Upgrade openstack-helm
Upgrade openstack-helm to below version.
commit 82c72367c85ca94270f702661c7b984899c1ae38
Date: Sat Sep 14 06:40:03 2019 +0000
Merge "Add a config item for novncproxy"
Basic deployment test on AIO/Duplex/Multi virtual setup pass
and VM creation pass.
Story:2006544
Task: 36623
Depends-on: https://review.opendev.org/#/c/683910
Change-Id: I691a9feef856d83d82709a428afabd01abdef2ea
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This commit is contained in:
zhipengl
parent
a1fdee220c
commit
64eab01514
@ -1,8 +1,8 @@
|
||||
TAR_NAME=openstack-helm
|
||||
SHA=6c71637222f47d85681038994f02feac92f75bd2
|
||||
SHA=82c72367c85ca94270f702661c7b984899c1ae38
|
||||
VERSION=1.0.0
|
||||
TAR="$TAR_NAME-$SHA.tar.gz"
|
||||
|
||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
|
||||
|
||||
TIS_PATCH_VER=21
|
||||
TIS_PATCH_VER=22
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
%global sha 6c71637222f47d85681038994f02feac92f75bd2
|
||||
%global sha 82c72367c85ca94270f702661c7b984899c1ae38
|
||||
%global helm_folder /usr/lib/helm
|
||||
%global toolkit_version 0.1.0
|
||||
%global helmchart_version 0.1.0
|
||||
@ -19,27 +19,12 @@ Source2: index.yaml
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
Patch01: 0001-Add-Aodh-Chart.patch
|
||||
Patch02: 0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
|
||||
Patch03: 0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
|
||||
Patch04: 0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
|
||||
Patch05: 0005-Nova-console-ip-address-search-optionality.patch
|
||||
Patch06: 0006-Nova-chart-Support-ephemeral-pool-creation.patch
|
||||
Patch07: 0007-Horizon-Disable-apache2-status_module.patch
|
||||
Patch08: 0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
|
||||
Patch09: 0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
|
||||
Patch10: 0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
|
||||
Patch11: 0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
|
||||
Patch12: 0012-Add-internal-tenant-id-in-conf.patch
|
||||
Patch13: 0013-cinder-allow-configuring-the-rbd-app-name.patch
|
||||
Patch14: 0014-Cinder-Support-backup-driver-specification-by-module.patch
|
||||
Patch15: 0015-Add-Placement-Chart.patch
|
||||
Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
|
||||
Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
|
||||
Patch18: 0018-Nova-add-service-token.patch
|
||||
Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
|
||||
Patch20: 0020-Change-cinder-bootstrap-script.patch
|
||||
Patch21: 0021-Add-config-network-item-for-novncproxy.patch
|
||||
Patch01: 0001-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
|
||||
Patch02: 0002-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
|
||||
Patch03: 0003-Nova-console-ip-address-search-optionality.patch
|
||||
Patch04: 0004-Nova-chart-Support-ephemeral-pool-creation.patch
|
||||
Patch05: 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
|
||||
Patch06: 0006-Add-Placement-Chart.patch
|
||||
|
||||
BuildRequires: helm
|
||||
BuildRequires: openstack-helm-infra
|
||||
@ -56,21 +41,6 @@ Openstack Helm charts
|
||||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
%patch06 -p1
|
||||
%patch07 -p1
|
||||
%patch08 -p1
|
||||
%patch09 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
|
||||
%build
|
||||
# initialize helm and build the toolkit
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,7 @@
|
||||
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Wed, 6 Mar 2019 18:06:06 -0500
|
||||
Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
|
||||
Subject: [PATCH 01] Ceilometer chart: add the ability to publish events to
|
||||
panko
|
||||
|
||||
Ceilometer notification agent sends the events to panko via panko
|
||||
@ -18,26 +18,14 @@ Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 34 insertions(+)
|
||||
ceilometer/values.yaml | 29 +++++++++++++++++++++++++++++
|
||||
1 file changed, 29 insertions(+)
|
||||
|
||||
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
|
||||
index e6ae7e3a..9deade59 100644
|
||||
index 44dda74..1343670 100644
|
||||
--- a/ceilometer/values.yaml
|
||||
+++ b/ceilometer/values.yaml
|
||||
@@ -728,6 +728,11 @@ conf:
|
||||
- name: event_sink
|
||||
publishers:
|
||||
- notifier://
|
||||
+ # The following publisher will enable to publish events to panko.
|
||||
+ # Ocata:
|
||||
+ # - direct://?dispatcher=panko
|
||||
+ # Pike:
|
||||
+ # - panko://
|
||||
transformers: null
|
||||
sources:
|
||||
- events:
|
||||
@@ -1618,6 +1623,8 @@ dependencies:
|
||||
@@ -1706,6 +1706,8 @@ dependencies:
|
||||
service: mongodb
|
||||
- endpoint: internal
|
||||
service: metric
|
||||
@ -46,7 +34,7 @@ index e6ae7e3a..9deade59 100644
|
||||
tests:
|
||||
services:
|
||||
- endpoint: internal
|
||||
@@ -1739,6 +1746,21 @@ endpoints:
|
||||
@@ -1827,6 +1829,21 @@ endpoints:
|
||||
api:
|
||||
default: 8041
|
||||
public: 80
|
||||
@ -68,7 +56,7 @@ index e6ae7e3a..9deade59 100644
|
||||
alarming:
|
||||
name: aodh
|
||||
hosts:
|
||||
@@ -1865,7 +1887,19 @@ pod:
|
||||
@@ -1958,7 +1975,19 @@ pod:
|
||||
init_container: null
|
||||
ceilometer_notification:
|
||||
volumeMounts:
|
||||
@ -85,9 +73,9 @@ index e6ae7e3a..9deade59 100644
|
||||
+ secret:
|
||||
+ secretName: panko-etc
|
||||
+ defaultMode: 0444
|
||||
replicas:
|
||||
api: 1
|
||||
central: 1
|
||||
ceilometer_db_sync:
|
||||
ceilometer_db_sync:
|
||||
volumeMounts:
|
||||
--
|
||||
2.16.5
|
||||
2.7.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Friesen <chris.friesen@windriver.com>
|
||||
Date: Wed, 28 Nov 2018 01:33:39 -0500
|
||||
Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
|
||||
Subject: [PATCH 02] Remove stale Apache2 service pids when a POD starts.
|
||||
|
||||
Stale Apache2 pids will prevent Apache2 from starting and will leave
|
||||
the POD in a crashed state.
|
||||
@ -21,24 +21,24 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
3 files changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
index cdb02f79..392873c7 100644
|
||||
index 25b2f9e..3870b4e 100644
|
||||
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
|
||||
@@ -25,6 +25,9 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
@@ -42,6 +42,9 @@ function start () {
|
||||
fi
|
||||
fi
|
||||
|
||||
+ # Get rid of stale pid file if present.
|
||||
+ rm -f /var/run/apache2/*.pid
|
||||
+
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
|
||||
}
|
||||
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
index 2f127b94..11726809 100644
|
||||
index 384ee8b..4c72310 100644
|
||||
--- a/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
|
||||
@@ -31,10 +31,8 @@ function start () {
|
||||
@@ -43,10 +43,8 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
@ -50,21 +50,21 @@ index 2f127b94..11726809 100644
|
||||
+ rm -f /var/run/apache2/*
|
||||
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
|
||||
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
index f9c8d7c5..b4bcf178 100644
|
||||
index bc15a37..055d079 100644
|
||||
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
|
||||
@@ -28,6 +28,9 @@ function start () {
|
||||
source /etc/apache2/envvars
|
||||
@@ -33,6 +33,9 @@ function start () {
|
||||
fi
|
||||
fi
|
||||
|
||||
+ # Get rid of stale pid file if present.
|
||||
+ rm -f /var/run/apache2/*.pid
|
||||
+
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
}
|
||||
{{- if .Values.conf.software.apache2.a2enmod }}
|
||||
{{- range .Values.conf.software.apache2.a2enmod }}
|
||||
--
|
||||
2.16.5
|
||||
2.7.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Wed, 27 Mar 2019 00:35:57 -0400
|
||||
Subject: [PATCH 05/11] Nova console/ip address search optionality
|
||||
Subject: [PATCH 03] Nova console/ip address search optionality
|
||||
|
||||
Add options to nova to enable/disable the use of:
|
||||
1. the vnc or spice server proxyclient address found by the console
|
||||
@ -20,11 +20,11 @@ Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
|
||||
nova/values.yaml | 2 ++
|
||||
2 files changed, 7 insertions(+), 1 deletion(-)
|
||||
nova/values.yaml | 3 ++-
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
|
||||
index c80da6d6..4927908a 100644
|
||||
index c80da6d..4927908 100644
|
||||
--- a/nova/templates/bin/_nova-compute.sh.tpl
|
||||
+++ b/nova/templates/bin/_nova-compute.sh.tpl
|
||||
@@ -20,6 +20,10 @@ set -ex
|
||||
@ -41,25 +41,26 @@ index c80da6d6..4927908a 100644
|
||||
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
|
||||
+{{- end }}
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 8599027a..0887cecc 100644
|
||||
index 29512ca..7ba2925 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -440,6 +440,7 @@ console:
|
||||
@@ -461,7 +461,7 @@ console:
|
||||
vncproxy:
|
||||
# IF blank, search default routing interface
|
||||
vncserver_proxyclient_interface:
|
||||
-
|
||||
+ address_search_enabled: true
|
||||
|
||||
ssh:
|
||||
key_types:
|
||||
@@ -1433,6 +1434,7 @@ conf:
|
||||
- rsa
|
||||
@@ -1598,6 +1598,7 @@ conf:
|
||||
# If this option is set to None, the hostname of the migration target compute node will be used.
|
||||
live_migration_interface:
|
||||
hypervisor:
|
||||
+ address_search_enabled: true
|
||||
# my_ip can be set automatically through this interface name.
|
||||
host_interface:
|
||||
nova:
|
||||
# This list is the keys to exclude from the config file ingested by nova-compute
|
||||
--
|
||||
2.16.5
|
||||
2.7.4
|
||||
|
||||
@ -1,184 +0,0 @@
|
||||
From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Thu, 10 Jan 2019 00:12:21 -0500
|
||||
Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
|
||||
|
||||
- Fix .ssh/config file mapping
|
||||
- Move private key from nova-compute-ssh container to nova-compute
|
||||
container.
