From db0db427eee9ab393c9f2834e15f3da293f2206e Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 12 Jan 2017 14:51:36 -0800 Subject: [PATCH] Critical fixes required for 0.1.0 tagging * Add imagePullPolicy to ceph with default * Add imagePullPolicy to mariadb with default * Add missing imagePullPolicies to nova with defaults * Remove malfunctioning daemonset dependency from nova * Add missing neutron endpoint definition to nova values * Force v4 networking in ceph. Repeated bootstrapping is unreliable without this. * Update cinder dependencies based on testing * Optonal Horizon NodePort * Revert iptables stub for nova-api-osapi because we lack permississions to overwrite /sbin/iptables. We will continue to run in a privileged security context until we have a working solution. --- ceph/templates/daemonset-osd.yaml | 2 +- ceph/templates/deployment-mds.yaml | 1 + ceph/templates/deployment-moncheck.yaml | 6 +++--- ceph/templates/deployment-rgw.yaml | 1 + ceph/templates/statefulset-mon.yaml | 4 ++-- ceph/values.yaml | 1 + cinder/templates/deployment-volume.yaml | 4 ++++ cinder/values.yaml | 12 +++++++++-- horizon/templates/service.yaml | 12 +++++++++++ horizon/values.yaml | 2 ++ mariadb/templates/deployment.yaml | 2 +- mariadb/templates/job-seed.yaml | 2 +- mariadb/values.yaml | 1 + nova/templates/bin/_start-osapi.sh.tpl | 23 --------------------- nova/templates/configmap-bin.yaml | 2 -- nova/templates/daemonset-compute.yaml | 6 +----- nova/templates/daemonset-libvirt.yaml | 2 +- nova/templates/deployment-api-metadata.yaml | 14 +++++++------ nova/templates/deployment-api-osapi.yaml | 23 ++++++++------------- nova/templates/deployment-conductor.yaml | 1 + nova/templates/deployment-consoleauth.yaml | 1 + nova/templates/deployment-scheduler.yaml | 1 + nova/values.yaml | 8 +++++++ 23 files changed, 70 insertions(+), 61 deletions(-) delete mode 100644 nova/templates/bin/_start-osapi.sh.tpl diff --git a/ceph/templates/daemonset-osd.yaml b/ceph/templates/daemonset-osd.yaml index 1ad4b24fbf..9f85d599c1 100644 --- a/ceph/templates/daemonset-osd.yaml +++ b/ceph/templates/daemonset-osd.yaml @@ -40,7 +40,7 @@ spec: containers: - name: osd-pod image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} volumeMounts: - name: devices mountPath: /dev diff --git a/ceph/templates/deployment-mds.yaml b/ceph/templates/deployment-mds.yaml index 9a4f5eadd9..0485c5e719 100644 --- a/ceph/templates/deployment-mds.yaml +++ b/ceph/templates/deployment-mds.yaml @@ -34,6 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6800 env: diff --git a/ceph/templates/deployment-moncheck.yaml b/ceph/templates/deployment-moncheck.yaml index aa829b09c1..459074f067 100644 --- a/ceph/templates/deployment-moncheck.yaml +++ b/ceph/templates/deployment-moncheck.yaml @@ -34,7 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6789 env: @@ -42,8 +42,8 @@ spec: value: MON_HEALTH - name: KV_TYPE value: k8s - - name: MON_IP_AUTO_DETECT - value: "1" + - name: NETWORK_AUTO_DETECT + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/templates/deployment-rgw.yaml b/ceph/templates/deployment-rgw.yaml index a22c2ad367..57ba1c9538 100644 --- a/ceph/templates/deployment-rgw.yaml +++ b/ceph/templates/deployment-rgw.yaml @@ -36,6 +36,7 @@ spec: containers: - name: ceph-rgw image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: {{ .Values.network.port.rgw_target }} env: diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml index 5ef33cd8e2..d7971a72a2 100644 --- a/ceph/templates/statefulset-mon.yaml +++ b/ceph/templates/statefulset-mon.yaml @@ -58,7 +58,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} lifecycle: preStop: exec: @@ -73,7 +73,7 @@ spec: - name: KV_TYPE value: k8s - name: NETWORK_AUTO_DETECT - value: "1" + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/values.yaml b/ceph/values.yaml index 33c6da2410..b88644a641 100644 --- a/ceph/values.yaml +++ b/ceph/values.yaml @@ -18,6 +18,7 @@ service: images: daemon: quay.io/attcomdev/ceph-daemon:latest + pull_policy: IfNotPresent labels: node_selector_key: ceph-storage diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 81922f5a5c..7f6cc18bd6 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -33,6 +33,10 @@ spec: "name": "DEPENDENCY_SERVICE", "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}" + }, { "name": "COMMAND", "value": "echo done" diff --git a/cinder/values.yaml b/cinder/values.yaml index 5ea0cb62a9..120d4d484f 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -14,11 +14,11 @@ labels: images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton @@ -130,10 +130,18 @@ dependencies: - mariadb - keystone-api volume: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api scheduler: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml index 1c2fe3865a..a8b59d7606 100644 --- a/horizon/templates/service.yaml +++ b/horizon/templates/service.yaml @@ -4,6 +4,18 @@ metadata: name: horizon spec: ports: + {{ if .Values.network.enable_node_port }} + - nodePort: {{ .Values.network.node_port }} + port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ else }} - port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ end }} selector: app: horizon + {{ if .Values.network.enable_node_port }} + type: NodePort + {{ end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index a7d97e6121..f9a19fd4ee 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -23,6 +23,8 @@ labels: network: port: 80 + node_port: 30000 + enable_node_port: false local_settings: horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c diff --git a/mariadb/templates/deployment.yaml b/mariadb/templates/deployment.yaml index 3867213fb8..8a456ee3ba 100644 --- a/mariadb/templates/deployment.yaml +++ b/mariadb/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: containers: - name: {{ .Values.service_name }} image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml index 0495174af1..c8930621a0 100644 --- a/mariadb/templates/job-seed.yaml +++ b/mariadb/templates/job-seed.yaml @@ -15,7 +15,7 @@ spec: containers: - name: mariadb-init image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/values.yaml b/mariadb/values.yaml index ce3656a6cc..0a13e96581 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -26,6 +26,7 @@ service_name: mariadb images: mariadb: quay.io/stackanetes/stackanetes-mariadb:newton + pull_policy: IfNotPresent volume: class_path: volume.beta.kubernetes.io/storage-class diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl deleted file mode 100644 index a2bf2a2ff4..0000000000 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -set -ex - -# -# start nova-api-osapi service -# -# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges -# by stubbing in a fake iptables scripts - -echo </tmp/iptables -#!/bin/sh -# nova-api-metadata trys to run some iptables commands -# This enables the api-only container to run without NET_ADMIN privileges -true -EOF - -# make it executable and copy it over whatever iptables may be underneath in this image -chmod +x /tmp/iptables -cp -p /tmp/iptables /sbin/iptables -cp -p /tmp/iptables /sbin/iptables-restore -cp -p /tmp/iptables /sbin/iptables-save - -exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index f3d1fca6f3..78573783b5 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,6 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start-osapi.sh: | -{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 26299ea050..f9fcafd931 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -32,10 +32,6 @@ spec: "name": "DEPENDENCY_JOBS", "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" }, - { - "name": "DEPENDENCY_DAEMONSET", - "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" - }, { "name": "COMMAND", "value": "echo done" @@ -54,7 +50,7 @@ spec: containers: - name: nova-compute image: {{ .Values.image.compute }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 6ffa346f1f..3511c0a2e7 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -49,7 +49,7 @@ spec: containers: - name: nova-libvirt image: {{ .Values.image.libvirt }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 52e21cc12b..2e1a6929f6 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-api + name: nova-api-metadata spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -15,7 +15,7 @@ spec: template: metadata: labels: - app: nova-api + app: nova-api-metadata annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} @@ -52,20 +52,22 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-api + - name: nova-api-metadata image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: capabilities: add: - NET_ADMIN command: - - nova-api-metadata --config-file=/etc/nova/nova.conf + - nova-api-metadata + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.osapi }} + port: {{ .Values.network.port.metadata }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -76,4 +78,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf \ No newline at end of file + path: nova.conf diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 5c294db27e..b37fe438fa 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-osapi + name: nova-api-osapi spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -52,11 +52,16 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-osapi + - name: nova-api-osapi image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN command: - - bash - - /tmp/start-osapi.sh + - nova-api + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.osapi }} readinessProbe: @@ -66,10 +71,6 @@ spec: - name: novaconf mountPath: /etc/nova/nova.conf subPath: nova.conf - volumeMounts: - - name: startsh - mountPath: /tmp/start-osapi.sh - subPath: start-osapi.sh volumes: - name: novaconf configMap: @@ -77,9 +78,3 @@ spec: items: - key: nova.conf path: nova.conf - - name: startsh - configMap: - name: nova-bin - items: - - key: start-osapi.sh - path: start-osapi.sh diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index e5977ef417..1d300e109a 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-conductor image: {{ .Values.image.conductor }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-conductor - --config-file diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index d5688579ff..453647b41e 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-consoleauth image: {{ .Values.image.consoleauth }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-consoleauth - --config-file diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 27cf414e1e..ebef279bc8 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-scheduler image: {{ .Values.image.scheduler }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-scheduler - --config-file diff --git a/nova/values.yaml b/nova/values.yaml index 3444ef8183..199e2e2142 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -209,3 +209,11 @@ endpoints: port: admin: 35357 public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696