sapcc · fwiesel · May 2, 2024 · Jun 13, 2024 · Jun 13, 2024 · Jun 13, 2024
@@ -93,6 +93,7 @@
 /openstack/nannies                                     @chuan137 @Carthaca @fwiesel @kpawar-sap
 /openstack/neutron                                     @notandy @fwiesel @sebageek @sven-rosenzweig @rhalina @swagner-de @mutax @BenjaminLudwigSAP @m-kratochvil @occamshatchet
 /openstack/nova                                        @joker-at-work @fwiesel @grandchild @leust
+/openstack/nova-hypervisor-agents                      @joker-at-work @fwiesel @grandchild @notandy @mchristianl
 /openstack/octavia                                     @notandy @BenjaminLudwigSAP @fwiesel @dusandordevicsap @velp @m-kratochvil
 /openstack/octobus                                     @viennaa @Kuckkuck @businessbean
 /openstack/openstack-seeder                            @stefanhipfel @databus23 @fwiesel

@@ -0,0 +1,9 @@
+dependencies:
+- name: utils
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 0.19.7
+- name: owner-info
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 1.0.0
+digest: sha256:15dfd047e52f668329611a1999c2f1231dc82228516ed4c0feff1c0227a3f17e
+generated: "2025-02-18T15:32:56.278934-05:00"
@@ -0,0 +1,13 @@
+apiVersion: v2
+description: A Helm chart Nova hypervisor agents
+name: nova-hypervisor-agents
+icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_mascot.png
+version: 0.2.0
+appVersion: "xena"
+dependencies:
+- name: utils
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: ~0.19.6
+- name: owner-info
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: ~1.0.0
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+exec chroot /host /usr/bin/env -i PATH="/sbin:/bin:/usr/sbin:/usr/bin" "${0##*/}" "$@"
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+exec chroot /host /usr/bin/env -i PATH="/sbin:/bin:/usr/sbin:/usr/bin" "${0##*/}" "$@"
@@ -0,0 +1,40 @@
+#!/var/lib/openstack/bin/python3
+import json
+import os
+import pathlib
+import platform
+import socket
+import subprocess
+import textwrap
+import uuid
+
+import requests
+
+from novaclient import client as novaclient
+from novaclient import exceptions as novaexceptions
+import configparser
+
+
+def _get_hypervisor():
+    config = configparser.ConfigParser()
+    config.read("/etc/nova/nova.conf.d/keystoneauth-secrets.conf")
+    authtoken = config["service_user"]
+    auth_endpoint = socket.gethostbyname_ex("identity-3")[1][0]
+    client = novaclient.Client(
+        "2.53",
+        authtoken["username"],
+        authtoken["password"],
+        user_domain_name="default",
+        project_domain_name="default",
+        project_name="service",
+        auth_url=f"https://{auth_endpoint}/v3",
+    )
+    node = os.environ.get("OS_DEFAULT__host", platform.node().split(".", 1)[0])
+    try:
+        return client.hypervisors.search(node, detailed=True)[0]
+    except (novaexceptions.NotFound, IndexError):
+        return None
+
+hypervisor = _get_hypervisor()
+if hypervisor:
+    pathlib.Path("/var/lib/nova/compute_id").write_text(hypervisor.id)
@@ -1,8 +1,6 @@
 #!/usr/bin/env bash
-
 set -e
 
-
 . /container.init/common.sh
 
 function start_application {

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+cd /host/etc/pki
+NODE_AGENT_DIR="../../var/lib/kvm-node-agent"
+
+[ -d ${NODE_AGENT_DIR}/CA ] || exit 1
+
+if [ ! -L CA ]
+then
+    rm -rf CA
+    ln -s ${NODE_AGENT_DIR}/CA
+fi
+
+[ -d ${NODE_AGENT_DIR}/libvirt ] || exit 1
+
+if [ ! -L libvirt ]
+then
+    rm -rf libvirt
+    ln -s ${NODE_AGENT_DIR}/libvirt
+fi
@@ -0,0 +1,25 @@
+global:
+  nova_service_password: topSecret
+  dockerHubMirror: myRegistry/dockerhub
+  registry: myRegistry
+
+imageVersion: latest
