Merge "feat(glance): add support for cinder"
This commit is contained in:
commit
6348b93bed
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Glance
|
||||
name: glance
|
||||
version: 0.3.11
|
||||
version: 0.3.12
|
||||
home: https://docs.openstack.org/glance/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
||||
sources:
|
||||
|
20
glance/templates/bin/_iscsiadm.tpl
Normal file
20
glance/templates/bin/_iscsiadm.tpl
Normal file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2020 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||
iscsiadm "${@:1}"
|
18
glance/templates/bin/_multipath.tpl
Normal file
18
glance/templates/bin/_multipath.tpl
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||
multipath "${@:1}"
|
18
glance/templates/bin/_multipathd.tpl
Normal file
18
glance/templates/bin/_multipathd.tpl
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||
multipathd "${@:1}"
|
@ -21,6 +21,14 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-bin
|
||||
data:
|
||||
{{- if eq .Values.storage "cinder" }}
|
||||
iscsiadm: |
|
||||
{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
multipath: |
|
||||
{{ tuple "bin/_multipath.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
multipathd: |
|
||||
{{ tuple "bin/_multipathd.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
bootstrap.sh: |
|
||||
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
|
@ -145,6 +145,12 @@ data:
|
||||
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
||||
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
|
||||
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
|
||||
glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
|
||||
rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
|
||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||
{{- $filePrefix := replace "_" "-" $key }}
|
||||
{{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
|
||||
{{- end }}
|
||||
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }}
|
||||
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
|
||||
{{- end }}
|
||||
|
@ -55,6 +55,13 @@ spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
||||
{{- if .Values.pod.useHostNetwork.api }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "cinder" }}
|
||||
hostIPC: true
|
||||
{{- end }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "api" $mounts_glance_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: glance-perms
|
||||
@ -185,6 +192,8 @@ spec:
|
||||
volumeMounts:
|
||||
- name: pod-tmp
|
||||
mountPath: /tmp
|
||||
- name: glance-tmp
|
||||
mountPath: /var/lib/glance/tmp
|
||||
- name: etcglance
|
||||
mountPath: /etc/glance
|
||||
- name: glance-bin
|
||||
@ -213,12 +222,73 @@ spec:
|
||||
mountPath: /etc/glance/api_audit_map.conf
|
||||
subPath: api_audit_map.conf
|
||||
readOnly: true
|
||||
- name: glance-etc
|
||||
# NOTE (Portdirect): We mount here to override Kollas
|
||||
# custom sudoers file when using Kolla images, this
|
||||
# location will also work fine for other images.
|
||||
mountPath: /etc/sudoers.d/kolla_glance_sudoers
|
||||
subPath: glance_sudoers
|
||||
readOnly: true
|
||||
- name: glance-etc
|
||||
mountPath: /etc/glance/rootwrap.conf
|
||||
subPath: rootwrap.conf
|
||||
readOnly: true
|
||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||
{{- if ( has "api" $value.pods ) }}
|
||||
{{- $filePrefix := replace "_" "-" $key }}
|
||||
{{- $rootwrapFile := printf "/etc/glance/rootwrap.d/%s.filters" $filePrefix }}
|
||||
- name: glance-etc
|
||||
mountPath: {{ $rootwrapFile }}
|
||||
subPath: {{ base $rootwrapFile }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: glance-etc
|
||||
mountPath: {{ .Values.conf.glance.glance_store.swift_store_config_file }}
|
||||
subPath: swift-store.conf
|
||||
readOnly: true
|
||||
- name: glance-images
|
||||
mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
|
||||
{{- if eq .Values.storage "cinder" }}
|
||||
- name: host-rootfs
|
||||
mountPath: /mnt/host-rootfs
|
||||
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||
mountPropagation: HostToContainer
|
||||
{{- end }}
|
||||
- name: host-dev
|
||||
mountPath: /dev
|
||||
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||
mountPropagation: HostToContainer
|
||||
{{- end }}
|
||||
- name: runlock
|
||||
mountPath: /run/lock
|
||||
- name: etciscsi
|
||||
mountPath: /etc/iscsi
|
||||
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||
mountPropagation: HostToContainer
|
||||
{{- end }}
|
||||
- name: usrlocalsbin
|
||||
mountPath: /usr/local/sbin
|
||||
- name: glance-bin
|
||||
mountPath: /usr/local/sbin/iscsiadm
