[WIP] Ironic service #93
Conversation
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Not verified yet Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
PXE is set up temporarily. Replace it with iPXE in the future. Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
| replicas: 1, | ||
|
|
||
| image: { | ||
| base: "quay.io/stackanetes/stackanetes-%s:barcelona", |
There was a problem hiding this comment.
can add a new line between base and init image?
| mountPath: /configmaps/nova-compute-ironic.sh | ||
| - name: resolvconf | ||
| mountPath: /configmaps/resolv.conf | ||
| - mountPath: /var/lib/nova |
| name: ironic-resolvconf | ||
| - name: varlibnovaironic | ||
| hostPath: | ||
| path: /var/lib/nova/ironic |
| nodeSelector: | ||
| {{ deployment.control_node_label }}: enabled | ||
| # TODO(DTadrzak): it must be removed in future | ||
| securityContext: |
There was a problem hiding this comment.
agree we should just add in in tftpd container.
| image: {{ deployment.image.conductor }} | ||
| imagePullPolicy: Always | ||
| # TODO(DTadrzak): it must be removed in future | ||
| securityContext: |
| security_group_api = neutron | ||
| network_api_class = nova.network.neutronv2.api.API | ||
|
|
||
| linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver |
There was a problem hiding this comment.
linuxnet_interface_driver = openvswitch
There was a problem hiding this comment.
we should use none or noop here, we don't need openvswitch here.
| #!/bin/bash | ||
| set -ex | ||
|
|
||
| ironic-api |
| value: "keystone-api" | ||
| - name: DEPENDENCY_CONFIG | ||
| value: "/tmp/post.sh" | ||
| - name: ANSIBLE_LIBRARY |
| @@ -19,9 +25,14 @@ data: | |||
| vxlan_group = 239.1.1.1 | |||
|
|
|||
| [securitygroup] | |||
| {% if ironic.enabled %} | |||
| firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver | |||
There was a problem hiding this comment.
make sure that neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver is still valid.
There was a problem hiding this comment.
for ironic it should be noop.
| @@ -29,13 +27,40 @@ data: | |||
| use_neutron = True | |||
| security_group_api = neutron | |||
| network_api_class = nova.network.neutronv2.api.API | |||
| # TODO(DTadrzak): FIX ME | |||
| firewall_driver = nova.virt.firewall.NoopFirewallDriver | |||
|
|
|||
| linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver | |||
There was a problem hiding this comment.
linuxnet_interface_driver = openvswitch
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
| spec: | ||
| # TODO(DTadrzak): it must be removed in future | ||
| securityContext: | ||
| runAsUser: 0 |
| # {{ deployment.compute_node_label }}: enabled | ||
| mateuszb: enabled | ||
| securityContext: | ||
| runAsUser: 0 |
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
| @@ -81,6 +81,13 @@ kpm.package({ | |||
| glance_keyring: "", | |||
| }, | |||
|
|
|||
| swift: { | |||
| enabled: false, | |||
| auth_address: "http://10.91.62.52:80/auth/1.0", | |||
There was a problem hiding this comment.
we should change it to rgw/auth/1.0 and have radosgw deployed on kubernetes. Some time ago we had a radosgw in stackanetes so we may reuse it.
| variables: { | ||
| deployment: { | ||
| control_node_label: "openstack-control-plane", | ||
| compute_node_label: "openstack-ironic-compute-node", |
There was a problem hiding this comment.
This is not really needed, openstack computes for Ironic are fully stateless for now.
| init: $.variables.deployment.image.base % "kolla-toolbox", | ||
| post: $.variables.deployment.image.base % "kolla-toolbox", | ||
| # TODO: | ||
| api: "10.91.96.87:5000/debian-source-ironic-api:mateuszb-ironic", |
There was a problem hiding this comment.
we should push those image to quay.io
| @@ -0,0 +1,59 @@ | |||
| apiVersion: extensions/v1beta1 | |||
| kind: DaemonSet | |||
There was a problem hiding this comment.
nova compute should be a DaemonSet or I would even opt to make it a PetSet (consitent hostnames).
There was a problem hiding this comment.
It is a DaemonSet now - should I change it into a PetSet?
There was a problem hiding this comment.
@ss7pro PetSet is currently not supported in kpm. I'll make it a Deployment for now
| spec: | ||
| nodeSelector: | ||
| # TODO: | ||
| # {{ deployment.compute_node_label }}: enabled |
There was a problem hiding this comment.
it should use control plane label.
| image: {{ deployment.image.compute }} | ||
| imagePullPolicy: Always | ||
| securityContext: | ||
| privileged: true |
| - name: DEPENDENCY_SERVICE | ||
| value: "keystone-api,glance-api,nova-api" | ||
| - name: DEPENDENCY_CONFIG | ||
| value: "/etc/nova/nova.conf,/etc/resolv.conf" |
There was a problem hiding this comment.
can we mount /etc/resolv.conf as a configmap, as done here: #99
| configMap: | ||
| name: ironic-resolvconf | ||
| - name: varlibnovaironic | ||
| hostPath: |
There was a problem hiding this comment.
this should be an emptyDir.
| - name: DEPENDENCY_SERVICE | ||
| value: "rabbitmq" | ||
| - name: DEPENDENCY_CONFIG | ||
| value: "/etc/ironic/ironic.conf,/etc/resolv.conf" |
There was a problem hiding this comment.
same thing for /etc/resolv.conf we should use it as here: #99
| image: {{ deployment.image.ironic_http }} | ||
| imagePullPolicy: Always | ||
| # TODO(DTadrzak): it must be removed in future | ||
| securityContext: |
| enabled_drivers = pxe_ipmitool,agent_ipmitool_socat,agent_pyghmi,fake | ||
|
|
||
| [api] | ||
| api_workers=128 |
There was a problem hiding this comment.
this should be parametrized: {{ misc.workers }} and should be 8 by default.
|
|
||
| [database] | ||
| connection = mysql+pymysql://{{ database.ironic_user }}:{{ database.ironic_password }}@{{ database.address }}/{{ database.ironic_database_name }} | ||
|
|
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| data: | ||
| default.conf: |+ |
There was a problem hiding this comment.
