airship/maas
Code Issues Proposed changes

Move MaaS chart into maas repo

Browse Source 
Change-Id: If1d9e92d9a691892b9a3afcef5b229d704b5dcbc
This commit is contained in:
Scott Hussey 2017-10-25 14:01:11 -05:00
parent a83b5f2c84
commit 668fd328d2
30 changed files with 1592 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitreview Normal file
View File

@ -0,0 +1,4 @@
[gerrit]
host=review.gerrithub.io
port=29418
project=att-comdev/maas

24
charts/maas/Chart.yaml Executable file
View File

@ -0,0 +1,24 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: Chart to run MaaS
name: maas
version: 0.1.0
home: https://docs.ubuntu.com/maas
sources:
- https://git.launchpad.net/maas
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

66
charts/maas/README.rst Normal file
View File

@ -0,0 +1,66 @@
openstack-helm-addons/maas
==========================
This chart installs a working version of MaaS on kubernetes.
Quickstart
~~~~~~~~~
This chart requires a postgresql instance to be running.
To install postgresql:
::
helm install postgresql --namespace=maas
Note: Postgresql may take a short time to reach the Running state.
Verify that postgresql is running:
::
# kubectl get pods -n maas
NAME READY STATUS RESTARTS AGE
postgresql-0 1/1 Running 0 1m
To deploy your MaaS chart:
::
helm install maas --namespace=maas
To verify the helm deployment was successful:
::
# helm ls
NAME REVISION UPDATED STATUS CHART
opining-mule 1 Mon Feb 13 22:20:08 2017 DEPLOYED maas-0.1.0
sweet-manatee 1 Mon Feb 13 21:57:41 2017 DEPLOYED postgresql-0.1.0
To check that all resources are working as intended:
::
# kubectl get all --namespace=maas
NAME READY STATUS RESTARTS AGE
po/maas-rack-3238195061-tn5fv 1/1 Running 0 11m
po/maas-region-0 1/1 Running 0 11m
po/postgresql-0 1/1 Running 0 34m
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/maas-region-ui 10.105.136.244 <none> 80/TCP,8000/TCP 11m
svc/postgresql 10.107.159.38 <none> 5432/TCP 34m
NAME DESIRED CURRENT AGE
statefulsets/maas-region 1 1 11m
statefulsets/postgresql 1 1 34m
NAME DESIRED SUCCESSFUL AGE
jobs/region-import-resources 1 1 11m
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/maas-rack 1 1 1 1 11m
NAME DESIRED CURRENT READY AGE
rs/maas-rack-3238195061 1 1 1 11m

18
charts/maas/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

19
charts/maas/templates/bin/_bootstrap-admin-user.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
maas-region createadmin --username=${ADMIN_USERNAME} --password=${ADMIN_PASSWORD} --email=${ADMIN_EMAIL} || true

63
charts/maas/templates/bin/_db-init.sh.tpl Normal file
View File

@ -0,0 +1,63 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
pgsql_superuser_cmd () {
DB_COMMAND="$1"
if [[ ! -z $2 ]]; then
EXPORT PGDATABASE=$2
fi
psql \
-h ${DB_HOST} \
-p 5432 \
-U ${ROOT_DB_USER} \
--command="${DB_COMMAND}"
}
if [[ ! -v DB_HOST ]]; then
echo "environment variable DB_HOST not set"
exit 1
elif [[ ! -v ROOT_DB_USER ]]; then
echo "environment variable ROOT_DB_USER not set"
exit 1
elif [[ ! -v ROOT_DB_PASS ]]; then
echo "environment variable ROOT_DB_PASS not set"
exit 1
elif [[ ! -v USER_DB_USER ]]; then
echo "environment variable USER_DB_USER not set"
exit 1
elif [[ ! -v USER_DB_PASS ]]; then
echo "environment variable USER_DB_PASS not set"
exit 1
elif [[ ! -v USER_DB_NAME ]]; then
echo "environment variable USER_DB_NAME not set"
exit 1
else
echo "Got DB connection info"
fi
#create db
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$USER_DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $USER_DB_NAME"
#create db user
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$USER_DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
pgsql_superuser_cmd "CREATE ROLE ${USER_DB_USER} LOGIN PASSWORD '$USER_DB_PASS';" && pgsql_superuser_cmd "ALTER USER ${USER_DB_USER} WITH SUPERUSER"
#give permissions to user
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $USER_DB_NAME to $USER_DB_USER;"

22
charts/maas/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
rm -f /var/run/rsyslogd.pid
service rsyslog restart
maas-region dbupgrade

74
charts/maas/templates/bin/_export-api-key.sh.tpl Normal file
View File

@ -0,0 +1,74 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
function clear_secret {
wget \
--server-response \
--ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
--header='Content-Type: application/json' \
--header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
--method=DELETE \
https://kubernetes.default.svc.cluster.local/api/v1/namespaces/${SECRET_NAMESPACE}/secrets/${SECRET_NAME}
