openstack/openstack-helm
Code Issues Proposed changes

Merge branch 'master' into config_neutron

Browse Source
This commit is contained in:
Alan Meadows 2017-04-10 13:32:52 -07:00
commit 68e53c38fc
160 changed files with 13462 additions and 1806 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -5,3 +5,5 @@
.idea/
**/_partials.tpl
**/_globals.tpl
dev/.vagrant
dev/*.log

10
Makefile
View File

@ -12,15 +12,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
.PHONY: ceph bootstrap mariadb etcd postgresql keystone memcached rabbitmq helm-toolkit neutron nova cinder heat maas all clean
.PHONY: ceph bootstrap mariadb etcd keystone memcached rabbitmq helm-toolkit neutron nova cinder heat all clean
B64_DIRS := helm-toolkit/secrets
B64_EXCLUDE := $(wildcard helm-toolkit/secrets/*.b64)
CHARTS := ceph mariadb etcd postgresql rabbitmq memcached keystone glance horizon neutron nova cinder heat maas
CHARTS := ceph mariadb etcd rabbitmq memcached keystone glance horizon neutron nova cinder heat
TOOLKIT_TPL := helm-toolkit/templates/_globals.tpl
all: helm-toolkit ceph bootstrap mariadb etcd postgresql rabbitmq memcached keystone glance horizon neutron nova cinder heat maas
all: helm-toolkit ceph bootstrap mariadb etcd rabbitmq memcached keystone glance horizon neutron nova cinder heat
helm-toolkit: build-helm-toolkit
@ -33,8 +33,6 @@ mariadb: build-mariadb
etcd: build-etcd
postgresql: build-postgresql
keystone: build-keystone
cinder: build-cinder
@ -51,8 +49,6 @@ nova: build-nova
heat: build-heat
maas: build-maas
memcached: build-memcached
clean:

36
cinder/templates/bin/_db-init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.cinder_database_name }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.cinder_user }}' \
password='{{ .Values.database.cinder_password }}' \
host='%' \
priv='{{ .Values.database.cinder_database_name }}.*:ALL' \
append_privs='yes'"

8
maas/Chart.yaml → cinder/templates/bin/_db-sync.sh.tpl Executable file → Normal file
View File

@ -1,3 +1,5 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@ -12,6 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
description: Chart to run MaaS
name: maas
version: 0.1.0
set -ex
cinder-manage db sync

6
cinder/templates/configmap-bin.yaml
View File

@ -17,8 +17,10 @@ kind: ConfigMap
metadata:
name: cinder-bin
data:
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+

4
cinder/templates/deployment-api.yaml
View File

@ -60,10 +60,10 @@ spec:
- /etc/cinder/conf
ports:
- name: c-api
containerPort: {{ .Values.network.port.api }}
containerPort: {{ .Values.network.api.port }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.api }}
port: {{ .Values.network.api.port }}
volumeMounts:
- name: pod-etc-cinder
mountPath: /etc/cinder

4
cinder/templates/etc/_cinder.conf.tpl
View File

@ -22,7 +22,7 @@ volume_name_template = %s
osapi_volume_workers = {{ .Values.api.workers }}
osapi_volume_listen = 0.0.0.0
osapi_volume_listen_port = {{ .Values.network.port.api }}
osapi_volume_listen_port = {{ .Values.network.api.port }}
api_paste_config = /etc/cinder/api-paste.ini
@ -40,7 +40,7 @@ os_region_name = {{ .Values.keystone.cinder_region_name }}
host=cinder-volume-worker
[database]
connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

36
cinder/templates/job-db-init.yaml
View File

@ -43,17 +43,37 @@ spec:
cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: cinder-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/cinder/cinder.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/db-init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: dbinitsh
mountPath: /tmp/db-init.sh
subPath: db-init.sh
- name: cinder-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etccinder
mountPath: /etc/cinder
- name: cinderconf
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
readOnly: true
volumes:
- name: dbinitsh
- name: etccinder
emptyDir: {}
- name: cinderconf
configMap:
name: cinder-etc
- name: cinder-bin
configMap:
name: cinder-bin

25
cinder/templates/job-db-sync.yaml
View File

@ -43,22 +43,25 @@ spec:
cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }}
{{- end }}
command:
- cinder-manage
args:
- --config-dir
- /etc/cinder/conf
- db
- sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: pod-etc-cinder
- name: cinder-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etccinder
mountPath: /etc/cinder
- name: cinderconf
mountPath: /etc/cinder/conf/cinder.conf
- name: cinderapiconf
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
readOnly: true
volumes:
- name: pod-etc-cinder
- name: etccinder
emptyDir: {}
- name: cinderconf
- name: cinderapiconf
configMap:
name: cinder-etc
- name: cinder-bin
configMap:
name: cinder-bin

7
cinder/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: cinder-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

8
cinder/templates/service-api.yaml
View File

@ -18,6 +18,12 @@ metadata:
name: cinder-api
spec:
ports:
- port: {{ .Values.network.port.api }}
- port: {{ .Values.network.api.port }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
selector:
app: cinder-api
{{ if .Values.network.api.node_port.enabled }}
type: NodePort
{{ end }}

37
cinder/values.yaml
View File

@ -27,15 +27,15 @@ labels:
node_selector_value: enabled
images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
db_init: quay.io/stackanetes/stackanetes-cinder-api:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
api: quay.io/stackanetes/stackanetes-cinder-api:newton
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
pull_policy: "IfNotPresent"
upgrades:
@ -62,17 +62,12 @@ keystone:
cinder_region_name: "RegionOne"
network:
port:
api: 8776
database:
address: mariadb
port: 3306
root_user: root
root_password: password
cinder_database_name: cinder
cinder_password: password
cinder_user: cinder
api:
name: "cinder-api"
port: 8776
node_port:
enabled: false
port: 30877
ceph:
enabled: true
@ -199,6 +194,20 @@ endpoints:
scheme: 'http'
port:
api: 8776
oslo_db:
auth:
admin:
username: root
password: password
user:
username: cinder
password: password
hosts:
default: mariadb
path: /cinder
scheme: mysql+pymysql
port:
mysql: 3306
resources:
enabled: false

43
dev/README.md Normal file
View File

@ -0,0 +1,43 @@
# Development Environment Setup
## Requirements
* Hardware
* 16GB RAM
* 32GB HDD Space
* Software
* Vagrant >= 1.8.0
* VirtualBox >= 5.1.0
* Kubectl
* Helm
* Git
## Deploy
* Make sure you are in the directory containing the Vagrantfile before running the following commands.
### Create VM
``` bash
vagrant up --provider virtualbox
```
### Deploy NFS Provisioner for development PVCs
``` bash
vagrant ssh --command "sudo docker exec kubeadm-aio kubectl create -R -f /opt/nfs-provisioner/"
```
### Setup Clients and deploy Helm's tiller
``` bash
./setup-dev-host.sh
```
### Label VM node(s) for OpenStack-Helm Deployment
``` bash
kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack
kubectl label nodes openvswitch=enabled --all --namespace=openstack
kubectl label nodes openstack-compute-node=enabled --all --namespace=openstack
```

