fix: Set cinder auth in nova
drive-by: bump nova chart version and apply patches instead of local changes
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index 641e158..07e3872 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/nova
- https://opendev.org/openstack/openstack-helm
-version: 0.3.10
+version: 0.3.16
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index 7d3703e..e6aec81 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.53
+version: 0.2.54
diff --git a/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl b/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
index b99c00d..4a88dd8 100644
--- a/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
@@ -27,10 +27,12 @@
{{- else if kindIs "slice" $dependencyMixinParam }}
{{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}
{{- range $k, $v := $dependencyMixinParam -}}
+{{- if ( index $envAll.Values.dependencies.dynamic.targeted $v ) }}
{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}}
{{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}}
{{- end }}
{{- end }}
+{{- end }}
{{- else -}}
{{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}}
{{- end -}}
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 09252e0..6db5f70 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.53
-digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
-generated: "2023-05-24T17:05:16.690446288Z"
+ version: 0.2.54
+digest: sha256:337a0f1ffb3eae591150b305c22293d85fb8c18abec78f56672de4f3ada2faae
+generated: "2023-08-19T09:33:02.220997881Z"
diff --git a/charts/nova/templates/bin/_health-probe.py.tpl b/charts/nova/templates/bin/_health-probe.py.tpl
index 9b06f40..660d62b 100644
--- a/charts/nova/templates/bin/_health-probe.py.tpl
+++ b/charts/nova/templates/bin/_health-probe.py.tpl
@@ -65,9 +65,14 @@
server=_get_hostname(service_queue_name, use_fqdn),
namespace='baseapi',
version="1.1")
- client = oslo_messaging.RPCClient(transport, target,
- timeout=rpc_timeout,
- retry=rpc_retries)
+ if hasattr(oslo_messaging, 'get_rpc_client'):
+ client = oslo_messaging.get_rpc_client(transport, target,
+ timeout=rpc_timeout,
+ retry=rpc_retries)
+ else:
+ client = oslo_messaging.RPCClient(transport, target,
+ timeout=rpc_timeout,
+ retry=rpc_retries)
client.call(context.RequestContext(),
'ping',
arg=None)
@@ -137,7 +142,7 @@
try:
with open(sys.argv[2]) as conf_file:
for line in conf_file:
- if line.startswith("connection ="):
+ if "connection =" in line:
service = line.split(':', 3)[3].split('/')[1].rstrip('\n')
if service == "nova":
database_ports.add(
@@ -199,7 +204,7 @@
log.logging.basicConfig(level=log.{{ .Values.health_probe.logging.level }})
try:
- transport = oslo_messaging.get_notification_transport(cfg.CONF)
+ transport = oslo_messaging.get_rpc_transport(cfg.CONF)
except Exception as ex:
message = getattr(ex, "message", str(ex))
sys.stderr.write("Message bus driver load error: %s" % message)
@@ -238,16 +243,19 @@
data = {}
if os.path.isfile(pidfile):
with open(pidfile,'r') as f:
- data = json.load(f)
- if check_pid_running(data['pid']):
- if data['exit_count'] > 1:
- # Third time in, kill the previous process
- os.kill(int(data['pid']), signal.SIGTERM)
- else:
- data['exit_count'] = data['exit_count'] + 1
- with open(pidfile, 'w') as f:
- json.dump(data, f)
- sys.exit(0)
+ file_content = f.read().strip()
+ if file_content:
+ data = json.loads(file_content)
+
+ if 'pid' in data and check_pid_running(data['pid']):
+ if 'exit_count' in data and data['exit_count'] > 1:
+ # Third time in, kill the previous process
+ os.kill(int(data['pid']), signal.SIGTERM)
+ else:
+ data['exit_count'] = data.get('exit_count', 0) + 1
+ with open(pidfile, 'w') as f:
+ json.dump(data, f)
+ sys.exit(0)
data['pid'] = os.getpid()
data['exit_count'] = 0
with open(pidfile, 'w') as f:
diff --git a/charts/nova/templates/certificate-novnc.yaml b/charts/nova/templates/certificate-novnc.yaml
index 8c5ebb0..e0b613b 100644
--- a/charts/nova/templates/certificate-novnc.yaml
+++ b/charts/nova/templates/certificate-novnc.yaml
@@ -1,31 +1,31 @@
-{{/*
-Copyright (c) 2023 VEXXHOST, Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: nova-novncproxy-vencrypt
- namespace: {{ .Release.Namespace }}
-spec:
- secretName: nova-novncproxy-vencrypt
- commonName: nova-novncproxy
- usages:
- - client auth
- issuerRef:
- kind: Issuer
- name: libvirt-vnc
-{{- end -}}
+{{/*
+Copyright (c) 2023 VEXXHOST, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nova-novncproxy-vencrypt
+ namespace: {{ .Release.Namespace }}
+spec:
+ secretName: nova-novncproxy-vencrypt
+ commonName: nova-novncproxy
+ usages:
+ - client auth
+ issuerRef:
+ kind: Issuer
+ name: libvirt-vnc
+{{- end -}}
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index aec97ef..230305a 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -256,6 +256,29 @@
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
{{- end -}}
+{{- if empty .Values.conf.nova.cinder.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.nova.cinder.os_region_name -}}
+{{- $_ := set .Values.conf.nova.cinder "os_region_name" .Values.endpoints.identity.auth.cinder.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_name" .Values.endpoints.identity.auth.cinder.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.user_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.username -}}
+{{- $_ := set .Values.conf.nova.cinder "username" .Values.endpoints.identity.auth.cinder.username -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.password -}}
+{{- $_ := set .Values.conf.nova.cinder "password" .Values.endpoints.identity.auth.cinder.password -}}
+{{- end -}}
+
{{- if empty .Values.conf.nova.DEFAULT.osapi_compute_listen_port -}}
{{- $_ := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
{{- end -}}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index d4ce127..7f897ee 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -270,7 +270,7 @@
service: local_image_registry
targeted:
ovn:
- libvirt:
+ compute:
pod:
- requireSameNode: true
labels:
@@ -1347,6 +1347,10 @@
service_metadata_proxy: True
auth_type: password
auth_version: v3
+ cinder:
+ catalog_info: volumev3::internalURL
+ auth_url: null
+ auth_type: password
database:
max_retries: -1
api_database:
@@ -1354,6 +1358,8 @@
cell0_database:
max_retries: -1
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
@@ -1362,7 +1368,7 @@
notify_on_state_change: vm_and_task_state
service_user:
auth_type: password
- send_service_user_token: false
+ send_service_user_token: true
libvirt:
connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
images_type: qcow2
@@ -1652,7 +1658,7 @@
user_domain_name: default
project_domain_name: default
nova:
- role: admin
+ role: admin,service
region_name: RegionOne
username: nova
password: password
@@ -1687,6 +1693,14 @@
project_name: service
user_domain_name: service
project_domain_name: service
+ cinder:
+ role: admin,service
+ region_name: RegionOne
+ username: cinder
+ password: password
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
test:
role: admin
region_name: RegionOne
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index aa94ca0..7b1f887 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -135,9 +135,15 @@
| filterdiff -p1 -i 'neutron/*' \
| patch -p2 -d ${ATMOSPHERE}/charts/neutron
-NOVA_VERISON=0.3.10
+NOVA_VERISON=0.3.16
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/nova-${NOVA_VERISON}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~893563/revisions/1/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'nova/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/nova
SENLIN_VERSION=0.2.9
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/senlin-${SENLIN_VERSION}.tgz \