}
function post_secret {
wget \
--server-response \
--ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
--header='Content-Type: application/json' \
--header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
--method=POST \
--body-file=/tmp/secret.json \
https://kubernetes.default.svc.cluster.local/api/v1/namespaces/${SECRET_NAMESPACE}/secrets \
2>&1 | grep -E "HTTP/1.1 (201 Created|409 Conflict)"
}
KEY=$(maas-region apikey --username=${ADMIN_USERNAME})
if [ "x$KEY" != "x" ]; then
ENCODED_KEY=$(echo -n $KEY | base64 -w 0)
cat <<EOS > /tmp/secret.json
{
"apiVersion": "v1",
"kind": "Secret",
"type": "Opaque",
"metadata": {
"name": "${SECRET_NAME}"
},
"data": {
"token": "$ENCODED_KEY"
}
}
EOS
while true; do
result=$(post_secret)
if [ ! -z "$(echo $result | grep 201)" ]; then
echo 'Secret created'
break
elif [ ! -z "$(echo $result | grep 409)" ]; then
echo 'Secret exists, clearing before trying again'
clear_secret
else
echo Secret creation failed
fi
sleep 15
done
else
echo "Failed to get key from maas."
exit 1
fi

63
charts/maas/templates/bin/_import-boot-resources.sh.tpl Normal file
View File

@ -0,0 +1,63 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
function check_for_download {
while [[ ${JOB_TIMEOUT} -gt 0 ]]; do
if maas ${ADMIN_USERNAME} boot-resources is-importing | grep -q 'true';
then
echo -e '\nBoot resources currently importing\n'
let TIMEOUT-=${RETRY_TIMER}
sleep ${RETRY_TIMER}
else
echo 'Boot resources have completed importing'
# TODO(sthussey) Need to check synced images exist - could be a import failure
exit 0
fi
done
exit 1
}
function configure_proxy {
maas ${ADMIN_USERNAME} maas set-config name=enable_http_proxy value=${MAAS_PROXY_ENABLED}
maas ${ADMIN_USERNAME} maas set-config name=http_proxy value=${MAAS_PROXY_SERVER}
}
function configure_ntp {
maas ${ADMIN_USERNAME} maas set-config name=ntp_servers value=${MAAS_NTP_SERVERS}
maas ${ADMIN_USERNAME} maas set-config name=ntp_external_only value=${MAAS_NTP_EXTERNAL_ONLY}
}
function configure_dns {
maas ${ADMIN_USERNAME} maas set-config name=dnssec_validation value=${MAAS_DNS_DNSSEC_REQUIRED}
maas ${ADMIN_USERNAME} maas set-config name=upstream_dns value=${MAAS_DNS_SERVERS}
}
KEY=$(maas-region apikey --username=${ADMIN_USERNAME})
maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY
configure_proxy
configure_ntp
configure_dns
# make call to import images
maas ${ADMIN_USERNAME} boot-resources import
# see if we can find > 0 images
sleep ${RETRY_TIMER}
check_for_download

19
charts/maas/templates/bin/_job-readiness.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
maas-region apikey --username=${ADMIN_USERNAME} || exit 1

18
charts/maas/templates/bin/_register-rack-controller.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -x
echo "register-rack-controller URL: ${MAAS_ENDPOINT}"
# register forever
while [ 1 ];
do
if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}";
then
echo "Successfully registered with MaaS Region Controller"
break
else
echo "Unable to register with ${MAAS_ENDPOINT}... will try again"
sleep 10
fi;
done;

22
charts/maas/templates/bin/_start.sh.tpl Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# show env
env > /tmp/env
exec /bin/systemd --system

39
charts/maas/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,39 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: maas-bin
data:
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-sync.sh: |+
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bootstrap-admin-user.sh: |
{{ tuple "bin/_bootstrap-admin-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
import-boot-resources.sh: |
{{ tuple "bin/_import-boot-resources.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
job-readiness.sh: |
{{ tuple "bin/_job-readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
export-api-key.sh: |
{{ tuple "bin/_export-api-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
register-rack-controller.sh: |
{{ tuple "bin/_register-rack-controller.sh" . | include "helm-toolkit.utils.template" | indent 4 }}

74
charts/maas/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,74 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- include "maas.conf.maas_values_skeleton" .Values.conf.maas | trunc 0 -}}
{{- if empty .Values.conf.maas.database.database_host -}}
{{- tuple "maas_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set .Values.conf.maas.database "database_host" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.maas.url.maas_url -}}
{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: maas-etc