112
dev/Vagrantfile vendored Normal file
View File

@ -0,0 +1,112 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# NOTE: Variable overrides are in ./config.rb
require "yaml"
require "fileutils"
# Use a variable file for overrides:
CONFIG = File.expand_path("config.rb")
if File.exist?(CONFIG)
require CONFIG
end
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = $vm_image
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a private network, which allows host-only access to the machine
# using a specific IP.
config.vm.network "private_network", ip: "192.168.33.10"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
config.vm.synced_folder "../", "/opt/openstack-helm"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
config.vm.provider "virtualbox" do |vb|
# Display the VirtualBox GUI when booting the machine
vb.gui = false
# Customize the amount of memory on the VM:
vb.memory = $ram
# Customize the number of vCPUs in the VM:
vb.cpus = $vcpu_cores
# Set the size of the VM's docker disk:
unless File.exist?('.vagrant/machines/default/openstack-helm-storage.vdi')
vb.customize ['createhd', '--filename', '.vagrant/machines/default/openstack-helm-storage', '--size', $docker_disk]
end
vb.customize ['storageattach', :id, '--storagectl', 'SCSI', '--port', 2, '--device', 0, '--type', 'hdd', '--medium', '.vagrant/machines/default/openstack-helm-storage.vdi']
# Set the size of the VM's PVC disk:
unless File.exist?('.vagrant/machines/default/openstack-helm-storage-kube-pvc.vdi')
vb.customize ['createhd', '--filename', '.vagrant/machines/default/openstack-helm-storage-kube-pvc', '--size', $pvc_disk]
end
vb.customize ['storageattach', :id, '--storagectl', 'SCSI', '--port', 3, '--device', 0, '--type', 'hdd', '--medium', '.vagrant/machines/default/openstack-helm-storage-kube-pvc.vdi']
end
# Enable provisioning with a shell script.
config.vm.provision "shell", inline: <<-SHELL
# Setup docker storage
mkfs.xfs /dev/disk/by-path/pci-0000\:00\:14.0-scsi-0\:0\:2\:0 -f -L docker-srg
mkdir -p /var/lib/docker
echo "LABEL=docker-srg /var/lib/docker xfs defaults 0 0" >> /etc/fstab
# Setup kubelet pvc storage
mkfs.xfs /dev/disk/by-path/pci-0000\:00\:14.0-scsi-0\:0\:3\:0 -f -L kube-srg
mkdir -p /var/lib/nfs-provisioner
echo "LABEL=kube-srg /var/lib/nfs-provisioner xfs defaults 0 0" >> /etc/fstab
# Mount Storage
mount -a
# Install requirements
apt-get update
apt-get install -y \
docker.io \
nfs-common
# Setup kubelet lib as shared mount
mkdir -p /var/lib/kublet
mount --bind /var/lib/kublet /var/lib/kublet
mount --make-shared /var/lib/kublet
# Run AIO container
docker run \
-dt \
--name=kubeadm-aio \
--net=host \
--security-opt=seccomp:unconfined \
--cap-add=SYS_ADMIN \
--tmpfs=/run \
--tmpfs=/run/lock \
--volume=/etc/machine-id:/etc/machine-id:ro \
--volume=/home:/home:rw \
--volume=/etc/kubernetes:/etc/kubernetes:rw \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--volume=/var/run/docker.sock:/run/docker.sock \
--env KUBE_BIND_DEV=enp0s8 \
--env KUBELET_CONTAINER=quay.io/attcomdev/kubeadm-aio:v1.5.6 \
quay.io/attcomdev/kubeadm-aio:v1.5.6
SHELL
end

6
dev/config.rb Normal file
View File

@ -0,0 +1,6 @@
# VM Specs
$vm_image = "ubuntu/xenial64"
$docker_disk = 20480
$pvc_disk = 10240
$vcpu_cores = 4
$ram = 8192

17
dev/setup-dev-host.sh Executable file
View File

@ -0,0 +1,17 @@
#!/usr/bin/env bash
set -e
# Setting up kubectl creds
mkdir -p ${HOME}/.kube
if [ -f ${HOME}/.kube/config ]; then
echo "Previous kube config found, backing it up"
mv -v ${HOME}/.kube/config ${HOME}/.kube/config.$(date "+%F-%T")
fi
echo "Getting kubeconfig from kube1"
vagrant ssh default -c "sudo cat /etc/kubernetes/admin.conf" > ${HOME}/.kube/config
# Setting up helm client if present
if which helm 2>/dev/null; then
helm init
fi
echo "clients should now be ready to access the Kubernetes cluster"

0
docs/appendix/resources-helm.md Normal file
View File

0
docs/appendix/resources-kubernetes.md Normal file
View File

1
docs/guides-developer/dev-helm/function-endpoints.md
View File

@ -1 +0,0 @@
# TBD

1
docs/guides-developer/dev-helm/function-hosts.md
View File

@ -1 +0,0 @@
# TBD

2
docs/guides-developer/dev-helm/helm-toolkit.md
View File

@ -1 +1 @@
# TBD
# Overview: Helm-Toolkit

17
docs/guides-developer/dev-helm/readme.md
View File

@ -1,8 +1,11 @@
# Openstack-Helm development
# Openstack-Helm: Helm Development
## Conceptual Guides: Kubernetes
#### [Helm-Toolkit](helm-toolkit.md)
##### [User Registration](registration-user.md)
##### [Domain Registration](registration-domain.md)
##### [Service Registration](registration-service.md)
##### [Endpoint Registration](registration-endpoint.md)
- [Helm-Toolkit Overview](helm-toolkit.md) - Overview of Helm-Toolkit
- [User Registration](registration-user.md)
- [Domain Registration](registration-domain.md)
- [Host Registration](registration-host.md)
- [Service Registration](registration-service.md)
- [Endpoint Registration](registration-endpoint.md)
- [Tips and Tricks](tips-development.md) - Suggestions and Tips for Development of Openstack-Helm
# Overview

2
docs/guides-developer/dev-helm/registration-domain.md
View File

@ -1 +1 @@
# TBD
# Registration: Domains

2
docs/guides-developer/dev-helm/registration-endpoint.md
View File

@ -1 +1 @@
# TBD
# Registration: Endpoints

1
docs/guides-developer/dev-helm/registration-host.md Normal file
View File

@ -0,0 +1 @@
# Registration: Hosts

2
docs/guides-developer/dev-helm/registration-service.md
View File

@ -1 +1 @@
# TBD
# Registration: Services

2
docs/guides-developer/dev-helm/registration-user.md
View File

@ -1 +1 @@
# TBD
# Registration: Users

2
docs/guides-developer/dev-helm/tips-development.md
View File

@ -1 +1 @@
# TBD
# Development: Tips and Tricks

1
docs/guides-developer/dev-kubernetes/considerations.md Normal file
View File

@ -0,0 +1 @@
# Openstack-Helm: Kubernetes Development Considerations

21
docs/guides-developer/readme.md
View File

@ -1 +1,22 @@
# Table of Contents
- [Getting Started](getting-started/readme.md) - Development Philosophies
- [Default Values](getting-started/gs-values.md)
- [Chart Overrides](getting-started/gs-overrides.md)
- [Replica Guidelines](getting-started/gs-replicas.md)
- [Image Guidelines](getting-started/gs-images.md)
- [Resource Guidelines](getting-started/gs-resources.md)
- [Labeling Guidelines](getting-started/gs-labels.md)
- [Endpoint Considerations](getting-started/gs-endpoints.md)
- [Helm Upgrades Considerations](getting-started/gs-upgrades.md)
- [Using Conditionals](getting-started/gs-conditionals.md)
- [Helm Development Handbook](dev-helm/readme.md) - Hands-On Development Guide
- [Helm-Toolkit Overview](dev-helm/helm-toolkit.md) - Overview of Helm-Toolkit
- [User Registration](dev-helm/registration-user.md)
- [Domain Registration](dev-helm/registration-domain.md)
- [Host Registration](dev-helm/registration-host.md)
- [Service Registration](dev-helm/registration-service.md)
- [Endpoint Registration](dev-helm/registration-endpoint.md)
- [Tips and Tricks](dev-helm/tips-development.md) - Suggestions and Tips for Development of Openstack-Helm
- [Kubernetes Development Handbook](dev-kubernetes/readme.md)
- *More coming soon*

2
docs/guides-install/install-minikube.md → docs/guides-install/developer/install-minikube.md
View File

@ -1,4 +1,4 @@
# Development of Openstack-Helm
# Openstack-Helm: Minikube Deployment
Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcome to contribute to this project. Below are some instructions and suggestions to help you get started.

