diff --git a/neutron/templates/bin/_post.sh.tpl b/neutron/templates/bin/_post.sh.tpl deleted file mode 100644 index 4bd014133f..0000000000 --- a/neutron/templates/bin/_post.sh.tpl +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ -service_type=network \ -description='Openstack Networking' \ -endpoint_region={{ .Values.keystone.neutron_region_name }} \ -url='{{ tuple "network" "admin" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=admin \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_neutron_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ -service_type=network \ -description='Openstack Networking' \ -endpoint_region={{ .Values.keystone.neutron_region_name }} \ -url='{{ tuple "network" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=internal \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_neutron_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ -service_type=network \ -description='Openstack Networking' \ -endpoint_region={{ .Values.keystone.neutron_region_name }} \ -url='{{ tuple "network" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=public \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_neutron_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_user -a "project=service \ -user={{ .Values.keystone.neutron_user }} \ -password={{ .Values.keystone.neutron_password }} \ -role=admin \ -region_name={{ .Values.keystone.neutron_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_neutron_auth':{{ include "helm-toolkit.keystone_auth" .}}}" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index fe94baa35e..5db74eb60a 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -17,6 +17,12 @@ kind: ConfigMap metadata: name: neutron-bin data: + ks-service.sh: |+ +{{- include "helm-toolkit.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.keystone_user" . | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} neutron-openvswitch-agent.sh: | @@ -27,5 +33,3 @@ data: {{ tuple "bin/_openvswitch-ensure-configured.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} openvswitch-vswitchd.sh: | {{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - post.sh: | -{{ tuple "bin/_post.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} diff --git a/neutron/templates/job-ks-endpoints.yaml b/neutron/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..fae3ea3ce3 --- /dev/null +++ b/neutron/templates/job-ks-endpoints.yaml @@ -0,0 +1,73 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "neutron-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "network" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.neutron_ks_endpoints.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.neutron_ks_endpoints.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.neutron_ks_endpoints.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.neutron_ks_endpoints.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: neutron-bin diff --git a/neutron/templates/job-ks-service.yaml b/neutron/templates/job-ks-service.yaml new file mode 100644 index 0000000000..c013dce6e5 --- /dev/null +++ b/neutron/templates/job-ks-service.yaml @@ -0,0 +1,67 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_service }} +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "network" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.neutron_ks_service.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.neutron_ks_service.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.neutron_ks_service.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.neutron_ks_service.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: neutron-bin diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-ks-user.yaml similarity index 51% rename from neutron/templates/job-post.yaml rename to neutron/templates/job-ks-user.yaml index a8c23e31ca..71983450b3 100644 --- a/neutron/templates/job-post.yaml +++ b/neutron/templates/job-ks-user.yaml @@ -12,12 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "neutron-env-keystone-user" }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} +{{- $dependencies := .Values.dependencies.ks_user }} apiVersion: batch/v1 kind: Job metadata: - name: neutron-post + name: neutron-ks-user spec: template: metadata: @@ -30,29 +32,38 @@ spec: nodeSelector: {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} containers: - - name: neutron-post - image: {{ .Values.images.post }} + - name: neutron-ks-user + image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/post.sh {{- if .Values.resources.enabled }} resources: - limits: - cpu: {{ .Values.resources.jobs.post.limits.cpu | quote }} - memory: {{ .Values.resources.jobs.post.limits.memory | quote }} requests: - cpu: {{ .Values.resources.jobs.post.requests.cpu | quote }} - memory: {{ .Values.resources.jobs.post.requests.memory | quote }} + memory: {{ .Values.resources.neutron_ks_user.requests.memory | quote }} + cpu: {{ .Values.resources.neutron_ks_user.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.neutron_ks_user.limits.memory | quote }} + cpu: {{ .Values.resources.neutron_ks_user.limits.cpu | quote }} {{- end }} - env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + command: + - bash + - /tmp/ks-user.sh volumeMounts: - - name: postsh - mountPath: /tmp/post.sh - subPath: post.sh + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "neutron" +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "helm-toolkit.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.neutron_user_role | quote }} volumes: - - name: postsh + - name: ks-user-sh configMap: name: neutron-bin diff --git a/neutron/templates/secret-keystone-admin.env.yaml b/neutron/templates/secret-keystone-admin.env.yaml new file mode 100644 index 0000000000..4cee2c8767 --- /dev/null +++ b/neutron/templates/secret-keystone-admin.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: neutron-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/neutron/templates/secret-keystone-user.env.yaml b/neutron/templates/secret-keystone-user.env.yaml new file mode 100644 index 0000000000..3faafe1089 --- /dev/null +++ b/neutron/templates/secret-keystone-user.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: neutron-env-keystone-user +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.neutron_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.neutron_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.neutron_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.neutron_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.neutron_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.neutron_password | b64enc | indent 4 }} diff --git a/neutron/values.yaml b/neutron/values.yaml index a5cd3c6d40..e2be5f6677 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -23,6 +23,9 @@ replicas: images: db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton server: quay.io/stackanetes/stackanetes-neutron-server:newton dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:newton metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:newton @@ -30,7 +33,6 @@ images: neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:newton openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest - post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -163,6 +165,8 @@ dependencies: server: jobs: - neutron-db-sync + - neutron-ks-user + - neutron-ks-endpoints service: - rabbitmq - mariadb @@ -170,40 +174,27 @@ dependencies: - memcached dhcp: service: - - neutron-server - rabbitmq + - neutron-server - nova-api - jobs: - - neutron-db-init - - nova-post daemonset: - ovs-agent metadata: service: - rabbitmq + - neutron-server - nova-api - jobs: - - neutron-db-init - - nova-post daemonset: - ovs-agent ovs_agent: - jobs: - - neutron-post - - nova-post service: - - keystone-api - rabbitmq - neutron-server l3: service: - - neutron-server - rabbitmq + - neutron-server - nova-api - jobs: - - nova-db-init - - neutron-db-init - - nova-post daemonset: - ovs-agent db_sync: @@ -216,11 +207,6 @@ dependencies: - mariadb-seed service: - mariadb - post: - service: - - keystone-api - jobs: - - neutron-db-sync resources: enabled: false