From 4cb86e1058d7f4cf49dd743fd5f096b230a82ce3 Mon Sep 17 00:00:00 2001 From: nicholaskuechler Date: Mon, 10 Jun 2024 09:33:18 -0500 Subject: [PATCH] feat: Adds nova to understack --- apps/components/nova.yaml | 39 ++++++++++++ components/nova/README.md | 1 + components/nova/aio-values.yaml | 75 ++++++++++++++++++++++++ components/nova/kustomization.yaml | 7 +++ components/nova/nova-mariadb-db.yaml | 52 ++++++++++++++++ components/nova/nova-rabbitmq-queue.yaml | 59 +++++++++++++++++++ components/nova/values.tpl.yaml | 8 +++ scripts/easy-secrets-gen.sh | 31 +++++++++- 8 files changed, 271 insertions(+), 1 deletion(-) create mode 100644 apps/components/nova.yaml create mode 100644 components/nova/README.md create mode 100644 components/nova/aio-values.yaml create mode 100644 components/nova/kustomization.yaml create mode 100644 components/nova/nova-mariadb-db.yaml create mode 100644 components/nova/nova-rabbitmq-queue.yaml create mode 100644 components/nova/values.tpl.yaml diff --git a/apps/components/nova.yaml b/apps/components/nova.yaml new file mode 100644 index 000000000..a01cd5935 --- /dev/null +++ b/apps/components/nova.yaml @@ -0,0 +1,39 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nova +spec: + project: understack + sources: + - repoURL: https://github.com/rackerlabs/understack.git + path: components/nova/ + targetRevision: ${UC_REPO_REF} + ref: understack + - repoURL: https://tarballs.opendev.org/openstack/openstack-helm/ + chart: nova + targetRevision: 0.3.42 + helm: + releaseName: nova + valueFiles: + - $understack/components/openstack-2024.1-jammy.yaml + - $understack/components/nova/aio-values.yaml + - $secrets/secrets/${DEPLOY_NAME}/secret-openstack.yaml + - $secrets/helm-configs/${DEPLOY_NAME}/nova.yaml + - repoURL: ${UC_DEPLOY_GIT_URL} + path: secrets/${DEPLOY_NAME}/ + targetRevision: ${UC_DEPLOY_REF} + directory: + include: 'secret-nova-*.yaml' + ref: secrets + destination: + server: "https://kubernetes.default.svc" + namespace: openstack + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + managedNamespaceMetadata: + labels: + kubernetes.io/metadata.name: openstack + name: openstack diff --git a/components/nova/README.md b/components/nova/README.md new file mode 100644 index 000000000..983da095f --- /dev/null +++ b/components/nova/README.md @@ -0,0 +1 @@ +# OpenStack Nova diff --git a/components/nova/aio-values.yaml b/components/nova/aio-values.yaml new file mode 100644 index 000000000..9a1ec8d39 --- /dev/null +++ b/components/nova/aio-values.yaml @@ -0,0 +1,75 @@ +--- +release_group: null + +# typically overridden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + oslo_messaging: + statefulset: + replicas: 3 + name: rabbitmq-server + hosts: + default: rabbitmq-nodes + +# (nicholas.kuechler) Using custom dependencies in order to +# prevent the nova-db-init and nova-rabbit-init jobs from running +dependencies: + dynamic: + common: + local_image_registry: + jobs: null + static: + api: + jobs: + - nova-db-sync + - nova-ks-user + - nova-ks-endpoints + api_metadata: + jobs: + - nova-db-sync + - nova-ks-user + - nova-ks-endpoints + cell_setup: + jobs: + - nova-db-sync + service_cleaner: + jobs: + - nova-db-sync + compute: + jobs: + - nova-db-sync + compute_ironic: + jobs: + - nova-db-sync + conductor: + jobs: + - nova-db-sync + archive_deleted_rows: + jobs: + - nova-db-sync + db_sync: + jobs: + scheduler: + jobs: + - nova-db-sync + +manifests: + job_db_init: false + job_rabbit_init: false + pod_rally_test: false + secret_db: false + secret_keystone: true + +# we don't want to enable OpenStack Helm's +# helm.sh/hooks because they set them as +# post-install,post-upgrade which in ArgoCD +# maps to PostSync. However the deployments +# and statefulsets in OpenStack Helm +# depend on the jobs to complete to become +# healthy. Which they cannot because they are in +# the post step and not in the main step. +# Turning this on results in the keys jobs +# editing the annotation which deletes the item +# and wipes our keys. +helm3_hook: false diff --git a/components/nova/kustomization.yaml b/components/nova/kustomization.yaml new file mode 100644 index 000000000..e78f42500 --- /dev/null +++ b/components/nova/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - nova-mariadb-db.yaml + - nova-rabbitmq-queue.yaml diff --git a/components/nova/nova-mariadb-db.yaml b/components/nova/nova-mariadb-db.yaml new file mode 100644 index 000000000..f0f44d0d4 --- /dev/null +++ b/components/nova/nova-mariadb-db.