Commit Graph

77 Commits

Author SHA1 Message Date
ricolin 6ac304d752 Support uWSGI for API server
Currently Nova API server still using eventlet-based HTTP servers,
it is generally considered more performant and flexible to run them
using a generic HTTP server that supports WSGI.

Change-Id: I489557181bb8becbaf5cf7d9812a671d5cb3cc4a
2024-03-05 16:19:36 +08:00
cw0306-lee 44e2b10447 Use metadata_listen_port in nova config
metadata_port value used in queens version and changed
in rocky version to metadata_listen_port

story: 2011052
task: 49616
Change-Id: I106f50f620c2594b1f8ea7dc516d2e254c6af479
2024-03-03 21:45:10 -06:00
Ritchie, Frank (fr801x) 507ed30b95 Improve cinder authentication support
The current values specified in values.yaml along with the configmap-etc
template can make it very difficult for the end user to properly configure
a cinder authentication method other than password. These changes give the end
user the needed flexibility.

Change-Id: I99e75e1aa9ddd8378518b1291123a34d2881715f
2023-09-28 12:49:05 -04:00
okozachenko 7d39af25fd nova: Add cinder auth config
Change-Id: Ieaf2400f73e5a9b940539a22ae696f19a6a1e2bf
2023-08-30 02:36:24 +03:00
Mosher, Jaymes (jm616v) bee2353cae Allow enabling vencrypt for VNC
This patchset allows enabling vencrypt for VNC, based on a
downstream patchset. [1]

Primary differences:
- uses HTK to render the cert instead of its own template
- leaves the creation of a separate (sub)issuer for vencrypt as
  outside the scope of this (and the libvirt) chart.

1. https://github.com/vexxhost/atmosphere/pull/483

Co-Authored-By: Oleksandr Kozachenko okozachenko1203@gmail.com

Change-Id: If377faebc4c65f37b08a3c8aab2fed844a07c26f
2023-08-29 15:46:18 -06:00
josebb 6882155faf Distinguish between port number of internal endpoint and binding
port number in nova

Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.

I added `service` section in endpoint items apart from admin,public
,internal and default.

Change-Id: Id5ce67f65374382d103c8a0aec78cb43713ce4d2
2022-08-13 12:01:37 +03:00
Graham Steffaniak 2e5b7f9cb7 add compute-kit to openstack umbrella chart
ADD: include new charts to the umbrella chart for comprehensive
     deployment of openstack-helm.

       * openvswitch
       * libvirt
       * neutron
       * nova
       * placement

Change-Id: I78d1c7c629024c3f9530239dff9f8eb9da598764
2022-05-19 17:07:31 -05:00
Gage Hugo d1b72aa35e Remove nova-placement from nova chart
nova-placement has been removed as of train, since we
do not support openstack releases before train, it
is no longer needed. This change removes nova-placement
from the nova chart and all the overrides, as well as
changes the compute-kit scripts to always deploy
the placement chart.

Change-Id: Ic8649371fe9e954806cbe4bf11c589fb58c7a88d
2022-04-07 14:50:29 -05:00
Hugo Brito 3ff41ce11c Remove ssh-config
All ssh configurations for the nova-compute pods
are now done by _ssh-init.sh.tpl . This patch removes
the ssh-config that is not needed anymore.

Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ib1b24466678a0df28a3ce7ba4d3fe94bfb169702
2022-02-04 10:05:14 -03:00
okozachenko 0b1ed76014 Remove deprecated os_region_name for placement
Change-Id: I0ef2ac278ce2d6f7f05683f68c1541bae8013361
2020-11-09 23:14:49 +00:00
sgupta 702c17eb78 feat(tls): Make openstack services compatible with mariadb with TLS
Depends-on: https://review.opendev.org/#/c/741037/
Change-Id: I21f4ede3bd18c0af8da1eba60cd0b7b932a31410
2020-07-14 23:32:03 +00:00
Tin Lam 918a307427 feat(tls): add tls support to openstack services
This patch set enables TLS for the following OpenStack services: keystone,
horizon, glance, cinder, heat, nova, placement and neutron for s- (stein)
and t- (train) release. This serves as a consolidation and clean up patch
for the following patches:

[0] https://review.opendev.org/#/c/733291
[1] https://review.opendev.org/#/c/735202
[2] https://review.opendev.org/#/c/733962
[3] https://review.opendev.org/#/c/733404
[4] https://review.opendev.org/#/c/734896

This also addresses comments mentioned in previous patches.

