starlingx/meta-starlingx
Code Issues Proposed changes

Removing obsolete renamed recipes

Browse Source
This commit is contained in:
Sar Ashki, Babak 2020-01-25 15:43:13 -08:00
parent de5643a3d0
commit e0131f72be
57 changed files with 0 additions and 5252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
recipes-core/stx-config/pm-qos-mgr.inc
View File

@ -1,28 +0,0 @@
PACKAGES += " pm-qos-mgr"
do_configure_prepend () {
cd ${S}/pm-qos-mgr/src
distutils_do_configure
}
do_compile_prepend() {
cd ${S}/pm-qos-mgr/src
distutils_do_compile
}
do_install_prepend () {
cd ${S}/pm-qos-mgr/src
distutils_do_install
install -p -D -m 664 pm-qos-mgr.service ${D}/${systemd_system_unitdir}/pm-qos-mgr.service
}
FILES_pm-qos-mgr = " \
${bindir}/pm-qos-mgr \
${systemd_system_unitdir}/pm-qos-mgr.service \
${libdir}/python2.7/site-packages/pm_qos_mgr*egg-info/ \
${libdir}/python2.7/site-packages/pm_qos_mgr/ \
"
#pkg_postinst_ontarget_pm-qos-mgr() {
# /usr/bin/systemctl enable pm-qos-mgr.service
#}

11
recipes-core/stx-config/puppet-modules/puppet-dcdbsync.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-dcdbsync"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/dcdbsync
cp -R ${S}/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync ${D}/${datadir}/puppet/modules
}
FILES_puppet-dcdbsync += " \
${datadir}/puppet/modules/dcdbsync \
"

11
recipes-core/stx-config/puppet-modules/puppet-dcmanager.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-dcmanager"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/dcmanager
cp -R ${S}/puppet-modules-wrs/puppet-dcmanager/src/dcmanager ${D}/${datadir}/puppet/modules
}
FILES_puppet-dcmanager += " \
${datadir}/puppet/modules/dcmanager \
"

11
recipes-core/stx-config/puppet-modules/puppet-dcorch.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-dcorch"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/dcorch
cp -R ${S}/puppet-modules-wrs/puppet-dcorch/src/dcorch/ ${D}/${datadir}/puppet/modules/
}
FILES_puppet-dcorch += " \
${datadir}/puppet/modules/dcorch \
"

11
recipes-core/stx-config/puppet-modules/puppet-fm.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-fm"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/fm
cp -R ${S}/puppet-modules-wrs/puppet-fm/src/fm ${D}/${datadir}/puppet/modules
}
FILES_puppet-fm += " \
${datadir}/puppet/modules/fm \
"

36
recipes-core/stx-config/puppet-modules/puppet-manifests.inc
View File

@ -1,36 +0,0 @@
PACKAGES += " puppet-manifests"
RDEPENDS_puppet-manifests += " bash"
do_install_append () {
cd ${S}/puppet-manifests/src
oe_runmake BINDIR=${D}/${bindir} \
CONFIGDIR=${D}/${sysconfdir}/puppet/ \
MODULEDIR=${D}/${datadir}/puppet/modules -f Makefile install
}
FILES_puppet-manifests = "\
${sysconfdir}/puppet/hiera.yaml \
${sysconfdir}/puppet/hieradata \
${sysconfdir}/puppet/hieradata/worker.yaml \
${sysconfdir}/puppet/hieradata/storage.yaml \
${sysconfdir}/puppet/hieradata/global.yaml \
${sysconfdir}/puppet/hieradata/controller.yaml \
${sysconfdir}/puppet/manifests/worker.pp \
${sysconfdir}/puppet/manifests/ansible_bootstrap.pp \
${sysconfdir}/puppet/manifests/bootstrap.pp \
${sysconfdir}/puppet/manifests/runtime.pp \
${sysconfdir}/puppet/manifests/storage.pp \
${sysconfdir}/puppet/manifests/upgrade.pp \
${sysconfdir}/puppet/manifests/controller.pp \
${datadir}/puppet/modules/openstack/manifests \
${datadir}/puppet/modules/openstack/templates \
${datadir}/puppet/modules/platform/manifests \
${datadir}/puppet/modules/platform/templates \
${datadir}/puppet/modules/platform/files \
${datadir}/puppet/modules/platform/lib/facter \
${datadir}/puppet/modules/platform/lib/puppet \
${bindir}/puppet-manifest-apply.sh \
${bindir}/apply_network_config.sh \
"

11
recipes-core/stx-config/puppet-modules/puppet-mtce.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-mtce"
RDEPENDS_puppet-mtce += " puppet"
do_install_append () {
cd ${S}/puppet-modules-wrs/puppet-mtce/src
oe_runmake -e MODULEDIR=${D}/${datadir}/puppet/modules install
}
FILES_puppet-mtce = "\
${datadir}/puppet/modules/mtce \
"

11
recipes-core/stx-config/puppet-modules/puppet-nfv.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-nfv"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/nfv
cp -R ${S}/puppet-modules-wrs/puppet-nfv/src/nfv ${D}/${datadir}/puppet/modules
}
FILES_puppet-nfv += " \
${datadir}/puppet/modules/nfv \
"

11
recipes-core/stx-config/puppet-modules/puppet-patching.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-patching"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/patching
cp -R ${S}/puppet-modules-wrs/puppet-patching/src/patching ${D}/${datadir}/puppet/modules
}
FILES_puppet-patching += " \
${datadir}/puppet/modules/patching \
"

11
recipes-core/stx-config/puppet-modules/puppet-smapi.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-smapi"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/smapi
cp -R ${S}/puppet-modules-wrs/puppet-smapi/src/smapi ${D}/${datadir}/puppet/modules
}
FILES_puppet-smapi += " \
${datadir}/puppet/modules/smapi \
"

11
recipes-core/stx-config/puppet-modules/puppet-sshd.inc
View File

@ -1,11 +0,0 @@
PACKAGES += " puppet-sshd"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/sshd
cp -R ${S}/puppet-modules-wrs/puppet-sshd/src/sshd ${D}/${datadir}/puppet/modules
}
FILES_puppet-sshd += " \
${datadir}/puppet/modules/sshd \
"

13
recipes-core/stx-config/puppet-modules/puppet-sysinv.inc
View File

@ -1,13 +0,0 @@
PACKAGES += " puppet-sysinv"
do_install_prepend () {
install -d -m 0755 ${D}/${datadir}/puppet/modules/sysinv
cp -R ${S}/puppet-modules-wrs/puppet-sysinv/src/sysinv ${D}/${datadir}/puppet/modules
}
FILES_puppet-sysinv += " \
${datadir}/puppet/modules/sysinv \
"

89
recipes-core/stx-config/stx-platform-helm.inc
View File

@ -1,89 +0,0 @@
PACKAGES += "stx-platform-helm"
DEPENDS += " helm-native openstack-helm-infra"
APP_STAGING = "${WORKDIR}/build_home/app_staging"
APP_NAME = "platform-integ-apps"
APP_TARBALL = "${APP_NAME}-${PV}-${TIS_PATCH_VER}.tgz"
APP_FOLDER = "/usr/local/share/applications/helm"
do_configure_prepend() {
echo "Configure stx-platform-helm ..."
}
do_compile_prepend() {
export HELM_HOME="${WORKDIR}/build_home/.helm"
export HELM_FOLDER="${STAGING_LIBDIR}/helm"
export toolkit_version="${HELM_TOOL_KIT_VERSION}"
STX_PKG_SRC="${S}/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm"
cd ${STX_PKG_SRC}
mkdir -p ${HELM_HOME}/repository/{{cache,local},plugins,starters,cache,cache/archive}
# Stage a repository file that only has a local repo
cp ${STX_PKG_SRC}/files/repositories.yaml ${HELM_HOME}/repository/repositories.yaml
# Stage a local repo index that can be updated by the build
cp ${STX_PKG_SRC}/files/index.yaml ${HELM_HOME}/repository/local/index.yaml
## Stage helm-toolkit in the local repo
cp ${HELM_FOLDER}/helm-toolkit-${toolkit_version}.tgz ${STX_PKG_SRC}
cp -r ../../../../helm-charts/{ceph-pools-audit,node-feature-discovery,rbd-provisioner} .
# Host a server for the charts
helm serve --repo-path . &
helm repo rm local
helm repo add local http://localhost:8879/charts
# Make the charts. These produce a tgz file
make rbd-provisioner
make ceph-pools-audit
make node-feature-discovery
# Terminate helm server (the last backgrounded task)
kill %1
# Create a chart tarball compliant with sysinv kube-app.py
# Setup staging
mkdir -p ${APP_STAGING}
cp files/metadata.yaml ${APP_STAGING}
cp manifests/manifest.yaml ${APP_STAGING}
cp manifests/manifest.yaml ${APP_STAGING}
mkdir -p ${APP_STAGING}/charts
cp ceph-pools-audit-0.1.0.tgz helm-toolkit-0.1.0.tgz \
node-feature-discovery-0.3.0.tgz \
rbd-provisioner-0.1.0.tgz ${APP_STAGING}/charts
# Populate metadata
sed -i "s/@APP_NAME@/${APP_NAME}/g" ${APP_STAGING}/metadata.yaml
sed -i "s/@APP_VERSION@/${PV}-${TIS_PATCH_VER}/g" ${APP_STAGING}/metadata.yaml
sed -i "s/@HELM_REPO@/${HELM_REPO}/g" ${APP_STAGING}/metadata.yaml
## package it up
cd ${APP_STAGING}
find ./ -type f ! -name '*.md5' -exec md5sum {} + > checksum.md5
tar -czf ${STX_PKG_SRC}/${APP_TARBALL} -C ${APP_STAGING} ./
cd ${S}
}
do_install_prepend() {
echo "Installing stx-platform-helm ..."
STX_PKG_SRC="${S}/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm"
install -d -m 0755 ${D}/${APP_FOLDER}
install -d -m 0755 ${D}/opt/extracharts
install -p -D -m 755 ${STX_PKG_SRC}/${APP_TARBALL} ${D}/${APP_FOLDER}
install -p -D -m 755 ${STX_PKG_SRC}/node-feature-discovery-*.tgz ${S}/opt/extracharts
}
FILES_stx-platform-helm = " \
${APP_FOLDER} \
/opt/extracharts \
"