41
docs/guides-install/developer/install-vagrant.md Normal file
View File

@ -0,0 +1,41 @@
# Openstack-Helm: Vagrant Deployment
**Requirements:**
- Hardware
- 16GB RAM
- 32GB HDD Space
- Software
- Vagrant >= 1.8.0
- VirtualBox >= 5.1.0
- Kubectl
- Helm
- Git
## Deploy
Make sure you are in the directory containing the Vagrantfile before running the following commands.
## Create VM
vagrant up --provider virtualbox
## Deploy NFS Provisioner for development PVCs
```
vagrant ssh --command "sudo docker exec kubeadm-aio kubectl create -R -f /opt/nfs-provisioner/"
```
## Setup Clients and deploy Helm's tiller
```
./setup-dev-host.sh
```
## Label VM node(s) for OpenStack-Helm Deployment
```
kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack
kubectl label nodes openvswitch=enabled --all --namespace=openstack
kubectl label nodes openstack-compute-node=enabled --all --namespace=openstack
```

3
docs/guides-install/developer/readme.md Normal file
View File

@ -0,0 +1,3 @@
# Openstack-Helm: Development environments
- [Minikube](install-minikube.md)
- [Vagrant](install-vagrant.md)

1
docs/guides-install/install-development.md Normal file
View File

@ -0,0 +1 @@
# Development: Getting Started

13
docs/guides-install/readme.md
View File

@ -1,6 +1,11 @@
# Installation Guides
## Installation Guides
#### [Development: Minikube](install-minikube.md)
#### [Evaluation: AIO](install-aio.md)
#### [Multinode: Multi-Server](install-multinode.md)
- [Development: Getting Started](install-development.md)
- [Minikube](developer/install-minikube.md)
- [Vagrant](developer/install-vagrant.md)
- [Evaluation: AIO](install-aio.md)
- [Multinode: Multi-Server](install-multinode.md)
- [Third-Party Tools](third-party-tools/readme.md) - Optional resources for the deployment of Openstack-Helm
- [Armada](third-party-tools/armada.md) - Multi-Chart fetch and deploy tool from AT&T
## Overview

0
docs/guides-install/third-pary-tools/armada.md → docs/guides-install/third-party-tools/armada.md
View File

5
docs/guides-install/third-party-tools/readme.md Normal file
View File

@ -0,0 +1,5 @@
# Third-Party Installation Tools
- [Armada](armada.md) - Multi-Chart fetch and deploy tool from AT&T
## Overview

5
docs/guides-operator/guides-kubernetes/readme.md
View File

@ -1,5 +0,0 @@
# Openstack-Helm development
## Conceptual Guides: Kubernetes
#### [Init Containers](init-containers.md)
#### [User Registration](registration-user.md)

8
docs/guides-operator/guides-security/readme.md
View File

@ -1,8 +0,0 @@
# Table of Contents
## &nbsp;5. Security Guidelines
### &nbsp;&nbsp;&nbsp;5.1 Network Policies
### &nbsp;&nbsp;&nbsp;5.2 Advanced Network Policies
### &nbsp;&nbsp;&nbsp;5.3 Role-Based Access Controls
### &nbsp;&nbsp;&nbsp;5.4 Security Contexts
### &nbsp;&nbsp;&nbsp;5.5 Security Add-Ons

0
docs/guides-operator/guides-helm/helm-addons.md → docs/guides-operator/ops-helm/osh-addons.md
View File

0
docs/guides-operator/ops-helm/osh-operations.md Normal file
View File

0
docs/guides-operator/guides-helm/readme.md → docs/guides-operator/ops-helm/readme.md
View File

0
docs/guides-operator/guides-kubernetes/kb-init-containers.md → docs/guides-operator/ops-kubernetes/kb-init-containers.md
View File

0
docs/guides-operator/guides-kubernetes/kb-jobs.md → docs/guides-operator/ops-kubernetes/kb-jobs.md
View File

5
docs/guides-operator/ops-kubernetes/readme.md Normal file
View File

@ -0,0 +1,5 @@
# Openstack-Helm Operations: Kubernetes
## Conceptual Guides: Kubernetes
- [Init-Containers](kb-init-containers.md)
- [Jobs](kb-jobs.md)

0
docs/guides-operator/guides-network/net-ingress.md → docs/guides-operator/ops-network/net-ingress.md
View File

0
docs/guides-operator/guides-network/net-nodeport.md → docs/guides-operator/ops-network/net-nodeport.md
View File

0
docs/guides-operator/guides-network/readme.md → docs/guides-operator/ops-network/readme.md
View File

7
docs/guides-operator/ops-openstack/os-config/os-config-gen.md Normal file
View File

@ -0,0 +1,7 @@
# Openstack-Helm Operations: Openstack
## Openstack-Helm Configuration Management
### Configuration Overrides
## Oslo Config Generation Tool

3
docs/guides-operator/ops-openstack/readme.md Normal file
View File

@ -0,0 +1,3 @@
# Openstack-Helm Operations: Openstack
## Overview

6
docs/guides-operator/ops-security/readme.md Normal file
View File

@ -0,0 +1,6 @@
# Table of Contents
- [Using Namespaces](sec-namespaces.md)
- [SELinux and SECCOMP](sec-appsec.md)
- [Role-Based Access Control](sec-rbac.md)

1
docs/guides-operator/ops-security/sec-appsec.md Normal file
View File

@ -0,0 +1 @@
# SECCOMP and SELinux

0
docs/guides-operator/guides-security/sec-namespaces.md → docs/guides-operator/ops-security/sec-namespaces.md
View File

0
docs/guides-operator/guides-security/sec-rbac.md → docs/guides-operator/ops-security/sec-rbac.md
View File

21
docs/guides-operator/readme.md Normal file
View File

@ -0,0 +1,21 @@
# Openstack-Helm: Operations Guides
- [Helm Operations](ops-helm/readme.md) - Helm Operator Guides
- [Openstack-Helm Operations](ops-helm/osh-operations.md)
- [Addons and Plugins](ops-helm/osh-addons.md)
- [Kubernetes Operations](ops-kubernetes/readme.md)
- [Init-Containers](ops-kubernetes/kb-init-containers.md)
- [Jobs](ops-kubernetes/kb-jobs.md)
- [Openstack Operations](ops-openstack/readme.md)
- [Config Generation](ops-openstack/os-config/os-config-gen.md) - Openstack-Helm Configuration Management
- [Networking Guides](ops-network/readme.md) - Network Operations
- [Ingress](ops-network/net-ingress.md)
- [Nodeports](ops-network/net-nodeport.md)
- [Security Guides](readme.md) - Security Operations
- [Using Namespaces](ops-security/sec-namespaces.md)
- [SELinux and SECCOMP](ops-security/sec-appsec.md)
- [Role-Based Access Control](ops-security/sec-rbac.md)
- [Troubleshooting Guides](troubleshooting/readme.md)
- [Database Issues](troubleshooting/ts-database.md)
- [Development Issues](troubleshooting/ts-development.md)
- [Networking Issues](troubleshooting/ts-networking.md)
- [Storage Issues](troubleshooting/ts-persistent-storage.md)

0
docs/guides-operator/troubleshooting/ts-minikube.md → docs/guides-operator/troubleshooting/ts-development.md
View File