Co-authored-by: Gage Hugo <gagehugo@gmail.com>
Co-authored-by: sgupta <sg774j@att.com>

Depends-on: https://review.opendev.org/#/c/737194/

Change-Id: Id34ace54298660b4b151522916e929a29f5731be
Signed-off-by: Tin Lam <tin@irrational.io>
2020-07-10 09:36:31 -05:00
Gage Hugo db79e79788 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
2020-04-03 20:53:32 +00:00
Gage Hugo f9dbba7043 Revert "Revert "Keystone Authtoken Cache: allow universal secret key to be set""
This reverts commit 90d070390d.

Change-Id: I017c6e9676b872e1aab21f9dc8aa2f93db58d49f
2020-02-21 11:16:55 -06:00
Vasyl Saienko 90d070390d Revert "Keystone Authtoken Cache: allow universal secret key to be set"
This reverts commit 1c85fdc390.

Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.

Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
2020-02-12 11:18:06 +00:00
Gerry Kopec 34cc0104c8 Nova: add service token
Add capability for nova to send service token.  Default to disabled.
Config setup is similar to keystone_authtoken.

Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
2019-07-04 14:10:26 +00:00
Pete Birley fd37d61b12 Nova: Provide method for removing sections from nova compute conf
This PS provides a method to redact sectionf from the nova compute
configuration file. By default this is configured to redact the
db connection strings, and sections.

Change-Id: Ifb50b932155c166634bb8a88363f6c02fbde8389
Signed-off-by: Pete Birley <pete@port.direct>
2019-06-28 16:55:29 -05:00
Pete Birley 9bcf0df94c Messaging: use htk function to directly hit RabbitMQ servers
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.

Depends-On: I5150a64bd29fa062e30496c1f2127de138322863

Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
2019-06-18 21:47:45 +00:00
Zuul 9928f5c819 Merge "Allow more generic overrides for nova placement-api" 2019-04-17 05:48:43 +00:00
Itxaka 6d7a909447 Allow more generic overrides for nova placement-api
With this patch we allow for a more easy way of overriding some of
the values that may be used in other distros while maintainting the
default values if those values are not overriden

The following values are introduced to be overriden:

conf:
  security:
  software:
    apache2:
      conf_dir:
      site_dir:
      mods_dir
      binary:
      extra_flags:
      a2enmod:
      a2dismod:

On which:
 * conf_dir: directory where to drop the config files for apache vhosts
 * site_dir: directory where to drop the enabled virtualhosts
 * mods_dir: directory where to drop any mod configuration
 * binary: the binary to use for launching apache
 * extra_flags: any flags that will be passed to the apache binary call
 * a2enmod: mods to enable
 * a2dismod: mods to disable
 * security: security configuration for apache

Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set
to what they used to be

Change-Id: I4fcfde78c5c8fa65956aeae55108ffa1f10e6972
2019-04-12 14:03:36 +02:00
Gage Hugo 9049ac752a Enable audit pipeline for nova
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the nova-api services.

This provides the ability to audit API requests for nova.

[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html

Change-Id: Ic6df044d83f4dee581c9cc0405f61d926e45bcab
2019-04-11 13:29:33 -05:00
Gerry Kopec 5a7c6581ad Fix ssh config in nova to support cold migrations
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
  container.
- Map private and public keys to configmap-ssh which will default to
  the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
  root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.

Depends on helm-toolkit supporting multiple containers per daemonset
pod.

Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
2019-04-09 22:24:46 +00:00
Chris Wedgwood 8ae990e622 [nova] Allow deterministic setting of 'ironic.memcache_secret_key
If conf.nova.ironic.memcache_secret_key is not explicitly set, derive
it from endpoints.oslo_cache.auth.memcache_secret_key or use a random
value.