31
recipes-core/stx-config/worker-utils.inc
View File

@ -1,31 +0,0 @@
PACKAGES += " worker-utils"
RDEPENDS_worker-utils += " bash"
do_compile_prepend () {
cd ${S}/worker-utils/worker-utils
oe_runmake all
}
do_install_append () {
cd ${S}/worker-utils/worker-utils
oe_runmake BINDIR=${D}/${bindir} GOENABLEDDIR=${D}/${sysconfdir}/goenabled.d \
INITDDIR=${D}/${sysconfdir}/init.d PLATFORMCONFDIR=${D}/${sysconfdir}/platform \
SYSTEMDDIR=${D}/${systemd_system_unitdir} install
}
FILES_worker-utils = " \
${bindir}/ps-sched.sh \
${bindir}/topology.py \
${bindir}/set-cpu-wakeup-latency.sh \
${bindir}/affine-interrupts.sh \
${bindir}/topology \
${bindir}/topology.pyc \
${systemd_system_unitdir}/affine-tasks.service \
${systemd_system_unitdir}/affine-platform.sh.service \
${sysconfdir}/goenabled.d/worker-goenabled.sh \
${sysconfdir}/platform/worker_reserved.conf \
${sysconfdir}/init.d/affine-platform.sh \
${sysconfdir}/init.d/task_affinity_functions.sh \
${sysconfdir}/init.d/cpumap_functions.sh \
${sysconfdir}/init.d/affine-tasks.sh \
"

30
recipes-core/stx-ha/files/0001-Install-sm-eru-sm-eru-dump-and-sm-eru-watchdog.patch
View File

@ -1,30 +0,0 @@
From ff46ee1fa9d5b7269f5a05200d96d673a358e710 Mon Sep 17 00:00:00 2001
From: babak sarashki <babak.sarashki@windriver.com>
Date: Thu, 11 Jul 2019 13:07:49 -0700
Subject: [PATCH] Install sm-eru, sm-eru-dump, and sm-eru-watchdog
---
service-mgmt/sm-common-1.0.0/src/Makefile | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/service-mgmt/sm-common-1.0.0/src/Makefile b/service-mgmt/sm-common-1.0.0/src/Makefile
index 99f736d..7d138f9 100644
--- a/service-mgmt/sm-common-1.0.0/src/Makefile
+++ b/service-mgmt/sm-common-1.0.0/src/Makefile
@@ -69,8 +69,11 @@ install:
# install of these 3 are in the .spec file so that they can be
# renamed with '-' like they are in the bitbake file.
#
- # install -d $(DEST_DIR)$(BIN_DIR)
- # install sm_watchdog sm_eru sm_eru_dump $(DEST_DIR)$(BIN_DIR)
+
+ install -d -m 755 $(DEST_DIR)$(BIN_DIR)
+ install -p -m 755 sm_eru $(DEST_DIR)$(BIN_DIR)/sm-eru
+ install -p -m 755 sm_eru_dump $(DEST_DIR)$(BIN_DIR)/sm-eru-dump
+ install -p -m 755 sm_watchdog $(DEST_DIR)$(BIN_DIR)/sm-watchdog
install -d $(DEST_DIR)$(LIB_DIR)
install libsm_common.so.${VER} $(DEST_DIR)$(LIB_DIR)
cp -P libsm_common.so libsm_common.so.$(VER_MJR) $(DEST_DIR)$(LIB_DIR)
--
2.17.1

3
recipes-core/stx-nfv/stx-nfv.inc
View File

@ -1,3 +0,0 @@
DEPENDS += " \
"
RDEPENDS_${PN}_append = " "

23
recipes-core/stx-update/requests-toolbelt.bb
View File

@ -1,23 +0,0 @@
DESCRIPTION = "requests-toolbelt"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "a1425bf1c962a93d751ac1b9f8a7e8070d6a3c0e"
S = "${WORKDIR}/git"
PV = "0.5.1"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=71760e0f1dda8cff91b0bc9246caf571"
SRC_URI = "git://github.com/requests/toolbelt.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
DEPENDS = " \
python \
python-pbr-native \
"
inherit setuptools
RDEPENDS_${PN} += " bash"

40
recipes-core/stx-upstream/files/openstack-helm-infra/0001-Allow-multiple-containers-per-daemonset-pod.patch
View File

@ -1,40 +0,0 @@
From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 9 Jan 2019 20:11:33 -0500
Subject: [PATCH 1/4] Allow multiple containers per daemonset pod
Remove code that restricted daemonset pods to single containers.
Container names will default to name from helm chart template.
Required for nova cold migrations to work.
Story: 2003876
Task: 26735
Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 -------
1 file changed, 7 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index 743bd6b..c02de9e 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -223,13 +223,6 @@ limitations under the License.
{{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }}
{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }}
- {{/* set container name
- assume not more than one container is defined */}}
- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }}
- {{- $_ := set $container "name" $current_dict.dns_1123_name }}
- {{- $cont_list := list $container }}
- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }}
-
{{/* cross-reference configmap name to container volume definitions */}}
{{- $_ := set $context.Values "__volume_list" list }}
{{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }}
--
2.16.5

26
recipes-core/stx-upstream/files/openstack-helm-infra/0002-Add-imagePullSecrets-in-service-account.patch
View File

@ -1,26 +0,0 @@
From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Mon, 11 Feb 2019 11:29:03 -0500
Subject: [PATCH 2/4] Add imagePullSecrets in service account
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index b4cf1a6..2f4113b 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -44,6 +44,8 @@ kind: ServiceAccount
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+imagePullSecrets:
+ - name: default-registry-key
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
--
2.16.5

28
recipes-core/stx-upstream/files/openstack-helm-infra/0003-Set-Min-NGINX-handles.patch
View File

@ -1,28 +0,0 @@
From 93ec2454cba41bf3de1419bada1f145f1ca9dbd9 Mon Sep 17 00:00:00 2001
From: Al Bailey <Al.Bailey@windriver.com>
Date: Wed, 20 Feb 2019 13:56:27 -0600
Subject: [PATCH 3/4] Set Min NGINX handles
Signed-off-by: Robert Church <robert.church@windriver.com>
---
mariadb/files/nginx.tmpl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
index 5ec3d0d..07b7cc5 100644
--- a/mariadb/files/nginx.tmpl
+++ b/mariadb/files/nginx.tmpl
@@ -23,7 +23,9 @@ daemon off;
worker_processes {{ $cfg.WorkerProcesses }};
pid /run/nginx.pid;
-{{ if ne .MaxOpenFiles 0 }}
+{{ if lt .MaxOpenFiles 2048 }}
+worker_rlimit_nofile 2048;
+{{else}}
worker_rlimit_nofile {{ .MaxOpenFiles }};
{{ end }}
--
2.16.5

65
recipes-core/stx-upstream/files/openstack-helm-infra/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
View File

