diff --git a/Compute_Utility_Readme b/Compute_Utility_Readme new file mode 100644 index 00000000..191366c0 --- /dev/null +++ b/Compute_Utility_Readme @@ -0,0 +1,121 @@ +Compute Utility Container +----------------- +Prerequisites: Deploy OSH-AIO + + +Installation +------------ +1. Add the below to /etc/sudoers + +root ALL=(ALL) NOPASSWD: ALL +ubuntu ALL=(ALL) NOPASSWD: ALL + +2. Install the latest versions of Git, CA Certs & Make if necessary + +#!/bin/bash +set -xe + +sudo apt-get update +sudo apt-get install --no-install-recommends -y \ + ca-certificates \ + git \ + make \ + jq \ + nmap \ + curl \ + uuid-runtime + +3. Proxy Configuration + +Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables. + +export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local +export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local + +4. Clone the OpenStack-Helm Repos + + +git clone https://git.openstack.org/openstack/openstack-helm-infra.git +git clone https://git.openstack.org/openstack/openstack-helm.git + +In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml. + +proxy: + http: http://username:password@host:port + https: https://username:password@host:port + noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local + + +5. Deploy Kubernetes & Helm + +cd openstack-helm +./tools/deployment/developer/common/010-deploy-k8s.sh + +6. Install OpenStack-Helm + +Setup Clients on the host and assemble the charts +./tools/deployment/developer/common/020-setup-client.sh + +Deploy the ingress controller +./tools/deployment/developer/common/030-ingress.sh + +7. Deploy Ceph + +./tools/deployment/developer/ceph/040-ceph.sh + + Activate the namespace to be able to use Ceph + ./tools/deployment/developer/ceph/045-ceph-ns-activate.sh + +8. Deploy Keystone +./tools/deployment/developer/ceph/080-keystone.sh + +9. Deploy Heat +./tools/deployment/developer/ceph/090-heat.sh + +10. Deploy Horizon +./tools/deployment/developer/ceph/100-horizon.sh + +11. Deploy Glance +./tools/deployment/developer/ceph/120-glance.sh + +12. Deploy Cinder +./tools/deployment/developer/ceph/130-cinder.sh + +13. Deploy LibVirt # required if you want to test compute-utility functionality +./tools/deployment/developer/ceph/150-libvirt.sh + +14. Deploy Compute Kit (Nova and Neutron) +./tools/deployment/developer/ceph/160-compute-kit.sh + +15. To run further commands from the CLI manually, execute the following to set up authentication credentials +export OS_CLOUD=openstack_helm + +16. Clone the Porthole and compute utility repo as well. + +git clone https://review.opendev.org/airship/porthole + +cd porthole +./install_compute_utility.sh + +Usage +----- + +Get in to the utility pod using kubectl exec. To perform any operation use the below example. + +kubectl exec -it -n utility /bin/bash + +Run the utilscli with commands formatted: utilscli + +example: + utilscli libvirt-client mtn16r001c002 virsh list + + +Accepted client-names are: + libvirt-client + ovs-client + ipmi-client + perccli-client + numa-client + sos-client + +Commands for each client vary with the client. diff --git a/Dockerfiles/compute-utility/Dockerfile.ubuntu_xenial b/Dockerfiles/compute-utility/Dockerfile.ubuntu_xenial new file mode 100755 index 00000000..5d4c5df5 --- /dev/null +++ b/Dockerfiles/compute-utility/Dockerfile.ubuntu_xenial @@ -0,0 +1,19 @@ +ARG FROM=docker.io/ubuntu:xenial +FROM ${FROM} + +ARG KUBE_VERSION=1.12.2 + +RUN set -xe \ + && sed -i '/nobody/d' /etc/passwd \ + && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \ + && apt-get update && apt-get dist-upgrade -y \ + && apt-get install -y wget curl apt-transport-https ca-certificates gnupg\ + && apt-get update && apt-get install -y bash python-oslo.rootwrap moreutils vim sudo screen radosgw rsyslog hexedit jq s3cmd rsync xz-utils iperf \ + && apt-get remove --purge -y wget apt-transport-https && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* \ + && TMP_DIR=$(mktemp --directory) \ + && cd ${TMP_DIR} \ + && curl -sSL https://dl.k8s.io/v${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz | tar -zxv --strip-components=1 \ + && mv ${TMP_DIR}/client/bin/kubectl /usr/bin/kubectl \ + && chmod +x /usr/bin/kubectl \ + && rm -rf ${TMP_DIR} +CMD ["/bin/bash"] diff --git a/Dockerfiles/compute-utility/Makefile b/Dockerfiles/compute-utility/Makefile new file mode 100644 index 00000000..0e67096b --- /dev/null +++ b/Dockerfiles/compute-utility/Makefile @@ -0,0 +1,37 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +SHELL := /bin/bash + +DOCKER_REGISTRY ?= quay.io +IMAGE_NAME ?= compute-utility +IMAGE_PREFIX ?= attcomdev +IMAGE_TAG ?= latest +LABEL ?= mimic + +IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG} + +# Build compute-utility Docker image for this project +.PHONY: images +images: build_$(IMAGE_NAME) + +# Make targets intended for use by the primary targets above. +.PHONY: build_$(IMAGE_NAME) +build_$(IMAGE_NAME): + docker build -f Dockerfile.