diff --git a/nova/Chart.yaml b/nova/Chart.yaml index c489bdc2b4..edb933e4ff 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.3.32 +version: 0.3.33 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/templates/bin/_storage-init.sh.tpl b/nova/templates/bin/_storage-init.sh.tpl new file mode 100644 index 0000000000..cb3505d485 --- /dev/null +++ b/nova/templates/bin/_storage-init.sh.tpl @@ -0,0 +1,42 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x +if [ "x$STORAGE_BACKEND" == "xrbd" ]; then + SECRET=$(mktemp --suffix .yaml) + KEYRING=$(mktemp --suffix .keyring) + function cleanup { + rm -f ${SECRET} ${KEYRING} + } + trap cleanup EXIT +fi + +set -ex +if [ "x$STORAGE_BACKEND" == "xrbd" ]; then + ceph -s + function ensure_pool () { + ceph osd pool stats $1 || ceph osd pool create $1 $2 + if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then + ceph osd pool application enable $1 $3 + fi + size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]') + ceph osd pool set $1 nosizechange 0 + ceph osd pool set $1 size ${RBD_POOL_REPLICATION} + ceph osd pool set $1 nosizechange ${size_protection} + ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}" + } + ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME} +fi \ No newline at end of file diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 90a91a93b2..564c230949 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -39,6 +39,8 @@ data: {{- end }} rally-test.sh: | {{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} + storage-init.sh: | +{{ tuple "bin/_storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} db-init.py: | {{- include "helm-toolkit.scripts.db_init" . | indent 4 }} db-sync.sh: | diff --git a/nova/templates/job-nova-storage-init.yaml b/nova/templates/job-nova-storage-init.yaml new file mode 100644 index 0000000000..9748a5f45d --- /dev/null +++ b/nova/templates/job-nova-storage-init.yaml @@ -0,0 +1,167 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_storage_init .Values.conf.ceph.enabled }} +{{- $envAll := . }} + +{{- $serviceAccountName := "nova-storage-init" }} +{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $serviceAccountName }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +--- +apiVersion: batch/v1 +kind: Job +metadata: +{{- if .Values.helm3_hook }} + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-weight: "-6" +{{- end }} + name: nova-storage-init + labels: +{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + template: + metadata: + labels: +{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure +{{ if $envAll.Values.pod.tolerations.nova.enabled }} +{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{- if $envAll.Values.conf.ceph.enabled }} + - name: ceph-keyring-placement +{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 + command: + - /tmp/ceph-admin-keyring.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcceph + mountPath: /etc/ceph + - name: nova-bin + mountPath: /tmp/ceph-admin-keyring.sh + subPath: ceph-admin-keyring.sh + readOnly: true + {{- if empty .Values.conf.ceph.admin_keyring }} + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + {{ end }} + {{ end }} + containers: + - name: nova-storage-init +{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: STORAGE_BACKEND + value: {{ .Values.conf.nova.libvirt.images_type | quote }} + {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }} + - name: RBD_POOL_NAME + value: {{ .Values.conf.nova.libvirt.images_rbd_pool | quote }} + - name: RBD_POOL_APP_NAME + value: {{ .Values.rbd_pool.app_name | quote }} + - name: RBD_POOL_USER + value: {{ .Values.conf.nova.libvirt.rbd_user | quote }} + - name: RBD_POOL_CRUSH_RULE + value: {{ .Values.rbd_pool.crush_rule | quote }} + - name: RBD_POOL_REPLICATION + value: {{ .Values.rbd_pool.replication | quote }} + - name: RBD_POOL_CHUNK_SIZE + value: {{ .Values.rbd_pool.chunk_size | quote }} + {{ end }} + command: + - /tmp/storage-init.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: nova-bin + mountPath: /tmp/storage-init.sh + subPath: storage-init.sh + readOnly: true + {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }} + - name: etcceph + mountPath: /etc/ceph + - name: ceph-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + {{- if empty $envAll.Values.conf.ceph.admin_keyring }} + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + {{- end }} + {{- end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: nova-bin + configMap: + name: nova-bin + defaultMode: 0555 + {{- if $envAll.Values.conf.ceph.enabled }} + - name: etcceph + emptyDir: {} + - name: ceph-etc + configMap: + name: {{ .Values.ceph_client.configmap }} + defaultMode: 0444 + {{- if empty .Values.conf.ceph.admin_keyring }} + - name: ceph-keyring + secret: + secretName: {{ .Values.ceph_client.user_secret_name }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/nova/values.yaml b/nova/values.yaml index a48ecb1953..9c68375d08 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -74,6 +74,7 @@ images: nova_novncproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:wallaby' nova_scheduler: docker.io/openstackhelm/nova:wallaby-ubuntu_focal + nova_storage_init: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal' # NOTE(portdirect): we simply use the ceph config helper here, # as it has both oscli and jq. nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal' @@ -519,6 +520,12 @@ ceph_client: configmap: ceph-etc user_secret_name: pvc-ceph-client-key +rbd_pool: + app_name: nova-vms + replication: 3 + crush_rule: replicated_rule + chunk_size: 8 + conf: security: | # @@ -2387,6 +2394,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + storage_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" db_init: requests: memory: "128Mi" @@ -2511,6 +2525,7 @@ manifests: ingress_novncproxy: true ingress_osapi: true job_bootstrap: true + job_storage_init: true job_db_init: true job_db_sync: true job_db_drop: false diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index 12af77bd91..b600afba53 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -101,4 +101,5 @@ nova: - 0.3.30 Add the conditional statement for log_config_append - 0.3.31 Add getting LISTEN IP for CIDR - 0.3.32 Set the startupProbe for nova-compute + - 0.3.33 Add job to create 'vms' pool ...