rackerlabs · sowm9802 · Jul 10, 2024 · Jul 12, 2024
diff --git a/.github/workflows/release-blazar.yml b/.github/workflows/release-blazar.yml
@@ -0,0 +1,75 @@
+#
+name: Create and publish the Blazar image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  workflow_dispatch:
+    inputs:
+      imageTag:
+        description: 'Set tag for the image'
+        required: true
+        default: 'master-ubuntu_jammy'
+        type: choice
+        options:
+          - master-ubuntu_jammy
+          - 2023.1-ubuntu_jammy
+          - 2023.2-ubuntu_jammy
+          - 2024.1-ubuntu_jammy
+      pluginTag:
+        description: 'Set release used for the build environment'
+        required: true
+        default: 'master'
+        type: choice
+        options:
+          - "master"
+          - "2023.1"
+          - "2023.2"
+          - "2024.1"
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Dynamically set MY_DATE environment variable
+        run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: Containerfiles/Blazar-Containerfile
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/blazar:${{ github.event.inputs.imageTag }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/blazar:${{ github.event.inputs.imageTag }}-${{ env.MY_DATE }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ github.event.inputs.imageTag }}
+            PLUGIN_VERSION=${{ github.event.inputs.pluginTag }}
diff --git a/.github/workflows/smoke-blazar.yml b/.github/workflows/smoke-blazar.yml
@@ -0,0 +1,42 @@
+#
+name: Run build check for the Blazar compatible image
+
+on:
+  pull_request:
+    paths:
+      - Containerfiles/Blazar-Containerfile
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: Containerfiles/Blazar-Containerfile
+          push: false
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/blazar:master-ubuntu_jammy
+          build-args: |
+            VERSION=master-ubuntu_jammy
+            PLUGIN_VERSION=master
diff --git a/Containerfiles/Blazar-Containerfile b/Containerfiles/Blazar-Containerfile
@@ -0,0 +1,32 @@
+FROM --platform=linux/amd64 ubuntu:jammy
+
+ENV BLAZAR_HOME=/opt/
+
+RUN apt-get update && apt-get install -y git build-essential libssl-dev libffi-dev \
+                                         libxml2-dev libxslt1-dev libpq-dev \
+                                         libmysqlclient-dev python3 python3-pip curl \
+                                         vim python3-openstackclient; \
+    rm -rf /var/lib/apt/lists/*
+
+RUN pip3 install pymysql
+
+RUN pip3 install --no-cache-dir --upgrade urllib3 chardet
+
+RUN pip3 install tox
+
+RUN mkdir -p $BLAZAR_HOME
+WORKDIR $BLAZAR_HOME
+
+# Clone Blazar related repositories
+RUN git clone -b stable/2024.1 https://opendev.org/openstack/blazar.git && \
+    git clone -b stable/2024.1 https://opendev.org/openstack/python-blazarclient.git
+
+# Install dependencies and projects
+RUN pip3 install --no-cache-dir ./blazar && \
+    pip3 install --no-cache-dir ./python-blazarclient && \
+    if [ ! -e /usr/local/bin/blazar-api ]; then \
+        ln -s /opt/blazar/bin/blazar-api /usr/local/bin/blazar-api; \
+    fi && \
+    if [ ! -e /usr/local/bin/blazar-manager ]; then \
+        ln -s /opt/blazar/bin/blazar-manager /usr/local/bin/blazar-manager; \
+    fi
diff --git a/Containerfiles/NovaEFI-Containerfile b/Containerfiles/NovaEFI-Containerfile
@@ -7,6 +7,11 @@ if [ "${PLUGIN_VERSION}" != 'master' ]; then export PLUGIN_VERSION=stable/${PLUG
 . /var/lib/openstack/bin/activate; \
 /var/lib/openstack/bin/pip install git+https://github.com/openstack/oslo.db@${PLUGIN_VERSION}#egg=oslo_db
 
+RUN . /var/lib/openstack/bin/activate; \
+    /var/lib/openstack/bin/pip install git+https://github.com/openstack/blazar-nova.git
+
+ENV PYTHONPATH="/var/lib/openstack/lib/python3.10/site-packages"
+
 FROM openstackhelm/nova:${VERSION}
 COPY --from=build /var/lib/openstack/. /var/lib/openstack/
 # Packages for the following features:

diff --git a/docs/openstack-blazar.md b/docs/openstack-blazar.md
@@ -0,0 +1,35 @@
+# Deploy Blazar
+
+
+### Create secrets
+
+``` shell
+kubectl --namespace openstack \
+        create secret generic blazar-rabbitmq-password \
+        --type Opaque \
+        --from-literal=username="blazar" \
+        --from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
+
+kubectl --namespace openstack \
+        create secret generic blazar-secrets \
+        --type Opaque \
+        --from-literal=service-username="blazar" \
+        --from-literal=service-password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)" \
+        --from-literal=service-domain="service" \
+        --from-literal=service-project="service" \
+        --from-literal=service-project-domain="service" \
+        --from-literal=db-endpoint="mariadb-cluster-primary.openstack.svc.cluster.local" \
+        --from-literal=db-name="blazar" \
+        --from-literal=db-username="blazar" \
+        --from-literal=db-password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)" \
+        --from-literal=secret-key="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)" \
+        --from-literal=keystone-endpoint="$(kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_AUTH_URL}' | base64 -d)" \
+        --from-literal=keystone-username="blazar" \
+        --from-literal=default-region="RegionOne"
+```
+
+## Run the deployment
+
+``` shell
+kubectl --namespace openstack apply -k /etc/genestack/kustomize/blazar/base
+```
diff --git a/helm-configs.example/aio-example-openstack-overrides.yaml b/helm-configs.example/aio-example-openstack-overrides.yaml
@@ -37,14 +37,14 @@ images:
     cinder_storage_init: "docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013"
     cinder_backup: "docker.io/openstackhelm/cinder:2023.1-ubuntu_jammy"
     cinder_backup_storage_init: "docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013"
-    keystone_api: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
+    keystone_api: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
     keystone_bootstrap: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy"
-    keystone_credential_rotate: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_credential_setup: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_db_sync: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_domain_manage: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_fernet_rotate: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_fernet_setup: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
+    keystone_credential_rotate: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_credential_setup: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_db_sync: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_domain_manage: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_fernet_rotate: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_fernet_setup: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
     keystone_credential_cleanup: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy"
     libvirt: docker.io/openstackhelm/libvirt:2023.2-ubuntu_jammy  # We want to use jammy. 2023.2 is the latest version that supports jammy.
     libvirt_exporter: vexxhost/libvirtd-exporter:latest
@@ -77,7 +77,7 @@ images:
     nova_db_sync: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_novncproxy: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_novncproxy_assets: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
-    nova_scheduler: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
+    nova_scheduler: "ghcr.io/rackerlabs/genestack/nova-efi:2023.1-ubuntu_jammy"
     nova_spiceproxy: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_spiceproxy_assets: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal"

diff --git a/helm-configs.example/barbican/barbican-helm-overrides.yaml b/helm-configs.example/barbican/barbican-helm-overrides.yaml
@@ -604,7 +604,7 @@ endpoints:
         username: barbican
         password: password
     hosts:
-      default: mariadb-galera-primary
+      default: mariadb-cluster-primary
     host_fqdn_override:
       default: null
     path: /barbican

diff --git a/helm-configs.example/nova/nova-helm-overrides.yaml b/helm-configs.example/nova/nova-helm-overrides.yaml
@@ -1357,6 +1357,10 @@ conf:
     - api_database
     - cell0_database
   nova:
+    filter_scheduler:
+      enabled_filters: BlazarFilter
+      available_filters: nova.scheduler.filters.all_filters
+      available_filters: blazarnova.scheduler.filters.blazar_filter.BlazarFilter
     DEFAULT:
       # NOTE(cloudnull): the vif_plugging_* options are an implemntation detail of the nova container when running with OVN
       vif_plugging_is_fatal: true
@@ -1436,7 +1440,7 @@ conf:
       rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
       disk_cachemodes: "network=writeback"
       hw_disk_discard: unmap
-      cpu_mode: host-model
+      cpu_mode: host-passthrough
       volume_use_multipath: false  # Disabled because multipathd is not configured or running
     upgrade_levels:
       compute: auto

diff --git a/helm-configs.example/prod-example-openstack-overrides.yaml b/helm-configs.example/prod-example-openstack-overrides.yaml
@@ -36,14 +36,14 @@ images:
     cinder_storage_init: "docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013"
     cinder_backup: "docker.io/openstackhelm/cinder:2023.1-ubuntu_jammy"
     cinder_backup_storage_init: "docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_18.2.0-1-20231013"
-    keystone_api: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
+    keystone_api: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
     keystone_bootstrap: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy"
-    keystone_credential_rotate: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_credential_setup: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_db_sync: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_domain_manage: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_fernet_rotate: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
-    keystone_fernet_setup: "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1720466623"
+    keystone_credential_rotate: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_credential_setup: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_db_sync: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_domain_manage: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_fernet_rotate: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
+    keystone_fernet_setup: "ghcr.io/rackerlabs/genestack/keystone-rxt:2023.1-ubuntu_jammy"
     keystone_credential_cleanup: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy"
     libvirt: docker.io/openstackhelm/libvirt:2023.2-ubuntu_jammy  # We want to use jammy. 2023.2 is the latest version that supports jammy.
     libvirt_exporter: vexxhost/libvirtd-exporter:latest
@@ -76,7 +76,7 @@ images:
     nova_db_sync: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_novncproxy: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_novncproxy_assets: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
-    nova_scheduler: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
+    nova_scheduler: "ghcr.io/rackerlabs/genestack/nova-efi:2023.1-ubuntu_jammy"
     nova_spiceproxy: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_spiceproxy_assets: "docker.io/openstackhelm/nova:2023.1-ubuntu_jammy"
     nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal"

diff --git a/kustomize.example/blazar/aio/kustomization.yaml b/kustomize.example/blazar/aio/kustomization.yaml
@@ -0,0 +1,14 @@
+bases:
+  - ../base
+
+patches:
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: blazar-api
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 1
+      - op: replace
+        path: /spec/maxReplicas
+        value: 1
diff --git a/kustomize.example/blazar/base/blazar-mariadb-database.yaml b/kustomize.example/blazar/base/blazar-mariadb-database.yaml
@@ -0,0 +1,50 @@
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: blazar
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  mariaDbRef:
+    name: mariadb-cluster
+  characterSet: utf8
+  collate: utf8_general_ci
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: blazar
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  mariaDbRef:
+    name: mariadb-cluster
+  passwordSecretKeyRef:
+    name: blazar-secrets
+    key: db-password
+  maxUserConnections: 0
+  host: "%"
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: blazar-grant
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  mariaDbRef:
+    name: mariadb-cluster
+  privileges:
+    - "ALL"
+  database: "blazar"
+  table: "*"
+  username: blazar
+  grantOption: true
+  host: "%"
+  retryInterval: 5s