From 2e63d41e5c429b616454fed0ac2073a73ad5d5b5 Mon Sep 17 00:00:00 2001 From: zhipengl Date: Mon, 9 Sep 2019 21:42:06 +0800 Subject: [PATCH] Add a network config item for novncproxy In deployment-novncproxy.yaml, it set hostNetwork = true. We want to let it use cluster network instead of hostNetwork. This patch will add a config item, so that we can override it to use cluster network. Then no need to enable 6080 port in local network firewall for novncproxy access. Upstream patch submitted as below. https://review.opendev.org/#/c/679891 Below test pass! Access to VM console through horizon works! Closes-bug: 1827246 Change-Id: Icb0cfa39839e151d5869c64bc8f0151d0d9faf49 Signed-off-by: zhipengl --- openstack-helm/centos/openstack-helm.spec | 2 + ...d-config-network-item-for-novncproxy.patch | 42 +++++++++++++++++++ .../manifests/manifest.yaml | 3 +- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index 5f65b255..01224b47 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -39,6 +39,7 @@ Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch Patch18: 0018-Nova-add-service-token.patch Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch Patch20: 0020-Change-cinder-bootstrap-script.patch +Patch21: 0021-Add-config-network-item-for-novncproxy.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -69,6 +70,7 @@ Openstack Helm charts %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 %build # initialize helm and build the toolkit diff --git a/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch b/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch new file mode 100644 index 00000000..ff4a7194 --- /dev/null +++ b/openstack-helm/files/0021-Add-config-network-item-for-novncproxy.patch @@ -0,0 +1,42 @@ +From 6fba31f6ba8627c7314a46f5b54d59fd17858848 Mon Sep 17 00:00:00 2001 +From: zhipengl +Date: Wed, 4 Sep 2019 13:24:12 +0800 +Subject: [PATCH] Patch21: 0021-Add-config-network-item-for-novncproxy.patch + +Signed-off-by: zhipengl +--- + nova/templates/deployment-novncproxy.yaml | 2 ++ + nova/values.yaml | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml +index 2611ba8..1eebcfd 100644 +--- a/nova/templates/deployment-novncproxy.yaml ++++ b/nova/templates/deployment-novncproxy.yaml +@@ -52,8 +52,10 @@ spec: + {{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }} ++{{- if .Values.pod.useHostNetwork.novncproxy }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet ++{{- end }} + initContainers: + {{ tuple $envAll "novncproxy" $mounts_nova_novncproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: nova-novncproxy-init +diff --git a/nova/values.yaml b/nova/values.yaml +index ee00591..db86621 100644 +--- a/nova/values.yaml ++++ b/nova/values.yaml +@@ -2050,6 +2050,8 @@ pod: + nova_spiceproxy: + volumeMounts: + volumes: ++ useHostNetwork: ++ novncproxy: true + replicas: + api_metadata: 1 + compute_ironic: 1 +-- +1.8.3.1 + diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index e8c2f0af..108f8b52 100644 --- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -917,6 +917,8 @@ data: # here. mandatory_access_control: type: null + useHostNetwork: + novncproxy: false replicas: api_metadata: 1 osapi: 1 @@ -974,7 +976,6 @@ data: # declared down during controller swacts, reboots, etc... service_down_time: 90 long_rpc_timeout: 400 - libvirt: cpu_mode: host-model live_migration_completion_timeout: 180