data:
curtin_userdata: |+
{{ if .Values.conf.curtin.override -}}
{{ .Values.conf.curtin.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.curtin.prefix -}}
{{ .Values.conf.curtin.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_curtin_userdata.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- if .Values.conf.curtin.append -}}
{{ .Values.conf.curtin.append | indent 4 }}
{{- end }}
named.conf.options: |+
{{ if .Values.conf.bind.override -}}
{{ .Values.conf.bind.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.bind.prefix -}}
{{ .Values.conf.bind.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_region-dns-config.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- if .Values.conf.bind.append -}}
{{ .Values.conf.bind.append | indent 4 }}
{{- end }}
regiond.conf: |
{{ if .Values.conf.maas.override -}}
{{ .Values.conf.maas.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.maas.prefix -}}
{{ .Values.conf.maas.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_regiond.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- if .Values.conf.maas.append -}}
{{ .Values.conf.maas.append | indent 4 }}
{{- end }}
nsswitch.conf: |
{{ tuple "etc/_nsswitch.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
register-rack-controller.service: |
{{ tuple "etc/_register-rack-controller.service.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

88
charts/maas/templates/deployment-rack.yaml Normal file
View File

@ -0,0 +1,88 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if empty .Values.conf.maas.url.maas_url -}}
{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
{{- end -}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.rack_controller }}
{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
{{- $mounts_maas_rack_init := .Values.pod.mounts.maas_rack.init_container }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: maas-rack
spec:
replicas: {{ .Values.pod.replicas.rack }}
template:
metadata:
labels:
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
affinity:
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
hostNetwork: true
dnsPolicy: ClusterFirst
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: maas-rack
image: {{ .Values.images.maas_rack }}
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: MAAS_ENDPOINT
value: {{ .Values.conf.maas.url.maas_url }}
- name: MAAS_REGION_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_region.name }}
key: REGION_SECRET
{{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/start.sh
securityContext:
privileged: true
volumeMounts:
- name: maas-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
- name: maas-bin
mountPath: /usr/local/bin/register-rack-controller.sh
subPath: register-rack-controller.sh
readOnly: true
- name: maas-etc
mountPath: /lib/systemd/system/register-rack-controller.service
subPath: register-rack-controller.service
readOnly: true
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444
{{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}

53
charts/maas/templates/etc/_curtin_userdata.tpl Normal file
View File

@ -0,0 +1,53 @@
#cloud-config
debconf_selections:
maas: |
{{ "{{" }}for line in str(curtin_preseed).splitlines(){{ "}}" }}
{{ "{{" }}line{{ "}}" }}
{{ "{{" }}endfor{{ "}}" }}
early_commands:
{{ "{{" }}if third_party_drivers and driver{{ "}}" }}
{{ "{{" }}py: key_string = ''.join(['\\x%x' % x for x in driver['key_binary']]){{ "}}" }}
{{ "{{" }}if driver['key_binary'] and driver['repository'] and driver['package']{{ "}}" }}
driver_00_get_key: /bin/echo -en '{{ "{{" }}key_string{{ "}}" }}' > /tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg
driver_01_add_key: ["apt-key", "add", "/tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg"]
{{ "{{" }}endif{{ "}}" }}
{{ "{{" }}if driver['repository']{{ "}}" }}
driver_02_add: ["add-apt-repository", "-y", "deb {{ "{{" }}driver['repository']{{ "}}" }} {{ "{{" }}node.get_distro_series(){{ "}}" }} main"]
{{ "{{" }}endif{{ "}}" }}
{{ "{{" }}if driver['package']{{ "}}" }}
driver_03_update_install: ["sh", "-c", "apt-get update --quiet && apt-get --assume-yes install {{ "{{" }}driver['package']{{ "}}" }}"]
{{ "{{" }}endif{{ "}}" }}
{{ "{{" }}if driver['module']{{ "}}" }}
driver_04_load: ["sh", "-c", "depmod && modprobe {{ "{{" }}driver['module']{{ "}}" }} || echo 'Warning: Failed to load module: {{ "{{" }}driver['module']{{ "}}" }}'"]
{{ "{{" }}endif{{ "}}" }}
{{ "{{" }}else{{ "}}" }}
driver_00: ["sh", "-c", "echo third party drivers not installed or necessary."]