@ -1,65 +0,0 @@
From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Mon, 8 Apr 2019 02:12:39 -0400
Subject: [PATCH 4/4] Partial revert of
31e3469d28858d7b5eb6355e88b6f49fd62032be
Suspect that new use of mergeOverwrite vs. merge is breaking the
per-host DaemonSet overrides.
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index c02de9e..ef52592 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -48,10 +48,10 @@ limitations under the License.
{{/* apply overrides */}}
{{- $override_conf_copy := $host_data.conf }}
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $current_dict "nodeData" $root_conf_copy4 }}
@@ -87,10 +87,10 @@ limitations under the License.
{{/* apply overrides */}}
{{- $override_conf_copy := $label_data.conf }}
{{- $root_conf_copy := omit $context.Values.conf "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }}
@@ -185,7 +185,7 @@ limitations under the License.
{{- $root_conf_copy1 := omit $context.Values.conf "overrides" }}
{{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }}
@@ -196,7 +196,7 @@ limitations under the License.
{{- range $current_dict := $context.Values.__daemonset_list }}
{{- $context_novalues := omit $context "Values" }}
- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }}
+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }}
{{- $_ := set $current_dict "nodeData" $merged_dict }}
{{/* Deep copy original daemonset_yaml */}}
{{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }}
--
2.16.5

82
recipes-core/stx-upstream/files/openstack-helm-infra/0005-Add-a-configmap-for-ingress-controller-config.patch
View File

@ -1,82 +0,0 @@
From 9fd9b6276bfd41a01c73321e141ef1d14fcdd15c Mon Sep 17 00:00:00 2001
From: Yi Wang <yi.c.wang@intel.com>
Date: Fri, 17 May 2019 14:56:04 +0800
Subject: [PATCH] Add a configmap for ingress controller config
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
---
.../bin/_mariadb-ingress-controller.sh.tpl | 1 +
mariadb/templates/configmap-ingress-conf.yaml | 27 +++++++++++++++++++
mariadb/values.yaml | 3 +++
3 files changed, 31 insertions(+)
create mode 100755 mariadb/templates/configmap-ingress-conf.yaml
diff --git a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
index af6e0c0..f214ec3 100644
--- a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
+++ b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
@@ -27,6 +27,7 @@ function start () {
--election-id=${RELEASE_NAME} \
--ingress-class=${INGRESS_CLASS} \
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
+ --configmap=${POD_NAMESPACE}/mariadb-ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp
}
diff --git a/mariadb/templates/configmap-ingress-conf.yaml b/mariadb/templates/configmap-ingress-conf.yaml
new file mode 100755
index 0000000..64ffdd1
--- /dev/null
+++ b/mariadb/templates/configmap-ingress-conf.yaml
@@ -0,0 +1,27 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_ingress_conf }}
+{{- $envAll := . }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mariadb-ingress-conf
+data:
+{{ toYaml .Values.conf.ingress_conf | indent 2 }}
+{{- end }}
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
index c0a928e..ca9788b 100644
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@@ -200,6 +200,8 @@ jobs:
conf:
ingress: null
+ ingress_conf:
+ worker-processes: "auto"
backup:
enabled: true
base_path: /var/backup
@@ -322,6 +324,7 @@ network_policy:
manifests:
configmap_bin: true
configmap_etc: true
+ configmap_ingress_conf: true
configmap_services_tcp: true
deployment_error: true
deployment_ingress: true
--
2.17.1

12
recipes-core/stx-upstream/files/openstack-helm-infra/repositories.yaml
View File

@ -1,12 +0,0 @@
---
apiVersion: v1
generated: 2019-01-02T15:19:36.215111369-06:00
repositories:
- caFile: ""
cache: /builddir/.helm/repository/cache/local-index.yaml
certFile: ""
keyFile: ""
name: local
password: ""
url: http://127.0.0.1:8879/charts
username: ""

2457
recipes-core/stx-upstream/files/openstack-helm/0001-Add-Aodh-Chart.patch
View File

File diff suppressed because it is too large Load Diff

93
recipes-core/stx-upstream/files/openstack-helm/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch
View File

@ -1,93 +0,0 @@
From 5302aa4e87694e96cc3dfc56ae494a1a8211cc37 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Wed, 6 Mar 2019 18:06:06 -0500
Subject: [PATCH 02/11] Ceilometer chart: add the ability to publish events to
panko
Ceilometer notification agent sends the events to panko via panko
dispatcher/publisher which requires the db connection information
in /etc/panko/panko.conf.
This commit updates to mount the configuration file for panko in
ceilometer notification pod.
Change-Id: I4ca524ed7462f945a245e9dbe1d69493dbc4211d
Story: 2005019
Task: 29498
Depends-On: https://review.openstack.org/#/c/641144/
Signed-off-by: Angie Wang <angie.wang@windriver.com>
(cherry picked from commit 507bc47f1447808c57c1c8aa82b0639543083656)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/values.yaml | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index e6ae7e3a..9deade59 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -728,6 +728,11 @@ conf:
- name: event_sink
publishers:
- notifier://
+ # The following publisher will enable to publish events to panko.
+ # Ocata:
+ # - direct://?dispatcher=panko
+ # Pike:
+ # - panko://
transformers: null
sources:
- events:
@@ -1618,6 +1623,8 @@ dependencies:
service: mongodb
- endpoint: internal
service: metric
+ - endpoint: internal
+ service: event
tests:
services:
- endpoint: internal
@@ -1739,6 +1746,21 @@ endpoints:
api:
default: 8041
public: 80
+ event:
+ name: panko
+ hosts:
+ default: panko-api
+ public: panko
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: 'http'
+ port:
+ api:
+ default: 8977
+ public: 80
alarming:
name: aodh
hosts:
@@ -1865,7 +1887,19 @@ pod:
init_container: null
ceilometer_notification:
volumeMounts:
+ - name: etcpanko
+ mountPath: /etc/panko
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
volumes:
+ - name: etcpanko
+ emptyDir: {}
+ - name: panko-etc
+ secret:
+ secretName: panko-etc
+ defaultMode: 0444
replicas:
api: 1
central: 1
--
2.16.5

70
recipes-core/stx-upstream/files/openstack-helm/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
View File

@ -1,70 +0,0 @@
From a0e8c7e3764b168eaaa82d17d965f62d34766573 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 01:33:39 -0500
Subject: [PATCH 03/11] Remove stale Apache2 service pids when a POD starts.
Stale Apache2 pids will prevent Apache2 from starting and will leave
the POD in a crashed state.
Note: the pid file is somewhat confusingly called
/var/run/httpd/httpd.pid and /var/run/apache2 is just a symlink to
/var/run/httpd.
This is loosely based off the in-review upstream commit at
https://review.openstack.org/#/c/619747
Signed-off-by: Robert Church <robert.church@windriver.com>
---
ceilometer/templates/bin/_ceilometer-api.sh.tpl | 3 +++
keystone/templates/bin/_keystone-api.sh.tpl | 6 ++----
nova/templates/bin/_nova-placement-api.sh.tpl | 3 +++
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/ceilometer/templates/bin/_ceilometer-api.sh.tpl b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
index cdb02f79..392873c7 100644
--- a/ceilometer/templates/bin/_ceilometer-api.sh.tpl
+++ b/ceilometer/templates/bin/_ceilometer-api.sh.tpl
@@ -25,6 +25,9 @@ function start () {
source /etc/apache2/envvars
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
}
diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index 2f127b94..11726809 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -31,10 +31,8 @@ function start () {
source /etc/apache2/envvars
fi
- if [ -f /var/run/apache2/apache2.pid ]; then
- # Remove the stale pid for debian/ubuntu images
- rm -f /var/run/apache2/apache2.pid
- fi
+ # Get rid of stale pid, shared memory segment and wsgi sock files if present.
+ rm -f /var/run/apache2/*
# Start Apache2
exec apache2 -DFOREGROUND
diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
index f9c8d7c5..b4bcf178 100644
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
@@ -28,6 +28,9 @@ function start () {
source /etc/apache2/envvars
fi
+ # Get rid of stale pid file if present.
+ rm -f /var/run/apache2/*.pid
+
# Start Apache2
exec apache2 -DFOREGROUND
}
--
2.16.5

184
recipes-core/stx-upstream/files/openstack-helm/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch
View File