This means when installing charts where we explicitly set
endpoints.oslo_cache.auth.memcache_secret_key upgrades without changes
won't churn.

Change-Id: I686297e25627d88ff9bd32df0a3f7ee8afc11f58
2018-10-07 07:26:29 +00:00
Jean-Philippe Evrard 05d0e2b4b8 Revert "Update OSH Author copyrights to OSF"
This reverts commit b1755c3993.

Change-Id: I215a172f2ff4220340292b95f5323847944baeb7
2018-08-28 17:25:13 +00:00
Matt McEuen b1755c3993 Update OSH Author copyrights to OSF
This PS updates the "Openstack-Helm Authors" copyright attribution
to be the "OpenStack Foundation", as decided in the 2018-03-20
team meeting:
http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-03-20-15.00.log.html

No other copyright attributions were changed.

Change-Id: I167ceedab8fadee28c19514fad6f125d0a521caf
2018-08-26 17:17:41 -05:00
Pete Birley 83b91e6e1b Openstack: Use k8s secret to store config
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.

Depends-On: https://review.openstack.org/#/c/593732

Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-22 20:39:52 -05:00
Pete Birley e1179eaaf8 Nova: move all config to be driven via chart values
This PS moves nova inline with other charts, and drives all config
directly from the charts values.yaml.

Change-Id: Ia3da97cd32e70e3a5ffe0ed3f3cacfbadfc8cfd6
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-22 04:42:46 +00:00
Pete Birley 758067bded Nova: move rootwrap config to be values.yaml driven
This PS updates the nova rootwrap config to be values.yaml driven,
inline with neutron and cinder.

Change-Id: I3df7e7de583a75234a6bc4a71a32bd0a8d369332
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-01 22:08:17 +00:00
Pete Birley 5d9519b396 Nova: Move nova sudoers file to be drive fully by values.yaml
This PS brings novas sudoers file config to be in line with neutron
and other osh charts.

Change-Id: I609455b1a58e576644b8a6cfb8b273d5aeb94c58
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-30 18:24:43 -05:00
Steve Wilkerson 2f878e6cf7 Dynamically generate tags for oslo_log fluentd formatter
This proposes changing the tags added to the openstack logs
gathered by the fluentd handler from `openstack.<service>` to
`Namespace.Release` to account for multiple instances of openstack
services being deployed into different namespaces. This allows for
fine tuning the search queries in elasticsearch/kibana to target
specific service deployments in specific namespaces

Change-Id: Ia12dceb4089e107e15d8e30c92c91f350dc31318
2018-07-23 13:28:26 +00:00
Steve Wilkerson da7bc575ec Add logging.conf files to enabled loggers/handlers/formatters
This introduces a mechanism for generating the logging.conf
file for the openstack services via the values. This allows us to
define loggers, handlers, and formatters for the services and the
modules they're composed of.

This also allows us to take advantage of the oslo fluent handler
and formatter. The fluent handler and formatter give us the
following benefits: sending logs directly to fluentd instead of
routed to stdout/stderr and then through fluentbit to fluentd,
project specific tags on the logged events (enables us to define
more robust filters in fluentd for aggregation if required),
full traceback support, and additional metadata (modules that
created logged event, etc)

Depends-On: https://review.openstack.org/577796

Change-Id: I63340ce6b03191d93a74d9ac6947f0b49b8a1a39
2018-06-26 09:51:14 -05:00
Pete Birley 75ecf8fdf4 Gotpl: remove quote and trunc to suppress output
This PS removes the use of the `quote and truncate` approach to
suppress output from gotpl actions in templates and replaces it
with the recommended practice of defining `$_` instead.