{{ "{{" }}endif{{ "}}" }}
late_commands:
{{ "{{" }}py: bootdata_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/promconfig"]){{ "}}" }}
{{ "{{" }}py: promsvc_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/promservice"]){{ "}}" }}
{{ "{{" }}py: vfsvc_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/vfservice"]){{ "}}" }}
{{ "{{" }}py: prominit_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/prominit"]){{ "}}" }}
drydock_01: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}bootdata_url{{ "}}" }}", "-O", "/etc/prom_init.yaml"]
drydock_02: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}prominit_url{{ "}}" }}", "-O", "/var/tmp/prom_init.sh"]
drydock_03: ["curtin", "in-target","--", "chmod", "555", "/var/tmp/prom_init.sh"]
drydock_04: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}promsvc_url{{ "}}" }}", "-O", "/lib/systemd/system/prom_init.service"]
drydock_05: ["curtin", "in-target","--", "systemctl", "enable", "prom_init.service"]
drydock_06: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}vfsvc_url{{ "}}" }}", "-O", "/lib/systemd/system/drydock_vf.service"]
drydock_07: ["curtin", "in-target","--", "systemctl", "enable", "drydock_vf.service"]
maas: [wget, '--no-proxy', {{ "{{" }}node_disable_pxe_url|escape.json{{ "}}" }}, '--post-data', {{ "{{" }}node_disable_pxe_data|escape.json{{ "}}" }}, '-O', '/dev/null']
{{ "{{" }}if third_party_drivers and driver{{ "}}" }}
{{ "{{" }}if driver['key_binary'] and driver['repository'] and driver['package']{{ "}}" }}
driver_00_key_get: curtin in-target -- sh -c "/bin/echo -en '{{ "{{" }}key_string{{ "}}" }}' > /tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg"
driver_02_key_add: ["curtin", "in-target", "--", "apt-key", "add", "/tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg"]
{{ "{{" }}endif{{ "}}" }}
{{ "{{" }}if driver['repository']{{ "}}" }}
driver_03_add: ["curtin", "in-target", "--", "add-apt-repository", "-y", "deb {{ "{{" }}driver['repository']{{ "}}" }} {{ "{{" }}node.get_distro_series(){{ "}}" }} main"]
{{ "{{" }}endif{{ "}}" }}
driver_04_update_install: ["curtin", "in-target", "--", "apt-get", "update", "--quiet"]
{{ "{{" }}if driver['package']{{ "}}" }}
driver_05_install: ["curtin", "in-target", "--", "apt-get", "-y", "install", "{{ "{{" }}driver['package']{{ "}}" }}"]
{{ "{{" }}endif{{ "}}" }}
driver_06_depmod: ["curtin", "in-target", "--", "depmod"]
driver_07_update_initramfs: ["curtin", "in-target", "--", "update-initramfs", "-u"]
{{ "{{" }}endif{{ "}}" }}

20
charts/maas/templates/etc/_nsswitch.conf.tpl Normal file
View File

@ -0,0 +1,20 @@
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

18
charts/maas/templates/etc/_region-dns-config.tpl Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
options { directory "/var/cache/bind";
auth-nxdomain no;
listen-on-v6 { any; };
include "/etc/bind/maas/named.conf.options.inside.maas"; };

36
charts/maas/templates/etc/_regiond.conf.tpl Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{ include "maas.conf.maas_values_skeleton" .Values.conf.maas | trunc 0 }}
{{ include "maas.conf.maas" .Values.conf.maas }}
{{- define "maas.conf.maas_values_skeleton" -}}
{{- if not .database -}}{{- set . "database" dict -}}{{- end -}}
{{- if not .url -}}{{- set . "url" dict -}}{{- end -}}
{{- end -}}
{{- if empty .Values.conf.maas.url.maas_url -}}
{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
{{- end -}}
{{- define "maas.conf.maas" -}}
database_host: {{ .database.database_host }}
database_name: {{ .database.database_name }}
database_pass: {{ .database.database_password }}
database_user: {{ .database.database_user }}
maas_url: {{ .url.maas_url }}
{{- end -}}

12
charts/maas/templates/etc/_register-rack-controller.service.tpl Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Register with MaaS Region Controller
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
PassEnvironment=MAAS_ENDPOINT MAAS_REGION_SECRET
ExecStart=/usr/local/bin/register-rack-controller.sh
[Install]
WantedBy=multi-user.target

66
charts/maas/templates/job-bootstrap-admin-user.yaml Normal file
View File

@ -0,0 +1,66 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.bootstrap_admin_user }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: maas-bootstrap-admin-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "maas" "bootstrap-admin-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: maas-bootstrap-admin-user
