fix(neutron): sync paste config
* fix(chart): Import paste.deploy patch and bump chart versions to latest
* Remove paste.deploy config override
* Remove paste.deploy config override for nova and neutron
* Add ovn_metadata image
* Remove orig file and update gitignore
* fix typo in gitignore
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/.gitignore b/.gitignore
index ece7e97..43686af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,5 @@
*.tar.gz
__pycache__
tests/output
+*.orig
+*.rej
diff --git a/charts/barbican/Chart.yaml b/charts/barbican/Chart.yaml
index 8828804..854c17d 100644
--- a/charts/barbican/Chart.yaml
+++ b/charts/barbican/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/barbican
- https://opendev.org/openstack/openstack-helm
-version: 0.3.0
+version: 0.3.2
diff --git a/charts/barbican/charts/helm-toolkit/Chart.yaml b/charts/barbican/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/barbican/charts/helm-toolkit/Chart.yaml
+++ b/charts/barbican/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/barbican/requirements.lock b/charts/barbican/requirements.lock
index 473e717..3445f12 100644
--- a/charts/barbican/requirements.lock
+++ b/charts/barbican/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.120939961Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:23.959522481Z"
diff --git a/charts/barbican/templates/configmap-etc.yaml b/charts/barbican/templates/configmap-etc.yaml
index d9323e0..05123b4 100644
--- a/charts/barbican/templates/configmap-etc.yaml
+++ b/charts/barbican/templates/configmap-etc.yaml
@@ -49,6 +49,10 @@
{{- $_ := set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.barbican.DEFAULT "api_paste_config" "/var/lib/openstack/etc/barbican/barbican-api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- $connection := tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -96,7 +100,9 @@
data:
barbican.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.barbican | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 4e281d9..3ecf624 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -106,10 +106,12 @@
mountPath: /etc/barbican/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: barbican-etc
mountPath: /etc/barbican/barbican-api-paste.ini
subPath: barbican-api-paste.ini
readOnly: true
+ {{- end }}
- name: barbican-etc
mountPath: /etc/barbican/policy.yaml
subPath: policy.yaml
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index 5c598ed..1f30742 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -85,6 +85,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
barbican_api:
init_container: null
@@ -287,49 +290,7 @@
service: oslo_messaging
conf:
- paste:
- composite:main:
- use: egg:Paste#urlmap
- /: barbican_version
- /v1: barbican-api-keystone
- pipeline:barbican_version:
- pipeline: cors http_proxy_to_wsgi versionapp
- pipeline:barbican_api:
- pipeline: cors http_proxy_to_wsgi unauthenticated-context apiapp
- pipeline:barbican-profile:
- pipeline: cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
- pipeline:barbican-api-keystone:
- pipeline: cors http_proxy_to_wsgi authtoken context apiapp
- pipeline:barbican-api-keystone-audit:
- pipeline: http_proxy_to_wsgi authtoken context audit apiapp
- app:apiapp:
- paste.app_factory: barbican.api.app:create_main_app
- app:versionapp:
- paste.app_factory: barbican.api.app:create_version_app
- filter:simple:
- paste.filter_factory: barbican.api.middleware.simple:SimpleFilter.factory
- filter:unauthenticated-context:
- paste.filter_factory: barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
- filter:context:
- paste.filter_factory: barbican.api.middleware.context:ContextMiddleware.factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/barbican/api_audit_map.conf
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:profile:
- use: egg:repoze.profile
- log_filename: myapp.profile
- cachegrind_filename: cachegrind.out.myapp
- discard_first_request: true
- path: /__profile__
- flush_at_shutdown: true
- unwind: false
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: barbican
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
+ paste: {}
policy: {}
audit_map:
DEFAULT:
@@ -374,6 +335,7 @@
auth_version: v3
memcache_security_strategy: ENCRYPT
memcache_secret_key: null
+ service_type: key-manager
database:
max_retries: -1
barbican_api:
diff --git a/charts/cinder/Chart.yaml b/charts/cinder/Chart.yaml
index af91098..c00ca66 100644
--- a/charts/cinder/Chart.yaml
+++ b/charts/cinder/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/cinder
- https://opendev.org/openstack/openstack-helm
-version: 0.3.4
+version: 0.3.10
diff --git a/charts/cinder/charts/helm-toolkit/Chart.yaml b/charts/cinder/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/cinder/charts/helm-toolkit/Chart.yaml
+++ b/charts/cinder/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock
index e75149c..7dbeee4 100644
--- a/charts/cinder/requirements.lock
+++ b/charts/cinder/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:56.648802173Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:12.4446189Z"
diff --git a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
index cd2389c..a50ecb7 100644
--- a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -37,7 +37,7 @@
fi
size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
ceph osd pool set $1 nosizechange 0
- ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
diff --git a/charts/cinder/templates/bin/_storage-init.sh.tpl b/charts/cinder/templates/bin/_storage-init.sh.tpl
index a43115e..4f945e2 100644
--- a/charts/cinder/templates/bin/_storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_storage-init.sh.tpl
@@ -34,7 +34,7 @@
fi
size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
ceph osd pool set $1 nosizechange 0
- ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
diff --git a/charts/cinder/templates/configmap-etc.yaml b/charts/cinder/templates/configmap-etc.yaml
index 5010ab9..452883b 100644
--- a/charts/cinder/templates/configmap-etc.yaml
+++ b/charts/cinder/templates/configmap-etc.yaml
@@ -72,6 +72,10 @@
{{- $_ := set $envAll.Values.conf.cinder.nova "password" $envAll.Values.endpoints.identity.auth.cinder.password -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.cinder.DEFAULT "api_paste_config" "/var/lib/openstack/etc/cinder/api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.cinder.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -167,7 +171,9 @@
cinder.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
backends.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/cinder/templates/deployment-api.yaml b/charts/cinder/templates/deployment-api.yaml
index 8ef5754..4416022 100644
--- a/charts/cinder/templates/deployment-api.yaml
+++ b/charts/cinder/templates/deployment-api.yaml
@@ -128,10 +128,12 @@
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: cinder-etc
mountPath: /etc/cinder/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: cinder-etc
mountPath: /etc/cinder/policy.yaml
subPath: policy.yaml
diff --git a/charts/cinder/templates/deployment-scheduler.yaml b/charts/cinder/templates/deployment-scheduler.yaml
index cf69dd1..875f6ca 100644
--- a/charts/cinder/templates/deployment-scheduler.yaml
+++ b/charts/cinder/templates/deployment-scheduler.yaml
@@ -95,10 +95,12 @@
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: cinder-etc
mountPath: /etc/cinder/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: cinder-etc
mountPath: /etc/cinder/policy.yaml
subPath: policy.yaml
diff --git a/charts/cinder/values.yaml b/charts/cinder/values.yaml
index 06412f5..4fa8418 100644
--- a/charts/cinder/values.yaml
+++ b/charts/cinder/values.yaml
@@ -55,9 +55,9 @@
cinder_scheduler: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
cinder_volume: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
cinder_volume_usage_audit: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
- cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+ cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
cinder_backup: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
- cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+ cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
@@ -183,6 +183,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
useHostNetwork:
volume: false
backup: false
@@ -430,60 +433,7 @@
global: null
osd: null
conf:
- paste:
- composite:osapi_volume:
- use: call:cinder.api:root_app_factory
- /: apiversions
- /v1: openstack_volume_api_v1
- /v2: openstack_volume_api_v2
- /v3: openstack_volume_api_v3
- composite:openstack_volume_api_v1:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
- composite:openstack_volume_api_v2:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
- composite:openstack_volume_api_v3:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
- filter:request_id:
- paste.filter_factory: oslo_middleware.request_id:RequestId.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: cinder
- filter:faultwrap:
- paste.filter_factory: cinder.api.middleware.fault:FaultWrapper.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
- filter:noauth:
- paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory
- filter:sizelimit:
- paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
- app:apiv1:
- paste.app_factory: cinder.api.v1.router:APIRouter.factory
- app:apiv2:
- paste.app_factory: cinder.api.v2.router:APIRouter.factory
- app:apiv3:
- paste.app_factory: cinder.api.v3.router:APIRouter.factory
- pipeline:apiversions:
- pipeline: cors http_proxy_to_wsgi faultwrap osvolumeversionapp
- app:osvolumeversionapp:
- paste.app_factory: cinder.api.versions:Versions.factory
- filter:keystonecontext:
- paste.filter_factory: cinder.api.middleware.auth:CinderKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/cinder/api_audit_map.conf
+ paste: {}
policy: {}
api_audit_map:
DEFAULT:
@@ -826,6 +776,7 @@
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
+ service_type: volumev3
nova:
auth_type: password
auth_version: v3
diff --git a/charts/designate/Chart.yaml b/charts/designate/Chart.yaml
index 4fc1a35..0f3543b 100644
