add novncproxy deployment on nova chart

This PS adds a novncproxy deployment on nova chart and fixes a bug about keystone memcached configration. Change-Id: I44a8571e7da2dc4a431631e6e3a96b16e7242fd3 Closes-Bug: #1698033 Implements: blueprint add-novncproxy
2017-06-15 10:18:35 +09:00 · 2017-06-15 10:18:35 +09:00 · 478dae3943
parent 6231dde5c1
commit 478dae3943
9 changed files with 378 additions and 3 deletions
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@ -19,5 +19,12 @@ set -ex
 # Make the Nova Instances Dir as this is not autocreated.
 mkdir -p /var/lib/nova/instances

+console_kind="{{- .Values.console.console_kind -}}"
+if [ "${console_kind}" == "novnc" ] ; then
+exec nova-compute \
+      --config-file /etc/nova/nova.conf \
+      --config-file /tmp/pod-shared/nova-vnc.ini
+else
 exec nova-compute \
      --config-file /etc/nova/nova.conf
+fi
--- a/nova/templates/bin/_nova-novncproxy.sh.tpl
+++ b/nova/templates/bin/_nova-novncproxy.sh.tpl
@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -x
+exec nova-novncproxy \
+      --config-file /etc/nova/nova.conf \
+      --config-file /tmp/pod-shared/nova-vnc.ini
--- a/nova/templates/bin/_nova-vnc-compute-init.sh.tpl
+++ b/nova/templates/bin/_nova-vnc-compute-init.sh.tpl
@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+client_address="{{- .Values.conf.nova.vnc.nova.conf.vncserver_proxyclient_address -}}"
+if [ -z "${client_address}" ] ; then
+    client_interface="{{- .Values.console.novnc.compute.vncserver_proxyclient_interface -}}"
+    if [ -z "${client_interface}" ] ; then
+        # search for interface with default routing
+        client_interface=$(ip r | grep default | awk '{print $5}')
+    fi
+
+    # determine client ip dynamically based on interface provided
+    client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+fi
+
+listen_ip="{{- .Values.conf.nova.vnc.nova.conf.vncserver_listen -}}"
+if [ -z "${listen_ip}" ] ; then
+    # The server component listens on all IP addresses and the proxy component
+    # only listens on the management interface IP address of the compute node.
+    listen_ip=0.0.0.0
+fi
+
+cat <<EOF>/tmp/pod-shared/nova-vnc.ini
+[vnc]
+vncserver_proxyclient_address = $client_address
+vncserver_listen = $listen_ip
+EOF
--- a/nova/templates/bin/_nova-vnc-proxy-init.sh.tpl
+++ b/nova/templates/bin/_nova-vnc-proxy-init.sh.tpl
@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+client_address="{{- .Values.conf.nova.vnc.vncproxy.conf.vncserver_proxyclient_address -}}"
+if [ -z "${client_address}" ] ; then
+    client_interface="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_interface -}}"
+    if [ -z "${client_interface}" ] ; then
+        # search for interface with default routing
+        client_interface=$(ip r | grep default | awk '{print $5}')
+    fi
+
+    # determine client ip dynamically based on interface provided
+    client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+fi
+
+listen_ip="{{- .Values.conf.nova.vnc.vncproxy.conf.vncserver_listen -}}"
+if [ -z "${listen_ip}" ] ; then
+    listen_ip=$client_address
+fi
+
+cat <<EOF>/tmp/pod-shared/nova-vnc.ini
+[vnc]
+vncserver_proxyclient_address = $client_address
+vncserver_listen = $listen_ip
+EOF
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@ -53,3 +53,9 @@ data:
 {{ tuple "bin/_fake-iptables.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  ceph-keyring.sh: |+
 {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-novncproxy.sh: |
+{{ tuple "bin/_nova-novncproxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-vnc-compute-init.sh: |
+{{ tuple "bin/_nova-vnc-compute-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-vnc-proxy-init.sh: |
+{{ tuple "bin/_nova-vnc-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@ -65,6 +65,60 @@ spec:
              subPath: key
              readOnly: true
        {{ end }}
+        - name: nova-compute-init
+          image: {{ .Values.images.compute }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          {{- if .Values.resources.enabled }}
+          resources:
+            requests:
+              memory: {{ .Values.resources.nova_compute.requests.memory | quote }}
+              cpu: {{ .Values.resources.nova_compute.requests.cpu | quote }}
+            limits:
+              memory: {{ .Values.resources.nova_compute.limits.memory | quote }}
+              cpu: {{ .Values.resources.nova_compute.limits.cpu | quote }}
+          {{- end }}
+          securityContext:
+            privileged: true
+          command:
+            - /tmp/nova-vnc-compute-init.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-vnc-compute-init.sh
+              subPath: nova-vnc-compute-init.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/api-paste.ini
+              subPath: api-paste.ini
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/resolv.conf
+              subPath: resolv.conf
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/ceph/ceph.conf
+              subPath: ceph.conf
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/ceph/ceph.client.keyring
+              subPath: ceph.client.keyring
+              readOnly: true
+            - mountPath: /lib/modules
