1 From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
2 From: Irina Mihai <irina.mihai@windriver.com>
3 Date: Tue, 26 Feb 2019 17:43:53 +0000
4 Subject: [PATCH 04] Nova chart: Support ephemeral pool creation
6 If libvirt images_type is rbd, then we need to have the
7 images_rbd_pool present. These changes add a new job
8 to make sure this pool exists.
10 Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
13 Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
14 (cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
15 Signed-off-by: Robert Church <robert.church@windriver.com>
17 nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
18 nova/templates/configmap-bin.yaml | 4 +-
19 nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
20 nova/values.yaml | 19 +++-
21 4 files changed, 251 insertions(+), 2 deletions(-)
22 create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
23 create mode 100644 nova/templates/job-storage-init.yaml
25 diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
27 index 0000000..f79fcff
29 +++ b/nova/templates/bin/_nova-storage-init.sh.tpl
34 +Copyright 2019 The Openstack-Helm Authors.
36 +Licensed under the Apache License, Version 2.0 (the "License");
37 +you may not use this file except in compliance with the License.
38 +You may obtain a copy of the License at
40 + http://www.apache.org/licenses/LICENSE-2.0
42 +Unless required by applicable law or agreed to in writing, software
43 +distributed under the License is distributed on an "AS IS" BASIS,
44 +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45 +See the License for the specific language governing permissions and
46 +limitations under the License.
50 +if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
51 + SECRET=$(mktemp --suffix .yaml)
52 + KEYRING=$(mktemp --suffix .keyring)
54 + rm -f ${SECRET} ${KEYRING}
60 +if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
62 + function ensure_pool () {
63 + ceph osd pool stats $1 || ceph osd pool create $1 $2
64 + local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
65 + if [[ ${test_version} -gt 0 ]]; then
66 + ceph osd pool application enable $1 $3
68 + size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
69 + ceph osd pool set $1 nosizechange 0
70 + ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
71 + ceph osd pool set $1 nosizechange ${size_protection}
72 + ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
74 + ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
76 + if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
77 + echo "Cephx user client.${RBD_POOL_USER} already exist."
78 + echo "Update its cephx caps"
79 + ceph auth caps client.${RBD_POOL_USER} \
82 + ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
84 + # NOTE: Restrict Nova permissions to what is needed.
85 + # MON Read only and RBD access to the Nova ephemeral pool only.
86 + ceph auth get-or-create client.${RBD_POOL_USER} \
92 + ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
93 + cat > ${SECRET} <<EOF
97 + name: "${RBD_POOL_SECRET}"
98 +type: kubernetes.io/rbd
100 + key: $( echo ${ENCODED_KEYRING} )
102 + kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
106 diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
107 index c58b90b..268434f 100644
108 --- a/nova/templates/configmap-bin.yaml
109 +++ b/nova/templates/configmap-bin.yaml
112 -Copyright 2017 The Openstack-Helm Authors.
113 +Copyright 2017-2019 The Openstack-Helm Authors.
115 Licensed under the Apache License, Version 2.0 (the "License");
116 you may not use this file except in compliance with the License.
117 @@ -83,6 +83,8 @@ data:
118 {{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
119 nova-console-proxy-init-assets.sh: |
120 {{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
121 + nova-storage-init.sh: |
122 +{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
124 {{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
126 diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
128 index 0000000..7d057fb
130 +++ b/nova/templates/job-storage-init.yaml
133 +Copyright 2019 The Openstack-Helm Authors.
135 +Licensed under the Apache License, Version 2.0 (the "License");
136 +you may not use this file except in compliance with the License.
137 +You may obtain a copy of the License at
139 + http://www.apache.org/licenses/LICENSE-2.0
141 +Unless required by applicable law or agreed to in writing, software
142 +distributed under the License is distributed on an "AS IS" BASIS,
143 +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
144 +See the License for the specific language governing permissions and
145 +limitations under the License.