I would also redirect access and error log to std{out,err}:
error_log /dev/fd/2 info;
http {
access_log /dev/fd/1;
...
}
There was a problem hiding this comment.
it's done by default in nginx:alpine :
/ # ls -lah /var/log/nginx/error.log
lrwxrwxrwx 1 root root 11 Sep 23 17:11 /var/log/nginx/error.log -> /dev/stderr
/ # ls -lah /var/log/nginx/access.log
lrwxrwxrwx 1 root root 11 Sep 23 17:11 /var/log/nginx/access.log -> /dev/stdout
let me know if this is not the solution you expect
| nova.conf: |+ | ||
| [DEFAULT] | ||
| debug = {{ misc.debug }} | ||
| # TODO(DTadrzak): FIX ME |
There was a problem hiding this comment.
vif related stuff should be dropped.
There was a problem hiding this comment.
@ss7pro I believe that we don't want to create dozens of conditionals. Common nova.conf will be used by nova-compute, ironic-compute, nova-api, nova-conductor, nova-scheduler, ... If we want to hide some config options for specific services, we'll end up with multiple dirty if-elif-else statements
| connection = mysql+pymysql://{{ database.nova_user }}:{{ database.nova_password }}@{{ database.address }}/{{ database.nova_api_database_name }} | ||
| max_pool_size = {{ misc.workers }} | ||
| max_overflow = {{ misc.workers }} | ||
|
|
| username = {{ keystone.neutron_user }} | ||
| password = {{ keystone.neutron_password }} | ||
|
|
||
| [database] |
There was a problem hiding this comment.
we should remove this section.
| stores = file, http, rbd | ||
| default_store = rbd | ||
| rbd_store_pool = {{ ceph.glance_pool }} | ||
| rbd_store_user = {{ ceph.glance_user }} | ||
| rbd_store_ceph_conf = /etc/ceph/ceph.conf | ||
| rbd_store_chunk_size = 8 | ||
|
|
||
| {% elif swift.enabled -%} | ||
| stores = file, http, swift |
There was a problem hiding this comment.
swift and rbd should not be exclusive, please allow having both stores enabled
There was a problem hiding this comment.
what should be the default store in such case?
There was a problem hiding this comment.
I believe it calls for an additional flag (with swift generally being ok as default).
| init: $.variables.deployment.image.base % "kolla-toolbox", | ||
| post: $.variables.deployment.image.base % "kolla-toolbox", | ||
| # TODO: | ||
| api: "10.91.96.87:5000/debian-source-ironic-api:mateuszb-ironic", |
There was a problem hiding this comment.
should default to quay.io
| image: {{ deployment.image.compute }} | ||
| imagePullPolicy: Always | ||
| securityContext: | ||
| privileged: true |
There was a problem hiding this comment.
what do you need privileged mode for?
| api_url: "http://%s:6385/v1" % $.variables.network.ip_address, | ||
|
|
||
| dns: { | ||
| servers: ["10.3.0.10"], |
There was a problem hiding this comment.
I believe it should use global variable.
There was a problem hiding this comment.
See #93 (comment)
|
|
||
| dns: { | ||
| servers: ["10.3.0.10"], | ||
| kubernetes_domain: "cluster.local", |
There was a problem hiding this comment.
See #93 (comment)
| conductor: "10.91.96.87:5000/debian-source-ironic-conductor:mateuszb-ironic", | ||
| compute: "10.91.96.87:5000/debian-source-nova-compute-ironic:mateuszb-ironic", | ||
| ironic_pxe: "10.91.96.87:5000/debian-source-ironic-pxe:mateuszb-ironic", | ||
| ironic_http: "nginx:alpine", |
There was a problem hiding this comment.
should be debian based image
There was a problem hiding this comment.
Agreed to leave public nginx image - i'll just use more precise (nginx:1.11.5-alpine) version
| {% if ironic.enabled %} | ||
| type_drivers = flat | ||
| tenant_network_types = flat | ||
| mechanism_drivers = openvswitch |
There was a problem hiding this comment.
we should have noop or empty line here.
| @@ -8,8 +8,6 @@ data: | |||
| vif_plugging_is_fatal = False | |||
There was a problem hiding this comment.
Why are we having multiple nova.conf templates for ironic ? Can we have a single common one ?
There was a problem hiding this comment.
I'll make a single one with conditional configuration block when ironic_compute is enabled
| default_store = swift | ||
| swift_store_auth_version = 1 | ||
| swift_store_auth_address = {{ swift.auth_address }} | ||
| swift_store_user = {{ swift.glance_user }} |
There was a problem hiding this comment.
s/glance_user/store_user/
|
|
||
| ingress: { | ||
| enabled: true, | ||
| host: "%s.openstack.cluster", |
There was a problem hiding this comment.
take value for host from parameters.yaml
There was a problem hiding this comment.
Values from the manifest are overwritten with the same values from parameters.yaml (if present). However, they need to be specified in a manifest.
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
Signed-off-by: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
|
@auvipy this project is dead. If you're interested in running openstack on k8s please take a look at openstack-helm project (https://github.com/openstack/openstack-helm) |
No description provided.