--- a/charts/designate/Chart.yaml
+++ b/charts/designate/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/designate
- https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/designate/charts/helm-toolkit/Chart.yaml b/charts/designate/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/designate/charts/helm-toolkit/Chart.yaml
+++ b/charts/designate/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/designate/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/designate/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/designate/requirements.lock b/charts/designate/requirements.lock
index 9853876..f777df3 100644
--- a/charts/designate/requirements.lock
+++ b/charts/designate/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:51.745359873Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:10.377378167Z"
diff --git a/charts/designate/templates/configmap-etc.yaml b/charts/designate/templates/configmap-etc.yaml
index dd1d4a2..1147959 100644
--- a/charts/designate/templates/configmap-etc.yaml
+++ b/charts/designate/templates/configmap-etc.yaml
@@ -53,6 +53,10 @@
{{- $_ := set .Values.conf.designate.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.designate.DEFAULT "api_paste_config" "/var/lib/openstack/etc/designate/api-paste.ini" -}}
+{{- end }}
+
{{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}}
{{- $_ := tuple "oslo_db" "internal" "designate" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}}
{{- $_ := tuple "oslo_db" "internal" "designate" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}}
@@ -73,7 +77,9 @@
type: Opaque
data:
designate.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.designate | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.pools "key" "pools.yaml" "format" "Secret" ) | indent 2 }}
diff --git a/charts/designate/templates/deployment-api.yaml b/charts/designate/templates/deployment-api.yaml
index b6680d8..00aa23a 100644
--- a/charts/designate/templates/deployment-api.yaml
+++ b/charts/designate/templates/deployment-api.yaml
@@ -84,10 +84,12 @@
mountPath: /etc/designate/designate.conf
subPath: designate.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: designate-etc
mountPath: /etc/designate/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: designate-etc
mountPath: /etc/designate/policy.yaml
subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-central.yaml b/charts/designate/templates/deployment-central.yaml
index 02d9f3c..9790caf 100644
--- a/charts/designate/templates/deployment-central.yaml
+++ b/charts/designate/templates/deployment-central.yaml
@@ -69,10 +69,12 @@
mountPath: /etc/designate/designate.conf
subPath: designate.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: designate-etc
mountPath: /etc/designate/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: designate-etc
mountPath: /etc/designate/policy.yaml
subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-mdns.yaml b/charts/designate/templates/deployment-mdns.yaml
index d58f630..825fa38 100644
--- a/charts/designate/templates/deployment-mdns.yaml
+++ b/charts/designate/templates/deployment-mdns.yaml
@@ -80,10 +80,12 @@
mountPath: /etc/designate/designate.conf
subPath: designate.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: designate-etc
mountPath: /etc/designate/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: designate-etc
mountPath: /etc/designate/policy.yaml
subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-producer.yaml b/charts/designate/templates/deployment-producer.yaml
index 491dbad..553a0c4 100644
--- a/charts/designate/templates/deployment-producer.yaml
+++ b/charts/designate/templates/deployment-producer.yaml
@@ -69,10 +69,12 @@
mountPath: /etc/designate/designate.conf
subPath: designate.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: designate-etc
mountPath: /etc/designate/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: designate-etc
mountPath: /etc/designate/policy.yaml
subPath: policy.yaml
diff --git a/charts/designate/templates/deployment-worker.yaml b/charts/designate/templates/deployment-worker.yaml
index 74f9c99..4b4ae3c 100644
--- a/charts/designate/templates/deployment-worker.yaml
+++ b/charts/designate/templates/deployment-worker.yaml
@@ -94,10 +94,12 @@
mountPath: /etc/designate/designate.conf
subPath: designate.conf
readOnly: true
+ {{- if .Values.conf.paste }}
- name: designate-etc
mountPath: /etc/designate/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: designate-etc
mountPath: /etc/designate/policy.yaml
subPath: policy.yaml
diff --git a/charts/designate/values.yaml b/charts/designate/values.yaml
index ea2c2aa..5f85acf 100644
--- a/charts/designate/values.yaml
+++ b/charts/designate/values.yaml
@@ -396,51 +396,7 @@
port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
api_endpoint: http://${POWERDNS_SERVICE_HOST}:{{ tuple "powerdns" "internal" "powerdns_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
api_token: {{ tuple "powerdns" "service" . | include "helm-toolkit.endpoints.endpoint_token_lookup" }}
- paste:
- composite:osapi_dns:
- use: egg:Paste#urlmap
- /: osapi_dns_versions
- /v2: osapi_dns_v2
- /admin: osapi_dns_admin
- composite:osapi_dns_versions:
- use: call:designate.api.middleware:auth_pipeline_factory
- noauth: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
- keystone: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
- app:osapi_dns_app_versions:
- paste.app_factory: designate.api.versions:factory
- composite:osapi_dns_v2:
- use: call:designate.api.middleware:auth_pipeline_factory
- noauth: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2
- keystone: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2
- app:osapi_dns_app_v2:
- paste.app_factory: designate.api.v2:factory
- composite:osapi_dns_admin:
- use: call:designate.api.middleware:auth_pipeline_factory
- noauth: http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin
- keystone: http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin
- app:osapi_dns_app_admin:
- paste.app_factory: designate.api.admin:factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: designate
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
- filter:noauthcontext:
- paste.filter_factory: designate.api.middleware:NoAuthContextMiddleware.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:keystonecontext:
- paste.filter_factory: designate.api.middleware:KeystoneContextMiddleware.factory
- filter:maintenance:
- paste.filter_factory: designate.api.middleware:MaintenanceMiddleware.factory
- filter:normalizeuri:
- paste.filter_factory: designate.api.middleware:NormalizeURIMiddleware.factory
- filter:faultwrapper:
- paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory
- filter:validation_API_v2:
- paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory
+ paste: {}
policy: {}
designate:
DEFAULT:
@@ -467,6 +423,7 @@
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
+ service_type: dns
logging:
loggers:
keys:
diff --git a/charts/glance/Chart.yaml b/charts/glance/Chart.yaml
index 0650294..c0837b8 100644
--- a/charts/glance/Chart.yaml
+++ b/charts/glance/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/glance
- https://opendev.org/openstack/openstack-helm
-version: 0.4.1
+version: 0.4.6
diff --git a/charts/glance/charts/helm-toolkit/Chart.yaml b/charts/glance/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/glance/charts/helm-toolkit/Chart.yaml
+++ b/charts/glance/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock
index 2b3071d..7829be4 100644
--- a/charts/glance/requirements.lock
+++ b/charts/glance/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:00.834718332Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:18.575234198Z"
diff --git a/charts/glance/templates/bin/_storage-init.sh.tpl b/charts/glance/templates/bin/_storage-init.sh.tpl
index cf6fecb..0d291fd 100644
--- a/charts/glance/templates/bin/_storage-init.sh.tpl
+++ b/charts/glance/templates/bin/_storage-init.sh.tpl
@@ -49,7 +49,7 @@
if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
ceph osd pool application enable $1 $3
fi
- ceph osd pool set "$1" size "${RBD_POOL_REPLICATION}"
+ ceph osd pool set "$1" size "${RBD_POOL_REPLICATION}" --yes-i-really-mean-it
ceph osd pool set "$1" crush_rule "${RBD_POOL_CRUSH_RULE}"
}
ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "${RBD_POOL_APP_NAME}"
diff --git a/charts/glance/templates/configmap-etc.yaml b/charts/glance/templates/configmap-etc.yaml
index 0ee2606..277cea4 100644
--- a/charts/glance/templates/configmap-etc.yaml
+++ b/charts/glance/templates/configmap-etc.yaml
@@ -55,6 +55,10 @@
{{- $_ := set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.glance.paste_deploy "config_file" "/var/lib/openstack/etc/glance/glance-api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.glance.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -142,7 +146,9 @@
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
glance-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
diff --git a/charts/glance/templates/deployment-api.yaml b/charts/glance/templates/deployment-api.yaml
index 9c26c74..dc641c5 100644
--- a/charts/glance/templates/deployment-api.yaml
+++ b/charts/glance/templates/deployment-api.yaml
@@ -210,10 +210,12 @@
subPath: {{ base .Values.conf.glance.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: glance-etc
mountPath: /etc/glance/glance-api-paste.ini
subPath: glance-api-paste.ini
readOnly: true
+ {{- end }}
- name: glance-etc
mountPath: /etc/glance/policy.yaml
subPath: policy.yaml
diff --git a/charts/glance/templates/job-bootstrap.yaml b/charts/glance/templates/job-bootstrap.yaml
index 56bebfc..c1af58d 100644
--- a/charts/glance/templates/job-bootstrap.yaml
+++ b/charts/glance/templates/job-bootstrap.yaml
@@ -39,5 +39,11 @@
{{- if .Values.pod.tolerations.glance.enabled -}}
{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
{{- end -}}
+# The configFile path shouble be /etc/glance/glance-api.conf
+# not default /etc/glance/glance.conf defined by helm-toolkit,
+# since secrets mounted in '/etc/glance' have glance-api.conf not glance.conf in it.