4
docs/guides-welcome/project-overview.md
View File

@ -1,4 +0,0 @@
## &nbsp;2. Repository Structure
### &nbsp;&nbsp;&nbsp;2.1 Infrastructure Components
### &nbsp;&nbsp;&nbsp;2.2 Openstack-Helm Core Services
### &nbsp;&nbsp;&nbsp;2.3 Openstack-Helm Add-Ons

8
docs/guides-welcome/readme.md
View File

@ -1,6 +1,6 @@
## Table of Contents: Welcome Guide
- [Mission Statement](../readme.me#mission_statement)
- [Overview]](welcome-overview.md)
- [Resiliency]](welcome-resiliency.md)
- [Scaling]](welcome-scaling.md)
- [Mission Statement](../readme.md#mission-statement)
- [Overview](welcome-overview.md)
- [Resiliency](welcome-resiliency.md)
- [Scaling](welcome-scaling.md)

2
docs/guides-welcome/welcome-overview.md
View File

@ -1,3 +1,3 @@
## Project Overview
## Welcome: Project Overview
The goal for OpenStack-Helm is to provide an incredibly customizable *framework* for operators and developers alike. This framework will enable end-users to deploy, maintain, and upgrade a fully functioning OpenStack environment for both simple and complex environments. Administrators or developers can either deploy all or individual OpenStack components along with their required dependencies. It heavily borrows concepts from [Stackanetes](https://github.com/stackanetes/stackanetes) and [other complex Helm application deployments](https://github.com/sapcc/openstack-helm). This project is meant to be a collaborative project that brings Openstack applications into a [Cloud-Native](https://www.cncf.io/about/charter) model.

2
docs/guides-welcome/welcome-resiliency.md
View File

@ -1,4 +1,4 @@
## Resiliency
## Welcome: Resiliency Philosophy
One of the goals of this project is to produce a set of charts that can be used in a production setting to deploy and upgrade OpenStack. To achieve this goal, all components must be resilient, including both OpenStack and Infrastructure components leveraged by this project. In addition, this also includes Kubernetes itself. It is part of our mission to ensure that all infrastructure components are highly available and that a deployment can withstand a physical host failure out of the box. This means that:

2
docs/guides-welcome/welcome-scaling.md
View File

@ -1,4 +1,4 @@
## Scaling
## Welcome: Scaling Philosophy
Scaling is another first class citizen in openstack-helm. We will be working to ensure that we support various deployment models that can support hyperscale, such as:

77
docs/readme.md
View File

@ -10,14 +10,16 @@ Openstack-Helm is a project that provides a flexible, production-grade Kubernet
The documentation provided for Openstack-Helm are provided in the following role-specific guides:
- [Welcome Guide](guides_welcome/readme.md)
- [Mission](guides_welcome/mission.md) - Openstack-Helm Mission Statement
- [Project Overview](guides_welcome/welcome-overview.md)
- [Resiliency Philosophy](guides_welcome/welcome-resiliency.md)
- [Scalability Philosophy](guides_welcome/welcome-scaling.md)
- [Installation Guides](guides-install/readme.md) -
- [Welcome Guide](guides-welcome/readme.md)
- [Mission](#mission-statement) - Openstack-Helm Mission Statement
- [Project Overview](guides-welcome/welcome-overview.md)
- [Resiliency Philosophy](guides-welcome/welcome-resiliency.md)
- [Scalability Philosophy](guides-welcome/welcome-scaling.md)
- [Installation Guides](guides-install/readme.md) - Various Installation Options
- [Developer Installation](guides-install/developer/readme.md) - Environment for Openstack-Helm Development
- [Minikube](guides-install/developer/install-minikube.md)
- [Vagrant](guides-install/developer/install-vagrant.md)
- [All-in-One](guides-install/install-aio.md) - Evaluation of Openstack-Helm
- [Developer Installation](guides-install/install-minikube.md) - Envirnment for Openstack-Helm Development
- [Multinode](guides-install/install-multinode.md) - Multinode or Production Deployments
- [Developer Guides](guides-developer/readme.md) - Resources for Openstack-Helm Developers
- [Getting Started](guides-developer/getting-started/readme.md) - Development Philosophies
@ -30,28 +32,45 @@ The documentation provided for Openstack-Helm are provided in the following role
- [Endpoint Considerations](guides-developer/getting-started/gs-endpoints.md)
- [Helm Upgrades Considerations](guides-developer/getting-started/gs-upgrades.md)
- [Using Conditionals](guides-developer/getting-started/gs-conditionals.md)
- [Helm Development Handbook](guides-developer/install-minikube.md) - Hands-On Development Guide
- [Helm-Toolkit Overview](guides-developer/) - Overview of Helm-Toolkit
- [User Registration](guides-developer/guides-devs-helm/registration-user.md)
- [Domain Registration](guides-developer/guides-devs-helm/registration-domain.md)
- [Host Registration](guides-developer/guides-devs-helm/registration-host.md)
- [Service Registration](guides-developer/guides-devs-helm/registration-service.md)
- [Kubernetes Development Handbook](guides-developer/install-multinode.md) -
- [Helm Development Handbook](guides-developer/readme.md) - Hands-On Development Guide
- [Getting Started](guides-developer/getting-started/readme.md) - Development Philosophies
- [Default Values](guides-developer/getting-started/gs-values.md)
- [Chart Overrides](guides-developer/getting-started/gs-overrides.md)
- [Replica Guidelines](guides-developer/getting-started/gs-replicas.md)
- [Image Guidelines](guides-developer/getting-started/gs-images.md)
- [Resource Guidelines](guides-developer/getting-started/gs-resources.md)
- [Labeling Guidelines](guides-developer/getting-started/gs-labels.md)
- [Endpoint Considerations](guides-developer/getting-started/gs-endpoints.md)
- [Helm Upgrades Considerations](guides-developer/getting-started/gs-upgrades.md)
- [Using Conditionals](guides-developer/getting-started/gs-conditionals.md)
- [Helm-Toolkit Overview](guides-developer/dev-helm/helm-toolkit.md) - Overview of Helm-Toolkit
- [User Registration](guides-developer/dev-helm/registration-user.md)
- [Domain Registration](guides-developer/dev-helm/registration-domain.md)
- [Host Registration](guides-developer/dev-helm/registration-host.md)
- [Endpoint Registration](guides-developer/dev-helm/registration-endpoint.md)
- [Service Registration](guides-developer/dev-helm/registration-service.md)
- [Kubernetes Development Handbook](guides-developer/dev-kubernetes/readme.md)
- [Kubernetes Development Considerations](guides-developer/dev-kubernetes/considerations.md)
- [Operator Guides](guides-operator/readme.md) - Resources for Openstack-Helm Developers
- [Helm Operations](guides-operator/getting-started/readme.md) - Helm Operator Guides
- [Addons and Plugins](guides-operator/getting-started/helm-addons.md)
- [Kubernetes Operations](guides-operator/readme.md)
- [Init Containers](guides-operator/readme.md)
- [Jobs](guides-operator/readme.md)
- [Helm Operations](guides-operator/ops-helm/readme.md) - Helm Operator Guides
- [Openstack-Helm Operations](guides-operator/ops-helm/osh-operations.md)
- [Addons and Plugins](guides-operator/ops-helm/osh-addons.md)
- [Kubernetes Operations](guides-operator/ops-kubernetes/readme.md)
- [Init-Containers](guides-operator/ops-kubernetes/kb-init-containers.md)
- [Jobs](guides-operator/ops-kubernetes/kb-jobs.md)
- [Openstack Operations](guides-operator/readme.md)
- [Config Generation](guides-operator/readme.md) - Openstack-Helm Configuration Management
- [Networking Guides](guides-operator/readme.md) - Network Operations
- [Ingress](guides-operator/readme.md)
- [Nodeports](guides-operator/readme.md)
- [Config Generation](guides-operator/ops-openstack/os-config/os-config-gen.md) - Openstack-Helm Configuration Management
- [Networking Guides](guides-operator/ops-network/readme.md) - Network Operations
- [Ingress](guides-operator/ops-network/net-ingress.md)
- [Nodeports](guides-operator/ops-network/net-nodeport.md)
- [Security Guides](guides-operator/readme.md) - Security Operations
- [Namespace Isolation](guides-operator/readme.md)
- [SELinux and SECCOMP](guides-operator/readme.md)
- [Role-Based Access Control](guides-operator/readme.md)
- [Troubleshooting Guides](charts.md)
- [Appendix A: Helm Resources](charts.md) - Curated List of Helm Resources
- [Appendix B: Kubernetes Resources](charts.md) - Curated List of Kubernetes Resources
- [Using Namespaces](guides-operator/ops-security/sec-namespaces.md)
- [SELinux and SECCOMP](guides-operator/ops-security/sec-appsec.md)
- [Role-Based Access Control](guides-operator/ops-security/sec-rbac.md)
- [Troubleshooting Guides](guides-operator/troubleshooting/readme.md)
- [Database Issues](guides-operator/troubleshooting/ts-database.md)
- [Development Issues](troubleshooting/ts-development.md)
- [Networking Issues](guides-operator/troubleshooting/ts-networking.md)
- [Storage Issues](guides-operator/troubleshooting/ts-persistent-storage.md)
- [Appendix A: Helm Resources](appendix/resources-helm.md) - Curated List of Helm Resources
- [Appendix B: Kubernetes Resources](appendix/resources-kubernetes.md) - Curated List of Kubernetes Resources

