282,6 +2299,7 @@ manifests: +@@ -2302,6 +2319,7 @@ manifests: job_ks_placement_service: true job_ks_placement_user: true job_cell_setup: true @@ -322,5 +342,5 @@ index 4edf5c6..179fb29 100755 pdb_placement: true pdb_osapi: true -- -2.7.4 +2.16.5 diff --git a/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch b/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch deleted file mode 100644 index 53f983ca..00000000 --- a/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 5480584be125316f3ce325fd1d0e9b4022db5c69 Mon Sep 17 00:00:00 2001 -From: Irina Mihai -Date: Fri, 1 Feb 2019 16:02:46 -0500 -Subject: [PATCH] Add replication support for the images rbd pool - ---- - glance/templates/bin/_storage-init.sh.tpl | 2 ++ - glance/templates/job-storage-init.yaml | 4 ++++ - glance/values.yaml | 2 ++ - 3 files changed, 8 insertions(+) - -diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl -index 4082c52..e6bd188 100755 ---- a/glance/templates/bin/_storage-init.sh.tpl -+++ b/glance/templates/bin/_storage-init.sh.tpl -@@ -47,6 +47,8 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then - if [[ ${test_luminous} -gt 0 ]]; then - ceph osd pool application enable "$1" "$3" - fi -+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} -+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}" - } - ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image" - -diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml -index 9d95627..c0cd186 100755 ---- a/glance/templates/job-storage-init.yaml -+++ b/glance/templates/job-storage-init.yaml -@@ -103,6 +103,10 @@ spec: - value: {{ .Values.conf.glance.glance_store.rbd_store_pool | quote }} - - name: RBD_POOL_USER - value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }} -+ - name: RBD_POOL_REPLICATION -+ value: {{ .Values.conf.glance.glance_store.rbd_store_replication | quote }} -+ - name: RBD_POOL_CRUSH_RULE -+ value: {{ .Values.conf.glance.glance_store.rbd_store_crush_rule | quote }} - - name: RBD_POOL_CHUNK_SIZE - value: {{ .Values.conf.glance.glance_store.rbd_store_chunk_size | quote }} - - name: RBD_POOL_SECRET -diff --git a/glance/values.yaml b/glance/values.yaml -index 5ae9863..4d482d1 100755 ---- a/glance/values.yaml -+++ b/glance/values.yaml -@@ -268,6 +268,8 @@ conf: - memcache_security_strategy: ENCRYPT - glance_store: - rbd_store_chunk_size: 8 -+ rbd_store_replication: 1 -+ rbd_store_crush_rule: replicated_rule - rbd_store_pool: glance.images - rbd_store_user: glance - rbd_store_ceph_conf: /etc/ceph/ceph.conf --- -2.7.4 - diff --git a/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch b/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch new file mode 100644 index 00000000..f0262dcc --- /dev/null +++ b/openstack-helm/files/0007-Horizon-Disable-apache2-status_module.patch @@ -0,0 +1,30 @@ +From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Fri, 22 Mar 2019 03:29:26 -0400 +Subject: [PATCH 07/10] Horizon: Disable apache2 status_module + +a2dismod is not present in the StarlingX httpd based images. Try +a2dismod first, then fail back to using sed to remove the module. + +Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6 +Signed-off-by: Robert Church +--- + horizon/templates/bin/_horizon.sh.tpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl +index dec000f3..55a2c629 100644 +--- a/horizon/templates/bin/_horizon.sh.tpl ++++ b/horizon/templates/bin/_horizon.sh.tpl +@@ -28,7 +28,7 @@ function start () { + chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/ + + a2enmod rewrite +- a2dismod status ++ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf + + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables +-- +2.16.5 + diff --git a/openstack-helm/files/0007-Stein-Remove-ceilometer-upgrade-option.patch b/openstack-helm/files/0007-Stein-Remove-ceilometer-upgrade-option.patch deleted file mode 100644 index e035da45..00000000 --- a/openstack-helm/files/0007-Stein-Remove-ceilometer-upgrade-option.patch +++ /dev/null @@ -1,27 +0,0 @@ -From dc57c567018f8ab2c11bd7dd426cb1176d35e7db Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Fri, 11 Jan 2019 16:57:44 -0500 -Subject: [PATCH 6/8] Stein: Remove ceilometer-upgrade option - -This removes the --skip-metering-database option from _db-sync.sh.tpl. -This option was removed with the deprecated storage drivers in -Queens. - -Signed-off-by: Robert Church ---- - ceilometer/templates/bin/_db-sync.sh.tpl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ceilometer/templates/bin/_db-sync.sh.tpl b/ceilometer/templates/bin/_db-sync.sh.tpl -index ba7c1d84..d649654b 100644 ---- a/ceilometer/templates/bin/_db-sync.sh.tpl -+++ b/ceilometer/templates/bin/_db-sync.sh.tpl -@@ -18,4 +18,4 @@ limitations under the License. - - set -ex - --exec ceilometer-upgrade --skip-metering-database -+exec ceilometer-upgrade --- -2.16.5 - diff --git a/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch b/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch new file mode 100644 index 00000000..d38646cc --- /dev/null +++ b/openstack-helm/files/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch @@ -0,0 +1,224 @@ +From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Fri, 22 Mar 2019 03:37:05 -0400 +Subject: [PATCH 08/10] Neutron: Add support for disabling Readiness/Liveness + probes + +With the introduction of Readiness/Liveness probes in +Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and +preventing successful armada manifest applies. + +Add support to disable the probes. + +Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569 +Signed-off-by: Robert Church +--- + neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++ + neutron/templates/daemonset-l3-agent.yaml | 4 ++++ + neutron/templates/daemonset-lb-agent.yaml | 4 ++++ + neutron/templates/daemonset-metadata-agent.yaml | 4 ++++ + neutron/templates/daemonset-ovs-agent.yaml | 4 ++++ + neutron/templates/daemonset-sriov-agent.yaml | 4 ++++ + neutron/values.yaml | 27 +++++++++++++++++++++++++ + 7 files changed, 51 insertions(+) + +diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml +index 49866f2a..6e1d2928 100644 +--- a/neutron/templates/daemonset-dhcp-agent.yaml ++++ b/neutron/templates/daemonset-dhcp-agent.yaml +@@ -66,6 +66,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true ++ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }} + readinessProbe: + exec: + command: +@@ -80,6 +81,8 @@ spec: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 65 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }} + livenessProbe: + exec: + command: +@@ -95,6 +98,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/neutron-dhcp-agent.sh + volumeMounts: +diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml +index 5e0ec194..29e0f3f7 100644 +--- a/neutron/templates/daemonset-l3-agent.yaml ++++ b/neutron/templates/daemonset-l3-agent.yaml +@@ -66,6 +66,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true ++ {{- if .Values.pod.probes.readiness.l3_agent.enabled }} + readinessProbe: + exec: + command: +@@ -80,6 +81,8 @@ spec: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 65 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.l3_agent.enabled }} + livenessProbe: + exec: + command: +@@ -95,6 +98,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/neutron-l3-agent.sh + volumeMounts: +diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml +index c2b432f7..685893d5 100644 +--- a/neutron/templates/daemonset-lb-agent.yaml ++++ b/neutron/templates/daemonset-lb-agent.yaml +@@ -140,12 +140,16 @@ spec: + privileged: true + command: + - /tmp/neutron-linuxbridge-agent.sh ++ {{- if .Values.pod.probes.readiness.lb_agent.enabled }} + readinessProbe: + exec: + command: + - bash + - -c + - 'brctl show' ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.lb_agent.enabled }} ++ {{- end }} + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-linuxbridge-agent.sh +diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml +index 8e92a675..fba132ed 100644 +--- a/neutron/templates/daemonset-metadata-agent.yaml ++++ b/neutron/templates/daemonset-metadata-agent.yaml +@@ -87,6 +87,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true ++ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }} + readinessProbe: + exec: + command: +@@ -99,6 +100,8 @@ spec: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 35 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }} + livenessProbe: + exec: + command: +@@ -112,6 +115,7 @@ spec: + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 45 ++ {{- end }} + command: + - /tmp/neutron-metadata-agent.sh + volumeMounts: +diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml +index 56061e63..69ee1c2c 100644 +--- a/neutron/templates/daemonset-ovs-agent.yaml ++++ b/neutron/templates/daemonset-ovs-agent.yaml +@@ -154,6 +154,7 @@ spec: + privileged: true + command: + - /tmp/neutron-openvswitch-agent.sh ++ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }} + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: +@@ -162,6 +163,8 @@ spec: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }} + livenessProbe: + exec: + command: +@@ -177,6 +180,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-openvswitch-agent.sh +diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml +index a59e4100..c03b3668 100644 +--- a/neutron/templates/daemonset-sriov-agent.yaml ++++ b/neutron/templates/daemonset-sriov-agent.yaml +@@ -129,6 +129,7 @@ spec: + privileged: true + command: + - /tmp/neutron-sriov-agent.sh ++ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }} + readinessProbe: + exec: + command: +@@ -141,6 +142,9 @@ spec: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }} ++ {{- end }} + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-sriov-agent.sh +diff --git a/neutron/values.yaml b/neutron/values.yaml +index 5ab4ca12..1cc67b94 100644 +--- a/neutron/values.yaml ++++ b/neutron/values.yaml +@@ -520,6 +520,33 @@ pod: + limits: + memory: "1024Mi" + cpu: "2000m" ++ probes: ++ readiness: ++ dhcp_agent: ++ enabled: true ++ l3_agent: ++ enabled: true ++ lb_agent: ++ enabled: true ++ metadata_agent: ++ enabled: true ++ ovs_agent: ++ enabled: true ++ sriov_agent: ++ enabled: true ++ liveness: ++ dhcp_agent: ++ enabled: true ++ l3_agent: ++ enabled: true ++ lb_agent: ++ enabled: true ++ metadata_agent: ++ enabled: true ++ ovs_agent: ++ enabled: true ++ sriov_agent: ++ enabled: true + + conf: + rally_tests: +-- +2.16.5 + diff --git a/openstack-helm/files/0008-Stein-Update-Cinder-to-include-resource_filters.json.patch b/openstack-helm/files/0008-Stein-Update-Cinder-to-include-resource_filters.json.patch deleted file mode 100644 index 7c4b397b..00000000 --- a/openstack-helm/files/0008-Stein-Update-Cinder-to-include-resource_filters.json.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 26dc954e697b365ff8bca6a0f862f1053ed25648 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Fri, 11 Jan 2019 17:23:44 -0500 -Subject: [PATCH 7/7] Stein: Update Cinder to include resource_filters.json - -During Stein the deprecated query_volume_filters config option was -removed. As a result, /etc/cinder/resource_filters.json is required to -allow volume display operations to function. - -This adds the file to the configmap and provides the default values for -the filters. - -Signed-off-by: Robert Church ---- - cinder/templates/configmap-etc.yaml | 1 + - cinder/templates/deployment-api.yaml | 4 ++++ - cinder/values.yaml | 39 ++++++++++++++++++++++++++++++++++++ - 3 files changed, 44 insertions(+) - -diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml -index 88d9fa07..5ed73db6 100644 ---- a/cinder/templates/configmap-etc.yaml -+++ b/cinder/templates/configmap-etc.yaml -@@ -121,6 +121,7 @@ data: - policy.json: {{ toJson .Values.conf.policy | b64enc }} - cinder_sudoers: {{ $envAll.Values.conf.cinder_sudoers | b64enc }} - rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} -+ resource_filters.json: {{ toJson .Values.conf.resource_filters | b64enc }} - {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} - {{- $filePrefix := replace "_" "-" $key }} - {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} -diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml -index 9213d34f..82131579 100644 ---- a/cinder/templates/deployment-api.yaml -+++ b/cinder/templates/deployment-api.yaml -@@ -109,6 +109,10 @@ spec: - mountPath: /etc/cinder/policy.json - subPath: policy.json - readOnly: true -+ - name: cinder-etc -+ mountPath: /etc/cinder/resource_filters.json -+ subPath: resource_filters.json -+ readOnly: true - {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} - - name: cinder-coordination - mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} -diff --git a/cinder/values.yaml b/cinder/values.yaml -index cd3eb1a2..e79f8f6f 100644 ---- a/cinder/values.yaml -+++ b/cinder/values.yaml -@@ -865,6 +865,45 @@ conf: - sla: - failure_rate: - max: 0 -+ resource_filters: -+ volume: -+ - name -+ - status -+ - metadata -+ - bootable -+ - migration_status -+ - availability_zone -+ - group_id -+ backup: -+ - name -+ - status -+ - volume_id -+ snapshot: -+ - name -+ - status -+ - volume_id -+ - metadata -+ - availability_zone -+ group: [] -+ group_snapshot: -+ - status -+ - group_id -+ attachment: -+ - volume_id -+ - status -+ - instance_id -+ - attach_status -+ message: -+ - resource_uuid -+ - resource_type -+ - event_id -+ - request_id -+ - message_level -+ pool: -+ - name -+ - volume_type -+ volume_type: [] -+ - - backup: - external_ceph_rbd: --- -2.16.5 - diff --git a/openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch b/openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch new file mode 100644 index 00000000..09a38a7a --- /dev/null +++ b/openstack-helm/files/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch @@ -0,0 +1,227 @@ +From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Fri, 22 Mar 2019 03:42:08 -0400 +Subject: [PATCH 09/10] Nova: Add support for disabling Readiness/Liveness + probes + +With the introduction of Readiness/Liveness probes in +Ib8e4b93486588320fd2d562c3bc90b65844e52e5, some probes are failing and +preventing successful armada manifest applies. + +Add support to disable the probes. + +Change-Id: Iebe7327055f58fa78ce3fcac968c1fa617c30c2f +Signed-off-by: Robert Church +--- + nova/templates/daemonset-compute.yaml | 4 ++++ + nova/templates/deployment-conductor.yaml | 4 ++++ + nova/templates/deployment-consoleauth.yaml | 4 ++++ + nova/templates/deployment-novncproxy.yaml | 4 ++++ + nova/templates/deployment-scheduler.yaml | 4 ++++ + nova/templates/deployment-spiceproxy.yaml | 4 ++++ + nova/values.yaml | 27 +++++++++++++++++++++++++++ + 7 files changed, 51 insertions(+) + +diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml +index 4a7b90b5..f508b963 100644 +--- a/nova/templates/daemonset-compute.yaml ++++ b/nova/templates/daemonset-compute.yaml +@@ -181,6 +181,7 @@ spec: + - name: LIBVIRT_CEPH_SECRET_UUID + value: "{{ .Values.conf.ceph.secret_uuid }}" + {{ end }} ++ {{- if .Values.pod.probes.readiness.nova_compute.enabled }} + readinessProbe: + exec: + command: +@@ -193,6 +194,8 @@ spec: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_compute.enabled }} + livenessProbe: + exec: + command: +@@ -206,6 +209,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/nova-compute.sh + volumeMounts: +diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml +index 1e66e419..33d41097 100644 +--- a/nova/templates/deployment-conductor.yaml ++++ b/nova/templates/deployment-conductor.yaml +@@ -60,6 +60,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + allowPrivilegeEscalation: false ++ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }} + readinessProbe: + exec: + command: +@@ -72,6 +73,8 @@ spec: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_conductor.enabled }} + livenessProbe: + exec: + command: +@@ -85,6 +88,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/nova-conductor.sh + volumeMounts: +diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml +index 75b66e79..31013eb7 100644 +--- a/nova/templates/deployment-consoleauth.yaml ++++ b/nova/templates/deployment-consoleauth.yaml +@@ -60,6 +60,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + allowPrivilegeEscalation: false ++ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }} + readinessProbe: + exec: + command: +@@ -72,6 +73,8 @@ spec: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_consoleauth.enabled }} + livenessProbe: + exec: + command: +@@ -85,6 +88,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/nova-consoleauth.sh + volumeMounts: +diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml +index cf9fda02..2611ba80 100644 +--- a/nova/templates/deployment-novncproxy.yaml ++++ b/nova/templates/deployment-novncproxy.yaml +@@ -94,14 +94,18 @@ spec: + - name: nova-novncproxy + {{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }} + readinessProbe: + tcpSocket: + port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 30 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_novcnproxy.enabled }} + livenessProbe: + tcpSocket: + port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 30 ++ {{- end }} + command: + - /tmp/nova-console-proxy.sh + ports: +diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml +index 9611d950..0350c47c 100644 +--- a/nova/templates/deployment-scheduler.yaml ++++ b/nova/templates/deployment-scheduler.yaml +@@ -60,6 +60,7 @@ spec: + {{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + allowPrivilegeEscalation: false ++ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }} + readinessProbe: + exec: + command: +@@ -72,6 +73,8 @@ spec: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_scheduler.enabled }} + livenessProbe: + exec: + command: +@@ -85,6 +88,7 @@ spec: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 ++ {{- end }} + command: + - /tmp/nova-scheduler.sh + volumeMounts: +diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml +index 4507bde4..1b58ec98 100644 +--- a/nova/templates/deployment-spiceproxy.yaml ++++ b/nova/templates/deployment-spiceproxy.yaml +@@ -94,14 +94,18 @@ spec: + - name: nova-spiceproxy + {{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }} + readinessProbe: + tcpSocket: + port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 30 ++ {{- end }} ++ {{- if .Values.pod.probes.liveness.nova_spiceproxy.enabled }} + livenessProbe: + tcpSocket: + port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 30 ++ {{- end }} + command: + - /tmp/nova-console-proxy.sh + ports: +diff --git a/nova/values.yaml b/nova/values.yaml +index 7245cf82..433ec3af 100644 +--- a/nova/values.yaml ++++ b/nova/values.yaml +@@ -2256,6 +2256,33 @@ pod: + limits: + memory: "1024Mi" + cpu: "2000m" ++ probes: ++ readiness: ++ nova_compute: ++ enabled: true ++ nova_conductor: ++ enabled: true ++ nova_consoleauth: ++ enabled: true ++ nova_novcnproxy: ++ enabled: true ++ nova_scheduler: ++ enabled: true ++ nova_spiceproxy: ++ enabled: true ++ liveness: ++ nova_compute: ++ enabled: true ++ nova_conductor: ++ enabled: true ++ nova_consoleauth: ++ enabled: true ++ nova_novcnproxy: ++ enabled: true ++ nova_scheduler: ++ enabled: true ++ nova_spiceproxy: ++ enabled: true + + network_policy: + nova: +-- +2.16.5 + diff --git a/openstack-helm/files/0009-Stein-add-log_config_append-to-neutron-etc.patch b/openstack-helm/files/0009-Stein-add-log_config_append-to-neutron-etc.patch deleted file mode 100644 index e072bc1d..00000000 --- a/openstack-helm/files/0009-Stein-add-log_config_append-to-neutron-etc.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6f72ebe170db5364287f3634359739d3f0c1c987 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Tue, 15 Jan 2019 03:39:27 -0500 -Subject: [PATCH 8/8] Stein: add log_config_append to neutron-etc - -neutron-sanity-check command triggers privsep code and produces the -following: - -WARNING oslo.privsep.daemon [-] privsep log: -oslo_log.log.LogConfigError: Error loading logging config -/etc/neutron/logging.conf: [Errno 2] No such file or directory: -'/etc/neutron/logging.conf' - -This will allow ovs-agent to successfully deploy - -Signed-off-by: Robert Church ---- - neutron/templates/daemonset-ovs-agent.yaml | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml -index 34aba253..af765bd7 100644 ---- a/neutron/templates/daemonset-ovs-agent.yaml -+++ b/neutron/templates/daemonset-ovs-agent.yaml -@@ -95,6 +95,10 @@ spec: - subPath: neutron.conf - readOnly: true - - name: neutron-etc -+ mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} -+ subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }} -+ readOnly: true -+ - name: neutron-etc - mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini - subPath: ml2_conf.ini - readOnly: true --- -2.16.5 - diff --git a/openstack-helm/files/0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch b/openstack-helm/files/0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch new file mode 100644 index 00000000..8f49e6c5 --- /dev/null +++ b/openstack-helm/files/0010-Enable-Ceph-Jewel-support-for-nova-cinder-glance.patch @@ -0,0 +1,176 @@ +From c7ba07e6148f62b912e36a4efba5ae296ed64217 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Fri, 22 Mar 2019 03:45:02 -0400 +Subject: [PATCH 10/10] Enable Ceph Jewel support for nova/cinder/glance + +Current upstream charts align to Ceph Luminous/Mimic. Revert +functionality that is not present in Jewel. + +Drop this after the Ceph rebase to Mimic is complete. + +Change-Id: I44f9a69927ecdbe4f5bfef17183b2345814ce534 +Signed-off-by: Robert Church +--- + cinder/templates/bin/_backup-storage-init.sh.tpl | 14 ++++++-------- + cinder/templates/bin/_storage-init.sh.tpl | 15 ++++++--------- + glance/templates/bin/_storage-init.sh.tpl | 15 ++++++--------- + nova/templates/bin/_ceph-keyring.sh.tpl | 22 +++++----------------- + nova/templates/bin/_nova-storage-init.sh.tpl | 22 ++++++++++------------ + 5 files changed, 33 insertions(+), 55 deletions(-) + +diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl +index 52c8e6bf..d81bcce2 100644 +--- a/cinder/templates/bin/_backup-storage-init.sh.tpl ++++ b/cinder/templates/bin/_backup-storage-init.sh.tpl +@@ -47,16 +47,14 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then + ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup" + + if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then +- echo "Cephx user client.${RBD_POOL_USER} already exists" +- echo "Update its cephx caps" +- ceph auth caps client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd pool=${RBD_POOL_NAME}" +- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING} ++ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') ++ echo $KEYSTR > ${KEYRING} + else ++ #NOTE(Portdirect): Determine proper privs to assign keyring + ceph auth get-or-create client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd pool=${RBD_POOL_NAME}" \ ++ mon "allow *" \ ++ osd "allow *" \ ++ mgr "allow *" \ + -o ${KEYRING} + fi + +diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl +index 9288ec5f..62aedf78 100644 +--- a/cinder/templates/bin/_storage-init.sh.tpl ++++ b/cinder/templates/bin/_storage-init.sh.tpl +@@ -44,17 +44,14 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then + ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume" + + if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then +- echo "Cephx user client.