Skip to content

Deploy Nova

Run the Nova deployment Script bin/install-nova.sh

#!/bin/bash
pushd /opt/genestack/submodules/openstack-helm || exit
  helm upgrade --install nova ./nova \
    --namespace=openstack \
      --timeout 120m \
      -f /opt/genestack/base-helm-configs/nova/nova-helm-overrides.yaml \
      -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \
      --set conf.nova.neutron.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
      --set endpoints.oslo_db.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.oslo_db_api.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
      --set endpoints.oslo_db_api.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.oslo_db_cell0.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
      --set endpoints.oslo_db_cell0.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.oslo_cache.auth.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
      --set conf.nova.keystone_authtoken.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
      --set conf.nova.database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova" \
      --set conf.nova.api_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_api" \
      --set conf.nova.cell0_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_cell0" \
      --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \
      --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \
      --set network.ssh.public_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)"$'\n' \
      --set network.ssh.private_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)"$'\n' \
      --post-renderer /etc/genestack/kustomize/kustomize.sh \
      --post-renderer-args nova/overlay "$@"
popd || exit

Tip

You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at base-helm-configs/aio-example-openstack-overrides.yaml. In other cases such as a multi-region deployment you may want to view the Multi-Region Support guide to for a workflow solution.

Note

The above command is setting the ceph as disabled. While the K8S infrastructure has Ceph, we're not exposing ceph to our openstack environment.

If running in an environment that doesn't have hardware virtualization extensions add the following two set switches to the install command.

--set conf.nova.libvirt.virt_type=qemu --set conf.nova.libvirt.cpu_mode=none

Tip

You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at base-helm-configs/aio-example-openstack-overrides.yaml. In other cases such as a multi-region deployment you may want to view the Multi-Region Support guide to for a workflow solution.

Custom Nova Listeners

This step is not needed if all listeners were applied when the Gateway API was deployed

Example listener patch file found in /opt/genestack/etc/gateway-api/listeners 
[
    {
        "op": "add",
        "path": "/spec/listeners/-",
        "value": {
            "name": "nova-https",
            "port": 443,
            "protocol": "HTTPS",
            "hostname": "nova.your.domain.tld",
            "allowedRoutes": {
                "namespaces": {
                    "from": "All"
                }
            },
            "tls": {
                "certificateRefs": [
                    {
                        "group": "",
                        "kind": "Secret",
                        "name": "nova-gw-tls-secret"
                    }
                ],
                "mode": "Terminate"
            }
        }
    }
]

Modify the Nova Listener Patches

This example changes the placeholder domain to <YOUR_DOMAIN>. Review the gateway listener documentation for more information on listener types.

Nova Patch

mkdir -p /etc/genestack/gateway-api/listeners
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/listeners/nova-https.json \
    > /etc/genestack/gateway-api/listeners/nova-https.json

Novnc Patch

mkdir -p /etc/genestack/gateway-api/listeners
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/listeners/novnc-https.json \
    > /etc/genestack/gateway-api/listeners/novnc-https.json

Metadata Patch

mkdir -p /etc/genestack/gateway-api/listeners
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/listeners/metadata-https.json \
    > /etc/genestack/gateway-api/listeners/metadata-https.json

Apply the Nova Listener Patch

kubectl patch -n nginx-gateway gateway flex-gateway \
              --type='json' \
              --patch-file /etc/genestack/gateway-api/listeners/nova-https.json

Apply the Novnc Listener Patch

kubectl patch -n nginx-gateway gateway flex-gateway \
              --type='json' \
              --patch-file /etc/genestack/gateway-api/listeners/novnc-https.json

Apply the Metadata Listener Patch

kubectl patch -n nginx-gateway gateway flex-gateway \
              --type='json' \
              --patch-file /etc/genestack/gateway-api/listeners/metadata-https.json

Custom Nova Routes

This step is not needed if all routes were applied when the Gateway API was deployed

A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like your.domain.tld to be used for the service.

Example routes file found in /opt/genestack/etc/gateway-api/routes 
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: custom-nova-gateway-route
  namespace: openstack
  labels:
    application: gateway-api
    service: HTTPRoute
    route: nova
spec:
  parentRefs:
  - name: flex-gateway
    sectionName: nova-https
    namespace: nginx-gateway
  hostnames:
  - "nova.your.domain.tld"
  rules:
    - backendRefs:
      - name: nova-api
        port: 8774

Modifying the Nova Routes

This example changes the placeholder domain to <YOUR_DOMAIN>. Review the gateway route documentation for more information on route types.

Nova Route

mkdir -p /etc/genestack/gateway-api/routes
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/routes/custom-nova-gateway-route.yaml \
    > /etc/genestack/gateway-api/routes/custom-nova-gateway-route.yaml

Novnc Route

mkdir -p /etc/genestack/gateway-api/routes
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/routes/custom-novnc-gateway-route.yaml \
    > /etc/genestack/gateway-api/routes/custom-novnc-gateway-route.yaml

Metadata Route

mkdir -p /etc/genestack/gateway-api/routes
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
    /opt/genestack/etc/gateway-api/routes/custom-metadata-gateway-route.yaml \
    > /etc/genestack/gateway-api/routes/custom-metadata-gateway-route.yaml

Apply the Nova Route

kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-nova-gateway-route.yaml

Apply the Novnc Route

kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-novnc-gateway-route.yaml

Apply the Metadata Route

kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-metadata-gateway-route.yaml