41
glance/templates/bin/_bootstrap.sh.tpl Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
{{ if .Values.bootstrap.enabled }}
cd /tmp/images
{{ range .Values.bootstrap.images }}
openstack image show {{ .name | quote }} || \
{ curl -O {{ .source_url }}{{ .image_file }}; \
openstack image create {{ .name | quote }} \
--min-disk {{ .min_disk }} \
--disk-format {{ .image_type }} \
--file {{ .image_file }} \
{{ if .properties -}} {{ range $key, $value := .properties }}--property {{$key}}={{$value}} {{ end }}{{ end -}} \
--container-format {{ .container_format | quote }} \
{{ if .private -}}
--private
{{- else -}}
--public
{{- end -}}; }
{{ end }}
{{ end }}
exit 0

8
postgresql/Chart.yaml → glance/templates/bin/_db-sync.sh.tpl
View File

@ -1,3 +1,5 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@ -12,6 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
description: A Helm chart for postgresql
name: postgresql
version: 0.1.0
set -ex
glance-manage db_sync

32
glance/templates/bin/_init.sh.tpl
View File

@ -1,32 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_database_name }}'"
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_user }}' \
password='{{ .Values.database.glance_password }}' \
host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"

8
glance/templates/configmap-bin.yaml
View File

@ -17,11 +17,15 @@ kind: ConfigMap
metadata:
name: glance-bin
data:
init.sh: |+
{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+
{{- include "helm-toolkit.keystone_endpoints" . | indent 4 }}
ks-user.sh: |+
{{- include "helm-toolkit.keystone_user" . | indent 4 }}
bootstrap.sh: |+
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}

4
glance/templates/deployment-api.yaml
View File

@ -63,10 +63,10 @@ spec:
- --config-file
- /etc/glance/glance-api.conf
ports:
- containerPort: {{ .Values.network.port.api }}
- containerPort: {{ .Values.network.api.port }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.api }}
port: {{ .Values.network.api.port }}
volumeMounts:
- name: etcglance
mountPath: /etc/glance

4
glance/templates/deployment-registry.yaml
View File

@ -55,10 +55,10 @@ spec:
- --config-file
- /etc/glance/glance-registry.conf
ports:
- containerPort: {{ .Values.network.port.registry }}
- containerPort: {{ .Values.network.registry.port }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.registry }}
port: {{ .Values.network.registry.port }}
volumeMounts:
- name: etcglance
mountPath: /etc/glance

4
glance/templates/etc/_glance-api.conf.tpl
View File

@ -17,14 +17,14 @@ debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.api }}
bind_port = {{ .Values.network.api.port }}
workers = {{ .Values.misc.workers }}
registry_host = glance-registry
# Enable Copy-on-Write
show_image_direct_url = True
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

4
glance/templates/etc/_glance-registry.conf.tpl
View File

@ -17,11 +17,11 @@ debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.registry }}
bind_port = {{ .Values.network.registry.port }}
workers = {{ .Values.misc.workers }}
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

70
glance/templates/job-bootstrap.yaml Normal file
View File

@ -0,0 +1,70 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }}
apiVersion: batch/v1
kind: Job
metadata:
name: glance-bootstrap
spec:
template:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: glance-bootstrap
image: {{ .Values.images.db_init }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.resources.enabled }}
resources:
limits:
cpu: {{ .Values.resources.jobs.bootstrap.limits.cpu | quote }}
memory: {{ .Values.resources.jobs.bootstrap.limits.memory | quote }}
requests:
cpu: {{ .Values.resources.jobs.bootstrap.requests.cpu | quote }}
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
{{- end }}
env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command:
- bash
- /tmp/bootstrap.sh
volumeMounts:
- name: imagedir
mountPath: /tmp/images
- name: bootstrapsh
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
volumes:
- name: imagedir
emptyDir: {}
- name: bootstrapsh
configMap:
name: glance-bin
- name: glanceapiconf
configMap:
name: glance-etc

37
glance/templates/job-db-init.yaml
View File

@ -43,16 +43,37 @@ spec:
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: glance-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/glance/glance-api.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: initsh
mountPath: /tmp/init.sh
subPath: init.sh
- name: glance-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etcglance
mountPath: /etc/glance
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
volumes:
- name: initsh
- name: etcglance
emptyDir: {}
- name: glanceapiconf
configMap:
name: glance-etc
- name: glance-bin
configMap:
name: glance-bin

16
glance/templates/job-db-sync.yaml
View File

@ -43,13 +43,25 @@ spec:
memory: {{ .Values.resources.jobs.db.requests.memory | quote }}
{{- end }}
command:
- glance-manage
- db_sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: glance-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcglance
mountPath: /etc/glance
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
volumes:
- name: etcglance
emptyDir: {}
- name: glanceapiconf
configMap:
name: glance-etc
- name: glance-bin
configMap:
name: glance-bin

7
glance/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: glance-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

8
glance/templates/service-api.yaml
View File

@ -18,6 +18,12 @@ metadata:
name: glance-api
spec:
ports:
- port: {{ .Values.network.port.api }}
- port: {{ .Values.network.api.port }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: .Values.network.api.node_port.port
{{ end }}
selector:
app: glance-api
{{ if .Values.network.api.node_port.enabled }}
type: NodePort
{{ end }}

8
glance/templates/service-registry.yaml
View File

@ -18,6 +18,12 @@ metadata:
name: glance-registry
spec:
ports:
- port: {{ .Values.network.port.registry }}
- port: {{ .Values.network.registry.port }}
{{ if .Values.network.registry.node_port.enabled }}
nodePort: {{ .Values.network.register.node_port.port }}
{{ end }}
selector:
app: glance-registry
{{ if .Values.network.registry.node_port.enabled }}
type: NodePort
{{ end }}

70
glance/values.yaml
View File

@ -30,7 +30,7 @@ labels:
node_selector_value: enabled
images:
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-glance-api:newton
db_sync: quay.io/stackanetes/stackanetes-glance-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -47,6 +47,21 @@ upgrades:
max_unavailable: 1
max_surge: 3
bootstrap:
enabled: true
images:
ubuntu_precise64:
name: "Ubuntu Precise 64-bit"
source_url: "http://cloud-images.ubuntu.com/precise/current/"
image_file: "precise-server-cloudimg-amd64-disk1.img"
min_disk: 20
image_type: qcow2
container_format: bare
private: true
properties:
hypervisor_type: "qemu"
os_distro: "ubuntu"
keystone:
admin_user: "admin"
admin_user_domain: "default"
@ -64,18 +79,18 @@ keystone:
glance_region_name: "RegionOne"
network:
port:
api: 9292
registry: 9191
database:
address: mariadb
port: 3306
root_user: root
root_password: password
glance_database_name: glance
glance_password: password
glance_user: glance
api:
name: "glance-api"
port: 9292
node_port:
enabled: false
port: 30092
registry:
name: "glance-registry"
port: 9191
node_port:
enabled: false
port: 30091
ceph:
enabled: true
@ -129,6 +144,13 @@ resources:
requests:
memory: "128Mi"
cpu: "500m"
bootstrap:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
dependencies:
db_init:
@ -141,6 +163,14 @@ dependencies:
- glance-db-init
service:
- mariadb
bootstrap:
jobs:
- glance-db-sync
- glance-ks-user
- glance-ks-endpoints
service:
- mariadb
- glance-api
ks_user:
service:
- keystone-api
@ -192,3 +222,17 @@ endpoints:
port:
api: 9292
registry: 9191
oslo_db:
auth:
admin:
username: root
password: password
user:
username: glance
password: password
hosts:
default: mariadb
path: /glance
scheme: mysql+pymysql
port:
mysql: 3306

36
heat/templates/bin/_db-init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.heat_database_name }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.heat_user }}' \
password='{{ .Values.database.heat_password }}' \
host='%' \
priv='{{ .Values.database.heat_database_name }}.*:ALL' \
append_privs='yes'"

9
maas/requirements.yaml → heat/templates/bin/_db-sync.sh.tpl
View File

@ -1,3 +1,5 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@ -12,7 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0
set -ex
heat-manage db_sync

6
heat/templates/configmap-bin.yaml
View File

@ -17,8 +17,10 @@ kind: ConfigMap
metadata:
name: heat-bin
data:
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+

2
heat/templates/etc/_heat.conf.tpl
View File

@ -40,7 +40,7 @@ backend = oslo_cache.memcache_pool
memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}"
[database]
connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

36
heat/templates/job-db-init.yaml
View File

@ -43,17 +43,37 @@ spec:
cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: heat-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/heat/heat.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/db-init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: dbinitsh
mountPath: /tmp/db-init.sh
subPath: db-init.sh
- name: heat-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etcheat
mountPath: /etc/heat
- name: heatapiconf
mountPath: /etc/heat/heat.conf
subPath: heat.conf
readOnly: true
volumes:
- name: dbinitsh
- name: etcheat
emptyDir: {}
- name: heatapiconf
configMap:
name: heat-etc
- name: heat-bin
configMap:
name: heat-bin

24
heat/templates/job-db-sync.yaml
View File

@ -43,21 +43,25 @@ spec:
cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }}
{{- end }}
command:
- heat-manage
args:
- --config-dir
- /etc/heat/conf
- db_sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: pod-etc-heat
- name: heat-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcheat
mountPath: /etc/heat
- name: heatconf
mountPath: /etc/heat/conf/heat.conf
- name: heatapiconf
mountPath: /etc/heat/heat.conf
subPath: heat.conf
readOnly: true
volumes:
- name: pod-etc-heat
- name: etcheat
emptyDir: {}
- name: heatconf
- name: heatapiconf
configMap:
name: heat-etc
- name: heat-bin
configMap:
name: heat-bin

7
heat/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: heat-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

25
heat/values.yaml
View File

@ -30,7 +30,7 @@ labels:
images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: docker.io/kolla/ubuntu-source-heat-api:3.0.1
db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -100,15 +100,6 @@ network:
enabled: false
port: 30003
database:
address: mariadb
port: 3306
root_user: root
root_password: password
heat_database_name: heat
heat_password: password
heat_user: heat
messaging:
hosts: rabbitmq
user: rabbitmq
@ -218,6 +209,20 @@ endpoints:
scheme: 'http'
port:
api: 8003
oslo_db:
auth:
admin:
username: root
password: password
user:
username: heat
password: password
hosts:
default: mariadb
path: /heat
scheme: mysql+pymysql
port:
mysql: 3306
resources:
enabled: false

39
helm-toolkit/templates/_oslo.tpl
View File

@ -1,39 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#-----------------------------------------------
# oslo settings we will dynamically manufacture
#-----------------------------------------------
{{- define "helm-toolkit.oslo_values_setup" -}}
{{ $obj := index . 0 }}
{{ $root := index . 1 }}
# generate database uri and set $conf.conf.oslo.db.connection
{{- if empty $obj.database.oslo.db.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" $root | include "helm-toolkit.authenticated_endpoint_uri_lookup"| set $obj.database.oslo.db "connection" -}}
{{- end -}}
# generate amqp transport uri and set $conf.endpoints.messaging
{{- if empty $obj.default.oslo.messaging.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" $root | include "helm-toolkit.authenticated_endpoint_uri_lookup" | set $obj.default.oslo.messaging "transport_url" -}}
{{- end -}}
# generate memcache host:port and set $conf.endpoints.memcache
{{- if empty $obj.cache.oslo.cache -}}
{{- tuple "oslo_cache" "internal" "memcache" $root | include "helm-toolkit.hostname_endpoint_uri_lookup" | set $obj.cache.oslo.cache "memcache_servers" -}}
{{- end -}}
{{- end -}}

147
helm-toolkit/templates/scripts/_db-init.py.tpl Normal file
View File

@ -0,0 +1,147 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- define "helm-toolkit.db_init" }}
#!/usr/bin/env python
# Creates db and user for an OpenStack Service:
# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain
# SQLAlchemy strings for the root connection to the database and the one you
# wish the service to use. Alternatively, you can use an ini formatted config
# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string
# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by
# OPENSTACK_CONFIG_DB_SECTION.
import os
import sys
import ConfigParser
import logging
from sqlalchemy import create_engine
# Create logger, console handler and formatter
logger = logging.getLogger('OpenStack-Helm DB Init')
logger.setLevel(logging.DEBUG)
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
# Set the formatter and add the handler
ch.setFormatter(formatter)
logger.addHandler(ch)
# Get the connection string for the service db root user
if "ROOT_DB_CONNECTION" in os.environ:
db_connection = os.environ['ROOT_DB_CONNECTION']
logger.info('Got DB root connection')
else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
try:
os_conf = os.environ['OPENSTACK_CONFIG_FILE']
if "OPENSTACK_CONFIG_DB_SECTION" in os.environ:
os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set')
sys.exit(1)
if "OPENSTACK_CONFIG_DB_KEY" in os.environ:
os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set')
sys.exit(1)
config = ConfigParser.RawConfigParser()
logger.info("Using {0} as db config source".format(os_conf))
config.read(os_conf)
logger.info("Trying to load db config from {0}:{1}".format(
os_conf_section, os_conf_key))
user_db_conn = config.get(os_conf_section, os_conf_key)
logger.info("Got config from {0}".format(os_conf))
except:
logger.critical("Tried to load config from {0} but failed.".format(os_conf))
sys.exit(1)
elif "DB_CONNECTION" in os.environ:
user_db_conn = os.environ['DB_CONNECTION']
logger.info('Got config from DB_CONNECTION env var')
else:
logger.critical('Could not get db config, either from config file or env var')
sys.exit(1)
# Root DB engine
try:
root_engine_full = create_engine(db_connection)
root_user = root_engine_full.url.username
root_password = root_engine_full.url.password
drivername = root_engine_full.url.drivername
host = root_engine_full.url.host
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
host, port, root_user))
except:
logger.critical('Could not connect to database as root user')
raise
sys.exit(1)
# User DB engine
try:
user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
password = user_engine.url.password
logger.info('Got user db config')
except:
logger.critical('Could not get user database config')
raise
sys.exit(1)
# Create DB
try:
root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
logger.info("Created database {0}".format(database))
except:
logger.critical("Could not create database {0}".format(database))
raise
sys.exit(1)
# Create DB User
try:
root_engine.execute(
"GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format(
database, user, password))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
raise
sys.exit(1)
# Test connection
try:
connection = user_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format(
host, port, database, user))
except:
logger.critical('Could not connect to database as user')
raise
sys.exit(1)
logger.info('Finished DB Management')
{{- end }}

