starlingx/upstream
Code Issues Proposed changes

Merge "Nova chart: Add ephemeral pool creation"

Browse Source
This commit is contained in:
Zuul 2019-03-13 16:49:44 +00:00 committed by Gerrit Code Review
commit bdd7559855
3 changed files with 329 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack/openstack-helm/centos/build_srpm.data
View File

@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
TIS_PATCH_VER=12
TIS_PATCH_VER=13

2
openstack/openstack-helm/centos/openstack-helm.spec
View File

@ -30,6 +30,7 @@ Patch09: 0008-Stein-Update-Cinder-to-include-resource_filters.json.patch
Patch10: 0009-Stein-add-log_config_append-to-neutron-etc.patch
Patch11: 0010-Stein-Nova-console-address-config-optionality.patch
Patch12: 0011-Support-per-host-overrides-of-auto_bridge_add.patch
Patch13: 0012-Nova-chart-Add-ephemeral-pool.patch
BuildRequires: helm
BuildRequires: openstack-helm-infra
@ -52,6 +53,7 @@ Openstack Helm charts
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%build
# initialize helm and build the toolkit

326
openstack/openstack-helm/files/0012-Nova-chart-Add-ephemeral-pool.patch Normal file
View File

@ -0,0 +1,326 @@
From a69da80225eda187df707b7c1fc8ef1d2c1edb57 Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Fri, 15 Feb 2019 11:06:49 -0500
Subject: [PATCH] Add support for ephemeral pool creation
---
nova/templates/bin/_nova-storage-init.sh.tpl | 73 +++++++++++++++
nova/templates/configmap-bin.yaml | 2 +
nova/templates/job-storage-init.yaml | 154 ++++++++++++++++++++++++++++++++
nova/values.yaml | 18 ++++
4 files changed, 247 insertions(+)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 0000000..571cce5
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ # TODO: Rework this part for the nova/glance/cinder charts to preserve this
+ # on the next chart rebase to latest if the ceph mimic rebase isn't complete.
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
+ echo $KEYSTR > ${KEYRING}
+ else
+ #NOTE(Portdirect): Determine proper privs to assign keyring
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "allow *" \
+ osd "allow *" \
+ mgr "allow *" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index e422b62..97b4c57 100755
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -81,6 +81,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cell-setup.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 0000000..60f8c2d
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,154 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 4edf5c6..179fb29 100755
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
+ nova_storage_init: 192.168.204.2:9001/docker.io/port/ceph-config-helper:v1.10.3
test: 'docker.io/kolla/ubuntu-source-rally:4.0.0'
image_repo_sync: docker.io/docker:17.07.0
local_registry:
@@ -455,6 +456,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 2
+ rbd_chunk_size: 64
ssh: |
Host *
StrictHostKeyChecking no
@@ -1660,6 +1669,7 @@ secrets:
placement:
placement:
public: placement-tls-public
+ ephemeral: nova-ephemeral
# typically overridden by environmental
# values, but should include all endpoints
@@ -2233,6 +2243,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2276,6 +2293,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
--
2.7.4