+# The wrong path '/etc/glance/glance.conf' would be dir in bootstarp container,
+# and lead to all config files in '/etc/glance' dir unreachable.
+{{- $_ := set $bootstrapJob "configFile" "/etc/glance/glance-api.conf" -}}
{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
{{- end }}
diff --git a/charts/glance/values.yaml b/charts/glance/values.yaml
index 69f703e..cea5248 100644
--- a/charts/glance/values.yaml
+++ b/charts/glance/values.yaml
@@ -129,66 +129,7 @@
ceph_client:
override:
append:
- paste:
- pipeline:glance-api:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
- pipeline:glance-api-caching:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
- pipeline:glance-api-cachemanagement:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
- pipeline:glance-api-keystone:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp
- pipeline:glance-api-keystone+caching:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp
- pipeline:glance-api-keystone+cachemanagement:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp
- pipeline:glance-api-trusted-auth:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
- pipeline:glance-api-trusted-auth+cachemanagement:
- pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
- composite:rootapp:
- paste.composite_factory: glance.api:root_app_factory
- /: apiversions
- /v1: apiv1app
- /v2: apiv2app
- app:apiversions:
- paste.app_factory: glance.api.versions:create_resource
- app:apiv1app:
- paste.app_factory: glance.api.v1.router:API.factory
- app:apiv2app:
- paste.app_factory: glance.api.v2.router:API.factory
- filter:healthcheck:
- paste.filter_factory: oslo_middleware:Healthcheck.factory
- backends: disable_by_file
- disable_by_file_path: /etc/glance/healthcheck_disable
- filter:versionnegotiation:
- paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
- filter:cache:
- paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
- filter:cachemanage:
- paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
- filter:context:
- paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
- filter:unauthenticated-context:
- paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- delay_auth_decision: true
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/glance/api_audit_map.conf
- filter:gzip:
- paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
- hmac_keys: SECRET_KEY # DEPRECATED
- enabled: yes # DEPRECATED
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: glance
- oslo_config_program: glance-api
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
+ paste: {}
policy: {}
glance_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -258,6 +199,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: image
glance_store:
cinder_catalog_info: volumev3::internalURL
rbd_store_chunk_size: 8
@@ -840,6 +782,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
useHostNetwork:
api: false
mounts:
diff --git a/charts/heat/Chart.yaml b/charts/heat/Chart.yaml
index bb2b5af..37ef8ff 100644
--- a/charts/heat/Chart.yaml
+++ b/charts/heat/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/heat
- https://opendev.org/openstack/openstack-helm
-version: 0.3.1
+version: 0.3.3
diff --git a/charts/heat/charts/helm-toolkit/Chart.yaml b/charts/heat/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/heat/charts/helm-toolkit/Chart.yaml
+++ b/charts/heat/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/heat/requirements.lock b/charts/heat/requirements.lock
index a3625ba..cec557e 100644
--- a/charts/heat/requirements.lock
+++ b/charts/heat/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:59.086381152Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:17.91826239Z"
diff --git a/charts/heat/templates/configmap-etc.yaml b/charts/heat/templates/configmap-etc.yaml
index b49edcd..b6630e4 100644
--- a/charts/heat/templates/configmap-etc.yaml
+++ b/charts/heat/templates/configmap-etc.yaml
@@ -135,6 +135,10 @@
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}}
+
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.heat.paste_deploy "api_paste_config" "/var/lib/openstack/etc/heat/api-paste.ini" -}}
+{{- end }}
---
apiVersion: v1
kind: Secret
@@ -145,7 +149,9 @@
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
heat.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/heat/templates/deployment-api.yaml b/charts/heat/templates/deployment-api.yaml
index 0bed310..09407c0 100644
--- a/charts/heat/templates/deployment-api.yaml
+++ b/charts/heat/templates/deployment-api.yaml
@@ -111,10 +111,12 @@
subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
readOnly: true
{{ end }}
+ {{- if .Values.conf.paste }}
- name: heat-etc
mountPath: /etc/heat/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: heat-etc
mountPath: /etc/heat/policy.yaml
subPath: policy.yaml
diff --git a/charts/heat/templates/deployment-cfn.yaml b/charts/heat/templates/deployment-cfn.yaml
index 94ddd06..ae9917d 100644
--- a/charts/heat/templates/deployment-cfn.yaml
+++ b/charts/heat/templates/deployment-cfn.yaml
@@ -111,10 +111,12 @@
subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
readOnly: true
{{ end }}
+ {{- if .Values.conf.paste }}
- name: heat-etc
mountPath: /etc/heat/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: heat-etc
mountPath: /etc/heat/policy.yaml
subPath: policy.yaml
diff --git a/charts/heat/templates/deployment-cloudwatch.yaml b/charts/heat/templates/deployment-cloudwatch.yaml
index f1f7353..2acff93 100644
--- a/charts/heat/templates/deployment-cloudwatch.yaml
+++ b/charts/heat/templates/deployment-cloudwatch.yaml
@@ -97,10 +97,12 @@
subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
readOnly: true
{{ end }}
+ {{- if .Values.conf.paste }}
- name: heat-etc
mountPath: /etc/heat/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: heat-etc
mountPath: /etc/heat/policy.yaml
subPath: policy.yaml
diff --git a/charts/heat/values.yaml b/charts/heat/values.yaml
index 555af53..7cd5197 100644
--- a/charts/heat/values.yaml
+++ b/charts/heat/values.yaml
@@ -280,66 +280,7 @@
type: OS::Heat::RandomString
properties:
length: 40
- paste:
- pipeline:heat-api:
- pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
- pipeline:heat-api-standalone:
- pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
- pipeline:heat-api-custombackend:
- pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
- pipeline:heat-api-cfn:
- pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
- pipeline:heat-api-cfn-standalone:
- pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
- pipeline:heat-api-cloudwatch:
- pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
- pipeline:heat-api-cloudwatch-standalone:
- pipeline: cors versionnegotiation ec2authtoken context apicwapp
- app:apiv1app:
- paste.app_factory: heat.common.wsgi:app_factory
- heat.app_factory: heat.api.openstack.v1:API
- app:apicfnv1app:
- paste.app_factory: heat.common.wsgi:app_factory
- heat.app_factory: heat.api.cfn.v1:API
- app:apicwapp:
- paste.app_factory: heat.common.wsgi:app_factory
- heat.app_factory: heat.api.cloudwatch:API
- filter:versionnegotiation:
- paste.filter_factory: heat.common.wsgi:filter_factory
- heat.filter_factory: heat.api.openstack:version_negotiation_filter
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: heat
- filter:faultwrap:
- paste.filter_factory: heat.common.wsgi:filter_factory
- heat.filter_factory: heat.api.openstack:faultwrap_filter
- filter:cfnversionnegotiation:
- paste.filter_factory: heat.common.wsgi:filter_factory
- heat.filter_factory: heat.api.cfn:version_negotiation_filter
- filter:cwversionnegotiation:
- paste.filter_factory: heat.common.wsgi:filter_factory
- heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
- filter:context:
- paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
- filter:ec2authtoken:
- paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
- filter:authurl:
- paste.filter_factory: heat.common.auth_url:filter_factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:authpassword:
- paste.filter_factory: heat.common.auth_password:filter_factory
- filter:custombackendauth:
- paste.filter_factory: heat.common.custom_backend_auth:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/heat/api_audit_map.conf
- filter:request_id:
- paste.filter_factory: oslo_middleware.request_id:RequestId.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ paste: {}
policy: {}
heat:
DEFAULT:
@@ -351,6 +292,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: orchestration
database:
max_retries: -1
trustee:
@@ -1025,6 +967,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
heat_api:
init_container: null
diff --git a/charts/horizon/Chart.yaml b/charts/horizon/Chart.yaml
index b756e55..ff83e5a 100644
--- a/charts/horizon/Chart.yaml
+++ b/charts/horizon/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/horizon
- https://opendev.org/openstack/openstack-helm
-version: 0.3.5
+version: 0.3.8
diff --git a/charts/horizon/charts/helm-toolkit/Chart.yaml b/charts/horizon/charts/helm-toolkit/Chart.yaml
index 404f380..7d3703e 100644
--- a/charts/horizon/charts/helm-toolkit/Chart.yaml
+++ b/charts/horizon/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.52
+version: 0.2.53
diff --git a/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/horizon/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/horizon/requirements.lock b/charts/horizon/requirements.lock
index 38083eb..8688d12 100644
--- a/charts/horizon/requirements.lock
+++ b/charts/horizon/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.52
-digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
-generated: "2023-03-21T03:57:16.948204255Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:20.129621934Z"
diff --git a/charts/horizon/templates/pod-helm-tests.yaml b/charts/horizon/templates/pod-helm-tests.yaml
index dbcb9a3..7d16303 100644
--- a/charts/horizon/templates/pod-helm-tests.yaml
+++ b/charts/horizon/templates/pod-helm-tests.yaml
@@ -36,7 +36,7 @@
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.horizon.enabled }}