148 +{{- if .Values.manifests.job_storage_init }}
151 +{{- $serviceAccountName := "nova-storage-init" }}
152 +{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
154 +apiVersion: rbac.authorization.k8s.io/v1beta1
157 + name: {{ $serviceAccountName }}
169 +apiVersion: rbac.authorization.k8s.io/v1beta1
172 + name: {{ $serviceAccountName }}
174 + apiGroup: rbac.authorization.k8s.io
176 + name: {{ $serviceAccountName }}
178 + - kind: ServiceAccount
179 + name: {{ $serviceAccountName }}
180 + namespace: {{ $envAll.Release.Namespace }}
182 +apiVersion: batch/v1
185 + name: nova-storage-init
190 +{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
192 + serviceAccountName: {{ $serviceAccountName }}
193 + restartPolicy: OnFailure
195 + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
197 +{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
198 + {{ if or .Values.conf.ceph.enabled }}
199 + - name: ceph-keyring-placement
200 +{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
204 + - /tmp/ceph-admin-keyring.sh
207 + mountPath: /etc/ceph
209 + mountPath: /tmp/ceph-admin-keyring.sh
210 + subPath: ceph-admin-keyring.sh
212 + {{- if empty .Values.conf.ceph.admin_keyring }}
213 + - name: ceph-keyring
214 + mountPath: /tmp/client-keyring
220 + {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
221 + - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
222 +{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
223 +{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
228 + fieldPath: metadata.namespace
229 + {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
230 + - name: STORAGE_BACKEND
231 + value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
232 + - name: RBD_POOL_NAME
233 + value: {{ $ephemeralPool.rbd_pool_name | quote }}
234 + - name: RBD_POOL_USER
235 + value: {{ $ephemeralPool.rbd_user | quote }}
236 + - name: RBD_POOL_CRUSH_RULE
237 + value: {{ $ephemeralPool.rbd_crush_rule | quote }}
238 + - name: RBD_POOL_REPLICATION
239 + value: {{ $ephemeralPool.rbd_replication | quote }}
240 + - name: RBD_POOL_CHUNK_SIZE
241 + value: {{ $ephemeralPool.rbd_chunk_size | quote }}
242 + - name: RBD_POOL_SECRET
243 + value: {{ $envAll.Values.secrets.ephemeral | quote }}
246 + - /tmp/nova-storage-init.sh
249 + mountPath: /tmp/nova-storage-init.sh
250 + subPath: nova-storage-init.sh
252 + {{ if or $envAll.Values.conf.ceph.enabled }}
254 + mountPath: /etc/ceph
256 + mountPath: /etc/ceph/ceph.conf
259 + {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
260 + - name: ceph-keyring
261 + mountPath: /tmp/client-keyring
272 + {{ if or .Values.conf.ceph.enabled }}
277 + name: {{ .Values.ceph_client.configmap }}
279 + {{- if empty .Values.conf.ceph.admin_keyring }}
280 + - name: ceph-keyring
282 + secretName: {{ .Values.ceph_client.user_secret_name }}
287 diff --git a/nova/values.yaml b/nova/values.yaml
288 index 7ba2925..97ef1b5 100644
289 --- a/nova/values.yaml
290 +++ b/nova/values.yaml
291 @@ -87,6 +87,7 @@ images:
292 nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
293 nova_spiceproxy: docker.io/openstackhelm/nova:ocata-ubuntu_xenial
294 nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
295 + nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
296 test: docker.io/xrally/xrally-openstack:1.3.0
297 image_repo_sync: docker.io/docker:17.07.0
299 @@ -556,6 +557,14 @@ conf:
302 secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
306 + - rbd_pool_name: ephemeral
307 + rbd_user: ephemeral
313 StrictHostKeyChecking no
314 @@ -1797,6 +1806,7 @@ secrets:
317 public: placement-tls-public
318 + ephemeral: nova-ephemeral
320 # typically overridden by environmental
321 # values, but should include all endpoints
322 @@ -2482,7 +2492,13 @@ pod:
336 # TODO(lamt): Need to tighten this ingress for security.
337 @@ -2545,6 +2561,7 @@ manifests:
338 job_ks_placement_service: true
339 job_ks_placement_user: true
341 + job_storage_init: true