airship/porthole
Code Issues Proposed changes

Initial Commit of compute-utility container code

Browse Source 
Utility containers shall act as an interface to an Airship environment
 and shall enable them to perform routine operational and debugging
 activities. Utility containers shall enable Operations to seamlessly
support Airship environment without exposing secrets and credentials,
and at the same time restricting the access to actual containers.

The compute-utility container permits access  to services running on
each compute node. Services include ovs, libvirt, ipmi, perccli, numa
and sos.

Change-Id: I389b6f62f8abbd665960a2fd4de880f0f5380c2a
This commit is contained in:
Marjorie Middleton 2019-08-05 20:50:58 +00:00
parent 3427ee5ab5
commit 3dc8d73be9
19 changed files with 918 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
Compute_Utility_Readme Normal file
View File

@ -0,0 +1,121 @@
Compute Utility Container
-----------------
Prerequisites: Deploy OSH-AIO
Installation
------------
1. Add the below to /etc/sudoers
root ALL=(ALL) NOPASSWD: ALL
ubuntu ALL=(ALL) NOPASSWD: ALL
2. Install the latest versions of Git, CA Certs & Make if necessary
#!/bin/bash
set -xe
sudo apt-get update
sudo apt-get install --no-install-recommends -y \
ca-certificates \
git \
make \
jq \
nmap \
curl \
uuid-runtime
3. Proxy Configuration
Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables.
export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local
4. Clone the OpenStack-Helm Repos
git clone https://git.openstack.org/openstack/openstack-helm-infra.git
git clone https://git.openstack.org/openstack/openstack-helm.git
In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml.
proxy:
http: http://username:password@host:port
https: https://username:password@host:port
noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local
5. Deploy Kubernetes & Helm
cd openstack-helm
./tools/deployment/developer/common/010-deploy-k8s.sh
6. Install OpenStack-Helm
Setup Clients on the host and assemble the charts
./tools/deployment/developer/common/020-setup-client.sh
Deploy the ingress controller
./tools/deployment/developer/common/030-ingress.sh
7. Deploy Ceph
./tools/deployment/developer/ceph/040-ceph.sh
Activate the namespace to be able to use Ceph
./tools/deployment/developer/ceph/045-ceph-ns-activate.sh
8. Deploy Keystone
./tools/deployment/developer/ceph/080-keystone.sh
9. Deploy Heat
./tools/deployment/developer/ceph/090-heat.sh
10. Deploy Horizon
./tools/deployment/developer/ceph/100-horizon.sh
11. Deploy Glance
./tools/deployment/developer/ceph/120-glance.sh
12. Deploy Cinder
./tools/deployment/developer/ceph/130-cinder.sh
13. Deploy LibVirt # required if you want to test compute-utility functionality
./tools/deployment/developer/ceph/150-libvirt.sh
14. Deploy Compute Kit (Nova and Neutron)
./tools/deployment/developer/ceph/160-compute-kit.sh
15. To run further commands from the CLI manually, execute the following to set up authentication credentials
export OS_CLOUD=openstack_helm
16. Clone the Porthole and compute utility repo as well.
git clone https://review.opendev.org/airship/porthole
cd porthole
./install_compute_utility.sh
Usage
-----
Get in to the utility pod using kubectl exec. To perform any operation use the below example.
kubectl exec -it <POD_NAME> -n utility /bin/bash
Run the utilscli with commands formatted: utilscli <client-name> <server-hostname> <command> <options>
example:
utilscli libvirt-client mtn16r001c002 virsh list
Accepted client-names are:
libvirt-client
ovs-client
ipmi-client
perccli-client
numa-client
sos-client
Commands for each client vary with the client.

19
Dockerfiles/compute-utility/Dockerfile.ubuntu_xenial Executable file
View File

@ -0,0 +1,19 @@
ARG FROM=docker.io/ubuntu:xenial
FROM ${FROM}
ARG KUBE_VERSION=1.12.2
RUN set -xe \
&& sed -i '/nobody/d' /etc/passwd \
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
&& apt-get update && apt-get dist-upgrade -y \
&& apt-get install -y wget curl apt-transport-https ca-certificates gnupg\
&& apt-get update && apt-get install -y bash python-oslo.rootwrap moreutils vim sudo screen radosgw rsyslog hexedit jq s3cmd rsync xz-utils iperf \
&& apt-get remove --purge -y wget apt-transport-https && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* \
&& TMP_DIR=$(mktemp --directory) \
&& cd ${TMP_DIR} \
&& curl -sSL https://dl.k8s.io/v${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz | tar -zxv --strip-components=1 \
&& mv ${TMP_DIR}/client/bin/kubectl /usr/bin/kubectl \
&& chmod +x /usr/bin/kubectl \
&& rm -rf ${TMP_DIR}
CMD ["/bin/bash"]