+              name: libmodules
+              readOnly: true
+            - name: varlibnova
+              mountPath: /var/lib/nova
+            - name: varliblibvirt
+              mountPath: /var/lib/libvirt
+            - name: run
+              mountPath: /run
+            - name: cgroup
+              mountPath: /sys/fs/cgroup
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
      containers:
        - name: nova-compute
          image: {{ .Values.images.compute }}
@ -126,6 +180,8 @@ spec:
              mountPath: /run
            - name: cgroup
              mountPath: /sys/fs/cgroup
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
 {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: nova-bin
@ -160,4 +216,6 @@ spec:
        - name: cgroup
          hostPath:
            path: /sys/fs/cgroup
+        - name: pod-shared
+          emptyDir: {}
 {{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@ -0,0 +1,119 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if eq .Values.console.console_kind "novnc" }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.novncproxy }}
+{{- $mounts_nova_novncproxy := .Values.mounts.nova_novncproxy.nova_novncproxy }}
+{{- $mounts_nova_novncproxy_init := .Values.mounts.nova_novncproxy.init_novncproxy }}
+
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: nova-novncproxy
+spec:
+  replicas: {{ .Values.replicas.novncproxy }}
+  revisionHistoryLimit: {{ .Values.upgrades.deployments.revision_history }}
+  strategy:
+    type: {{ .Values.upgrades.deployments.pod_replacement_strategy }}
+    {{ if eq .Values.upgrades.deployments.pod_replacement_strategy "RollingUpdate" }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.upgrades.deployments.rolling_update.max_unavailable }}
+      maxSurge: {{ .Values.upgrades.deployments.rolling_update.max_surge }}
+    {{ end }}
+  template:
+    metadata:
+      labels:
+        app: nova-novncproxy
+      annotations:
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      nodeSelector:
+        {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
+      securityContext:
+        runAsUser: 0
+      hostNetwork: true
+      hostPID: true
+      dnsPolicy: ClusterFirst
+      initContainers:
+{{ tuple $envAll $dependencies $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: nova-novncproxy-init
+          image: {{ .Values.images.novncproxy }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          {{- if .Values.resources.enabled }}
+          resources:
+            requests:
+              memory: {{ .Values.resources.nova_novncproxy.requests.memory | quote }}
+              cpu: {{ .Values.resources.nova_novncproxy.requests.cpu | quote }}
+            limits:
+              memory: {{ .Values.resources.nova_novncproxy.limits.memory | quote }}
+              cpu: {{ .Values.resources.nova_novncproxy.limits.cpu | quote }}
+          {{- end }}
+          command:
+            - /tmp/nova-vnc-proxy-init.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-vnc-proxy-init.sh
+              subPath: nova-vnc-proxy-init.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+      containers:
+        - name: nova-novncproxy
+          image: {{ .Values.images.novncproxy }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          {{- if .Values.resources.enabled }}
+          resources:
+            requests:
+              memory: {{ .Values.resources.nova_novncproxy.requests.memory | quote }}
+              cpu: {{ .Values.resources.nova_novncproxy.requests.cpu | quote }}
+            limits:
+              memory: {{ .Values.resources.nova_novncproxy.limits.memory | quote }}
+              cpu: {{ .Values.resources.nova_novncproxy.limits.cpu | quote }}
+          {{- end }}
+          command:
+            - /tmp/nova-novncproxy.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-novncproxy.sh
+              subPath: nova-novncproxy.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/resolv.conf
+              subPath: resolv.conf
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: nova-bin
+          configMap:
+            name: nova-bin
+            defaultMode: 0555
+        - name: nova-etc
+          configMap:
+            name: nova-etc
+        - name: pod-shared
+          emptyDir: {}
+{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }}
+{{ end }}
--- a/nova/templates/service-novncproxy.yaml
+++ b/nova/templates/service-novncproxy.yaml
@ -0,0 +1,35 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if eq .Values.console.console_kind "novnc" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: nova-novncproxy
+spec:
+  ports:
+  - name: nova-novncproxy
+    protocol: TCP
+    port: {{ .Values.network.novncproxy.port }}
+    targetPort: {{ .Values.network.novncproxy.targetPort }}
+    {{ if .Values.network.novncproxy.node_port.enabled }}
+    nodePort: {{ .Values.network.novncproxy.node_port.port }}
+    {{ end }}
+  selector:
+    app: nova-novncproxy
+  {{ if .Values.network.novncproxy.node_port.enabled }}
+  type: NodePort
+  {{ end }}
+{{ end }}
+
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -23,6 +23,7 @@ replicas:
  conductor: 1
  consoleauth: 1
  scheduler: 1
+  novncproxy: 1