|
||||
- Map private and public keys to configmap-ssh which will default to
|
||||
the appropriate file permissions.
|
||||
- Add additional config to /etc/ssh/sshd_config to allow passwordless
|
||||
root logins over appropriate subnet passed in from overrides.
|
||||
- Remove chmods from sshd bash script as they are failing.
|
||||
|
||||
Depends on helm-toolkit supporting multiple containers per daemonset
|
||||
pod.
|
||||
|
||||
Story: 2003463
|
||||
Task: 24723
|
||||
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++---
|
||||
nova/templates/configmap-etc.yaml | 4 ++--
|
||||
nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++
|
||||
nova/templates/daemonset-compute.yaml | 14 +++++++++-----
|
||||
nova/values.yaml | 5 +++++
|
||||
5 files changed, 67 insertions(+), 10 deletions(-)
|
||||
create mode 100755 nova/templates/configmap-ssh.yaml
|
||||
|
||||
diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
|
||||
index 1c10cb07..158090b0 100644
|
||||
--- a/nova/templates/bin/_ssh-start.sh.tpl
|
||||
+++ b/nova/templates/bin/_ssh-start.sh.tpl
|
||||
@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
|
||||
chown nova: ~nova/.ssh
|
||||
fi
|
||||
|
||||
-chmod 0600 ~root/.ssh/authorized_keys
|
||||
-chmod 0600 ~root/.ssh/id_rsa
|
||||
-chmod 0600 ~root/.ssh/id_rsa.pub
|
||||
+{{- if .Values.network.sshd.enabled }}
|
||||
+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
|
||||
+cat > /tmp/sshd_config_extend <<EOF
|
||||
+
|
||||
+# This Match block prevents Password Authentication for root user
|
||||
+Match User root
|
||||
+ PasswordAuthentication no
|
||||
+
|
||||
+# This Match Block is used to allow Root Login exceptions over the
|
||||
+# internal subnet used by Nova Migrations
|
||||
+Match Address $subnet_address
|
||||
+ PermitRootLogin without-password
|
||||
+EOF
|
||||
+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
|
||||
+rm /tmp/sshd_config_extend
|
||||
+{{- end }}
|
||||
|
||||
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
|
||||
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
|
||||
index 55aa3114..0d1e7a5e 100644
|
||||
--- a/nova/templates/configmap-etc.yaml
|
||||
+++ b/nova/templates/configmap-etc.yaml
|
||||
@@ -232,8 +232,8 @@ data:
|
||||
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
|
||||
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
|
||||
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
|
||||
-# FIXME(portdirect): why is this file suffixed .sh?
|
||||
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
|
||||
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
|
||||
+
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
|
||||
new file mode 100755
|
||||
index 00000000..bab8e330
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/configmap-ssh.yaml
|
||||
@@ -0,0 +1,35 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "nova.configmap.ssh" }}
|
||||
+{{- $envAll := index . 1 }}
|
||||
+{{- with $envAll }}
|
||||
+---
|
||||
+apiVersion: v1
|
||||
+kind: Secret
|
||||
+metadata:
|
||||
+ name: nova-ssh
|
||||
+type: Opaque
|
||||
+data:
|
||||
+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
|
||||
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
|
||||
+
|
||||
+{{- end }}
|
||||
+{{- end }}
|
||||
+
|
||||
+{{- if .Values.manifests.configmap_etc }}
|
||||
+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
|
||||
+{{- end }}
|
||||
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
|
||||
index 09627042..4a7b90b5 100644
|
||||
--- a/nova/templates/daemonset-compute.yaml
|
||||
+++ b/nova/templates/daemonset-compute.yaml
|
||||
@@ -258,6 +258,9 @@ spec:
|
||||
mountPath: /root/.ssh/config
|
||||
subPath: ssh-config
|
||||
readOnly: true
|
||||
+ - name: nova-ssh
|
||||
+ mountPath: /root/.ssh/id_rsa
|
||||
+ subPath: ssh-key-private
|
||||
{{- if .Values.conf.ceph.enabled }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -314,13 +317,10 @@ spec:
|
||||
mountPath: /var/lib/nova
|
||||
- name: varliblibvirt
|
||||
mountPath: /var/lib/libvirt
|
||||
- - name: nova-etc
|
||||
- mountPath: /root/.ssh/id_rsa
|
||||
- subPath: ssh-key-private
|
||||
- - name: nova-etc
|
||||
+ - name: nova-ssh
|
||||
mountPath: /root/.ssh/id_rsa.pub
|
||||
subPath: ssh-key-public
|
||||
- - name: nova-etc
|
||||
+ - name: nova-ssh
|
||||
mountPath: /root/.ssh/authorized_keys
|
||||
subPath: ssh-key-public
|
||||
- name: nova-bin
|
||||
@@ -336,6 +336,10 @@ spec:
|
||||
secret:
|
||||
secretName: {{ $configMapName }}
|
||||
defaultMode: 0444
|
||||
+ - name: nova-ssh
|
||||
+ secret:
|
||||
+ secretName: nova-ssh
|
||||
+ defaultMode: 0400
|
||||
{{- if .Values.conf.ceph.enabled }}
|
||||
- name: etcceph
|
||||
hostPath:
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 7cb4d553..8599027a 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -211,6 +211,9 @@ network:
|
||||
ssh:
|
||||
name: "nova-ssh"
|
||||
port: 8022
|
||||
+ sshd:
|
||||
+ enabled: false
|
||||
+ from_subnet: 0.0.0.0/24
|
||||
|
||||
dependencies:
|
||||
dynamic:
|
||||
@@ -462,6 +465,8 @@ conf:
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
Port {{ .Values.network.ssh.port }}
|
||||
+ ssh_private: 'null'
|
||||
+ ssh_public: 'null'
|
||||
rally_tests:
|
||||
run_tempest: false
|
||||
tests:
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
|
||||
From: Irina Mihai <irina.mihai@windriver.com>
|
||||
Date: Tue, 26 Feb 2019 17:43:53 +0000
|
||||
Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
|
||||
Subject: [PATCH 04] Nova chart: Support ephemeral pool creation
|
||||
|
||||
If libvirt images_type is rbd, then we need to have the
|
||||
images_rbd_pool present. These changes add a new job
|
||||
@ -17,14 +17,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
|
||||
nova/templates/configmap-bin.yaml | 4 +-
|
||||
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
|
||||
nova/values.yaml | 18 ++++
|
||||
4 files changed, 251 insertions(+), 1 deletion(-)
|
||||
nova/values.yaml | 19 +++-
|
||||
4 files changed, 251 insertions(+), 2 deletions(-)
|
||||
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
create mode 100644 nova/templates/job-storage-init.yaml
|
||||
|
||||
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
new file mode 100644
|
||||
index 00000000..f79fcff0
|
||||
index 0000000..f79fcff
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
|
||||
@@ -0,0 +1,75 @@
|
||||
@ -104,7 +104,7 @@ index 00000000..f79fcff0
|
||||
+fi
|
||||
+
|
||||
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
|
||||
index c58b90bd..268434fd 100644
|
||||
index c58b90b..268434f 100644
|
||||
--- a/nova/templates/configmap-bin.yaml
|
||||
+++ b/nova/templates/configmap-bin.yaml
|
||||
@@ -1,5 +1,5 @@
|
||||
@ -125,7 +125,7 @@ index c58b90bd..268434fd 100644
|
||||
cell-setup.sh: |
|
||||
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
|
||||
new file mode 100644
|
||||
index 00000000..7d057fb9
|
||||
index 0000000..7d057fb
|
||||
--- /dev/null
|
||||
+++ b/nova/templates/job-storage-init.yaml
|
||||
@@ -0,0 +1,155 @@
|
||||
@ -285,18 +285,18 @@ index 00000000..7d057fb9
|
||||
+{{- end }}
|
||||
+
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 0887cecc..7245cf82 100644
|
||||
index 7ba2925..97ef1b5 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -87,6 +87,7 @@ images:
|
||||
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
|
||||
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
|
||||
nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial
|
||||
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
|
||||
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
|
||||
test: docker.io/xrally/xrally-openstack:1.3.0
|
||||
image_repo_sync: docker.io/docker:17.07.0
|
||||
local_registry:
|
||||
@@ -461,6 +462,14 @@ conf:
|
||||
@@ -556,6 +557,14 @@ conf:
|
||||
user: "cinder"
|
||||
keyring: null
|
||||
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
||||
@ -311,7 +311,7 @@ index 0887cecc..7245cf82 100644
|
||||
ssh: |
|
||||
Host *
|
||||
StrictHostKeyChecking no
|
||||
@@ -1625,6 +1634,7 @@ secrets:
|
||||
@@ -1797,6 +1806,7 @@ secrets:
|
||||
placement:
|
||||
placement:
|
||||
public: placement-tls-public
|
||||
@ -319,10 +319,11 @@ index 0887cecc..7245cf82 100644
|
||||
|
||||
# typically overridden by environmental
|
||||
# values, but should include all endpoints
|
||||
@@ -2239,6 +2249,13 @@ pod:
|
||||
@@ -2482,7 +2492,13 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
-
|
||||
+ storage_init:
|
||||
+ requests:
|
||||
+ memory: "128Mi"
|
||||
@ -330,10 +331,10 @@ index 0887cecc..7245cf82 100644
|
||||
+ limits:
|
||||
+ memory: "1024Mi"
|
||||
+ cpu: "2000m"
|
||||
|
||||
network_policy:
|
||||
nova:
|
||||
@@ -2302,6 +2319,7 @@ manifests:
|
||||
# TODO(lamt): Need to tighten this ingress for security.
|
||||
@@ -2545,6 +2561,7 @@ manifests:
|
||||
job_ks_placement_service: true
|
||||
job_ks_placement_user: true
|
||||
job_cell_setup: true
|
||||
@ -342,5 +343,5 @@ index 0887cecc..7245cf82 100644
|
||||
pdb_placement: true
|
||||
pdb_osapi: true
|
||||
--
|
||||
2.16.5
|
||||
2.7.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:42:08 -0400
|
||||
Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
|
||||
Subject: [PATCH 05] Nova: Add support for disabling Readiness/Liveness
|
||||
probes
|
||||
|
||||
With the introduction of Readiness/Liveness probes in
|
||||
@ -19,14 +19,14 @@ Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
nova/templates/deployment-novncproxy.yaml | 4 ++++
|
||||
nova/templates/deployment-scheduler.yaml | 4 ++++
|
||||
nova/templates/deployment-spiceproxy.yaml | 4 ++++
|
||||
nova/values.yaml | 27 +++++++++++++++++++++++++++
|
||||
7 files changed, 51 insertions(+)
|
||||
nova/values.yaml | 28 ++++++++++++++++++++++++++++
|
||||
7 files changed, 52 insertions(+)
|
||||
|
||||
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
|
||||
index 4a7b90b5..f508b963 100644
|
||||
index feea6ab..86dc2b9 100644
|
||||
--- a/nova/templates/daemonset-compute.yaml
|
||||
+++ b/nova/templates/daemonset-compute.yaml
|
||||
@@ -181,6 +181,7 @@ spec:
|
||||
@@ -190,6 +190,7 @@ spec:
|
||||
- name: LIBVIRT_CEPH_SECRET_UUID
|
||||
value: "{{ .Values.conf.ceph.secret_uuid }}"
|
||||
{{ end }}
|
||||
@ -34,7 +34,7 @@ index 4a7b90b5..f508b963 100644
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -193,6 +194,8 @@ spec:
|
||||
@@ -202,6 +203,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -43,7 +43,7 @@ index 4a7b90b5..f508b963 100644
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -206,6 +209,7 @@ spec:
|
||||
@@ -215,6 +218,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -52,18 +52,18 @@ index 4a7b90b5..f508b963 100644
|
||||
- /tmp/nova-compute.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
|
||||
index 1e66e419..33d41097 100644
|
||||
index f927afa..0caa006 100644
|
||||
--- a/nova/templates/deployment-conductor.yaml
|
||||
+++ b/nova/templates/deployment-conductor.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
@@ -59,6 +59,7 @@ spec:
|
||||
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -72,6 +73,8 @@ spec:
|
||||
@@ -71,6 +72,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -72,7 +72,7 @@ index 1e66e419..33d41097 100644
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
@@ -84,6 +87,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -81,18 +81,18 @@ index 1e66e419..33d41097 100644
|
||||
- /tmp/nova-conductor.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
|
||||
index 75b66e79..31013eb7 100644
|
||||
index b9cb717..0f590e0 100644
|
||||
--- a/nova/templates/deployment-consoleauth.yaml
|
||||
+++ b/nova/templates/deployment-consoleauth.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
@@ -59,6 +59,7 @@ spec:
|
||||
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -72,6 +73,8 @@ spec:
|
||||
@@ -71,6 +72,8 @@ spec:
|
||||
initialDelaySeconds: 80
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -101,7 +101,7 @@ index 75b66e79..31013eb7 100644
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
@@ -84,6 +87,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -110,13 +110,13 @@ index 75b66e79..31013eb7 100644
|
||||
- /tmp/nova-consoleauth.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
|
||||
index cf9fda02..2611ba80 100644
|
||||
index 42a52af..495c1ac 100644
|
||||
--- a/nova/templates/deployment-novncproxy.yaml
|
||||
+++ b/nova/templates/deployment-novncproxy.yaml
|
||||
@@ -94,14 +94,18 @@ spec:
|
||||
- name: nova-novncproxy
|
||||
@@ -103,14 +103,18 @@ spec:
|
||||
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_novncproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
@ -133,13 +133,13 @@ index cf9fda02..2611ba80 100644
|
||||
- /tmp/nova-console-proxy.sh
|
||||
ports:
|
||||
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
|
||||
index 9611d950..0350c47c 100644
|
||||
index 05ee949..9a30fa6 100644
|
||||
--- a/nova/templates/deployment-scheduler.yaml
|
||||
+++ b/nova/templates/deployment-scheduler.yaml
|
||||
@@ -60,6 +60,7 @@ spec:
|
||||
@@ -59,6 +59,7 @@ spec:
|
||||
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
@ -153,7 +153,7 @@ index 9611d950..0350c47c 100644
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -85,6 +88,7 @@ spec:
|
||||
@@ -86,6 +89,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
@ -162,13 +162,13 @@ index 9611d950..0350c47c 100644
|
||||
- /tmp/nova-scheduler.sh
|
||||
volumeMounts:
|
||||
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
|
||||
index 4507bde4..1b58ec98 100644
|
||||
index a221656..038c85c 100644
|
||||
--- a/nova/templates/deployment-spiceproxy.yaml
|
||||
+++ b/nova/templates/deployment-spiceproxy.yaml
|
||||
@@ -94,14 +94,18 @@ spec:
|
||||
- name: nova-spiceproxy
|
||||
@@ -101,14 +101,18 @@ spec:
|
||||
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_spiceproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
@ -185,10 +185,10 @@ index 4507bde4..1b58ec98 100644
|
||||
- /tmp/nova-console-proxy.sh
|
||||
ports:
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 7245cf82..433ec3af 100644
|
||||
index 97ef1b5..4092329 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -2256,6 +2256,33 @@ pod:
|
||||
@@ -2499,6 +2499,34 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
@ -219,9 +219,10 @@ index 7245cf82..433ec3af 100644
|
||||
+ enabled: true
|
||||
+ nova_spiceproxy:
|
||||
+ enabled: true
|
||||
|
||||
+
|
||||
network_policy:
|
||||
nova:
|
||||
# TODO(lamt): Need to tighten this ingress for security.
|
||||
--
|
||||
2.16.5
|
||||
2.7.4
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:29:26 -0400
|
||||
Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
|
||||
|
||||
a2dismod is not present in the StarlingX httpd based images. Try
|
||||
a2dismod first, then fail back to using sed to remove the module.
|
||||
|
||||
Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
horizon/templates/bin/_horizon.sh.tpl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
|
||||
index dec000f3..55a2c629 100644
|
||||
--- a/horizon/templates/bin/_horizon.sh.tpl
|
||||
+++ b/horizon/templates/bin/_horizon.sh.tpl
|
||||
@@ -28,7 +28,7 @@ function start () {
|
||||
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
|
||||
|
||||
a2enmod rewrite
|
||||
- a2dismod status
|
||||
+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
|
||||
|
||||
if [ -f /etc/apache2/envvars ]; then
|
||||
# Loading Apache2 ENV variables
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,224 +0,0 @@
|
||||
From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 22 Mar 2019 03:37:05 -0400
|
||||
Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
|
||||
probes
|
||||
|
||||
With the introduction of Readiness/Liveness probes in
|
||||
Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
|
||||
preventing successful armada manifest applies.
|
||||
|
||||
Add support to disable the probes.
