openstack/openstack-helm
Code Issues Proposed changes

Merge "Use containerized Openstack client"

Browse Source
This commit is contained in:
Zuul 2024-01-19 19:21:36 +00:00 committed by Gerrit Code Review
commit 7b4fbe601f
5 changed files with 69 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/source/install/setup_openstack_client.rst
View File

@ -15,7 +15,7 @@ client.
cd ~/osh/openstack-helm cd ~/osh/openstack-helm
./tools/deployment/common/setup-client.sh ./tools/deployment/common/setup-client.sh
At this point you have to keep in mind that the above script configures Please keep in mind that the above script configures
OpenStack client so it uses internal Kubernetes FQDNs like OpenStack client so it uses internal Kubernetes FQDNs like
`keystone.openstack.svc.cluster.local`. In order to be able to resolve these `keystone.openstack.svc.cluster.local`. In order to be able to resolve these
internal names you have to configure the Kubernetes authoritative DNS server internal names you have to configure the Kubernetes authoritative DNS server
@ -31,5 +31,26 @@ from outside the Kubernetes cluster, typically achieved through solutions like
have set up proper FQDN resolution to map to the external IP address and have set up proper FQDN resolution to map to the external IP address and
create the necessary Ingress objects for the associated FQDN. create the necessary Ingress objects for the associated FQDN.
It is also important to note that the above script does not actually installs
the Openstack client package on the host but instead it creates a bash
script `/usr/local/bin/openstack` that runs the Openstack client in a
Docker container. If you need to pass extra command line parameters to the
`docker run` command use the environment variable
`OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS`. For example if you need to mount a
directory from the host file system, you can do the following
.. code-block:: bash
export OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="-v /data:/data"
/usr/local/bin/openstack <subcommand> <options>
Remember that the container file system is ephemeral and is destroyed
when you stop the container. So if you would like to use the
Openstack client capabilities interfacing with the file system then you have to mount
a directory from the host file system where you will read/write necessary files.
For example, this is useful when you create a key pair and save the private key in a file
which is then used for ssh access to VMs. Or it could be Heat recipes
which you prepare in advance and then use with Openstack client.
.. _setup-client.sh: https://opendev.org/openstack/openstack-helm/src/branch/master/tools/deployment/common/setup-client.sh .. _setup-client.sh: https://opendev.org/openstack/openstack-helm/src/branch/master/tools/deployment/common/setup-client.sh
.. _MetalLB: https://metallb.universe.tf .. _MetalLB: https://metallb.universe.tf

5
tools/deployment/common/prepare-k8s.sh
View File

@ -47,4 +47,9 @@ EOF
kubectl apply -f /tmp/${NAMESPACE}-ns.yaml kubectl apply -f /tmp/${NAMESPACE}-ns.yaml
done done
#NOTE: Build helm-toolkit, most charts depend on helm-toolkit
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
make -C ${HELM_CHART_ROOT_PATH} helm-toolkit
# Build all charts
make all make all

24
tools/deployment/common/setup-client.sh
View File

@ -14,13 +14,6 @@
set -xe set -xe
sudo -H -E pip3 install --upgrade pip
sudo -H -E pip3 install \
-c${UPPER_CONSTRAINTS_FILE:=https://releases.openstack.org/constraints/upper/${OPENSTACK_RELEASE:-xena}} \
cmd2 python-openstackclient python-heatclient --ignore-installed
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
sudo -H mkdir -p /etc/openstack sudo -H mkdir -p /etc/openstack
sudo -H chown -R $(id -un): /etc/openstack sudo -H chown -R $(id -un): /etc/openstack
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
@ -54,5 +47,18 @@ else
EOF EOF
fi fi
#NOTE: Build helm-toolkit, most charts depend on helm-toolkit sudo tee /usr/local/bin/openstack << EOF
make -C ${HELM_CHART_ROOT_PATH} helm-toolkit #!/bin/bash
args=("\$@")
sudo docker run \\
--rm \\
--network host \\
-w / \\
-v /etc/openstack/clouds.yaml:/etc/openstack/clouds.yaml \\
-v /etc/openstack-helm:/etc/openstack-helm \\
-e OS_CLOUD=\${OS_CLOUD} \\
\${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} \\
docker.io/openstackhelm/openstack-client:\${OPENSTACK_RELEASE:-2023.2} openstack "\${args[@]}"
EOF
sudo chmod +x /usr/local/bin/openstack