-{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
diff --git a/charts/keystone/charts/helm-toolkit/Chart.yaml b/charts/keystone/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/keystone/charts/helm-toolkit/Chart.yaml
+++ b/charts/keystone/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/keystone/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/keystone/requirements.lock b/charts/keystone/requirements.lock
index d765c01..db72e73 100644
--- a/charts/keystone/requirements.lock
+++ b/charts/keystone/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:50.646508644Z"
+ version: 0.2.52
+digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
+generated: "2023-03-20T23:05:53.167452331Z"
diff --git a/charts/magnum/Chart.yaml b/charts/magnum/Chart.yaml
index a834c53..7a7aa6a 100644
--- a/charts/magnum/Chart.yaml
+++ b/charts/magnum/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/magnum
- https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/magnum/charts/helm-toolkit/Chart.yaml b/charts/magnum/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/magnum/charts/helm-toolkit/Chart.yaml
+++ b/charts/magnum/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/magnum/requirements.lock b/charts/magnum/requirements.lock
index 3c9ff49..da7e6ff 100644
--- a/charts/magnum/requirements.lock
+++ b/charts/magnum/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:01.686714935Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:24.881219179Z"
diff --git a/charts/magnum/templates/configmap-etc.yaml b/charts/magnum/templates/configmap-etc.yaml
index 466e2ae..bbd9753 100644
--- a/charts/magnum/templates/configmap-etc.yaml
+++ b/charts/magnum/templates/configmap-etc.yaml
@@ -71,6 +71,10 @@
{{- $_ := set .Values.conf.magnum.trust "trustee_domain_admin_password" .Values.endpoints.identity.auth.magnum_stack_user.password -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.magnum.api "api_paste_config" "/var/lib/openstack/etc/magnum/api-paste.ini" -}}
+{{- end }}
+
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -92,6 +96,8 @@
data:
magnum.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- end }}
diff --git a/charts/magnum/templates/deployment-api.yaml b/charts/magnum/templates/deployment-api.yaml
index fbb43d2..d7873eb 100644
--- a/charts/magnum/templates/deployment-api.yaml
+++ b/charts/magnum/templates/deployment-api.yaml
@@ -98,10 +98,12 @@
subPath: {{ base .Values.conf.magnum.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: magnum-etc
mountPath: /etc/magnum/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: magnum-etc
mountPath: /etc/magnum/policy.yaml
subPath: policy.yaml
diff --git a/charts/magnum/values.yaml b/charts/magnum/values.yaml
index 4280f0b..7572095 100644
--- a/charts/magnum/values.yaml
+++ b/charts/magnum/values.yaml
@@ -51,23 +51,7 @@
- image_repo_sync
conf:
- paste:
- pipeline:main:
- pipeline: cors healthcheck request_id authtoken api_v1
- app:api_v1:
- paste.app_factory: magnum.api.app:app_factory
- filter:authtoken:
- acl_public_routes: /, /v1
- paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: magnum
- filter:healthcheck:
- paste.filter_factory: oslo_middleware:Healthcheck.factory
- backends: disable_by_file
- disable_by_file_path: /etc/magnum/healthcheck_disable
+ paste: {}
policy: {}
magnum:
DEFAULT:
@@ -91,6 +75,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: container-infra
api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.
diff --git a/charts/manila/Chart.yaml b/charts/manila/Chart.yaml
index 62d26ee..ddbd165 100644
--- a/charts/manila/Chart.yaml
+++ b/charts/manila/Chart.yaml
@@ -1,24 +1,12 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Manila
-name: manila
-version: 0.1.0
home: https://docs.openstack.org/manila/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png
-sources:
- - https://opendev.org/openstack/manila
- - https://opendev.org/openstack/openstack-helm
maintainers:
- - name: OpenStack-Helm Authors
+- name: OpenStack-Helm Authors
+name: manila
+sources:
+- https://opendev.org/openstack/manila
+- https://opendev.org/openstack/openstack-helm
+version: 0.1.1
diff --git a/charts/manila/charts/helm-toolkit/Chart.yaml b/charts/manila/charts/helm-toolkit/Chart.yaml
index a8942ad..7d3703e 100644
--- a/charts/manila/charts/helm-toolkit/Chart.yaml
+++ b/charts/manila/charts/helm-toolkit/Chart.yaml
@@ -1,26 +1,12 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit
-name: helm-toolkit
-version: 0.2.52
home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
-sources:
- - https://opendev.org/openstack/openstack-helm-infra
- - https://opendev.org/openstack/openstack-helm
maintainers:
- - name: OpenStack-Helm Authors
-...
+- name: OpenStack-Helm Authors
+name: helm-toolkit
+sources:
+- https://opendev.org/openstack/openstack-helm-infra
+- https://opendev.org/openstack/openstack-helm
+version: 0.2.53
diff --git a/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/manila/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/manila/requirements.lock b/charts/manila/requirements.lock
new file mode 100644
index 0000000..4b6e389
--- /dev/null
+++ b/charts/manila/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: helm-toolkit
+ repository: file://../../openstack-helm-infra/helm-toolkit
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:22.159999701Z"
diff --git a/charts/manila/templates/configmap-etc.yaml b/charts/manila/templates/configmap-etc.yaml
index e230aa4..15f7fde 100644
--- a/charts/manila/templates/configmap-etc.yaml
+++ b/charts/manila/templates/configmap-etc.yaml
@@ -59,6 +59,10 @@
{{- $_ := set .Values.conf.manila.keystone_authtoken "memcache_secret_key" $memcache_secret_key -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.manila.DEFAULT "api_paste_config" "/var/lib/openstack/etc/manila/api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.manila.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "manila" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.manila.database "connection" -}}
{{- end -}}
@@ -233,7 +237,9 @@
{{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
{{- end }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
manila_sudoers: {{ $envAll.Values.conf.manila_sudoers | b64enc }}
rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
diff --git a/charts/manila/templates/deployment-api.yaml b/charts/manila/templates/deployment-api.yaml
index 0e4505a..b2169f3 100644
--- a/charts/manila/templates/deployment-api.yaml
+++ b/charts/manila/templates/deployment-api.yaml
@@ -100,10 +100,12 @@
subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: manila-etc
mountPath: /etc/manila/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: manila-etc
mountPath: /etc/manila/policy.yaml
subPath: policy.yaml
diff --git a/charts/manila/values.yaml b/charts/manila/values.yaml
index c96726a..2132de2 100644
--- a/charts/manila/values.yaml
+++ b/charts/manila/values.yaml
@@ -44,18 +44,18 @@
images:
tags:
- bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
- db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- manila_db_sync: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
- db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- manila_api: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
- manila_data: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
- manila_scheduler: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
- manila_share: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
+ db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
rabbit_init: docker.io/rabbitmq:3.7-management
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
@@ -405,55 +405,7 @@
service: oslo_messaging
conf:
- paste:
- composite:osapi_share:
- use: call:manila.api:root_app_factory
- /: apiversions
- /healthcheck: healthcheck
- /v1: openstack_share_api
- /v2: openstack_share_api_v2
- composite:openstack_share_api:
- use: call:manila.api.middleware.auth:pipeline_factory
- noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
- keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
- keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
- composite:openstack_share_api_v2:
- use: call:manila.api.middleware.auth:pipeline_factory
- noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
- noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
- keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
- keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
- filter:faultwrap:
- paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
- filter:noauth:
- paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
- filter:noauthv2:
- paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
- filter:sizelimit:
- paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- app:api:
- paste.app_factory: manila.api.v1.router:APIRouter.factory
- app:apiv2:
- paste.app_factory: manila.api.v2.router:APIRouter.factory
- pipeline:apiversions:
- pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
- app:osshareversionapp:
- paste.app_factory: manila.api.versions:VersionsRouter.factory
- filter:keystonecontext:
- paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: manila
- app:healthcheck:
- paste.app_factory: oslo_middleware:Healthcheck.app_factory
- backends: disable_by_file
- disable_by_file_path: /etc/manila/healthcheck_disable
+ paste: {}
policy: {}
manila_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -702,6 +654,7 @@
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
+ service_type: sharev2
neutron:
auth_type: password
auth_version: v3
diff --git a/charts/manila/values_overrides/apparmor.yaml b/charts/manila/values_overrides/apparmor.yaml
deleted file mode 100644
index c8288fe..0000000
--- a/charts/manila/values_overrides/apparmor.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-pod:
- mandatory_access_control:
- type: apparmor
- manila-api:
- manila-api: runtime/default
- init: runtime/default
- manila-test:
- init: runtime/default
- manila-test: runtime/default
-...
diff --git a/charts/manila/values_overrides/tls-offloading.yaml b/charts/manila/values_overrides/tls-offloading.yaml
deleted file mode 100644
index 8ea0f6a..0000000
--- a/charts/manila/values_overrides/tls-offloading.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- manila:
- cacert: /etc/ssl/certs/openstack-helm.crt
-
-tls:
- identity: true
-...
diff --git a/charts/manila/values_overrides/tls.yaml b/charts/manila/values_overrides/tls.yaml
deleted file mode 100644
index 99667ca..0000000
--- a/charts/manila/values_overrides/tls.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-manifests:
- certificates: true
-...
diff --git a/charts/memcached/charts/helm-toolkit/Chart.yaml b/charts/memcached/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/memcached/charts/helm-toolkit/Chart.yaml
+++ b/charts/memcached/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/memcached/charts/helm-toolkit/requirements.lock b/charts/memcached/charts/helm-toolkit/requirements.lock
index aa6325b..f58d8e0 100644
--- a/charts/memcached/charts/helm-toolkit/requirements.lock
+++ b/charts/memcached/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
dependencies: []
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-01-31T00:32:58.374919745Z"
+generated: "2023-03-17T21:00:03.500496699Z"
diff --git a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/memcached/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/memcached/requirements.lock b/charts/memcached/requirements.lock
index 88a77c0..a348b9e 100644
--- a/charts/memcached/requirements.lock
+++ b/charts/memcached/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../helm-toolkit
- version: 0.2.51
-digest: sha256:212d8fd57a982831cd076d64cb0e54974bd77971209f3acb266bc0a53fa83731
-generated: "2023-01-31T00:33:11.072316895Z"
+ version: 0.2.52
+digest: sha256:d7c1d04fc7525277f29dac7fc7d2996c60cb3e708f487cd2bf88a0236454f7e3
+generated: "2023-03-17T21:00:20.838477353Z"
diff --git a/charts/neutron/Chart.yaml b/charts/neutron/Chart.yaml
index 4270928..52b6060 100644
--- a/charts/neutron/Chart.yaml
+++ b/charts/neutron/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/neutron
- https://opendev.org/openstack/openstack-helm
-version: 0.3.2
+version: 0.3.8
diff --git a/charts/neutron/charts/helm-toolkit/Chart.yaml b/charts/neutron/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/neutron/charts/helm-toolkit/Chart.yaml
+++ b/charts/neutron/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock
index ba587c5..39a58b5 100644
--- a/charts/neutron/requirements.lock
+++ b/charts/neutron/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:52.301841195Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:11.158271588Z"
diff --git a/charts/neutron/templates/bin/_health-probe.py.tpl b/charts/neutron/templates/bin/_health-probe.py.tpl
index 1ba4107..266c3d8 100644
--- a/charts/neutron/templates/bin/_health-probe.py.tpl
+++ b/charts/neutron/templates/bin/_health-probe.py.tpl
@@ -212,8 +212,9 @@
required=False))
cfg.CONF(sys.argv[1:])
- agentq = "metadata_agent"
- tcp_socket_state_check(agentq)
+ if "ovn_metadata_agent.ini" not in ','.join(sys.argv):
+ agentq = "metadata_agent"
+ tcp_socket_state_check(agentq)
try:
metadata_proxy_socket = cfg.CONF.metadata_proxy_socket
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
new file mode 100644
index 0000000..5b6ce43
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+mkdir -p /tmp/pod-shared
+tee > /tmp/pod-shared/neutron-agent.ini << EOF
+[DEFAULT]
+host = $(hostname --fqdn)
+EOF
+{{- end }}
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
new file mode 100644
index 0000000..b559b07
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+
+cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+
+exec neutron-ovn-metadata-agent \
+ --config-file /etc/neutron/neutron.conf \
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+ --config-file /tmp/pod-shared/neutron-agent.ini \
+{{- end }}
+ --config-file /tmp/ovn_metadata_agent.ini
+
diff --git a/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
new file mode 100644
index 0000000..8661754
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+mkdir -p /tmp/pod-shared
+cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
diff --git a/charts/neutron/templates/bin/_neutron-server.sh.tpl b/charts/neutron/templates/bin/_neutron-server.sh.tpl
index 83ca918..9cffb7b 100644
--- a/charts/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/charts/neutron/templates/bin/_neutron-server.sh.tpl
@@ -22,6 +22,8 @@
--config-file /etc/neutron/neutron.conf \
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
--config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+{{- else if ( has "ovn" .Values.network.backend ) }}
+ --config-file /tmp/pod-shared/ml2_conf.ini
{{- else }}
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
{{- end }}
diff --git a/charts/neutron/templates/configmap-bin.yaml b/charts/neutron/templates/configmap-bin.yaml
index 2a6b9cf..a701c52 100644
--- a/charts/neutron/templates/configmap-bin.yaml
+++ b/charts/neutron/templates/configmap-bin.yaml
@@ -59,10 +59,6 @@
{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-linuxbridge-agent-init-modules.sh: |
{{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- neutron-metadata-agent.sh: |
-{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- neutron-metadata-agent-init.sh: |
-{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent.sh: |
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init.sh: |
@@ -95,6 +91,21 @@
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
neutron-test-force-cleanup.sh: |
{{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+
+{{- if ( has "ovn" .Values.network.backend ) }}
+ neutron-ovn-metadata-agent.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-ovn-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-server-ovn-init.sh: |
+{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- else }}
+ neutron-metadata-agent.sh: |
+{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
tf-plugin.pth: |
/opt/plugin/site-packages
diff --git a/charts/neutron/templates/configmap-etc.yaml b/charts/neutron/templates/configmap-etc.yaml
index 9266081..45176b9 100644
--- a/charts/neutron/templates/configmap-etc.yaml
+++ b/charts/neutron/templates/configmap-etc.yaml
@@ -66,6 +66,10 @@
{{- end -}}
{{- end }}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.neutron.DEFAULT "api_paste_config" "/var/lib/openstack/etc/neutron/api-paste.ini" -}}
+{{- end }}
+
{{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.DEFAULT "transport_url" -}}
{{- end }}
@@ -279,14 +283,15 @@
type: Opaque
data:
rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml $envAll.Values.conf.policy | b64enc }}
neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }}
l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }}
- metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }}
taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }}
ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
@@ -307,6 +312,12 @@
auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }}
update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }}
+{{- if ( has "ovn" .Values.network.backend ) }}
+ ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }}
+{{- else }}
+ metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
+{{- end }}
+
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
{{- end }}
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
new file mode 100644
index 0000000..511eb26
--- /dev/null
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -0,0 +1,243 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "ovnMetadataAgentReadinessProbeTemplate" }}
+exec:
+ command:
+ - python
+ - /tmp/health-probe.py
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/ovn_metadata_agent.ini
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+ - --use-fqdn
+{{- end }}
+{{- end }}
+{{- define "ovnMetadataAgentLivenessProbeTemplate" }}
+exec:
+ command:
+ - python
+ - /tmp/health-probe.py
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/ovn_metadata_agent.ini
+ - --liveness-probe
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+ - --use-fqdn
+{{- end }}
+{{- end }}
+
+{{- define "neutron.ovn_metadata_agent.daemonset" }}
+{{- $daemonset := index . 0 }}
+{{- $configMapName := index . 1 }}
+{{- $serviceAccountName := index . 2 }}
+{{- $envAll := index . 3 }}
+{{- with $envAll }}
+
+{{- $mounts_neutron_ovn_metadata_agent := .Values.pod.mounts.neutron_ovn_metadata_agent.neutron_ovn_metadata_agent }}
+{{- $mounts_neutron_ovn_metadata_agent_init := .Values.pod.mounts.neutron_ovn_metadata_agent.init_container }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: neutron-ovn-metadata-agent
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll "ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ nodeSelector:
+ {{ .Values.labels.agent.ovn_metadata.node_selector_key }}: {{ .Values.labels.agent.ovn_metadata.node_selector_value }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+ {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+ shareProcessNamespace: true
+ {{- else }}
+ hostPID: true
+ {{- end }}
+ initContainers:
+{{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: neutron-ovn-metadata-agent-init
+{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ env:
+ - name: NEUTRON_USER_UID
+ value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
+ command:
+ - /tmp/neutron-ovn-metadata-agent-init.sh
+ volumeMounts:
+ - name: run
+ mountPath: /run
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
+ subPath: neutron-ovn-metadata-agent-init.sh
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ - name: socket
+ mountPath: /var/lib/neutron/openstack-helm
+ containers:
+ - name: neutron-ovn-metadata-agent
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: RPC_PROBE_TIMEOUT
+ value: "{{ .Values.pod.probes.rpc_timeout }}"
+ - name: RPC_PROBE_RETRIES
+ value: "{{ .Values.pod.probes.rpc_retries }}"
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "readiness" "probeTemplate" (include "ovnMetadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "liveness" "probeTemplate" (include "ovnMetadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ securityContext:
+ privileged: true
+ command:
+ - /tmp/neutron-ovn-metadata-agent.sh
+ volumeMounts:
+ - name: run
+ mountPath: /run
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-var-neutron
+ mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ovn-metadata-agent.sh
+ subPath: neutron-ovn-metadata-agent.sh
+ readOnly: true
+ - name: neutron-bin
+ mountPath: /tmp/health-probe.py
+ subPath: health-probe.py
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
+ - name: neutron-etc
+ mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+ subPath: ml2_conf.ini
+ readOnly: true
+ {{- if ( has "openvswitch" .Values.network.backend ) }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ subPath: openvswitch_agent.ini
+ readOnly: true
+ {{- end }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/ovn_metadata_agent.ini
+ subPath: ovn_metadata_agent.ini
+ readOnly: true
+ - name: neutron-etc
+ # NOTE (Portdirect): We mount here to override Kollas
+ # custom sudoers file when using Kolla images, this
+ # location will also work fine for other images.
+ mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+ subPath: neutron_sudoers
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/rootwrap.conf
+ subPath: rootwrap.conf
+ readOnly: true
+ {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+ {{- if ( has "ovn_metadata_agent" $value.pods ) }}
+ {{- $filePrefix := replace "_" "-" $key }}
+ {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
+ - name: neutron-etc
+ mountPath: {{ $rootwrapFile }}
+ subPath: {{ base $rootwrapFile }}
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ - name: socket
+ mountPath: /var/lib/neutron/openstack-helm
+ {{- if .Values.network.share_namespaces }}
+ - name: host-run-netns
+ mountPath: /run/netns
+ mountPropagation: Bidirectional
+ {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: pod-var-neutron
+ emptyDir: {}
+ - name: run
+ hostPath:
+ path: /run
+ - name: neutron-bin
+ configMap:
+ name: neutron-bin
+ defaultMode: 0555
+ - name: neutron-etc
+ secret:
+ secretName: {{ $configMapName }}
+ defaultMode: 0444
+ - name: socket
+ hostPath:
+ path: /var/lib/neutron/openstack-helm
+ {{- if .Values.network.share_namespaces }}
+ - name: host-run-netns
+ hostPath:
+ path: /run/netns
+ {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumes }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumes | indent 8 }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.daemonset_ovn_metadata_agent }}
+{{- $envAll := . }}
+{{- $daemonset := "ovn-metadata-agent" }}
+{{- $configMapName := "neutron-etc" }}
+{{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
+{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
+{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
+{{- $configmap_yaml := "neutron.configmap.etc" }}
+{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
+{{- end }}
diff --git a/charts/neutron/templates/deployment-server.yaml b/charts/neutron/templates/deployment-server.yaml
index 2e39a40..12ca245 100644
--- a/charts/neutron/templates/deployment-server.yaml
+++ b/charts/neutron/templates/deployment-server.yaml
@@ -91,6 +91,29 @@
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{- if ( has "ovn" .Values.network.backend ) }}
+ - name: ovn-neutron-init
+{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /tmp/neutron-server-ovn-init.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ - name: neutron-bin
+ mountPath: /tmp/neutron-server-ovn-init.sh
+ subPath: neutron-server-ovn-init.sh
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+ subPath: ml2_conf.ini
+ readOnly: true
+ {{- end }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
- name: tungstenfabric-neutron-init
image: {{ .Values.images.tags.tf_neutron_init }}
@@ -176,6 +199,8 @@
volumeMounts:
- name: pod-tmp
mountPath: /tmp
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
- name: neutron-bin
@@ -243,10 +268,12 @@
subPath: l2gw_plugin.ini
readOnly: true
{{ end }}
+ {{- if .Values.conf.paste }}
- name: neutron-etc
mountPath: /etc/neutron/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{ end }}
- name: neutron-etc
mountPath: /etc/neutron/policy.yaml
subPath: policy.yaml
@@ -258,6 +285,8 @@
volumes:
- name: pod-tmp
emptyDir: {}
+ - name: pod-shared
+ emptyDir: {}
{{- if .Values.manifests.certificates }}
- name: wsgi-neutron
emptyDir: {}
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index 57a93a8..fa311b4 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -33,6 +33,7 @@
neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
+ neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
@@ -62,6 +63,9 @@
metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
+ ovn_metadata:
+ node_selector_key: openstack-compute-node
+ node_selector_value: enabled
l2gw:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@@ -156,6 +160,7 @@
sriov: {}
l2gateway: {}
bagpipe_bgp: {}
+ ovn: {}
openvswitch:
dhcp:
pod:
@@ -279,6 +284,19 @@
service: compute
- endpoint: public
service: compute_metadata
+ ovn_metadata:
+ pod: null
+ jobs:
+ - neutron-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_messaging
+ - endpoint: internal
+ service: network
+ - endpoint: internal
+ service: compute
+ - endpoint: public
+ service: compute_metadata
ovs_agent:
jobs:
- neutron-rabbit-init
@@ -385,6 +403,20 @@
initialDelaySeconds: 120
periodSeconds: 600
timeoutSeconds: 580
+ ovn_metadata_agent:
+ ovn_metadata_agent:
+ readiness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ periodSeconds: 190
+ timeoutSeconds: 185
+ liveness:
+ enabled: true
+ params:
+ initialDelaySeconds: 120
+ periodSeconds: 600
+ timeoutSeconds: 580
ovs_agent:
ovs_agent:
readiness:
@@ -490,6 +522,13 @@
neutron_metadata_agent_init:
runAsUser: 0
readOnlyRootFilesystem: true
+ neutron_ovn_metadata_agent:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_ovn_metadata_agent_init:
+ runAsUser: 0
+ readOnlyRootFilesystem: true
neutron_ovs_agent:
pod:
runAsUser: 42424
@@ -558,6 +597,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
neutron_server:
init_container: null
@@ -584,6 +626,11 @@
neutron_metadata_agent:
volumeMounts:
volumes:
+ neutron_ovn_metadata_agent:
+ init_container: null
+ neutron_ovn_metadata_agent:
+ volumeMounts:
+ volumes:
neutron_ovs_agent:
init_container: null
neutron_ovs_agent:
@@ -661,6 +708,10 @@
enabled: true
min_ready_seconds: 0
max_unavailable: 1
+ ovn_metadata_agent:
+ enabled: true
+ min_ready_seconds: 0
+ max_unavailable: 1
ovs_agent:
enabled: true
min_ready_seconds: 0
@@ -712,6 +763,13 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+ ovn_metadata:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
ovs:
requests:
memory: "128Mi"
@@ -1122,43 +1180,7 @@
sla:
failure_rate:
max: 0
- paste:
- composite:neutron:
- use: egg:Paste#urlmap
- /: neutronversions_composite
- /v2.0: neutronapi_v2_0
- composite:neutronapi_v2_0:
- use: call:neutron.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
- keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
- composite:neutronversions_composite:
- use: call:neutron.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi neutronversions
- keystone: cors http_proxy_to_wsgi neutronversions
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:catch_errors:
- paste.filter_factory: oslo_middleware:CatchErrors.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: neutron
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:keystonecontext:
- paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/neutron/api_audit_map.conf
- filter:extensions:
- paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
- app:neutronversions:
- paste.app_factory: neutron.pecan_wsgi.app:versions_factory
- app:neutronapiapp_v2_0:
- paste.app_factory: neutron.api.v2.router:APIRouter.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ paste: {}
policy: {}
api_audit_map:
DEFAULT:
@@ -1233,6 +1255,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1260,6 +1283,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1285,6 +1309,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1306,6 +1331,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1396,6 +1422,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1418,6 +1445,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1467,6 +1495,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1487,6 +1516,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1523,6 +1553,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1560,6 +1591,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1597,6 +1629,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1743,6 +1776,7 @@
memcache_security_strategy: ENCRYPT
auth_type: password
auth_version: v3
+ service_type: network
octavia:
request_poll_timeout: 3000
logging:
@@ -1818,7 +1852,7 @@
# (NOTE)portdirect: if unset this is populated dyanmicly from the value
# in 'network.backend' to sane defaults.
mechanism_drivers: null
- type_drivers: flat,vlan,vxlan
+ type_drivers: flat,vlan,vxlan,local
tenant_network_types: vxlan
ml2_type_vxlan:
vni_ranges: 1:1000
@@ -1907,6 +1941,7 @@
enabled: true
backend: dogpile.cache.memcached
bagpipe_bgp: {}
+ ovn_metadata_agent: {}
rabbitmq:
# NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index 818a9b9..641e158 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/nova
- https://opendev.org/openstack/openstack-helm
-version: 0.3.1
+version: 0.3.10
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 75ab5ad..45f58d3 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:59.565900423Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:22.712454279Z"
diff --git a/charts/nova/templates/bin/_ssh-start.sh.tpl b/charts/nova/templates/bin/_ssh-start.sh.tpl
index abbf9f0..562da44 100644
--- a/charts/nova/templates/bin/_ssh-start.sh.tpl
+++ b/charts/nova/templates/bin/_ssh-start.sh.tpl
@@ -35,4 +35,6 @@
rm /tmp/sshd_config_extend
+mkdir -p /run/sshd
+
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index 12ad86c..b7638e5 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -81,6 +81,10 @@
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.nova.wsgi "api_paste_config" "/var/lib/openstack/etc/nova/api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.nova.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -270,7 +274,9 @@
type: Opaque
data:
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
nova_sudoers: {{ $envAll.Values.conf.nova_sudoers | b64enc }}
rootwrap.conf: {{ .Values.conf.rootwrap | b64enc }}
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index e7039f5..1d74685 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -142,10 +142,12 @@
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index 4cb6744..df57940 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -114,10 +114,12 @@
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index e430d25..2c65401 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -17,7 +17,7 @@
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
-{{- define "novaSpiceproxyReadynessProbeTemplate" }}
+{{- define "novaSpiceproxyReadinessProbeTemplate" }}
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index 26841a4..b725160 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -796,57 +796,7 @@
sla:
failure_rate:
max: 0
- paste:
- composite:metadata:
- use: egg:Paste#urlmap
- /: meta
- pipeline:meta:
- pipeline: cors metaapp
- app:metaapp:
- paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory
- composite:osapi_compute:
- use: call:nova.api.openstack.urlmap:urlmap_factory
- /: oscomputeversions
- /v2: openstack_compute_api_v21_legacy_v2_compatible
- /v2.1: openstack_compute_api_v21
- composite:openstack_compute_api_v21:
- use: call:nova.api.auth:pipeline_factory_v21
- noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext osapi_compute_app_v21
- composite:openstack_compute_api_v21_legacy_v2_compatible:
- use: call:nova.api.auth:pipeline_factory_v21
- noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext legacy_v2_compatible osapi_compute_app_v21
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:compute_req_id:
- paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory
- filter:faultwrap:
- paste.filter_factory: nova.api.openstack:FaultWrapper.factory
- filter:noauth2:
- paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory
- filter:sizelimit:
- paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:legacy_v2_compatible:
- paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory
- app:osapi_compute_app_v21:
- paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory
- pipeline:oscomputeversions:
- pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp
- app:oscomputeversionapp:
- paste.app_factory: nova.api.openstack.compute.versions:Versions.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: nova
- filter:keystonecontext:
- paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/nova/api_audit_map.conf
+ paste: {}
policy: {}
nova_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -1399,6 +1349,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: compute
notifications:
notify_on_state_change: vm_and_task_state
service_user:
@@ -2164,6 +2115,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
nova_compute:
init_container: null
diff --git a/charts/octavia/charts/helm-toolkit/Chart.yaml b/charts/octavia/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/octavia/charts/helm-toolkit/Chart.yaml
+++ b/charts/octavia/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/octavia/requirements.lock b/charts/octavia/requirements.lock
index 00f9746..e4f2815 100644
--- a/charts/octavia/requirements.lock
+++ b/charts/octavia/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:10:02.04681901Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-11T04:21:24.12208598Z"
diff --git a/charts/openvswitch/charts/helm-toolkit/Chart.yaml b/charts/openvswitch/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/openvswitch/charts/helm-toolkit/Chart.yaml
+++ b/charts/openvswitch/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/openvswitch/charts/helm-toolkit/requirements.lock b/charts/openvswitch/charts/helm-toolkit/requirements.lock
index aa6325b..39023e8 100644
--- a/charts/openvswitch/charts/helm-toolkit/requirements.lock
+++ b/charts/openvswitch/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
dependencies: []
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-01-31T00:32:58.374919745Z"
+generated: "2023-03-17T16:48:36.562591008Z"
diff --git a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/openvswitch/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/openvswitch/requirements.lock b/charts/openvswitch/requirements.lock
index ede108c..d3495d7 100644
--- a/charts/openvswitch/requirements.lock
+++ b/charts/openvswitch/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../helm-toolkit
- version: 0.2.51
-digest: sha256:212d8fd57a982831cd076d64cb0e54974bd77971209f3acb266bc0a53fa83731
-generated: "2023-01-31T00:33:12.094612309Z"
+ version: 0.2.52
+digest: sha256:d7c1d04fc7525277f29dac7fc7d2996c60cb3e708f487cd2bf88a0236454f7e3
+generated: "2023-03-17T16:48:45.363831485Z"
diff --git a/charts/placement/charts/helm-toolkit/Chart.yaml b/charts/placement/charts/helm-toolkit/Chart.yaml
index c1296b9..404f380 100644
--- a/charts/placement/charts/helm-toolkit/Chart.yaml
+++ b/charts/placement/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.52
diff --git a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/placement/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/placement/requirements.lock b/charts/placement/requirements.lock
index 5ab47c6..cbe09c9 100644
--- a/charts/placement/requirements.lock
+++ b/charts/placement/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.698852948Z"
+ version: 0.2.52
+digest: sha256:fa4cf6491d7d370591b9751dbc9e761b5ae4bd1fdfda954f0acc240b187e0551
+generated: "2023-03-20T23:06:01.180245043Z"
diff --git a/charts/senlin/Chart.yaml b/charts/senlin/Chart.yaml
index 2331440..4085ec4 100644
--- a/charts/senlin/Chart.yaml
+++ b/charts/senlin/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/senlin
- https://opendev.org/openstack/openstack-helm
-version: 0.2.8
+version: 0.2.9
diff --git a/charts/senlin/charts/helm-toolkit/Chart.yaml b/charts/senlin/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/senlin/charts/helm-toolkit/Chart.yaml
+++ b/charts/senlin/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock
index 223e708..ba7a859 100644
--- a/charts/senlin/requirements.lock
+++ b/charts/senlin/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:56.274500208Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:16.171873003Z"
diff --git a/charts/senlin/templates/configmap-etc.yaml b/charts/senlin/templates/configmap-etc.yaml
index a47a3a4..2f2a4a8 100644
--- a/charts/senlin/templates/configmap-etc.yaml
+++ b/charts/senlin/templates/configmap-etc.yaml
@@ -93,6 +93,11 @@
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}}
+
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.senlin.senlin_api "api_paste_config" "/var/lib/openstack/etc/senlin/api-paste.ini" -}}
+{{- end }}
+
---
apiVersion: v1
kind: Secret
@@ -103,6 +108,8 @@
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
senlin.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- end }}
diff --git a/charts/senlin/templates/deployment-api.yaml b/charts/senlin/templates/deployment-api.yaml
index d6577ff..689c045 100644
--- a/charts/senlin/templates/deployment-api.yaml
+++ b/charts/senlin/templates/deployment-api.yaml
@@ -98,10 +98,12 @@
subPath: {{ base .Values.conf.senlin.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: senlin-etc
mountPath: /etc/senlin/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: senlin-etc
mountPath: /etc/senlin/policy.yaml
subPath: policy.yaml
diff --git a/charts/senlin/values.yaml b/charts/senlin/values.yaml
index 5bd7f45..ba4ecad 100644
--- a/charts/senlin/values.yaml
+++ b/charts/senlin/values.yaml
@@ -96,33 +96,7 @@
image: df0c1a14-0940-4ae5-be5c-bb06aa407da2
networks:
- network: public
- paste:
- pipeline:senlin-api:
- pipeline: request_id faultwrap ssl versionnegotiation webhook authtoken context trust apiv1app
- app:apiv1app:
- paste.app_factory: senlin.api.common.wsgi:app_factory
- senlin.app_factory: senlin.api.openstack.v1.router:API
- filter:request_id:
- paste.filter_factory: oslo_middleware.request_id:RequestId.factory
- filter:faultwrap:
- paste.filter_factory: senlin.api.common.wsgi:filter_factory
- senlin.filter_factory: senlin.api.middleware:fault_filter
- filter:context:
- paste.filter_factory: senlin.api.common.wsgi:filter_factory
- senlin.filter_factory: senlin.api.middleware:context_filter
- filter:ssl:
- paste.filter_factory: oslo_middleware.ssl:SSLMiddleware.factory
- filter:versionnegotiation:
- paste.filter_factory: senlin.api.common.wsgi:filter_factory
- senlin.filter_factory: senlin.api.middleware:version_filter
- filter:trust:
- paste.filter_factory: senlin.api.common.wsgi:filter_factory
- senlin.filter_factory: senlin.api.middleware:trust_filter
- filter:webhook:
- paste.filter_factory: senlin.api.common.wsgi:filter_factory
- senlin.filter_factory: senlin.api.middleware:webhook_filter
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ paste: {}
policy: {}
senlin:
DEFAULT:
@@ -137,6 +111,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: clustering
senlin_api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.