|
||||
|
||||
Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-l3-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-lb-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-metadata-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-ovs-agent.yaml | 4 ++++
|
||||
neutron/templates/daemonset-sriov-agent.yaml | 4 ++++
|
||||
neutron/values.yaml | 27 +++++++++++++++++++++++++
|
||||
7 files changed, 51 insertions(+)
|
||||
|
||||
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
index 49866f2a..6e1d2928 100644
|
||||
--- a/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
|
||||
@@ -66,6 +66,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -80,6 +81,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 65
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -95,6 +98,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-dhcp-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
|
||||
index 5e0ec194..29e0f3f7 100644
|
||||
--- a/neutron/templates/daemonset-l3-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-l3-agent.yaml
|
||||
@@ -66,6 +66,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -80,6 +81,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 65
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -95,6 +98,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-l3-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
|
||||
index c2b432f7..685893d5 100644
|
||||
--- a/neutron/templates/daemonset-lb-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-lb-agent.yaml
|
||||
@@ -140,12 +140,16 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-linuxbridge-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- -c
|
||||
- 'brctl show'
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-linuxbridge-agent.sh
|
||||
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
|
||||
index 8e92a675..fba132ed 100644
|
||||
--- a/neutron/templates/daemonset-metadata-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-metadata-agent.yaml
|
||||
@@ -87,6 +87,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -99,6 +100,8 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 35
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -112,6 +115,7 @@ spec:
|
||||
initialDelaySeconds: 90
|
||||
periodSeconds: 60
|
||||
timeoutSeconds: 45
|
||||
+ {{- end }}
|
||||
command:
|
||||
- /tmp/neutron-metadata-agent.sh
|
||||
volumeMounts:
|
||||
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
|
||||
index 56061e63..69ee1c2c 100644
|
||||
--- a/neutron/templates/daemonset-ovs-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-ovs-agent.yaml
|
||||
@@ -154,6 +154,7 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-openvswitch-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
|
||||
# ensures this container can can see a br-int
|
||||
# bridge before its marked as ready
|
||||
readinessProbe:
|
||||
@@ -162,6 +163,8 @@ spec:
|
||||
- bash
|
||||
- -c
|
||||
- 'ovs-vsctl list-br | grep -q br-int'
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -177,6 +180,7 @@ spec:
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 90
|
||||
timeoutSeconds: 70
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-openvswitch-agent.sh
|
||||
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
|
||||
index a59e4100..c03b3668 100644
|
||||
--- a/neutron/templates/daemonset-sriov-agent.yaml
|
||||
+++ b/neutron/templates/daemonset-sriov-agent.yaml
|
||||
@@ -129,6 +129,7 @@ spec:
|
||||
privileged: true
|
||||
command:
|
||||
- /tmp/neutron-sriov-agent.sh
|
||||
+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
@@ -141,6 +142,9 @@ spec:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 10
|
||||
+ {{- end }}
|
||||
+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
|
||||
+ {{- end }}
|
||||
volumeMounts:
|
||||
- name: neutron-bin
|
||||
mountPath: /tmp/neutron-sriov-agent.sh
|
||||
diff --git a/neutron/values.yaml b/neutron/values.yaml
|
||||
index 5ab4ca12..1cc67b94 100644
|
||||
--- a/neutron/values.yaml
|
||||
+++ b/neutron/values.yaml
|
||||
@@ -520,6 +520,33 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
+ probes:
|
||||
+ readiness:
|
||||
+ dhcp_agent:
|
||||
+ enabled: true
|
||||
+ l3_agent:
|
||||
+ enabled: true
|
||||
+ lb_agent:
|
||||
+ enabled: true
|
||||
+ metadata_agent:
|
||||
+ enabled: true
|
||||
+ ovs_agent:
|
||||
+ enabled: true
|
||||
+ sriov_agent:
|
||||
+ enabled: true
|
||||
+ liveness:
|
||||
+ dhcp_agent:
|
||||
+ enabled: true
|
||||
+ l3_agent:
|
||||
+ enabled: true
|
||||
+ lb_agent:
|
||||
+ enabled: true
|
||||
+ metadata_agent:
|
||||
+ enabled: true
|
||||
+ ovs_agent:
|
||||
+ enabled: true
|
||||
+ sriov_agent:
|
||||
+ enabled: true
|
||||
|
||||
conf:
|
||||
rally_tests:
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,60 +0,0 @@
|
||||
From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
|
||||
From: Mingyuan Qi <mingyuan.qi@intel.com>
|
||||
Date: Thu, 11 Apr 2019 14:59:11 +0800
|
||||
Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
|
||||
|
||||
Current script does not consider centos distro as base image.
|
||||
Different folder was checked to copy pxe files to tftpboot folder.
|
||||
|
||||
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
|
||||
---
|
||||
.../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++-----
|
||||
1 file changed, 20 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
index b8c4c4c..5fe595f 100644
|
||||
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
|
||||
@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
|
||||
+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
|
||||
+
|
||||
set -ex
|
||||
|
||||
-#NOTE(portdirect): this works round a limitation in Kolla images
|
||||
-if ! dpkg -l ipxe; then
|
||||
- apt-get update
|
||||
- apt-get install ipxe -y
|
||||
+if [[ ! -z $DISTRO_UBUNTU ]]; then
|
||||
+ #NOTE(portdirect): this works round a limitation in Kolla images
|
||||
+ if ! dpkg -l ipxe; then
|
||||
+ apt-get update
|
||||
+ apt-get install ipxe -y
|
||||
+ fi
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/openstack-helm/tftpboot
|
||||
mkdir -p /var/lib/openstack-helm/tftpboot/master_images
|
||||
|
||||
-for FILE in undionly.kpxe ipxe.efi; do
|
||||
+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
|
||||
if [ -f /usr/lib/ipxe/$FILE ]; then
|
||||
cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
|
||||
fi
|
||||
+
|
||||
+ # For CentOS
|
||||
+ if [[ ! -z $DISTRO_CENTOS ]]; then
|
||||
+ if [ -f /var/lib/tftpboot/$FILE ]; then
|
||||
+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
|
||||
+ fi
|
||||
+ if [ -f /usr/share/ipxe/$FILE ]; then
|
||||
+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
|
||||
+ fi
|
||||
+ fi
|
||||
done
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,82 +0,0 @@
|
||||
From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
|
||||
Date: Tue, 9 Apr 2019 10:37:46 +0200
|
||||
Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
|
||||
alive
|
||||
|
||||
Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
|
||||
that is passed to the service, just to find out if it is responding. Because
|
||||
such method does not exist, it is needed to catch and handle the exception
|
||||
that is inevitably thrown by the service.
|
||||
|
||||
While this is technically working correctly, the exceptions pollute the
|
||||
log files and make it harder for user to see possible real errors.
|
||||
|
||||
This is how the error looks like:
|
||||
|
||||
ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
|
||||
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
|
||||
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
|
||||
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
|
||||
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
|
||||
ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method)
|
||||
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
|
||||
|
||||
This situation is new since https://review.openstack.org/#/c/639711/
|
||||
which (correctly) increased the default level of logging. Before 639711
|
||||
error messages from oslo (both real and ones that could be ignored) were not
|
||||
present in nova logs at all.
|
||||
|
||||
Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
|
||||
be used for this basic purpose by all nova components.
|
||||
|
||||
Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
|
||||
---
|
||||
nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
|
||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
|
||||
index 6434e45..4c1aa45 100644
|
||||
--- a/nova/templates/bin/_health-probe.py.tpl
|
||||
+++ b/nova/templates/bin/_health-probe.py.tpl
|
||||
@@ -17,8 +17,8 @@
|
||||
"""
|
||||
Health probe script for OpenStack service that uses RPC/unix domain socket for
|
||||
communication. Check's the RPC tcp socket status on the process and send
|
||||
-message to service through rpc call method and expects a reply. It is expected
|
||||
-to receive failure from the service's RPC server as the method does not exist.
|
||||
+message to service through rpc call method and expects a reply.
|
||||
+Use nova's ping method that is designed just for such simple purpose.
|
||||
|
||||
Script returns failure to Kubernetes only when
|
||||
a. TCP socket for the RPC communication are not established.
|
||||
@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
|
||||
sys.stderr.write() writes to pod's events on failures.
|
||||
|
||||
Usage example for Nova Compute:
|
||||
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
|
||||
+# python health-probe.py --config-file /etc/nova/nova.conf \
|
||||
# --service-queue-name compute
|
||||
|
||||
"""
|
||||
@@ -50,12 +50,15 @@ def check_service_status(transport):
|
||||
"""Verify service status. Return success if service consumes message"""
|
||||
try:
|
||||
target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
|
||||
- server=socket.gethostname())
|
||||
+ server=socket.gethostname(),
|
||||
+ namespace='baseapi',
|
||||
+ version="1.1")
|
||||
client = oslo_messaging.RPCClient(transport, target,
|
||||
timeout=60,
|
||||
retry=2)
|
||||
client.call(context.RequestContext(),
|
||||
- 'pod_health_probe_method_ignore_errors')
|
||||
+ 'ping',
|
||||
+ arg=None)
|
||||
except oslo_messaging.exceptions.MessageDeliveryFailure:
|
||||
# Log to pod events
|
||||
sys.stderr.write("Health probe unable to reach message bus")
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@ -1,307 +0,0 @@
|
||||
From 1fa207d2a503e508f48407881b06e0beaa15b1fa Mon Sep 17 00:00:00 2001
|
||||
From: Liang Fang <liang.a.fang@intel.com>
|
||||
Date: Mon, 25 Mar 2019 10:29:42 -0400
|
||||
Subject: [PATCH 12/14] Add internal tenant id in conf
|
||||
|
||||
Cinder raw cache feature requires internal tenant id be set in
|
||||
/etc/cinder/cinder.conf, something like:
|
||||
|
||||
cinder_internal_tenant_project_id = b7455b8974bb4064ad247c8f375eae6c
|
||||
cinder_internal_tenant_user_id = f46924c112a14c80ab0a24a613d95eef
|
||||
|
||||
This patch get or create if not exist intenal user id and project id, and then
|
||||
set in cinder.conf
|
||||
|
||||
reference: Cinder cache feature:
|
||||
https://docs.openstack.org/cinder/latest/admin/blockstorage-image-volume-cache.html
|
||||
|
||||
Story: 2004869
|
||||
Task: 29121
|
||||
Change-Id: I07954d2efa905a56ca8482d0ec147534c97d01ea
|
||||
Signed-off-by: Liang Fang <liang.a.fang@intel.com>
|
||||
(cherry picked from commit d1c8e778a733539695d89c21ed4746265e0f1edf)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_cinder-volume.sh.tpl | 3 +-
|
||||
.../bin/_create-internal-tenant-id.sh.tpl | 31 ++++++++
|
||||
.../bin/_retrieve-internal-tenant-id.sh.tpl | 32 +++++++++
|
||||
cinder/templates/configmap-bin.yaml | 4 ++
|
||||
cinder/templates/deployment-volume.yaml | 31 ++++++++
|
||||
cinder/templates/job-create-internal-tenant.yaml | 83 ++++++++++++++++++++++
|
||||
cinder/values.yaml | 4 ++
|
||||
7 files changed, 187 insertions(+), 1 deletion(-)
|
||||
create mode 100755 cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
create mode 100755 cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
create mode 100644 cinder/templates/job-create-internal-tenant.yaml
|
||||
|
||||
diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
index 64aa3828..a248f352 100644
|
||||
--- a/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
+++ b/cinder/templates/bin/_cinder-volume.sh.tpl
|
||||
@@ -19,4 +19,5 @@ limitations under the License.