image: {{ .Values.images.bootstrap }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap_admin_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ADMIN_USERNAME
value: {{ .Values.conf.maas.credentials.admin_username }}
- name: ADMIN_PASSWORD
value: {{ .Values.conf.maas.credentials.admin_password }}
- name: ADMIN_EMAIL
value: {{ .Values.conf.maas.credentials.admin_email}}
command:
- /tmp/bootstrap-admin-user.sh
volumeMounts:
- name: maas-bin
mountPath: /tmp/bootstrap-admin-user.sh
subPath: bootstrap-admin-user.sh
readOnly: true
- name: maas-etc
mountPath: /etc/maas/regiond.conf
subPath: regiond.conf
readOnly: true
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444

82
charts/maas/templates/job-db-init.yaml Normal file
View File

@ -0,0 +1,82 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: maas-db-init
spec:
template:
metadata:
labels:
{{ tuple $envAll "maas" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: maas-db-init
image: {{ .Values.images.db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ROOT_DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.admin }}
key: DATABASE_USERNAME
- name: ROOT_DB_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.admin }}
key: DATABASE_PASSWORD
- name: DB_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.user }}
key: DATABASE_HOST
- name: USER_DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.user }}
key: DATABASE_USERNAME
- name: USER_DB_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.user }}
key: DATABASE_PASSWORD
- name: USER_DB_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.maas_db.user }}
key: DATABASE_NAME
command:
- /tmp/db-init.sh
volumeMounts:
- name: maas-bin
mountPath: /tmp/db-init.sh
subPath: db-init.sh
readOnly: true
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555

59
charts/maas/templates/job-db-sync.yaml Normal file
View File

@ -0,0 +1,59 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: maas-db-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "maas" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: maas-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/db-sync.sh
volumeMounts:
- name: maas-etc
mountPath: /etc/maas/regiond.conf
subPath: regiond.conf
readOnly: true
- name: maas-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
volumes:
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555

79
charts/maas/templates/job-export-api-key.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.export_api_key }}
{{- $initMounts := .Values.pod.mounts.export_api_key.export_api_key }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: maas-export-api-key
spec:
template:
metadata:
labels:
{{ tuple $envAll "maas" "export-api-key" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $initMounts | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: exporter
image: {{ .Values.images.export_api_key }}
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: SECRET_NAMESPACE
value: {{ .Values.conf.maas.credentials.secret.namespace }}
- name: ADMIN_USERNAME
value: {{ .Values.conf.maas.credentials.admin_username }}
- name: SECRET_NAME
value: {{ .Values.conf.maas.credentials.secret.name }}
command:
- /tmp/export-api-key.sh
readinessProbe:
exec:
command:
- /tmp/job-readiness.sh
initialDelaySeconds: 60
volumeMounts:
- name: maas-bin
mountPath: /tmp/export-api-key.sh
subPath: export-api-key.sh
readOnly: true
- name: maas-bin
mountPath: /tmp/job-readiness.sh
subPath: job-readiness.sh
readOnly: true
- name: maas-etc
mountPath: /etc/bind/named.conf.options
subPath: named.conf.options
readOnly: true
- name: maas-etc
mountPath: /etc/maas/regiond.conf
subPath: regiond.conf
readOnly: true
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444

93
charts/maas/templates/job-import.yaml Normal file
View File

@ -0,0 +1,93 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.import_resources }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: maas-import-resources
spec:
template:
metadata:
labels:
{{ tuple $envAll "maas" "import-resources" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: region-import-resources
image: {{ .Values.images.maas_region }}
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: JOB_TIMEOUT
value: {{ .Values.jobs.import_boot_resources.timeout | quote }}
