Add nova-compute-ssh
Change-Id: Ia555bb69182441d5f17040504efc7d1d524e59ec
This commit is contained in:
parent
20b6b9a236
commit
74b119db35
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Nova
|
description: OpenStack-Helm Nova
|
||||||
name: nova
|
name: nova
|
||||||
version: 0.1.1
|
version: 0.1.2
|
||||||
home: https://docs.openstack.org/nova/latest/
|
home: https://docs.openstack.org/nova/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
31
nova/templates/bin/_ssh-init.sh.tpl
Normal file
31
nova/templates/bin/_ssh-init.sh.tpl
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
mkdir -p ~nova/.ssh
|
||||||
|
chown -R nova:nova ~nova/.ssh
|
||||||
|
|
||||||
|
cat > ~nova/.ssh/config <<EOF
|
||||||
|
Host *
|
||||||
|
StrictHostKeyChecking no
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
port $SSH_PORT
|
||||||
|
IdentitiesOnly yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cp /tmp/nova-ssh/* ~nova/.ssh/
|
||||||
|
chmod 600 ~nova/.ssh/id_rsa
|
@ -25,25 +25,14 @@ for KEY_TYPE in $KEY_TYPES; do
|
|||||||
done
|
done
|
||||||
IFS=''
|
IFS=''
|
||||||
|
|
||||||
mkdir -p ~nova/.ssh
|
subnet_address="{{- .Values.network.ssh.from_subnet -}}"
|
||||||
|
|
||||||
if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
|
|
||||||
chown nova: ~nova/.ssh
|
|
||||||
fi
|
|
||||||
|
|
||||||
subnet_address="{{- .Values.network.sshd.from_subnet -}}"
|
|
||||||
cat > /tmp/sshd_config_extend <<EOF
|
cat > /tmp/sshd_config_extend <<EOF
|
||||||
|
PasswordAuthentication no
|
||||||
# This Match block prevents Password Authentication for root user
|
|
||||||
Match User root
|
|
||||||
PasswordAuthentication no
|
|
||||||
|
|
||||||
# This Match Block is used to allow Root Login exceptions over the
|
|
||||||
# internal subnet used by Nova Migrations
|
|
||||||
Match Address $subnet_address
|
Match Address $subnet_address
|
||||||
PermitRootLogin without-password
|
PermitRootLogin without-password
|
||||||
EOF
|
EOF
|
||||||
cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
|
cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
|
||||||
|
|
||||||
rm /tmp/sshd_config_extend
|
rm /tmp/sshd_config_extend
|
||||||
|
|
||||||
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
|
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
|
||||||
|
@ -85,6 +85,8 @@ data:
|
|||||||
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
nova-console-proxy-init-assets.sh: |
|
nova-console-proxy-init-assets.sh: |
|
||||||
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
ssh-init.sh: |
|
||||||
|
{{ tuple "bin/_ssh-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
ssh-start.sh: |
|
ssh-start.sh: |
|
||||||
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
cell-setup.sh: |
|
cell-setup.sh: |
|
||||||
|
@ -217,6 +217,30 @@ spec:
|
|||||||
- name: tf-plugin-bin
|
- name: tf-plugin-bin
|
||||||
mountPath: /opt/plugin/bin
|
mountPath: /opt/plugin/bin
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.network.ssh.enabled }}
|
||||||
|
- name: nova-compute-ssh-init
|
||||||
|
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
terminationMessagePath: /var/log/termination-log
|
||||||
|
env:
|
||||||
|
- name: SSH_PORT
|
||||||
|
value: {{ .Values.network.ssh.port | quote }}
|
||||||
|
command:
|
||||||
|
- /tmp/ssh-init.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: varlibnova
|
||||||
|
mountPath: /var/lib/nova
|
||||||
|
- name: nova-ssh
|
||||||
|
mountPath: /tmp/nova-ssh/authorized_keys
|
||||||
|
subPath: public-key
|
||||||
|
- name: nova-ssh
|
||||||
|
mountPath: /tmp/nova-ssh/id_rsa
|
||||||
|
subPath: private-key
|
||||||
|
- name: nova-bin
|
||||||
|
mountPath: /tmp/ssh-init.sh
|
||||||
|
subPath: ssh-init.sh
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: nova-compute
|
- name: nova-compute
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
@ -302,9 +326,6 @@ spec:
|
|||||||
mountPath: /root/.ssh/config
|
mountPath: /root/.ssh/config
|
||||||
subPath: ssh-config
|
subPath: ssh-config
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: nova-ssh
|
|
||||||
mountPath: /root/.ssh/id_rsa
|
|
||||||
subPath: ssh-key-private
|
|
||||||
{{- if .Values.conf.ceph.enabled }}
|
{{- if .Values.conf.ceph.enabled }}
|
||||||
- name: etcceph
|
- name: etcceph
|
||||||
mountPath: /etc/ceph
|
mountPath: /etc/ceph
|
||||||
@ -382,7 +403,7 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||||
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
|
||||||
{{- if .Values.network.sshd.enabled }}
|
{{- if .Values.network.ssh.enabled }}
|
||||||
- name: nova-compute-ssh
|
- name: nova-compute-ssh
|
||||||
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
@ -391,7 +412,7 @@ spec:
|
|||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
- name: KEY_TYPES
|
- name: KEY_TYPES
|
||||||
value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.ssh.key_types | quote }}
|
value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.network.ssh.key_types | quote }}
|
||||||
- name: SSH_PORT
|
- name: SSH_PORT
|
||||||
value: {{ .Values.network.ssh.port | quote }}
|
value: {{ .Values.network.ssh.port | quote }}
|
||||||
{{- if .Values.manifests.certificates }}
|
{{- if .Values.manifests.certificates }}
|
||||||
@ -404,18 +425,8 @@ spec:
|
|||||||
- /tmp/ssh-start.sh
|
- /tmp/ssh-start.sh
|
||||||
terminationMessagePath: /var/log/termination-log
|
terminationMessagePath: /var/log/termination-log
