openstack/openstack-helm
Code Issues Proposed changes

Remove consoleauth in nova

Browse Source 
Nova consoleauth was removes several releases ago and most of our
overrides were specifically needing to disable it in order to
deploy. Since it is no longer in nova, this change removes the
nova consoleauth support from the nova chart.

Change-Id: I0a27265330156a11f6049e9beaaa14a38d8a4a93
This commit is contained in:
Gage Hugo 2022-03-26 18:49:30 -05:00
parent 8dbe2ba692
commit f3de6d808a
15 changed files with 2 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/source/testing/ceph-upgrade.rst
View File

@ -299,8 +299,6 @@ Continue with OSH multinode guide to install other Openstack charts.
nova-compute-default-mr24c 1/1 Running 0 16m
nova-conductor-64457cf995-lbv65 1/1 Running 0 16m
nova-conductor-64457cf995-zts48 1/1 Running 0 16m
nova-consoleauth-c595f68bc-2269j 1/1 Running 0 16m
nova-consoleauth-c595f68bc-tbmcn 1/1 Running 0 16m
nova-novncproxy-54467b9c66-vp49j 1/1 Running 0 16m
nova-placement-api-655cd9fcf6-5p5sc 1/1 Running 0 16m
nova-placement-api-655cd9fcf6-r46dk 1/1 Running 0 16m
@ -520,8 +518,6 @@ pods are running. No interruption to OSH pods.
nova-compute-default-mr24c 1/1 Running 0 52m
nova-conductor-64457cf995-lbv65 1/1 Running 0 52m
nova-conductor-64457cf995-zts48 1/1 Running 0 52m
nova-consoleauth-c595f68bc-2269j 1/1 Running 0 52m
nova-consoleauth-c595f68bc-tbmcn 1/1 Running 0 52m
nova-novncproxy-54467b9c66-vp49j 1/1 Running 0 52m
nova-placement-api-655cd9fcf6-5p5sc 1/1 Running 0 52m
nova-placement-api-655cd9fcf6-r46dk 1/1 Running 0 52m

2
nova/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
version: 0.2.33
version: 0.2.34
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:

1
nova/templates/bin/_health-probe.py.tpl
View File

@ -154,7 +154,6 @@ def test_tcp_socket(service):
dict_services = {
"compute": "nova-compute",
"conductor": "nova-conductor",
"consoleauth": "nova-consoleaut",
"scheduler": "nova-scheduler"
}
r_ports, d_ports = configured_port_in_conf()

19
nova/templates/bin/_nova-consoleauth.sh.tpl
View File

@ -1,19 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
exec nova-consoleauth \
--config-file /etc/nova/nova.conf

2
nova/templates/configmap-bin.yaml
View File

@ -79,8 +79,6 @@ data:
{{ tuple "bin/_nova-compute-ironic.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-conductor.sh: |
{{ tuple "bin/_nova-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-consoleauth.sh: |
{{ tuple "bin/_nova-consoleauth.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-scheduler.sh: |
{{ tuple "bin/_nova-scheduler.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
fake-iptables.sh: |

133
nova/templates/deployment-consoleauth.yaml
View File

@ -1,133 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "novaConsoleauthLivenessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/nova/nova.conf
- --service-queue-name
- consoleauth
- --liveness-probe
{{- end }}
{{- define "novaConsoleauthReadinessProbeTemplate" }}
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/nova/nova.conf
- --service-queue-name
- consoleauth
{{- end }}
{{- if .Values.manifests.deployment_consoleauth }}
{{- $envAll := . }}
{{- $mounts_nova_consoleauth := .Values.pod.mounts.nova_consoleauth.nova_consoleauth }}
{{- $mounts_nova_consoleauth_init := .Values.pod.mounts.nova_consoleauth.init_container }}
{{- $serviceAccountName := "nova-consoleauth" }}
{{ tuple $envAll "consoleauth" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nova-consoleauth
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.consoleauth }}
selector:
matchLabels:
{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "nova-consoleauth" "containerNames" (list "nova-consoleauth" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.consoleauth.node_selector_key }}: {{ .Values.labels.consoleauth.node_selector_value }}
initContainers:
{{ tuple $envAll "consoleauth" $mounts_nova_consoleauth_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: nova-consoleauth
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" $envAll "component" "consoleauth" "container" "default" "type" "liveness" "probeTemplate" (include "novaConsoleauthLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "consoleauth" "container" "default" "type" "readiness" "probeTemplate" (include "novaConsoleauthReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: RPC_PROBE_TIMEOUT
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
command:
- /tmp/nova-consoleauth.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: nova-bin
mountPath: /tmp/nova-consoleauth.sh
subPath: nova-consoleauth.sh
readOnly: true
- name: nova-bin
mountPath: /tmp/health-probe.py
subPath: health-probe.py
readOnly: true
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
- name: nova-etc
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: nova-bin
configMap:
name: nova-bin
defaultMode: 0555
- name: nova-etc
secret:
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_consoleauth.volumes }}{{ toYaml $mounts_nova_consoleauth.volumes | indent 8 }}{{ end }}
{{- end }}

