Merge remote-tracking branch 'gerrit/master' into f/centos76

Change-Id: I8ae344db96e98d9b1e12af99a469ee66f11c1127
Signed-off-by: Saul Wold <sgw@linux.intel.com>

openstack/openstack-helm-infra/centos/build_srpm.data

@@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
 
 COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
 
-TIS_PATCH_VER=5
+TIS_PATCH_VER=6

openstack/openstack-helm-infra/centos/openstack-helm-infra.spec

@@ -18,6 +18,8 @@ BuildArch:     noarch
 Patch01: 0001-gnocchi-chart-updates.patch
 Patch02: Mariadb-Support-adoption-of-running-single-node-mari.patch
 Patch03: Mariadb-Share-container-PID-namespaces-under-docker.patch
+Patch04: 0004-Allow-multiple-containers-per-daemonset-pod.patch
+Patch05: fix-type-error-to-streamline-single-replica-mariadb-.patch
 
 BuildRequires: helm
 
@@ -29,6 +31,8 @@ Openstack Helm Infra charts
 %patch01 -p1
 %patch02 -p1
 %patch03 -p1
+%patch04 -p1
+%patch05 -p1
 
 %build
 # initialize helm and build the toolkit

openstack/openstack-helm-infra/files/0004-Allow-multiple-containers-per-daemonset-pod.patch

@@ -0,0 +1,35 @@
+From 26844aac43f76afc65ed907fc94ab83ca93c86ae Mon Sep 17 00:00:00 2001
+From: Gerry Kopec <Gerry.Kopec@windriver.com>
+Date: Wed, 9 Jan 2019 20:11:33 -0500
+Subject: [PATCH] Allow multiple containers per daemonset pod
+
+Remove code that restricted daemonset pods to single containers.
+Container names will default to name from helm chart template without
+hostname and sha though the pod will still have them.
+
+May require further refinement before this can be upstreamed.
+---
+ helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+index 8ba2241..b960a84 100644
+--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
++++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+@@ -217,13 +217,6 @@ limitations under the License.
+     {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }}
+     {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }}
+ 
+-    {{/* set container name
+-    assume not more than one container is defined */}}
+-    {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }}
+-    {{- $_ := set $container "name" $current_dict.dns_1123_name }}
+-    {{- $cont_list := list $container }}
+-    {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }}
+-
+     {{/* cross-reference configmap name to container volume definitions */}}
+     {{- $_ := set $context.Values "__volume_list" list }}
+     {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }}
+-- 
+1.8.3.1
+

openstack/openstack-helm-infra/files/fix-type-error-to-streamline-single-replica-mariadb-.patch

@@ -0,0 +1,34 @@
+From d983c89dbce840fad50f49e4253ecc7930f15338 Mon Sep 17 00:00:00 2001
+From: Chris Friesen <chris.friesen@windriver.com>
+Date: Wed, 6 Feb 2019 17:19:39 -0600
+Subject: [PATCH] fix type error to streamline single-replica mariadb startup
+
+The mariadb startup script was trying to optimize the single-replica
+case but missed the fact that the variable it was checking was a
+string rather than an int.
+
+Converting it to an int before doing the comparison makes it work
+as expected.
+
+Change-Id: I8612e9e8ef5ec8ff61ecf0782f262a5feafd501a
+Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
+---
+ mariadb/templates/bin/_start.py.tpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mariadb/templates/bin/_start.py.tpl b/mariadb/templates/bin/_start.py.tpl
+index 4d4428c..d0b9c8e 100644
+--- a/mariadb/templates/bin/_start.py.tpl
++++ b/mariadb/templates/bin/_start.py.tpl
+@@ -729,7 +729,7 @@ elif get_cluster_state() == 'init':
+     run_mysqld()
+ elif get_cluster_state() == 'live':
+     logger.info("Cluster has been running starting restore/rejoin")
+-    if not mariadb_replicas > 1:
++    if not int(mariadb_replicas) > 1:
+         logger.info(
+             "There is only a single node in this cluster, we are good to go")
+         update_grastate_on_restart()
+-- 
+1.8.3.1
+