@ -1,184 +0,0 @@
From 6a023c248b3cbd093b8f4480f4b2cca5a3c8600d Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Thu, 10 Jan 2019 00:12:21 -0500
Subject: [PATCH 04/11] Fix ssh config in nova to support cold migrations
- Fix .ssh/config file mapping
- Move private key from nova-compute-ssh container to nova-compute
container.
- Map private and public keys to configmap-ssh which will default to
the appropriate file permissions.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides.
- Remove chmods from sshd bash script as they are failing.
Depends on helm-toolkit supporting multiple containers per daemonset
pod.
Story: 2003463
Task: 24723
Change-Id: Idd2e802c293f1e14991ee787ade9a4936fb373ff
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 9e9d8aa5e6d4239b40c6c9668592ea799cd6814d)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_ssh-start.sh.tpl | 19 ++++++++++++++++---
nova/templates/configmap-etc.yaml | 4 ++--
nova/templates/configmap-ssh.yaml | 35 +++++++++++++++++++++++++++++++++++
nova/templates/daemonset-compute.yaml | 14 +++++++++-----
nova/values.yaml | 5 +++++
5 files changed, 67 insertions(+), 10 deletions(-)
create mode 100755 nova/templates/configmap-ssh.yaml
diff --git a/nova/templates/bin/_ssh-start.sh.tpl b/nova/templates/bin/_ssh-start.sh.tpl
index 1c10cb07..158090b0 100644
--- a/nova/templates/bin/_ssh-start.sh.tpl
+++ b/nova/templates/bin/_ssh-start.sh.tpl
@@ -33,8 +33,21 @@ if [[ $(stat -c %U:%G ~nova/.ssh) != "nova:nova" ]]; then
chown nova: ~nova/.ssh
fi
-chmod 0600 ~root/.ssh/authorized_keys
-chmod 0600 ~root/.ssh/id_rsa
-chmod 0600 ~root/.ssh/id_rsa.pub
+{{- if .Values.network.sshd.enabled }}
+subnet_address="{{- .Values.network.sshd.from_subnet -}}"
+cat > /tmp/sshd_config_extend <<EOF
+
+# This Match block prevents Password Authentication for root user
+Match User root
+ PasswordAuthentication no
+
+# This Match Block is used to allow Root Login exceptions over the
+# internal subnet used by Nova Migrations
+Match Address $subnet_address
+ PermitRootLogin without-password
+EOF
+cat /tmp/sshd_config_extend >> /etc/ssh/sshd_config
+rm /tmp/sshd_config_extend
+{{- end }}
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 55aa3114..0d1e7a5e 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -232,8 +232,8 @@ data:
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
-# FIXME(portdirect): why is this file suffixed .sh?
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config" "format" "Secret" ) | indent 2 }}
+
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
diff --git a/nova/templates/configmap-ssh.yaml b/nova/templates/configmap-ssh.yaml
new file mode 100755
index 00000000..bab8e330
--- /dev/null
+++ b/nova/templates/configmap-ssh.yaml
@@ -0,0 +1,35 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "nova.configmap.ssh" }}
+{{- $envAll := index . 1 }}
+{{- with $envAll }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nova-ssh
+type: Opaque
+data:
+ ssh-key-private: {{ .Values.conf.ssh_private | b64enc }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh_public "key" "ssh-key-public" "format" "Secret" ) | indent 2 }}
+
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- list "nova-ssh" . | include "nova.configmap.ssh" }}
+{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 09627042..4a7b90b5 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -258,6 +258,9 @@ spec:
mountPath: /root/.ssh/config
subPath: ssh-config
readOnly: true
+ - name: nova-ssh
+ mountPath: /root/.ssh/id_rsa
+ subPath: ssh-key-private
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
mountPath: /etc/ceph
@@ -314,13 +317,10 @@ spec:
mountPath: /var/lib/nova
- name: varliblibvirt
mountPath: /var/lib/libvirt
- - name: nova-etc
- mountPath: /root/.ssh/id_rsa
- subPath: ssh-key-private
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/id_rsa.pub
subPath: ssh-key-public
- - name: nova-etc
+ - name: nova-ssh
mountPath: /root/.ssh/authorized_keys
subPath: ssh-key-public
- name: nova-bin
@@ -336,6 +336,10 @@ spec:
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: nova-ssh
+ secret:
+ secretName: nova-ssh
+ defaultMode: 0400
{{- if .Values.conf.ceph.enabled }}
- name: etcceph
hostPath:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7cb4d553..8599027a 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -211,6 +211,9 @@ network:
ssh:
name: "nova-ssh"
port: 8022
+ sshd:
+ enabled: false
+ from_subnet: 0.0.0.0/24
dependencies:
dynamic:
@@ -462,6 +465,8 @@ conf:
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Port {{ .Values.network.ssh.port }}
+ ssh_private: 'null'
+ ssh_public: 'null'
rally_tests:
run_tempest: false
tests:
--
2.16.5

65
recipes-core/stx-upstream/files/openstack-helm/0005-Nova-console-ip-address-search-optionality.patch
View File

@ -1,65 +0,0 @@
From 64b22037b53e6423c465367c26a6d7255768ae17 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH 05/11] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
compute init container
2. my_ip hypervisor address found by compute init container
These options can be used to prevent cases where the found addresses
overwrite what has already been defined in nova.conf by per host nova
compute daemonset overrides.
Story: 2005259
Task: 30066
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 6 +++++-
nova/values.yaml | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index c80da6d6..4927908a 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -20,6 +20,10 @@ set -ex
exec nova-compute \
--config-file /etc/nova/nova.conf \
+{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
+{{- end }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
- --config-file /tmp/pod-shared/nova-hypervisor.conf
\ No newline at end of file
+{{- if .Values.conf.hypervisor.address_search_enabled }}
+ --config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 8599027a..0887cecc 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -440,6 +440,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
+ address_search_enabled: true
ssh:
key_types:
@@ -1433,6 +1434,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
nova:
--
2.16.5

346
recipes-core/stx-upstream/files/openstack-helm/0006-Nova-chart-Support-ephemeral-pool-creation.patch
View File

@ -1,346 +0,0 @@
From 4f6701c4cab07d9f54012e2a143173803f97ff3d Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH 06/11] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
to make sure this pool exists.
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
Story: 2004922
Task: 29285
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-storage-init.sh.tpl | 75 +++++++++++++
nova/templates/configmap-bin.yaml | 4 +-
nova/templates/job-storage-init.yaml | 155 +++++++++++++++++++++++++++
nova/values.yaml | 18 ++++
4 files changed, 251 insertions(+), 1 deletion(-)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 00000000..f79fcff0
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
+ echo "Update its cephx caps"
+ ceph auth caps client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd"
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ else
+ # NOTE: Restrict Nova permissions to what is needed.
+ # MON Read only and RBD access to the Nova ephemeral pool only.
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index c58b90bd..268434fd 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -1,5 +1,5 @@
{{/*
-Copyright 2017 The Openstack-Helm Authors.
+Copyright 2017-2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -83,6 +83,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cell-setup.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 00000000..7d057fb9
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,155 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if or $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index 0887cecc..7245cf82 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -87,6 +87,7 @@ images:
nova_service_cleaner: 'docker.io/port/ceph-config-helper:v1.10.3'
nova_spiceproxy: docker.io/openstackhelm/nova:ocata
nova_spiceproxy_assets: 'docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:ocata'
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:1.3.0
image_repo_sync: docker.io/docker:17.07.0
local_registry:
@@ -461,6 +462,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 3
+ rbd_chunk_size: 64
ssh: |
Host *
StrictHostKeyChecking no
@@ -1625,6 +1634,7 @@ secrets:
placement:
placement:
public: placement-tls-public
+ ephemeral: nova-ephemeral
# typically overridden by environmental
# values, but should include all endpoints
@@ -2239,6 +2249,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2302,6 +2319,7 @@ manifests:
job_ks_placement_service: true
job_ks_placement_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_placement: true
pdb_osapi: true
--
2.16.5

30
recipes-core/stx-upstream/files/openstack-helm/0007-Horizon-Disable-apache2-status_module.patch
View File

@ -1,30 +0,0 @@
From 8fc7a67eb359d1dfe67b63bc2636386b76071891 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:29:26 -0400
Subject: [PATCH 07/11] Horizon: Disable apache2 status_module
a2dismod is not present in the StarlingX httpd based images. Try
a2dismod first, then fail back to using sed to remove the module.
Change-Id: Ic2e8626a4d198d2f153d9bd94f07de42b55e81b6
Signed-off-by: Robert Church <robert.church@windriver.com>
---
horizon/templates/bin/_horizon.sh.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/horizon/templates/bin/_horizon.sh.tpl b/horizon/templates/bin/_horizon.sh.tpl
index dec000f3..55a2c629 100644
--- a/horizon/templates/bin/_horizon.sh.tpl
+++ b/horizon/templates/bin/_horizon.sh.tpl
@@ -28,7 +28,7 @@ function start () {
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
a2enmod rewrite
- a2dismod status
+ a2dismod status || sed -i 's/LoadModule status_module/#LoadModule status_module/' /etc/httpd/conf.modules.d/00-base.conf
if [ -f /etc/apache2/envvars ]; then
# Loading Apache2 ENV variables
--
2.16.5

224
recipes-core/stx-upstream/files/openstack-helm/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch
View File

