fix(neutron): sync paste config
* fix(chart): Import paste.deploy patch and bump chart versions to latest
* Remove paste.deploy config override
* Remove paste.deploy config override for nova and neutron
* Add ovn_metadata image
* Remove orig file and update gitignore
* fix typo in gitignore
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/charts/cinder/Chart.yaml b/charts/cinder/Chart.yaml
index af91098..c00ca66 100644
--- a/charts/cinder/Chart.yaml
+++ b/charts/cinder/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/cinder
- https://opendev.org/openstack/openstack-helm
-version: 0.3.4
+version: 0.3.10
diff --git a/charts/cinder/charts/helm-toolkit/Chart.yaml b/charts/cinder/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/cinder/charts/helm-toolkit/Chart.yaml
+++ b/charts/cinder/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/cinder/requirements.lock b/charts/cinder/requirements.lock
index e75149c..7dbeee4 100644
--- a/charts/cinder/requirements.lock
+++ b/charts/cinder/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:56.648802173Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:12.4446189Z"
diff --git a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
index cd2389c..a50ecb7 100644
--- a/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -37,7 +37,7 @@
fi
size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
ceph osd pool set $1 nosizechange 0
- ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
diff --git a/charts/cinder/templates/bin/_storage-init.sh.tpl b/charts/cinder/templates/bin/_storage-init.sh.tpl
index a43115e..4f945e2 100644
--- a/charts/cinder/templates/bin/_storage-init.sh.tpl
+++ b/charts/cinder/templates/bin/_storage-init.sh.tpl
@@ -34,7 +34,7 @@
fi
size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
ceph osd pool set $1 nosizechange 0
- ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION} --yes-i-really-mean-it
ceph osd pool set $1 nosizechange ${size_protection}
ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
}
diff --git a/charts/cinder/templates/configmap-etc.yaml b/charts/cinder/templates/configmap-etc.yaml
index 5010ab9..452883b 100644
--- a/charts/cinder/templates/configmap-etc.yaml
+++ b/charts/cinder/templates/configmap-etc.yaml
@@ -72,6 +72,10 @@
{{- $_ := set $envAll.Values.conf.cinder.nova "password" $envAll.Values.endpoints.identity.auth.cinder.password -}}
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.cinder.DEFAULT "api_paste_config" "/var/lib/openstack/etc/cinder/api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.cinder.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -167,7 +171,9 @@
cinder.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
backends.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/cinder/templates/deployment-api.yaml b/charts/cinder/templates/deployment-api.yaml
index 8ef5754..4416022 100644
--- a/charts/cinder/templates/deployment-api.yaml
+++ b/charts/cinder/templates/deployment-api.yaml
@@ -128,10 +128,12 @@
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: cinder-etc
mountPath: /etc/cinder/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: cinder-etc
mountPath: /etc/cinder/policy.yaml
subPath: policy.yaml
diff --git a/charts/cinder/templates/deployment-scheduler.yaml b/charts/cinder/templates/deployment-scheduler.yaml
index cf69dd1..875f6ca 100644
--- a/charts/cinder/templates/deployment-scheduler.yaml
+++ b/charts/cinder/templates/deployment-scheduler.yaml
@@ -95,10 +95,12 @@
subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: cinder-etc
mountPath: /etc/cinder/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: cinder-etc
mountPath: /etc/cinder/policy.yaml
subPath: policy.yaml
diff --git a/charts/cinder/values.yaml b/charts/cinder/values.yaml
index 06412f5..4fa8418 100644
--- a/charts/cinder/values.yaml
+++ b/charts/cinder/values.yaml
@@ -55,9 +55,9 @@
cinder_scheduler: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
cinder_volume: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
cinder_volume_usage_audit: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
- cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+ cinder_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
cinder_backup: docker.io/openstackhelm/cinder:wallaby-ubuntu_focal
- cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic
+ cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
@@ -183,6 +183,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
useHostNetwork:
volume: false
backup: false
@@ -430,60 +433,7 @@
global: null
osd: null
conf:
- paste:
- composite:osapi_volume:
- use: call:cinder.api:root_app_factory
- /: apiversions
- /v1: openstack_volume_api_v1
- /v2: openstack_volume_api_v2
- /v3: openstack_volume_api_v3
- composite:openstack_volume_api_v1:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
- composite:openstack_volume_api_v2:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
- composite:openstack_volume_api_v3:
- use: call:cinder.api.middleware.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
- keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
- keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv3
- filter:request_id:
- paste.filter_factory: oslo_middleware.request_id:RequestId.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: cinder
- filter:faultwrap:
- paste.filter_factory: cinder.api.middleware.fault:FaultWrapper.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
- filter:noauth:
- paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory
- filter:sizelimit:
- paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
- app:apiv1:
- paste.app_factory: cinder.api.v1.router:APIRouter.factory
- app:apiv2:
- paste.app_factory: cinder.api.v2.router:APIRouter.factory
- app:apiv3:
- paste.app_factory: cinder.api.v3.router:APIRouter.factory
- pipeline:apiversions:
- pipeline: cors http_proxy_to_wsgi faultwrap osvolumeversionapp
- app:osvolumeversionapp:
- paste.app_factory: cinder.api.versions:Versions.factory
- filter:keystonecontext:
- paste.filter_factory: cinder.api.middleware.auth:CinderKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/cinder/api_audit_map.conf
+ paste: {}
policy: {}
api_audit_map:
DEFAULT:
@@ -826,6 +776,7 @@
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
+ service_type: volumev3
nova:
auth_type: password
auth_version: v3