Merge pull request #91 from alanmeadows/nova_chart

OpenStack Nova Helm Chart Initial Commit

Author: alanmeadows

Makefile

@@ -1,13 +1,12 @@
-.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron cinder heat maas all clean
+.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron nova cinder heat maas all clean
 
 B64_DIRS := common/secrets
 B64_EXCLUDE := $(wildcard common/secrets/*.b64)
 
-CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack
+CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron nova cinder heat maas openstack
 COMMON_TPL := common/templates/_globals.tpl
 
-all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack
-
+all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova cinder heat maas openstack
 
 common: build-common
 
@@ -30,6 +29,8 @@ glance: build-glance
 
 neutron: build-neutron
 
+nova: build-nova
+
 heat: build-heat
 
 maas: build-maas

nova/Chart.yaml

@@ -0,0 +1,3 @@
+description: A Helm chart for nova
+name: nova
+version: 0.1.0

nova/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+  - name: common
+    repository: http://localhost:8879/charts
+    version: 0.1.0

nova/templates/bin/_db-sync.sh.tpl

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -ex
+
+nova-manage db sync
+nova-manage api_db sync
+nova-manage db online_data_migrations

nova/templates/bin/_init.sh.tpl

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+echo "Hello World"
+
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.nova_database_name }}'"
+
+ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.nova_user }}' \
+password='{{ .Values.database.nova_password }}' \
+host='%' \
+priv='{{ .Values.database.nova_database_name }}.*:ALL' append_privs='yes'"
+
+ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.nova_api_database_name }}'"
+
+ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.nova_user }}' \
+password='{{ .Values.database.nova_password }}' \
+host='%' \
+priv='{{ .Values.database.nova_api_database_name }}.*:ALL' append_privs='yes'"

nova/templates/bin/_libvirt.sh.tpl

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -ex
+
+if [[ -f /var/run/libvirtd.pid ]]; then
+   test -d /proc/$(< /var/run/libvirtd.pid) && \
+   ( echo "Libvirtd daemon is running" && exit 10 )
+fi
+
+rm -f /var/run/libvirtd.pid
+
+if [[ -c /dev/kvm ]]; then
+    chmod 660 /dev/kvm
+    chown root:kvm /dev/kvm
+fi
+
+
+sleep 30
+
+{{- if .Values.ceph.enabled }}
+cat > /tmp/secret.xml <<EOF
+<secret ephemeral='no' private='no'>
+  <uuid>{{ .Values.ceph.secret_uuid }}</uuid>
+  <usage type='ceph'>
+    <name>client.{{ .Values.ceph.cinder_user }} secret</name>
+  </usage>
+</secret>
+EOF
+
+virsh secret-define --file /tmp/secret.xml
+virsh secret-set-value --secret {{ .Values.ceph.secret_uuid }} --base64 {{ .Values.ceph.cinder_keyring }}
+rm /tmp/secret.xml
+{{- end }}
+
+
+exec libvirtd -v --listen

nova/templates/bin/_post.sh.tpl

@@ -0,0 +1,57 @@
+#!/bin/bash
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \
+service_type=compute \
+description='Openstack Compute' \
+endpoint_region={{ .Values.keystone.nova_region_name }} \
+url='{{ include "endpoint_nova_api_internal" . }}' \
+interface=admin \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \
+service_type=compute \
+description='Openstack Compute' \
+endpoint_region={{ .Values.keystone.nova_region_name }} \
+url='{{ include "endpoint_nova_api_internal" . }}' \
+interface=internal \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \
+service_type=compute \
+description='Openstack Compute' \
+endpoint_region={{ .Values.keystone.nova_region_name }} \
+url='{{ include "endpoint_nova_api_internal" . }}' \
+interface=public \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}"
+
+ansible localhost -vvv -m kolla_keystone_user -a "project=service \
+user={{ .Values.keystone.nova_user }} \
+password={{ .Values.keystone.nova_password }} \
+role=admin \
+region_name={{ .Values.keystone.nova_region_name }} \
+auth='{{ include "keystone_auth" .}}'" \
+-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}"
+
+cat <<EOF>/tmp/openrc
+export OS_USERNAME={{.Values.keystone.admin_user}}
+export OS_PASSWORD={{.Values.keystone.admin_password}}
+export OS_PROJECT_DOMAIN_NAME={{.Values.keystone.domain_name}}
+export OS_USER_DOMAIN_NAME={{.Values.keystone.domain_name}}
+export OS_PROJECT_NAME={{.Values.keystone.admin_project_name}}
+export OS_AUTH_URL={{include "endpoint_keystone_internal" .}}
+export OS_AUTH_STRATEGY=keystone
+export OS_REGION_NAME={{.Values.keystone.admin_region_name}}
+export OS_INSECURE=1
+EOF
+
+. /tmp/openrc
+env
+openstack --debug role create _member_ --or-show

nova/templates/bin/_start-osapi.sh.tpl

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -ex 
+
+#
+# start nova-api-osapi service
+#
+# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges
+# by stubbing in a fake iptables scripts
+
+echo <<EOF>/tmp/iptables
+#!/bin/sh
+# nova-api-metadata trys to run some iptables commands
+# This enables the api-only container to run without NET_ADMIN privileges
+true
+EOF
+
+# make it executable and copy it over whatever iptables may be underneath in this image
+chmod +x /tmp/iptables
+cp -p /tmp/iptables /sbin/iptables
+cp -p /tmp/iptables /sbin/iptables-restore
+cp -p /tmp/iptables /sbin/iptables-save
+
+exec nova-api --config-file /etc/nova/nova.conf

nova/templates/configmap-bin.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nova-bin
+data:
+  db-sync.sh: |
+{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
+  init.sh: |
+{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
+  start-osapi.sh: |
+{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }}
+  post.sh: |
+{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
+  libvirt.sh: |
+{{ tuple "bin/_libvirt.sh.tpl" . | include "template" | indent 4 }}

nova/templates/configmap-etc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nova-etc
+data:
+  nova.conf: |+
+{{ tuple "etc/_nova.conf.tpl" . | include "template" | indent 4 }}
+  ceph.client.cinder.keyring.yaml: |+
+{{ tuple "etc/_ceph.client.cinder.keyring.yaml.tpl" . | include "template" | indent 4 }}
+  resolv.conf: |+
+{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }}
+  libvirtd.conf: |+
+{{ tuple "etc/_libvirtd.conf.tpl" . | include "template" | indent 4 }}