Rabbitmq Credential Management

- This PS implements job to create new user
for each chart

Change-Id: I7335ba4ad4bc9f70871100dbd9e6f030049abe07
This commit is contained in:
Renis 2018-02-03 21:16:34 -08:00
parent 62698f7ea7
commit 1ecc905b65
56 changed files with 1181 additions and 48 deletions

View File

@ -42,4 +42,6 @@ data:
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} {{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: | ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -35,6 +35,7 @@ images:
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
barbican_api: docker.io/openstackhelm/barbican:newton barbican_api: docker.io/openstackhelm/barbican:newton
rabbit_init: docker.io/rabbitmq:3.7-management
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
pod: pod:
@ -108,6 +109,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints: ks_endpoints:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -195,6 +203,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
conf: conf:
paste: paste:
@ -390,6 +402,9 @@ secrets:
oslo_db: oslo_db:
admin: barbican-db-admin admin: barbican-db-admin
barbican: barbican-db-user barbican: barbican-db-user
oslo_messaging:
admin: barbican-rabbitmq-admin
barbican: barbican-rabbitmq-user
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
@ -459,9 +474,12 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
barbican: admin:
username: rabbitmq username: rabbitmq
password: password password: password
barbican:
username: barbican
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -471,6 +489,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
hosts: hosts:
default: memcached default: memcached
@ -489,6 +509,7 @@ manifests:
job_db_init: true job_db_init: true
job_db_sync: true job_db_sync: true
job_db_drop: false job_db_drop: false
job_rabbit_init: true
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
@ -496,5 +517,6 @@ manifests:
pod_test: true pod_test: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true service_ingress_api: true
service_api: true service_api: true

View File

@ -51,4 +51,6 @@ data:
{{ tuple "bin/_ceilometer-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceilometer-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceilometer-notification.sh: | ceilometer-notification.sh: |
{{ tuple "bin/_ceilometer-notification.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceilometer-notification.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "ceilometer" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -46,6 +46,7 @@ images:
db_init_mongodb: docker.io/mongo:3.4.9-jessie db_init_mongodb: docker.io/mongo:3.4.9-jessie
db_init: docker.io/kolla/ubuntu-source-ceilometer-api:3.0.3 db_init: docker.io/kolla/ubuntu-source-ceilometer-api:3.0.3
ceilometer_db_sync: docker.io/kolla/ubuntu-source-ceilometer-api:3.0.3 ceilometer_db_sync: docker.io/kolla/ubuntu-source-ceilometer-api:3.0.3
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -1576,6 +1577,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
notification: notification:
jobs: jobs:
- ceilometer-db-init-mongodb - ceilometer-db-init-mongodb
@ -1612,6 +1617,9 @@ secrets:
mongodb: mongodb:
admin: ceilometer-mongodb-admin admin: ceilometer-mongodb-admin
ceilometer: ceilometer-mongodb-user ceilometer: ceilometer-mongodb-user
oslo_messaging:
admin: ceilometer-rabbitmq-admin
ceilometer: ceilometer-rabbitmq-user
bootstrap: bootstrap:
enabled: false enabled: false
@ -1768,9 +1776,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
ceilometer: admin:
username: rabbitmq username: rabbitmq
password: password password: password
ceilometer:
username: ceilometer
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -1780,6 +1791,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
pod: pod:
affinity: affinity:
@ -1886,6 +1899,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints: ks_endpoints:
requests: requests:
memory: "124Mi" memory: "124Mi"
@ -1931,10 +1951,12 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_api: true pdb_api: true
pod_rally_test: true pod_rally_test: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_mongodb: true secret_mongodb: true
secret_rabbitmq: true
service_api: true service_api: true
service_ingress_api: true service_ingress_api: true

View File

@ -61,4 +61,6 @@ data:
bootstrap.sh: | bootstrap.sh: |
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "cinder" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -47,6 +47,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
cinder_db_sync: docker.io/openstackhelm/cinder:newton cinder_db_sync: docker.io/openstackhelm/cinder:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -154,6 +155,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init: db_init:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -568,6 +576,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
scheduler: scheduler:
jobs: jobs:
- cinder-db-sync - cinder-db-sync
@ -622,6 +634,9 @@ secrets:
rbd: rbd:
backup: cinder-backup-rbd-keyring backup: cinder-backup-rbd-keyring
volume: cinder-volume-rbd-keyring volume: cinder-volume-rbd-keyring
oslo_messaging:
admin: cinder-rabbitmq-admin
cinder: cinder-rabbitmq-user
# We use a different layout of the endpoints here to account for versioning # We use a different layout of the endpoints here to account for versioning
# this swaps the service name and type, and should be rolled out to other # this swaps the service name and type, and should be rolled out to other
@ -762,9 +777,12 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
cinder: admin:
username: rabbitmq username: rabbitmq
password: password password: password
cinder:
username: cinder
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -774,6 +792,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
hosts: hosts:
default: memcached default: memcached
@ -796,6 +816,7 @@ manifests:
job_bootstrap: true job_bootstrap: true
job_clean: true job_clean: true
job_db_init: true job_db_init: true
job_rabbit_init: true
job_db_sync: true job_db_sync: true
job_db_drop: false job_db_drop: false
job_ks_endpoints: true job_ks_endpoints: true
@ -807,5 +828,6 @@ manifests:
pvc_backup: true pvc_backup: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_api: true service_api: true
service_ingress_api: true service_ingress_api: true

View File

@ -46,4 +46,6 @@ data:
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} {{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: | ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "congress" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -41,6 +41,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
congress_db_sync: docker.io/openstackhelm/congress:newton congress_db_sync: docker.io/openstackhelm/congress:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -130,6 +131,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
policy_engine: policy_engine:
jobs: jobs:
- congress-db-sync - congress-db-sync
@ -159,6 +164,9 @@ secrets:
admin: congress-db-admin admin: congress-db-admin
congress: congress-db-user congress: congress-db-user
rbd: images-rbd-keyring rbd: images-rbd-keyring
oslo_messaging:
admin: congress-rabbitmq-admin
congress: congress-rabbitmq-user
bootstrap: bootstrap:
enabled: false enabled: false
@ -242,9 +250,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
congress: admin:
username: rabbitmq username: rabbitmq
password: password password: password
congress:
username: congress
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -254,6 +265,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
policy: policy:
datasource_services: datasource_services:
@ -403,6 +416,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user: ks_user:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -450,6 +470,7 @@ manifests:
job_db_init: true job_db_init: true
job_db_sync: true job_db_sync: true
job_ds_create: true job_ds_create: true
job_rabbit_init: true
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
@ -457,3 +478,4 @@ manifests:
secret_keystone: true secret_keystone: true
service_api: true service_api: true
service_ingress_api: true service_ingress_api: true
secret_rabbitmq: true

View File

@ -55,4 +55,6 @@ data:
{{ tuple "bin/_clean-image.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_clean-image.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
clean-secrets.sh: | clean-secrets.sh: |
{{ tuple "bin/_clean-secrets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_clean-secrets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "glance" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -46,6 +46,7 @@ images:
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
glance_api: docker.io/openstackhelm/glance:newton glance_api: docker.io/openstackhelm/glance:newton
glance_registry: docker.io/openstackhelm/glance:newton glance_registry: docker.io/openstackhelm/glance:newton
# Bootstrap image requires curl # Bootstrap image requires curl
@ -356,6 +357,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
registry: registry:
jobs: jobs:
- glance-storage-init - glance-storage-init
@ -390,6 +395,10 @@ secrets:
admin: glance-db-admin admin: glance-db-admin
glance: glance-db-user glance: glance-db-user
rbd: images-rbd-keyring rbd: images-rbd-keyring
oslo_messaging:
admin: glance-rabbitmq-admin
glance: glance-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -493,9 +502,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
glance: admin:
username: rabbitmq username: rabbitmq
password: password password: password
glance:
username: glance
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -505,6 +517,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
ceph_object_store: ceph_object_store:
name: radosgw name: radosgw
namespace: ceph namespace: ceph
@ -632,6 +646,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap: bootstrap:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -663,12 +684,14 @@ manifests:
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_storage_init: true job_storage_init: true
job_rabbit_init: true
pdb_api: true pdb_api: true
pdb_registry: true pdb_registry: true
pod_rally_test: true pod_rally_test: true
pvc_images: true pvc_images: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true service_ingress_api: true
service_ingress_registry: true service_ingress_registry: true
service_api: true service_api: true

View File

@ -52,4 +52,6 @@ data:
{{ tuple "bin/_heat-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_heat-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
heat-engine-cleaner.sh: | heat-engine-cleaner.sh: |
{{ tuple "bin/_heat-engine-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_heat-engine-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "heat" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -42,6 +42,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
heat_db_sync: docker.io/openstackhelm/heat:newton heat_db_sync: docker.io/openstackhelm/heat:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -365,6 +366,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
trusts: trusts:
jobs: jobs:
- heat-ks-user - heat-ks-user
@ -384,6 +389,9 @@ secrets:
oslo_db: oslo_db:
admin: heat-db-admin admin: heat-db-admin
heat: heat-db-user heat: heat-db-user
oslo_messaging:
admin: heat-rabbitmq-admin
heat: heat-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -510,9 +518,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
heat: admin:
username: rabbitmq username: rabbitmq
password: password password: password
heat:
username: heat
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -522,6 +533,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
pod: pod:
user: user:
@ -664,6 +677,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -706,11 +726,13 @@ manifests:
job_ks_user_domain: true job_ks_user_domain: true
job_ks_user_trustee: true job_ks_user_trustee: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_api: true pdb_api: true
pdb_cfn: true pdb_cfn: true
pdb_cloudwatch: true pdb_cloudwatch: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_api: true service_api: true
service_cfn: true service_cfn: true
service_cloudwatch: true service_cloudwatch: true

View File

@ -0,0 +1,74 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.manifests.job_rabbit_init" -}}
{{- $envAll := index . "envAll" -}}
{{- $serviceName := index . "serviceName" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.rabbit_init -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "rabbit-init" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceUserPretty "rabbit-init" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "rabbit-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName | quote }}
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: rabbit-init
image: {{ $envAll.Values.images.tags.rabbit_init | quote }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.rabbit_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/rabbit-init.sh
volumeMounts:
- name: rabbit-init-sh
mountPath: /tmp/rabbit-init.sh
subPath: rabbit-init.sh
readOnly: true
env:
- name: RABBITMQ_ADMIN_CONNECTION
valueFrom:
secretKeyRef:
name: {{ $envAll.Values.secrets.oslo_messaging.admin }}
key: RABBITMQ_CONNECTION
- name: RABBITMQ_USER_CONNECTION
valueFrom:
secretKeyRef:
name: {{ index $envAll.Values.secrets.oslo_messaging $serviceName }}
key: RABBITMQ_CONNECTION
volumes:
- name: rabbit-init-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,67 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.scripts.rabbit_init" }}
#!/bin/bash
set -ex
# Extract connection details
RABBIT_HOSTNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \
| awk -F'[:/]' '{print $1}'`
RABBIT_PORT=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \
| awk -F'[:/]' '{print $2}'`
# Extract Admin User creadential
RABBITMQ_ADMIN_USERNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \
| awk -F'[//:]' '{print $4}'`
RABBITMQ_ADMIN_PASSWORD=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \
| awk -F'[//:]' '{print $5}'`
# Extract User creadential
RABBITMQ_USERNAME=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \
| awk -F'[//:]' '{print $4}'`
RABBITMQ_PASSWORD=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \
| awk -F'[//:]' '{print $5}'`
# Using admin creadential, list current rabbitmq users
rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \
--username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \
list users
# if user already exist, credentials will be overwritten
# Using admin creadential, adding new admin rabbitmq user"
rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \
--username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \
declare user name=$RABBITMQ_USERNAME password=$RABBITMQ_PASSWORD \
tags="administrator"
# Declare permissions for new user
rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \
--username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \
declare permission vhost="/" user=$RABBITMQ_USERNAME \
configure=".*" write=".*" read=".*"
# Using new user creadential, list current rabbitmq users
rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \
--username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \
list users
# Using new user creadential, list permissions
rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \
--username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \
list permissions
{{- end }}

View File

@ -54,4 +54,6 @@ data:
{{ tuple "bin/_ironic-conductor-http.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ironic-conductor-http.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ironic-conductor-http-init.sh: | ironic-conductor-http-init.sh: |
{{ tuple "bin/_ironic-conductor-http-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ironic-conductor-http-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "ironic" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ironic" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -39,6 +39,7 @@ images:
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ironic_api: docker.io/openstackhelm/ironic:newton ironic_api: docker.io/openstackhelm/ironic:newton
ironic_conductor: docker.io/openstackhelm/ironic:newton ironic_conductor: docker.io/openstackhelm/ironic:newton
ironic_pxe: docker.io/openstackhelm/ironic:newton ironic_pxe: docker.io/openstackhelm/ironic:newton
@ -209,6 +210,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
manage_cleaning_network: manage_cleaning_network:
services: services:
- endpoint: internal - endpoint: internal
@ -222,6 +227,9 @@ secrets:
oslo_db: oslo_db:
admin: ironic-db-admin admin: ironic-db-admin
ironic: ironic-db-user ironic: ironic-db-user
oslo_messaging:
admin: ironic-rabbitmq-admin
ironic: ironic-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -336,9 +344,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
ironic: admin:
username: rabbitmq username: rabbitmq
password: password password: password
ironic:
username: ironic
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -348,6 +359,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
network: network:
name: neutron name: neutron
hosts: hosts:
@ -457,6 +470,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -477,9 +497,11 @@ manifests:
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_manage_cleaning_network: true job_manage_cleaning_network: true
job_rabbit_init: true
pdb_api: true pdb_api: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_api: true service_api: true
service_ingress_api: true service_ingress_api: true
statefulset_conductor: true statefulset_conductor: true

View File

@ -45,4 +45,6 @@ data:
{{ tuple "bin/_domain-manage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_domain-manage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
domain-manage.sh: | domain-manage.sh: |
{{ tuple "bin/_domain-manage.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_domain-manage.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "keystone" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -35,6 +35,7 @@ images:
keystone_db_sync: docker.io/openstackhelm/keystone:newton keystone_db_sync: docker.io/openstackhelm/keystone:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
keystone_fernet_setup: docker.io/openstackhelm/keystone:newton keystone_fernet_setup: docker.io/openstackhelm/keystone:newton
keystone_fernet_rotate: docker.io/openstackhelm/keystone:newton keystone_fernet_rotate: docker.io/openstackhelm/keystone:newton
keystone_credential_setup: docker.io/openstackhelm/keystone:newton keystone_credential_setup: docker.io/openstackhelm/keystone:newton
@ -111,6 +112,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
domain_manage: domain_manage:
services: services:
- endpoint: internal - endpoint: internal
@ -223,6 +228,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -734,6 +746,9 @@ secrets:
oslo_db: oslo_db:
admin: keystone-db-admin admin: keystone-db-admin
keystone: keystone-db-user keystone: keystone-db-user
oslo_messaging:
admin: keystone-rabbitmq-admin
keystone: keystone-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -794,9 +809,12 @@ endpoints:
oslo_messaging: oslo_messaging:
namespace: null namespace: null
auth: auth:
keystone: admin:
username: rabbitmq username: rabbitmq
password: password password: password
keystone:
username: keystone
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -806,6 +824,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
namespace: null namespace: null
hosts: hosts:
@ -830,11 +850,13 @@ manifests:
job_db_drop: false job_db_drop: false
job_domain_manage: true job_domain_manage: true
job_fernet_setup: true job_fernet_setup: true
job_rabbit_init: true
pdb_api: true pdb_api: true
pod_rally_test: true pod_rally_test: true
secret_credential_keys: true secret_credential_keys: true
secret_db: true secret_db: true
secret_fernet_keys: true secret_fernet_keys: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true service_ingress_api: true
service_api: true service_api: true

View File

@ -42,4 +42,6 @@ data:
{{ tuple "bin/_magnum-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_magnum-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
magnum-conductor.sh: | magnum-conductor.sh: |
{{ tuple "bin/_magnum-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_magnum-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "magnum" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -36,6 +36,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
magnum_db_sync: docker.io/openstackhelm/magnum:newton magnum_db_sync: docker.io/openstackhelm/magnum:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -186,7 +187,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
# Names of secrets used by bootstrap and environmental checks # Names of secrets used by bootstrap and environmental checks
secrets: secrets:
identity: identity:
@ -195,6 +199,9 @@ secrets:
oslo_db: oslo_db:
admin: magnum-db-admin admin: magnum-db-admin
magnum: magnum-db-user magnum: magnum-db-user
oslo_messaging:
admin: magnum-rabbitmq-admin
magnum: magnum-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -275,9 +282,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
magnum: admin:
username: rabbitmq username: rabbitmq
password: password password: password
magnum:
username: magnum
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -287,6 +297,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
pod: pod:
user: user:
@ -391,6 +403,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -411,9 +430,11 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_api: true pdb_api: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_api: true service_api: true
service_ingress_api: true service_ingress_api: true
statefulset_conductor: true statefulset_conductor: true

View File

@ -46,4 +46,6 @@ data:
{{ tuple "bin/_mistral-event-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_mistral-event-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
mistral-executor.sh: | mistral-executor.sh: |
{{ tuple "bin/_mistral-executor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_mistral-executor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "mistral" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -43,6 +43,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
mistral_db_sync: docker.io/kolla/ubuntu-source-mistral-api:3.0.3 mistral_db_sync: docker.io/kolla/ubuntu-source-mistral-api:3.0.3
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -139,6 +140,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
# Names of secrets used by bootstrap and environmental checks # Names of secrets used by bootstrap and environmental checks
secrets: secrets:
@ -148,6 +153,9 @@ secrets:
oslo_db: oslo_db:
admin: mistral-db-admin admin: mistral-db-admin
mistral: mistral-db-user mistral: mistral-db-user
oslo_messaging:
admin: mistral-rabbitmq-admin
mistral: mistral-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -220,9 +228,12 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
mistral: admin:
username: rabbitmq username: rabbitmq
password: password password: password
mistral:
username: mistral
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -232,6 +243,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
hosts: hosts:
default: memcached default: memcached
@ -434,6 +447,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -455,9 +475,11 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_api: true pdb_api: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true service_ingress_api: true
service_api: true service_api: true
statefulset_engine: true statefulset_engine: true

View File

@ -63,4 +63,6 @@ data:
{{ tuple "bin/_neutron-openvswitch-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-openvswitch-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server.sh: | neutron-server.sh: |
{{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "neutron" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -26,6 +26,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
neutron_db_sync: docker.io/openstackhelm/neutron:newton neutron_db_sync: docker.io/openstackhelm/neutron:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -157,6 +158,8 @@ dependencies:
service: oslo_db service: oslo_db
dhcp: dhcp:
daemonset: null daemonset: null
jobs:
- neutron-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -178,8 +181,14 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
l3: l3:
daemonset: null daemonset: null
jobs:
- neutron-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -188,6 +197,8 @@ dependencies:
- endpoint: internal - endpoint: internal
service: compute service: compute
lb_agent: lb_agent:
jobs:
- neutron-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -195,6 +206,8 @@ dependencies:
service: network service: network
metadata: metadata:
daemonset: null daemonset: null
jobs:
- neutron-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -205,6 +218,8 @@ dependencies:
- endpoint: public - endpoint: public
service: compute_metadata service: compute_metadata
ovs_agent: ovs_agent:
jobs:
- neutron-rabbit-init
daemonset: daemonset:
- openvswitch-vswitchd - openvswitch-vswitchd
- openvswitch-db - openvswitch-db
@ -218,6 +233,7 @@ dependencies:
- neutron-db-sync - neutron-db-sync
- neutron-ks-user - neutron-ks-user
- neutron-ks-endpoints - neutron-ks-endpoints
- neutron-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
@ -367,6 +383,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync: db_sync:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -1040,6 +1063,9 @@ secrets:
oslo_db: oslo_db:
admin: neutron-db-admin admin: neutron-db-admin
neutron: neutron-db-user neutron: neutron-db-user
oslo_messaging:
admin: neutron-rabbitmq-admin
neutron: neutron-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1065,9 +1091,12 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
neutron: admin:
username: rabbitmq username: rabbitmq
password: password password: password
neutron:
username: neutron
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -1077,6 +1106,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
hosts: hosts:
default: memcached default: memcached
@ -1197,9 +1228,11 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_server: true pdb_server: true
pod_rally_test: true pod_rally_test: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_server: true service_ingress_server: true
service_server: true service_server: true

View File

@ -79,4 +79,6 @@ data:
{{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
cell-setup.sh: | cell-setup.sh: |
{{ tuple "bin/_cell-setup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_cell-setup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "nova" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -65,6 +65,7 @@ images:
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.2.1' dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.2.1'
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -199,6 +200,7 @@ dependencies:
- nova-db-sync - nova-db-sync
- nova-ks-user - nova-ks-user
- nova-ks-endpoints - nova-ks-endpoints
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -217,6 +219,7 @@ dependencies:
cell_setup: cell_setup:
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -231,6 +234,7 @@ dependencies:
- libvirt - libvirt
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -243,6 +247,7 @@ dependencies:
compute_ironic: compute_ironic:
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -257,6 +262,7 @@ dependencies:
conductor: conductor:
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -269,6 +275,7 @@ dependencies:
consoleauth: consoleauth:
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -306,6 +313,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
novncproxy: novncproxy:
jobs: jobs:
- nova-db-sync - nova-db-sync
@ -315,6 +326,7 @@ dependencies:
scheduler: scheduler:
jobs: jobs:
- nova-db-sync - nova-db-sync
- nova-rabbit-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_messaging service: oslo_messaging
@ -1048,6 +1060,9 @@ secrets:
oslo_db_cell0: oslo_db_cell0:
admin: nova-db-api-admin admin: nova-db-api-admin
nova: nova-db-api-user nova: nova-db-api-user
oslo_messaging:
admin: nova-rabbitmq-admin
nova: nova-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1107,9 +1122,12 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
nova: admin:
username: rabbitmq username: rabbitmq
password: password password: password
nova:
username: nova
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -1119,6 +1137,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
oslo_cache: oslo_cache:
hosts: hosts:
default: memcached default: memcached
@ -1493,6 +1513,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync: db_sync:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -1563,6 +1590,7 @@ manifests:
job_db_init_placement: true job_db_init_placement: true
job_db_sync: true job_db_sync: true
job_db_drop: false job_db_drop: false
job_rabbit_init: true
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
@ -1578,6 +1606,7 @@ manifests:
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_keystone_placement: true secret_keystone_placement: true
secret_rabbitmq: true
service_ingress_metadata: true service_ingress_metadata: true
service_ingress_placement: true service_ingress_placement: true
service_ingress_osapi: true service_ingress_osapi: true

View File

@ -42,4 +42,6 @@ data:
{{ tuple "bin/_senlin-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_senlin-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
senlin-engine.sh: | senlin-engine.sh: |
{{ tuple "bin/_senlin-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_senlin-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "senlin" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -36,6 +36,7 @@ images:
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
senlin_db_sync: docker.io/openstackhelm/senlin:newton senlin_db_sync: docker.io/openstackhelm/senlin:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton
@ -198,6 +199,10 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: identity service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
# Names of secrets used by bootstrap and environmental checks # Names of secrets used by bootstrap and environmental checks
secrets: secrets:
@ -207,6 +212,9 @@ secrets:
oslo_db: oslo_db:
admin: senlin-db-admin admin: senlin-db-admin
senlin: senlin-db-user senlin: senlin-db-user
oslo_messaging:
admin: senlin-rabbitmq-admin
senlin: senlin-rabbitmq-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -287,9 +295,12 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
senlin: admin:
username: rabbitmq username: rabbitmq
password: password password: password
senlin:
username: senlin
password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
@ -299,6 +310,8 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
http:
default: 15672
pod: pod:
user: user:
@ -403,6 +416,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -423,9 +443,11 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
job_rabbit_init: true
pdb_api: true pdb_api: true
secret_db: true secret_db: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true service_ingress_api: true
service_api: true service_api: true
statefulset_engine: true statefulset_engine: true

View File

@ -17,13 +17,15 @@
set -xe set -xe
passwords="DB_ADMIN_PASSWORD ELASTICSEARCH_ADMIN_PASSWORD GRAFANA_DB_PASSWORD GRAFANA_SESSION_DB_PASSWORD \ passwords="DB_ADMIN_PASSWORD ELASTICSEARCH_ADMIN_PASSWORD GRAFANA_DB_PASSWORD GRAFANA_SESSION_DB_PASSWORD \
GRAFANA_ADMIN_PASSWORD KIBANA_ADMIN_PASSWORD KEYSTONE_RABBITMQ_PASSWORD KEYSTONE_DB_PASSWORD \ GRAFANA_ADMIN_PASSWORD KIBANA_ADMIN_PASSWORD KEYSTONE_RABBITMQ_ADMIN_PASSWORD KEYSTONE_DB_PASSWORD \
KEYSTONE_ADMIN_PASSWORD SWIFT_USER_PASSWORD GLANCE_RABBITMQ_PASSWORD GLANCE_DB_PASSWORD \ KEYSTONE_ADMIN_PASSWORD SWIFT_USER_PASSWORD GLANCE_RABBITMQ_ADMIN_PASSWORD GLANCE_DB_PASSWORD \
GLANCE_USER_PASSWORD CINDER_RABBITMQ_PASSWORD CINDER_DB_PASSWORD CINDER_USER_PASSWORD \ GLANCE_USER_PASSWORD CINDER_RABBITMQ_ADMIN_PASSWORD CINDER_DB_PASSWORD CINDER_USER_PASSWORD \
NOVA_RABBITMQ_PASSWORD NOVA_DB_PASSWORD NOVA_USER_PASSWORD NOVA_PLACEMENT_USER_PASSWORD \ NOVA_RABBITMQ_ADMIN_PASSWORD NOVA_DB_PASSWORD NOVA_USER_PASSWORD NOVA_PLACEMENT_USER_PASSWORD \
NEUTRON_RABBITMQ_PASSWORD NEUTRON_DB_PASSWORD NEUTRON_USER_PASSWORD HEAT_RABBITMQ_PASSWORD \ NEUTRON_RABBITMQ_ADMIN_PASSWORD NEUTRON_DB_PASSWORD NEUTRON_USER_PASSWORD HEAT_RABBITMQ_ADMIN_PASSWORD \
HEAT_DB_PASSWORD HEAT_USER_PASSWORD HEAT_TRUSTEE_PASSWORD HEAT_STACK_PASSWORD \ HEAT_DB_PASSWORD HEAT_USER_PASSWORD HEAT_TRUSTEE_PASSWORD HEAT_STACK_PASSWORD \
BARBICAN_RABBITMQ_PASSWORD BARBICAN_DB_PASSWORD BARBICAN_USER_PASSWORD OPENSTACK_EXPORTER_USER_PASSWORD" BARBICAN_RABBITMQ_ADMIN_PASSWORD BARBICAN_DB_PASSWORD BARBICAN_USER_PASSWORD OPENSTACK_EXPORTER_USER_PASSWORD \
KEYSTONE_RABBITMQ_USER_PASSWORD GLANCE_RABBITMQ_USER_PASSWORD CINDER_RABBITMQ_USER_PASSWORD NOVA_RABBITMQ_USER_PASSWORD \
NEUTRON_RABBITMQ_USER_PASSWORD HEAT_RABBITMQ_USER_PASSWORD BARBICAN_RABBITMQ_USER_PASSWORD"
for password in $passwords for password in $passwords
do do

View File

@ -212,8 +212,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: keystone-rabbitmq username: keystone-rabbitmq-admin
password: ${KEYSTONE_RABBITMQ_PASSWORD} password: ${KEYSTONE_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: keystone-rabbitmq default: keystone-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -295,9 +295,14 @@ data:
password: ${KEYSTONE_DB_PASSWORD} password: ${KEYSTONE_DB_PASSWORD}
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: keystone-rabbitmq-admin
password: ${KEYSTONE_RABBITMQ_ADMIN_PASSWORD}
keystone: keystone:
username: keystone-rabbitmq username: keystone-rabbitmq-user
password: ${KEYSTONE_RABBITMQ_PASSWORD} password: ${KEYSTONE_RABBITMQ_USER_PASSWORD}
hosts:
default: keystone-rabbitmq
labels: labels:
api: api:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
@ -444,8 +449,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: glance-rabbitmq username: glance-rabbitmq-admin
password: ${GLANCE_RABBITMQ_PASSWORD} password: ${GLANCE_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: glance-rabbitmq default: glance-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -527,9 +532,12 @@ data:
default: glance-memcached default: glance-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: glance-rabbitmq-admin
password: ${GLANCE_RABBITMQ_ADMIN_PASSWORD}
glance: glance:
username: glance-rabbitmq username: glance-rabbitmq-user
password: ${GLANCE_RABBITMQ_PASSWORD} password: ${GLANCE_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: glance-rabbitmq default: glance-rabbitmq
labels: labels:
@ -618,8 +626,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: cinder-rabbitmq username: cinder-rabbitmq-admin
password: ${CINDER_RABBITMQ_PASSWORD} password: ${CINDER_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: cinder-rabbitmq default: cinder-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -701,9 +709,12 @@ data:
default: cinder-memcached default: cinder-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: cinder-rabbitmq-admin
password: ${CINDER_RABBITMQ_ADMIN_PASSWORD}
cinder: cinder:
username: cinder-rabbitmq username: cinder-rabbitmq-user
password: ${CINDER_RABBITMQ_PASSWORD} password: ${CINDER_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: cinder-rabbitmq default: cinder-rabbitmq
labels: labels:
@ -841,8 +852,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: nova-rabbitmq username: nova-rabbitmq-admin
password: ${NOVA_RABBITMQ_PASSWORD} password: ${NOVA_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: nova-rabbitmq default: nova-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -953,9 +964,12 @@ data:
default: nova-memcached default: nova-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: nova-rabbitmq-admin
password: ${NOVA_RABBITMQ_ADMIN_PASSWORD}
nova: nova:
username: nova-rabbitmq username: nova-rabbitmq-user
password: ${NOVA_RABBITMQ_PASSWORD} password: ${NOVA_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: nova-rabbitmq default: nova-rabbitmq
labels: labels:
@ -1065,8 +1079,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: neutron-rabbitmq username: neutron-rabbitmq-admin
password: ${NEUTRON_RABBITMQ_PASSWORD} password: ${NEUTRON_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: neutron-rabbitmq default: neutron-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -1146,9 +1160,12 @@ data:
default: neutron-memcached default: neutron-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: neutron-rabbitmq-admin
password: ${NEUTRON_RABBITMQ_ADMIN_PASSWORD}
neutron: neutron:
username: neutron-rabbitmq username: neutron-rabbitmq-user
password: ${NEUTRON_RABBITMQ_PASSWORD} password: ${NEUTRON_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: neutron-rabbitmq default: neutron-rabbitmq
pod: pod:
@ -1260,8 +1277,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: heat-rabbitmq username: heat-rabbitmq-admin
password: ${HEAT_RABBITMQ_PASSWORD} password: ${HEAT_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: heat-rabbitmq default: heat-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -1343,9 +1360,12 @@ data:
default: heat-memcached default: heat-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: heat-rabbitmq-admin
password: ${HEAT_RABBITMQ_ADMIN_PASSWORD}
heat: heat:
username: heat-rabbitmq username: heat-rabbitmq-user
password: ${HEAT_RABBITMQ_PASSWORD} password: ${HEAT_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: heat-rabbitmq default: heat-rabbitmq
labels: labels:
@ -1429,8 +1449,8 @@ data:
oslo_messaging: oslo_messaging:
auth: auth:
user: user:
username: barbican-rabbitmq username: barbican-rabbitmq-admin
password: ${BARBICAN_RABBITMQ_PASSWORD} password: ${BARBICAN_RABBITMQ_ADMIN_PASSWORD}
hosts: hosts:
default: barbican-rabbitmq default: barbican-rabbitmq
prometheus_rabbitmq_exporter: prometheus_rabbitmq_exporter:
@ -1508,9 +1528,12 @@ data:
default: barbican-memcached default: barbican-memcached
oslo_messaging: oslo_messaging:
auth: auth:
admin:
username: barbican-rabbitmq-admin
password: ${BARBICAN_RABBITMQ_ADMIN_PASSWORD}
barbican: barbican:
username: barbican-rabbitmq username: barbican-rabbitmq-user
password: ${BARBICAN_RABBITMQ_PASSWORD} password: ${BARBICAN_RABBITMQ_USER_PASSWORD}
hosts: hosts:
default: barbican-rabbitmq default: barbican-rabbitmq
labels: labels: