Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nova hypervisor agents #8122

Draft
wants to merge 39 commits into
base: master
Choose a base branch
from
Draft

Nova hypervisor agents #8122

wants to merge 39 commits into from

Conversation

fwiesel
Copy link
Member

@fwiesel fwiesel commented Mar 4, 2025

No description provided.

fwiesel and others added 30 commits March 4, 2025 10:52
@fwiesel
[nova] Split out nova kvm hypervisor to own chart
bd24ef7 
This is heavily WIP, so better keep it apart for that reason
alone.
The other is, we want to deploy the hypervisor independently
in a different cluster without pulling in rabbitmq, mariadb, etc...
@fwiesel
[nova-hypervisor-agents] Keep the default hostname
8039438 
Changing it doesn't help much, as the hypervisor-nodename
comes from the OS directly.
@notandy @fwiesel
[nova-hypervisor-agents] render identity_service_url locally
f8c070b
@notandy @fwiesel
try stop escaping the configmap value?
a202705
@notandy @fwiesel
remove newline from identity url
10aa768
@fwiesel
[nova-hypervisor-agents] Add sudo to sudoers.d
4a18ba2
@fwiesel
[nova-hypervisor-agents] Mount sudoers.d/nova read-only
83ac966
@notandy @fwiesel
configure vnc
82666b9
@fwiesel
[nova-hypervisor-agents] Get hostname from netbox for shoots
cdedbeb 
Gardener cannot provide yet stable hostnames, so we need to hack
it for now like that.
@fwiesel
[nova-hypervisor-agents] Remove non-existent fields
5035df1
@fwiesel
[nova-hypervisor-agents] Add share for instances
25290cf 
The common share moves all instance related storage to
shared storage, making failover and migration easier.
@fwiesel
[nova-hypervisor-agents] Detect infrastructure IP
107168c
@fwiesel
[nova-hypervisor-agents] Switch away from chart-museum
3063e42
@fwiesel
[nova-hypervisor-agents] Fix switch away from chart-museum
0469cd9
@fwiesel
Fixup 7502211
deed234
@fwiesel
First hacky version of managing the tls certs
5b79869 
This requires too much permissions for the pods, so it needs
some replacing.
But it works for now.
@fwiesel
Mount dev into container so we can read from pty
b607b73
@fwiesel
[nova-hypervisor-agents] Set default for nova console port
4be3f4d
@fwiesel
[nova-hypervisor-agents] Set vnc & spice console IPs dynamically
257bfeb
@fwiesel
[nova-hypervisor-agents] Distribute an SSH key for remote operations
bca7007 
Cold migration requires that the nova user can ssh to the destination
host to copy some file or at least to verify that it is a shared
file-system between source and destination.
@fwiesel
[nova-hypervisor-agents] Re-add accidentally dropped ca-keypair
f80bcd9
@fwiesel
[nova-hypervisor-agents] Ensure the tls socket is up
b360a00 
If the certificate expires, the services fails to restart eventually,
so we have to start the service somehow. Any socket would do,
and technically the shell command talks to the admin socket,
but we want the tls socket to be up too, so why not start that one.
@fwiesel
[nova-hypervisor-agents] Update dependencies for secrets-injector
afccb02
@fwiesel
[nova-hypervisor-agents] Use ini_sections.default_transport_url
2a948a2
@fwiesel
Remove secrets from configmap
3351498
@fwiesel
[nova-hypervisor-agent] Switch to secrets-injector for ssh
eb6cc2e
@fwiesel
[neutron/nova-agents] More resolve secrets
e41b66d
@fwiesel
[nova-hypervisor-agents] Handle existing secrets
f2e1780 
For a transitionary period, this script might co-exist with
other handlers.
@fwiesel
[openstack-hypervisor-operator] Assume cert is correct
cfa213f 
We will hopefully drop this soon.
@fwiesel
[nova] Remove transport_url from configmap
28db07d 
As it contains a secret, it is already in a k8s-secret.
fwiesel and others added 8 commits March 4, 2025 10:55
@fwiesel
[nova/neutron-hypervisor-agents] Fix netbox query
2977509
@fwiesel
[nova-hypervisor-agents ] Preserve compute-id
5060a0d
@notandy @fwiesel
[nova-hypervisor-agents] removed certmanagement, switch to downward api
c8f5fec 
cert management is done by kvm-node-agent and placed to
/var/lib/kvm-node-agent - a minor script is needed till symlinks are
propagated via orabos image.

downward api is now used for detecting host (nodename) and host ip
address.
@fwiesel
[nova-hypervisor-agents] Fixup pki-symlink script
6427189 
/var/lib/kvm-node-agent only exists on the host, not in the container.
The links need to be relative, not absolute.
@fwiesel
[nova-hypervisor-agents] No need for sudo in a root container
56bfa51
@fwiesel
[nova-hypervisor-agents] Environmen vars are all upper-case
8180626
@fwiesel
[nova-hypervisor-agents] Handle new hypervisor
6e21a1e
@fwiesel
[nova-hypervisor-agents] Pods require label to be set
7d3253a
@sapcc-bot
Copy link
Contributor

Failed to validate the helm chart. Details. Readme.

@sapcc-bot
Copy link
Contributor

Failed to validate the helm chart. Details. Readme.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joker-at-work joker-at-work Awaiting requested review from joker-at-work joker-at-work will be requested when the pull request is marked ready for review joker-at-work is a code owner

@leust leust Awaiting requested review from leust leust will be requested when the pull request is marked ready for review leust is a code owner

@BugRoger BugRoger Awaiting requested review from BugRoger BugRoger will be requested when the pull request is marked ready for review BugRoger is a code owner

@databus23 databus23 Awaiting requested review from databus23 databus23 will be requested when the pull request is marked ready for review databus23 is a code owner

@dhoeller dhoeller Awaiting requested review from dhoeller dhoeller will be requested when the pull request is marked ready for review dhoeller is a code owner

@edda edda Awaiting requested review from edda edda will be requested when the pull request is marked ready for review edda is a code owner

@artherd42 artherd42 Awaiting requested review from artherd42 artherd42 will be requested when the pull request is marked ready for review artherd42 is a code owner

@martinpink martinpink Awaiting requested review from martinpink martinpink will be requested when the pull request is marked ready for review martinpink is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fwiesel @sapcc-bot @notandy