+
+rabbitmq:
+  users:
+    default:
+      name: name
+      password: password
+
+defaults:
+  hypervisor:
+    kvm:
+      pod:
+        tolerations:
+          hypervisorNoSchedule:
+            key: "species"
+            operator: "Equal"
+            value: "hypervisor"
+            effect: "NoSchedule"
+        nodeSelector:
+          species: hypervisor
@@ -0,0 +1,74 @@
+{{- define "identity_service_url" -}}
+https://identity-3.{{.Values.global.region}}.{{.Values.global.tld}}/v3
+{{- end }}
+
+{{- define "nova.helpers.ini_sections.api_database" }}
+
+[api_database]
+connection = {{ tuple . .Values.apidbName .Values.apidbUser .Values.apidbPassword .Values.mariadb_api.name | include "db_url_mysql" }}
+{{- include "ini_sections.database_options_mysql" . }}
+{{- end }}
+
+{{- define "cell0_db_path" }}
+    {{- tuple . .Values.cell0dbName .Values.cell0dbUser (default .Values.cell0dbPassword .Values.global.dbPassword) | include "db_url_mysql" }}
+{{- end }}
+
+
+{{- define "container_image_nova" -}}
+  {{- $name := index . 1 -}}
+  {{- with index . 0 -}}
+    {{- $version_name := printf "imageVersionNova%s" ($name | lower | replace "-" " " | title | nospace) -}}
+    {{ required ".Values.global.registry is missing" .Values.global.registry}}/{{ .Values.imageNameNova }}:{{index .Values $version_name | default .Values.imageVersionNova | default .Values.imageVersion | required "Please set nova.imageVersionNova or similar" }}
+
+  {{- end -}}
+{{- end -}}
+
+
+{{- define "job_metadata" }}
+  {{- $name := index . 1 }}
+  {{- with index . 0 }}
+labels:
+  alert-tier: os
+  alert-service: nova
+{{ tuple . .Release.Name $name | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 2 }}
+annotations:
+  bin-hash: {{ include (print .Template.BasePath "/bin/_" $name ".tpl") . | sha256sum }}
+  {{- end }}
+{{- end }}
+
+{{- define "job_name" }}
+  {{- $name := index . 1 }}
+  {{- with index . 0 }}
+    {{- $bin := include (print .Template.BasePath "/bin/_" $name ".tpl") . }}
+    {{- $all := list $bin (include "utils.proxysql.job_pod_settings" . ) (include "utils.proxysql.volume_mount" . ) (include "utils.proxysql.container" . ) (include "utils.proxysql.volumes" .) (tuple . (dict) | include "utils.snippets.kubernetes_entrypoint_init_container") | join "\n" }}
+    {{- $hash := empty .Values.proxysql.mode | ternary $bin $all | sha256sum }}
+{{- .Release.Name }}-{{ $name }}-{{ substr 0 4 $hash }}-{{ .Values.imageVersion | required "Please set nova.imageVersion or similar"}}
+  {{- end }}
+{{- end }}
+
+
+{{- define "nova.helpers.database_services" }}
+  {{- $envAll := . }}
+  {{- $dbs := dict }}
+  {{- range $d := $envAll.Chart.Dependencies }}
+    {{- if and (hasPrefix "mariadb" $d.Name) }}
+        {{- $db := get $envAll.Values $d.Name }}
+        {{- if get $db "enabled" }}
+          {{- $_ := set $dbs (print (get $db "name") "-mariadb") $db }}
+        {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- keys $dbs | sortAlpha | join "," }}
+{{- end }}
+
+{{- define "console-novnc.conf" }}
+{{- $cell_name := index . 1 }}
+{{- $config := index . 2 }}
+{{- with index . 0 }}
+[vnc]
+enabled = {{ $config.enabled }}
+{{- if $config.enabled }}
+novncproxy_base_url = https://{{include "nova_console_endpoint_host_public" .}}:{{ .Values.global.novaConsolePortPublic }}/{{ $cell_name }}/novnc/vnc_auto.html?path=/{{ $cell_name }}/novnc/websockify
+{{- end }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,22 @@
+{{- define "kvm_configmap" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nova-compute-kvm
+  labels:
+    system: openstack
+    type: configuration
+    component: nova
+data:
+  nova-compute.conf: |
