openstack/openstack-helm
Code Issues Proposed changes
openstack-helm/nova/templates/statefulset-compute-ironic.yaml
Marek Skrobacki babda24efe
fix: use nova-compute.conf in nova-compute-ironic 
Currently the nova-compute-ironic pod is configured to use full
nova.conf which is not subjects to `nova_compute_redactions`. As a
result, when the nova-compute-ironic starts, following traceback is
printed:

```
❯ kubectl --context uc_iad3_dev-NEW logs nova-compute-ironic-0
Defaulted container "nova-compute-ironic" out of: nova-compute-ironic, init (init)
+ exec nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-ironic.conf
2024-10-29 15:37:28.841 1179391 INFO nova.virt.driver [None req-99e9d536-2b34-4dfc-ac0f-f9680e213913 - - - - - -] Loading compute driver 'ironic.IronicDriver'
2024-10-29 15:37:29.498 1179391 ERROR nova.db.main.api [None req-48b845ff-01ca-4126-8e43-aeaa2675d0e1 - - - - - -] No DB access allowed in nova-compute:   File "/var/lib/openstack/lib/python3.10/site-packages/eventlet/greenthread.py", line 265, in main
    result = function(*args, **kwargs)
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/utils.py", line 664, in context_wrapper
    return func(*args, **kwargs)
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/context.py", line 422, in gather_result
    result = fn(*args, **kwargs)
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/db/main/api.py", line 179, in wrapper
    return f(*args, **kwargs)
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/objects/service.py", line 554, in _db_service_get_minimum_version
    return db.service_get_minimum_version(context, binaries)
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/db/main/api.py", line 238, in wrapper
    _check_db_access()
  File "/var/lib/openstack/lib/python3.10/site-packages/nova/db/main/api.py", line 188, in _check_db_access
    stacktrace = ''.join(traceback.format_stack())
```

According to the https://docs.openstack.org/nova/latest/configuration/config.html#api-database the [`api-database`] config group should not be configured for this service.

Change-Id: Ie53eb250be756d96315c0be623d7aa716565661a
2024-11-26 12:58:51 +00:00

114 lines
5.0 KiB
YAML
Raw Blame History

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_compute_ironic }}
{{- $envAll := . }}
{{- $mounts_nova_compute_ironic := .Values.pod.mounts.nova_compute_ironic.nova_compute_ironic }}
{{- $mounts_nova_compute_ironic_init := .Values.pod.mounts.nova_compute_ironic.init_container }}
{{- $serviceAccountName := "nova-compute-ironic" }}
{{ tuple $envAll "compute_ironic" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nova-compute-ironic
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.compute_ironic }}
selector:
matchLabels:
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
serviceName: "{{ tuple "baremetal" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}-compute"
template:
metadata:
labels:
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.agent.compute_ironic.node_selector_key }}: {{ .Values.labels.agent.compute_ironic.node_selector_value }}
securityContext:
runAsUser: 0
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
{{ tuple $envAll "compute_ironic" $mounts_nova_compute_ironic_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: nova-compute-ironic
{{ tuple $envAll "nova_compute_ironic" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.compute_ironic | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/nova-compute-ironic.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: nova-bin
mountPath: /tmp/nova-compute-ironic.sh
subPath: nova-compute-ironic.sh
readOnly: true
- name: nova-etc
mountPath: /etc/nova/nova-compute.conf
subPath: nova-compute.conf
readOnly: true
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
- name: nova-etc
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: nova-etc
mountPath: /etc/nova/nova-ironic.conf
subPath: nova-ironic.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
- name: varlibironic
mountPath: /var/lib/ironic
{{ if $mounts_nova_compute_ironic.volumeMounts }}{{ toYaml $mounts_nova_compute_ironic.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: nova-bin
configMap:
name: nova-bin
defaultMode: 0555
- name: nova-etc
secret:
secretName: nova-etc
defaultMode: 0444
- name: varlibironic
hostPath:
path: /var/lib/ironic
{{ if $mounts_nova_compute_ironic.volumes }}{{ toYaml $mounts_nova_compute_ironic.volumes | indent 8 }}{{ end }}
{{- end }}
View Git Blame Copy Permalink