|
||||
subPath: iscsiadm
|
||||
- name: glance-bin
|
||||
mountPath: /usr/local/sbin/multipath
|
||||
subPath: multipath
|
||||
- name: glance-bin
|
||||
mountPath: /usr/local/sbin/multipathd
|
||||
subPath: multipathd
|
||||
- name: etcmultipath
|
||||
mountPath: /etc/multipath
|
||||
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||
mountPropagation: Bidirectional
|
||||
{{- end }}
|
||||
- name: sys
|
||||
mountPath: /sys
|
||||
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||
mountPropagation: HostToContainer
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "rbd" }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@ -238,6 +308,8 @@ spec:
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
emptyDir: {}
|
||||
- name: glance-tmp
|
||||
emptyDir: {}
|
||||
- name: etcglance
|
||||
emptyDir: {}
|
||||
- name: glance-bin
|
||||
@ -267,6 +339,28 @@ spec:
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.storage "cinder" }}
|
||||
- name: host-rootfs
|
||||
hostPath:
|
||||
path: /
|
||||
- name: host-dev
|
||||
hostPath:
|
||||
path: /dev
|
||||
- name: runlock
|
||||
hostPath:
|
||||
path: /run/lock
|
||||
- name: etciscsi
|
||||
hostPath:
|
||||
path: /etc/iscsi
|
||||
- name: usrlocalsbin
|
||||
emptyDir: {}
|
||||
- name: etcmultipath
|
||||
hostPath:
|
||||
path: /etc/multipath
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
@ -244,6 +244,60 @@ conf:
|
||||
add_metadef_tags: rule:metadef_admin
|
||||
delete_metadef_tag: rule:metadef_admin
|
||||
delete_metadef_tags: rule:metadef_admin
|
||||
glance_sudoers: |
|
||||
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
|
||||
Defaults !requiretty
|
||||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
|
||||
glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf *
|
||||
rootwrap: |
|
||||
# Configuration for glance-rootwrap
|
||||
# This file should be owned by (and only-writable by) the root user
|
||||
|
||||
[DEFAULT]
|
||||
# List of directories to load filter definitions from (separated by ',').
|
||||
# These directories MUST all be only writeable by root !
|
||||
filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
|
||||
|
||||
# List of directories to search executables in, in case filters do not
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
|
||||
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
use_syslog=False
|
||||
|
||||
# Which syslog facility to use.
|
||||
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||
# Default value is 'syslog'
|
||||
syslog_log_facility=syslog
|
||||
|
||||
# Which messages to log.
|
||||
# INFO means log all usage
|
||||
# ERROR means only log unsuccessful attempts
|
||||
syslog_log_level=ERROR
|
||||
rootwrap_filters:
|
||||
glance_cinder_store:
|
||||
pods:
|
||||
- api
|
||||
content: |
|
||||
# glance-rootwrap command filters for glance cinder store
|
||||
# This file should be owned by (and only-writable by) the root user
|
||||
|
||||
[Filters]
|
||||
# cinder store driver
|
||||
disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
|
||||
|
||||
# os-brick library commands
|
||||
# os_brick.privileged.run_as_root oslo.privsep context
|
||||
# This line ties the superuser privs with the config files, context name,
|
||||
# and (implicitly) the actual python code invoked.
|
||||
privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
|
||||
|
||||
chown: CommandFilter, chown, root
|
||||
mount: CommandFilter, mount, root
|
||||
umount: CommandFilter, umount, root
|
||||
glance:
|
||||
DEFAULT:
|
||||
log_config_append: /etc/glance/logging.conf
|
||||
@ -259,6 +313,7 @@ conf:
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
glance_store:
|
||||
cinder_catalog_info: volumev3::internalURL
|
||||
rbd_store_chunk_size: 8
|
||||
rbd_store_replication: 3
|
||||
rbd_store_crush_rule: replicated_rule
|
||||
@ -275,6 +330,8 @@ conf:
|
||||
flavor: keystone
|
||||
database:
|
||||
max_retries: -1
|
||||
oslo_concurrency:
|
||||
lock_path: "/var/lib/glance/tmp"
|
||||
oslo_messaging_notifications:
|
||||
driver: messagingv2
|
||||
oslo_messaging_rabbit:
|
||||
@ -837,6 +894,8 @@ pod:
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
useHostNetwork:
|
||||
api: false
|
||||
mounts:
|
||||
glance_api:
|
||||
init_container: null
|
||||
|
@ -32,4 +32,5 @@ glance:
|
||||
- 0.3.9 Support TLS endpoints
|
||||
- 0.3.10 Distinguish between port number of internal endpoint and binding port number
|
||||
- 0.3.11 Use HTTP probe instead of TCP probe
|
||||
- 0.3.12 Add support for using Cinder as backend
|
||||
...
|
||||
|
Loading…
Reference in New Issue
Block a user