Fix the neutron-ironic-agent fail to start
Closes-Bug: ATMOSPHERE-633
Depends-On: I0b15142aabab38fafab829a16cee0297b749e6e8
Change-Id: Idf6b26b0983c8d3cb8ecdd9ef4523b7f12a51592
(cherry picked from commit 60aa8ed0f3a114d6d9af921db19b029e6af27dfa)
diff --git a/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl
new file mode 100644
index 0000000..3df3315
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+mkdir -p /tmp/pod-shared
+tee > /tmp/pod-shared/neutron-agent.ini << EOF
+[DEFAULT]
+host = $(hostname --fqdn)
+EOF
+{{- end }}
diff --git a/charts/neutron/templates/configmap-bin.yaml b/charts/neutron/templates/configmap-bin.yaml
index b6ad4af..bd80c40 100644
--- a/charts/neutron/templates/configmap-bin.yaml
+++ b/charts/neutron/templates/configmap-bin.yaml
@@ -95,6 +95,8 @@
{{ tuple "bin/_neutron-policy-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-rpc-server.sh: |
{{ tuple "bin/_neutron-rpc-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-ironic-agent-init.sh: |
+{{ tuple "bin/_neutron-ironic-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-ironic-agent.sh: |
{{ tuple "bin/_neutron-ironic-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-netns-cleanup-cron.sh: |
diff --git a/charts/neutron/templates/deployment-ironic-agent.yaml b/charts/neutron/templates/deployment-ironic-agent.yaml
index 014c9ad..1b468e2 100644
--- a/charts/neutron/templates/deployment-ironic-agent.yaml
+++ b/charts/neutron/templates/deployment-ironic-agent.yaml
@@ -60,6 +60,19 @@
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: neutron-ironic-agent-init
+{{ tuple $envAll "neutron_ironic_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ironic_agent" "container" "neutron_ironic_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/neutron-ironic-agent-init.sh
+ volumeMounts:
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ironic-agent-init.sh
+ subPath: neutron-ironic-agent-init.sh
+ readOnly: true
containers:
- name: neutron-ironic-agent
{{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -79,6 +92,8 @@
mountPath: /tmp
- name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: neutron-bin
mountPath: /tmp/neutron-ironic-agent.sh
subPath: neutron-ironic-agent.sh
@@ -104,6 +119,8 @@
emptyDir: {}
- name: pod-var-neutron
emptyDir: {}
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: neutron-bin
configMap:
name: neutron-bin
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index cd3889b..d76b375 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -45,6 +45,7 @@
neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
@@ -643,6 +644,9 @@
pod:
runAsUser: 42424
container:
+ neutron_ironic_agent_init:
+ runAsUser: 0
+ readOnlyRootFilesystem: true
neutron_ironic_agent:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
diff --git a/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch b/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch
new file mode 100644
index 0000000..c112239
--- /dev/null
+++ b/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch
@@ -0,0 +1,108 @@
+diff --git a/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl b/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl
+new file mode 100644
+index 00000000..3df3315b
+--- /dev/null
++++ b/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl
+@@ -0,0 +1,25 @@
++#!/bin/bash
++
++{{/*
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++set -ex
++
++{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
++mkdir -p /tmp/pod-shared
++tee > /tmp/pod-shared/neutron-agent.ini << EOF
++[DEFAULT]
++host = $(hostname --fqdn)
++EOF
++{{- end }}
+diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml
+index 2032b156..87b2b798 100644
+--- a/neutron/templates/configmap-bin.yaml
++++ b/neutron/templates/configmap-bin.yaml
+@@ -95,6 +95,8 @@ data:
+ {{ tuple "bin/_neutron-policy-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-rpc-server.sh: |
+ {{ tuple "bin/_neutron-rpc-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
++ neutron-ironic-agent-init.sh: |
++{{ tuple "bin/_neutron-ironic-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-ironic-agent.sh: |
+ {{ tuple "bin/_neutron-ironic-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-netns-cleanup-cron.sh: |
+diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
+index 014c9adf..1b468e2b 100644
+--- a/neutron/templates/deployment-ironic-agent.yaml
++++ b/neutron/templates/deployment-ironic-agent.yaml
+@@ -60,6 +60,19 @@ spec:
+ terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }}
+ initContainers:
+ {{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
++ - name: neutron-ironic-agent-init
++{{ tuple $envAll "neutron_ironic_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "neutron_ironic_agent" "container" "neutron_ironic_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ command:
++ - /tmp/neutron-ironic-agent-init.sh
++ volumeMounts:
++ - name: pod-shared
++ mountPath: /tmp/pod-shared
++ - name: neutron-bin
++ mountPath: /tmp/neutron-ironic-agent-init.sh
++ subPath: neutron-ironic-agent-init.sh
++ readOnly: true
+ containers:
+ - name: neutron-ironic-agent
+ {{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
+@@ -79,6 +92,8 @@ spec:
+ mountPath: /tmp
+ - name: pod-var-neutron
+ mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
++ - name: pod-shared
++ mountPath: /tmp/pod-shared
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ironic-agent.sh
+ subPath: neutron-ironic-agent.sh
+@@ -104,6 +119,8 @@ spec:
+ emptyDir: {}
+ - name: pod-var-neutron
+ emptyDir: {}
++ - name: pod-shared
++ mountPath: /tmp/pod-shared
+ - name: neutron-bin
+ configMap:
+ name: neutron-bin
+diff --git a/neutron/values.yaml b/neutron/values.yaml
+index 819d7853..b1ff4569 100644
+--- a/neutron/values.yaml
++++ b/neutron/values.yaml
+@@ -46,6 +46,7 @@ images:
+ neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
+ neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
++ neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
+@@ -679,6 +680,9 @@ pod:
+ pod:
+ runAsUser: 42424
+ container:
++ neutron_ironic_agent_init:
++ runAsUser: 0
++ readOnlyRootFilesystem: true
+ neutron_ironic_agent:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
diff --git a/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml b/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml
new file mode 100644
index 0000000..773ef1b
--- /dev/null
+++ b/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - |
+ Fixed an issue where the ``neutron-ironic-agent`` service failed to start.
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index e354644..3752633 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -143,6 +143,7 @@
neutron_coredns: "{{ atmosphere_image_prefix }}docker.io/coredns/coredns:1.9.3"
neutron_db_sync: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_dhcp: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
+ neutron_ironic_agent_init: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_ironic_agent: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_l2gw: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_l3: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"