Merge "feat(glance): add support for cinder"
This commit is contained in:
commit
6348b93bed
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Glance
|
description: OpenStack-Helm Glance
|
||||||
name: glance
|
name: glance
|
||||||
version: 0.3.11
|
version: 0.3.12
|
||||||
home: https://docs.openstack.org/glance/latest/
|
home: https://docs.openstack.org/glance/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
20
glance/templates/bin/_iscsiadm.tpl
Normal file
20
glance/templates/bin/_iscsiadm.tpl
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2020 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||||
|
iscsiadm "${@:1}"
|
18
glance/templates/bin/_multipath.tpl
Normal file
18
glance/templates/bin/_multipath.tpl
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||||
|
multipath "${@:1}"
|
18
glance/templates/bin/_multipathd.tpl
Normal file
18
glance/templates/bin/_multipathd.tpl
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \
|
||||||
|
multipathd "${@:1}"
|
@ -21,6 +21,14 @@ kind: ConfigMap
|
|||||||
metadata:
|
metadata:
|
||||||
name: glance-bin
|
name: glance-bin
|
||||||
data:
|
data:
|
||||||
|
{{- if eq .Values.storage "cinder" }}
|
||||||
|
iscsiadm: |
|
||||||
|
{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
multipath: |
|
||||||
|
{{ tuple "bin/_multipath.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
multipathd: |
|
||||||
|
{{ tuple "bin/_multipathd.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.bootstrap.enabled }}
|
{{- if .Values.bootstrap.enabled }}
|
||||||
bootstrap.sh: |
|
bootstrap.sh: |
|
||||||
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
@ -145,6 +145,12 @@ data:
|
|||||||
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
||||||
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
|
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
|
||||||
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
|
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
|
||||||
|
glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
|
||||||
|
rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
|
||||||
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
|
{{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
|
||||||
|
{{- end }}
|
||||||
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }}
|
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }}
|
||||||
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
|
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -55,6 +55,13 @@ spec:
|
|||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
|
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
|
||||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
||||||
|
{{- if .Values.pod.useHostNetwork.api }}
|
||||||
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.storage "cinder" }}
|
||||||
|
hostIPC: true
|
||||||
|
{{- end }}
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll "api" $mounts_glance_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll "api" $mounts_glance_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
- name: glance-perms
|
- name: glance-perms
|
||||||
@ -185,6 +192,8 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
|
- name: glance-tmp
|
||||||
|
mountPath: /var/lib/glance/tmp
|
||||||
- name: etcglance
|
- name: etcglance
|
||||||
mountPath: /etc/glance
|
mountPath: /etc/glance
|
||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
@ -213,12 +222,73 @@ spec:
|
|||||||
mountPath: /etc/glance/api_audit_map.conf
|
mountPath: /etc/glance/api_audit_map.conf
|
||||||
subPath: api_audit_map.conf
|
subPath: api_audit_map.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: glance-etc
