diff --git a/openstack/openstack-helm-infra/centos/build_srpm.data b/openstack/openstack-helm-infra/centos/build_srpm.data index ad6f9579..0fbc4ee3 100644 --- a/openstack/openstack-helm-infra/centos/build_srpm.data +++ b/openstack/openstack-helm-infra/centos/build_srpm.data @@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*" -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/openstack/openstack-helm-infra/centos/openstack-helm-infra.spec b/openstack/openstack-helm-infra/centos/openstack-helm-infra.spec index 70fe4584..66e2aab0 100644 --- a/openstack/openstack-helm-infra/centos/openstack-helm-infra.spec +++ b/openstack/openstack-helm-infra/centos/openstack-helm-infra.spec @@ -18,6 +18,8 @@ BuildArch: noarch Patch01: 0001-gnocchi-chart-updates.patch Patch02: Mariadb-Support-adoption-of-running-single-node-mari.patch Patch03: Mariadb-Share-container-PID-namespaces-under-docker.patch +Patch04: 0004-Allow-multiple-containers-per-daemonset-pod.patch +Patch05: fix-type-error-to-streamline-single-replica-mariadb-.patch BuildRequires: helm @@ -29,6 +31,8 @@ Openstack Helm Infra charts %patch01 -p1 %patch02 -p1 %patch03 -p1 +%patch04 -p1 +%patch05 -p1 %build # initialize helm and build the toolkit diff --git a/openstack/openstack-helm-infra/files/0004-Allow-multiple-containers-per-daemonset-pod.patch b/openstack/openstack-helm-infra/files/0004-Allow-multiple-containers-per-daemonset-pod.patch new file mode 100644 index 00000000..2dac2b8f --- /dev/null +++ b/openstack/openstack-helm-infra/files/0004-Allow-multiple-containers-per-daemonset-pod.patch @@ -0,0 +1,35 @@ +From 26844aac43f76afc65ed907fc94ab83ca93c86ae Mon Sep 17 00:00:00 2001 +From: Gerry Kopec +Date: Wed, 9 Jan 2019 20:11:33 -0500 +Subject: [PATCH] Allow multiple containers per daemonset pod + +Remove code that restricted daemonset pods to single containers. +Container names will default to name from helm chart template without +hostname and sha though the pod will still have them. + +May require further refinement before this can be upstreamed. +--- + helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +index 8ba2241..b960a84 100644 +--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl ++++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +@@ -217,13 +217,6 @@ limitations under the License. + {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} + +- {{/* set container name +- assume not more than one container is defined */}} +- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} +- {{- $_ := set $container "name" $current_dict.dns_1123_name }} +- {{- $cont_list := list $container }} +- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} +- + {{/* cross-reference configmap name to container volume definitions */}} + {{- $_ := set $context.Values "__volume_list" list }} + {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} +-- +1.8.3.1 + diff --git a/openstack/openstack-helm-infra/files/fix-type-error-to-streamline-single-replica-mariadb-.patch b/openstack/openstack-helm-infra/files/fix-type-error-to-streamline-single-replica-mariadb-.patch new file mode 100644 index 00000000..c12ac9f7 --- /dev/null +++ b/openstack/openstack-helm-infra/files/fix-type-error-to-streamline-single-replica-mariadb-.patch @@ -0,0 +1,34 @@ +From d983c89dbce840fad50f49e4253ecc7930f15338 Mon Sep 17 00:00:00 2001 +From: Chris Friesen +Date: Wed, 6 Feb 2019 17:19:39 -0600 +Subject: [PATCH] fix type error to streamline single-replica mariadb startup + +The mariadb startup script was trying to optimize the single-replica +case but missed the fact that the variable it was checking was a +string rather than an int. + +Converting it to an int before doing the comparison makes it work +as expected. + +Change-Id: I8612e9e8ef5ec8ff61ecf0782f262a5feafd501a +Signed-off-by: Chris Friesen +--- + mariadb/templates/bin/_start.py.tpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mariadb/templates/bin/_start.py.tpl b/mariadb/templates/bin/_start.py.tpl +index 4d4428c..d0b9c8e 100644 +--- a/mariadb/templates/bin/_start.py.tpl ++++ b/mariadb/templates/bin/_start.py.tpl +@@ -729,7 +729,7 @@ elif get_cluster_state() == 'init': + run_mysqld() + elif get_cluster_state() == 'live': + logger.info("Cluster has been running starting restore/rejoin") +- if not mariadb_replicas > 1: ++ if not int(mariadb_replicas) > 1: + logger.info( + "There is only a single node in this cluster, we are good to go") + update_grastate_on_restart() +-- +1.8.3.1 + diff --git a/openstack/openstack-helm/centos/build_srpm.data b/openstack/openstack-helm/centos/build_srpm.data index 2bcbdedb..14cc7512 100644 --- a/openstack/openstack-helm/centos/build_srpm.data +++ b/openstack/openstack-helm/centos/build_srpm.data @@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* " -TIS_PATCH_VER=7 +TIS_PATCH_VER=9 diff --git a/openstack/openstack-helm/centos/openstack-helm.spec b/openstack/openstack-helm/centos/openstack-helm.spec index 95b6d0c5..0f0c94d1 100644 --- a/openstack/openstack-helm/centos/openstack-helm.spec +++ b/openstack/openstack-helm/centos/openstack-helm.spec @@ -23,6 +23,8 @@ Patch02: 0002-Add-Aodh-Chart.patch Patch03: 0003-Add-Panko-Chart.patch Patch04: Remove-stale-Apache2-service-pids-when-a-POD-starts.patch Patch05: 0005-Add-heat-purge-deleted-cron-job.patch +Patch06: 0006-Enable-cold-migration-in-nova-helm-chart.patch +Patch07: 0007-Glance-chart-add-images-pool-replication.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -38,6 +40,8 @@ Openstack Helm charts %patch03 -p1 %patch04 -p1 %patch05 -p1 +%patch06 -p1 +%patch07 -p1 %build # initialize helm and build the toolkit diff --git a/openstack/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch b/openstack/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch new file mode 100644 index 00000000..29227af0 --- /dev/null +++ b/openstack/openstack-helm/files/0006-Enable-cold-migration-in-nova-helm-chart.patch @@ -0,0 +1,174 @@ +From 7760815c98231ffd431f053f8fac35902f420118 Mon Sep 17 00:00:00 2001 +From: Gerry Kopec +Date: Thu, 10 Jan 2019 00:12:21 -0500 +Subject: [PATCH] Enable cold migration in nova helm chart + +- Move private key from sshd container to nova-compute container. +- Map private and public keys to configmap-ssh which will default to + correct file permissions. +- Add additional config to /etc/ssh/sshd_config to allow passwordless + root logins over appropriate subnet passed in from overrides. +- Remove chmods from sshd bash script as they are failing. + +Depends on helm-toolkit supporting multiple containers per pod. +--- + nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++--- + nova/templates/configmap-etc.yaml | 4 ++-- + nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++ + nova/templates/daemonset-compute.yaml | 14 +++++++++----- + nova/values.yaml | 5 +++++ + 5 files changed, 67 insertions(+), 10 deletions(-) + create mode 100755 nova/templates/configmap-ssh.yaml + +diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl +index 1c10cb0..158090b 100644 +--- a/nova/templates/bin/_ssh-start.sh.tpl ++++ b/nova/templates/bin/_ssh-start.sh.tpl +@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then + chown nova: ~nova/.ssh + fi + +-chmod 0600 ~root/.ssh/authorized_keys +-chmod 0600 ~root/.ssh/id_rsa +-chmod 0600 ~root/.ssh/id_rsa.pub ++{{- if .Values.network.sshd.enabled }} ++subnet_address="{{- .Values.network.sshd.from_subnet -}}" ++cat > /tmp/sshd_config_extend <> /etc/ssh/sshd_config ++rm /tmp/sshd_config_extend ++{{- end }} + + exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT +diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml +index 55aa311..0d1e7a5 100644 +--- a/nova/templates/configmap-etc.yaml ++++ b/nova/templates/configmap-etc.yaml +@@ -232,8 +232,8 @@ data: + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }} + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }} +-# FIXME(portdirect): why is this file suffixed .sh? +-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }} ++{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }} ++ + {{- end }} + {{- end }} + {{- if .Values.manifests.configmap_etc }} +diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml +new file mode 100755 +index 0000000..bab8e33 +--- /dev/null ++++ b/nova/templates/configmap-ssh.yaml +@@ -0,0 +1,35 @@ ++{{/* ++Copyright 2019 The Openstack-Helm Authors. ++ ++Licensed under the Apache License, Version 2.0 (the "License"); ++you may not use this file except in compliance with the License. ++You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++Unless required by applicable law or agreed to in writing, software ++distributed under the License is distributed on an "AS IS" BASIS, ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++See the License for the specific language governing permissions and ++limitations under the License. ++*/}} ++ ++{{- define "nova.configmap.ssh" }} ++{{- $envAll := index . 1 }} ++{{- with $envAll }} ++--- ++apiVersion: v1 ++kind: Secret ++metadata: ++ name: nova-ssh ++type: Opaque ++data: ++ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }} ++{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }} ++ ++{{- end }} ++{{- end }} ++ ++{{- if .Values.manifests.configmap_etc }} ++{{- list "nova-ssh" . | include "nova.configmap.ssh" }} ++{{- end }} +diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml +index 850f0b0..82f185f 100644 +--- a/nova/templates/daemonset-compute.yaml ++++ b/nova/templates/daemonset-compute.yaml +@@ -217,6 +217,9 @@ spec: + mountPath: /root/.ssh/config + subPath: ssh-config + readOnly: true ++ - name: nova-ssh ++ mountPath: /root/.ssh/id_rsa ++ subPath: ssh-key-private + {{- if .Values.conf.ceph.enabled }} + - name: etcceph + mountPath: /etc/ceph +@@ -273,13 +276,10 @@ spec: + mountPath: /var/lib/nova + - name: varliblibvirt + mountPath: /var/lib/libvirt +- - name: nova-etc +- mountPath: /root/.ssh/id_rsa +- subPath: ssh-key-private +- - name: nova-etc ++ - name: nova-ssh + mountPath: /root/.ssh/id_rsa.pub + subPath: ssh-key-public +- - name: nova-etc ++ - name: nova-ssh + mountPath: /root/.ssh/authorized_keys + subPath: ssh-key-public + - name: nova-bin +@@ -295,6 +295,10 @@ spec: + secret: + secretName: {{ $configMapName }} + defaultMode: 0444 ++ - name: nova-ssh ++ secret: ++ secretName: nova-ssh ++ defaultMode: 0400 + {{- if .Values.conf.ceph.enabled }} + - name: etcceph + emptyDir: {} +diff --git a/nova/values.yaml b/nova/values.yaml +index 4edf5c6..9646ded 100644 +--- a/nova/values.yaml ++++ b/nova/values.yaml +@@ -209,6 +209,9 @@ network: + ssh: + name: "nova-ssh" + port: 8022 ++ sshd: ++ enabled: false ++ from_subnet: 0.0.0.0/24 + + dependencies: + dynamic: +@@ -460,6 +463,8 @@ conf: + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + Port {{ .Values.network.ssh.port }} ++ ssh_private: 'null' ++ ssh_public: 'null' + rally_tests: + run_tempest: false + tests: +-- +1.8.3.1 + diff --git a/openstack/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch b/openstack/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch new file mode 100644 index 00000000..53f983ca --- /dev/null +++ b/openstack/openstack-helm/files/0007-Glance-chart-add-images-pool-replication.patch @@ -0,0 +1,55 @@ +From 5480584be125316f3ce325fd1d0e9b4022db5c69 Mon Sep 17 00:00:00 2001 +From: Irina Mihai +Date: Fri, 1 Feb 2019 16:02:46 -0500 +Subject: [PATCH] Add replication support for the images rbd pool + +--- + glance/templates/bin/_storage-init.sh.tpl | 2 ++ + glance/templates/job-storage-init.yaml | 4 ++++ + glance/values.yaml | 2 ++ + 3 files changed, 8 insertions(+) + +diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl +index 4082c52..e6bd188 100755 +--- a/glance/templates/bin/_storage-init.sh.tpl ++++ b/glance/templates/bin/_storage-init.sh.tpl +@@ -47,6 +47,8 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then + if [[ ${test_luminous} -gt 0 ]]; then + ceph osd pool application enable "$1" "$3" + fi ++ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} ++ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}" + } + ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image" + +diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml +index 9d95627..c0cd186 100755 +--- a/glance/templates/job-storage-init.yaml ++++ b/glance/templates/job-storage-init.yaml +@@ -103,6 +103,10 @@ spec: + value: {{ .Values.conf.glance.glance_store.rbd_store_pool | quote }} + - name: RBD_POOL_USER + value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }} ++ - name: RBD_POOL_REPLICATION ++ value: {{ .Values.conf.glance.glance_store.rbd_store_replication | quote }} ++ - name: RBD_POOL_CRUSH_RULE ++ value: {{ .Values.conf.glance.glance_store.rbd_store_crush_rule | quote }} + - name: RBD_POOL_CHUNK_SIZE + value: {{ .Values.conf.glance.glance_store.rbd_store_chunk_size | quote }} + - name: RBD_POOL_SECRET +diff --git a/glance/values.yaml b/glance/values.yaml +index 5ae9863..4d482d1 100755 +--- a/glance/values.yaml ++++ b/glance/values.yaml +@@ -268,6 +268,8 @@ conf: + memcache_security_strategy: ENCRYPT + glance_store: + rbd_store_chunk_size: 8 ++ rbd_store_replication: 1 ++ rbd_store_crush_rule: replicated_rule + rbd_store_pool: glance.images + rbd_store_user: glance + rbd_store_ceph_conf: /etc/ceph/ceph.conf +-- +2.7.4 + diff --git a/openstack/python-ceilometer/centos/stx-ceilometer.master_docker_image b/openstack/python-ceilometer/centos/stx-ceilometer.master_docker_image index 2c24a276..180eb82d 100644 --- a/openstack/python-ceilometer/centos/stx-ceilometer.master_docker_image +++ b/openstack/python-ceilometer/centos/stx-ceilometer.master_docker_image @@ -2,6 +2,6 @@ BUILDER=loci LABEL=stx-ceilometer PROJECT=ceilometer PROJECT_REPO=https://github.com/openstack/ceilometer.git -PIP_PACKAGES="pylint libvirt-python panko gnocchiclient" +PIP_PACKAGES="pylint libvirt-python panko==5.0.0 gnocchiclient" DIST_PACKAGES="libvirt ipmitool" diff --git a/openstack/python-horizon/centos/files/horizon.init b/openstack/python-horizon/centos/files/horizon.init index b0c5ad21..36f2340d 100755 --- a/openstack/python-horizon/centos/files/horizon.init +++ b/openstack/python-horizon/centos/files/horizon.init @@ -20,7 +20,7 @@ PYTHON=`which python` MANAGE="/usr/share/openstack-dashboard/manage.py" EXEC="/usr/bin/gunicorn" BIND="localhost" -PORT="8080" +PORT="8008" WORKER="eventlet" WORKERS=`grep workers /etc/openstack-dashboard/horizon-config.ini | cut -f3 -d' '` # Increased timeout to facilitate large image uploads diff --git a/openstack/python-nova/centos/stx-nova.master_docker_image b/openstack/python-nova/centos/stx-nova.master_docker_image index 090ba46d..d73fcc0e 100644 --- a/openstack/python-nova/centos/stx-nova.master_docker_image +++ b/openstack/python-nova/centos/stx-nova.master_docker_image @@ -3,7 +3,7 @@ LABEL=stx-nova PROJECT=nova PROJECT_REPO=https://github.com/openstack/nova.git PIP_PACKAGES="pycrypto httplib2 pylint" -DIST_PACKAGES="openssh-clients openssh-server libvirt " +DIST_PACKAGES="openssh-clients openssh-server libvirt e2fsprogs" PROFILES="fluent nova ceph linuxbridge openvswitch configdrive qemu apache" CUSTOMIZATION="yum install -y openssh-clients" diff --git a/openstack/python-nova/centos/stx-nova.pike_docker_image b/openstack/python-nova/centos/stx-nova.pike_docker_image index 265c32de..cb549b98 100644 --- a/openstack/python-nova/centos/stx-nova.pike_docker_image +++ b/openstack/python-nova/centos/stx-nova.pike_docker_image @@ -3,7 +3,7 @@ LABEL=stx-nova PROJECT=nova PROJECT_REPO=https://github.com/starlingx-staging/stx-nova.git PIP_PACKAGES="pycrypto tsconfig cgtsclient httplib2 pylint" -DIST_PACKAGES="openssh-clients openssh-server libvirt pam-config" +DIST_PACKAGES="openssh-clients openssh-server libvirt pam-config e2fsprogs" PROFILES="fluent nova ceph linuxbridge openvswitch configdrive qemu apache" diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 4be4c2f5..2d6cbc27 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -46,6 +46,8 @@ source_suffix = '.rst' # The master toctree document. master_doc = 'index' +project = 'stx-upstream' + # Release notes are version independent, no need to set version and release release = '' version = ''