feat: Adds nova to understack

apps/appsets/openstack/openstack.yaml

@@ -18,6 +18,10 @@ spec:
                   chartVersion: 0.3.13
                 - component: ironic
                   chartVersion: 0.2.15
+                - component: neutron
+                  chartVersion: 0.3.44
+                - component: nova
+                  chartVersion: 0.3.42
   template:
     metadata:
       name: '{{.name}}-{{.component}}'

components/nova/README.md

@@ -0,0 +1 @@
+# OpenStack Nova

components/nova/aio-values.yaml

@@ -0,0 +1,75 @@
+---
+release_group: null
+
+# typically overridden by environmental
+# values, but should include all endpoints
+# required by this chart
+endpoints:
+  oslo_messaging:
+    statefulset:
+      replicas: 3
+      name: rabbitmq-server
+    hosts:
+      default: rabbitmq-nodes
+
+# (nicholas.kuechler) Using custom dependencies in order to
+# prevent the nova-db-init and nova-rabbit-init jobs from running
+dependencies:
+  dynamic:
+    common:
+      local_image_registry:
+        jobs: null
+  static:
+    api:
+      jobs:
+        - nova-db-sync
+        - nova-ks-user
+        - nova-ks-endpoints
+    api_metadata:
+      jobs:
+        - nova-db-sync
+        - nova-ks-user
+        - nova-ks-endpoints
+    cell_setup:
+      jobs:
+        - nova-db-sync
+    service_cleaner:
+      jobs:
+        - nova-db-sync
+    compute:
+      jobs:
+        - nova-db-sync
+    compute_ironic:
+      jobs:
+        - nova-db-sync
+    conductor:
+      jobs:
+        - nova-db-sync
+    archive_deleted_rows:
+      jobs:
+        - nova-db-sync
+    db_sync:
+      jobs:
+    scheduler:
+      jobs:
+        - nova-db-sync
+
+manifests:
+  job_db_init: false
+  job_rabbit_init: false
+  pod_rally_test: false
+  secret_db: false
+  secret_keystone: true
+
+# we don't want to enable OpenStack Helm's
+# helm.sh/hooks because they set them as
+# post-install,post-upgrade which in ArgoCD
+# maps to PostSync. However the deployments
+# and statefulsets in OpenStack Helm
+# depend on the jobs to complete to become
+# healthy. Which they cannot because they are in
+# the post step and not in the main step.
+# Turning this on results in the keys jobs
+# editing the annotation which deletes the item
+# and wipes our keys.
+helm3_hook: false

components/nova/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - nova-mariadb-db.yaml
+  - nova-rabbitmq-queue.yaml

components/nova/nova-mariadb-db.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: Database
+metadata:
+  name: nova
+  namespace: openstack
+spec:
+  # If you want the database to be created with a different name than the resource name
+  # name: data-custom
+  mariaDbRef:
+    name: mariadb  # name of the MariaDB kind
+    waitForIt: true
+  characterSet: utf8
+  collate: utf8_general_ci
+  retryInterval: 5s
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: User
+metadata:
+  name: nova
+  namespace: openstack
+spec:
+  # If you want the user to be created with a different name than the resource name
+  # name: user-custom
+  mariaDbRef:
+    name: mariadb  # name of the MariaDB kind
+    waitForIt: true
+  passwordSecretKeyRef:
+    name: nova-db-password
+    key: password
+  # This field is immutable and defaults to 10, 0 means unlimited.
+  maxUserConnections: 0
+  host: "%"
+  retryInterval: 5s
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: Grant
+metadata:
+  name: nova-grant
+  namespace: openstack
+spec:
+  mariaDbRef:
+    name: mariadb  # name of the MariaDB kind
+    waitForIt: true
+  privileges:
+    - "ALL"
+  database: "nova"
+  table: "*"
+  username: nova
+  grantOption: true
+  host: "%"
+  retryInterval: 5s