 labels:
  agent:
@ -50,6 +51,9 @@ labels:
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
+  novncproxy:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled

 images:
  test: docker.io/kolla/ubuntu-binary-rally:4.0.0
@ -131,6 +135,13 @@ network:
    node_port:
      enabled: false
      port: 30775
+  novncproxy:
+    name: "nova-novncproxy"
+    node_port:
+      enabled: false
+      port: 36080
+    port: 6080
+    targetPort: 6080

 keystone:
  admin_user: "admin"
@ -257,6 +268,12 @@ dependencies:
      endpoint: internal
    - service: network
      endpoint: internal
+  novncproxy:
+    jobs:
+    - nova-db-sync
+    services:
+    - service: oslo_db
+      endpoint: internal

 mounts:
  nova_compute:
@ -286,6 +303,22 @@ mounts:
  nova_tests:
    init_container: null
    nova_tests:
+  nova_novncproxy:
+    init_novncproxy: null
+    nova_novncproxy:
+
+console:
+  # serial | spice | novnc | none
+  console_kind: novnc
+  serial:
+  spice:
+  novnc:
+    compute:
+      # IF blank, search default routing interface
+      vncserver_proxyclient_interface:
+    vncproxy:
+      # IF blank, search default routing interface
+      vncserver_proxyclient_interface:

 conf:
  paste:
@ -316,15 +349,23 @@ conf:
          allow_resize_to_same_host: true
          compute_driver: libvirt.LibvirtDriver
          my_ip: 0.0.0.0
+    spice:
+    serial:
    vnc:
      nova:
        conf:
          novncproxy_host: 0.0.0.0
          novncproxy_port: 6080
          vncserver_listen: 0.0.0.0
-          vncserver_proxyclient_address: 0.0.0.0
-          # FIXME(ALANMEADOWS)
-          novncproxy_base_url: http://0.0.0.0:6080/no_vnc.html
+          # leave blank, this should be set by each compute nodes's ip
+          vncserver_proxyclient_address:
+          # set management or lb address
+          novncproxy_base_url: http://nova-novncproxy:6080/vnc_auto.html
+      vncproxy:
+        conf:
+          # IF blank, search default routing interface's ip
+          vncserver_listen:
+          vncserver_proxyclient_address:
    conductor:
      nova:
        conf:
@ -612,3 +653,10 @@ resources:
    limits:
      memory: "1024Mi"
      cpu: "2000m"
+  nova_novncproxy:
+    requests:
+      memory: "124Mi"
+      cpu: "100m"
+    limits:
+      memory: "1024Mi"
+      cpu: "2000m"