From cd00c3d9ef656fe10f2db30846d0e802edfcc686 Mon Sep 17 00:00:00 2001 From: Dong Ma Date: Thu, 16 Jan 2025 09:57:50 +0000 Subject: [PATCH] Fix the neutron-ironic-agent fail to start Closes-Bug: ATMOSPHERE-633 Depends-On: I0b15142aabab38fafab829a16cee0297b749e6e8 Change-Id: Idf6b26b0983c8d3cb8ecdd9ef4523b7f12a51592 (cherry picked from commit 60aa8ed0f3a114d6d9af921db19b029e6af27dfa) --- .../bin/_neutron-ironic-agent-init.sh.tpl | 25 ++++ charts/neutron/templates/configmap-bin.yaml | 2 + .../templates/deployment-ironic-agent.yaml | 17 +++ charts/neutron/values.yaml | 4 + .../0003-fix-neutron-ironic-agent.patch | 108 ++++++++++++++++++ ...neutron-ironic-agent-f3eedbcec84b0478.yaml | 4 + roles/defaults/vars/main.yml | 1 + 7 files changed, 161 insertions(+) create mode 100644 charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl create mode 100644 charts/patches/neutron/0003-fix-neutron-ironic-agent.patch create mode 100644 releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml diff --git a/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl new file mode 100644 index 000000000..3df3315bc --- /dev/null +++ b/charts/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} +mkdir -p /tmp/pod-shared +tee > /tmp/pod-shared/neutron-agent.ini << EOF +[DEFAULT] +host = $(hostname --fqdn) +EOF +{{- end }} diff --git a/charts/neutron/templates/configmap-bin.yaml b/charts/neutron/templates/configmap-bin.yaml index 2032b156c..87b2b798d 100644 --- a/charts/neutron/templates/configmap-bin.yaml +++ b/charts/neutron/templates/configmap-bin.yaml @@ -95,6 +95,8 @@ data: {{ tuple "bin/_neutron-policy-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-rpc-server.sh: | {{ tuple "bin/_neutron-rpc-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ironic-agent-init.sh: | +{{ tuple "bin/_neutron-ironic-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-ironic-agent.sh: | {{ tuple "bin/_neutron-ironic-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-netns-cleanup-cron.sh: | diff --git a/charts/neutron/templates/deployment-ironic-agent.yaml b/charts/neutron/templates/deployment-ironic-agent.yaml index 014c9adfb..1b468e2b6 100644 --- a/charts/neutron/templates/deployment-ironic-agent.yaml +++ b/charts/neutron/templates/deployment-ironic-agent.yaml @@ -60,6 +60,19 @@ spec: terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }} initContainers: {{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: neutron-ironic-agent-init +{{ tuple $envAll "neutron_ironic_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "neutron_ironic_agent" "container" "neutron_ironic_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/neutron-ironic-agent-init.sh + volumeMounts: + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-bin + mountPath: /tmp/neutron-ironic-agent-init.sh + subPath: neutron-ironic-agent-init.sh + readOnly: true containers: - name: neutron-ironic-agent {{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -79,6 +92,8 @@ spec: mountPath: /tmp - name: pod-var-neutron mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} + - name: pod-shared + mountPath: /tmp/pod-shared - name: neutron-bin mountPath: /tmp/neutron-ironic-agent.sh subPath: neutron-ironic-agent.sh @@ -104,6 +119,8 @@ spec: emptyDir: {} - name: pod-var-neutron emptyDir: {} + - name: pod-shared + mountPath: /tmp/pod-shared - name: neutron-bin configMap: name: neutron-bin diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml index 819d7853b..b1ff45695 100644 --- a/charts/neutron/values.yaml +++ b/charts/neutron/values.yaml @@ -46,6 +46,7 @@ images: neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy + neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal @@ -679,6 +680,9 @@ pod: pod: runAsUser: 42424 container: + neutron_ironic_agent_init: + runAsUser: 0 + readOnlyRootFilesystem: true neutron_ironic_agent: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch b/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch new file mode 100644 index 000000000..c11223970 --- /dev/null +++ b/charts/patches/neutron/0003-fix-neutron-ironic-agent.patch @@ -0,0 +1,108 @@ +diff --git a/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl b/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl +new file mode 100644 +index 00000000..3df3315b +--- /dev/null ++++ b/neutron/templates/bin/_neutron-ironic-agent-init.sh.tpl +@@ -0,0 +1,25 @@ ++#!