39
tools/deployment/common/use-it.sh
View File

@ -15,6 +15,19 @@ set -xe
export OS_CLOUD=openstack_helm export OS_CLOUD=openstack_helm
: ${HEAT_DIR:="$(readlink -f ./tools/deployment/common)"}
: ${SSH_DIR:="${HOME}/.ssh"}
if [[ -n ${HEAT_DIR} ]]; then
OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} -v ${HEAT_DIR}:${HEAT_DIR}"
fi
if [[ -n ${SSH_DIR} ]]; then
OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} -v ${SSH_DIR}:${SSH_DIR}"
fi
export OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS
: ${OSH_EXT_NET_NAME:="public"} : ${OSH_EXT_NET_NAME:="public"}
: ${OSH_EXT_SUBNET_NAME:="public-subnet"} : ${OSH_EXT_SUBNET_NAME:="public-subnet"}
: ${OSH_EXT_SUBNET:="172.24.4.0/24"} : ${OSH_EXT_SUBNET:="172.24.4.0/24"}
@ -26,7 +39,7 @@ openstack stack show "heat-public-net-deployment" || \
--parameter subnet_name=${OSH_EXT_SUBNET_NAME} \ --parameter subnet_name=${OSH_EXT_SUBNET_NAME} \
--parameter subnet_cidr=${OSH_EXT_SUBNET} \ --parameter subnet_cidr=${OSH_EXT_SUBNET} \
--parameter subnet_gateway=${OSH_BR_EX_ADDR%/*} \ --parameter subnet_gateway=${OSH_BR_EX_ADDR%/*} \
-t ./tools/deployment/common/heat-public-net-deployment.yaml \ -t ${HEAT_DIR}/heat-public-net-deployment.yaml \
heat-public-net-deployment heat-public-net-deployment
: ${OSH_PRIVATE_SUBNET_POOL:="10.0.0.0/8"} : ${OSH_PRIVATE_SUBNET_POOL:="10.0.0.0/8"}
@ -37,7 +50,7 @@ openstack stack show "heat-subnet-pool-deployment" || \
--parameter subnet_pool_name=${OSH_PRIVATE_SUBNET_POOL_NAME} \ --parameter subnet_pool_name=${OSH_PRIVATE_SUBNET_POOL_NAME} \
--parameter subnet_pool_prefixes=${OSH_PRIVATE_SUBNET_POOL} \ --parameter subnet_pool_prefixes=${OSH_PRIVATE_SUBNET_POOL} \
--parameter subnet_pool_default_prefix_length=${OSH_PRIVATE_SUBNET_POOL_DEF_PREFIX} \ --parameter subnet_pool_default_prefix_length=${OSH_PRIVATE_SUBNET_POOL_DEF_PREFIX} \
-t ./tools/deployment/common/heat-subnet-pool-deployment.yaml \ -t ${HEAT_DIR}/heat-subnet-pool-deployment.yaml \
heat-subnet-pool-deployment heat-subnet-pool-deployment
: ${OSH_EXT_NET_NAME:="public"} : ${OSH_EXT_NET_NAME:="public"}
@ -50,12 +63,12 @@ IMAGE_NAME=$(openstack image show -f value -c name \
grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"')) grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"'))
# Setup SSH Keypair in Nova # Setup SSH Keypair in Nova
mkdir -p ${HOME}/.ssh mkdir -p ${SSH_DIR}
openstack keypair show "${OSH_VM_KEY_STACK}" || \ openstack keypair show "${OSH_VM_KEY_STACK}" || \
openstack keypair create --private-key ${HOME}/.ssh/osh_key ${OSH_VM_KEY_STACK} openstack keypair create --private-key ${SSH_DIR}/osh_key ${OSH_VM_KEY_STACK}
chmod 600 ${HOME}/.ssh/osh_key sudo chown $(id -un) ${SSH_DIR}/osh_key
chmod 600 ${SSH_DIR}/osh_key
openstack stack show "heat-basic-vm-deployment" || \ openstack stack show "heat-basic-vm-deployment" || \
openstack stack create --wait \ openstack stack create --wait \
@ -64,7 +77,7 @@ openstack stack show "heat-basic-vm-deployment" || \
--parameter ssh_key=${OSH_VM_KEY_STACK} \ --parameter ssh_key=${OSH_VM_KEY_STACK} \
--parameter cidr=${OSH_PRIVATE_SUBNET} \ --parameter cidr=${OSH_PRIVATE_SUBNET} \
--parameter dns_nameserver=${OSH_BR_EX_ADDR%/*} \ --parameter dns_nameserver=${OSH_BR_EX_ADDR%/*} \
-t ./tools/deployment/common/heat-basic-vm-deployment.yaml \ -t ${HEAT_DIR}/heat-basic-vm-deployment.yaml \
heat-basic-vm-deployment heat-basic-vm-deployment
FLOATING_IP=$(openstack stack output show \ FLOATING_IP=$(openstack stack output show \
@ -104,13 +117,13 @@ EOF
# note: ssh-keyscan should be re-enabled to prevent skip host key checking # note: ssh-keyscan should be re-enabled to prevent skip host key checking
# ssh-keyscan does not use ssh_config so ignore host key checking for now # ssh-keyscan does not use ssh_config so ignore host key checking for now
#ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts #ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
ssh -o "StrictHostKeyChecking no" -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*} ssh -o "StrictHostKeyChecking no" -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
# Check the VM can reach the metadata server # Check the VM can reach the metadata server
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254 ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254
# Check the VM can reach the keystone server # Check the VM can reach the keystone server
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 keystone.openstack.svc.cluster.local ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 keystone.openstack.svc.cluster.local
# Check to see if cinder has been deployed, if it has then perform a volume attach. # Check to see if cinder has been deployed, if it has then perform a volume attach.
if openstack service list -f value -c Type | grep -q "^volume"; then if openstack service list -f value -c Type | grep -q "^volume"; then
@ -121,18 +134,18 @@ if openstack service list -f value -c Type | grep -q "^volume"; then
# Get the devices that are present on the instance # Get the devices that are present on the instance
DEVS_PRE_ATTACH=$(mktemp) DEVS_PRE_ATTACH=$(mktemp)
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_PRE_ATTACH} ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_PRE_ATTACH}
openstack stack list show "heat-vm-volume-attach" || \ openstack stack list show "heat-vm-volume-attach" || \
# Create and attach a block device to the instance # Create and attach a block device to the instance
openstack stack create --wait \ openstack stack create --wait \
--parameter instance_uuid=${INSTANCE_ID} \ --parameter instance_uuid=${INSTANCE_ID} \
-t ./tools/deployment/common/heat-vm-volume-attach.yaml \ -t ${HEAT_DIR}/heat-vm-volume-attach.yaml \
heat-vm-volume-attach heat-vm-volume-attach
# Get the devices that are present on the instance # Get the devices that are present on the instance
DEVS_POST_ATTACH=$(mktemp) DEVS_POST_ATTACH=$(mktemp)
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_POST_ATTACH} ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_POST_ATTACH}
# Check that we have the expected number of extra devices on the instance post attach # Check that we have the expected number of extra devices on the instance post attach
if ! [ "$(comm -13 ${DEVS_PRE_ATTACH} ${DEVS_POST_ATTACH} | wc -l)" -eq "1" ]; then if ! [ "$(comm -13 ${DEVS_PRE_ATTACH} ${DEVS_POST_ATTACH} | wc -l)" -eq "1" ]; then

1
zuul.d/base.yaml
View File

@ -60,6 +60,7 @@
helm_version: "v3.6.3" helm_version: "v3.6.3"
yq_version: "v4.6.0" yq_version: "v4.6.0"
crictl_version: "v1.26.1" crictl_version: "v1.26.1"
zuul_osh_relative_path: ../openstack-helm
zuul_osh_infra_relative_path: ../openstack-helm-infra zuul_osh_infra_relative_path: ../openstack-helm-infra
gate_scripts_relative_path: ../openstack-helm gate_scripts_relative_path: ../openstack-helm
run_helm_tests: "no" run_helm_tests: "no"