- name: ADMIN_USERNAME
value: {{ .Values.conf.maas.credentials.admin_username }}
- name: RETRY_TIMER
value: {{ .Values.jobs.import_boot_resources.retry_timer | quote }}
- name: MAAS_ENDPOINT
value: {{ tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: MAAS_PROXY_ENABLED
value: {{ .Values.conf.maas.proxy.proxy_enabled | quote }}
- name: MAAS_PROXY_SERVER
value: {{ .Values.conf.maas.proxy.proxy_server }}
- name: MAAS_NTP_SERVERS
value: {{ .Values.conf.maas.ntp.ntp_servers }}
- name: MAAS_NTP_EXTERNAL_ONLY
value: {{ .Values.conf.maas.ntp.use_external_only | quote }}
- name: MAAS_DNS_DNSSEC_REQUIRED
value: {{ .Values.conf.maas.dns.require_dnssec | quote }}
- name: MAAS_DNS_SERVERS
value: {{ .Values.conf.maas.dns.dns_servers }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.import_resources | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/import-boot-resources.sh
readinessProbe:
exec:
command:
- /tmp/job-readiness.sh
initialDelaySeconds: 60
volumeMounts:
- name: maas-bin
mountPath: /tmp/import-boot-resources.sh
subPath: import-boot-resources.sh
readOnly: true
- name: maas-bin
mountPath: /tmp/job-readiness.sh
subPath: job-readiness.sh
readOnly: true
- name: maas-etc
mountPath: /etc/bind/named.conf.options
subPath: named.conf.options
readOnly: true
- name: maas-etc
mountPath: /etc/maas/regiond.conf
subPath: regiond.conf
readOnly: true
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444

36
charts/maas/templates/secret-db.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.maas_db $userClass }}
{{- $auth := index $envAll.Values.endpoints.maas_db.auth $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DATABASE_HOST: |-
{{ tuple "maas_db" "internal" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | b64enc | indent 4 }}
DATABASE_USERNAME: |-
{{ $auth.username | b64enc | indent 4 }}
DATABASE_PASSWORD: |-
{{ $auth.password | b64enc | indent 4 }}
DATABASE_NAME: |-
{{ $envAll.Values.endpoints.maas_db.path | b64enc | indent 4 }}
{{ end }}

27
charts/maas/templates/secret-region.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $secretName := index $envAll.Values.secrets.maas_region "name" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
REGION_SECRET: |-
{{ $envAll.Values.secrets.maas_region.value | b64enc | indent 4 }}

41
charts/maas/templates/service-region.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "maas_region_ui" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: r-ui
port: {{ .Values.network.port.service_gui }}
targetPort: {{ .Values.network.port.service_gui_target }}
{{ if .Values.network.gui.node_port.enabled }}
nodePort: {{ .Values.network.gui.node_port.port }}
{{ end }}
- port: {{ .Values.network.port.service_proxy }}
targetPort: {{ .Values.network.port.service_proxy_target }}
{{ if .Values.network.proxy.node_port.enabled }}
nodePort: {{ .Values.network.proxy.node_port.port }}
{{ end }}
name: proxy
selector:
app: maas-region
{{ if .Values.network.proxy.node_port.enabled }}
type: NodePort
{{ end }}

94
charts/maas/templates/statefulset-region.yaml Normal file
View File

@ -0,0 +1,94 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.region_controller }}
{{- $mounts_maas_region := .Values.pod.mounts.maas_region.maas_region }}
{{- $mounts_maas_region_init := .Values.pod.mounts.maas_region.init_container }}
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: maas-region
spec:
serviceName: maas-region-ui
replicas: {{ .Values.pod.replicas.region }}
template:
metadata:
labels:
app: maas-region
annotations:
spec:
affinity:
{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $mounts_maas_region_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: maas-region
image: {{ .Values.images.maas_region }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- name: r-ui
containerPort: {{ .Values.network.port.region_container }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.region_container }}
securityContext:
privileged: true
command:
- /tmp/start.sh
volumeMounts:
- name: maas-region-secret
mountPath: /var/lib/maas/secret
subPath: REGION_SECRET
readOnly: true
- name: maas-etc
mountPath: /etc/bind/named.conf.options
subPath: named.conf.options
readOnly: true
- name: maas-etc
mountPath: /etc/maas/regiond.conf
subPath: regiond.conf
readOnly: true
- name: maas-etc
mountPath: /etc/maas/preseeds/curtin_userdata
subPath: curtin_userdata
