From 8a7b7ba08615d09d2313e34db20a13489a6a90b1 Mon Sep 17 00:00:00 2001 From: "Huang, Sophie (sh879n)" Date: Mon, 27 Jan 2020 21:12:59 +0000 Subject: [PATCH] Enable Cinder backends to use iSCSI for data traffic In this patchset, the iSCSI protocol support is added to enable Cinder to use iSCSI based storage backends. Bootable volumes are not supported, only VM attached volumes are supported for this initial patchset. Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0 --- cinder/templates/bin/_iscsiadm.tpl | 20 +++++++++++++ cinder/templates/configmap-bin.yaml | 4 +++ cinder/templates/deployment-volume.yaml | 32 ++++++++++++++++++++ cinder/values.yaml | 5 ++-- nova/templates/bin/_iscsiadm.tpl | 20 +++++++++++++ nova/templates/configmap-bin.yaml | 4 +++ nova/templates/daemonset-compute.yaml | 40 +++++++++++++++++++++++++ nova/values.yaml | 7 +++++ 8 files changed, 130 insertions(+), 2 deletions(-) create mode 100644 cinder/templates/bin/_iscsiadm.tpl create mode 100644 nova/templates/bin/_iscsiadm.tpl diff --git a/cinder/templates/bin/_iscsiadm.tpl b/cinder/templates/bin/_iscsiadm.tpl new file mode 100644 index 0000000000..f27d757bba --- /dev/null +++ b/cinder/templates/bin/_iscsiadm.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Copyright 2020 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \ + iscsiadm "${@:1}" diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml index df96fabf3d..732b0bd4fa 100644 --- a/cinder/templates/configmap-bin.yaml +++ b/cinder/templates/configmap-bin.yaml @@ -23,6 +23,10 @@ kind: ConfigMap metadata: name: cinder-bin data: +{{- if .Values.conf.enable_iscsi }} + iscsiadm: | +{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} {{- if .Values.images.local_registry.active }} image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 3411305a7e..3abb21838e 100755 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -52,6 +52,9 @@ spec: {{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }} +{{- if .Values.pod.useHostNetwork.volume }} + hostNetwork: true +{{- end }} initContainers: {{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }} @@ -195,6 +198,22 @@ spec: readOnly: true {{- end }} {{- end }} + {{- if .Values.conf.enable_iscsi }} + - name: host-rootfs + mountPath: /mnt/host-rootfs + - name: runlock + mountPath: /run/lock + - name: etciscsi + mountPath: /etc/iscsi + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} + mountPropagation: Bidirectional + {{- end }} + - name: usrlocalsbin + mountPath: /usr/local/sbin + - name: cinder-bin + mountPath: /usr/local/sbin/iscsiadm + subPath: iscsiadm + {{- end }} {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }} volumes: - name: pod-tmp @@ -228,5 +247,18 @@ spec: - name: cinder-coordination emptyDir: {} {{- end }} + {{- if .Values.conf.enable_iscsi }} + - name: host-rootfs + hostPath: + path: / + - name: runlock + hostPath: + path: /run/lock + - name: etciscsi + hostPath: + path: /etc/iscsi + - name: usrlocalsbin + emptyDir: {} + {{- end }} {{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/cinder/values.yaml b/cinder/values.yaml index d7d8c5c345..c3936e160d 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -143,7 +143,8 @@ pod: default: kubernetes.io/hostname weight: default: 10 - + useHostNetwork: + volume: false mounts: cinder_api: init_container: null @@ -1025,7 +1026,7 @@ conf: - name - volume_type volume_type: [] - + enable_iscsi: false backup: external_ceph_rbd: enabled: false diff --git a/nova/templates/bin/_iscsiadm.tpl b/nova/templates/bin/_iscsiadm.tpl new file mode 100644 index 0000000000..edb50175f0 --- /dev/null +++ b/nova/templates/bin/_iscsiadm.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Copyright 2020 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +chroot /mnt/host-rootfs /usr/bin/env -i PATH="/sbin:/bin:/usr/bin" \ + iscsiadm "${@:1}" diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 0d94b92b88..398e035c77 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -23,6 +23,10 @@ kind: ConfigMap metadata: name: nova-bin data: +{{- if .Values.conf.enable_iscsi }} + iscsiadm: | +{{ tuple "bin/_iscsiadm.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} {{- if .Values.images.local_registry.active }} image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index ff835a43d0..564b1015f1 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -64,6 +64,7 @@ spec: value: "{{ .Values.pod.user.nova.uid }}" command: - /tmp/nova-compute-init.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -84,6 +85,7 @@ spec: - -R - "nova:" - /etc/ceph + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -95,6 +97,7 @@ spec: {{ dict "envAll" $envAll "application" "nova" "container" "ceph_admin_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/ceph-admin-keyring.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -125,6 +128,7 @@ spec: value: "{{ .Values.conf.ceph.secret_uuid }}" command: - /tmp/ceph-keyring.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -145,6 +149,7 @@ spec: {{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_vnc_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/nova-console-compute-init.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -162,6 +167,7 @@ spec: {{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_spice_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/nova-console-compute-init.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -223,6 +229,7 @@ spec: timeoutSeconds: 580 command: - /tmp/nova-compute.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -316,6 +323,25 @@ spec: - name: machine-id mountPath: /etc/machine-id readOnly: true + {{- if .Values.conf.enable_iscsi }} + - name: host-rootfs + mountPath: /mnt/host-rootfs + - name: usrlocalsbin + mountPath: /usr/local/sbin + - name: etciscsi + mountPath: /etc/iscsi + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} + mountPropagation: Bidirectional + {{- end }} + - name: dev + mountPath: /dev + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} + mountPropagation: Bidirectional + {{- end }} + - name: nova-bin + mountPath: /usr/local/sbin/iscsiadm + subPath: iscsiadm + {{- end }} {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }} {{- if .Values.network.sshd.enabled }} - name: nova-compute-ssh @@ -333,6 +359,7 @@ spec: - containerPort: {{ .Values.network.ssh.port }} command: - /tmp/ssh-start.sh + terminationMessagePath: /var/log/termination-log volumeMounts: - name: pod-tmp mountPath: /tmp @@ -400,6 +427,19 @@ spec: - name: machine-id hostPath: path: /etc/machine-id + {{- if .Values.conf.enable_iscsi }} + - name: host-rootfs + hostPath: + path: / + - name: etciscsi + hostPath: + path: /etc/iscsi + - name: dev + hostPath: + path: /dev + - name: usrlocalsbin + emptyDir: {} + {{- end }} {{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }} {{- end }} {{- end }} diff --git a/nova/values.yaml b/nova/values.yaml index e65b7cb9a4..a25ef3f4f8 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1759,6 +1759,7 @@ conf: keys: - root - nova + - os.brick handlers: keys: - stdout @@ -1776,6 +1777,11 @@ conf: handlers: - stdout qualname: nova + logger_os.brick: + level: INFO + handlers: + - stdout + qualname: os.brick logger_amqp: level: WARNING handlers: stderr @@ -1828,6 +1834,7 @@ conf: priority: 0 apply-to: all pattern: '^(?!(amq\.|reply_)).*' + enable_iscsi: false # Names of secrets used by bootstrap and environmental checks secrets: