diff --git a/grafana/templates/bin/_datasource.sh.tpl b/grafana/templates/bin/_datasource.sh.tpl deleted file mode 100644 index 2176f282d..000000000 --- a/grafana/templates/bin/_datasource.sh.tpl +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -exec curl "http://${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}@${GRAFANA_SERVICE}:${GRAFANA_PORT}/api/datasources" \ - -H "Content-Type: application/json;charset=UTF-8" --data-binary \ - {{- with .Values.conf.datasource }} - "{\"name\":\"{{ .name }}\",\"type\":\"{{ .type }}\",\"url\":\"$PROMETHEUS_URL\",\"database\":\"{{ .database }}\",\"jsonData\":{ {{ .jsonData }} },\"access\":\"{{ .access }}\",\"isDefault\":{{ .isDefault }}}" - {{- end }} diff --git a/grafana/templates/bin/_helm-tests.sh.tpl b/grafana/templates/bin/_helm-tests.sh.tpl new file mode 100644 index 000000000..9d0a76a42 --- /dev/null +++ b/grafana/templates/bin/_helm-tests.sh.tpl @@ -0,0 +1,50 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +set -ex + +function check_datasource () { + echo "Verifying prometheus datasource configured" + datasource_type=$(curl -K- <<< "--user ${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}" \ + "${GRAFANA_ENDPOINT}/api/datasources" \ + | python -c "import sys, json; print json.load(sys.stdin)[0]['type']") + if [ "$datasource_type" == "prometheus" ]; + then + echo "PASS: Prometheus datasource found!"; + else + echo "FAIL: Prometheus datasource not found!"; + exit 1; + fi +} + +function check_dashboard_count () { + echo "Verifying number of configured dashboards" + dashboard_count=$(curl -K- <<< "--user ${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}" \ + "${GRAFANA_ENDPOINT}/api/admin/stats" \ + | python -c "import sys, json; print json.load(sys.stdin)['dashboards']") + if [ "$dashboard_count" == "$DASHBOARD_COUNT" ]; + then + echo "PASS: Reported number:$dashboard_count, expected number: $DASHBOARD_COUNT"; + else + echo "FAIL: Reported number:$dashboard_count, expected number: $DASHBOARD_COUNT"; + exit 1; + fi +} + +check_datasource +check_dashboard_count diff --git a/grafana/templates/configmap-bin.yaml b/grafana/templates/configmap-bin.yaml index e7efdd4c2..a5c975c61 100644 --- a/grafana/templates/configmap-bin.yaml +++ b/grafana/templates/configmap-bin.yaml @@ -28,8 +28,8 @@ data: {{ tuple "bin/_db-session-sync.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - datasource.sh: | -{{ tuple "bin/_datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + helm-tests.sh: | +{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} grafana.sh: | {{ tuple "bin/_grafana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/grafana/templates/configmap-etc.yaml b/grafana/templates/configmap-etc.yaml index e66e1ebd5..4a05f637f 100644 --- a/grafana/templates/configmap-etc.yaml +++ b/grafana/templates/configmap-etc.yaml @@ -35,8 +35,16 @@ kind: ConfigMap metadata: name: grafana-etc data: + datasources.yaml: | +{{ toYaml .Values.conf.provisioning.datasources | indent 4 }} + dashboards.yaml: | +{{ toYaml .Values.conf.provisioning.dashboards | indent 4 }} grafana.ini: | {{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }} +{{ if not (empty .Values.conf.ldap) }} + ldap.toml: | +{{ .Values.conf.ldap | indent 4 }} +{{ end }} {{ range $key, $value := .Values.conf.dashboards }} {{$key}}.json: | {{ toJson $value | indent 4 }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index c56164a4e..73cd04923 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -69,16 +69,29 @@ spec: secretKeyRef: name: grafana-admin-creds key: GRAFANA_ADMIN_PASSWORD + - name: PROMETHEUS_URL + value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} volumeMounts: - name: pod-etc-grafana mountPath: /etc/grafana + - name: pod-provisioning-grafana + mountPath: /var/lib/grafana/provisioning - name: grafana-bin mountPath: /tmp/grafana.sh subPath: grafana.sh readOnly: true + - name: grafana-etc + mountPath: /var/lib/grafana/provisioning/dashboards/dashboards.yaml + subPath: dashboards.yaml + - name: grafana-etc + mountPath: /var/lib/grafana/provisioning/datasources/datasources.yaml + subPath: datasources.yaml - name: grafana-etc mountPath: /etc/grafana/grafana.ini subPath: grafana.ini + - name: grafana-etc + mountPath: /etc/grafana/ldap.toml + subPath: ldap.toml - name: data mountPath: /var/lib/grafana/data {{- range $key, $value := .Values.conf.dashboards }} @@ -90,6 +103,8 @@ spec: volumes: - name: pod-etc-grafana emptyDir: {} + - name: pod-provisioning-grafana + emptyDir: {} - name: grafana-bin configMap: name: grafana-bin diff --git a/grafana/templates/job-prometheus-datasource.yaml b/grafana/templates/job-prometheus-datasource.yaml deleted file mode 100644 index fbea030a5..000000000 --- a/grafana/templates/job-prometheus-datasource.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_datasource }} -{{- $envAll := . }} - -{{- $serviceAccountName := "grafana-register-datasource" }} -{{ tuple $envAll "register_datasource" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: grafana-register-datasource -spec: - template: - metadata: - labels: -{{ tuple $envAll "grafana" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll "register_datasource" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: grafana-datasource -{{ tuple $envAll "datasource" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.datasource | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/datasource.sh - env: - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: grafana-admin-creds - key: GRAFANA_ADMIN_USERNAME - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: grafana-admin-creds - key: GRAFANA_ADMIN_PASSWORD - - name: GRAFANA_SERVICE - value: {{ tuple "grafana" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - - name: GRAFANA_PORT - value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - - name: PROMETHEUS_URL - value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} - volumeMounts: - - name: grafana-bin - mountPath: /tmp/datasource.sh - subPath: datasource.sh - readOnly: true - volumes: - - name: grafana-bin - configMap: - name: grafana-bin - defaultMode: 0555 -{{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml new file mode 100644 index 000000000..13aaf500d --- /dev/null +++ b/grafana/templates/pod-helm-tests.yaml @@ -0,0 +1,60 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.helm_tests }} +{{- $dashboardCount := len .Values.conf.dashboards }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + annotations: + "helm.sh/hook": test-success +spec: + restartPolicy: Never + containers: + - name: {{.Release.Name}}-helm-tests +{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + command: + - /tmp/helm-tests.sh + env: + - name: DASHBOARD_COUNT + value: {{ $dashboardCount | quote }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: grafana-admin-creds + key: GRAFANA_ADMIN_USERNAME + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-creds + key: GRAFANA_ADMIN_PASSWORD + - name: GRAFANA_ENDPOINT + value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + volumeMounts: + - name: grafana-bin + mountPath: /tmp/helm-tests.sh + subPath: helm-tests.sh + readOnly: true + volumes: + - name: grafana-bin + configMap: + name: grafana-bin + defaultMode: 0555 +{{- end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index f1f8127c0..7c62ad8fc 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -18,11 +18,11 @@ images: tags: - grafana: docker.io/grafana/grafana:4.5.2 - datasource: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + grafana: docker.io/grafana/grafana:5.0.0 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 grafana_db_session_sync: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -101,6 +101,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" grafana: requests: memory: "128Mi" @@ -165,7 +172,7 @@ endpoints: auth: admin: username: admin - password: admin + password: password hosts: default: grafana-dashboard public: grafana @@ -195,6 +202,21 @@ endpoints: api: default: 9090 public: 80 + ldap: + hosts: + default: ldap + auth: + admin: + password: password + host_fqdn_override: + default: null + path: + default: "/ou=People,dc=cluster,dc=local" + scheme: + default: ldap + port: + ldap: + default: 389 dependencies: dynamic: @@ -231,7 +253,7 @@ dependencies: services: - endpoint: internal service: local_image_registry - register_datasource: + tests: services: - endpoint: internal service: grafana @@ -263,10 +285,10 @@ manifests: configmap_etc: true deployment: true ingress: true + helm_tests: true job_db_init: true job_db_init_session: true job_db_session_sync: true - job_datasource: true job_image_repo_sync: true secret_db: true secret_db_session: true @@ -275,16 +297,67 @@ manifests: service_ingress: true conf: - datasource: - name: prometheus - type: prometheus - database: - access: proxy - isDefault: true + ldap: | + verbose_logging = true + + [[servers]] + host = "ldap.openstack.svc.cluster.local" + port = 389 + use_ssl = false + start_tls = false + ssl_skip_verify = false + bind_dn = "cn=admin,dc=cluster,dc=local" + bind_password = 'password' + search_filter = "(uid=%s)" + search_base_dns = ["dc=cluster,dc=local"] + group_search_filter = "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))" + group_search_base_dns = ["ou=Groups,dc=cluster,dc=local"] + + [servers.attributes] + username = "uid" + surname = "sn" + member_of = "cn" + email = "mail" + + [[servers.group_mappings]] + group_dn = "cn=admin,dc=cluster,dc=local" + org_role = "Admin" + + [[servers.group_mappings]] + group_dn = "*" + org_role = "Editor" + provisioning: + dashboards: + apiVersion: 1 + providers: + - name: 'osh-infra-dashboards' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: false + options: + path: /var/lib/grafana/dashboards + datasources: + apiVersion: 1 + datasources: + - name: prometheus + type: prometheus + access: proxy + orgId: 1 + editable: true + url: 'http://prom-metrics.openstack.svc.cluster.local:9090' grafana: + auth.basic: + enabled: true + auth.ldap: + enabled: true + config_file: /etc/grafana/ldap.toml + allow_sign_up: true paths: data: /var/lib/grafana/data plugins: /var/lib/grafana/plugins + provisioning: /var/lib/grafana/provisioning server: protocol: http http_port: 3000 @@ -306,17 +379,10 @@ conf: allow_sign_up: false allow_org_create: false auto_assign_org: true - auto_assign_org_role: Admin default_theme: dark log: mode: console level: info - log.console: - level: info - format: console - dashboards.json: - enabled: true - path: /var/lib/grafana/dashboards grafana_net: url: https://grafana.net dashboards: diff --git a/tools/deployment/multinode/090-grafana.sh b/tools/deployment/multinode/090-grafana.sh index dc05d79c6..bd40824d1 100755 --- a/tools/deployment/multinode/090-grafana.sh +++ b/tools/deployment/multinode/090-grafana.sh @@ -52,3 +52,6 @@ helm upgrade --install grafana ./grafana \ #NOTE: Validate Deployment info helm status grafana + +#NOTE: Run helm tests +helm test grafana