|
||||
set -ex
|
||||
exec cinder-volume \
|
||||
--config-file /etc/cinder/cinder.conf \
|
||||
- --config-file /etc/cinder/conf/backends.conf
|
||||
+ --config-file /etc/cinder/conf/backends.conf \
|
||||
+ --config-file /tmp/pod-shared/internal_tenant.conf
|
||||
diff --git a/cinder/templates/bin/_create-internal-tenant-id.sh.tpl b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
new file mode 100755
|
||||
index 00000000..10582564
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/bin/_create-internal-tenant-id.sh.tpl
|
||||
@@ -0,0 +1,31 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+set -ex
|
||||
+
|
||||
+
|
||||
+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
|
||||
+ --domain="${PROJECT_DOMAIN_ID}" \
|
||||
+ "${INTERNAL_PROJECT_NAME}");
|
||||
+
|
||||
+USER_ID=$(openstack user create --or-show --enable -f value -c id \
|
||||
+ --domain="${USER_DOMAIN_ID}" \
|
||||
+ --project-domain="${PROJECT_DOMAIN_ID}" \
|
||||
+ --project="${USER_PROJECT_ID}" \
|
||||
+ "${INTERNAL_USER_NAME}");
|
||||
+
|
||||
diff --git a/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
new file mode 100755
|
||||
index 00000000..b85f69fd
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/bin/_retrieve-internal-tenant-id.sh.tpl
|
||||
@@ -0,0 +1,32 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+set -ex
|
||||
+
|
||||
+
|
||||
+USER_PROJECT_ID=$(openstack project show -f value -c id \
|
||||
+ "${INTERNAL_PROJECT_NAME}");
|
||||
+
|
||||
+USER_ID=$(openstack user show -f value -c id \
|
||||
+ "${INTERNAL_USER_NAME}");
|
||||
+
|
||||
+tee /tmp/pod-shared/internal_tenant.conf <<EOF
|
||||
+[DEFAULT]
|
||||
+cinder_internal_tenant_project_id = ${USER_PROJECT_ID}
|
||||
+cinder_internal_tenant_user_id = ${USER_ID}
|
||||
+EOF
|
||||
diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
|
||||
index 0cfd6af2..df96fabf 100644
|
||||
--- a/cinder/templates/configmap-bin.yaml
|
||||
+++ b/cinder/templates/configmap-bin.yaml
|
||||
@@ -41,6 +41,10 @@ data:
|
||||
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
|
||||
ks-user.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
|
||||
+ create-internal-tenant.sh: |
|
||||
+{{ tuple "bin/_create-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
+ retrieve-internal-tenant.sh: |
|
||||
+{{ tuple "bin/_retrieve-internal-tenant-id.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
cinder-api.sh: |
|
||||
{{ tuple "bin/_cinder-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
cinder-backup.sh: |
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
index a34b4532..17902c02 100644
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -90,6 +90,33 @@ spec:
|
||||
- name: cinder-coordination
|
||||
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
|
||||
{{ end }}
|
||||
+ - name: init-cinder-conf
|
||||
+ image: {{ .Values.images.tags.ks_user }}
|
||||
+ imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
+ securityContext:
|
||||
+ runAsUser: 0
|
||||
+ command:
|
||||
+ - /tmp/retrieve-internal-tenant.sh
|
||||
+ volumeMounts:
|
||||
+ - name: cinder-bin
|
||||
+ mountPath: /tmp/retrieve-internal-tenant.sh
|
||||
+ subPath: retrieve-internal-tenant.sh
|
||||
+ readOnly: true
|
||||
+ - name: pod-shared
|
||||
+ mountPath: /tmp/pod-shared
|
||||
+ env:
|
||||
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: INTERNAL_PROJECT_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
|
||||
+ - name: INTERNAL_USER_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
|
||||
+
|
||||
+{{- with $env := dict "ksUserSecret" (index .Values.secrets.identity "cinder" ) }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+
|
||||
containers:
|
||||
- name: cinder-volume
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
@@ -102,6 +129,8 @@ spec:
|
||||
mountPath: /tmp/cinder-volume.sh
|
||||
subPath: cinder-volume.sh
|
||||
readOnly: true
|
||||
+ - name: pod-shared
|
||||
+ mountPath: /tmp/pod-shared
|
||||
- name: cinder-etc
|
||||
mountPath: /etc/cinder/cinder.conf
|
||||
subPath: cinder.conf
|
||||
@@ -168,6 +197,8 @@ spec:
|
||||
{{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
+ - name: pod-shared
|
||||
+ emptyDir: {}
|
||||
- name: ceph-etc
|
||||
configMap:
|
||||
name: {{ .Values.ceph_client.configmap }}
|
||||
diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml
|
||||
new file mode 100644
|
||||
index 00000000..2371a922
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/job-create-internal-tenant.yaml
|
||||
@@ -0,0 +1,83 @@
|
||||
+{{/*
|
||||
+Copyright 2019 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.job_create_internal_tenant }}
|
||||
+{{- $envAll := . }}
|
||||
+
|
||||
+{{- $serviceName := "cinder" }}
|
||||
+{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
|
||||
+{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
|
||||
+{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
|
||||
+{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
|
||||
+
|
||||
+{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "create-internal-tenant" }}
|
||||
+{{ tuple $envAll "create-internal-tenant" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
+---
|
||||
+apiVersion: batch/v1
|
||||
+kind: Job
|
||||
+metadata:
|
||||
+ name: {{ printf "%s-%s" $serviceUserPretty "create-internal-tenant" | quote }}
|
||||
+spec:
|
||||
+ template:
|
||||
+ metadata:
|
||||
+ labels:
|
||||
+{{ tuple $envAll $serviceName "create-internal-tenant" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
+ spec:
|
||||
+ serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
+ restartPolicy: OnFailure
|
||||
+ nodeSelector:
|
||||
+{{ toYaml $nodeSelector | indent 8 }}
|
||||
+ initContainers:
|
||||
+{{ tuple $envAll "create_internal_tenant" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
+ containers:
|
||||
+ - name: create-internal-tenant
|
||||
+ image: {{ $envAll.Values.images.tags.ks_user }}
|
||||
+ imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
+ command:
|
||||
+ - /tmp/create-internal-tenant.sh
|
||||
+ volumeMounts:
|
||||
+ - name: create-internal-tenant-sh
|
||||
+ mountPath: /tmp/create-internal-tenant.sh
|
||||
+ subPath: create-internal-tenant.sh
|
||||
+ readOnly: true
|
||||
+ env:
|
||||
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: SERVICE_OS_SERVICE_NAME
|
||||
+ value: {{ $serviceName | quote }}
|
||||
+ - name: INTERNAL_PROJECT_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_project_name | quote }}
|
||||
+ - name: INTERNAL_USER_NAME
|
||||
+ value: {{ .Values.conf.cinder.DEFAULT.internal_user_name | quote }}
|
||||
+
|
||||
+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
|
||||
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
+{{- end }}
|
||||
+ - name: SERVICE_OS_ROLES
|
||||
+ {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }}
|
||||
+ {{- if kindIs "slice" $serviceOsRoles }}
|
||||
+ value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }}
|
||||
+ {{- else }}
|
||||
+ value: {{ $serviceOsRoles | quote }}
|
||||
+ {{- end }}
|
||||
+ volumes:
|
||||
+ - name: create-internal-tenant-sh
|
||||
+ configMap:
|
||||
+ name: {{ $configMapBin | quote }}
|
||||
+ defaultMode: 0555
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 0256bf3f..39027e9b 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -771,6 +771,9 @@ conf:
|
||||
# Backup: Posix options
|
||||
backup_posix_path: /var/lib/cinder/backup
|
||||
auth_strategy: keystone
|
||||
+ # Internal tenant id
|
||||
+ internal_project_name: internal_cinder
|
||||
+ internal_user_name: internal_cinder
|
||||
database:
|
||||
max_retries: -1
|
||||
keystone_authtoken:
|
||||
@@ -1349,6 +1352,7 @@ manifests:
|
||||
job_backup_storage_init: true
|
||||
job_bootstrap: true
|
||||
job_clean: true
|
||||
+ job_create_internal_tenant: true
|
||||
job_db_init: true
|
||||
job_image_repo_sync: true
|
||||
job_rabbit_init: true
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,89 +0,0 @@
|
||||
From 88656adf554e01d851c297533ceb1dced329bc2c Mon Sep 17 00:00:00 2001
|
||||
From: Itxaka <igarcia@suse.com>
|
||||
Date: Tue, 28 May 2019 13:21:40 +0200
|
||||
Subject: [PATCH 13/14] cinder: allow configuring the rbd app name
|
||||
|
||||
Instead of hardcoding it, let us override it with
|
||||
custom values for normal volumes and backups
|
||||
|
||||
Change-Id: I3abb343877abd0436c592a3371372f82ef581790
|
||||
(cherry picked from commit c38443de4c852e86fb9845777bd67657392835fc)
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
|
||||
cinder/templates/bin/_storage-init.sh.tpl | 2 +-
|
||||
cinder/templates/job-backup-storage-init.yaml | 2 ++
|
||||
cinder/templates/job-storage-init.yaml | 2 ++
|
||||
cinder/values.yaml | 4 ++++
|
||||
5 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
index 52c8e6bf..af9886ad 100644
|
||||
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
@@ -44,7 +44,7 @@ elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
ceph osd pool set $1 nosizechange ${size_protection}
|
||||
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
|
||||
}
|
||||
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-backup"
|
||||
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
|
||||
|
||||
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
echo "Cephx user client.${RBD_POOL_USER} already exists"
|
||||
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
|
||||
index 9288ec5f..bbc31938 100644
|
||||
--- a/cinder/templates/bin/_storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_storage-init.sh.tpl
|
||||
@@ -41,7 +41,7 @@ if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
|
||||
ceph osd pool set $1 nosizechange ${size_protection}
|
||||
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
|
||||
}
|
||||
- ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "cinder-volume"
|
||||
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
|
||||
|
||||
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
echo "Cephx user client.${RBD_POOL_USER} already exist."
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index a073940c..7b0e50e1 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -109,6 +109,8 @@ spec:
|
||||
{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
+ - name: RBD_POOL_APP_NAME
|
||||
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
index 1d4819c2..27081816 100644
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -100,6 +100,8 @@ spec:
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
|
||||
+ - name: RBD_POOL_APP_NAME
|
||||
+ value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 39027e9b..bef7b374 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -302,6 +302,10 @@ ceph_client:
|
||||
user_secret_name: pvc-ceph-client-key
|
||||
|
||||
conf:
|
||||
+ software:
|
||||
+ rbd:
|
||||
+ rbd_pool_app_name_backup: cinder-backup
|
||||
+ rbd_pool_app_name: cinder-volume
|
||||
paste:
|
||||
composite:osapi_volume:
|
||||
use: call:cinder.api:root_app_factory
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,241 +0,0 @@
|
||||
From a5c47db5550926bcf2d4dbd5667ad74e00b2ed97 Mon Sep 17 00:00:00 2001
|
||||
From: Robert Church <robert.church@windriver.com>
|
||||
Date: Fri, 24 May 2019 02:43:15 -0400
|
||||
Subject: [PATCH 14/14] Cinder: Support backup driver specification by module
|
||||
or class name
|
||||
|
||||
During the Queens cycle, Cinder introduced the ability to specify the
|
||||
backup driver via class name and deprecated backup driver initialization
|
||||
using the module name. (Id6bee9e7d0da8ead224a04f86fe79ddfb5b286cf)
|
||||
|
||||
Legacy support for initialization by module name was dropped in Stein.
|
||||
(I3ada2dee1857074746b1893b82dd5f6641c6e579)
|
||||
|
||||
This change will support both methods of initialization and leave the
|
||||
driver defaults enabled for module based initialization (valid through
|
||||
Rocky images).
|
||||
|
||||
This change has been tested using the OSH default Cinder (Ocata) images
|
||||
and StarlingX images based on master (Train).
|
||||
|
||||
Change-Id: Iec7bc6f4dd089aaa08ca652bebd9a10ef49da556
|
||||
Signed-off-by: Robert Church <robert.church@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_backup-storage-init.sh.tpl | 8 ++++----
|
||||
cinder/templates/configmap-etc.yaml | 2 +-
|
||||
cinder/templates/deployment-backup.yaml | 16 ++++++++--------
|
||||
cinder/templates/job-backup-storage-init.yaml | 8 ++++----
|
||||
cinder/templates/job-clean.yaml | 4 ++--
|
||||
cinder/templates/pvc-backup.yaml | 2 +-
|
||||
cinder/values.yaml | 4 ++++
|
||||
7 files changed, 24 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
index af9886ad..10069f17 100644
|
||||
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
|
||||
@@ -17,7 +17,7 @@ limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -x
|
||||
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
|
||||
SECRET=$(mktemp --suffix .yaml)
|
||||
KEYRING=$(mktemp --suffix .keyring)
|
||||
function cleanup {
|
||||
@@ -27,10 +27,10 @@ if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
fi
|
||||
|
||||
set -ex
|
||||
-if [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.swift" ] || \
|
||||
- [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.posix" ]; then
|
||||
+if [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.swift' ]] || \
|
||||
+ [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.posix' ]]; then
|
||||
echo "INFO: no action required to use $STORAGE_BACKEND"
|
||||
-elif [ "x$STORAGE_BACKEND" == "xcinder.backup.drivers.ceph" ]; then
|
||||
+elif [[ $STORAGE_BACKEND =~ 'cinder.backup.drivers.ceph' ]]; then
|
||||
ceph -s
|
||||
function ensure_pool () {
|
||||
ceph osd pool stats $1 || ceph osd pool create $1 $2
|
||||
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
|
||||
index 5ed73db6..e13851ed 100644
|
||||
--- a/cinder/templates/configmap-etc.yaml
|
||||
+++ b/cinder/templates/configmap-etc.yaml
|
||||
@@ -63,7 +63,7 @@ limitations under the License.
|
||||
{{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "glance_api_servers" -}}
|
||||
{{- end -}}
|
||||
|
||||
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.swift" }}
|
||||
+{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_auth_version -}}
|
||||
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_auth_version" "3" -}}
|
||||
{{- end -}}
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
index fdce03a9..bffd774c 100644
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
{{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -98,7 +98,7 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-volume-perms
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -150,7 +150,7 @@ spec:
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
readOnly: true
|
||||
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -164,7 +164,7 @@ spec:
|
||||
subPath: external-backup-ceph.conf
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
@@ -176,7 +176,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-backup
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
|
||||
{{- end }}
|
||||
@@ -213,7 +213,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
@@ -221,7 +221,7 @@ spec:
|
||||
name: {{ .Values.ceph_client.configmap }}
|
||||
defaultMode: 0444
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.backup | quote }}
|
||||
@@ -231,7 +231,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.volume | quote }}
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-backup
|
||||
persistentVolumeClaim:
|
||||
claimName: cinder-backup
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index 7b0e50e1..a43ba998 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "backup_storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -106,7 +106,7 @@ spec:
|
||||
fieldPath: metadata.namespace
|
||||
- name: STORAGE_BACKEND
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_driver | quote }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
@@ -129,7 +129,7 @@ spec:
|
||||
mountPath: /tmp/backup-storage-init.sh
|
||||
subPath: backup-storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -155,7 +155,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
|
||||
index d85234ed..54fd41e7 100644
|
||||
--- a/cinder/templates/job-clean.yaml
|
||||
+++ b/cinder/templates/job-clean.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
-{{ if or (eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph") (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
|
||||
{{- $serviceAccountName := print "cinder-clean" }}
|
||||
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
subPath: clean-secrets.sh
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.ceph" }}
|
||||
+ {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: cinder-volume-backup-secret-clean
|
||||
{{ tuple $envAll "cinder_backup_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
diff --git a/cinder/templates/pvc-backup.yaml b/cinder/templates/pvc-backup.yaml
|
||||
index b2e851dc..94d63d0e 100644
|
||||
--- a/cinder/templates/pvc-backup.yaml
|
||||
+++ b/cinder/templates/pvc-backup.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.pvc_backup }}
|
||||
{{- $envAll := . }}
|
||||
-{{- if eq .Values.conf.cinder.DEFAULT.backup_driver "cinder.backup.drivers.posix" }}
|
||||
+{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index bef7b374..362f6918 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -767,6 +767,10 @@ conf:
|
||||
enabled_backends: "rbd1"
|
||||
# NOTE(portdirect): "cinder.backup.drivers.ceph" and
|
||||
# "cinder.backup.drivers.posix" also supported
|
||||
+ # NOTE(rchurch): As of Stein, drivers by class name are required
|
||||
+ # - cinder.backup.drivers.swift.SwiftBackupDriver
|
||||
+ # - cinder.backup.drivers.ceph.CephBackupDriver
|
||||
+ # - cinder.backup.drivers.posix.PosixBackupDriver
|
||||
backup_driver: "cinder.backup.drivers.swift"
|
||||
# Backup: Ceph RBD options
|
||||
backup_ceph_conf: "/etc/ceph/ceph.conf"
|
||||
--
|
||||
2.16.5
|
||||
|
||||
@ -1,229 +0,0 @@
|
||||
From 4e4a8197f90ba90c5bfbad02698ad351e7e92125 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Badea <daniel.badea@windriver.com>
|
||||
Date: Wed, 12 Jun 2019 14:07:17 +0000
|
||||
Subject: [PATCH 1/2] Cinder rename is_ceph_volume configured
|
||||
|
||||
When using multiple ceph backends there is more than
|
||||
one ceph 'volume' configured. Rename template to
|
||||
_has_ceph_backend.
|
||||
---
|
||||
cinder/templates/deployment-backup.yaml | 8 +++----
|
||||
cinder/templates/deployment-volume.yaml | 6 +++---
|
||||
cinder/templates/job-clean.yaml | 4 ++--
|
||||
cinder/templates/job-storage-init.yaml | 8 +++----
|
||||
cinder/templates/utils/_has_ceph_backend.tpl | 25 ++++++++++++++++++++++
|
||||
.../templates/utils/_is_ceph_volume_configured.tpl | 25 ----------------------
|
||||
6 files changed, 38 insertions(+), 38 deletions(-)
|
||||
mode change 100644 => 100755 cinder/templates/deployment-backup.yaml
|
||||
mode change 100644 => 100755 cinder/templates/deployment-volume.yaml
|
||||
mode change 100644 => 100755 cinder/templates/job-clean.yaml
|
||||
mode change 100644 => 100755 cinder/templates/job-storage-init.yaml
|
||||
create mode 100644 cinder/templates/utils/_has_ceph_backend.tpl
|
||||
delete mode 100644 cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index bffd774..74e38ba
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -150,7 +150,7 @@ spec:
|
||||
mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
|
||||
readOnly: true
|
||||
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
{{- if not .Values.backup.external_ceph_rbd.enabled }}
|
||||
@@ -213,7 +213,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+ {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
@@ -226,7 +226,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.backup | quote }}
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.rbd.volume | quote }}
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 17902c0..a274d12
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -143,7 +143,7 @@ spec:
|
||||
mountPath: /etc/cinder/conf/backends.conf
|
||||
subPath: backends.conf
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
@@ -194,7 +194,7 @@ spec:
|
||||
secret:
|
||||
secretName: cinder-etc
|
||||
defaultMode: 0444
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: pod-shared
|
||||
diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 54fd41e..f0da8d4
|
||||
--- a/cinder/templates/job-clean.yaml
|
||||
+++ b/cinder/templates/job-clean.yaml
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
-{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.is_ceph_volume_configured" $envAll) }}
|
||||
+{{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (include "cinder.utils.has_ceph_backend" $envAll) }}
|
||||
|
||||
{{- $serviceAccountName := print "cinder-clean" }}
|
||||
{{ tuple $envAll "clean" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll "clean" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: cinder-volume-rbd-secret-clean
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index 2708181..99128db
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -65,7 +65,7 @@ spec:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
@@ -95,7 +95,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: STORAGE_BACKEND
|
||||
value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
@@ -120,7 +120,7 @@ spec:
|
||||
mountPath: /tmp/storage-init.sh
|
||||
subPath: storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
@@ -139,7 +139,7 @@ spec:
|
||||
configMap:
|
||||
name: cinder-bin
|
||||
defaultMode: 0555
|
||||
- {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }}
|
||||
+ {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
- name: ceph-etc
|
||||
diff --git a/cinder/templates/utils/_has_ceph_backend.tpl b/cinder/templates/utils/_has_ceph_backend.tpl
|
||||
new file mode 100644
|
||||
index 0000000..0ff7ae5
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_has_ceph_backend.tpl
|
||||
@@ -0,0 +1,25 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "cinder.utils.has_ceph_backend" -}}
|
||||
+ {{- $has_ceph := false -}}
|
||||
+ {{- range $_, $backend := .Values.conf.backends -}}
|
||||
+ {{- if kindIs "map" $backend -}}
|
||||
+ {{- $has_ceph = or $has_ceph (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+ {{- $has_ceph -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_is_ceph_volume_configured.tpl b/cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
deleted file mode 100644
|
||||
index 63f2a73..0000000
|
||||
--- a/cinder/templates/utils/_is_ceph_volume_configured.tpl
|
||||
+++ /dev/null
|
||||
@@ -1,25 +0,0 @@
|
||||
-{{/*
|
||||
-Copyright 2017 The Openstack-Helm Authors.
