Merge pull request #148 from larryrensing/maas-region-cleanup

Replace maas systemd service with kubernetes job

common/templates/snippets/_k8s_init_dep_check.tpl

@@ -8,12 +8,16 @@
   "env": [
     {
       "name": "POD_NAME",
+      {{- if $deps.pod -}}
+      "value": "{{ index $deps.pod 0 }}"
+      {{- else -}}
       "valueFrom": {
         "fieldRef": {
           "APIVersion": "v1",
           "fieldPath": "metadata.name"
         }
       }
+      {{- end -}}
     },
     {
       "name": "NAMESPACE",
@@ -40,6 +44,10 @@
       "name": "DEPENDENCY_DAEMONSET",
       "value": "{{  include "joinListWithComma" $deps.daemonset }}"
     },
+    {
+      "name": "DEPENDENCY_CONTAINER",
+      "value": "{{  include "joinListWithComma" $deps.container }}"
+    },
     {
       "name": "COMMAND",
       "value": "echo done"

maas/templates/bin/_import-boot-resources.sh.tpl

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -ex
+
+function check_for_download {
+
+    TIMEOUT={{ .Values.jobs.import_boot_resources.timeout }}
+    while [[ ${TIMEOUT} -gt 0 ]]; do
+        if maas {{ .Values.credentials.admin_username }} boot-resources read | grep -q '\[\]';
+        then
+            echo 'Did not find boot resources.  Will try again'
+            let TIMEOUT-={{ .Values.jobs.import_boot_resources.retry_timer }}
+            sleep {{ .Values.jobs.import_boot_resources.retry_timer }}
+        else
+            echo 'Boot resources found'
+            exit 0
+        fi
+    done
+    exit 1
+}
+
+maas-region local_config_set \
+        --database-host "{{ .Values.db_service_name }}.{{ .Release.Namespace }}" \
+        --database-name "{{ .Values.database.db_name }}" \
+        --database-user "{{ .Values.database.db_user }}" \
+        --database-pass "{{ .Values.database.db_password }}" \
+        --maas-url "http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}:{{ .Values.network.port.service_gui }}/MAAS"
+
+KEY=$(maas-region apikey --username={{ .Values.credentials.admin_username }})
+maas login {{ .Values.credentials.admin_username }} http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/MAAS/ $KEY
+
+# make call to import images
+maas {{ .Values.credentials.admin_username }} boot-resources import
+# see if we can find > 0 images
+sleep {{ .Values.jobs.import_boot_resources.retry_timer }}
+check_for_download

maas/templates/bin/_job-readiness.sh.tpl

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+</dev/tcp/{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/{{ .Values.network.port.service_gui }} && \
+</dev/tcp/{{ .Values.db_service_name }}.{{ .Release.Namespace }}/{{ .Values.network.port.db_service }} && \
+pg_isready -h {{ .Values.db_service_name }}.{{ .Release.Namespace }} && \
+maas-region apikey --username={{ .Values.credentials.admin_username }} || exit 1

maas/templates/bin/_maas-region-controller.postinst.tpl

@@ -62,7 +62,7 @@ if [ "$1" = "configure" ] && [ -z "$2" ]; then
     db_get maas/default-maas-url
     ipaddr="$RET"
     if [ -z "$ipaddr" ]; then
-        ipaddr="maas-region-ui.{{ .Release.Namespace }}"
+        ipaddr="{{ .Values.ui_service_name }}.{{ .Release.Namespace }}"
     fi
     # Set the IP address of the interface with default route
     configure_maas_default_url "$ipaddr"
@@ -79,8 +79,10 @@ if [ "$1" = "configure" ] && [ -z "$2" ]; then
     # Create the database
     dbc_go maas-region-controller $@
     maas-region local_config_set \
-        --database-host "localhost" --database-name "$dbc_dbname" \
-        --database-user "$dbc_dbuser" --database-pass "$dbc_dbpass"
+        --database-host "localhost" \
+        --database-name "{{ .Values.database.db_name }}" \
+        --database-user "{{ .Values.database.db_user }}" \
+        --database-pass "{{ .Values.database.db_password }}"
 
     # Only syncdb if we have selected to install it with dbconfig-common.
     db_get maas-region-controller/dbconfig-install

maas/templates/bin/_register-rack-controller.sh.tpl

@@ -5,19 +5,19 @@ set -ex
 # show env
 env > /tmp/env
 
-echo "register-rack-controller URL: "{{ .Values.service_name }}.{{ .Release.Namespace }}
+echo "register-rack-controller URL: "{{ .Values.ui_service_name }}.{{ .Release.Namespace }}
 