openstack/openstack-helm/centos/build_srpm.data

@@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
 
 COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
 
-TIS_PATCH_VER=7
+TIS_PATCH_VER=9

openstack/openstack-helm/centos/openstack-helm.spec

@@ -23,6 +23,8 @@ Patch02: 0002-Add-Aodh-Chart.patch
 Patch03: 0003-Add-Panko-Chart.patch
 Patch04: Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
 Patch05: 0005-Add-heat-purge-deleted-cron-job.patch
+Patch06: 0006-Enable-cold-migration-in-nova-helm-chart.patch
+Patch07: 0007-Glance-chart-add-images-pool-replication.patch
 
 BuildRequires: helm
 BuildRequires: openstack-helm-infra
@@ -38,6 +40,8 @@ Openstack Helm charts
 %patch03 -p1
 %patch04 -p1
 %patch05 -p1
+%patch06 -p1
+%patch07 -p1
 
 %build
 # initialize helm and build the toolkit

openstack/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch

@@ -0,0 +1,174 @@
+From 7760815c98231ffd431f053f8fac35902f420118 Mon Sep 17 00:00:00 2001
+From: Gerry Kopec <Gerry.Kopec@windriver.com>
+Date: Thu, 10 Jan 2019 00:12:21 -0500
+Subject: [PATCH] Enable cold migration in nova helm chart
+
+- Move private key from sshd container to nova-compute container.
+- Map private and public keys to configmap-ssh which will default to
+  correct file permissions.
+- Add additional config to /etc/ssh/sshd_config to allow passwordless
+  root logins over appropriate subnet passed in from overrides.
+- Remove chmods from sshd bash script as they are failing.
+
+Depends on helm-toolkit supporting multiple containers per pod.
+---
+ nova/templates/bin/_ssh-start.sh.tpl  | 19 ++++++++++++++++---
+ nova/templates/configmap-etc.yaml     |  4 ++--
+ nova/templates/configmap-ssh.yaml     | 35 +++++++++++++++++++++++++++++++++++
+ nova/templates/daemonset-compute.yaml | 14 +++++++++-----
+ nova/values.yaml                      |  5 +++++
+ 5 files changed, 67 insertions(+), 10 deletions(-)
+ create mode 100755 nova/templates/configmap-ssh.yaml
+
+diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
+index 1c10cb0..158090b 100644
+--- a/nova/templates/bin/_ssh-start.sh.tpl
++++ b/nova/templates/bin/_ssh-start.sh.tpl
+@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
+     chown nova: ~nova/.ssh
+ fi
+ 
+-chmod 0600 ~root/.ssh/authorized_keys
+-chmod 0600 ~root/.ssh/id_rsa
+-chmod 0600 ~root/.ssh/id_rsa.pub
++{{- if .Values.network.sshd.enabled }}
++subnet_address="{{- .Values.network.sshd.from_subnet -}}"
++cat > /tmp/sshd_config_extend <<EOF
++
++# This Match block prevents Password Authentication for root user
++Match User root
++    PasswordAuthentication no
++
++# This Match Block is used to allow Root Login exceptions over the
++# internal subnet used by Nova Migrations
++Match Address $subnet_address
++    PermitRootLogin without-password
++EOF
++cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
++rm /tmp/sshd_config_extend
++{{- end }}
+ 
+ exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
+diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
+index 55aa311..0d1e7a5 100644
+--- a/nova/templates/configmap-etc.yaml
++++ b/nova/templates/configmap-etc.yaml
+@@ -232,8 +232,8 @@ data:
+   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+   nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
+ {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
+-# FIXME(portdirect): why is this file suffixed .sh?
+-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
++{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
++
+ {{- end }}
+ {{- end }}
+ {{- if .Values.manifests.configmap_etc }}
+diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
+new file mode 100755
+index 0000000..bab8e33
+--- /dev/null
++++ b/nova/templates/configmap-ssh.yaml
+@@ -0,0 +1,35 @@
++{{/*
++Copyright 2019 The Openstack-Helm Authors.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++   http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++{{- define "nova.configmap.ssh" }}
++{{- $envAll := index . 1 }}
++{{- with $envAll }}
++---
++apiVersion: v1
++kind: Secret
++metadata:
++  name: nova-ssh
++type: Opaque
++data:
++  ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
++{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
++
++{{- end }}
++{{- end }}
++
++{{- if .Values.manifests.configmap_etc }}
++{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
++{{- end }}
+diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
+index 850f0b0..82f185f 100644
+--- a/nova/templates/daemonset-compute.yaml
++++ b/nova/templates/daemonset-compute.yaml
+@@ -217,6 +217,9 @@ spec:
+               mountPath: /root/.ssh/config
+               subPath: ssh-config
+               readOnly: true
++            - name: nova-ssh
++              mountPath: /root/.ssh/id_rsa
++              subPath: ssh-key-private
+             {{- if .Values.conf.ceph.enabled }}
+             - name: etcceph
+               mountPath: /etc/ceph
+@@ -273,13 +276,10 @@ spec:
+               mountPath: /var/lib/nova
+             - name: varliblibvirt
+               mountPath: /var/lib/libvirt
+-            - name: nova-etc
+-              mountPath: /root/.ssh/id_rsa
+-              subPath: ssh-key-private
+-            - name: nova-etc
++            - name: nova-ssh
+               mountPath: /root/.ssh/id_rsa.pub
+               subPath: ssh-key-public
+-            - name: nova-etc
++            - name: nova-ssh
+               mountPath: /root/.ssh/authorized_keys
+               subPath: ssh-key-public
+             - name: nova-bin
+@@ -295,6 +295,10 @@ spec:
+           secret:
+             secretName: {{ $configMapName }}
+             defaultMode: 0444
++        - name: nova-ssh
++          secret:
++            secretName: nova-ssh
++            defaultMode: 0400
+         {{- if .Values.conf.ceph.enabled }}
+         - name: etcceph
+           emptyDir: {}
+diff --git a/nova/values.yaml b/nova/values.yaml
+index 4edf5c6..9646ded 100644
+--- a/nova/values.yaml
++++ b/nova/values.yaml
+@@ -209,6 +209,9 @@ network:
+   ssh:
+     name: "nova-ssh"
+     port: 8022
++  sshd:
++    enabled: false
++    from_subnet: 0.0.0.0/24
+ 
+ dependencies:
+   dynamic:
+@@ -460,6 +463,8 @@ conf:
+       StrictHostKeyChecking no
+       UserKnownHostsFile /dev/null
+       Port {{ .Values.network.ssh.port }}
++  ssh_private: 'null'
++  ssh_public: 'null'
+   rally_tests:
+     run_tempest: false
+     tests:
+-- 
+1.8.3.1
+

openstack/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch

@@ -0,0 +1,55 @@
+From 5480584be125316f3ce325fd1d0e9b4022db5c69 Mon Sep 17 00:00:00 2001
+From: Irina Mihai <irina.mihai@windriver.com>
+Date: Fri, 1 Feb 2019 16:02:46 -0500
+Subject: [PATCH] Add replication support for the images rbd pool
+
+---
+ glance/templates/bin/_storage-init.sh.tpl | 2 ++
+ glance/templates/job-storage-init.yaml    | 4 ++++
+ glance/values.yaml                        | 2 ++
+ 3 files changed, 8 insertions(+)
+
+diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl
+index 4082c52..e6bd188 100755
+--- a/glance/templates/bin/_storage-init.sh.tpl
++++ b/glance/templates/bin/_storage-init.sh.tpl
+@@ -47,6 +47,8 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+     if [[ ${test_luminous} -gt 0 ]]; then
+       ceph osd pool application enable "$1" "$3"
+     fi
++    ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
++    ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+   }
+   ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image"
+ 
+diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml
+index 9d95627..c0cd186 100755
+--- a/glance/templates/job-storage-init.yaml
++++ b/glance/templates/job-storage-init.yaml
+@@ -103,6 +103,10 @@ spec:
+               value: {{ .Values.conf.glance.glance_store.rbd_store_pool | quote }}
+             - name: RBD_POOL_USER
+               value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
++            - name: RBD_POOL_REPLICATION
++              value: {{ .Values.conf.glance.glance_store.rbd_store_replication | quote }}
++            - name: RBD_POOL_CRUSH_RULE
++              value: {{ .Values.conf.glance.glance_store.rbd_store_crush_rule | quote }}
+             - name: RBD_POOL_CHUNK_SIZE
+               value: {{ .Values.conf.glance.glance_store.rbd_store_chunk_size | quote }}
+             - name: RBD_POOL_SECRET
+diff --git a/glance/values.yaml b/glance/values.yaml
+index 5ae9863..4d482d1 100755
+--- a/glance/values.yaml
++++ b/glance/values.yaml
+@@ -268,6 +268,8 @@ conf:
+       memcache_security_strategy: ENCRYPT
+     glance_store:
+       rbd_store_chunk_size: 8
++      rbd_store_replication: 1
++      rbd_store_crush_rule: replicated_rule
+       rbd_store_pool: glance.images
+       rbd_store_user: glance
+       rbd_store_ceph_conf: /etc/ceph/ceph.conf
+-- 
+2.7.4
+

openstack/python-ceilometer/centos/stx-ceilometer.master_docker_image

@@ -2,6 +2,6 @@ BUILDER=loci
 LABEL=stx-ceilometer
 PROJECT=ceilometer
 PROJECT_REPO=https://github.com/openstack/ceilometer.git
-PIP_PACKAGES="pylint libvirt-python panko gnocchiclient"
+PIP_PACKAGES="pylint libvirt-python panko==5.0.0 gnocchiclient"
 DIST_PACKAGES="libvirt ipmitool"
 

openstack/python-horizon/centos/files/horizon.init

@@ -20,7 +20,7 @@ PYTHON=`which python`
 MANAGE="/usr/share/openstack-dashboard/manage.py"
 EXEC="/usr/bin/gunicorn"
 BIND="localhost"
-PORT="8080"
+PORT="8008"
 WORKER="eventlet"
 WORKERS=`grep workers /etc/openstack-dashboard/horizon-config.ini | cut -f3 -d' '`
 # Increased timeout to facilitate large image uploads

openstack/python-nova/centos/stx-nova.master_docker_image

@@ -3,7 +3,7 @@ LABEL=stx-nova
 PROJECT=nova
 PROJECT_REPO=https://github.com/openstack/nova.git
 PIP_PACKAGES="pycrypto httplib2 pylint"
-DIST_PACKAGES="openssh-clients openssh-server libvirt "
+DIST_PACKAGES="openssh-clients openssh-server libvirt e2fsprogs"
 PROFILES="fluent nova ceph linuxbridge openvswitch configdrive qemu apache"
 CUSTOMIZATION="yum install -y openssh-clients"
 

openstack/python-nova/centos/stx-nova.pike_docker_image

@@ -3,7 +3,7 @@ LABEL=stx-nova
 PROJECT=nova
 PROJECT_REPO=https://github.com/starlingx-staging/stx-nova.git
 PIP_PACKAGES="pycrypto tsconfig cgtsclient httplib2 pylint"
-DIST_PACKAGES="openssh-clients openssh-server libvirt pam-config"
+DIST_PACKAGES="openssh-clients openssh-server libvirt pam-config e2fsprogs"
 PROFILES="fluent nova ceph linuxbridge openvswitch configdrive qemu apache"
 
 

releasenotes/source/conf.py

@@ -46,6 +46,8 @@ source_suffix = '.rst'
 # The master toctree document.
 master_doc = 'index'
 
+project = 'stx-upstream'
+
 # Release notes are version independent, no need to set version and release
 release = ''
 version = ''