${RBD_POOL_USER} already exist." +- echo "Update its cephx caps" +- ceph auth caps client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd" +- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING} ++ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') ++ echo $KEYSTR > ${KEYRING} + else +- #NOTE(JCL): Restrict Cinder permissions to what is needed. MON Read only and RBD access to Cinder pool only. ++ #NOTE(Portdirect): Determine proper privs to assign keyring + ceph auth get-or-create client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd" \ ++ mon "allow *" \ ++ osd "allow *" \ ++ mgr "allow *" \ + -o ${KEYRING} + fi + +diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl +index 5a9572fa..feec7588 100644 +--- a/glance/templates/bin/_storage-init.sh.tpl ++++ b/glance/templates/bin/_storage-init.sh.tpl +@@ -53,17 +53,14 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then + ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image" + + if USERINFO=$(ceph auth get "client.${RBD_POOL_USER}"); then +- echo "Cephx user client.${RBD_POOL_USER} already exist." +- echo "Update its cephx caps" +- ceph auth caps client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd pool=${RBD_POOL_NAME}" +- ceph auth get client.${RBD_POOL_USER} -o ${KEYRING} ++ KEYSTR=$(echo "${USERINFO}" | sed 's/.*\( key = .*\) caps mon.*/\1/') ++ echo "${KEYSTR}" > "${KEYRING}" + else +- #NOTE(JCL): Restrict Glance user to only what is needed. MON Read only and RBD access to the Glance Pool ++ #NOTE(Portdirect): Determine proper privs to assign keyring + ceph auth get-or-create "client.${RBD_POOL_USER}" \ +- mon "profile rbd" \ +- osd "profile rbd pool=${RBD_POOL_NAME}" \ ++ mon "allow *" \ ++ osd "allow *" \ ++ mgr "allow *" \ + -o "${KEYRING}" + fi + +diff --git a/nova/templates/bin/_ceph-keyring.sh.tpl b/nova/templates/bin/_ceph-keyring.sh.tpl +index 4af83a48..68e37828 100644 +--- a/nova/templates/bin/_ceph-keyring.sh.tpl ++++ b/nova/templates/bin/_ceph-keyring.sh.tpl +@@ -29,25 +29,13 @@ cat > ${KEYRING} < ${KEYRING} + else +- # NOTE: Restrict Nova permissions to what is needed. +- # MON Read only and RBD access to the Nova ephemeral pool only. +- ceph auth get-or-create client.${RBD_POOL_USER} \ +- mon "profile rbd" \ +- osd "profile rbd" \ +- -o ${KEYRING} ++ #NOTE(Portdirect): Determine proper privs to assign keyring ++ ceph auth get-or-create client.${RBD_POOL_USER} \ ++ mon "allow *" \ ++ osd "allow *" \ ++ mgr "allow *" \ ++ -o ${KEYRING} + fi + + ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0) +-- +2.16.5 + diff --git a/openstack-helm/files/0010-Stein-Nova-console-address-config-optionality.patch b/openstack-helm/files/0010-Stein-Nova-console-address-config-optionality.patch deleted file mode 100644 index 7bb450d7..00000000 --- a/openstack-helm/files/0010-Stein-Nova-console-address-config-optionality.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9030eb81823e46eb374b52fec2e65fff2bb2dcf9 Mon Sep 17 00:00:00 2001 -From: Gerry Kopec -Date: Fri, 15 Feb 2019 16:15:37 -0500 -Subject: [PATCH] Stein: Nova console address config optionality - -Introduce option to nova to enable/disable the use of the vnc or spice -server proxyclient address found by the console compute init container. -This can be used to prevent the case where the found address overrides -what has already been defined in nova.conf by per host nova compute -daemonset overrides. ---- - nova/templates/bin/_nova-compute.sh.tpl | 2 ++ - nova/values.yaml | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl -index 84596a5..b3bcca7 100644 ---- a/nova/templates/bin/_nova-compute.sh.tpl -+++ b/nova/templates/bin/_nova-compute.sh.tpl -@@ -20,5 +20,7 @@ set -ex - - exec nova-compute \ - --config-file /etc/nova/nova.conf \ -+{{- if .Values.console.address_search_enabled }} - --config-file /tmp/pod-shared/nova-console.conf \ -+{{- end }} - --config-file /tmp/pod-shared/nova-libvirt.conf -diff --git a/nova/values.yaml b/nova/values.yaml -index 9646ded..c0ec7fe 100644 ---- a/nova/values.yaml -+++ b/nova/values.yaml -@@ -438,6 +438,7 @@ console: - vncproxy: - # IF blank, search default routing interface - vncserver_proxyclient_interface: -+ address_search_enabled: true - - ssh: - key_types: --- -1.8.3.1 - diff --git a/openstack-helm/files/0011-Support-per-host-overrides-of-auto_bridge_add.patch b/openstack-helm/files/0011-Support-per-host-overrides-of-auto_bridge_add.patch deleted file mode 100644 index dc0dd86c..00000000 --- a/openstack-helm/files/0011-Support-per-host-overrides-of-auto_bridge_add.