From 8afa729ffba9378b76e63dfc282f16ecf1d9baa9 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Wed, 4 Jan 2017 13:19:04 -0800 Subject: [PATCH 1/6] OpenStack Nova Helm Chart Initial Commit This is an initial commit of a functional nova chart. It has been tested with the neutron chart using a flat network configuration. --- Makefile | 8 +- nova/Chart.yaml | 3 + nova/requirements.yaml | 4 + nova/templates/bin/_db-sync.sh.tpl | 6 + nova/templates/bin/_init.sh.tpl | 36 ++++ nova/templates/bin/_libvirt.sh.tpl | 35 ++++ nova/templates/bin/_post.sh.tpl | 57 ++++++ nova/templates/bin/_start.sh.tpl | 12 ++ nova/templates/configmap-bin.yaml | 15 ++ nova/templates/configmap-etc.yaml | 13 ++ nova/templates/daemonset-compute.yaml | 138 +++++++++++++ nova/templates/daemonset-libvirt.yaml | 132 +++++++++++++ nova/templates/deployment-api.yaml | 70 +++++++ nova/templates/deployment-conductor.yaml | 61 ++++++ nova/templates/deployment-consoleauth.yaml | 61 ++++++ nova/templates/deployment-scheduler.yaml | 61 ++++++ nova/templates/etc/_ceph.conf.tpl | 18 ++ nova/templates/etc/_libvirtd.conf.tpl | 6 + nova/templates/etc/_nova.conf.tpl | 108 +++++++++++ nova/templates/etc/_resolv.conf.tpl | 5 + nova/templates/job-db-sync.yaml | 56 ++++++ nova/templates/job-init.yaml | 50 +++++ nova/templates/job-post.yaml | 59 ++++++ nova/templates/service-api.yaml | 12 ++ nova/values.yaml | 213 +++++++++++++++++++++ 25 files changed, 1236 insertions(+), 3 deletions(-) create mode 100644 nova/Chart.yaml create mode 100644 nova/requirements.yaml create mode 100644 nova/templates/bin/_db-sync.sh.tpl create mode 100644 nova/templates/bin/_init.sh.tpl create mode 100644 nova/templates/bin/_libvirt.sh.tpl create mode 100644 nova/templates/bin/_post.sh.tpl create mode 100644 nova/templates/bin/_start.sh.tpl create mode 100644 nova/templates/configmap-bin.yaml create mode 100644 nova/templates/configmap-etc.yaml create mode 100644 nova/templates/daemonset-compute.yaml create mode 100644 nova/templates/daemonset-libvirt.yaml create mode 100644 nova/templates/deployment-api.yaml create mode 100644 nova/templates/deployment-conductor.yaml create mode 100644 nova/templates/deployment-consoleauth.yaml create mode 100644 nova/templates/deployment-scheduler.yaml create mode 100644 nova/templates/etc/_ceph.conf.tpl create mode 100644 nova/templates/etc/_libvirtd.conf.tpl create mode 100644 nova/templates/etc/_nova.conf.tpl create mode 100644 nova/templates/etc/_resolv.conf.tpl create mode 100644 nova/templates/job-db-sync.yaml create mode 100644 nova/templates/job-init.yaml create mode 100644 nova/templates/job-post.yaml create mode 100644 nova/templates/service-api.yaml create mode 100644 nova/values.yaml diff --git a/Makefile b/Makefile index 5c7e2a1e61..4ae089a7fd 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron nova maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron maas openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron nova maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova maas openstack common: build-common @@ -27,6 +27,8 @@ glance: build-glance neutron: build-neutron +nova: build-nova + maas: build-maas memcached: build-memcached diff --git a/nova/Chart.yaml b/nova/Chart.yaml new file mode 100644 index 0000000000..85f08c3269 --- /dev/null +++ b/nova/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for nova +name: nova +version: 0.1.0 diff --git a/nova/requirements.yaml b/nova/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/nova/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nova/templates/bin/_db-sync.sh.tpl b/nova/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..b447fad189 --- /dev/null +++ b/nova/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex + +nova-manage db sync +nova-manage api_db sync +nova-manage db online_data_migrations diff --git a/nova/templates/bin/_init.sh.tpl b/nova/templates/bin/_init.sh.tpl new file mode 100644 index 0000000000..b175ca7d5a --- /dev/null +++ b/nova/templates/bin/_init.sh.tpl @@ -0,0 +1,36 @@ +#!/bin/bash + +echo "Hello World" + +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_database_name }}.*:ALL' append_privs='yes'" + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_api_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_api_database_name }}.*:ALL' append_privs='yes'" diff --git a/nova/templates/bin/_libvirt.sh.tpl b/nova/templates/bin/_libvirt.sh.tpl new file mode 100644 index 0000000000..33fc015e0e --- /dev/null +++ b/nova/templates/bin/_libvirt.