components/nova/nova-rabbitmq-queue.yaml

@@ -0,0 +1,59 @@
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: nova
+  namespace: openstack
+spec:
+  tags:
+  - management  # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
+  - policymaker
+  rabbitmqClusterReference:
+    name: rabbitmq  # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+  importCredentialsSecret:
+    name: nova-rabbitmq-password
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Vhost
+metadata:
+  name: nova-vhost
+  namespace: openstack
+spec:
+  name: "nova"  # vhost name; required and cannot be updated
+  defaultQueueType: quorum  # default queue type for this vhost; require RabbitMQ version 3.11.12 or above
+  rabbitmqClusterReference:
+    name: rabbitmq  # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Queue
+metadata:
+  name: nova-queue
+  namespace: openstack
+spec:
+  name: nova-qq  # name of the queue
+  vhost: "nova"  # default to '/' if not provided
+  type: quorum  # without providing a queue type, rabbitmq creates a classic queue
+  autoDelete: false
+  durable: true  # setting 'durable' to false means this queue won't survive a server restart
+  rabbitmqClusterReference:
+    name: rabbitmq  # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: nova-permission
+  namespace: openstack
+spec:
+  vhost: "nova"  # name of a vhost
+  userReference:
+    name: "nova"  # name of a user.rabbitmq.com in the same namespace; must specify either spec.userReference or spec.user
+  permissions:
+    write: ".*"
+    configure: ".*"
+    read: ".*"
+  rabbitmqClusterReference:
+    name: rabbitmq  # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack

components/nova/values.tpl.yaml

@@ -0,0 +1,8 @@
+# add your values.yaml overrides for the helm chart here
+
+network:
+  api:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        cert-manager.io/cluster-issuer: ${DEPLOY_NAME}-cluster-issuer

scripts/easy-secrets-gen.sh

@@ -119,7 +119,12 @@ export NEUTRON_KEYSTONE_PASSWORD="$(./scripts/pwgen.sh)"
 export NEUTRON_DB_PASSWORD="$(./scripts/pwgen.sh)"
 # rabbitmq user password for the neutron queues
 export NEUTRON_RABBITMQ_PASSWORD="$(./scripts/pwgen.sh)"
-
+# nova keystone service account
+export NOVA_KEYSTONE_PASSWORD="$(./scripts/pwgen.sh)"
+# nova user password in mariadb for nova db
+export NOVA_DB_PASSWORD="$(./scripts/pwgen.sh)"
+# rabbitmq user password for the inovaronic queues
+export NOVA_RABBITMQ_PASSWORD="$(./scripts/pwgen.sh)"
 
 [ ! -f "${DEST_DIR}/secret-keystone-rabbitmq-password.yaml" ] && \
 kubectl --namespace openstack \
@@ -194,6 +199,30 @@ kubectl --namespace openstack \
     --from-literal=password="${NEUTRON_KEYSTONE_PASSWORD}" \
     --dry-run=client -o yaml | secret-seal-stdin "${DEST_DIR}/secret-neutron-keystone-password.yaml"
 
+# nova credentials
+[ ! -f "${DEST_DIR}/secret-nova-rabbitmq-password.yaml" ] && \
+kubectl --namespace openstack \
+    create secret generic nova-rabbitmq-password \
+    --type Opaque \
+    --from-literal=username="nova" \
+    --from-literal=password="${NOVA_RABBITMQ_PASSWORD}" \
+    --dry-run=client -o yaml | secret-seal-stdin "${DEST_DIR}/secret-nova-rabbitmq-password.yaml"
+
+[ ! -f "${DEST_DIR}/secret-nova-db-password.yaml" ] && \
+kubectl --namespace openstack \
+    create secret generic nova-db-password \
+    --type Opaque \
+    --from-literal=password="${NOVA_DB_PASSWORD}" \
+    --dry-run=client -o yaml | secret-seal-stdin "${DEST_DIR}/secret-nova-db-password.yaml"
+
+[ ! -f "${DEST_DIR}/secret-nova-keystone-password.yaml" ] && \
+kubectl --namespace openstack \
+    create secret generic nova-keystone-password \
+    --type Opaque \
+    --from-literal=username="nova" \
+    --from-literal=password="${NOVA_KEYSTONE_PASSWORD}" \
+    --dry-run=client -o yaml | secret-seal-stdin "${DEST_DIR}/secret-nova-keystone-password.yaml"
+
 if [ "x${DO_TMPL_VALUES}" = "xy" ]; then
     [ ! -f "${DEST_DIR}/secret-openstack.yaml" ] && \
     yq '(.. | select(tag == "!!str")) |= envsubst' \