From 29f8b0a3639ca399172a249703f8350fbeeb0cd6 Mon Sep 17 00:00:00 2001 From: diwakar thyagaraj Date: Thu, 28 May 2020 20:53:44 +0000 Subject: [PATCH] Change Node-selector to openstack-control-plane for All UC's 1. Changing nodeselector to use same label and to sync (openstack-control-plane = enabled) which comes default with osh deployment. 2. Fix Ceph Deploy script. 3. Updated Apparmor script to remove node-selector. 4. Remove repos cloned not needed for Porthole Project. Change-Id: Ibb4c98a956347c8487beff90277fe9a88bed9739 Signed-off-by: diwakar thyagaraj --- charts/calicoctl-utility/values.yaml | 6 +- charts/ceph-utility/values.yaml | 6 +- charts/compute-utility/values.yaml | 6 +- charts/etcdctl-utility/values.yaml | 10 +- charts/mysqlclient-utility/values.yaml | 7 +- charts/openstack-utility/values.yaml | 4 +- charts/postgresql-utility/values.yaml | 6 +- .../apparmor/000-install-packages.sh | 17 +- .../apparmor/001-setup-apparmor-profiles.sh | 2 +- tools/deployment/apparmor/002-deploy-k8s.sh | 2 +- .../apparmor/005-calicoctl-utility.sh | 12 +- tools/deployment/apparmor/010-ceph-utility.sh | 13 +- .../apparmor/020-compute-utility.sh | 11 +- .../apparmor/030-etcdctl-utility.sh | 14 +- .../apparmor/040-mysqlclient-utility.sh | 14 +- .../apparmor/050-openstack-utility.sh | 22 +- .../apparmor/060-postgresql-utility.sh | 16 +- .../utilities/005-calicoctl-utility.sh | 18 +- .../deployment/utilities/010-ceph-utility.sh | 220 ++++++++++++++++-- .../utilities/020-compute-utility.sh | 15 +- .../utilities/030-etcdctl-utility.sh | 14 +- .../utilities/040-mysqlclient-utility.sh | 11 +- .../utilities/050-openstack-utility.sh | 14 +- .../utilities/060-postgresql-utility.sh | 13 +- 24 files changed, 325 insertions(+), 148 deletions(-) diff --git a/charts/calicoctl-utility/values.yaml b/charts/calicoctl-utility/values.yaml index 9701842b..3f71a139 100644 --- a/charts/calicoctl-utility/values.yaml +++ b/charts/calicoctl-utility/values.yaml @@ -65,10 +65,10 @@ release_group: null labels: utility: - node_selector_key: openstack-helm-node-class + node_selector_key: openstack-control-plane node_selector_value: enabled job: - node_selector_key: openstack-helm-node-class + node_selector_key: openstack-control-plane node_selector_value: enabled dependencies: @@ -239,4 +239,4 @@ manifests: configmap_etc_client: true deployment_calicoctl_utility: true job_image_repo_sync: false - secret_certificates: false + secret_certificates: false \ No newline at end of file diff --git a/charts/ceph-utility/values.yaml b/charts/ceph-utility/values.yaml index fe5da31b..b06d4680 100644 --- a/charts/ceph-utility/values.yaml +++ b/charts/ceph-utility/values.yaml @@ -30,8 +30,8 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -196,4 +196,4 @@ manifests: configmap_etc_client: true configmap_etc_sudoers: true deployment_utility: true - network_policy: false + network_policy: false \ No newline at end of file diff --git a/charts/compute-utility/values.yaml b/charts/compute-utility/values.yaml index 456e5274..6d6ed3a6 100644 --- a/charts/compute-utility/values.yaml +++ b/charts/compute-utility/values.yaml @@ -31,8 +31,8 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -166,4 +166,4 @@ manifests: configmap_bin: true configmap_etc_client: true configmap_etc_sudoers: true - deployment_utility: true + deployment_utility: true \ No newline at end of file diff --git a/charts/etcdctl-utility/values.yaml b/charts/etcdctl-utility/values.yaml index 0e46e10f..cf580c8f 100644 --- a/charts/etcdctl-utility/values.yaml +++ b/charts/etcdctl-utility/values.yaml @@ -31,11 +31,11 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled job: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -201,4 +201,4 @@ manifests: configmap_etc_sudoers: true deployment_etcdctl_utility: true job_image_repo_sync: false - secret_certificates: true + secret_certificates: true \ No newline at end of file diff --git a/charts/mysqlclient-utility/values.yaml b/charts/mysqlclient-utility/values.yaml index 1e423e4f..be7cd374 100644 --- a/charts/mysqlclient-utility/values.yaml +++ b/charts/mysqlclient-utility/values.yaml @@ -30,8 +30,8 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -164,5 +164,4 @@ manifests: configmap_bin: true configmap_etc_client: true configmap_etc_sudoers: true - deployment_utility: true - + deployment_utility: true \ No newline at end of file diff --git a/charts/openstack-utility/values.yaml b/charts/openstack-utility/values.yaml index 46bf8388..61c2e093 100644 --- a/charts/openstack-utility/values.yaml +++ b/charts/openstack-utility/values.yaml @@ -19,8 +19,8 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: diff --git a/charts/postgresql-utility/values.yaml b/charts/postgresql-utility/values.yaml index 82b1988b..7d41ffc8 100644 --- a/charts/postgresql-utility/values.yaml +++ b/charts/postgresql-utility/values.yaml @@ -30,8 +30,8 @@ images: labels: utility: - node_selector_key: openstack-helm-node-class - node_selector_value: primary + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: security_context: @@ -188,4 +188,4 @@ manifests: configmap_etc: true secret_etc: true secret_admin: true - deployment_utility: true + deployment_utility: true \ No newline at end of file diff --git a/tools/deployment/apparmor/000-install-packages.sh b/tools/deployment/apparmor/000-install-packages.sh index 6bc03aca..1d626a19 100755 --- a/tools/deployment/apparmor/000-install-packages.sh +++ b/tools/deployment/apparmor/000-install-packages.sh @@ -4,25 +4,10 @@ set -xe CURRENT_DIR="$(pwd)" : "${INSTALL_PATH:="../"}" : "${OSH_INFRA_COMMIT:="8ba46703ee9fab0115e4b7f62ea43e0798c36872"}" -: "${CLONE_ARMADA:=true}" -: "${CLONE_DECKHAND:=true}" -: "${CLONE_SHIPYARD:=true}" - cd ${INSTALL_PATH} -# Clone Airship projects -if [[ ${CLONE_ARMADA} = true ]] ; then - git clone https://opendev.org/airship/armada.git -fi -if [[ ${CLONE_DECKHAND} = true ]] ; then - git clone https://opendev.org/airship/deckhand.git -fi -if [[ ${CLONE_SHIPYARD} = true ]] ; then - git clone https://opendev.org/airship/shipyard.git -fi - # Clone dependencies git clone https://opendev.org/openstack/openstack-helm-infra.git cd openstack-helm-infra -git checkout "${OSH_INFRA_COMMIT}" +git checkout "${OSH_INFRA_COMMIT}" \ No newline at end of file diff --git a/tools/deployment/apparmor/001-setup-apparmor-profiles.sh b/tools/deployment/apparmor/001-setup-apparmor-profiles.sh index c6f89ff9..5a9e11bf 100755 --- a/tools/deployment/apparmor/001-setup-apparmor-profiles.sh +++ b/tools/deployment/apparmor/001-setup-apparmor-profiles.sh @@ -4,4 +4,4 @@ CURRENT_DIR="$(pwd)" : "${OSH_INFRA_PATH:="../openstack-helm-infra"}" cd "${OSH_INFRA_PATH}" -bash -c "./tools/deployment/common/001-setup-apparmor-profiles.sh" +bash -c "./tools/deployment/common/001-setup-apparmor-profiles.sh" \ No newline at end of file diff --git a/tools/deployment/apparmor/002-deploy-k8s.sh b/tools/deployment/apparmor/002-deploy-k8s.sh index 72299445..f968ffac 100755 --- a/tools/deployment/apparmor/002-deploy-k8s.sh +++ b/tools/deployment/apparmor/002-deploy-k8s.sh @@ -4,4 +4,4 @@ CURRENT_DIR="$(pwd)" : "${OSH_INFRA_PATH:="../openstack-helm-infra"}" cd "${OSH_INFRA_PATH}" -bash -c "./tools/deployment/common/005-deploy-k8s.sh" +bash -c "./tools/deployment/common/005-deploy-k8s.sh" \ No newline at end of file diff --git a/tools/deployment/apparmor/005-calicoctl-utility.sh b/tools/deployment/apparmor/005-calicoctl-utility.sh index d6de71c6..8b1929d0 100755 --- a/tools/deployment/apparmor/005-calicoctl-utility.sh +++ b/tools/deployment/apparmor/005-calicoctl-utility.sh @@ -13,13 +13,15 @@ set -xe namespace=utility -kubectl label nodes --all openstack-helm-node-class=enabled --overwrite helm dependency update charts/calicoctl-utility -cd charts +helm upgrade --install calicoctl-utility ./charts/calicoctl-utility --namespace=$namespace -helm upgrade --install calicoctl-utility ./calicoctl-utility --namespace=$namespace -sleep 180 +# Wait for Deployment +: "${OSH_INFRA_PATH:="../openstack-helm-infra"}" +cd "${OSH_INFRA_PATH}" +./tools/deployment/common/wait-for-pods.sh $namespace +#Validate Apparmor cal_pod=$(kubectl get pods --namespace=$namespace -o wide | grep calico | awk '{print $1}') expected_profile="docker-default (enforce)" profile=`kubectl -n $namespace exec $cal_pod -- cat /proc/1/attr/current` @@ -33,4 +35,4 @@ echo "Profile running: $profile" echo "$profile is the WRONG PROFILE!!" return 1 fi - fi + fi \ No newline at end of file diff --git a/tools/deployment/apparmor/010-ceph-utility.sh b/tools/deployment/apparmor/010-ceph-utility.sh index 3f27de61..861d69bb 100755 --- a/tools/deployment/apparmor/010-ceph-utility.sh +++ b/tools/deployment/apparmor/010-ceph-utility.sh @@ -200,7 +200,6 @@ done --no-headers | awk '{ print $1; exit }') kubectl exec -n ceph ${MON_POD} -- ceph -s - #NOTE: Deploy command : ${OSH_EXTRA_HELM_ARGS:=""} tee /tmp/ceph-utility-config.yaml < $unsorted_process_file #sort --numeric-sort $unsorted_process_file > $sorted_process_file diff --git a/tools/deployment/apparmor/060-postgresql-utility.sh b/tools/deployment/apparmor/060-postgresql-utility.sh index 4f051369..fd391589 100755 --- a/tools/deployment/apparmor/060-postgresql-utility.sh +++ b/tools/deployment/apparmor/060-postgresql-utility.sh @@ -10,17 +10,17 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - set -xe namespace="utility" -kubectl label nodes --all openstack-helm-node-class=primary --overwrite - helm dependency update charts/postgresql-utility -cd charts -helm upgrade --install postgresql-utility ./postgresql-utility --namespace=$namespace -sleep 180 -kubectl get pods --namespace=$namespace +helm upgrade --install postgresql-utility ./charts/postgresql-utility --namespace=$namespace +# Wait for Deployment +: "${OSH_INFRA_PATH:="../openstack-helm-infra"}" +cd "${OSH_INFRA_PATH}" +./tools/deployment/common/wait-for-pods.sh $namespace + +#Validate Apparmor pos_pod=$(kubectl get pods --namespace=$namespace -o wide | grep postgresql | awk '{print $1}') expected_profile="docker-default (enforce)" profile=`kubectl -n $namespace exec $pos_pod -- cat /proc/1/attr/current` @@ -34,4 +34,4 @@ echo "Profile running: $profile" echo "$profile is the WRONG PROFILE!!" return 1 fi - fi + fi \ No newline at end of file diff --git a/tools/deployment/utilities/005-calicoctl-utility.sh b/tools/deployment/utilities/005-calicoctl-utility.sh index 8040c184..edf34fa8 100755 --- a/tools/deployment/utilities/005-calicoctl-utility.sh +++ b/tools/deployment/utilities/005-calicoctl-utility.sh @@ -1,12 +1,16 @@ #!/bin/bash set -xe -kubectl label nodes --all openstack-helm-node-class=enabled --overwrite - +namespace=utility helm dependency update charts/calicoctl-utility -cd charts -helm upgrade --install calicoctl-utility ./calicoctl-utility --namespace=utility +helm upgrade --install calicoctl-utility ./charts/calicoctl-utility --namespace=$namespace + + +# Wait for Deployment +: "${OSH_INFRA_PATH:="../openstack-helm-infra"}" +cd "${OSH_INFRA_PATH}" +./tools/deployment/common/wait-for-pods.sh $namespace #NOTE: Validate Deployment info -kubectl get -n utility secrets -kubectl get -n utility configmaps -kubectl get pods -n utility | grep calicoctl-utility +kubectl get -n $namespace secrets +kubectl get -n $namespace configmaps +kubectl get pods -n $namespace | grep calicoctl-utility \ No newline at end of file diff --git a/tools/deployment/utilities/010-ceph-utility.sh b/tools/deployment/utilities/010-ceph-utility.sh index 92e710ca..fb77df3d 100755 --- a/tools/deployment/utilities/010-ceph-utility.sh +++ b/tools/deployment/utilities/010-ceph-utility.sh @@ -1,9 +1,204 @@ #!/bin/bash set -xe +namespace="utility" +CURRENT_DIR="$(pwd)" -#NOTE: Lint and package chart : ${OSH_INFRA_PATH:="../../openstack-helm-infra"} -make -C ${OSH_INFRA_PATH} ceph-provisioners +cd "${OSH_INFRA_PATH}" + +for CHART in ceph-mon ceph-client ceph-provisioners; do + make "${CHART}" +done + +#NOTE: Deploy command +: ${OSH_EXTRA_HELM_ARGS:=""} +[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt +CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)" +#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this +# should be set to 'hammer' +. /etc/os-release +if [ "x${ID}" == "xubuntu" ] && \ + [ "$(uname -r | awk -F "." '{ print $2 }')" -lt "5" ]; then + CRUSH_TUNABLES=hammer +else + CRUSH_TUNABLES=null +fi +tee /tmp/ceph.yaml <