@ -1,224 +0,0 @@
From 615b86e8f394f1648e5c2383364cd46230290182 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:37:05 -0400
Subject: [PATCH 08/11] Neutron: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: I61379a5e00de4311c02c3f64cbe7c7345a9b3569
Signed-off-by: Robert Church <robert.church@windriver.com>
---
neutron/templates/daemonset-dhcp-agent.yaml | 4 ++++
neutron/templates/daemonset-l3-agent.yaml | 4 ++++
neutron/templates/daemonset-lb-agent.yaml | 4 ++++
neutron/templates/daemonset-metadata-agent.yaml | 4 ++++
neutron/templates/daemonset-ovs-agent.yaml | 4 ++++
neutron/templates/daemonset-sriov-agent.yaml | 4 ++++
neutron/values.yaml | 27 +++++++++++++++++++++++++
7 files changed, 51 insertions(+)
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 49866f2a..6e1d2928 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.dhcp_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.dhcp_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-dhcp-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 5e0ec194..29e0f3f7 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -66,6 +66,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.l3_agent.enabled }}
readinessProbe:
exec:
command:
@@ -80,6 +81,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.l3_agent.enabled }}
livenessProbe:
exec:
command:
@@ -95,6 +98,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/neutron-l3-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index c2b432f7..685893d5 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -140,12 +140,16 @@ spec:
privileged: true
command:
- /tmp/neutron-linuxbridge-agent.sh
+ {{- if .Values.pod.probes.readiness.lb_agent.enabled }}
readinessProbe:
exec:
command:
- bash
- -c
- 'brctl show'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.lb_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-linuxbridge-agent.sh
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 8e92a675..fba132ed 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -87,6 +87,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
+ {{- if .Values.pod.probes.readiness.metadata_agent.enabled }}
readinessProbe:
exec:
command:
@@ -99,6 +100,8 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 35
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.metadata_agent.enabled }}
livenessProbe:
exec:
command:
@@ -112,6 +115,7 @@ spec:
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 45
+ {{- end }}
command:
- /tmp/neutron-metadata-agent.sh
volumeMounts:
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 56061e63..69ee1c2c 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -154,6 +154,7 @@ spec:
privileged: true
command:
- /tmp/neutron-openvswitch-agent.sh
+ {{- if .Values.pod.probes.readiness.ovs_agent.enabled }}
# ensures this container can can see a br-int
# bridge before its marked as ready
readinessProbe:
@@ -162,6 +163,8 @@ spec:
- bash
- -c
- 'ovs-vsctl list-br | grep -q br-int'
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.ovs_agent.enabled }}
livenessProbe:
exec:
command:
@@ -177,6 +180,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-openvswitch-agent.sh
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index a59e4100..c03b3668 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -129,6 +129,7 @@ spec:
privileged: true
command:
- /tmp/neutron-sriov-agent.sh
+ {{- if .Values.pod.probes.readiness.sriov_agent.enabled }}
readinessProbe:
exec:
command:
@@ -141,6 +142,9 @@ spec:
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 10
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.sriov_agent.enabled }}
+ {{- end }}
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-sriov-agent.sh
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 5ab4ca12..1cc67b94 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -520,6 +520,33 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
+ liveness:
+ dhcp_agent:
+ enabled: true
+ l3_agent:
+ enabled: true
+ lb_agent:
+ enabled: true
+ metadata_agent:
+ enabled: true
+ ovs_agent:
+ enabled: true
+ sriov_agent:
+ enabled: true
conf:
rally_tests:
--
2.16.5

227
recipes-core/stx-upstream/files/openstack-helm/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch
View File

@ -1,227 +0,0 @@
From af94c98eee44769a2c1e8f211029f8346a13ebc2 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Fri, 22 Mar 2019 03:42:08 -0400
Subject: [PATCH 09/11] Nova: Add support for disabling Readiness/Liveness
probes
With the introduction of Readiness/Liveness probes in
Ib8e4b93486588320fd2d562c3bc90b65844e52e5, some probes are failing and
preventing successful armada manifest applies.
Add support to disable the probes.
Change-Id: Iebe7327055f58fa78ce3fcac968c1fa617c30c2f
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/daemonset-compute.yaml | 4 ++++
nova/templates/deployment-conductor.yaml | 4 ++++
nova/templates/deployment-consoleauth.yaml | 4 ++++
nova/templates/deployment-novncproxy.yaml | 4 ++++
nova/templates/deployment-scheduler.yaml | 4 ++++
nova/templates/deployment-spiceproxy.yaml | 4 ++++
nova/values.yaml | 27 +++++++++++++++++++++++++++
7 files changed, 51 insertions(+)
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 4a7b90b5..f508b963 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -181,6 +181,7 @@ spec:
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.conf.ceph.secret_uuid }}"
{{ end }}
+ {{- if .Values.pod.probes.readiness.nova_compute.enabled }}
readinessProbe:
exec:
command:
@@ -193,6 +194,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_compute.enabled }}
livenessProbe:
exec:
command:
@@ -206,6 +209,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-compute.sh
volumeMounts:
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 1e66e419..33d41097 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_conductor.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_conductor.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-conductor.sh
volumeMounts:
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
index 75b66e79..31013eb7 100644
--- a/nova/templates/deployment-consoleauth.yaml
+++ b/nova/templates/deployment-consoleauth.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_consoleauth.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_consoleauth.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-consoleauth.sh
volumeMounts:
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index cf9fda02..2611ba80 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-novncproxy
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_novcnproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_novcnproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index 9611d950..0350c47c 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -60,6 +60,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
+ {{- if .Values.pod.probes.readiness.nova_scheduler.enabled }}
readinessProbe:
exec:
command:
@@ -72,6 +73,8 @@ spec:
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_scheduler.enabled }}
livenessProbe:
exec:
command:
@@ -85,6 +88,7 @@ spec:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
+ {{- end }}
command:
- /tmp/nova-scheduler.sh
volumeMounts:
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index 4507bde4..1b58ec98 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -94,14 +94,18 @@ spec:
- name: nova-spiceproxy
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{- if .Values.pod.probes.readiness.nova_spiceproxy.enabled }}
readinessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
+ {{- if .Values.pod.probes.liveness.nova_spiceproxy.enabled }}
livenessProbe:
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
+ {{- end }}
command:
- /tmp/nova-console-proxy.sh
ports:
diff --git a/nova/values.yaml b/nova/values.yaml
index 7245cf82..433ec3af 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2256,6 +2256,33 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ probes:
+ readiness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
+ liveness:
+ nova_compute:
+ enabled: true
+ nova_conductor:
+ enabled: true
+ nova_consoleauth:
+ enabled: true
+ nova_novcnproxy:
+ enabled: true
+ nova_scheduler:
+ enabled: true
+ nova_spiceproxy:
+ enabled: true
network_policy:
nova:
--
2.16.5

60
recipes-core/stx-upstream/files/openstack-helm/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch
View File

@ -1,60 +0,0 @@
From 8b52fcc187dcb2da5fd7453dbb564d24d475dd49 Mon Sep 17 00:00:00 2001
From: Mingyuan Qi <mingyuan.qi@intel.com>
Date: Thu, 11 Apr 2019 14:59:11 +0800
Subject: [PATCH 10/11] Ironic: Add pxe boot support for centos image
Current script does not consider centos distro as base image.
Different folder was checked to copy pxe files to tftpboot folder.
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
---
.../bin/_ironic-conductor-pxe-init.sh.tpl | 25 +++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
index b8c4c4c..5fe595f 100644
--- a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
+++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
@@ -16,19 +16,34 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+DISTRO_UBUNTU=$(cat /etc/*release | grep Ubuntu)
+DISTRO_CENTOS=$(cat /etc/*release | grep CentOS)
+
set -ex
-#NOTE(portdirect): this works round a limitation in Kolla images
-if ! dpkg -l ipxe; then
- apt-get update
- apt-get install ipxe -y
+if [[ ! -z $DISTRO_UBUNTU ]]; then
+ #NOTE(portdirect): this works round a limitation in Kolla images
+ if ! dpkg -l ipxe; then
+ apt-get update
+ apt-get install ipxe -y
+ fi
fi
mkdir -p /var/lib/openstack-helm/tftpboot
mkdir -p /var/lib/openstack-helm/tftpboot/master_images
-for FILE in undionly.kpxe ipxe.efi; do
+for FILE in undionly.kpxe ipxe.efi pxelinux.0; do
if [ -f /usr/lib/ipxe/$FILE ]; then
cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
fi
+
+ # For CentOS
+ if [[ ! -z $DISTRO_CENTOS ]]; then
+ if [ -f /var/lib/tftpboot/$FILE ]; then
+ cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ if [ -f /usr/share/ipxe/$FILE ]; then
+ cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+ fi
done
--
1.8.3.1

82
recipes-core/stx-upstream/files/openstack-helm/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch
View File