36
keystone/templates/bin/_init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \
password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \
host='%' \
priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \
append_privs='yes'"

6
keystone/templates/configmap-bin.yaml
View File

@ -12,16 +12,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{{ tuple .Values.conf.keystone . | include "helm-toolkit.oslo_values_setup" | trunc 0 }}
apiVersion: v1
kind: ConfigMap
metadata:
name: keystone-bin
data:
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
init.sh: |
{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}

28
keystone/templates/configmap-etc.yaml
View File

@ -12,7 +12,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{{ tuple .Values.conf.keystone . | include "helm-toolkit.oslo_values_setup" | trunc 0 }}
{{- include "keystone.conf.keystone_values_skeleton" .Values.conf.keystone | trunc 0 -}}
{{- if empty .Values.conf.keystone.database.oslo.db.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database.oslo.db "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.default.oslo.messaging.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.cache.oslo.cache -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.hostname_endpoint_uri_lookup" | set .Values.conf.keystone.cache.oslo.cache "memcache_servers" | quote | trunc 0 -}}
{{- end -}}
apiVersion: v1
kind: ConfigMap
@ -21,31 +33,31 @@ metadata:
data:
keystone.conf: |+
{{ if .Values.conf.keystone.override -}}
{{ .Values.conf.keystone.override }}
{{ .Values.conf.keystone.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.keystone.prefix -}}
{{ .Values.conf.keystone.prefix }}
{{ .Values.conf.keystone.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_keystone.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
{{- end }}
{{- if .Values.conf.keystone.append -}}
{{ .Values.conf.keystone.append }}
{{ .Values.conf.keystone.append | indent 4 }}
{{- end }}
keystone-paste.ini: |+
{{ if .Values.conf.paste.override -}}
{{ .Values.conf.paste.override }}
{{ .Values.conf.paste.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.paste.prefix -}}
{{ .Values.conf.paste.prefix }}
{{ .Values.conf.paste.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_keystone-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }}
{{- end }}
{{- if .Values.conf.paste.append -}}
{{ .Values.conf.paste.append }}
{{ .Values.conf.paste.append | indent 4 }}
{{- end }}
policy.json: |+
{{ if .Values.conf.policy.override -}}
{{ .Values.conf.policy.override }}
{{ .Values.conf.policy.override | indent 4 }}
{{- else -}}
{{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
{{- end }}

8
keystone/templates/deployment.yaml
View File

@ -61,9 +61,9 @@ spec:
- /tmp/start.sh
ports:
- name: api-public
containerPort: {{ .Values.network.port.api }}
containerPort: {{ .Values.network.api.port }}
- name: api-admin
containerPort: {{ .Values.network.port.admin }}
containerPort: {{ .Values.network.admin.port }}
lifecycle:
preStop:
exec:
@ -73,8 +73,8 @@ spec:
- graceful-stop
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.api }}
port: {{ .Values.network.api.port }}
volumeMounts:
{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}
volumes:
{{ toYaml $mounts_keystone_api.volumes | indent 8 }}
{{ toYaml $mounts_keystone_api.volumes | indent 8 }}

8
keystone/templates/etc/_wsgi-keystone.conf.tpl
View File

@ -12,13 +12,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
Listen 0.0.0.0:{{ .Values.network.port.api }}
Listen 0.0.0.0:{{ .Values.network.port.admin }}
Listen 0.0.0.0:{{ .Values.network.api.port }}
Listen 0.0.0.0:{{ .Values.network.admin.port }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
<VirtualHost *:{{ .Values.network.port.api }}>
<VirtualHost *:{{ .Values.network.api.port }}>
WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
@ -34,7 +34,7 @@ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-A
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
<VirtualHost *:{{ .Values.network.port.admin }}>
<VirtualHost *:{{ .Values.network.admin.port }}>
WSGIDaemonProcess keystone-admin processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

21
keystone/templates/job-db-init.yaml
View File

@ -36,7 +36,7 @@ spec:
- name: keystone-db-init
image: {{ .Values.images.db_init }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.resources.enabled }}
{{- if .Values.resources.enabled }}
resources:
limits:
cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
@ -45,11 +45,22 @@ spec:
cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
{{- end }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: keystone-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/keystone/keystone.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/init.sh
volumeMounts:
- python
- /tmp/db-init.py
volumeMounts:
{{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
volumes:
{{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}

7
keystone/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: keystone-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

15
keystone/templates/service.yaml
View File

@ -19,8 +19,19 @@ metadata:
spec:
ports:
- name: keystone-api-public
port: {{ .Values.network.port.api }}
port: {{ .Values.network.api.port }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
- name: keystone-api-admin
port: {{ .Values.network.port.admin }}
port: {{ .Values.network.admin.port }}
{{ if .Values.network.admin.node_port.enabled }}
nodePort: {{ .Values.network.admin.node_port.port }}
{{ end }}
selector:
app: keystone-api
selector:
app: keystone-api
{{ if or (.Values.network.api.node_port.enabled) (.Values.network.admin.node_port.enabled) }}
type: NodePort
{{ end }}

49
keystone/values.yaml
View File

@ -24,7 +24,7 @@ labels:
node_selector_value: enabled
images:
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-keystone-api:newton
db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
api: quay.io/stackanetes/stackanetes-keystone-api:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
@ -46,9 +46,18 @@ keystone:
admin_project_name: admin
network:
port:
admin: 35357
api: 5000
api:
name: "keystone-api"
port: 5000
node_port:
enabled: false
port: 30500
admin:
name: "keystone-admin"
port: 35357
node_port:
enabled: false
port: 30357
dependencies:
api:
@ -97,15 +106,27 @@ resources:
mounts:
keystone_db_init:
init_container: null
keystone_db_init:
keystone_db_init:
volumes:
- name: empty
emptyDir: {}
- name: keystone-etc
configMap:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
- name: keystone-etc
mountPath: /etc/keystone/keystone.conf
subPath: keystone.conf
readOnly: true
- name: keystone-bin
mountPath: /tmp/init.sh
subPath: init.sh
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
keystone_db_sync:
init_container: null
keystone_db_sync:
@ -117,7 +138,7 @@ mounts:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
@ -128,7 +149,7 @@ mounts:
- name: keystone-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
readOnly: true
keystone_api:
init_container: null
keystone_api:
@ -140,7 +161,7 @@ mounts:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
@ -171,7 +192,7 @@ mounts:
- name: keystone-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
readOnly: true
conf:
paste:
@ -183,7 +204,7 @@ conf:
keystone:
override:
append:
token:
token:
keystone:
provider: uuid
database:
@ -231,7 +252,7 @@ endpoints:
path: /openstack
scheme: rabbit
port:
amqp: 5672
amqp: 5672
oslo_cache:
hosts:
default: memcache