/bin/bash ++ ++{{/* ++Licensed under the Apache License, Version 2.0 (the "License"); ++you may not use this file except in compliance with the License. ++You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++Unless required by applicable law or agreed to in writing, software ++distributed under the License is distributed on an "AS IS" BASIS, ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++See the License for the specific language governing permissions and ++limitations under the License. ++*/}} ++ ++set -ex ++ ++{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} ++mkdir -p /tmp/pod-shared ++tee > /tmp/pod-shared/neutron-agent.ini << EOF ++[DEFAULT] ++host = $(hostname --fqdn) ++EOF ++{{- end }} +diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml +index 2032b156..87b2b798 100644 +--- a/neutron/templates/configmap-bin.yaml ++++ b/neutron/templates/configmap-bin.yaml +@@ -95,6 +95,8 @@ data: + {{ tuple "bin/_neutron-policy-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-rpc-server.sh: | + {{ tuple "bin/_neutron-rpc-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ++ neutron-ironic-agent-init.sh: | ++{{ tuple "bin/_neutron-ironic-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ironic-agent.sh: | + {{ tuple "bin/_neutron-ironic-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-netns-cleanup-cron.sh: | +diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml +index 014c9adf..1b468e2b 100644 +--- a/neutron/templates/deployment-ironic-agent.yaml ++++ b/neutron/templates/deployment-ironic-agent.yaml +@@ -60,6 +60,19 @@ spec: + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }} + initContainers: + {{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} ++ - name: neutron-ironic-agent-init ++{{ tuple $envAll "neutron_ironic_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }} ++{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++{{ dict "envAll" $envAll "application" "neutron_ironic_agent" "container" "neutron_ironic_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} ++ command: ++ - /tmp/neutron-ironic-agent-init.sh ++ volumeMounts: ++ - name: pod-shared ++ mountPath: /tmp/pod-shared ++ - name: neutron-bin ++ mountPath: /tmp/neutron-ironic-agent-init.sh ++ subPath: neutron-ironic-agent-init.sh ++ readOnly: true + containers: + - name: neutron-ironic-agent + {{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }} +@@ -79,6 +92,8 @@ spec: + mountPath: /tmp + - name: pod-var-neutron + mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} ++ - name: pod-shared ++ mountPath: /tmp/pod-shared + - name: neutron-bin + mountPath: /tmp/neutron-ironic-agent.sh + subPath: neutron-ironic-agent.sh +@@ -104,6 +119,8 @@ spec: + emptyDir: {} + - name: pod-var-neutron + emptyDir: {} ++ - name: pod-shared ++ mountPath: /tmp/pod-shared + - name: neutron-bin + configMap: + name: neutron-bin +diff --git a/neutron/values.yaml b/neutron/values.yaml +index 819d7853..b1ff4569 100644 +--- a/neutron/values.yaml ++++ b/neutron/values.yaml +@@ -46,6 +46,7 @@ images: + neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov + neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy + neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy ++ neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy + neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy + neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal +@@ -679,6 +680,9 @@ pod: + pod: + runAsUser: 42424 + container: ++ neutron_ironic_agent_init: ++ runAsUser: 0 ++ readOnlyRootFilesystem: true + neutron_ironic_agent: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true diff --git a/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml b/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml new file mode 100644 index 000000000..773ef1b02 --- /dev/null +++ b/releasenotes/notes/fix-neutron-ironic-agent-f3eedbcec84b0478.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixed an issue where the ``neutron-ironic-agent`` service failed to start. diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml index 7158983f4..3ef268344 100644 --- a/roles/defaults/vars/main.yml +++ b/roles/defaults/vars/main.yml @@ -143,6 +143,7 @@ _atmosphere_images: neutron_coredns: "{{ atmosphere_image_prefix }}docker.io/coredns/coredns:1.11.1" neutron_db_sync: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}" neutron_dhcp: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}" + neutron_ironic_agent_init: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}" neutron_ironic_agent: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}" neutron_l2gw: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}" neutron_l3: "{{ atmosphere_image_prefix }}registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"