Merge "Add support for nova vm migration"

nova/templates/bin/_ssh-start.sh.tpl

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+IFS=','
+for KEY_TYPE in $KEY_TYPES; do
+    KEY_PATH=/etc/ssh/ssh_host_${KEY_TYPE}_key
+    if [[ ! -f "${KEY_PATH}" ]]; then
+        ssh-keygen -q -t ${KEY_TYPE} -f ${KEY_PATH} -N ""
+    fi
+done
+IFS=''
+
+mkdir -p ~nova/.ssh
+
+if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
+    chown nova: ~nova/.ssh
+fi
+
+chmod 0600 ~root/.ssh/authorized_keys
+chmod 0600 ~root/.ssh/id_rsa
+chmod 0600 ~root/.ssh/id_rsa.pub
+
+exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT

nova/templates/configmap-bin.yaml

@@ -65,4 +65,6 @@ data:
 {{ tuple "bin/_nova-vnc-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   nova-vnc-proxy-init.sh: |
 {{ tuple "bin/_nova-vnc-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  ssh-start.sh: |
+{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}

nova/templates/configmap-etc.yaml

@@ -114,4 +114,6 @@ data:
 {{- tuple .Values.conf.rootwrap_filters.network "etc/rootwrap.d/_network.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
   nova.conf: |+
 {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | indent 4 }}
+  ssh-config.sh: |+
+{{- tuple .Values.conf.ssh "etc/_ssh-config.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
 {{- end }}

nova/templates/daemonset-compute.yaml

@@ -162,6 +162,10 @@ spec:
               mountPath: /etc/nova/rootwrap.d/network.filters
               subPath: network.filters
               readOnly: true
+            - name: nova-etc
+              mountPath: /root/.ssh/config
+              subPath: ssh-config
+              readOnly: true
             {{- if .Values.ceph.enabled }}
             - name: etcceph
               mountPath: /etc/ceph
@@ -191,6 +195,39 @@ spec:
               mountPath: /etc/machine-id
               readOnly: true
 {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
+        - name: nova-compute-ssh
+          image: {{ .Values.images.compute_ssh }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            privileged: true
+          env:
+            - name: KEY_TYPES
+              value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.ssh.key_types | quote }}
+            - name: SSH_PORT
+              value: {{ .Values.network.ssh.port | quote }}
+          ports:
+            - containerPort: {{ .Values.network.ssh.port }}
+          command:
+            - /tmp/ssh-start.sh
+          volumeMounts:
+            - name: varlibnova
+              mountPath: /var/lib/nova
+            - name: varliblibvirt
+              mountPath: /var/lib/libvirt
+            - name: nova-etc
+              mountPath: /root/.ssh/id_rsa
+              subPath: ssh-key-private
+            - name: nova-etc
+              mountPath: /root/.ssh/id_rsa.pub
+              subPath: ssh-key-public
+            - name: nova-etc
+              mountPath: /root/.ssh/authorized_keys
+              subPath: ssh-key-public
+            - name: nova-bin
+              mountPath: /tmp/ssh-start.sh
+              subPath: ssh-start.sh
+              readOnly: true
       volumes:
         - name: nova-bin
           configMap:

nova/templates/etc/_ssh-config.tpl

@@ -0,0 +1,4 @@
+Host *
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  Port {{ .Values.network.ssh.port }}

nova/values.yaml

@@ -60,6 +60,7 @@ images:
   novncproxy_assets: docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
   consoleauth: docker.io/kolla/ubuntu-source-nova-consoleauth:3.0.3
   compute: docker.io/kolla/ubuntu-source-nova-compute:3.0.3
+  compute_ssh: docker.io/kolla/ubuntu-source-nova-ssh:3.0.3
   bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
   dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
   pull_policy: "IfNotPresent"
@@ -124,6 +125,9 @@ network:
       port: 36080
     port: 6080
     targetPort: 6080
+  ssh:
+    name: "nova-ssh"
+    port: 8022
 
 ceph:
   enabled: true
@@ -255,7 +259,17 @@ console:
       # IF blank, search default routing interface
       vncserver_proxyclient_interface:
 
+ssh:
+  key_types:
+    - rsa
+    - dsa
+    - ecdsa
+    - ed25519
+
 conf:
+  ssh:
+    override:
+    append:
   rally_tests:
     run_tempest: false
     override:
@@ -940,6 +954,13 @@ pod:
       limits:
         memory: "1024Mi"
         cpu: "2000m"
+    ssh:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
     novncproxy:
       requests:
         memory: "128Mi"