62
maas/README.md
View File

@ -1,62 +0,0 @@
# aic-helm/maas
This chart installs a working version of MaaS on kubernetes.
### Quickstart
This chart requires a postgresql instance to be running.
To install postgresql:
```
helm install postgresql --namespace=maas
```
Note: Postgresql may take a short time to reach the 'Running' state. Verify that postgresql is running:
```
# kubectl get pods -n maas
NAME READY STATUS RESTARTS AGE
postgresql-0 1/1 Running 0 1m
```
To deploy your MaaS chart:
```
helm install maas --namespace=maas
```
To verify the helm deployment was successful:
```
# helm ls
NAME REVISION UPDATED STATUS CHART
opining-mule 1 Mon Feb 13 22:20:08 2017 DEPLOYED maas-0.1.0
sweet-manatee 1 Mon Feb 13 21:57:41 2017 DEPLOYED postgresql-0.1.0
```
To check that all resources are working as intended:
```
# kubectl get all --namespace=maas
NAME READY STATUS RESTARTS AGE
po/maas-rack-3238195061-tn5fv 1/1 Running 0 11m
po/maas-region-0 1/1 Running 0 11m
po/postgresql-0 1/1 Running 0 34m
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/maas-region-ui 10.105.136.244 <none> 80/TCP,8000/TCP 11m
svc/postgresql 10.107.159.38 <none> 5432/TCP 34m
NAME DESIRED CURRENT AGE
statefulsets/maas-region 1 1 11m
statefulsets/postgresql 1 1 34m
NAME DESIRED SUCCESSFUL AGE
jobs/region-import-resources 1 1 11m
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/maas-rack 1 1 1 1 11m
NAME DESIRED CURRENT READY AGE
rs/maas-rack-3238195061 1 1 1 11m
```

50
maas/templates/bin/_import-boot-resources.sh.tpl
View File

@ -1,50 +0,0 @@
#!/bin/sh
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
function check_for_download {
TIMEOUT={{ .Values.jobs.import_boot_resources.timeout }}
while [[ ${TIMEOUT} -gt 0 ]]; do
if maas {{ .Values.credentials.admin_username }} boot-resources read | grep -q '\[\]';
then
echo 'Did not find boot resources. Will try again'
let TIMEOUT-={{ .Values.jobs.import_boot_resources.retry_timer }}
sleep {{ .Values.jobs.import_boot_resources.retry_timer }}
else
echo 'Boot resources found'
exit 0
fi
done
exit 1
}
maas-region local_config_set \
--database-host "{{ include "helm-toolkit.postgresql_host" . }}" \
--database-name "{{ .Values.database.db_name }}" \
--database-user "{{ .Values.database.db_user }}" \
--database-pass "{{ .Values.database.db_password }}" \
--maas-url "http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}:{{ .Values.network.port.service_gui }}/MAAS"
KEY=$(maas-region apikey --username={{ .Values.credentials.admin_username }})
maas login {{ .Values.credentials.admin_username }} http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/MAAS/ $KEY
# make call to import images
maas {{ .Values.credentials.admin_username }} boot-resources import
# see if we can find > 0 images
sleep {{ .Values.jobs.import_boot_resources.retry_timer }}
check_for_download

20
maas/templates/bin/_job-readiness.sh.tpl
View File

@ -1,20 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
</dev/tcp/{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/{{ .Values.network.port.service_gui }} && \
</dev/tcp/{{ .Values.db_service_name }}.{{ .Release.Namespace }}/{{ .Values.network.port.db_service }} && \
pg_isready -h {{ .Values.db_service_name }}.{{ .Release.Namespace }} && \
maas-region apikey --username={{ .Values.credentials.admin_username }} || exit 1

129
maas/templates/bin/_maas-region-controller.postinst.tpl
View File

@ -1,129 +0,0 @@
#!/bin/sh
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
. /usr/share/debconf/confmodule
db_version 2.0
if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
. /usr/share/dbconfig-common/dpkg/postinst.pgsql
fi
RELEASE=`lsb_release -rs` || RELEASE=""
maas_sync_migrate_db(){
maas-region dbupgrade
}
restart_postgresql(){
invoke-rc.d --force postgresql restart || true
}
configure_maas_default_url() {
local ipaddr="$1"
# The given address is either "[IPv6_IP]" or "IPv4_IP" or "name", such as
# [2001:db8::3:1]:5555 or 127.0.0.1 or maas.example.com.
# The ugly sed splits the given thing as:
# (string of anything but ":", or [ipv6_ip]),
# optionally followed by :port.
local address=$(echo "$ipaddr" |
sed -rn 's/^([^:]*|\[[0-9a-fA-F:]*\])(|:[0-9]*)?$/\1/p')
local port=$(echo "$ipaddr" |
sed -rn 's/^([^:]*|\[[0-9a-fA-F:]*\])(|:[0-9]*)?$/\2/p')
test -n "$port" || port=":80"
ipaddr="${ipaddr}${port}"
maas-region local_config_set --maas-url "http://${ipaddr}/MAAS"
}
extract_default_maas_url() {
# Extract DEFAULT_MAAS_URL IP/host setting from config file $1.
grep "^DEFAULT_MAAS_URL" "$1" | cut -d"/" -f3
}
configure_migrate_maas_dns() {
# This only runs on upgrade. We only run this if the
# there are forwarders to migrate or no
# named.conf.options.inside.maas are present.
maas-region edit_named_options \
--migrate-conflicting-options --config-path \
/etc/bind/named.conf.options
invoke-rc.d bind9 restart || true
}
if [ "$1" = "configure" ] && [ -z "$2" ]; then
#########################################################
########## Configure DEFAULT_MAAS_URL #################
#########################################################
# Obtain IP address of default route and change DEFAULT_MAAS_URL
# if default-maas-url has not been preseeded. Prefer ipv4 addresses if
# present, and use "localhost" only if there is no default route in either
# address family.
db_get maas/default-maas-url
ipaddr="$RET"
if [ -z "$ipaddr" ]; then
ipaddr="{{ .Values.ui_service_name }}.{{ .Release.Namespace }}"
fi
# Set the IP address of the interface with default route
configure_maas_default_url "$ipaddr"
db_subst maas/installation-note MAAS_URL "$ipaddr"
db_set maas/default-maas-url "$ipaddr"
#########################################################
################ Configure Database ###################
#########################################################
# Create the database
dbc_go maas-region-controller $@
maas-region local_config_set \
--database-host {{ include "helm-toolkit.postgresql_host" . | quote }} \
--database-name {{ .Values.database.db_name | quote }} \
--database-user {{ .Values.database.db_user | quote }} \
--database-pass {{ .Values.database.db_password | quote }}
# Only syncdb if we have selected to install it with dbconfig-common.
db_get maas-region-controller/dbconfig-install
if [ "$RET" = "true" ]; then
maas_sync_migrate_db
configure_migrate_maas_dns
fi
db_get maas/username
username="$RET"
if [ -n "$username" ]; then
db_get maas/password
password="$RET"
if [ -n "$password" ]; then
maas-region createadmin --username "$username" --password "$password" --email "$username@maas"
fi
fi
# Display installation note
db_input low maas/installation-note || true
db_go
fi
systemctl enable maas-regiond >/dev/null || true
systemctl restart maas-regiond >/dev/null || true
invoke-rc.d apache2 restart || true
if [ -f /lib/systemd/system/maas-rackd.service ]; then
systemctl restart maas-rackd >/dev/null || true
fi
db_stop

Some files were not shown because too many files have changed in this diff Show More