starlingx/app-distributed-cloud
Code Issues Proposed changes

Prototype the dcmanager orchestration

Browse Source 
This commit updates the dcmanager helm-charts and application image
to support successful execution of the dcmanager orchestration. These
changes ensure that the `sw-deploy-strategy` orchestration runs end-to-end
without failures, aligning the deployment logic with the latest updates
and configurations.

Test Plan:
PASS: Successfully perform a `dcmanager sw-deploy-strategy` orchestration
      and verify all steps complete as expected.

Story: 2011312
Task: 51942

Change-Id: I68b0857351fd22cd5ffc02cd3e64132f87a00b11
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
This commit is contained in:
Hugo Brito 2025-03-31 18:58:30 -03:00
parent 89135ed0f1
commit ca1cdc79d6
12 changed files with 189 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -150,6 +150,10 @@ conf:
keystone_authtoken:
auth_version: v3
auth_type: password
ansible:
defaults:
remote_tmp: /tmp/.ansible-${USER}/tmp
log_path: ~/ansible.log
dependencies:
static:
api:

7
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/deployment.yaml
View File

@ -27,6 +27,8 @@ spec:
mountPath: {{ .Values.volume.backup.path }}
- name: {{ .Values.volume.platform.name }}
mountPath: {{ .Values.volume.platform.path }}
- name: {{ .Values.volume.feed.name }}
mountPath: {{ .Values.volume.feed.path }}
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
@ -56,6 +58,11 @@ spec:
persistentVolumeClaim:
claimName: {{ .Values.volume.platform.claimName }}
{{- end }}
{{- if .Values.volume.feed.enabled }}
- name: {{ .Values.volume.feed.name }}
persistentVolumeClaim:
claimName: {{ .Values.volume.feed.claimName }}
{{- end }}
- name: nginx-config
configMap:
name: {{ .Values.nginx.configMapName }}

33
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/pvc.yaml
View File

@ -44,7 +44,6 @@ spec:
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -60,3 +59,35 @@ spec:
volumeName: {{ .Values.volume.platform.volumeName }}
storageClassName: manual
{{- end }}
{{- if .Values.volume.feed.enabled }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.volume.feed.volumeName }}
spec:
capacity:
storage: {{ .Values.volume.feed.size }}
accessModes:
- {{ .Values.volume.feed.accessModes | join ", " }}
hostPath:
path: {{ .Values.volume.feed.path }}
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.volume.feed.claimName }}
namespace: {{ .Values.namespace }}
spec:
accessModes:
- {{ .Values.volume.feed.accessModes | join ", " }}
resources:
requests:
storage: {{ .Values.volume.feed.size }}
volumeName: {{ .Values.volume.feed.volumeName }}
storageClassName: nfs
{{- end }}

9
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/values.yaml
View File

@ -64,3 +64,12 @@ volume:
path: /opt/platform
size: 15Gi
volumeName: platform-pv
feed:
name: feed-volume
enabled: true
accessModes:
- ReadWriteMany
claimName: feed-pvc
path: /var/www/pages/feed/
size: 10Gi
volumeName: feed-pv

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-orchestrator.sh.tpl
View File

@ -8,4 +8,9 @@
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-orchestrator --config-file=/etc/dcmanager/dcmanager.conf

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-state.sh.tpl
View File

@ -8,4 +8,9 @@
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-state --config-file=/etc/dcmanager/dcmanager.conf

24
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-api.yaml
View File

@ -49,6 +49,10 @@ spec:
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
# NOTE(nicodemos): The state container is privileged to allow it to run
# /bin/mount command
securityContext:
privileged: true
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
@ -80,12 +84,14 @@ spec:
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
- name: dc-deploy-dir
mountPath: {{ .Values.conf.dcmanager.deploy.base_path }}/{{ .Values.conf.dcmanager.deploy.version }}
{{- if .Values.ca_certificates.root_ca }}
- name: feed-dir
mountPath: {{ .Values.conf.dcmanager.feed.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{- end }}
{{ if $mounts_dcmanager_api.volumeMounts }}{{ toYaml $mounts_dcmanager_api.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcmanager.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "dcManagerApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
@ -127,12 +133,12 @@ spec:
- name: dc-deploy-dir
hostPath:
path: /opt/dc-vault/deploy/{{ .Values.conf.dcmanager.deploy.version }}
{{- if .Values.ca_certificates.root_ca }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
@ -153,6 +159,16 @@ spec:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.feed.enabled .Values.manifests.pvc_feed }}
- name: feed-dir
persistentVolumeClaim:
claimName: feed-pvc
{{- else }}
- name: dc-feed-dir
hostPath:
path: {{ .Values.conf.dcmanager.feed.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_dcmanager_api.volumes }}{{ toYaml $mounts_dcmanager_api.volumes | indent 8 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcmanager.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

52
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-manager.yaml
View File

@ -44,6 +44,10 @@ spec:
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
# NOTE(nicodemos): The state container is privileged to allow it to run
# /bin/mount command
securityContext:
privileged: true
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
@ -78,25 +82,36 @@ spec:
- name: registry-cert-volume
mountPath: /etc/docker/certs.d/registry.local:9001/registry-cert.crt
readOnly: true
- name: gen-bootloader-iso
mountPath: /usr/local/bin/gen-bootloader-iso.sh
readOnly: true
- name: kube-config
mountPath: /etc/kubernetes/admin.conf
readOnly: true
- name: upgrades
mountPath: /opt/upgrades
- name: software-dir
mountPath: /opt/software
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcmanager.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: dc-deploy-dir
mountPath: {{ .Values.conf.dcmanager.deploy.base_path }}/{{ .Values.conf.dcmanager.deploy.version }}
- name: feed-dir
mountPath: {{ .Values.conf.dcmanager.feed.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_manager.volumeMounts }}{{ toYaml $mounts_dcmanager_manager.volumeMounts | indent 12 }}{{ end }}
{{- end }}
{{ if $mounts_dcmanager_manager.volumeMounts }}{{ toYaml $mounts_dcmanager_manager.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-manager.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
@ -134,12 +149,24 @@ spec:
hostPath:
path: /etc/docker/certs.d/registry.local:9001/registry-cert.crt
type: File
{{- if .Values.ca_certificates.root_ca }}
- name: gen-bootloader-iso
hostPath:
path: /usr/local/bin/gen-bootloader-iso.sh
type: File
- name: upgrades
hostPath:
path: /opt/upgrades
type: DirectoryOrCreate
- name: software-dir
hostPath:
path: /opt/software
type: DirectoryOrCreate
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
@ -160,5 +187,18 @@ spec:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.feed.enabled .Values.manifests.pvc_feed }}
- name: feed-dir
persistentVolumeClaim:
claimName: feed-pvc
{{- else }}
- name: dc-feed-dir
hostPath:
path: {{ .Values.conf.dcmanager.feed.base_path }}
type: DirectoryOrCreate
{{- end }}
- name: dc-deploy-dir
hostPath:
path: /opt/dc-vault/deploy/{{ .Values.conf.dcmanager.deploy.version }}
{{ if $mounts_dcmanager_manager.volumes }}{{ toYaml $mounts_dcmanager_manager.volumes | indent 8 }}{{ end }}
{{- end }}

42
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-orchestrator.yaml
View File

@ -44,9 +44,9 @@ spec:
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.orchestrator | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
envFrom:
- secretRef:
name: dcmanager-keystone-admin
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-orchestrator.sh
@ -60,6 +60,16 @@ spec:
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcmanager.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_orchestrator.volumeMounts }}{{ toYaml $mounts_dcmanager_orchestrator.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-orchestrator.sh
@ -82,5 +92,31 @@ spec:
configMap:
name: dcmanager-bin
defaultMode: 0755
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcmanager.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_dcmanager_orchestrator.volumes }}{{ toYaml $mounts_dcmanager_orchestrator.volumes | indent 8 }}{{ end }}
{{- end }}

4
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-state.yaml
View File

@ -44,6 +44,10 @@ spec:
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.state | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
# NOTE(nicodemos): The state container is privileged to allow it to run
# /bin/mount command
securityContext:
privileged: true
envFrom:
- secretRef:
name: dcmanager-keystone-admin

17
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/values.yaml
View File

@ -79,6 +79,12 @@ volume:
- ReadWriteMany
class_name: cephfs
size: 10Gi
feed:
enabled: true
accessModes:
- ReadWriteMany
class_name: nfs
size: 10Gi
conf:
dcmanager:
@ -123,6 +129,8 @@ conf:
base_path: /opt/dc-vault
backup:
base_path: /opt/dc-vault/backups
feed:
base_path: /var/www/pages/feed/
deploy:
version: 25.09
base_path: /opt/dc-vault/deploy/
@ -178,7 +186,15 @@ conf:
format: "%(message)s"
ansible:
defaults:
host_key_checking: False
stdout_callback: yaml
callback_whitelist: profile_tasks
timeout: 60
retry_files_enabled: False
interpreter_python: auto_silent
ssh_connection:
pipelining: False
retries: 10
dependencies:
static:
@ -217,6 +233,7 @@ manifests:
service_ingress: true
pvc_vault: true
pvc_backup: false
pvc_feed: true
endpoints:
cluster_domain_suffix: cluster.local

2
stx-distributed-cloud-images/debian/stx-distributed-cloud.stable_docker_image
View File

@ -22,7 +22,7 @@ DIST_PACKAGES="
vim
"
PIP_PACKAGES="
cgcs-patch \
cgcs-patch \
cgtsclient \
distributedcloud \
eventlet \