Currently Nova API server still using eventlet-based HTTP servers,
it is generally considered more performant and flexible to run them
using a generic HTTP server that supports WSGI.
Change-Id: I489557181bb8becbaf5cf7d9812a671d5cb3cc4a
metadata_port value used in queens version and changed
in rocky version to metadata_listen_port
story: 2011052
task: 49616
Change-Id: I106f50f620c2594b1f8ea7dc516d2e254c6af479
The current values specified in values.yaml along with the configmap-etc
template can make it very difficult for the end user to properly configure
a cinder authentication method other than password. These changes give the end
user the needed flexibility.
Change-Id: I99e75e1aa9ddd8378518b1291123a34d2881715f
This patchset allows enabling vencrypt for VNC, based on a
downstream patchset. [1]
Primary differences:
- uses HTK to render the cert instead of its own template
- leaves the creation of a separate (sub)issuer for vencrypt as
outside the scope of this (and the libvirt) chart.
1. https://github.com/vexxhost/atmosphere/pull/483
Co-Authored-By: Oleksandr Kozachenko okozachenko1203@gmail.com
Change-Id: If377faebc4c65f37b08a3c8aab2fed844a07c26f
port number in nova
Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.
I added `service` section in endpoint items apart from admin,public
,internal and default.
Change-Id: Id5ce67f65374382d103c8a0aec78cb43713ce4d2
ADD: include new charts to the umbrella chart for comprehensive
deployment of openstack-helm.
* openvswitch
* libvirt
* neutron
* nova
* placement
Change-Id: I78d1c7c629024c3f9530239dff9f8eb9da598764
nova-placement has been removed as of train, since we
do not support openstack releases before train, it
is no longer needed. This change removes nova-placement
from the nova chart and all the overrides, as well as
changes the compute-kit scripts to always deploy
the placement chart.
Change-Id: Ic8649371fe9e954806cbe4bf11c589fb58c7a88d
All ssh configurations for the nova-compute pods
are now done by _ssh-init.sh.tpl . This patch removes
the ssh-config that is not needed anymore.
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Change-Id: Ib1b24466678a0df28a3ce7ba4d3fe94bfb169702
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This reverts commit 1c85fdc390.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
Add capability for nova to send service token. Default to disabled.
Config setup is similar to keystone_authtoken.
Change-Id: I666f8f52fed50c61f67397b3da58133a2f9b49d3
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
This PS provides a method to redact sectionf from the nova compute
configuration file. By default this is configured to redact the
db connection strings, and sections.
Change-Id: Ifb50b932155c166634bb8a88363f6c02fbde8389
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.
Depends-On: I5150a64bd29fa062e30496c1f2127de138322863
Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
With this patch we allow for a more easy way of overriding some of
the values that may be used in other distros while maintainting the
default values if those values are not overriden
The following values are introduced to be overriden:
conf:
security:
software:
apache2:
conf_dir:
site_dir:
mods_dir
binary:
extra_flags:
a2enmod:
a2dismod:
On which:
* conf_dir: directory where to drop the config files for apache vhosts
* site_dir: directory where to drop the enabled virtualhosts
* mods_dir: directory where to drop any mod configuration
* binary: the binary to use for launching apache
* extra_flags: any flags that will be passed to the apache binary call
* a2enmod: mods to enable
* a2dismod: mods to disable
* security: security configuration for apache
Notice that if there is no overrides given, it should not affect anything
and the templates will not be changed as the default values are set
to what they used to be
Change-Id: I4fcfde78c5c8fa65956aeae55108ffa1f10e6972
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the nova-api services.
This provides the ability to audit API requests for nova.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: Ic6df044d83f4dee581c9cc0405f61d926e45bcab
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
container.
- Map private and public keys to configmap-ssh which will default to
the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
Depends on helm-toolkit supporting multiple containers per daemonset
pod.
Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
If conf.nova.ironic.memcache_secret_key is not explicitly set, derive
it from endpoints.oslo_cache.auth.memcache_secret_key or use a random
value.
This means when installing charts where we explicitly set
endpoints.oslo_cache.auth.memcache_secret_key upgrades without changes
won't churn.
Change-Id: I686297e25627d88ff9bd32df0a3f7ee8afc11f58
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves nova inline with other charts, and drives all config
directly from the charts values.yaml.
Change-Id: Ia3da97cd32e70e3a5ffe0ed3f3cacfbadfc8cfd6
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the nova rootwrap config to be values.yaml driven,
inline with neutron and cinder.
Change-Id: I3df7e7de583a75234a6bc4a71a32bd0a8d369332
Signed-off-by: Pete Birley <pete@port.direct>
This PS brings novas sudoers file config to be in line with neutron
and other osh charts.
Change-Id: I609455b1a58e576644b8a6cfb8b273d5aeb94c58
Signed-off-by: Pete Birley <pete@port.direct>
This proposes changing the tags added to the openstack logs
gathered by the fluentd handler from `openstack.<service>` to
`Namespace.Release` to account for multiple instances of openstack
services being deployed into different namespaces. This allows for
fine tuning the search queries in elasticsearch/kibana to target
specific service deployments in specific namespaces
Change-Id: Ia12dceb4089e107e15d8e30c92c91f350dc31318
This introduces a mechanism for generating the logging.conf
file for the openstack services via the values. This allows us to
define loggers, handlers, and formatters for the services and the
modules they're composed of.
This also allows us to take advantage of the oslo fluent handler
and formatter. The fluent handler and formatter give us the
following benefits: sending logs directly to fluentd instead of
routed to stdout/stderr and then through fluentbit to fluentd,
project specific tags on the logged events (enables us to define
more robust filters in fluentd for aggregation if required),
full traceback support, and additional metadata (modules that
created logged event, etc)
Depends-On: https://review.openstack.org/577796
Change-Id: I63340ce6b03191d93a74d9ac6947f0b49b8a1a39
This PS removes the use of the `quote and truncate` approach to
suppress output from gotpl actions in templates and replaces it
with the recommended practice of defining `$_` instead.
Change-Id: I5f35c5f7e70b4f7f461d772e3b72ed1c695c56a8
Signed-off-by: Pete Birley <pete@port.direct>
The nova_sudoers entry in the nova configmap-etc was consuming
the neutron_sudoers entry in the values.yaml. This corrects it to
point at nova_sudoers instead
Change-Id: I621c817c579cc1c31fa51b1a0f49a43a652784a2
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.
Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.
Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
This PS adds spice remote console.
User can choose a console by changing console_kind in values file.
Best practice is to select one or the other to run,
so choosing something other than vnc disables the vnc console.
Change-Id: Ic5d361d5f344b7a078e0c3aeb5f921810101552d
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.
Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This PS fixes how service credentials for the placement api are
managed, by correctly populating them from the endpoints section
which is responsible for managing the keystone user account.
Change-Id: Id44eae864d930af9cedc7a0258c72d6610ac1e5d
Placement service is optional in Newton, but required in Ocata.
So it needs to add the service for upgrading.
Change-Id: I49637c04ba7739a5108a442af05580f719ec3d54
Implements: blueprint add-nova-placement-service