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: Database +metadata: + name: nova + namespace: openstack +spec: + # If you want the database to be created with a different name than the resource name + # name: data-custom + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + characterSet: utf8 + collate: utf8_general_ci + retryInterval: 5s +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: User +metadata: + name: nova + namespace: openstack +spec: + # If you want the user to be created with a different name than the resource name + # name: user-custom + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + passwordSecretKeyRef: + name: nova-db-password + key: password + # This field is immutable and defaults to 10, 0 means unlimited. + maxUserConnections: 0 + host: "%" + retryInterval: 5s +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: Grant +metadata: + name: nova-grant + namespace: openstack +spec: + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + privileges: + - "ALL" + database: "nova" + table: "*" + username: nova + grantOption: true + host: "%" + retryInterval: 5s diff --git a/components/nova/nova-rabbitmq-queue.yaml b/components/nova/nova-rabbitmq-queue.yaml new file mode 100644 index 000000000..59f6cecec --- /dev/null +++ b/components/nova/nova-rabbitmq-queue.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: rabbitmq.com/v1beta1 +kind: User +metadata: + name: nova + namespace: openstack +spec: + tags: + - management # available tags are 'management', 'policymaker', 'monitoring' and 'administrator' + - policymaker + rabbitmqClusterReference: + name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource + namespace: openstack + importCredentialsSecret: + name: nova-rabbitmq-password +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Vhost +metadata: + name: nova-vhost + namespace: openstack +spec: + name: "nova" # vhost name; required and cannot be updated + defaultQueueType: quorum # default queue type for this vhost; require RabbitMQ version 3.11.12 or above + rabbitmqClusterReference: + name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource + namespace: openstack +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Queue +metadata: + name: nova-queue + namespace: openstack +spec: + name: nova-qq # name of the queue + vhost: "nova" # default to '/' if not provided + type: quorum # without providing a queue type, rabbitmq creates a classic queue + autoDelete: false + durable: true # setting 'durable' to false means this queue won't survive a server restart + rabbitmqClusterReference: + name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource + namespace: openstack +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Permission +metadata: + name: nova-permission + namespace: openstack +spec: + vhost: "nova" # name of a vhost + userReference: + name: "nova" # name of a user.rabbitmq.com in the same namespace; must specify either spec.userReference or spec.user + permissions: + write: ".*" + configure: ".*" + read: ".*" + rabbitmqClusterReference: + name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource + namespace: openstack diff --git a/components/nova/values.tpl.yaml b/components/nova/values.tpl.yaml new file mode 100644 index 000000000..ec1b430fe --- /dev/null +++ b/components/nova/values.tpl.yaml @@ -0,0 +1,8 @@ +# add your values.yaml overrides for the helm chart here + +network: + api: + ingress: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: ${DEPLOY_NAME}-cluster-issuer diff --git a/scripts/easy-secrets-gen.sh b/scripts/easy-secrets-gen.sh index 3f8ecf2a3..f12192fae 100755 --- a/scripts/easy-secrets-gen.sh +++ b/scripts/easy-secrets-gen.sh @@ -119,7 +119,12 @@ export NEUTRON_KEYSTONE_PASSWORD="$(./scripts/pwgen.sh)" export NEUTRON_DB_PASSWORD="$(./scripts/pwgen.sh)" # rabbitmq user password for the neutron queues export NEUTRON_RABBITMQ_PASSWORD="$(./scripts/pwgen.sh)" - +# nova keystone service account +export NOVA_KEYSTONE_PASSWORD="$(./scripts/pwgen.sh)" +# nova user password in mariadb for nova db +export NOVA_DB_PASSWORD="$(./scripts/pwgen.sh)" +# rabbitmq user password for the inovaronic queues +export NOVA_RABBITMQ_PASSWORD="$(./scripts/pwgen.sh)" [ ! -f "${DEST_DIR}/secret-keystone-rabbitmq-password.yaml" ] && \ kubectl --namespace openstack \ @@ -194,6 +199,30 @@ kubectl --namespace openstack \ --from-literal=password="${NEUTRON_KEYSTONE_PASSWORD}" \ --dry-run=client -o yaml | secret-seal-stdin "${DEST_DIR}/secret-neutron-keystone-password.yaml" +# nova credentials +[ ! -f "${DEST_DIR}/secret-nova-rabbitmq-password.yaml" ] && \ +kubectl --namespace openstack \ + create secret generic nova-rabbitmq-password \ + --type Opaque \ + --from-literal=username="nova" \ + --from-literal=password="${NOVA_RABBITMQ_PASSWORD}" \ + --dry-run=client -o yaml > "${DEST_DIR}/secret-nova-rabbitmq-password.yaml" + +[ ! -f "${DEST_DIR}/secret-nova-db-password.yaml" ] && \ +kubectl --namespace openstack \ + create secret generic nova-db-password \ + --type Opaque \ + --from-literal=password="${NOVA_DB_PASSWORD}" \ + --dry-run=client -o yaml > "${DEST_DIR}/secret-nova-db-password.yaml" + +[ ! -f "${DEST_DIR}/secret-nova-keystone-password.yaml" ] && \ +kubectl --namespace openstack \ + create secret generic nova-keystone-password \ + --type Opaque \ + --from-literal=username="nova" \ + --from-literal=password="${NOVA_KEYSTONE_PASSWORD}" \ + --dry-run=client -o yaml > "${DEST_DIR}/secret-nova-keystone-password.yaml" + if [ "x${DO_TMPL_VALUES}" = "xy" ]; then [ ! -f "${DEST_DIR}/secret-openstack.yaml" ] && \ yq '(.. | select(tag == "!!str")) |= envsubst' \