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex + +if [[ -f /var/run/libvirtd.pid ]]; then + test -d /proc/$(< /var/run/libvirtd.pid) && \ + ( echo "Libvirtd daemon is running" && exit 10 ) +fi + +rm -f /var/run/libvirtd.pid + +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:kvm /dev/kvm +fi + + +sleep 30 + +{{- if .Values.ceph.enabled }} +cat > /tmp/secret.xml < + {{ .Values.ceph.secret_uuid }} + + client.{{ .Values.ceph.cinder_user }} secret + + +EOF + +virsh secret-define --file /tmp/secret.xml +virsh secret-set-value --secret {{ .Values.ceph.secret_uuid }} --base64 {{ .Values.ceph.cinder_keyring }} +rm /tmp/secret.xml +{{- end }} + + +exec libvirtd -v --listen diff --git a/nova/templates/bin/_post.sh.tpl b/nova/templates/bin/_post.sh.tpl new file mode 100644 index 0000000000..6792568029 --- /dev/null +++ b/nova/templates/bin/_post.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.nova_user }} \ +password={{ .Values.keystone.nova_password }} \ +role=admin \ +region_name={{ .Values.keystone.nova_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +cat </tmp/openrc +export OS_USERNAME={{.Values.keystone.admin_user}} +export OS_PASSWORD={{.Values.keystone.admin_password}} +export OS_PROJECT_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_USER_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_PROJECT_NAME={{.Values.keystone.admin_project_name}} +export OS_AUTH_URL={{include "endpoint_keystone_internal" .}} +export OS_AUTH_STRATEGY=keystone +export OS_REGION_NAME={{.Values.keystone.admin_region_name}} +export OS_INSECURE=1 +EOF + +. /tmp/openrc +env +openstack --debug role create _member_ --or-show diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl new file mode 100644 index 0000000000..7c802358bc --- /dev/null +++ b/nova/templates/bin/_start.sh.tpl @@ -0,0 +1,12 @@ +#!/bin/bash +set -ex + +# link our keystone wsgi to apaches running config +ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf + +# Loading Apache2 ENV variables +source /etc/apache2/envvars +rm -rf /var/run/apache2/* +APACHE_DIR="apache2" + +apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml new file mode 100644 index 0000000000..6c7d10cebd --- /dev/null +++ b/nova/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-bin +data: + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} + libvirt.sh: | +{{ tuple "bin/_libvirt.sh.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml new file mode 100644 index 0000000000..f96fbcefea --- /dev/null +++ b/nova/templates/configmap-etc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-etc +data: + nova.conf: |+ +{{ tuple "etc/_nova.conf.tpl" . | include "template" | indent 4 }} + ceph.client.cinder.keyring.yaml: |+ +{{ tuple "etc/_ceph.client.cinder.keyring.yaml.tpl" . | include "template" | indent 4 }} + resolv.conf: |+ +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + libvirtd.conf: |+ +{{ tuple "etc/_libvirtd.conf.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml new file mode 100644 index 0000000000..53f4c6ce8b --- /dev/null +++ b/nova/templates/daemonset-compute.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-compute +spec: + template: + metadata: + labels: + app: nova-compute + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" + }, + { + "name": "DEPENDENCY_DAEMONSET", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + hostPID: true + dnsPolicy: ClusterFirst + containers: + - name: nova-compute + image: {{ .Values.image.compute }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - nova-compute + - --config-file + - /etc/nova/nova.conf + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml new file mode 100644 index 0000000000..31d442e14b --- /dev/null +++ b/nova/templates/daemonset-libvirt.yaml @@ -0,0 +1,132 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-libvirt +spec: + template: + metadata: + labels: + app: nova-libvirt + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + dnsPolicy: ClusterFirst + containers: + - name: nova-libvirt + image: {{ .Values.image.libvirt }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - bash + - /tmp/libvirt.sh + volumeMounts: + - name: libvirtdconf + mountPath: /etc/libvirt/libvirtd.conf + subPath: libvirtd.conf + - name: libvirtsh + mountPath: /tmp/libvirt.sh + subPath: libvirt.sh + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: libvirtdconf + configMap: + name: nova-etc + items: + - key: libvirtd.conf + path: libvirtd.conf + - name: libvirtsh + configMap: + name: nova-bin + items: + - key: libvirt.sh + path: libvirt.sh + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api.yaml