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: pod-tmp
|
|
||||||
mountPath: /tmp
|
|
||||||
- name: varlibnova
|
- name: varlibnova
|
||||||
mountPath: /var/lib/nova
|
mountPath: /var/lib/nova
|
||||||
- name: varliblibvirt
|
|
||||||
mountPath: /var/lib/libvirt
|
|
||||||
- name: nova-ssh
|
|
||||||
mountPath: /root/.ssh/id_rsa.pub
|
|
||||||
subPath: ssh-key-public
|
|
||||||
- name: nova-ssh
|
|
||||||
mountPath: /root/.ssh/authorized_keys
|
|
||||||
subPath: ssh-key-public
|
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/ssh-start.sh
|
mountPath: /tmp/ssh-start.sh
|
||||||
subPath: ssh-start.sh
|
subPath: ssh-start.sh
|
||||||
@ -433,10 +444,13 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: {{ $configMapName }}
|
secretName: {{ $configMapName }}
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
|
||||||
|
{{- if .Values.network.ssh.enabled }}
|
||||||
- name: nova-ssh
|
- name: nova-ssh
|
||||||
secret:
|
secret:
|
||||||
secretName: nova-ssh
|
secretName: nova-ssh
|
||||||
defaultMode: 0400
|
defaultMode: 0644
|
||||||
|
{{ end }}
|
||||||
{{- if .Values.conf.ceph.enabled }}
|
{{- if .Values.conf.ceph.enabled }}
|
||||||
- name: etcceph
|
- name: etcceph
|
||||||
hostPath:
|
hostPath:
|
||||||
|
4
nova/templates/configmap-ssh.yaml → nova/templates/secret-ssh.yaml
Executable file → Normal file
4
nova/templates/configmap-ssh.yaml → nova/templates/secret-ssh.yaml
Executable file → Normal file
@ -22,8 +22,8 @@ metadata:
|
|||||||
name: nova-ssh
|
name: nova-ssh
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
|
private-key: {{ .Values.network.ssh.private_key | b64enc }}
|
||||||
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
|
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.network.ssh.public_key "key" "public-key" "format" "Secret" ) | indent 2 }}
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
@ -261,11 +261,16 @@ network:
|
|||||||
enabled: false
|
enabled: false
|
||||||
port: 30682
|
port: 30682
|
||||||
ssh:
|
ssh:
|
||||||
name: "nova-ssh"
|
|
||||||
port: 8022
|
|
||||||
sshd:
|
|
||||||
enabled: false
|
enabled: false
|
||||||
from_subnet: 0.0.0.0/24
|
port: 8022
|
||||||
|
from_subnet: 0.0.0.0/0
|
||||||
|
key_types:
|
||||||
|
- rsa
|
||||||
|
- dsa
|
||||||
|
- ecdsa
|
||||||
|
- ed25519
|
||||||
|
private_key: 'null'
|
||||||
|
public_key: 'null'
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
dynamic:
|
dynamic:
|
||||||
@ -514,13 +519,6 @@ console:
|
|||||||
# IF blank, search default routing interface
|
# IF blank, search default routing interface
|
||||||
vncserver_proxyclient_interface:
|
vncserver_proxyclient_interface:
|
||||||
|
|
||||||
ssh:
|
|
||||||
key_types:
|
|
||||||
- rsa
|
|
||||||
- dsa
|
|
||||||
- ecdsa
|
|
||||||
- ed25519
|
|
||||||
|
|
||||||
ceph_client:
|
ceph_client:
|
||||||
configmap: ceph-etc
|
configmap: ceph-etc
|
||||||
user_secret_name: pvc-ceph-client-key
|
user_secret_name: pvc-ceph-client-key
|
||||||
@ -608,13 +606,6 @@ conf:
|
|||||||
user: "cinder"
|
user: "cinder"
|
||||||
keyring: null
|
keyring: null
|
||||||
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
||||||
ssh: |
|
|
||||||
Host *
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
UserKnownHostsFile /dev/null
|
|
||||||
Port {{ .Values.network.ssh.port }}
|
|
||||||
ssh_private: 'null'
|
|
||||||
ssh_public: 'null'
|
|
||||||
rally_tests:
|
rally_tests:
|
||||||
run_tempest: false
|
run_tempest: false
|
||||||
clean_up: |
|
clean_up: |
|
||||||
|
34
nova/values_overrides/ssh.yaml
Normal file
34
nova/values_overrides/ssh.yaml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
network:
|
||||||
|
ssh:
|
||||||
|
enabled: true
|
||||||
|
private_key: |
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
|
||||||
|
public_key: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
|
||||||
|
YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
|
||||||
|
acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
|
||||||
|
xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
|
||||||
|
sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
|
||||||
|
mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
|
||||||
|
Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
|
||||||
|
wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
|
||||||
|
ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
|
||||||
|
YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
|
||||||
|
b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
|
||||||
|
942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
|
||||||
|
P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
|
||||||
|
MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
|
||||||
|
h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
|
||||||
|
xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
|
||||||
|
WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
|
||||||
|
qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
|
||||||
|
Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
|
||||||
|
Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
|
||||||
|
sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
|
||||||
|
K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
|
||||||
|
PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
|
||||||
|
2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
|
||||||
|
UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
Loading…
x
Reference in New Issue
Block a user