48
nova/values.yaml
View File

@ -32,9 +32,6 @@ labels:
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
consoleauth:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@ -76,7 +73,6 @@ images:
nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:ocata'
nova_compute_ssh: docker.io/openstackhelm/nova:ussuri-ubuntu_bionic
nova_conductor: docker.io/openstackhelm/nova:ussuri-ubuntu_bionic
nova_consoleauth: docker.io/openstackhelm/nova:ussuri-ubuntu_bionic
nova_db_sync: docker.io/openstackhelm/nova:ussuri-ubuntu_bionic
nova_novncproxy: docker.io/openstackhelm/nova:ussuri-ubuntu_bionic
nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:ocata'
@ -424,19 +420,6 @@ dependencies:
service: identity
- endpoint: internal
service: compute
consoleauth:
jobs:
- nova-db-sync
- nova-rabbit-init
services:
- endpoint: internal
service: oslo_messaging
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: compute
db_drop:
services:
- endpoint: internal
@ -2056,20 +2039,6 @@ pod:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
consoleauth:
default:
liveness:
enabled: True
params:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
readiness:
enabled: True
params:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
novncproxy:
default:
liveness:
@ -2171,9 +2140,6 @@ pod:
nova_conductor:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nova_consoleauth:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nova_novncproxy_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
@ -2287,11 +2253,6 @@ pod:
nova_api_osapi:
volumeMounts:
volumes:
nova_consoleauth:
init_container: null
nova_consoleauth:
volumeMounts:
volumes:
nova_conductor:
init_container: null
nova_conductor:
@ -2334,7 +2295,6 @@ pod:
placement: 1
osapi: 1
conductor: 1
consoleauth: 1
scheduler: 1
novncproxy: 1
spiceproxy: 1
@ -2410,13 +2370,6 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
consoleauth:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
scheduler:
requests:
memory: "128Mi"
@ -2572,7 +2525,6 @@ manifests:
deployment_api_osapi: true
deployment_placement: true
deployment_conductor: true
deployment_consoleauth: true
deployment_novncproxy: true
deployment_spiceproxy: true
deployment_scheduler: true

3
nova/values_overrides/apparmor.yaml
View File

@ -20,9 +20,6 @@ pod:
nova-conductor:
nova-conductor: runtime/default
init: runtime/default
nova-consoleauth:
nova-consoleauth: runtime/default
init: runtime/default
nova-novncproxy:
nova-novncproxy: runtime/default
nova-novncproxy-init-assets: runtime/default

3
nova/values_overrides/tf.yaml
View File

@ -20,9 +20,6 @@ conf:
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
consoleauth:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled

4
nova/values_overrides/train.yaml
View File

@ -1,9 +1,5 @@
---
manifests:
# NOTE(lamt): The nova-consoleauth service has been removed. It was
# deprecated since the 18.0.0 (Rocky) release.
# See: https://docs.openstack.org/releasenotes/nova/train.html
deployment_consoleauth: false
# NOTE(lamt): Placement code was extracted from nova post Stein.
# A placement chart will need to be deployed to replace.
# See: https://docs.openstack.org/releasenotes/nova/train.html

4
nova/values_overrides/ussuri.yaml
View File

@ -1,9 +1,5 @@
---
manifests:
# NOTE(lamt): The nova-consoleauth service has been removed. It was
# deprecated since the 18.0.0 (Rocky) release.
# See: https://docs.openstack.org/releasenotes/nova/train.html
deployment_consoleauth: false
# NOTE(lamt): Placement code was extracted from nova post Stein.
# A placement chart will need to be deployed to replace.
# See: https://docs.openstack.org/releasenotes/nova/train.html

4
nova/values_overrides/victoria.yaml
View File

@ -1,9 +1,5 @@
---
manifests:
# NOTE(lamt): The nova-consoleauth service has been removed. It was
# deprecated since the 18.0.0 (Rocky) release.
# See: https://docs.openstack.org/releasenotes/nova/train.html
deployment_consoleauth: false
# NOTE(lamt): Placement code was extracted from nova post Stein.
# A placement chart will need to be deployed to replace.
# See: https://docs.openstack.org/releasenotes/nova/train.html

4
nova/values_overrides/wallaby.yaml
View File

@ -1,9 +1,5 @@
---
manifests:
# NOTE(lamt): The nova-consoleauth service has been removed. It was
# deprecated since the 18.0.0 (Rocky) release.
# See: https://docs.openstack.org/releasenotes/nova/train.html
deployment_consoleauth: false
# NOTE(lamt): Placement code was extracted from nova post Stein.
# A placement chart will need to be deployed to replace.
# See: https://docs.openstack.org/releasenotes/nova/train.html

1
releasenotes/notes/nova.yaml
View File

@ -54,4 +54,5 @@ nova:
- 0.2.31 Update oslo messaging get_transport
- 0.2.32 Host of ironic compute service equals pod name
- 0.2.33 Cleanup old releases
- 0.2.34 Remove consoleauth in nova
...

1
tools/deployment/multinode/140-compute-kit.sh
View File

@ -79,7 +79,6 @@ pod:
replicas:
osapi: 2
conductor: 2
consoleauth: 2
EOF
if [[ "${DEPLOY_SEPARATE_PLACEMENT}" == "no" ]]; then
echo " placement: 2" >> /tmp/nova.yaml