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 6e2e4aba8d1053adb6dcfc598c5c3d78c3195c94 Mon Sep 17 00:00:00 2001 -From: chengli3 -Date: Mon, 25 Feb 2019 20:15:53 +0800 -Subject: [PATCH] Support per-host overrides of auto_bridge_add - -.Values.network.auto_bridge_add is a global config. So in multi nodes -deployment, it requires that all hosts have the same nic names. This is -a strict limit. -This patch is to support per-host auto_bridge_add, so that we can define -different auto_bridge_add for hosts. -Also, this patch move .network.auto_bridge_add to .conf.auto_bridge_add - -Change-Id: I4a4d6efbbfe073d035bc5c03700fbe998e708d0f -Story: 2005059 -Task: 29601 ---- - doc/source/devref/networking.rst | 2 +- - .../bin/_neutron-linuxbridge-agent-init.sh.tpl | 28 +++++++++--------- - .../bin/_neutron-openvswitch-agent-init.sh.tpl | 18 +++++++----- - neutron/templates/configmap-etc.yaml | 1 + - neutron/templates/daemonset-lb-agent.yaml | 4 +++ - neutron/templates/daemonset-ovs-agent.yaml | 4 +++ - neutron/values.yaml | 34 +++++++++++----------- - 7 files changed, 53 insertions(+), 38 deletions(-) - -diff --git a/doc/source/devref/networking.rst b/doc/source/devref/networking.rst -index e10a045..7b1afd7 100644 ---- a/doc/source/devref/networking.rst -+++ b/doc/source/devref/networking.rst -@@ -272,7 +272,7 @@ init container and main container with :code:`neutron-ovs-agent` via file - Configuration of OVS bridges can be done via - `neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl`. The - script is configuring the external network bridge and sets up any --bridge mappings defined in :code:`network.auto_bridge_add`. These -+bridge mappings defined in :code:`conf.auto_bridge_add`. These - values should align with - :code:`conf.plugins.openvswitch_agent.ovs.bridge_mappings`. - -diff --git a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl -index e89765a..71a2b6b 100644 ---- a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl -+++ b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl -@@ -19,19 +19,21 @@ limitations under the License. - set -ex - - # configure all bridge mappings defined in config --{{- range $br, $phys := .Values.network.auto_bridge_add }} --if [ -n "{{- $br -}}" ] ; then -- # adding existing bridge would break out the script when -e is set -- set +e -- ip link add name {{ $br }} type bridge -- set -e -- ip link set dev {{ $br }} up -- if [ -n "{{- $phys -}}" ] ; then -- ip link set dev {{ $phys }} master {{ $br }} -- fi --fi --{{- end }} -- -+# /tmp/auto_bridge_add is one line json file: {"br-ex1":"eth1","br-ex2":"eth2"} -+for bmap in `sed 's/[{}"]//g' /tmp/auto_bridge_add | tr "," "\n"` -+do -+ bridge=${bmap%:*} -+ iface=${bmap#*:} -+ # adding existing bridge would break out the script when -e is set -+ set +e -+ ip link add name $bridge type bridge -+ set -e -+ ip link set dev $bridge up -+ if [ -n "$iface" ] && [ "$iface" != "null" ] -+ then -+ ip link set dev $iface master $bridge -+ fi -+done - - tunnel_interface="{{- .Values.network.interface.tunnel -}}" - if [ -z "${tunnel_interface}" ] ; then -diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -index 08c82e0..84f5e4b 100644 ---- a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -+++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -@@ -36,13 +36,17 @@ if neutron-sanity-check --version >/dev/null 2>/dev/null; then - fi - - # handle any bridge mappings --{{- range $bridge, $port := .Values.network.auto_bridge_add }} --ovs-vsctl --no-wait --may-exist add-br {{ $bridge }} --{{ if $port }} --ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }} --ip link set dev {{ $port }} up --{{ end }} --{{- end }} -+# /tmp/auto_bridge_add is one line json file: {"br-ex1":"eth1","br-ex2":"eth2"} -+for bmap in `sed 's/[{}"]//g' /tmp/auto_bridge_add | tr "," "\n"` -+do -+ bridge=${bmap%:*} -+ iface=${bmap#*:} -+ ovs-vsctl --no-wait --may-exist add-br $bridge -+ if [ -n "$iface" ] && [ "$iface" != "null" ] -+ then -+ ovs-vsctl --no-wait --may-exist add-port $bridge $iface -+ fi -+done - - tunnel_interface="{{- .Values.network.interface.tunnel -}}" - if [ -z "${tunnel_interface}" ] ; then -diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml -index 027602b..4ee5774 100644 ---- a/neutron/templates/configmap-etc.yaml -+++ b/neutron/templates/configmap-etc.yaml -@@ -196,6 +196,7 @@ data: - dnsmasq.conf: "" - neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }} - rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} -+ auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }} - {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} - {{- $filePrefix := replace "_" "-" $key }} - {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} -diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml -index 1c7da46..c2b432f 100644 ---- a/neutron/templates/daemonset-lb-agent.yaml -+++ b/neutron/templates/daemonset-lb-agent.yaml -@@ -110,6 +110,10 @@ spec: - subPath: neutron_sudoers - readOnly: true - - name: neutron-etc -+ mountPath: /tmp/auto_bridge_add -+ subPath: auto_bridge_add -+ readOnly: true -+ - name: neutron-etc - mountPath: /etc/neutron/rootwrap.conf - subPath: rootwrap.conf - readOnly: true -diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml -index e17693f..2e66844 100644 ---- a/neutron/templates/daemonset-ovs-agent.yaml -+++ b/neutron/templates/daemonset-ovs-agent.yaml -@@ -120,6 +120,10 @@ spec: - subPath: neutron_sudoers - readOnly: true - - name: neutron-etc -+ mountPath: /tmp/auto_bridge_add -+ subPath: auto_bridge_add -+ readOnly: true -+ - name: neutron-etc - mountPath: /etc/neutron/rootwrap.conf - subPath: rootwrap.conf - readOnly: true -diff --git a/neutron/values.yaml b/neutron/values.yaml -index a366dee..cf56ac5 100644 ---- a/neutron/values.yaml -+++ b/neutron/values.yaml -@@ -90,18 +90,6 @@ network: - # allowing agents to be restarted without packet loss and simpler - # debugging. This feature requires mount propagation support. - share_namespaces: true -- # auto_bridge_add is a table of "bridge: interface" pairs -- # To automatically add a physical interfaces to a specific bridges, -- # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two -- # to br1 do something like: -- # -- # auto_bridge_add: -- # br-physnet1: eth3 -- # br0: if0 -- # br1: iface_two -- # br-ex will be added by default -- auto_bridge_add: -- br-ex: null - interface: - # Tunnel interface will be used for VXLAN tunneling. If null - # (default) there is a fallback mechanism to search for interface -@@ -1649,13 +1637,25 @@ conf: - priority: 0 - apply-to: all - pattern: '(notifications)\.' -+ ## NOTE: "besteffort" is meant for dev env with mixed compute type only. -+ ## This helps prevent sriov init script from failing due to mis-matched NIC -+ ## For prod env, target NIC should match and init script should fail otherwise. -+ ## sriov_init: -+ ## - besteffort - sriov_init: - - -- ## NOTE: "besteffort" is meant for dev env with mixed compute type only. -- ## This helps prevent sriov init script from failing due to mis-matched NIC -- ## For prod env, target NIC should match and init script should fail otherwise. -- ## sriov_init: -- ## - besteffort -+ # auto_bridge_add is a table of "bridge: interface" pairs -+ # To automatically add a physical interfaces to a specific bridges, -+ # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two -+ # to br1 do something like: -+ # -+ # auto_bridge_add: -+ # br-physnet1: eth3 -+ # br0: if0 -+ # br1: iface_two -+ # br-ex will be added by default -+ auto_bridge_add: -+ br-ex: null - - # Names of secrets used by bootstrap and environmental checks - secrets: --- -2.7.4 - diff --git a/openstack-helm/files/0013-neutron-up-interfaces-added-via-ovs-auto_bridge_add.patch b/openstack-helm/files/0013-neutron-up-interfaces-added-via-ovs-auto_bridge_add.patch deleted file mode 100644 index 2c9603dc..00000000 --- a/openstack-helm/files/0013-neutron-up-interfaces-added-via-ovs-auto_bridge_add.patch +++ /dev/null @@ -1,32 +0,0 @@ -From dcd7ebf37b0333191c9be07cd7e8f6a5fdadd567 Mon Sep 17 00:00:00 2001 -From: Chris Wedgwood -Date: Thu, 7 Mar 2019 21:45:32 +0000 -Subject: [PATCH] [neutron] 'up' interfaces added via ovs auto_bridge_add - -Previously, when adding interfaces to an ovs bridge we would set the -link state to up. Some environments assume this is the case so -restore that behavior. - -This fixes the problem where external (public) IPs for routers and VMs -no longer respond. - -Change-Id: I59e21bd5cde7e239320125e9a7e0a33adae578a8 ---- - neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -index 84f5e4b..4dfb0ff 100644 ---- a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -+++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl -@@ -45,6 +45,7 @@ do - if [ -n "$iface" ] && [ "$iface" != "null" ] - then - ovs-vsctl --no-wait --may-exist add-port $bridge $iface -+ ip link set dev $iface up - fi - done - --- -2.7.4 -