|
||||
-
|
||||
-Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-you may not use this file except in compliance with the License.
|
||||
-You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
-Unless required by applicable law or agreed to in writing, software
|
||||
-distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-See the License for the specific language governing permissions and
|
||||
-limitations under the License.
|
||||
-*/}}
|
||||
-
|
||||
-{{- define "cinder.utils.is_ceph_volume_configured" -}}
|
||||
-{{- range $section, $values := .Values.conf.backends -}}
|
||||
-{{- if kindIs "map" $values -}}
|
||||
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
-true
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,305 +0,0 @@
|
||||
From 05919ef2fd1ffc24ca389e4d9ecb54bf621031bd Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Badea <daniel.badea@windriver.com>
|
||||
Date: Wed, 12 Jun 2019 15:03:43 +0000
|
||||
Subject: [PATCH 2/2] Cinder support multiple ceph volume backends
|
||||
|
||||
Add support for multiple cinder volume ceph backends.
|
||||
---
|
||||
cinder/templates/deployment-backup.yaml | 9 +++---
|
||||
cinder/templates/deployment-volume.yaml | 9 +++---
|
||||
cinder/templates/job-backup-storage-init.yaml | 2 +-
|
||||
cinder/templates/job-storage-init.yaml | 28 +++++++++--------
|
||||
cinder/templates/utils/_ceph_backend_list.tpl | 36 ++++++++++++++++++++++
|
||||
.../templates/utils/_ceph_volume_section_name.tpl | 25 ---------------
|
||||
cinder/templates/utils/_is_ceph_backend.tpl | 21 +++++++++++++
|
||||
cinder/values.yaml | 6 ++--
|
||||
8 files changed, 86 insertions(+), 50 deletions(-)
|
||||
create mode 100644 cinder/templates/utils/_ceph_backend_list.tpl
|
||||
delete mode 100644 cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
create mode 100644 cinder/templates/utils/_is_ceph_backend.tpl
|
||||
|
||||
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
|
||||
index 74e38ba..23b67fe 100755
|
||||
--- a/cinder/templates/deployment-backup.yaml
|
||||
+++ b/cinder/templates/deployment-backup.yaml
|
||||
@@ -76,8 +76,9 @@ spec:
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- - name: ceph-keyring-placement
|
||||
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
|
||||
+ {{- $backend := index $envAll.Values.conf.backends $name }}
|
||||
+ - name: ceph-keyring-placement-{{$name}}
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -85,7 +86,7 @@ spec:
|
||||
- /tmp/ceph-keyring.sh
|
||||
env:
|
||||
- name: RBD_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
volumeMounts:
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -97,7 +98,7 @@ spec:
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
- {{ end }}
|
||||
+ {{- end }}
|
||||
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
|
||||
- name: ceph-backup-volume-perms
|
||||
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
|
||||
index a274d12..f791cfa 100755
|
||||
--- a/cinder/templates/deployment-volume.yaml
|
||||
+++ b/cinder/templates/deployment-volume.yaml
|
||||
@@ -54,8 +54,9 @@ spec:
|
||||
{{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "volume" $mounts_cinder_volume_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
- - name: ceph-keyring-placement
|
||||
+ {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
|
||||
+ {{- $backend := index $envAll.Values.conf.backends $name }}
|
||||
+ - name: ceph-keyring-placement-{{$name}}
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -63,7 +64,7 @@ spec:
|
||||
- /tmp/ceph-keyring.sh
|
||||
env:
|
||||
- name: RBD_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
volumeMounts:
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
@@ -75,7 +76,7 @@ spec:
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
- {{ end }}
|
||||
+ {{- end }}
|
||||
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
|
||||
- name: ceph-coordination-volume-perms
|
||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
|
||||
index a43ba99..f3a83a9 100644
|
||||
--- a/cinder/templates/job-backup-storage-init.yaml
|
||||
+++ b/cinder/templates/job-backup-storage-init.yaml
|
||||
@@ -110,7 +110,7 @@ spec:
|
||||
- name: RBD_POOL_NAME
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name_backup | quote }}
|
||||
+ value: {{ .Values.conf.ceph.pools.backup.app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
|
||||
index 99128db..5635feb 100755
|
||||
--- a/cinder/templates/job-storage-init.yaml
|
||||
+++ b/cinder/templates/job-storage-init.yaml
|
||||
@@ -87,7 +87,9 @@ spec:
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
containers:
|
||||
- - name: cinder-storage-init
|
||||
+ {{- range $name, $backend := .Values.conf.backends }}
|
||||
+ {{- if kindIs "map" $backend }}
|
||||
+ - name: cinder-storage-init-{{$name}}
|
||||
{{ tuple $envAll "cinder_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
@@ -95,23 +97,23 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
|
||||
- name: STORAGE_BACKEND
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "volume_driver" | quote }}
|
||||
+ value: {{ $backend.volume_driver | quote }}
|
||||
- name: RBD_POOL_NAME
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_pool" | quote }}
|
||||
+ value: {{ $backend.rbd_pool | quote }}
|
||||
- name: RBD_POOL_APP_NAME
|
||||
- value: {{ .Values.conf.software.rbd.rbd_pool_app_name | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).app_name | quote }}
|
||||
- name: RBD_POOL_USER
|
||||
- value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }}
|
||||
+ value: {{ $backend.rbd_user | quote }}
|
||||
- name: RBD_POOL_CRUSH_RULE
|
||||
- value: {{ .Values.conf.ceph.pools.volume.crush_rule | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).crush_rule | quote }}
|
||||
- name: RBD_POOL_REPLICATION
|
||||
- value: {{ .Values.conf.ceph.pools.volume.replication | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).replication | quote }}
|
||||
- name: RBD_POOL_CHUNK_SIZE
|
||||
- value: {{ .Values.conf.ceph.pools.volume.chunk_size | quote }}
|
||||
+ value: {{ (index $envAll.Values.conf.ceph.pools $backend.rbd_pool).chunk_size | quote }}
|
||||
- name: RBD_POOL_SECRET
|
||||
- value: {{ .Values.secrets.rbd.volume | quote }}
|
||||
+ value: {{ $envAll.Values.secrets.rbd.volume | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/storage-init.sh
|
||||
@@ -120,20 +122,22 @@ spec:
|
||||
mountPath: /tmp/storage-init.sh
|
||||
subPath: storage-init.sh
|
||||
readOnly: true
|
||||
- {{- if include "cinder.utils.has_ceph_backend" $envAll }}
|
||||
+ {{- if include "cinder.utils.is_ceph_backend" $backend }}
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-etc
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
- {{- if empty .Values.conf.ceph.admin_keyring }}
|
||||
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
|
||||
- name: ceph-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+ {{- end }}
|
||||
+ {{- end }}
|
||||
volumes:
|
||||
- name: cinder-bin
|
||||
configMap:
|
||||
diff --git a/cinder/templates/utils/_ceph_backend_list.tpl b/cinder/templates/utils/_ceph_backend_list.tpl
|
||||
new file mode 100644
|
||||
index 0000000..bd681e6
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_ceph_backend_list.tpl
|
||||
@@ -0,0 +1,36 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- /*
|
||||
+ Return string with all ceph backends separated by comma. The list
|
||||
+ is either empty or it starts with a comma. Assuming "a", "b" and
|
||||
+ "c" are ceph backends then ceph_backend_list returns ",a,b,c".
|
||||
+ This means the first element in the returned list representation
|
||||
+ can always be skipped.
|
||||
+
|
||||
+ Usage:
|
||||
+ range $name := rest (splitList include "cinder.utils.ceph_backend_list" $)
|
||||
+*/ -}}
|
||||
+{{- define "cinder.utils.ceph_backend_list" -}}
|
||||
+ {{- range $name, $backend := .Values.conf.backends -}}
|
||||
+ {{- if kindIs "map" $backend }}
|
||||
+ {{- if (eq $backend.volume_driver "cinder.volume.drivers.rbd.RBDDriver") -}}
|
||||
+ {{- "," -}}
|
||||
+ {{- $name -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+ {{- end -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_ceph_volume_section_name.tpl b/cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
deleted file mode 100644
|
||||
index af16d6a..0000000
|
||||
--- a/cinder/templates/utils/_ceph_volume_section_name.tpl
|
||||
+++ /dev/null
|
||||
@@ -1,25 +0,0 @@
|
||||
-{{/*
|
||||
-Copyright 2017 The Openstack-Helm Authors.