|
||||||
|
# NOTE (Portdirect): We mount here to override Kollas
|
||||||
|
# custom sudoers file when using Kolla images, this
|
||||||
|
# location will also work fine for other images.
|
||||||
|
mountPath: /etc/sudoers.d/kolla_glance_sudoers
|
||||||
|
subPath: glance_sudoers
|
||||||
|
readOnly: true
|
||||||
|
- name: glance-etc
|
||||||
|
mountPath: /etc/glance/rootwrap.conf
|
||||||
|
subPath: rootwrap.conf
|
||||||
|
readOnly: true
|
||||||
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
|
{{- if ( has "api" $value.pods ) }}
|
||||||
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
|
{{- $rootwrapFile := printf "/etc/glance/rootwrap.d/%s.filters" $filePrefix }}
|
||||||
|
- name: glance-etc
|
||||||
|
mountPath: {{ $rootwrapFile }}
|
||||||
|
subPath: {{ base $rootwrapFile }}
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
mountPath: {{ .Values.conf.glance.glance_store.swift_store_config_file }}
|
mountPath: {{ .Values.conf.glance.glance_store.swift_store_config_file }}
|
||||||
subPath: swift-store.conf
|
subPath: swift-store.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: glance-images
|
- name: glance-images
|
||||||
mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
|
mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
|
||||||
|
{{- if eq .Values.storage "cinder" }}
|
||||||
|
- name: host-rootfs
|
||||||
|
mountPath: /mnt/host-rootfs
|
||||||
|
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||||
|
mountPropagation: HostToContainer
|
||||||
|
{{- end }}
|
||||||
|
- name: host-dev
|
||||||
|
mountPath: /dev
|
||||||
|
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||||
|
mountPropagation: HostToContainer
|
||||||
|
{{- end }}
|
||||||
|
- name: runlock
|
||||||
|
mountPath: /run/lock
|
||||||
|
- name: etciscsi
|
||||||
|
mountPath: /etc/iscsi
|
||||||
|
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||||
|
mountPropagation: HostToContainer
|
||||||
|
{{- end }}
|
||||||
|
- name: usrlocalsbin
|
||||||
|
mountPath: /usr/local/sbin
|
||||||
|
- name: glance-bin
|
||||||
|
mountPath: /usr/local/sbin/iscsiadm
|
||||||
|
subPath: iscsiadm
|
||||||
|
- name: glance-bin
|
||||||
|
mountPath: /usr/local/sbin/multipath
|
||||||
|
subPath: multipath
|
||||||
|
- name: glance-bin
|
||||||
|
mountPath: /usr/local/sbin/multipathd
|
||||||
|
subPath: multipathd
|
||||||
|
- name: etcmultipath
|
||||||
|
mountPath: /etc/multipath
|
||||||
|
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||||
|
mountPropagation: Bidirectional
|
||||||
|
{{- end }}
|
||||||
|
- name: sys
|
||||||
|
mountPath: /sys
|
||||||
|
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
|
||||||
|
mountPropagation: HostToContainer
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if eq .Values.storage "rbd" }}
|
{{- if eq .Values.storage "rbd" }}
|
||||||
- name: etcceph
|
- name: etcceph
|
||||||
mountPath: /etc/ceph
|
mountPath: /etc/ceph
|
||||||
@ -238,6 +308,8 @@ spec:
|
|||||||
volumes:
|
volumes:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
- name: glance-tmp
|
||||||
|
emptyDir: {}
|
||||||
- name: etcglance
|
- name: etcglance
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
@ -267,6 +339,28 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.rbd | quote }}
|
secretName: {{ .Values.secrets.rbd | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq .Values.storage "cinder" }}
|
||||||
|
- name: host-rootfs
|
||||||
|
hostPath:
|
||||||
|
path: /
|
||||||
|
- name: host-dev
|
||||||
|
hostPath:
|
||||||
|
path: /dev
|
||||||
|
- name: runlock
|
||||||
|
hostPath:
|
||||||
|
path: /run/lock
|
||||||
|
- name: etciscsi
|
||||||
|
hostPath:
|
||||||
|
path: /etc/iscsi
|
||||||
|
- name: usrlocalsbin
|
||||||
|
emptyDir: {}
|
||||||
|
- name: etcmultipath
|
||||||
|
hostPath:
|
||||||
|
path: /etc/multipath
|
||||||
|
- name: sys
|
||||||
|
hostPath:
|
||||||
|
path: /sys
|
||||||
|
{{- end }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
|
@ -244,6 +244,60 @@ conf:
|
|||||||
add_metadef_tags: rule:metadef_admin
|
add_metadef_tags: rule:metadef_admin
|
||||||
delete_metadef_tag: rule:metadef_admin
|
delete_metadef_tag: rule:metadef_admin
|
||||||
delete_metadef_tags: rule:metadef_admin
|
delete_metadef_tags: rule:metadef_admin
|
||||||
|
glance_sudoers: |
|
||||||
|
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
|
||||||
|
Defaults !requiretty
|
||||||
|
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
|
||||||
|
glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf *
|
||||||
|
rootwrap: |
|
||||||
|
# Configuration for glance-rootwrap
|
||||||
|
# This file should be owned by (and only-writable by) the root user
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# List of directories to load filter definitions from (separated by ',').