${DISTRO} \ + --network host \ + -t $(IMAGE) \ + --label $(LABEL) \ + . diff --git a/Dockerfiles/compute-utility/build.sh b/Dockerfiles/compute-utility/build.sh new file mode 100755 index 00000000..600899d5 --- /dev/null +++ b/Dockerfiles/compute-utility/build.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -xe +SCRIPT=`realpath $0` +SCRIPT_DIR=`dirname ${SCRIPT}` +## Only build from main folder +cd ${SCRIPT_DIR}/.. + +IMAGE="compute-utility" +VERSION=${VERSION:-latest} +DISTRO=${DISTRO:-ubuntu_xenial} +REGISTRY_URI=${REGISTRY_URI:-"openstackhelm/"} +EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""} +docker build -f ${IMAGE}/Dockerfile.${DISTRO} \ +--network=host -t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} \ +${extra_build_args} \ +${IMAGE} diff --git a/compute-utility/Chart.yaml b/compute-utility/Chart.yaml new file mode 100644 index 00000000..20cddf4d --- /dev/null +++ b/compute-utility/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: porthole Compute Client +name: compute-utility +version: 0.1.0 + +--- diff --git a/compute-utility/requirements.yaml b/compute-utility/requirements.yaml new file mode 100644 index 00000000..e69c985d --- /dev/null +++ b/compute-utility/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/compute-utility/templates/bin/_bootstrap.sh.tpl b/compute-utility/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 00000000..4b5d093a --- /dev/null +++ b/compute-utility/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +sudo /tmp/start.sh +tail -f /var/log/syslog diff --git a/compute-utility/templates/bin/_start.sh.tpl b/compute-utility/templates/bin/_start.sh.tpl new file mode 100644 index 00000000..8ea307ef --- /dev/null +++ b/compute-utility/templates/bin/_start.sh.tpl @@ -0,0 +1,32 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf +/etc/init.d/rsyslog start +{{/* +These lines will disable extra handler, extra formatter, extra level to the +root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. +These lines will get rid of duplicate logs, generated because of the formatter +attached by oslo-rootwrap. +*/}} +sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py + +# for readiness probe +touch /tmp/done diff --git a/compute-utility/templates/bin/_utilscli-sudo.tpl b/compute-utility/templates/bin/_utilscli-sudo.tpl new file mode 100644 index 00000000..68bff331 --- /dev/null +++ b/compute-utility/templates/bin/_utilscli-sudo.tpl @@ -0,0 +1,16 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/compute-utility-rootwrap * diff --git a/compute-utility/templates/bin/utility/_compute-utility-rootwrap.tpl b/compute-utility/templates/bin/utility/_compute-utility-rootwrap.tpl new file mode 100644 index 00000000..e0681479 --- /dev/null +++ b/compute-utility/templates/bin/utility/_compute-utility-rootwrap.tpl @@ -0,0 +1,53 @@ +#!/usr/bin/python +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +# PBR Generated from u'console_scripts' +import sys +import os +import logging +#import getpass +from oslo_rootwrap.cmd import main + +exec_name = sys.argv[0] +host_name = os.environ.get("HOSTNAME") +log_level = {{ .Values.conf.computerootwrapconf.DEFAULT.syslog_log_level | quote }} +facility = {{ .Values.conf.computerootwrapconf.DEFAULT.syslog_log_facility | quote }} + +if "AUSER" in os.environ: + user_id = os.environ["AUSER"] +elif {{ .Values.conf.utility.always_log_user | quote }} == 'true': + os.environ["AUSER"] = "development site" #getpass.getuser() + user_id = os.environ["AUSER"] +else: + print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.") + exit() + +try: + handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility) +except IOError: + print("Unable to setup logging, for security reasons access restricted from connecting to container.") + exit() + +formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') +handler.setFormatter(formatter) +root = logging.getLogger() +root.setLevel(log_level) +root.addHandler(handler) + +if __name__ == "__main__": + sys.exit(main()) + diff --git a/compute-utility/templates/bin/utility/_compute.tpl b/compute-utility/templates/bin/utility/_compute.tpl new file mode 100644 index 00000000..53a6adda --- /dev/null +++ b/compute-utility/templates/bin/utility/_compute.tpl @@ -0,0 +1,53 @@ +#!/bin/bash + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +usage() { + echo "Usage: utilscli " + exit 1 +} + +COMPONENT=$0; +HOSTNAME=$1; shift +COMMAND=$1; shift +OPTIONS="$@" + +if [[ -z "${COMPONENT}" || -z "${HOSTNAME}" || -z "$COMMAND" ]]; then + echo "ERROR: Missing command line argument(s)!" + usage + exit 1 +fi + +# remove the /tmp, then only search on the first half of the component (second half should be -client) +prefix="/tmp/" +suffix="-client" +COMP1=${COMPONENT#"$prefix"} +COMP=${COMP1%"$suffix"} + +# find the pod for the component and hostname +POD=$(kubectl get pod -n openstack -o wide | grep -i $COMP | grep $HOSTNAME | awk '{print $1}') +if [[ -z "${POD}" ]]; then + echo "ERROR: Could not find matching pod for host $HOSTNAME and component $COMP1" + usage + exit 1 +fi +# run the command +result=$(kubectl exec -it $POD -n openstack -- $COMMAND $OPTIONS) + +echo "$result" + +exit 0 diff --git a/compute-utility/templates/bin/utility/_utilscli.tpl b/compute-utility/templates/bin/utility/_utilscli.tpl new file mode 100644 index 00000000..627b19da --- /dev/null +++ b/compute-utility/templates/bin/utility/_utilscli.tpl @@ -0,0 +1,17 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/compute-utility-rootwrap /etc/compute-utility/rootwrap.conf $*" diff --git a/compute-utility/templates/configmap-bin.yaml b/compute-utility/templates/configmap-bin.yaml new file mode 100644 index 00000000..5075717a --- /dev/null +++ b/compute-utility/templates/configmap-bin.yaml @@ -0,0 +1,66 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_bin .Values.deployment.compute }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + compute-utility-rootwrap: | +{{ tuple "bin/utility/_compute-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + ovs-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + libvirt-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + ipmi-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + perccli-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + numa-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + sos-client: | +{{ tuple "bin/utility/_compute.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} +data: + utilscli: | +{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +{{- end }} diff --git a/compute-utility/templates/configmap-etc-client.yaml b/compute-utility/templates/configmap-etc-client.yaml new file mode 100644 index 00000000..c9216a13 --- /dev/null +++ b/compute-utility/templates/configmap-etc-client.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_client .Values.deployment.compute }} +{{- $envAll := . }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} +data: + rootwrap.conf: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.computerootwrapconf | indent 4 }} + compute-rootwrap-filter: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.computefilter | indent 4 }} +{{- end }} diff --git a/compute-utility/templates/configmap-etc-sudoers.yaml b/compute-utility/templates/configmap-etc-sudoers.yaml new file mode 100644 index 00000000..f6f3d161 --- /dev/null +++ b/compute-utility/templates/configmap-etc-sudoers.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.compute }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} +data: + utilscli-sudo: | +{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/compute-utility/templates/deployment-utility.yaml b/compute-utility/templates/deployment-utility.yaml new file mode 100644 index 00000000..3e79beb2 --- /dev/null +++ b/compute-utility/templates/deployment-utility.yaml @@ -0,0 +1,169 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.compute .Values.conf.features.utility) }} +{{- $envAll := . }} + +{{- $serviceAccountName := printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - get + - list + - watch + - exec + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ printf "%s" $envAll.Release.Name }} + labels: +{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.utility }} + selector: + matchLabels: +{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + name: {{ printf "%s" $envAll.Release.Name }} + annotations: + {{ tuple . | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + securityContext: + runAsUser: 65534 + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "compute" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }} + containers: + - name: {{ printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "compute_utility" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.compute_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/bootstrap.sh + readinessProbe: + exec: + command: + - cat + - /tmp/done + initialDelaySeconds: 5 + periodSeconds: 15 + livenessProbe: + exec: + command: + - utilscli + initialDelaySeconds: 5 + periodSeconds: 15 + volumeMounts: + - name: compute-utility-bin-utilscli + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: compute-utility-bin-utilscli + mountPath: /usr/local/bin/utilscli + subPath: utilscli + readOnly: true + - name: compute-utility-bin + mountPath: /usr/local/bin/compute-utility-rootwrap + subPath: compute-utility-rootwrap + readOnly: true + - name: compute-utility-sudoers + mountPath: /etc/sudoers.d/utilscli-sudo + subPath: utilscli-sudo + readOnly: true + - name: compute-utility-etc + mountPath: /etc/compute-utility/rootwrap.d/compute-rootwrap-filter + subPath: compute-rootwrap-filter + readOnly: true + - name: compute-utility-etc + mountPath: /etc/compute-utility/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/ovs-client + subPath: ovs-client + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/libvirt-client + subPath: libvirt-client + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/ipmi-client + subPath: ipmi-client + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/perccli-client + subPath: perccli-client + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/numa-client + subPath: numa-client + readOnly: true + - name: compute-utility-bin + mountPath: /tmp/sos-client + subPath: sos-client + readOnly: true + + volumes: + - name: compute-utility-sudoers + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} + defaultMode: 0644 + - name: compute-utility-bin + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} + defaultMode: 0555 + - name: compute-utility-etc + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} + defaultMode: 0555 + - name: compute-utility-bin-utilscli + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} + defaultMode: 0755 + +{{- end }} diff --git a/compute-utility/values.yaml b/compute-utility/values.yaml new file mode 100644 index 00000000..6b035d6d --- /dev/null +++ b/compute-utility/values.yaml @@ -0,0 +1,151 @@ +# Default values for compute-utility. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +# name: value + + +deployment: + compute: true + +release_group: null +release_uuid: null + +images: + pull_policy: IfNotPresent + tags: + #compute_utility: 'quay.io/attcomdev/compute-utility:latest' + compute_utility: 'docker.io/mhmiddleton/mhmuc:compute-utility_v0.0.1' + #image_repo_sync: docker.io/docker:17.07.0 + + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + utility: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + +pod: + dns_policy: "ClusterFirstWithHostNet" + replicas: + utility: 1 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + resources: + enabled: false + utility: + requests: + memory: "100Mi" + cpu: "250m" + limits: + memory: "250Mi" + cpu: "500m" + jobs: + bootstrap: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +conf: + features: + utility: true + computeconf: + etc: compute-etc + computefilter: + Filters: + # compute-rootwrap command filters for compute utility container + # This file should be owned by (and only-writeable by) the root user + ovs-client: CommandFilter, ovs-client, root + libvirt-client: CommandFilter, libvirt-client, root + ipmi-client: CommandFilter, ipmi-client, root + perccli-client: CommandFilter, perccli-client, root + numa-client: CommandFilter, numa-client, root + sos-client: CommandFilter, sos-client, root + kubectl: CommandFilter, kubectl, root + computerootwrapconf: + DEFAULT: + # Configuration for compute-rootwrap + # This file should be owned by (and only-writeable by) the root user + # List of directories to load filter definitions from (separated by ','). + # These directories MUST all be only writeable by root ! + filters_path: /etc/compute-utility/rootwrap.d + # List of directories to search executables in, in case filters do not + # explicitely specify a full path (separated by ',') + # If not specified, defaults to system PATH environment variable. + # These directories MUST all be only writeable by root ! + exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp + # Enable logging to syslog + # Default value is False + use_syslog: True + # Which syslog facility to use. + # Valid values include auth, authpriv, syslog, local0, local1... + # Default value is 'syslog' + syslog_log_facility: syslog + # Which messages to log. + # INFO means log all usage + # ERROR means only log unsuccessful attempts + syslog_log_level: INFO + utility: + # True for development labs, + # False where jump hosts will be integrated + always_log_user: true + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - compute-utility-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +bootstrap: + enabled: true + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +monitoring: + prometheus: + enabled: true + +manifests: + configmap_bin: true + configmap_etc_client: true + configmap_etc_sudoers: true + deployment_utility: true diff --git a/install_compute_utility.sh b/install_compute_utility.sh new file mode 100755 index 00000000..7edf8176 --- /dev/null +++ b/install_compute_utility.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -xe + +#NOTE: Lint and package chart +: ${OSH_INFRA_PATH:="../../openstack-helm-infra"} + +make compute-utility + +helm upgrade --install compute-utility compute-utility --namespace=utility + +#NOTE: Wait for deploy +./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility + +#NOTE: Validate Deployment info +kubectl get -n utility jobs +kubectl get -n utility secrets +kubectl get -n utility configmaps +kubectl get -n utility pods diff --git a/zuul.d/compute-utility.yaml b/zuul.d/compute-utility.yaml new file mode 100644 index 00000000..c23cec4d --- /dev/null +++ b/zuul.d/compute-utility.yaml @@ -0,0 +1,36 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + check: + jobs: + - porthole-compute-utility-lint-ws + gate: + jobs: + - porthole-compute-utility-lint-ws + +- nodeset: + name: porthole-compute-utility-single-node + nodes: + - name: primary + label: ubuntu-xenial + +- job: + name: porthole-compute-utility-lint-ws + description: | + Lints all files by checking them for whitespace. + run: tools/gate/playbooks/zuul-linter.yaml + timeout: 300 + nodeset: porthole-compute-utility-single-node +