|
||||
-
|
||||
-Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-you may not use this file except in compliance with the License.
|
||||
-You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
-Unless required by applicable law or agreed to in writing, software
|
||||
-distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-See the License for the specific language governing permissions and
|
||||
-limitations under the License.
|
||||
-*/}}
|
||||
-
|
||||
-{{- define "cinder.utils.ceph_volume_section_name" -}}
|
||||
-{{- range $section, $values := .Values.conf.backends -}}
|
||||
-{{- if kindIs "map" $values -}}
|
||||
-{{- if eq $values.volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
-{{ $section }}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
-{{- end -}}
|
||||
diff --git a/cinder/templates/utils/_is_ceph_backend.tpl b/cinder/templates/utils/_is_ceph_backend.tpl
|
||||
new file mode 100644
|
||||
index 0000000..3d5c3be
|
||||
--- /dev/null
|
||||
+++ b/cinder/templates/utils/_is_ceph_backend.tpl
|
||||
@@ -0,0 +1,21 @@
|
||||
+{{/*
|
||||
+Copyright 2017 The Openstack-Helm Authors.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- define "cinder.utils.is_ceph_backend" -}}
|
||||
+ {{- if kindIs "map" . -}}
|
||||
+ {{- eq .volume_driver "cinder.volume.drivers.rbd.RBDDriver" -}}
|
||||
+ {{- end -}}
|
||||
+{{- end -}}
|
||||
diff --git a/cinder/values.yaml b/cinder/values.yaml
|
||||
index 362f691..839f7fb 100644
|
||||
--- a/cinder/values.yaml
|
||||
+++ b/cinder/values.yaml
|
||||
@@ -302,10 +302,6 @@ ceph_client:
|
||||
user_secret_name: pvc-ceph-client-key
|
||||
|
||||
conf:
|
||||
- software:
|
||||
- rbd:
|
||||
- rbd_pool_app_name_backup: cinder-backup
|
||||
- rbd_pool_app_name: cinder-volume
|
||||
paste:
|
||||
composite:osapi_volume:
|
||||
use: call:cinder.api:root_app_factory
|
||||
@@ -745,10 +741,12 @@ conf:
|
||||
replication: 3
|
||||
crush_rule: replicated_rule
|
||||
chunk_size: 8
|
||||
+ app_name: cinder-backup
|
||||
volume:
|
||||
replication: 3
|
||||
crush_rule: replicated_rule
|
||||
chunk_size: 8
|
||||
+ app_name: cinder-volume
|
||||
cinder:
|
||||
DEFAULT:
|
||||
resource_query_filters_file: /etc/cinder/resource_filters.json
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
From 0ce54f2f141d24d1cf5795db8679039c67ffac50 Mon Sep 17 00:00:00 2001
|
||||
From: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
Date: Tue, 25 Jun 2019 20:20:41 -0400
|
||||
Subject: [PATCH] Nova: add service token
|
||||
|
||||
Add capability for nova to send service token. Default to disabled.
|
||||
Config setup is similar to keystone_authtoken.
|
||||
|
||||
Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
|
||||
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
|
||||
---
|
||||
nova/templates/configmap-etc.yaml | 26 ++++++++++++++++++++++++++
|
||||
nova/values.yaml | 3 +++
|
||||
2 files changed, 29 insertions(+)
|
||||
|
||||
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
|
||||
index 0d1e7a5..5446830 100644
|
||||
--- a/nova/templates/configmap-etc.yaml
|
||||
+++ b/nova/templates/configmap-etc.yaml
|
||||
@@ -52,6 +52,32 @@ limitations under the License.
|
||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
|
||||
{{- end -}}
|
||||
|
||||
+{{- if .Values.conf.nova.service_user.send_service_user_token -}}
|
||||
+
|
||||
+{{- if empty .Values.conf.nova.service_user.auth_url -}}
|
||||
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.region_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.project_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.project_domain_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.user_domain_name -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.username -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}}
|
||||
+{{- end -}}
|
||||
+{{- if empty .Values.conf.nova.service_user.password -}}
|
||||
+{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}}
|
||||
+{{- end -}}
|
||||
+
|
||||
+{{- end -}}
|
||||
+
|
||||
{{- if empty .Values.conf.nova.database.connection -}}
|
||||
{{- $_ := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" -}}
|
||||
{{- end -}}
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index 433ec3a..ee00591 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -1507,6 +1507,9 @@ conf:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
+ service_user:
|
||||
+ auth_type: password
|
||||
+ send_service_user_token: false
|
||||
libvirt:
|
||||
connection_uri: "qemu+tcp://127.0.0.1/system"
|
||||
images_type: qcow2
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,141 +0,0 @@
|
||||
From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Tue, 9 Jul 2019 14:22:02 -0400
|
||||
Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints
|
||||
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
---
|
||||
aodh/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
aodh/values.yaml | 12 ++++++++++++
|
||||
panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
panko/values.yaml | 12 ++++++++++++
|
||||
4 files changed, 62 insertions(+)
|
||||
create mode 100644 aodh/templates/secret-ingress-tls.yaml
|
||||
create mode 100644 panko/templates/secret-ingress-tls.yaml
|
||||
|
||||
diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..707b38c
|
||||
--- /dev/null
|
||||
+++ b/aodh/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/aodh/values.yaml b/aodh/values.yaml
|
||||
index 90c9fac..cf7c6d7 100644
|
||||
--- a/aodh/values.yaml
|
||||
+++ b/aodh/values.yaml
|
||||
@@ -536,6 +536,10 @@ secrets:
|
||||
oslo_messaging:
|
||||
admin: aodh-rabbitmq-admin
|
||||
aodh: aodh-rabbitmq-user
|
||||
+ tls:
|
||||
+ alarming:
|
||||
+ api:
|
||||
+ public: aodh-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -598,6 +602,13 @@ endpoints:
|
||||
public: aodh
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -696,5 +707,6 @@ manifests:
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
secret_rabbitmq: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..9773f53
|
||||
--- /dev/null
|
||||
+++ b/panko/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/panko/values.yaml b/panko/values.yaml
|
||||
index 7adefd0..3acaf06 100644
|
||||
--- a/panko/values.yaml
|
||||
+++ b/panko/values.yaml
|
||||
@@ -159,6 +159,10 @@ secrets:
|
||||
oslo_db:
|
||||
admin: panko-db-admin
|
||||
panko: panko-db-user
|
||||
+ tls:
|
||||
+ event:
|
||||
+ api:
|
||||
+ public: panko-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -374,6 +378,13 @@ endpoints:
|
||||
public: panko
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -580,6 +591,7 @@ manifests:
|
||||
pod_rally_test: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 7de7cf2f14a58255d85149d08577dd63662aa6d9 Mon Sep 17 00:00:00 2001
|
||||
From: Teresa Ho <teresa.ho@windriver.com>
|
||||
Date: Mon, 15 Jul 2019 10:30:58 -0400
|
||||
Subject: [PATCH] Change cinder bootstrap script
|
||||
|
||||
This commit changes the cinder template bootstrap script
|
||||
to use the openstack client instead of the cinder client
|
||||
to list volume types.
|
||||
|
||||
Change-Id: I5a4b22ab4475d503b3e8fa46cd3c56a0b40863e0
|
||||
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
|
||||
---
|
||||
cinder/templates/bin/_bootstrap.sh.tpl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cinder/templates/bin/_bootstrap.sh.tpl b/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
index 6592d19..bd60fd8 100644
|
||||
--- a/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
+++ b/cinder/templates/bin/_bootstrap.sh.tpl
|
||||
@@ -48,7 +48,7 @@ openstack volume type show {{ $name }} || \
|
||||
{{- end }}
|
||||
|
||||
{{- /* Check volume type and properties were added */}}
|
||||
-cinder extra-specs-list
|
||||
+openstack volume type list --long
|
||||
|
||||
{{- end }}
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,42 +0,0 @@
|
||||
From 6fba31f6ba8627c7314a46f5b54d59fd17858848 Mon Sep 17 00:00:00 2001
|
||||
From: zhipengl <zhipengs.liu@intel.com>
|
||||
Date: Wed, 4 Sep 2019 13:24:12 +0800
|
||||
Subject: [PATCH] Patch21: 0021-Add-config-network-item-for-novncproxy.patch
|
||||
|
||||
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||
---
|
||||
nova/templates/deployment-novncproxy.yaml | 2 ++
|
||||
nova/values.yaml | 2 ++
|
||||
2 files changed, 4 insertions(+)
|
||||
|
||||
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
|
||||
index 2611ba8..1eebcfd 100644
|
||||
--- a/nova/templates/deployment-novncproxy.yaml
|
||||
+++ b/nova/templates/deployment-novncproxy.yaml
|
||||
@@ -52,8 +52,10 @@ spec:
|
||||
{{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
|
||||
+{{- if .Values.pod.useHostNetwork.novncproxy }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
+{{- end }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "novncproxy" $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: nova-novncproxy-init
|
||||
diff --git a/nova/values.yaml b/nova/values.yaml
|
||||
index ee00591..db86621 100644
|
||||
--- a/nova/values.yaml
|
||||
+++ b/nova/values.yaml
|
||||
@@ -2050,6 +2050,8 @@ pod:
|
||||
nova_spiceproxy:
|
||||
volumeMounts:
|
||||
volumes:
|
||||
+ useHostNetwork:
|
||||
+ novncproxy: true
|
||||
replicas:
|
||||
api_metadata: 1
|
||||
compute_ironic: 1
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user