Change-Id: I5f35c5f7e70b4f7f461d772e3b72ed1c695c56a8
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-16 18:52:13 +00:00
Steve Wilkerson a71998a80c Nova: Fix sudoers location in nova-etc configmap
The nova_sudoers entry in the nova configmap-etc was consuming
the neutron_sudoers entry in the values.yaml. This corrects it to
point at nova_sudoers instead

Change-Id: I621c817c579cc1c31fa51b1a0f49a43a652784a2
2018-03-14 15:13:15 -05:00
Pete Birley 507600e898 Ingress controller service: consolidate to helm-toolkit
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.

Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
2018-03-12 13:48:39 +00:00
Zuul 4884dd228c Merge "Keystone Authtoken Cache: allow universal secret key to be set" 2018-03-05 19:26:37 +00:00
portdirect 1c85fdc390 Keystone Authtoken Cache: allow universal secret key to be set
This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.

Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
2018-03-05 08:49:24 -05:00
portdirect 42d2f3bc06 Nova: use endpoints section and lookups to set port
This PS moves nova to use the endpoints section and lookups to
set the port it serves on.

Change-Id: I49b2bde8576a61ec9d42545909aee1858c8eb122
2018-03-03 15:07:37 -05:00
Chris Wedgwood 6b844382ad yaml cleanup: trim multiline strings
Change-Id: Ice615c1d252651793dfa09b8e85a5b4228d68737
2018-02-20 16:39:52 +00:00
portdirect a7a09e6de5 Nova: Add ironic support
This PS adds support for Ironic to the nova chart.

Change-Id: I605a0331c049e8e4b3c8d8767f9b2774995d3b91
2018-01-30 15:18:54 -05:00
Jawon Choo 2b5525715b Nova: add spice console
This PS adds spice remote console.
User can choose a console by changing console_kind in values file.
Best practice is to select one or the other to run,
so choosing something other than vnc disables the vnc console.

Change-Id: Ic5d361d5f344b7a078e0c3aeb5f921810101552d
2018-01-18 23:06:32 +09:00
Zuul d6dbd905e7 Merge "Auth: Update credential keys to reference service specifically" 2018-01-16 06:59:37 +00:00
portdirect b180d28618 Auth: Update credential keys to reference service specifically
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.

Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
2018-01-15 18:54:13 +00:00
Jawon Choo d08e179e65 fix: placement's variables.
This PS corrects placement's variable region_name to os_region_name.

Change-Id: Id22be61f0d27e80dd52e6d787478c6a752714c3c
2018-01-15 16:41:51 +09:00
Zuul a78e638897 Merge "Add support for node-level conf overrides" 2018-01-09 15:38:29 +00:00
Craig Anderson b73bb03e5b Add support for node-level conf overrides
Add override functionality to helm-toolkit and enable in compute daemonset.

Change-Id: Ia85abbbea89c12d0b6f21ecf2413cd3ae7b9552e
2018-01-08 22:35:36 +00:00
portdirect 7176cd7a15 Nova: Fix placement API service credentials
This PS fixes how service credentials for the placement api are
managed, by correctly populating them from the endpoints section
which is responsible for managing the keystone user account.

Change-Id: Id44eae864d930af9cedc7a0258c72d6610ac1e5d
2018-01-06 14:17:01 -05:00
portdirect 5986506799 Nova: Move placement API to run behind Apache
This PS moves the placement API to run behind Apache, to match
the recommended deployment method.

Change-Id: Id057ef042cf30300c0cd35265dff6a9c16694c70
2017-11-30 13:40:31 -05:00
Dae Seong Kim 110f428a6e Enable cell service
This PS adds nova_cell0 database and init cell service.

Change-Id: I29e33fb1a18f39586a7323dac82ddccbc445853f
Implements: blueprint enable-cell-service
2017-11-15 11:29:26 +09:00
Dae Seong Kim c1a0533d36 Add the nova placement service
Placement service is optional in Newton, but required in Ocata.
So it needs to add the service for upgrading.

Change-Id: I49637c04ba7739a5108a442af05580f719ec3d54
Implements: blueprint add-nova-placement-service
2017-11-13 11:09:06 +09:00
Jenkins 8273259416 Merge "Nova metadata : set clusterIP dynamically" 2017-10-15 18:33:34 +00:00