 # note the secret must be a valid hex value
 
 # register forever
 while [ 1 ];
 do
-	if maas-rack register --url=http://{{ .Values.service_name }}.{{ .Release.Namespace }}/MAAS --secret={{ .Values.secret | quote }};
+	if maas-rack register --url=http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/MAAS --secret={{ .Values.secret | quote }};
 	then
 		echo "Successfully registered with MaaS Region Controller"
 		break
 	else
-		echo "Unable to register with http://{{ .Values.service_name }}.{{ .Release.Namespace }}/MAAS... will try again"
+		echo "Unable to register with http://{{ .Values.ui_service_name }}.{{ .Release.Namespace }}/MAAS... will try again"
 		sleep 10
 	fi;
 

maas/templates/bin/_start.sh.tpl

@@ -3,6 +3,12 @@ set -ex
 
 if ! find "/etc/postgresql" -mindepth 1 -print -quit | grep -q .; then
     pg_createcluster 9.5 main
+
+    #allow external connections to postgresql
+    sed -i '/#listen_addresses/s/^#//g' /etc/postgresql/9.5/main/postgresql.conf
+    sed -i '/^listen_addresses/ s/localhost/*/' /etc/postgresql/9.5/main/postgresql.conf
+    sed -i '$ a host all all 0.0.0.0/0 md5' /etc/postgresql/9.5/main/pg_hba.conf
+    sed -i '$ a host all all ::/0 md5' /etc/postgresql/9.5/main/pg_hba.conf
 fi
 
 cp -r /etc/postgresql/9.5/main/*.conf /var/lib/postgresql/9.5/main/
@@ -12,3 +18,5 @@ echo 'running postinst'
 
 chmod 755 /var/lib/dpkg/info/maas-region-controller.postinst
 /bin/sh /var/lib/dpkg/info/maas-region-controller.postinst configure
+
+maas-region createadmin --username={{ .Values.credentials.admin_username }} --password={{ .Values.credentials.admin_password }} --email={{ .Values.credentials.admin_email }} || true

maas/templates/configmap-bin.yaml

@@ -7,5 +7,9 @@ data:
 {{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }}
   maas-region-controller.postinst: |
 {{ tuple "bin/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }}
+  import-boot-resources.sh: |
+{{ tuple "bin/_import-boot-resources.sh.tpl" . | include "template" | indent 4 }}
+  job-readiness.sh: |
+{{ tuple "bin/_job-readiness.sh.tpl" . | include "template" | indent 4 }}
   register-rack-controller.sh: |
 {{ tuple "bin/_register-rack-controller.sh.tpl" . | include "template" | indent 4 }}

maas/templates/configmap-etc.yaml

@@ -7,3 +7,5 @@ data:
 {{ tuple "etc/_region-dns-config.tpl" . | include "template" | indent 4 }}
   secret: |
 {{ tuple "etc/_secret.tpl" . | include "template" | indent 4 }}
+  maas-region-controller.conf: |
+{{ tuple "etc/_postgresql-config.tpl" . | include "template" | indent 4 }}

maas/templates/db-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.db_service_name }}
+  labels:
+    app: db-service
+spec:
+  ports:
+  - port: {{ .Values.network.port.db_service }}
+    targetPort: {{ .Values.network.port.db_service_target }}
+    name: db-service
+  selector:
+    app: maas-region

maas/templates/deploy-region.yaml

@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   name: maas-region
 spec:
-  serviceName: "{{ .Values.service_name }}"
+  serviceName: "{{ .Values.ui_service_name }}"
   template:
     metadata:
       labels:
@@ -13,7 +13,7 @@ spec:
           {
             "name": "init",
             "image": "{{ .Values.images.maas_region }}",
-            "imagePullPolicy": "Always",
+            "imagePullPolicy": "{{ .Values.images.pull_policy }}",
             "command": ["bash", "/tmp/start.sh"],
             "volumeMounts": [
                 {
@@ -41,6 +41,11 @@ spec:
                     "name": "maasregionpostinst",
                     "mountPath": "/var/lib/dpkg/info/maas-region-controller.postinst",
                     "subPath": "maas-region-controller.postinst"
+                },
+                {
+                    "name": "postgresql-defaults",
+                    "mountPath": "/etc/dbconfig-common/maas-region-controller.conf",
+                    "subPath": "maas-region-controller.conf"
                 }
             ]
           }
@@ -62,7 +67,10 @@ spec:
             memory: {{ .Values.resources.maas_region.requests.memory | quote}}
         {{- end }}
         ports:
-        - containerPort: {{ .Values.network.port.region_container }}
+        - name: region-ui
+          containerPort: {{ .Values.network.port.region_container }}
+        - name: postgresql
+          containerPort: {{ .Values.network.port.db_service }}
         readinessProbe:
           tcpSocket:
             port: {{ .Values.network.port.region_container }}
@@ -104,6 +112,9 @@ spec:
         - name: maas-dns-config
           configMap:
             name: maas-etc
+        - name: postgresql-defaults
+          configMap:
+            name: maas-etc
         - name: startsh
           configMap:
             name: maas-bin