diff --git a/charts/tempest/charts/helm-toolkit/Chart.yaml b/charts/tempest/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/tempest/charts/helm-toolkit/Chart.yaml
+++ b/charts/tempest/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/tempest/requirements.lock b/charts/tempest/requirements.lock
index 08e3e72..25681a8 100644
--- a/charts/tempest/requirements.lock
+++ b/charts/tempest/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:57.436181816Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:19.780482669Z"
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index 527486c..66cb58d 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -82,30 +82,38 @@
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/keystone-${KEYSTONE_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-BARBICAN_VERSION=0.3.0
+BARBICAN_VERSION=0.3.2
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/barbican-${BARBICAN_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'barbican/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/barbican
CEPH_PROVISIONERS_VERSION=0.1.8
curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/ceph-provisioners-${CEPH_PROVISIONERS_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-GLANCE_VERSION=0.4.1
+GLANCE_VERSION=0.4.6
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/glance-${GLANCE_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'glance/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/glance
-CINDER_VERSION=0.3.4
+CINDER_VERSION=0.3.10
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/cinder-${CINDER_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874933/revisions/4/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
| base64 --decode \
| filterdiff -p1 -x 'releasenotes/*' \
| filterdiff -p2 -x 'Chart.yaml' \
- | patch -p2 -d ${ATMOSPHERE}/charts/cinder
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874952/revisions/3/patch?download' \
- | base64 --decode \
- | filterdiff -p1 -x 'releasenotes/*' \
- | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'cinder/*' \
| patch -p2 -d ${ATMOSPHERE}/charts/cinder
PLACEMENT_VERSION=0.3.2
@@ -122,69 +130,80 @@
LOCAL_PATH_PROVISIONER_VERSION=0.0.24
curl -sL https://github.com/rancher/local-path-provisioner/archive/refs/tags/v${LOCAL_PATH_PROVISIONER_VERSION}.tar.gz \
- | tar -xz -C charts --strip-components=3 ${ATMOSPHERE}/local-path-provisioner-${LOCAL_PATH_PROVISIONER_VERSION}/deploy/chart/
+ | tar -xz -C ${ATMOSPHERE}/charts --strip-components=3 local-path-provisioner-${LOCAL_PATH_PROVISIONER_VERSION}/deploy/chart/
-NEUTRON_VERSION=0.3.2
+NEUTRON_VERSION=0.3.8
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/neutron-${NEUTRON_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~872436/revisions/1/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~872436/revisions/2/patch?download' \
| base64 --decode \
| filterdiff -p1 -x 'releasenotes/*' \
| filterdiff -p2 -x 'Chart.yaml' \
| patch -p2 -d ${ATMOSPHERE}/charts/neutron
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'neutron/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/neutron
-NOVA_VERISON=0.3.1
+NOVA_VERISON=0.3.10
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/nova-${NOVA_VERISON}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~873446/revisions/1/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
| base64 --decode \
| filterdiff -p1 -x 'releasenotes/*' \
| filterdiff -p2 -x 'Chart.yaml' \
- | patch -p2 -d ${ATMOSPHERE}/charts/nova
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~878555/revisions/1/patch?download' \
- | base64 --decode \
- | filterdiff -p1 -x 'releasenotes/*' \
- | filterdiff -p2 -x 'Chart.yaml' \
- | patch -p2 -d ${ATMOSPHERE}/charts/nova
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~879066/revisions/2/patch?download' \
- | base64 --decode \
- | filterdiff -p1 -x 'releasenotes/*' \
- | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'nova/*' \
| patch -p2 -d ${ATMOSPHERE}/charts/nova
-SENLIN_VERSION=0.2.8
+SENLIN_VERSION=0.2.9
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/senlin-${SENLIN_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'senlin/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/senlin
-DESIGNATE_VERSION=0.2.8
+DESIGNATE_VERSION=0.2.9
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/designate-${DESIGNATE_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'designate/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/designate
-HEAT_VERSION=0.3.1
+HEAT_VERSION=0.3.3
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/heat-${HEAT_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'heat/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/heat
OCTAVIA_VERSION=0.2.7
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/octavia-${OCTAVIA_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-MAGNUM_VERSION=0.2.8
+MAGNUM_VERSION=0.2.9
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/magnum-${MAGNUM_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'magnum/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/magnum
-HORIZON_VERSION=0.3.5
+HORIZON_VERSION=0.3.8
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/horizon-${HORIZON_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~874354/revisions/4/patch?download' \
- | base64 --decode \
- | filterdiff -p1 -x 'releasenotes/*' \
- | filterdiff -p2 -x 'Chart.yaml' \
- | patch -p2 -d ${ATMOSPHERE}/charts/horizon
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~878529/revisions/1/patch?download' \
- | base64 --decode \
- | filterdiff -p1 -x 'releasenotes/*' \
- | filterdiff -p2 -x 'Chart.yaml' \
- | patch -p2 -d ${ATMOSPHERE}/charts/horizon
TEMPEST_VERSION=0.2.7
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/tempest-${TEMPEST_VERSION}.tgz \
@@ -198,6 +217,12 @@
curl -sL https://charts.rook.io/release/rook-ceph-cluster-v${ROOK_CEPH_CLUSTER_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-MANILA_VERSION=0.1.0
+MANILA_VERSION=0.1.1
curl -sL https://tarballs.opendev.org/openstack/openstack-helm/manila-${MANILA_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~883168/revisions/8/patch?download' \
+ | base64 --decode \
+ | filterdiff -p1 -x 'releasenotes/*' \
+ | filterdiff -p2 -x 'Chart.yaml' \
+ | filterdiff -p1 -i 'manila/*' \
+ | patch -p2 -d ${ATMOSPHERE}/charts/manila
diff --git a/roles/cinder/vars/main.yml b/roles/cinder/vars/main.yml
index 28bf6e2..707728f 100644
--- a/roles/cinder/vars/main.yml
+++ b/roles/cinder/vars/main.yml
@@ -21,12 +21,6 @@
api: 3
scheduler: 3
conf:
- paste:
- composite:openstack_volume_api_v3:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
cinder:
DEFAULT:
allowed_direct_url_schemes: cinder
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index 4dcf75f..cdd6cc0 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -125,6 +125,7 @@
neutron_metadata: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
neutron_netns_cleanup_cron: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
neutron_openvswitch_agent: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
+ neutron_ovn_metadata: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
neutron_server: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
neutron_sriov_agent_init: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
neutron_sriov_agent: quay.io/vexxhost/neutron@sha256:1f7e7d9d3db9100b55243b33bd215aebec89939b8249411153fc4035db62ba93 # image-source: quay.io/vexxhost/neutron:zed
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index 5dfaca0..a4cd93f 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml
@@ -20,9 +20,6 @@
replicas:
server: 3
conf:
- paste:
- composite:neutronapi_v2_0:
- keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
neutron:
DEFAULT:
api_workers: 8
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index 02ea38d..5df4e0a 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -41,11 +41,6 @@
conf:
ceph:
enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
- paste:
- composite:openstack_compute_api_v21:
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
- composite:openstack_compute_api_v21_legacy_v2_compatible:
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
nova:
DEFAULT:
allow_resize_to_same_host: true