From 121a52dd930b75d26def0a56b9afa4c9dad878e9 Mon Sep 17 00:00:00 2001 From: Jawon Choo Date: Fri, 13 Oct 2017 18:16:45 +0900 Subject: [PATCH] Nova metadata : set clusterIP dynamically This PS updates nova to set metadata's clusterIP dynamically and neutron to set nova_metadata_ip from metadata hosts If specify a clusterIP, it is hard-coded as before also. Change-Id: Ib0d6df8272bd8494bb59ffc8e6b2cfa36a901f60 Closes-Bug: #1715553 --- .../bin/_neutron-metadata-agent-init.sh.tpl | 30 +++++++++++++++++++ .../bin/_neutron-metadata-agent.sh.tpl | 3 +- neutron/templates/configmap-bin.yaml | 2 ++ .../templates/daemonset-metadata-agent.yaml | 24 +++++++++++++++ neutron/values.yaml | 22 ++++++++++++-- .../bin/_nova-api-metadata-init.sh.tpl | 30 +++++++++++++++++++ nova/templates/bin/_nova-api-metadata.sh.tpl | 3 +- nova/templates/configmap-bin.yaml | 2 ++ nova/templates/configmap-etc.yaml | 2 ++ nova/templates/deployment-api-metadata.yaml | 24 +++++++++++++++ nova/templates/service-ingress-metadata.yaml | 2 ++ nova/values.yaml | 5 +++- 12 files changed, 143 insertions(+), 6 deletions(-) create mode 100644 neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl create mode 100644 nova/templates/bin/_nova-api-metadata-init.sh.tpl diff --git a/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl b/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl new file mode 100644 index 0000000000..8d2408f699 --- /dev/null +++ b/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl @@ -0,0 +1,30 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +metadata_ip="{{- .Values.conf.metadata_agent.DEFAULT.nova_metadata_ip -}}" +if [ -z "${metadata_ip}" ] ; then + metadata_ip=$(getent hosts metadata | awk '{print $1}') +fi + +cat </tmp/pod-shared/neutron-metadata-agent.ini +[DEFAULT] +nova_metadata_ip=$metadata_ip +EOF + diff --git a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl index 6f254ff38b..0d532468eb 100644 --- a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl @@ -20,7 +20,8 @@ set -x exec neutron-metadata-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/metadata_agent.ini \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /tmp/pod-shared/neutron-metadata-agent.ini {{- if eq .Values.network.backend "ovs" }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini {{- end }} diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 777e23a5c8..197c9d8926 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -51,6 +51,8 @@ data: {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-metadata-agent.sh: |+ {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-metadata-agent-init.sh: |+ +{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent.sh: |+ {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent-init.sh: |+ diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index db5e111e81..61e34949b4 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -40,6 +40,25 @@ spec: hostNetwork: true initContainers: {{ tuple $envAll $dependencies $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: neutron-metadata-agent-init + image: {{ .Values.images.metadata }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.neutron.uid }} + command: + - /tmp/neutron-metadata-agent-init.sh + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-metadata-agent-init.sh + subPath: neutron-metadata-agent-init.sh + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared containers: - name: neutron-metadata-agent image: {{ .Values.images.metadata }} @@ -130,6 +149,9 @@ spec: readOnly: true - name: socket mountPath: /var/lib/neutron/stackanetes + - name: pod-shared + mountPath: /tmp/pod-shared + readOnly: true {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }} volumes: - name: neutron-bin @@ -148,5 +170,7 @@ spec: - name: socket hostPath: path: /var/lib/neutron/openstack-helm + - name: pod-shared + emptyDir: {} {{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 01fa36ed95..bd25ab6c3c 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -163,6 +163,8 @@ dependencies: endpoint: internal - service: compute endpoint: internal + - service: compute_metadata + endpoint: public daemonset: # this should be set to corresponding neutron L2 agent - neutron-ovs-agent @@ -1040,7 +1042,8 @@ conf: metering_agent: null metadata_agent: DEFAULT: - nova_metadata_ip: 10.97.120.234 + # IF blank, set dynamically from metadata hosts + nova_metadata_ip: nova_metadata_port: 80 nova_metadata_protocol: http metadata_proxy_shared_secret: "password" @@ -1119,10 +1122,23 @@ endpoints: api: default: 8774 public: 