@ -1,82 +0,0 @@
From baf5356a4fb61590a95f64a63c0dcabfebb3baaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
Date: Tue, 9 Apr 2019 10:37:46 +0200
Subject: [PATCH 11/11] Use nova's ping method to find out if the service is
alive
Currently there is fake rpc call "pod_health_probe_method_ignore_errors"
that is passed to the service, just to find out if it is responding. Because
such method does not exist, it is needed to catch and handle the exception
that is inevitably thrown by the service.
While this is technically working correctly, the exceptions pollute the
log files and make it harder for user to see possible real errors.
This is how the error looks like:
ERROR oslo_messaging.rpc.server [-] Exception during message handling: oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch
ERROR oslo_messaging.rpc.server raise UnsupportedVersion(version, method=method)
ERROR oslo_messaging.rpc.server oslo_messaging.rpc.dispatcher.UnsupportedVersion: Endpoint does not support RPC version 1.0. Attempted method: pod_health_probe_method_ignore_errors
This situation is new since https://review.openstack.org/#/c/639711/
which (correctly) increased the default level of logging. Before 639711
error messages from oslo (both real and ones that could be ignored) were not
present in nova logs at all.
Fortunatelly, nova's BaseAPI class provides 'ping' method that is can
be used for this basic purpose by all nova components.
Change-Id: I0062e74bed399206becb8d9e00f9ec805da864a3
---
nova/templates/bin/_health-probe.py.tpl | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/nova/templates/bin/_health-probe.py.tpl b/nova/templates/bin/_health-probe.py.tpl
index 6434e45..4c1aa45 100644
--- a/nova/templates/bin/_health-probe.py.tpl
+++ b/nova/templates/bin/_health-probe.py.tpl
@@ -17,8 +17,8 @@
"""
Health probe script for OpenStack service that uses RPC/unix domain socket for
communication. Check's the RPC tcp socket status on the process and send
-message to service through rpc call method and expects a reply. It is expected
-to receive failure from the service's RPC server as the method does not exist.
+message to service through rpc call method and expects a reply.
+Use nova's ping method that is designed just for such simple purpose.
Script returns failure to Kubernetes only when
a. TCP socket for the RPC communication are not established.
@@ -28,7 +28,7 @@ Script returns failure to Kubernetes only when
sys.stderr.write() writes to pod's events on failures.
Usage example for Nova Compute:
-# python health-probe-rpc.py --config-file /etc/nova/nova.conf \
+# python health-probe.py --config-file /etc/nova/nova.conf \
# --service-queue-name compute
"""
@@ -50,12 +50,15 @@ def check_service_status(transport):
"""Verify service status. Return success if service consumes message"""
try:
target = oslo_messaging.Target(topic=cfg.CONF.service_queue_name,
- server=socket.gethostname())
+ server=socket.gethostname(),
+ namespace='baseapi',
+ version="1.1")
client = oslo_messaging.RPCClient(transport, target,
timeout=60,
retry=2)
client.call(context.RequestContext(),
- 'pod_health_probe_method_ignore_errors')
+ 'ping',
+ arg=None)
except oslo_messaging.exceptions.MessageDeliveryFailure:
# Log to pod events
sys.stderr.write("Health probe unable to reach message bus")
--
2.7.4

59
recipes-core/stx-upstream/files/python-horizon/guni_config.py
View File

@ -1,59 +0,0 @@
import datetime
import fnmatch
import os
import resource
import subprocess
from django.conf import settings
errorlog = "/var/log/horizon/gunicorn.log"
capture_output = True
# maxrss ceiling in kbytes
MAXRSS_CEILING = 512000
def worker_abort(worker):
path = ("/proc/%s/fd") % os.getpid()
contents = os.listdir(path)
upload_dir = getattr(settings, 'FILE_UPLOAD_TEMP_DIR', '/tmp')
pattern = os.path.join(upload_dir, '*.upload')
for i in contents:
f = os.path.join(path, i)
if os.path.exists(f):
try:
link = os.readlink(f)
if fnmatch.fnmatch(link, pattern):
worker.log.info(link)
os.remove(link)
except OSError:
pass
def when_ready(server):
subprocess.check_call(["/usr/bin/horizon-assets-compress"])
def post_worker_init(worker):
worker.nrq = 0
worker.restart = False
def pre_request(worker, req):
worker.nrq += 1
if worker.restart:
worker.nr = worker.max_requests - 1
maxrss = resource.getrusage(resource.RUSAGE_SELF).ru_maxrss
msg = "%(date)s %(uri)s %(rss)u" % ({'date': datetime.datetime.now(),
'uri': getattr(req, "uri"),
'rss': maxrss})
worker.log.info(msg)
def post_request(worker, req, environ, resp):
worker.nrq -= 1
if not worker.restart:
maxrss = resource.getrusage(resource.RUSAGE_SELF).ru_maxrss
if maxrss > MAXRSS_CEILING and worker.nrq == 0:
worker.restart = True

43
recipes-core/stx-upstream/files/python-horizon/horizon-assets-compress
View File

@ -1,43 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
PYTHON=`which python`
MANAGE="/usr/share/openstack-dashboard/manage.py"
STATICDIR="/www/pages/static"
BRANDDIR="/opt/branding"
APPLIEDDIR="/opt/branding/applied"
# Handle custom horizon branding
rm -rf ${APPLIEDDIR}
if ls ${BRANDDIR}/*.tgz 1> /dev/null 2>&1; then
LATESTBRANDING=$(ls $BRANDDIR |grep '\.tgz$' | tail -n 1)
mkdir -p ${APPLIEDDIR}
tar zxf ${BRANDDIR}/${LATESTBRANDING} -C ${APPLIEDDIR} 2>/dev/null 1>/dev/null
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "Failed to extract ${BRANDDIR}/${LATESTBRANDING}"
fi
fi
echo "Dumping static assets"
if [ -d ${STATICDIR} ]; then
COLLECTARGS=--clear
fi
${PYTHON} -- ${MANAGE} collectstatic -v0 --noinput ${COLLECTARGS}
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "Failed to dump static assets."
exit $RETVAL
fi
nice -n 20 ionice -c Idle ${PYTHON} -- ${MANAGE} compress -v0
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "Failed to compress assets."
exit $RETVAL
fi

3
recipes-core/stx-upstream/files/python-horizon/horizon-clearsessions
View File

@ -1,3 +0,0 @@
#!/bin/bash
/usr/bin/nice -n 2 /usr/bin/python /usr/share/openstack-dashboard/manage.py clearsessions

80
recipes-core/stx-upstream/files/python-horizon/horizon-patching-restart
View File

@ -1,80 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# The patching subsystem provides a patch-functions bash source file
# with useful function and variable definitions.
#
. /etc/patching/patch-functions
#
# We can now check to see what type of node we're on, if it's locked, etc,
# and act accordingly
#
#
# Declare an overall script return code
#
declare -i GLOBAL_RC=$PATCH_STATUS_OK
#
# handle restarting horizon.
#
if is_controller
then
# Horizon only runs on the controller
if [ ! -f $PATCH_FLAGDIR/horizon.restarted ]
then
# Check SM to see if Horizon is running
sm-query service horizon | grep -q 'enabled-active'
if [ $? -eq 0 ]
then
loginfo "$0: Logging out all horizon sessions"
# Remove sessions
rm -f /var/tmp/sessionid*
loginfo "$0: Restarting horizon"
# Ask SM to restart Horizon
sm-restart service horizon
touch $PATCH_FLAGDIR/horizon.restarted
# Wait up to 30 seconds for service to recover
let -i UNTIL=$SECONDS+30
while [ $UNTIL -ge $SECONDS ]
do
# Check to see if it's running
sm-query service horizon | grep -q 'enabled-active'
if [ $? -eq 0 ]
then
break
fi
# Still not running? Let's wait 5 seconds and check again
sleep 5
done
sm-query service horizon | grep -q 'enabled-active'
if [ $? -ne 0 ]
then
# Still not running! Clear the flag and mark the RC as failed
loginfo "$0: Failed to restart horizon"
rm -f $PATCH_FLAGDIR/horizon.restarted
GLOBAL_RC=$PATCH_STATUS_FAILED
sm-query service horizon
fi
fi
fi
fi
#
# Exit the script with the overall return code
#
exit $GLOBAL_RC