+    {{ include (print .Template.BasePath "/etc/_nova-compute.conf.tpl") . | nindent 4 }}
+  libvirtd.conf: |
+    listen_tcp = 1
+    listen_tls = 0
+    mdns_adv = 0
+    auth_tcp = "none"
+    ca_file = ""
+    log_level = 3
+    log_outputs = "3:stderr"
+    listen_addr = "127.0.0.1"
+{{- end }}
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-bin
+  labels:
+    system: openstack
+    type: configuration
+    component: nova
+data:
+{{ (.Files.Glob "bin/*").AsConfig | indent 2 }}
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-ca-key-pair
+  labels:
+    system: openstack
+    type: configuration
+    component: nova
+data:
+  tls.crt: {{ .Values.libvirt.ca.cert | b64enc }}
+  tls.key: {{ .Values.libvirt.ca.key | b64enc }}
@@ -0,0 +1,37 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-certificate-requester
+rules:
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - certificates
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-certificate-requesters
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}-certificate-requester
+  apiGroup: rbac.authorization.k8s.io
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-etc
+  labels:
+    system: openstack
+    type: configuration
+    component: nova
+
+data:
+  nova.conf: |
+    {{ include (print .Template.BasePath "/etc/_nova.conf.tpl") . | nindent 4 }}
+  logging.ini: |
+{{ include "loggerIni" .Values.logging | indent 4 }}
+  rootwrap.conf: |
+{{ include (print .Template.BasePath "/etc/_rootwrap.conf.tpl") . | indent 4 }}
+  compute.filters: |
+{{ include (print .Template.BasePath "/etc/_compute.filters.tpl") . | indent 4 }}
+  sudoers-nova: |
+{{ include (print .Template.BasePath "/etc/_sudoers-nova.tpl") . | indent 4 }}
+  statsd-exporter.yaml: |
+    defaults:
+      timer_type: histogram
+      buckets: [.025, .1, .25, 1, 2.5]
+      match_type: glob
+      glob_disable_ordering: false
+      ttl: 0 # metrics do not expire
+    mappings:
+    - match: "oslo.messaging.*.*"
+      name: "oslo_messaging_events"
+      labels:
+        method: "$1"
+        type: "$2"
+  release: |
+    [Nova]
+    vendor = SAP
+    support = If the issue persists, please contact us via https://documentation.global.cloud.sap/docs/support-contact-us
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-etc
+  labels:
+    system: openstack
+    type: configuration
+    component: nova
+stringData:
+  cell.conf: |
+    [DEFAULT]
+    {{- include "ini_sections.default_transport_url" . | nindent 4 }}
+  keystoneauth-secrets.conf: |
+    [cinder]
+    username = nova
+    password = {{ required ".Values.global.nova_service_password is missing" .Values.global.nova_service_password | include "resolve_secret" }}
+
+    [neutron]
+    username = nova
+    password = {{ required ".Values.global.nova_service_password is missing" .Values.global.nova_service_password | include "resolve_secret" }}
+
+    [keystone_authtoken]
+    username = nova
+    password = {{ required ".Values.global.nova_service_password is missing" .Values.global.nova_service_password | include "resolve_secret" }}
+
+    [placement]
+    username = nova
+    password = {{ required ".Values.global.nova_service_password is missing" .Values.global.nova_service_password | include "resolve_secret" }}
+
+    [service_user]
+    username = nova
+    password = {{ required ".Values.global.nova_service_password is missing" .Values.global.nova_service_password | include "resolve_secret" }}
+
+    {{- include "ini_sections.audit_middleware_notifications" . | nindent 4 }}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/usr/bin/env bash
		exec chroot /host /usr/bin/env -i PATH="/sbin:/bin:/usr/sbin:/usr/bin" "${0##*/}" "$@"