37
Dockerfiles/compute-utility/Makefile Normal file
View File

@ -0,0 +1,37 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
SHELL := /bin/bash
DOCKER_REGISTRY ?= quay.io
IMAGE_NAME ?= compute-utility
IMAGE_PREFIX ?= attcomdev
IMAGE_TAG ?= latest
LABEL ?= mimic
IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}
# Build compute-utility Docker image for this project
.PHONY: images
images: build_$(IMAGE_NAME)
# Make targets intended for use by the primary targets above.
.PHONY: build_$(IMAGE_NAME)
build_$(IMAGE_NAME):
docker build -f Dockerfile.${DISTRO} \
--network host \
-t $(IMAGE) \
--label $(LABEL) \
.

16
Dockerfiles/compute-utility/build.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
set -xe
SCRIPT=`realpath $0`
SCRIPT_DIR=`dirname ${SCRIPT}`
## Only build from main folder
cd ${SCRIPT_DIR}/..
IMAGE="compute-utility"
VERSION=${VERSION:-latest}
DISTRO=${DISTRO:-ubuntu_xenial}
REGISTRY_URI=${REGISTRY_URI:-"openstackhelm/"}
EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""}
docker build -f ${IMAGE}/Dockerfile.${DISTRO} \
--network=host -t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} \
${extra_build_args} \
${IMAGE}

20
compute-utility/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: porthole Compute Client
name: compute-utility
version: 0.1.0
---

18
compute-utility/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

19
compute-utility/templates/bin/_bootstrap.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sudo /tmp/start.sh
tail -f /var/log/syslog

32
compute-utility/templates/bin/_start.sh.tpl Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
/etc/init.d/rsyslog start
{{/*
These lines will disable extra handler, extra formatter, extra level to the
root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
These lines will get rid of duplicate logs, generated because of the formatter
attached by oslo-rootwrap.
*/}}
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
# for readiness probe
touch /tmp/done

16
compute-utility/templates/bin/_utilscli-sudo.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/compute-utility-rootwrap *

53
compute-utility/templates/bin/utility/_compute-utility-rootwrap.tpl Normal file
View File

@ -0,0 +1,53 @@
#!/usr/bin/python
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
# PBR Generated from u'console_scripts'
import sys
import os
import logging
#import getpass
from oslo_rootwrap.cmd import main
exec_name = sys.argv[0]
host_name = os.environ.get("HOSTNAME")
log_level = {{ .Values.conf.computerootwrapconf.DEFAULT.syslog_log_level | quote }}
facility = {{ .Values.conf.computerootwrapconf.DEFAULT.syslog_log_facility | quote }}
if "AUSER" in os.environ:
user_id = os.environ["AUSER"]
elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
os.environ["AUSER"] = "development site" #getpass.getuser()
user_id = os.environ["AUSER"]
else:
print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
exit()
try:
handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility)
except IOError:
print("Unable to setup logging, for security reasons access restricted from connecting to container.")
exit()
formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' +
os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s')
handler.setFormatter(formatter)
root = logging.getLogger()
root.setLevel(log_level)
root.addHandler(handler)
if __name__ == "__main__":
sys.exit(main())

53
compute-utility/templates/bin/utility/_compute.tpl Normal file
View File

@ -0,0 +1,53 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
usage() {
echo "Usage: utilscli <component> <hostname> <cli options>"
exit 1
}
COMPONENT=$0;
HOSTNAME=$1; shift
COMMAND=$1; shift
OPTIONS="$@"
if [[ -z "${COMPONENT}" || -z "${HOSTNAME}" || -z "$COMMAND" ]]; then
echo "ERROR: Missing command line argument(s)!"
usage
exit 1
fi
# remove the /tmp, then only search on the first half of the component (second half should be -client)
prefix="/tmp/"
suffix="-client"
COMP1=${COMPONENT#"$prefix"}
COMP=${COMP1%"$suffix"}
# find the pod for the component and hostname
POD=$(kubectl get pod -n openstack -o wide | grep -i $COMP | grep $HOSTNAME | awk '{print $1}')
if [[ -z "${POD}" ]]; then
echo "ERROR: Could not find matching pod for host $HOSTNAME and component $COMP1"
usage
exit 1
fi
# run the command
result=$(kubectl exec -it $POD -n openstack -- $COMMAND $OPTIONS)
echo "$result"
exit 0

17
compute-utility/templates/bin/utility/_utilscli.tpl Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/compute-utility-rootwrap /etc/compute-utility/rootwrap.conf $*"

66
compute-utility/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,66 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_bin .Values.deployment.compute }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
compute-utility-rootwrap: |
{{ tuple "bin/utility/_compute-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovs-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
libvirt-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ipmi-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
perccli-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
numa-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
sos-client: |
{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
data:
utilscli: |
{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bootstrap.sh: |
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