152
recipes-core/stx-upstream/files/python-horizon/horizon.init
View File

@ -1,152 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: OpenStack Dashboard
# Required-Start: networking
# Required-Stop: networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: OpenStack Dashboard
# Description: Web based user interface to OpenStack services including
# Nova, Swift, Keystone, etc.
### END INIT INFO
RETVAL=0
DESC="openstack-dashboard"
PIDFILE="/var/run/$DESC.pid"
PYTHON=`which python`
# Centos packages openstack_dashboard under /usr/share
#MANAGE="@PYTHON_SITEPACKAGES@/openstack_dashboard/manage.py"
MANAGE="/usr/share/openstack-dashboard/manage.py"
EXEC="/usr/bin/gunicorn"
BIND="localhost"
PORT="8008"
WORKER="eventlet"
WORKERS=`grep workers /etc/openstack-dashboard/horizon-config.ini | cut -f3 -d' '`
# Increased timeout to facilitate large image uploads
TIMEOUT="200"
STATICDIR="/www/pages/static"
BRANDDIR="/opt/branding"
APPLIEDDIR="/opt/branding/applied"
TMPUPLOADDIR="/scratch/horizon"
source /usr/bin/tsconfig
start()
{
# Change workers if combined controller/compute
. /etc/platform/platform.conf
if [ "${WORKERS}" -lt "2" ]; then
WORKERS=2
fi
if [ -e $PIDFILE ]; then
PIDDIR=/proc/$(cat $PIDFILE)
if [ -d ${PIDDIR} ]; then
echo "$DESC already running."
return
else
echo "Removing stale PID file $PIDFILE"
rm -f $PIDFILE
fi
fi
# Clean up any possible orphaned worker threads
if lsof -t -i:${PORT} 1> /dev/null 2>&1; then
kill $(lsof -t -i:${PORT}) > /dev/null 2>&1
fi
rm -rf ${TMPUPLOADDIR}
mkdir -p ${TMPUPLOADDIR}
echo -n "Starting $DESC..."
start-stop-daemon --start --quiet --background --pidfile ${PIDFILE} \
--make-pidfile --exec ${PYTHON} -- ${EXEC} --bind ${BIND}:${PORT} \
--worker-class ${WORKER} --workers ${WORKERS} --timeout ${TIMEOUT} \
--log-syslog \
--config '/usr/share/openstack-dashboard/guni_config.py' \
--pythonpath '/usr/share/openstack-dashboard' \
openstack_dashboard.wsgi
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo "done."
else
echo "failed."
fi
# now copy customer branding file to CONFIG_PATH/branding if anything updated
sm-query service drbd-platform | grep enabled-active > /dev/null 2>&1
IS_ACTIVE=$?
if ls ${BRANDDIR}/*.tgz 1> /dev/null 2>&1; then
LATESTBRANDING=$(ls $BRANDDIR |grep '\.tgz$' | tail -n 1)
if [ $IS_ACTIVE -eq 0 ]; then
# Only do the copy if the tarball has changed
if ! cmp --silent ${BRANDDIR}/${LATESTBRANDING} ${CONFIG_PATH}/branding/${LATESTBRANDING} ; then
mkdir -p ${CONFIG_PATH}/branding
rm -rf ${CONFIG_PATH}/branding/*.tgz
cp -r ${BRANDDIR}/${LATESTBRANDING} ${CONFIG_PATH}/branding
fi
fi
fi
# As part of starting horizon we should kill containerized horizon so that it
# will pickup branding changes
kubectl --kubeconfig=/etc/kubernetes/admin.conf delete pods -n openstack -l application=horizon 1>/dev/null
}
stop()
{
if [ ! -e $PIDFILE ]; then return; fi
echo -n "Stopping $DESC..."
start-stop-daemon --stop --quiet --pidfile $PIDFILE
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo "done."
else
echo "failed."
fi
rm -rf ${TMPUPLOADDIR}
rm -f $PIDFILE
}
status()
{
pid=`cat $PIDFILE 2>/dev/null`
if [ -n "$pid" ]; then
if ps -p $pid &> /dev/null ; then
echo "$DESC is running"
RETVAL=0
return
else
RETVAL=1
fi
fi
echo "$DESC is not running"
RETVAL=3
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload|reload)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|force-reload|restart|reload|status}"
RETVAL=1
;;
esac
exit $RETVAL

13
recipes-core/stx-upstream/files/python-horizon/horizon.logrotate
View File

@ -1,13 +0,0 @@
/var/log/horizon.log {
nodateext
size 10M
start 1
rotate 20
missingok
notifempty
compress
sharedscripts
postrotate
/etc/init.d/syslog reload > /dev/null 2>&1 || true
endscript
}

19
recipes-core/stx-upstream/files/python-horizon/openstack-dashboard-httpd-2.4.conf
View File

@ -1,19 +0,0 @@
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>

32
recipes-core/stx-upstream/files/python-horizon/openstack-dashboard-httpd-logging.conf
View File

@ -1,32 +0,0 @@
# if you want logging to a separate file, please update your config
# according to the last 4 lines in this snippet, and also take care
# to introduce a <VirtualHost > directive.
#
WSGISocketPrefix run/wsgi
<VirtualHost *:80>
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
#DocumentRoot %HORIZON_DIR%/.blackhole/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /usr/share/openstack-dashboard/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog logs/openstack_dashboard_error.log
LogLevel warn
CustomLog logs/openstack_dashboard_access.log combined
</VirtualHost>

8
recipes-core/stx-upstream/files/python-horizon/python-django-horizon-logrotate.conf
View File

@ -1,8 +0,0 @@
/var/log/horizon/*.log {
weekly
rotate 4
missingok
compress
minsize 100k
}

3
recipes-core/stx-upstream/files/python-horizon/python-django-horizon-systemd.conf
View File

@ -1,3 +0,0 @@
[Service]
ExecStartPre=/usr/bin/python /usr/share/openstack-dashboard/manage.py collectstatic --noinput --clear
ExecStartPre=/usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force

57
recipes-core/stx-upstream/openstack-helm-infra.bb
View File

@ -1,57 +0,0 @@
DESCRIPTION = "openstack-helm-infra"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://Makefile;md5=93e806b1a66ac32a348e4e59a2f6c132"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "aae64213c95fbcea7a0a7671dcb9d8a366f16fa5"
S = "${WORKDIR}/git"
PV = "1.0"
DEPENDS += " helm-native"
SRC_URI = "git://github.com/openstack/openstack-helm-infra.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH} \
file://openstack-helm-infra/0001-Allow-multiple-containers-per-daemonset-pod.patch \
file://openstack-helm-infra/0002-Add-imagePullSecrets-in-service-account.patch \
file://openstack-helm-infra/0003-Set-Min-NGINX-handles.patch \
file://openstack-helm-infra/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch \
file://openstack-helm-infra/0005-Add-a-configmap-for-ingress-controller-config.patch \
file://${PN}/repositories.yaml \
"
do_configure() {
:
}
do_compile() {
export HELM_HOME=${WORKDIR}/build_home/.helm
mkdir -p ${WORKDIR}/build_home/.helm/{repository/{cache,local},plugins,starters,cache,cache/archive}
cp ${WORKDIR}/openstack-helm-infra/repositories.yaml ${HELM_HOME}/repository/
helm serve $PWD/build_home/tmp/ --address localhost:8879 --url http://localhost:8879/charts &
helm repo rm local
helm repo add local http://localhost:8879/charts
# Make the charts. These produce tgz files
make helm-toolkit
make gnocchi
make ingress
make libvirt
make mariadb
make memcached
make openvswitch
make rabbitmq
make ceph-rgw
# Kill the server
kill %1
}
do_install() {
install -m 0755 -d ${D}/${libdir}/helm
install -p -D -m 755 *.tgz ${D}/${libdir}/helm
}
FILES_${PN} += " ${libdir}"

37
recipes-core/stx-upstream/openstack-helm.bb
View File

@ -1,37 +0,0 @@
DESCRIPTION = "openstack-helm"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "6c71637222f47d85681038994f02feac92f75bd2"
S = "${WORKDIR}/git"
PV = "0.1.0"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
SRC_URI = "git://github.com/openstack/openstack-helm.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH} \
file://openstack-helm/0001-Add-Aodh-Chart.patch \
file://openstack-helm/0002-Ceilometer-chart-add-the-ability-to-publish-events-t.patch \
file://openstack-helm/0003-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch \
file://openstack-helm/0004-Fix-ssh-config-in-nova-to-support-cold-migrations.patch \
file://openstack-helm/0005-Nova-console-ip-address-search-optionality.patch \
file://openstack-helm/0006-Nova-chart-Support-ephemeral-pool-creation.patch \
file://openstack-helm/0007-Horizon-Disable-apache2-status_module.patch \
file://openstack-helm/0008-Neutron-Add-support-for-disabling-Readiness-Liveness.patch \
file://openstack-helm/0009-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch \
file://openstack-helm/0010-Ironic-Add-pxe-boot-support-for-centos-image.patch \
file://openstack-helm/0011-Use-nova-s-ping-method-to-find-out-if-the-service-is.patch \
"
DEPENDS = " \
python \
python-pbr-native \
"
inherit setuptools
RDEPENDS_${PN} += " bash"

29
recipes-core/stx-upstream/openstack-ras.bb
View File

@ -1,29 +0,0 @@
DESCRIPTION = "openstack-ras"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "66619fd22e98b68da89fed1049fe825104110f2e"
S = "${WORKDIR}/git"
# PV = "git"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRC_URI = "git://github.com/madkiss/openstack-resource-agents.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
do_configure () {
:
}
do_compile () {
:
}
do_install() {
cd ${S}
oe_runmake -e INSTALL="install" DESTDIR="${D}" install
}
FILES_${PN} = " ${libdir}"