new file mode 100644 index 0000000000..4ce90155aa --- /dev/null +++ b/nova/templates/deployment-api.yaml @@ -0,0 +1,70 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-api +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-api + image: {{ .Values.image.api }} + # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 + securityContext: + privileged: true + command: + - nova-api + - --config-file + - /etc/nova/nova.conf + ports: + - containerPort: {{ .Values.network.port.api }} + - containerPort: {{ .Values.network.port.metadata }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.api }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml new file mode 100644 index 0000000000..5ff5239381 --- /dev/null +++ b/nova/templates/deployment-conductor.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-conductor +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-conductor + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-conductor + image: {{ .Values.image.conductor }} + command: + - nova-conductor + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml new file mode 100644 index 0000000000..52596ae6e1 --- /dev/null +++ b/nova/templates/deployment-consoleauth.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-consoleauth +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-consoleauth + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-consoleauth + image: {{ .Values.image.consoleauth }} + command: + - nova-consoleauth + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml new file mode 100644 index 0000000000..6188cd7bf5 --- /dev/null +++ b/nova/templates/deployment-scheduler.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-scheduler +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-scheduler + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-scheduler + image: {{ .Values.image.scheduler }} + command: + - nova-scheduler + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/etc/_ceph.conf.tpl b/nova/templates/etc/_ceph.conf.tpl new file mode 100644 index 0000000000..d41b65bd62 --- /dev/null +++ b/nova/templates/etc/_ceph.conf.tpl @@ -0,0 +1,18 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.enabled }} +[mon] +{{- if .Values.ceph.monitors }} +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/nova/templates/etc/_libvirtd.conf.tpl b/nova/templates/etc/_libvirtd.conf.tpl new file mode 100644 index 0000000000..d7d0c36e89 --- /dev/null +++ b/nova/templates/etc/_libvirtd.conf.tpl @@ -0,0 +1,6 @@ +listen_tcp = 1 +auth_tcp = "none" +ca_file = "" +log_level = 2 +log_outputs = "2:stderr" +listen_addr = "{{ .Values.network.ip_address }}" \ No newline at end of file diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl new file mode 100644 index 0000000000..e3a46eef20 --- /dev/null +++ b/nova/templates/etc/_nova.conf.tpl @@ -0,0 +1,108 @@ +[DEFAULT] +debug = {{ .Values.nova.default.debug }} +default_ephemeral_format = ext4 +host_subset_size = 30 +ram_allocation_ratio=1.0 +disk_allocation_ratio=1.0 +cpu_allocation_ratio=3.0 +force_config_drive = {{ .Values.nova.default.force_config_drive }} +state_path = /var/lib/nova + +osapi_compute_listen = {{ .Values.network.ip_address }} +osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} + +workers = {{ .Values.nova.default.osapi_workers }} +metadata_workers = {{ .Values.nova.default.metadata_workers }} + +use_neutron = True +firewall_driver = nova.virt.firewall.NoopFirewallDriver +linuxnet_interface_driver = openvswitch + +allow_resize_to_same_host = True + +compute_driver = libvirt.LibvirtDriver + +# Though my_ip is not used directly, lots of other variables use $my_ip +my_ip = {{ .Values.network.ip_address }} + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[vnc] +novncproxy_host = {{ .Values.network.ip_address }} +novncproxy_port = {{ .Values.network.port.novncproxy }} +vncserver_listen = 0.0.0.0 +vncserver_proxyclient_address = {{ .Values.network.ip_address }} + +novncproxy_base_url = http://{{ .Values.network.external_ips }}:{{ .Values.network.port.novncproxy }}/vnc_auto.html + +[oslo_concurrency] +lock_path = /var/lib/nova/tmp + +[conductor] +workers = {{ .Values.nova.default.conductor_workers }} + +[glance] +api_servers = {{ include "endpoint_glance_api_internal" . }} +num_retries = 3 + +[cinder] +catalog_info = volume:cinder:internalURL + +[neutron] +url = {{ include "endpoint_neutron_api_internal" . }} + +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} +service_metadata_proxy = True + +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_name = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_database_name }} +max_retries = -1 + +[api_database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_api_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[libvirt] +connection_uri = "qemu+tcp://127.0.0.1/system" +images_type = qcow2 +# Enabling live-migration without hostname resolution +# live_migration_inbound_addr = {{ .Values.network.ip_address }} + +{{- if .Values.ceph.enabled }} +images_rbd_pool = {{ .Values.ceph.nova_pool }} +images_rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_user = {{ .Values.ceph.cinder_user }} +rbd_secret_uuid = {{ .Values.ceph.secret_uuid }} +{{- end }} +disk_cachemodes="network=writeback" +hw_disk_discard = unmap + +[upgrade_levels] +compute = auto + +[cache] +enabled = True +backend = oslo_cache.memcache_pool +memcache_servers = {{ .Values.memcached.address }} + +[wsgi] +api_paste_config = /etc/nova/api-paste.ini diff --git a/nova/templates/etc/_resolv.conf.tpl b/nova/templates/etc/_resolv.conf.tpl new file mode 100644 index 0000000000..7c1e9d839a --- /dev/null +++ b/nova/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml new file mode 100644 index 0000000000..0e5c2102a0 --- /dev/null +++ b/nova/templates/job-db-sync.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-db-sync + image: {{ .Values.image.db_sync }} + imagePullPolicy: Always + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml new file mode 100644 index 0000000000..16a2201ad8 --- /dev/null +++ b/nova/templates/job-init.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-init + image: {{ .Values.image.init }} + imagePullPolicy: Always + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml new file mode 100644 index 0000000000..48b0f3e52d --- /dev/null +++ b/nova/templates/job-post.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-post +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-post + image: {{ .Values.image.post }} + imagePullPolicy: Always + command: + - bash + - /tmp/post.sh + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/service-api.yaml b/nova/templates/service-api.yaml new file mode 100644 index 0000000000..6aa4144d2a --- /dev/null +++ b/nova/templates/service-api.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nova-api +spec: + ports: + - name: nova-api + port: {{ .Values.network.port.api }} + - name: nova-metadata + port: {{ .Values.network.port.metadata }} + selector: + app: nova-api diff --git a/nova/values.yaml b/nova/values.yaml new file mode 100644 index 0000000000..2530bc1c06 --- /dev/null +++ b/nova/values.yaml @@ -0,0 +1,213 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + control_node_selector_key: openstack-control-plane + control_node_selector_value: enabled + compute_node_selector_key: openstack-compute-node + compute_node_selector_value: enabled + +control_replicas: 1 +compute_replicas: 1 + +image: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona + api: quay.io/stackanetes/stackanetes-nova-api:barcelona + conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona + compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +network: + ip_address: "0.0.0.0" + # TODO(DTadrzak): move external IPs to common, this variable should be shared with + # horizon service + external_ips: "" + minion_interface_name: "eno1" + dns: + servers: + - "10.96.0.10" + - "8.8.8.8" + kubernetes_domain: "cluster.local" + other_domains: "" + + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + +nova: + default: + debug: false + osapi_workers: 8 + metadata_workers: 8 + conductor_workers: 8 + force_config_drive: True + drain_timeout: 60 + +database: + address: "mariadb" + port: 3306 + root_user: "root" + root_password: "password" + + nova_user: "nova" + nova_password: "password" + nova_database_name: "nova" + nova_api_database_name: "nova_api" + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +rabbitmq: + address: "rabbitmq" + admin_user: "rabbitmq" + admin_password: "password" + port: 5672 + +ceph: + enabled: false + monitors: [] + cinder_user: "cinder" + cinder_keyring: null + nova_pool: "vms" + secret_uuid: "" + +neutron: + metadata_secret: "password" + +memcached: + address: "memcached:11211" + +dependencies: + api: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + post: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + - nova-api + init: + jobs: + - mariadb-seed + service: + - mariadb + compute: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + daemonset: + - nova-libvirt + libvirt: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + consoleauth: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + scheduler: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + conductor: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 From 88a85ae7d5289625f2200f445e313bc699d73381 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 07:49:44 -0800 Subject: [PATCH 2/6] Implement requested feedback in PR#91 - Split out osapi and metadata api to remove unnecessary security privileges - Prune dependencies - Fix static imagePullPolicies - Remove extraneous start.sh imported accidently from keystone chart --- nova/templates/bin/_start-osapi.sh.tpl | 21 ++++++ nova/templates/bin/_start.sh.tpl | 12 --- nova/templates/configmap-bin.yaml | 4 +- nova/templates/daemonset-compute.yaml | 9 --- ...-api.yaml => deployment-api-metadata.yaml} | 13 ++-- nova/templates/deployment-api-osapi.yaml | 75 +++++++++++++++++++ nova/templates/etc/_nova.conf.tpl | 2 +- nova/templates/job-db-sync.yaml | 4 +- nova/templates/job-init.yaml | 2 +- nova/templates/job-post.yaml | 2 +- ...service-api.yaml => service-metadata.yaml} | 4 +- nova/templates/service-osapi.yaml | 13 ++++ nova/values.yaml | 35 ++++----- 13 files changed, 136 insertions(+), 60 deletions(-) create mode 100644 nova/templates/bin/_start-osapi.sh.tpl delete mode 100644 nova/templates/bin/_start.sh.tpl rename nova/templates/{deployment-api.yaml => deployment-api-metadata.yaml} (88%) create mode 100644 nova/templates/deployment-api-osapi.yaml rename nova/templates/{service-api.yaml => service-metadata.yaml} (66%) create mode 100644 nova/templates/service-osapi.yaml diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl new file mode 100644 index 0000000000..d1f0313299 --- /dev/null +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh +# +# start nova-api-osapi service +# +# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges +# by stubbing in a fake iptables scripts + +echo </tmp/iptables +#!/bin/sh +# nova-api-metadata trys to run some iptables commands +# This enables the api-only container to run without NET_ADMIN privileges +true +EOF + +# make it executable and copy it over whatever iptables may be underneath in this image +chmod +x /tmp/iptables +cp -p /tmp/iptables /sbin/iptables +cp -p /tmp/iptables /sbin/iptables-restore +cp -p /tmp/iptables /sbin/iptables-save + +exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl deleted file mode 100644 index 7c802358bc..0000000000 --- a/nova/templates/bin/_start.sh.tpl +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -ex - -# link our keystone wsgi to apaches running config -ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf - -# Loading Apache2 ENV variables -source /etc/apache2/envvars -rm -rf /var/run/apache2/* -APACHE_DIR="apache2" - -apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 6c7d10cebd..f3d1fca6f3 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,8 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start.sh: | -{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + start-osapi.sh: | +{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 53f4c6ce8b..60529cfbb0 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -59,15 +59,6 @@ spec: - nova-compute - --config-file - /etc/nova/nova.conf - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api-metadata.yaml similarity index 88% rename from nova/templates/deployment-api.yaml rename to nova/templates/deployment-api-metadata.yaml index 4ce90155aa..a81444e5c5 100644 --- a/nova/templates/deployment-api.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -46,17 +46,16 @@ spec: image: {{ .Values.image.api }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: - privileged: true + capabilities: + add: + - NET_ADMIN command: - - nova-api - - --config-file - - /etc/nova/nova.conf + - nova-api-metadata --config-file=/etc/nova/nova.conf ports: - - containerPort: {{ .Values.network.port.api }} - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.api }} + port: {{ .Values.network.port.osapi }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -67,4 +66,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf + path: nova.conf \ No newline at end of file diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml new file mode 100644 index 0000000000..b9a50bbf8b --- /dev/null +++ b/nova/templates/deployment-api-osapi.yaml @@ -0,0 +1,75 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-osapi +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-osapi + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-osapi + image: {{ .Values.image.api }} + command: + - bash + - /tmp/start-osapi.sh + ports: + - containerPort: {{ .Values.network.port.osapi }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.osapi }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumeMounts: + - name: startsh + mountPath: /tmp/start-osapi.sh + subPath: start-osapi.