30
compute-utility/templates/configmap-etc-client.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_client .Values.deployment.compute }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
data:
rootwrap.conf: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.computerootwrapconf | indent 4 }}
compute-rootwrap-filter: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.computefilter | indent 4 }}
{{- end }}

27
compute-utility/templates/configmap-etc-sudoers.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.compute }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
data:
utilscli-sudo: |
{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

169
compute-utility/templates/deployment-utility.yaml Normal file
View File

@ -0,0 +1,169 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.compute .Values.conf.features.utility) }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- get
- list
- watch
- exec
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
labels:
{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.utility }}
selector:
matchLabels:
{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
annotations:
{{ tuple . | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
runAsUser: 65534
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
containers:
- name: {{ printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "compute_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.compute_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/bootstrap.sh
readinessProbe:
exec:
command:
- cat
- /tmp/done
initialDelaySeconds: 5
periodSeconds: 15
livenessProbe:
exec:
command:
- utilscli
initialDelaySeconds: 5
periodSeconds: 15
volumeMounts:
- name: compute-utility-bin-utilscli
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
- name: compute-utility-bin-utilscli
mountPath: /usr/local/bin/utilscli
subPath: utilscli
readOnly: true
- name: compute-utility-bin
mountPath: /usr/local/bin/compute-utility-rootwrap
subPath: compute-utility-rootwrap
readOnly: true
- name: compute-utility-sudoers
mountPath: /etc/sudoers.d/utilscli-sudo
subPath: utilscli-sudo
readOnly: true
- name: compute-utility-etc
mountPath: /etc/compute-utility/rootwrap.d/compute-rootwrap-filter
subPath: compute-rootwrap-filter
readOnly: true
- name: compute-utility-etc
mountPath: /etc/compute-utility/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/ovs-client
subPath: ovs-client
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/libvirt-client
subPath: libvirt-client
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/ipmi-client
subPath: ipmi-client
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/perccli-client
subPath: perccli-client
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/numa-client
subPath: numa-client
readOnly: true
- name: compute-utility-bin
mountPath: /tmp/sos-client
subPath: sos-client
readOnly: true
volumes:
- name: compute-utility-sudoers
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
defaultMode: 0644
- name: compute-utility-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
defaultMode: 0555
- name: compute-utility-etc
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
defaultMode: 0555
- name: compute-utility-bin-utilscli
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
defaultMode: 0755
{{- end }}

151
compute-utility/values.yaml Normal file
View File

@ -0,0 +1,151 @@
# Default values for compute-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value
deployment:
compute: true
release_group: null
release_uuid: null
images:
pull_policy: IfNotPresent
tags:
#compute_utility: 'quay.io/attcomdev/compute-utility:latest'
compute_utility: 'docker.io/mhmiddleton/mhmuc:compute-utility_v0.0.1'
#image_repo_sync: docker.io/docker:17.07.0
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
pod:
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
utility:
requests:
memory: "100Mi"
cpu: "250m"
limits:
memory: "250Mi"
cpu: "500m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
features:
utility: true
computeconf:
etc: compute-etc
computefilter:
Filters:
# compute-rootwrap command filters for compute utility container
# This file should be owned by (and only-writeable by) the root user
ovs-client: CommandFilter, ovs-client, root
libvirt-client: CommandFilter, libvirt-client, root
ipmi-client: CommandFilter, ipmi-client, root
perccli-client: CommandFilter, perccli-client, root
numa-client: CommandFilter, numa-client, root
sos-client: CommandFilter, sos-client, root
kubectl: CommandFilter, kubectl, root
computerootwrapconf:
DEFAULT:
# Configuration for compute-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/compute-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
utility:
# True for development labs,
# False where jump hosts will be integrated
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- compute-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_utility: true

18
install_compute_utility.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
set -xe
#NOTE: Lint and package chart
: ${OSH_INFRA_PATH:="../../openstack-helm-infra"}
make compute-utility
helm upgrade --install compute-utility compute-utility --namespace=utility
#NOTE: Wait for deploy
./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility
#NOTE: Validate Deployment info
kubectl get -n utility jobs
kubectl get -n utility secrets
kubectl get -n utility configmaps
kubectl get -n utility pods

36
zuul.d/compute-utility.yaml Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
check:
jobs:
- porthole-compute-utility-lint-ws
gate:
jobs:
- porthole-compute-utility-lint-ws
- nodeset:
name: porthole-compute-utility-single-node
nodes:
- name: primary
label: ubuntu-xenial
- job:
name: porthole-compute-utility-lint-ws
description: |
Lints all files by checking them for whitespace.
run: tools/gate/playbooks/zuul-linter.yaml
timeout: 300
nodeset: porthole-compute-utility-single-node