20
recipes-core/stx-upstream/python-aodhclient.bb
View File

@ -1,20 +0,0 @@
DESCRIPTION = "python-adhclient"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "6d03e61986418a3a95635405ae65ae9f28a5c61e"
S = "${WORKDIR}/git"
PV = "1.2.0"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
SRC_URI = "git://github.com/openstack/python-aodhclient.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
DEPENDS += " \
python \
python-pbr-native \
"
inherit setuptools

19
recipes-core/stx-upstream/python-gnocchiclient.bb
View File

@ -1,19 +0,0 @@
DESCRIPTION = "python-gnocchiclient"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "64814b9ace54e0151e9c28f4e57b87dafc984241"
S = "${WORKDIR}/git"
PV = "7.0.4"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
SRC_URI = "git://github.com/gnocchixyz/python-gnocchiclient.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
DEPENDS += " \
python \
python-pbr-native \
"
inherit setuptools

0
recipes-core/stx-upstream/python-horizon.bbappend
View File

21
recipes-core/stx-upstream/python-ironicclient.bb
View File

@ -1,21 +0,0 @@
DESCRIPTION = "python-ironicclient"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
PV = "2.7.0"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
SRC_URI = "https://tarballs.openstack.org/python-ironicclient/python-ironicclient-${PV}.tar.gz"
SRC_URI[md5sum] = "6b13e133eb0c521a09c377f28fef139e"
DEPENDS += " \
python \
python-pbr-native \
"
inherit setuptools
RDEPENDS_${PN}_append = " bash"

22
recipes-core/stx-upstream/python-muranoclient.bb
View File

@ -1,22 +0,0 @@
DESCRIPTION = "python-muranoclient"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "70b4392c7f8524ac25dbf3ab0feb3ac4127c1ecf"
S = "${WORKDIR}/git"
PV = "1.1.1"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
SRC_URI = "git://github.com/openstack/python-muranoclient.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
DEPENDS += " \
python \
python-pbr-native \
"
inherit setuptools
RDEPENDS_${PN}_append = " bash"

20
recipes-core/stx-upstream/python-pankoclient.bb
View File

@ -1,20 +0,0 @@
DESCRIPTION = "python-pankoclient"
STABLE = "master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "572aee9cf6ac618eb5d1ea325f9e59414d387dbf"
S = "${WORKDIR}/git"
PV = "0.5.0"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
SRC_URI = "git://github.com/openstack/python-pankoclient.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
DEPENDS += " \
python \
python-pbr-native \
"
inherit setuptools

31
recipes-core/stx-upstream/rabbitmq-server-config.inc
View File

@ -1,31 +0,0 @@
PACKAGES += " rabbitmq-server-config"
RDEPENDS_rabbitmq-server-config = " bash"
do_configure_prepend () {
:
}
do_compile_prepend () {
:
}
do_install_prepend () {
cd ${S}/openstack/rabbitmq-server-config/files
install -d -m 755 ${D}/${libdir}/ocf/resource.d/rabbitmq
# install -d -m 755 ${D}/${systemd_system_unitdir}/
install -d -m 755 ${D}/${datadir}/starlingx
install -m 0755 rabbitmq-server.ocf ${D}/${libdir}/ocf/resource.d/rabbitmq/stx.rabbitmq-server
install -m 0644 rabbitmq-server.logrotate ${D}${datadir}/starlingx/stx.rabbitmq-server.logrotate
# install -m 0644 rabbitmq-server.service.example ${D}${systemd_system_unitdir}/rabbitmq-server.service
}
# ${systemd_system_unitdir}/rabbitmq-server.service
FILES_rabbitmq-server-config = " \
${libdir}/ocf/resource.d/rabbitmq/stx.rabbitmq-server \
${datadir}/starlingx/stx.rabbitmq-server.logrotate \
"

50
recipes-core/stx-upstream/stx-ocf-scripts.inc
View File

@ -1,50 +0,0 @@
PACKAGES += " stx-ocf-scripts"
RDEPENDS_stx-ocf-scripts = " bash"
do_configure_prepend () {
:
}
do_compile_prepend () {
:
}
do_install_prepend () {
cd ${S}/openstack/stx-ocf-scripts/src/
install -d ${D}/${libdir}/ocf/resource.d/openstack
install -p -D -m 0755 ocf/* ${D}/${libdir}/ocf/resource.d/openstack/
}
#pkg_postinst_ontarget_${PN} () { }
FILES_stx-ocf-scripts = " \
${libdir}/ocf/resource.d/openstack/barbican-worker \
${libdir}/ocf/resource.d/openstack/dbmon \
${libdir}/ocf/resource.d/openstack/aodh-evaluator \
${libdir}/ocf/resource.d/openstack/murano-api \
${libdir}/ocf/resource.d/openstack/barbican-keystone-listener \
${libdir}/ocf/resource.d/openstack/heat-api-cloudwatch \
${libdir}/ocf/resource.d/openstack/heat-api-cfn \
${libdir}/ocf/resource.d/openstack/ceilometer-agent-notification \
${libdir}/ocf/resource.d/openstack/validation \
${libdir}/ocf/resource.d/openstack/nova-compute \
${libdir}/ocf/resource.d/openstack/aodh-listener \
${libdir}/ocf/resource.d/openstack/nova-placement-api \
${libdir}/ocf/resource.d/openstack/magnum-api \
${libdir}/ocf/resource.d/openstack/panko-api \
${libdir}/ocf/resource.d/openstack/aodh-notifier \
${libdir}/ocf/resource.d/openstack/heat-api \
${libdir}/ocf/resource.d/openstack/nova-serialproxy \
${libdir}/ocf/resource.d/openstack/magnum-conductor \
${libdir}/ocf/resource.d/openstack/murano-engine \
${libdir}/ocf/resource.d/openstack/barbican-api \
${libdir}/ocf/resource.d/openstack/ironic-api \
${libdir}/ocf/resource.d/openstack/aodh-api \
${libdir}/ocf/resource.d/openstack/ironic-conductor \
${libdir}/ocf/resource.d/openstack/cinder-backup \
${libdir}/ocf/resource.d/openstack/nova-conductor \
"

33
recipes-core/stx-upstream/stx-upstream.bb
View File

@ -1,33 +0,0 @@
DESCRIPTION = "stx-upstream"
STABLE = "starlingx/master"
PROTOCOL = "https"
BRANCH = "master"
SRCREV = "45843738786449a77cd00b9f796031300eb18636"
S = "${WORKDIR}/git"
PV = "19.05"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRC_URI = "git://opendev.org/starlingx/upstream.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}"
require stx-ocf-scripts.inc
require rabbitmq-server-config.inc
do_configure () {
:
}
do_compile() {
:
}
do_install () {
:
}
FILES_${PN} = " "

58
recipes-extended/sudo/sudo_%.bbappend
View File

@ -1,58 +0,0 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
# This bbappend replaces stx sudo-config
DEPENDS += " \
openldap \
libgcrypt \
"
SRC_URI += " \
file://sysadmin \
file://sudo-1.6.7p5-strip.patch \
file://sudo-1.7.2p1-envdebug.patch \
file://sudo-1.8.23-sudoldapconfman.patch \
file://sudo-1.8.23-legacy-group-processing.patch \
file://sudo-1.8.23-ldapsearchuidfix.patch \
file://sudo-1.8.6p7-logsudouser.patch \
file://sudo-1.8.23-nowaitopt.patch \
file://sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch \
file://sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch \
"
EXTRA_OECONF += " \
--with-pam-login \
--with-editor=/bin/vi \
--with-env-editor \
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
--with-ldap-conf-file="${sysconfdir}/sudo-ldap.conf" \
--with-passprompt="[sudo] password for %Zp: " \
--with-linux-audit \
--with-sssd \
"
do_install_append () {
install -m644 ${S}/../sysadmin ${D}/${sysconfdir}/sudoers.d/sysadmin
install -m755 -d ${D}/${sysconfdir}/openldap/schema
install -m644 ${S}/doc/schema.OpenLDAP ${D}/${sysconfdir}/openldap/schema/sudo.schema
}
pkg_postinst_ontarget_sudo_append () {
# We do this with extrausers_config.bbclass
#SYSADMIN_P="4SuW8cnXFyxsk"
#/usr/sbin/groupadd sys_protected
#/usr/sbin/useradd -m -g sys_protected -G root \
# -d /home/sysadmin -p $SYSADMIN_P \
# -s /bin/sh sysadmin 2> /dev/null || :
/usr/bin/chage -d0 sysadmin
}
# This means sudo package only owns files
# to avoid install conflict with openldap on
# /etc/openldap. Sure there is a better way.
DIRFILES = "1"