80 - metadata: - default: 8775 novncproxy: default: 6080 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: 'http' + port: + metadata: + default: 8775 + public: 80 identity: name: keystone auth: diff --git a/nova/templates/bin/_nova-api-metadata-init.sh.tpl b/nova/templates/bin/_nova-api-metadata-init.sh.tpl new file mode 100644 index 0000000000..5610b87983 --- /dev/null +++ b/nova/templates/bin/_nova-api-metadata-init.sh.tpl @@ -0,0 +1,30 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +metadata_ip="{{- .Values.network.metadata.ip -}}" +if [ -z "${metadata_ip}" ] ; then + metadata_ip=$(getent hosts metadata | awk '{print $1}') +fi + +cat </tmp/pod-shared/nova-api-metadata.ini +[DEFAULT] +metadata_host=$metadata_ip +EOF + diff --git a/nova/templates/bin/_nova-api-metadata.sh.tpl b/nova/templates/bin/_nova-api-metadata.sh.tpl index 792defc2bc..a63da89ea8 100644 --- a/nova/templates/bin/_nova-api-metadata.sh.tpl +++ b/nova/templates/bin/_nova-api-metadata.sh.tpl @@ -21,7 +21,8 @@ COMMAND="${@:-start}" function start () { exec nova-api-metadata \ - --config-file /etc/nova/nova.conf + --config-file /etc/nova/nova.conf \ + --config-file /tmp/pod-shared/nova-api-metadata.ini } function stop () { diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 73b4f57e46..21953ed82a 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -47,6 +47,8 @@ data: {{ tuple "bin/_nova-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} nova-api-metadata.sh: | {{ tuple "bin/_nova-api-metadata.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + nova-api-metadata-init.sh: | +{{ tuple "bin/_nova-api-metadata-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} nova-compute.sh: | {{ tuple "bin/_nova-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} nova-compute-init.sh: | diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index bb1d3dd61b..15eb8db4b0 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -100,8 +100,10 @@ limitations under the License. {{- end -}} {{- if empty .Values.conf.nova.DEFAULT.metadata_host -}} +{{- if .Values.network.metadata.ip -}} {{- set .Values.conf.nova.DEFAULT "metadata_host" .Values.network.metadata.ip | quote | trunc 0 -}} {{- end -}} +{{- end -}} {{- if empty .Values.conf.nova.DEFAULT.metadata_port -}} {{- tuple "compute_metadata" "public" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "metadata_port" | quote | trunc 0 -}} diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index e96feb41bf..d3080bbd6b 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -42,6 +42,25 @@ spec: terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.metadata.timeout | default "30" }} initContainers: {{ tuple $envAll $dependencies $mounts_nova_api_metadata_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: nova-api-metadata-init + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.nova.uid }} + command: + - /tmp/nova-api-metadata-init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/nova-api-metadata-init.sh + subPath: nova-api-metadata-init.sh + readOnly: true + - name: nova-etc + mountPath: /etc/nova/nova.conf + subPath: nova.conf + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared containers: - name: nova-api image: {{ .Values.images.api }} @@ -115,6 +134,9 @@ spec: mountPath: /etc/nova/rootwrap.d/network.filters subPath: network.filters readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + readOnly: true {{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }} volumes: - name: nova-bin @@ -125,5 +147,7 @@ spec: configMap: name: nova-etc defaultMode: 0444 + - name: pod-shared + emptyDir: {} {{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/service-ingress-metadata.yaml b/nova/templates/service-ingress-metadata.yaml index d415f222dd..fecc0adfca 100644 --- a/nova/templates/service-ingress-metadata.yaml +++ b/nova/templates/service-ingress-metadata.yaml @@ -26,7 +26,9 @@ spec: ports: - name: http port: 80 +{{- if .Values.network.metadata.ip }} clusterIP: {{ .Values.network.metadata.ip }} +{{- end }} selector: app: ingress-api {{- end }} diff --git a/nova/values.yaml b/nova/values.yaml index cc5a2963e9..28e596bb71 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -112,7 +112,8 @@ network: enabled: false port: 30774 metadata: - ip: 10.97.120.234 + # IF blank, set clusterIP and metadata_host dynamically + ip: port: 8775 ingress: public: true @@ -150,6 +151,8 @@ dependencies: endpoint: internal - service: identity endpoint: internal + - service: compute_metadata + endpoint: public db_init: services: - service: oslo_db