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: startsh + configMap: + name: nova-bin + items: + - key: start-osapi.sh + path: start-osapi.sh diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl index e3a46eef20..900e341ae1 100644 --- a/nova/templates/etc/_nova.conf.tpl +++ b/nova/templates/etc/_nova.conf.tpl @@ -9,7 +9,7 @@ force_config_drive = {{ .Values.nova.default.force_config_drive }} state_path = /var/lib/nova osapi_compute_listen = {{ .Values.network.ip_address }} -osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_listen_port = {{ .Values.network.port.osapi }} osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} workers = {{ .Values.nova.default.osapi_workers }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 0e5c2102a0..013ad07569 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -10,7 +10,7 @@ spec: { "name": "init", "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", "env": [ { "name": "NAMESPACE", @@ -36,7 +36,7 @@ spec: containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/db-sync.sh diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 16a2201ad8..70c873641e 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-init image: {{ .Values.image.init }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/init.sh diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 48b0f3e52d..2c6fd237eb 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-post image: {{ .Values.image.post }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/post.sh diff --git a/nova/templates/service-api.yaml b/nova/templates/service-metadata.yaml similarity index 66% rename from nova/templates/service-api.yaml rename to nova/templates/service-metadata.yaml index 6aa4144d2a..0e0bac07f6 100644 --- a/nova/templates/service-api.yaml +++ b/nova/templates/service-metadata.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Service metadata: - name: nova-api + name: nova-metadata spec: ports: - - name: nova-api - port: {{ .Values.network.port.api }} - name: nova-metadata port: {{ .Values.network.port.metadata }} selector: diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml new file mode 100644 index 0000000000..3821bdd633 --- /dev/null +++ b/nova/templates/service-osapi.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + # alanmeadows(TODO): refactor to nova-osapi + # which requires updating other charts + # dependencies + name: nova-api +spec: + ports: + - name: nova-osapi + port: {{ .Values.network.port.osapi }} + selector: + app: nova-osapi diff --git a/nova/values.yaml b/nova/values.yaml index 2530bc1c06..d4f315f94a 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -13,16 +13,16 @@ control_replicas: 1 compute_replicas: 1 image: - init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona - db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona - api: quay.io/stackanetes/stackanetes-nova-api:barcelona - conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona - scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona - novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona - consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona - compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona - libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona - post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-nova-api:newton + api: quay.io/stackanetes/stackanetes-nova-api:newton + conductor: quay.io/stackanetes/stackanetes-nova-conductor:newton + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:newton + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:newton + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:newton + compute: quay.io/stackanetes/stackanetes-nova-compute:newton + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton + post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -40,7 +40,7 @@ network: other_domains: "" port: - api: 8774 + osapi: 8774 metadata: 8775 novncproxy: 6080 @@ -51,7 +51,6 @@ nova: metadata_workers: 8 conductor_workers: 8 force_config_drive: True - drain_timeout: 60 database: address: "mariadb" @@ -103,7 +102,6 @@ memcached: dependencies: api: jobs: - - mariadb-seed - keystone-db-sync - nova-init - nova-db-sync @@ -121,6 +119,7 @@ dependencies: - nova-init - keystone-init - mariadb-seed + - keystone-db-sync service: - mariadb post: @@ -130,7 +129,7 @@ dependencies: - mariadb-seed service: - mariadb - - nova-api + - keystone-api init: jobs: - mariadb-seed @@ -138,9 +137,7 @@ dependencies: - mariadb compute: jobs: - - nova-init - nova-post - - nova-db-sync service: - keystone-api - nova-api @@ -164,17 +161,11 @@ dependencies: - mariadb scheduler: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb conductor: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb From 943b5a3706645a522214175ce66a0841b2e6f356 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:22:25 -0800 Subject: [PATCH 3/6] Bugfix missing space to start nove-api --- nova/templates/bin/_start-osapi.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index d1f0313299..5e51c57f7c 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -18,4 +18,4 @@ cp -p /tmp/iptables /sbin/iptables cp -p /tmp/iptables /sbin/iptables-restore cp -p /tmp/iptables /sbin/iptables-save -exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file +exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file From bab75eff7fd6c9a404e7149290e5e8516693bbc4 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:36:08 -0800 Subject: [PATCH 4/6] Keep consistent with our set -ex approach on all shell scripts --- nova/templates/bin/_start-osapi.sh.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index 5e51c57f7c..a2bf2a2ff4 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -1,4 +1,6 @@ -#!/bin/sh +#!/bin/bash +set -ex + # # start nova-api-osapi service # From 7c6e26f1ba21bf28229fe8d32e0cb8e1fa213ff8 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:33:04 -0800 Subject: [PATCH 5/6] Add rolling update and template hashing to new nova chart --- nova/templates/daemonset-compute.yaml | 2 ++ nova/templates/daemonset-libvirt.yaml | 2 ++ nova/templates/deployment-api-metadata.yaml | 10 ++++++++++ nova/templates/deployment-api-osapi.yaml | 10 ++++++++++ nova/templates/deployment-conductor.yaml | 10 ++++++++++ nova/templates/deployment-consoleauth.yaml | 10 ++++++++++ nova/templates/deployment-scheduler.yaml | 10 ++++++++++ nova/values.yaml | 7 +++++++ 8 files changed, 61 insertions(+) diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 60529cfbb0..26299ea050 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-compute annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 31d442e14b..6ffa346f1f 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-libvirt annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index a81444e5c5..52e21cc12b 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -4,11 +4,21 @@ metadata: name: nova-api spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index b9a50bbf8b..5c294db27e 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -4,11 +4,21 @@ metadata: name: nova-osapi spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-osapi annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 5ff5239381..e5977ef417 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -4,11 +4,21 @@ metadata: name: nova-conductor spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-conductor annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 52596ae6e1..d5688579ff 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -4,11 +4,21 @@ metadata: name: nova-consoleauth spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-consoleauth annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 6188cd7bf5..27cf414e1e 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -4,11 +4,21 @@ metadata: name: nova-scheduler spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-scheduler annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/values.yaml b/nova/values.yaml index d4f315f94a..179eae08c3 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -26,6 +26,13 @@ image: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + network: ip_address: "0.0.0.0" # TODO(DTadrzak): move external IPs to common, this variable should be shared with From d5d3a6fda55be913125382b7c11b6ba232b3490f Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 10 Jan 2017 15:22:50 -0800 Subject: [PATCH 6/6] Fix daemonset dependency name to match neutron rename --- nova/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/values.yaml b/nova/values.yaml index 179eae08c3..3444ef8183 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -149,7 +149,7 @@ dependencies: - keystone-api - nova-api daemonset: - - nova-libvirt + - ovs-agent libvirt: jobs: - nova-init