maas/templates/etc/_postgresql-config.tpl

@@ -0,0 +1,44 @@
+# dbc_install: configure database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_install='true'
+
+# dbc_upgrade: upgrade database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_upgrade='true'
+
+# dbc_remove: deconfigure database with dbconfig-common?
+#             set to anything but "true" to opt out of assistance
+dbc_remove='true'
+
+# dbc_dbtype: type of underlying database to use
+#	this exists primarily to let dbconfig-common know what database
+#	type to use when a package supports multiple database types.
+#	don't change this value unless you know for certain that this
+#	package supports multiple database types
+dbc_dbtype='pgsql'
+
+# dbc_dbuser: database user
+#	the name of the user who we will use to connect to the database.
+dbc_dbuser='{{ .Values.database.db_user }}'
+
+# dbc_dbpass: database user password
+#	the password to use with the above username when connecting
+#	to a database, if one is required
+dbc_dbpass='{{ .Values.database.db_password }}'
+
+# dbc_dbname: name of database
+#	this is the name of your application's database.
+dbc_dbname='{{ .Values.database.db_name }}'
+
+# dbc_dbadmin: name of the administrative user
+#	this is the administrative user that is used to create all of the above
+#	The exception is the MySQL/MariaDB localhost case, where this value is
+#	ignored and instead is determined from /etc/mysql/debian.cnf.
+dbc_dbadmin='postgres'
+
+# dbc_authmethod_admin: authentication method for admin
+# dbc_authmethod_user: authentication method for dbuser
+#	see the section titled "AUTHENTICATION METHODS" in
+#	/usr/share/doc/dbconfig-common/README.pgsql for more info
+dbc_authmethod_admin='ident'
+dbc_authmethod_user='password'

maas/templates/job-import.yaml

@@ -0,0 +1,48 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.import_resources }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: region-import-resources
+spec:
+  template:
+    metadata:
+      annotations:
+        pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+        ]'
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: region-import-resources
+          image: {{ .Values.images.maas_region }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+          command:
+            - bash
+            - /tmp/import-boot-resources.sh
+          readinessProbe:
+            exec:
+              command:
+                - bash
+                - /tmp/job-readiness.sh
+            initialDelaySeconds: 60
+          volumeMounts:
+            - name: import-boot-resources
+              mountPath: /tmp/import-boot-resources.sh
+              subPath: import-boot-resources.sh
+            - name: job-readiness
+              mountPath: /tmp/job-readiness.sh
+              subPath: job-readiness.sh
+            - name: maas-dns-config
+              mountPath: /etc/bind/named.conf.options
+              subPath: named.conf.options
+      volumes:
+        - name: import-boot-resources
+          configMap:
+            name: maas-bin
+        - name: job-readiness
+          configMap:
+            name: maas-bin
+        - name: maas-dns-config
+          configMap:
+            name: maas-etc

maas/templates/maas-service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.service_name }}
+  name: {{ .Values.ui_service_name }}
   labels:
     app: maas-region-ui
 spec:

maas/values.yaml

@@ -2,11 +2,38 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+credentials:
+  admin_username: admin
+  admin_password: admin
+  admin_email: support@nowhere.com
+
+database:
+  db_name: maasdb
+  db_user: maas
+  db_password: password
+
+dependencies:
+  import_resources:
+    pod:
+    - maas-region-0
+    container:
+    - maas-region
+    service:
+    - maas-region-ui
+    - db-service
+
 images:
-  maas_region: quay.io/attcomdev/maas-region:2.1.2-1
-  maas_rack: quay.io/attcomdev/maas-rack:2.1.2-1
+  maas_region: quay.io/attcomdev/maas-region:2.1.2-2
+  maas_rack: quay.io/attcomdev/maas-rack:2.1.2-2
+  dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
   pull_policy: Always
 
+jobs:
+  import_boot_resources:
+    retry_timer: 10
+    #default timeout: 15 minutes
+    timeout: 900
+
 labels:
   node_selector_key: openstack-control-plane
   node_selector_value: enabled
@@ -18,11 +45,13 @@ network:
     service_gui_target: 80
     service_proxy: 8000
     service_proxy_target: 8000
+    db_service: 5432
+    db_service_target: 5432
 
+ui_service_name: maas-region-ui
+db_service_name: db-service
 secret: 3858f62230ac3c915f300c664312c63f
 
-service_name: maas-region-ui 
-
 resources:
   enabled: false
   maas_rack_controller:
@@ -38,4 +67,4 @@ resources:
       cpu: "500m"
     requests:
       memory: "128Mi"
-      cpu: "500m"
+      cpu: "500m"