readOnly: true
- name: maas-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
- name: maas-etc
mountPath: /etc/nsswitch.conf
subPath: nsswitch.conf
readOnly: true
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
- name: maas-region-secret
secret:
secretName: {{ .Values.secrets.maas_region.name }}
{{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }}

263
charts/maas/values.yaml Normal file
View File

@ -0,0 +1,263 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for maas.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
dependencies:
rack_controller:
jobs:
- maas-db-sync
services:
- service: maas_region_ui
endpoint: internal
region_controller:
jobs:
- maas-db-sync
services:
- service: maas_db
endpoint: internal
db_init:
services:
- service: maas_db
endpoint: internal
db_sync:
jobs:
- maas-db-init
bootstrap_admin_user:
jobs:
- maas-db-sync
services:
- service: maas_region_ui
endpoint: internal
- service: maas_db
endpoint: internal
import_resources:
jobs:
- maas-db-sync
services:
- service: maas_region_ui
endpoint: internal
- service: maas_db
endpoint: internal
export_api_key:
jobs:
- maas-db-sync
services:
- service: maas_region_ui
endpoint: internal
- service: maas_db
endpoint: internal
images:
db_init: docker.io/postgres:9.5
db_sync: quay.io/attcomdev/maas-region:master
maas_rack: quay.io/attcomdev/maas-rack:master
maas_region: quay.io/attcomdev/maas-region:master
bootstrap: quay.io/attcomdev/maas-region:master
export_api_key: quay.io/attcomdev/maas-region:master
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
pull_policy: IfNotPresent
jobs:
import_boot_resources:
retry_timer: 10
#default timeout: 15 minutes
timeout: 900
labels:
rack:
node_selector_key: ucp-control-plane
node_selector_value: enabled
region:
node_selector_key: ucp-control-plane
node_selector_value: enabled
network:
proxy:
node_port:
enabled: true
port: 31800
gui:
node_port:
enabled: true
port: 31900
port:
region_container: 80
service_gui: 80
service_gui_target: 80
service_proxy: 8000
service_proxy_target: 8000
db_service: 5432
db_service_target: 5432
conf:
bind:
override:
append:
curtin:
override:
append:
maas:
override:
append:
url:
maas_url: null
ntp:
# Use external only points region and rack serves and deployed nodes directly
# at external NTP servers. Otherwise we have nodes -> rack -> region -> external
use_external_only: 'false'
ntp_servers: null
dns:
require_dnssec: 'no'
# These are upstream servers
dns_servers: null
proxy:
# If proxy_enabled is true and proxy_serer is null, then nodes will use
# MAAS region server as a proxy for Apt and region server will connect directly
# to repos
# If proxy_enabled is false, regin server and all ndoes will connect directly to
# pkg repos
# If proxy_enabled is true and proxy_server is set, then region server and all nodes
# will use the specified proxy_server to connect to pkg repos
proxy_enabled: 'false'
proxy_server: null
database:
database_name: maasdb
database_user: maas
database_password: password
credentials:
admin_username: admin
admin_password: admin
admin_email: support@nowhere.com
secret:
namespace: maas
name: maas-api-key
secrets:
maas_db:
admin: maas-db-admin
user: maas-db-user
maas_region:
name: maas-region-secret
value: 3858f62230ac3c915f300c664312c63f
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
maas_rack:
init_container: null
maas_rack:
maas_region:
init_container: null
maas_region:
export_api_key:
init_container: null
export_api_key:
replicas:
rack: 1
region: 1
resources:
enabled: false
maas_rack:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_region:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
jobs:
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap_admin_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
import_resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
export_api_key:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
endpoints:
cluster_domain_suffix: cluster.local
maas_db:
auth:
admin:
username: postgres
password: password
user:
username: maas
password: password
path: maasdb
hosts:
default: postgresql
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
maas_region_ui:
name: maas-region-ui
hosts:
default: maas-region-ui
public: maas
path:
default: /MAAS
scheme:
default: 'http'
port:
region_ui:
default: 80
public: 80
host_fqdn_override:
default: null