To enable cold migration, need to update nova charts in openstack-helm
and helm-toolkit chart in openstack-helm-infra. These changes build
on existing upstream components which attempt to add a second container
to the nova-compute pod which creates a sshd process listening on port
8022.
Nova chart changes include:
- Fix bug in ssh-config mapping so config file is generated properly in
/root/.ssh/config in nova-compute container.
- Move private key from sshd container to nova-compute container.
- Map private and public ssh keys to new configmap-ssh which will
default to acceptable file permissions (400) for ssh. Keys will be
provided in overrides.
- Add additional config to /etc/ssh/sshd_config to allow passwordless
root logins over appropriate subnet passed in from overrides. This
is the same as what is done in nova puppet currently.
- Remove chmods from sshd bash script as they are failing. Function is
replaced by configmap-ssh.
To enable cold migration in nova helm chart, we need to allow multiple
containers within the same daemonset pod. This requires a patch to
the helm-toolkit _daemonset_overrides template to remove upstream
restriction. This issue is tracked upstream by storyboard 2003876.
These changes should be upstreamed but may require further refinement.
commit 9e649fabd82b062fe6fdea3e5b0e93385d48e361
Author: Don Penney <email address hidden>
Date: Fri Jan 18 16:03:45 2019 -0500
Add e2fsprogs to stx-nova package list
This update adds e2fsprogs to the pike and master docker
image build directives files for stx-nova, to provide the
mkfs utilities required for ephemeral storage support.
Change-Id: If9b901696169d7d157a37d6b96f7b8c4db0a24a5
Closes-Bug: 1812432
Signed-off-by: Don Penney <email address hidden>
commit 2462f3015a5601a9398400beef2fadc56cbaa89f
Author: Tao Liu <email address hidden>
Date: Sat Jan 12 23:21:53 2019 -0500
Clean up the stale files
The keystone-api pod gets stuck in CrashLoopBackOff on
AIO-SX lock/unlock attempt.
When Kubernetes decides to kill the keystone-api pod due to readiness
probe failure or other reasons, it calls the preStop hook immediately
before the container is terminated. This hook starts a graceful
shutdown process which includes removing pid, shared memory segment
and wsgi sock files. If the container is not terminated within the
grace period, a SIGKILL is sent, and the container is forced to shut
down.
When the container was forced to terminate without clean up, the
stale files were left behind. On the restart, the application
detected the file existed, and treated it as configuration failure,
hence the exit. As a result, the pod went into a crash loop.
This update removes any stale files when the pod starts.
Story: 2004520
Task: 28392
Change-Id: I613a0db674de9578b3f9d1fa781a1612d9caf214
Signed-off-by: Tao Liu <email address hidden>
Reviewed: https:/ /review. openstack. org/632814 /git.openstack. org/cgit/ openstack/ stx-upstream/ commit/ ?id=679b884c76f e00c649cb143bdd cf42b3e16b0d85
Committed: https:/
Submitter: Zuul
Branch: f/stein
commit cf672440526fa0b 3d4d27c9868523d edd294a0cb
Author: Don Penney <email address hidden>
Date: Wed Jan 23 11:47:26 2019 -0500
Update master stx-ceilometer to use panko-5.0.0
This commit updates the master docker image file for
ceilometer to specify install of panko-5.0.0 explicitly.
Depends-On: I854b75577b6dbc 3f0a8171190f5a1 aa839412dc8 046285e9ee0af34 db1be54a606
Change-Id: I4db80c4bcaaa09
Story: 2004520
Task: 29047
Signed-off-by: Don Penney <email address hidden>
commit 6e74844f720eee4 bd6d7b4067d3b6d b3b40caa49
Author: Gerry Kopec <email address hidden>
Date: Wed Jan 9 20:52:05 2019 -0500
Update helm charts to support cold migration
To enable cold migration, need to update nova charts in openstack-helm helm-infra. These changes build
and helm-toolkit chart in openstack-
on existing upstream components which attempt to add a second container
to the nova-compute pod which creates a sshd process listening on port
8022.
Nova chart changes include: root/.ssh/ config in nova-compute container. sshd_config to allow passwordless
- Fix bug in ssh-config mapping so config file is generated properly in
/
- Move private key from sshd container to nova-compute container.
- Map private and public ssh keys to new configmap-ssh which will
default to acceptable file permissions (400) for ssh. Keys will be
provided in overrides.
- Add additional config to /etc/ssh/
root logins over appropriate subnet passed in from overrides. This
is the same as what is done in nova puppet currently.
- Remove chmods from sshd bash script as they are failing. Function is
replaced by configmap-ssh.
To enable cold migration in nova helm chart, we need to allow multiple overrides template to remove upstream
containers within the same daemonset pod. This requires a patch to
the helm-toolkit _daemonset_
restriction. This issue is tracked upstream by storyboard 2003876.
These changes should be upstreamed but may require further refinement.
Story: 2003909 9e8b7564c713cf1 b5296ecf9f6
Task: 28927
Change-Id: Id789ba051cec01
Signed-off-by: Gerry Kopec <email address hidden>
commit 9e649fabd82b062 fe6fdea3e5b0e93 385d48e361
Author: Don Penney <email address hidden>
Date: Fri Jan 18 16:03:45 2019 -0500
Add e2fsprogs to stx-nova package list
This update adds e2fsprogs to the pike and master docker
image build directives files for stx-nova, to provide the
mkfs utilities required for ephemeral storage support.
Change-Id: If9b901696169d7 d157a37d6b96f7b 8c4db0a24a5
Closes-Bug: 1812432
Signed-off-by: Don Penney <email address hidden>
commit 2462f3015a5601a 9398400beef2fad c56cbaa89f
Author: Tao Liu <email address hidden>
Date: Sat Jan 12 23:21:53 2019 -0500
Clean up the stale files
The keystone-api pod gets stuck in CrashLoopBackOff on
AIO-SX lock/unlock attempt.
When Kubernetes decides to kill the keystone-api pod due to readiness
probe failure or other reasons, it calls the preStop hook immediately
before the container is terminated. This hook starts a graceful
shutdown process which includes removing pid, shared memory segment
and wsgi sock files. If the container is not terminated within the
grace period, a SIGKILL is sent, and the container is forced to shut
down.
When the container was forced to terminate without clean up, the
stale files were left behind. On the restart, the application
detected the file existed, and treated it as configuration failure,
hence the exit. As a result, the pod went into a crash loop.
This update removes any stale files when the pod starts.
Story: 2004520
Task: 28392
Change-Id: I613a0db674de95 78b3f9d1fa781a1 612d9caf214
Signed-off-by: Tao Liu <email address hidden>