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
|
||||||
|
|
||||||
|
# List of directories to search executables in, in case filters do not
|
||||||
|
# explicitely specify a full path (separated by ',')
|
||||||
|
# If not specified, defaults to system PATH environment variable.
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
|
||||||
|
|
||||||
|
# Enable logging to syslog
|
||||||
|
# Default value is False
|
||||||
|
use_syslog=False
|
||||||
|
|
||||||
|
# Which syslog facility to use.
|
||||||
|
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||||
|
# Default value is 'syslog'
|
||||||
|
syslog_log_facility=syslog
|
||||||
|
|
||||||
|
# Which messages to log.
|
||||||
|
# INFO means log all usage
|
||||||
|
# ERROR means only log unsuccessful attempts
|
||||||
|
syslog_log_level=ERROR
|
||||||
|
rootwrap_filters:
|
||||||
|
glance_cinder_store:
|
||||||
|
pods:
|
||||||
|
- api
|
||||||
|
content: |
|
||||||
|
# glance-rootwrap command filters for glance cinder store
|
||||||
|
# This file should be owned by (and only-writable by) the root user
|
||||||
|
|
||||||
|
[Filters]
|
||||||
|
# cinder store driver
|
||||||
|
disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
|
||||||
|
|
||||||
|
# os-brick library commands
|
||||||
|
# os_brick.privileged.run_as_root oslo.privsep context
|
||||||
|
# This line ties the superuser privs with the config files, context name,
|
||||||
|
# and (implicitly) the actual python code invoked.
|
||||||
|
privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
|
||||||
|
|
||||||
|
chown: CommandFilter, chown, root
|
||||||
|
mount: CommandFilter, mount, root
|
||||||
|
umount: CommandFilter, umount, root
|
||||||
glance:
|
glance:
|
||||||
DEFAULT:
|
DEFAULT:
|
||||||
log_config_append: /etc/glance/logging.conf
|
log_config_append: /etc/glance/logging.conf
|
||||||
@ -259,6 +313,7 @@ conf:
|
|||||||
auth_version: v3
|
auth_version: v3
|
||||||
memcache_security_strategy: ENCRYPT
|
memcache_security_strategy: ENCRYPT
|
||||||
glance_store:
|
glance_store:
|
||||||
|
cinder_catalog_info: volumev3::internalURL
|
||||||
rbd_store_chunk_size: 8
|
rbd_store_chunk_size: 8
|
||||||
rbd_store_replication: 3
|
rbd_store_replication: 3
|
||||||
rbd_store_crush_rule: replicated_rule
|
rbd_store_crush_rule: replicated_rule
|
||||||
@ -275,6 +330,8 @@ conf:
|
|||||||
flavor: keystone
|
flavor: keystone
|
||||||
database:
|
database:
|
||||||
max_retries: -1
|
max_retries: -1
|
||||||
|
oslo_concurrency:
|
||||||
|
lock_path: "/var/lib/glance/tmp"
|
||||||
oslo_messaging_notifications:
|
oslo_messaging_notifications:
|
||||||
driver: messagingv2
|
driver: messagingv2
|
||||||
oslo_messaging_rabbit:
|
oslo_messaging_rabbit:
|
||||||
@ -837,6 +894,8 @@ pod:
|
|||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
operator: Exists
|
operator: Exists
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
useHostNetwork:
|
||||||
|
api: false
|
||||||
mounts:
|
mounts:
|
||||||
glance_api:
|
glance_api:
|
||||||
init_container: null
|
init_container: null
|
||||||
|
@ -32,4 +32,5 @@ glance:
|
|||||||
- 0.3.9 Support TLS endpoints
|
- 0.3.9 Support TLS endpoints
|
||||||
- 0.3.10 Distinguish between port number of internal endpoint and binding port number
|
- 0.3.10 Distinguish between port number of internal endpoint and binding port number
|
||||||
- 0.3.11 Use HTTP probe instead of TCP probe
|
- 0.3.11 Use HTTP probe instead of TCP probe
|
||||||
|
- 0.3.12 Add support for using Cinder as backend
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user