Ceph: RadosGW

This PS implements the ceph radosgw and also provides keystone
intergration, allowing ceph to provide a swift like service if
desired for object storage.

In addtion it updates the endpoint lookups to use valid yaml when
dealing with keystone services with a '-' in their name.

Change-Id: I9162ad657df2f77c1bc1afa93a8b999894b1b470
This commit is contained in:
Pete Birley 2017-09-06 10:31:30 -05:00
parent c6a288d269
commit 7c37157fb1
46 changed files with 995 additions and 207 deletions

View File

@ -63,9 +63,9 @@ limitations under the License.
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.default.oslo.messaging "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- $barbicanPath := index .Values "endpoints" "key-manager" "path" "default" }} {{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}
{{- if empty .Values.conf.barbican.default.barbican.common.config.host_href -}} {{- if empty .Values.conf.barbican.default.barbican.common.config.host_href -}}
{{- tuple "key-manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.default.barbican.common.config "host_href" | quote | trunc 0 -}} {{- tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.default.barbican.common.config "host_href" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
--- ---

View File

@ -337,7 +337,7 @@ endpoints:
default: 35357 default: 35357
api: api:
default: 80 default: 80
key-manager: key_manager:
name: barbican name: barbican
hosts: hosts:
default: barbican-api default: barbican-api

View File

@ -0,0 +1,39 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
cp -va /tmp/ceph.conf /etc/ceph/ceph.conf
cat >> /etc/ceph/ceph.conf <<EOF
[client.rgw.${POD_NAME}]
rgw_frontends = "civetweb port=${RGW_CIVETWEB_PORT}"
rgw_keystone_url = "${KEYSTONE_URL}"
rgw_keystone_admin_user = "${OS_USERNAME}"
rgw_keystone_admin_password = "${OS_PASSWORD}"
rgw_keystone_admin_project = "${OS_PROJECT_NAME}"
rgw_keystone_admin_domain = "${OS_USER_DOMAIN_NAME}"
{{ range $key, $value := .Values.conf.rgw_ks.config -}}
{{- if kindIs "slice" $value -}}
{{ $key }} = {{ include "helm-toolkit.joinListWithComma" $value | quote }}
{{ else -}}
{{ $key }} = {{ $value | quote }}
{{ end -}}
{{- end -}}
EOF

View File

@ -0,0 +1,31 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin_clients }}
{{- $envAll := . }}
{{- if .Values.deployment.client_secrets }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ceph-bin-clients
data:
ceph-namespace-client-key.sh: |+
{{ tuple "bin/_ceph-namespace-client-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceph-namespace-client-key-cleaner.sh: |+
{{ tuple "bin/_ceph-namespace-client-key-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,33 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin_ks }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ceph-bin-ks
data:
ks-service.sh: |+
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |+
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
{{- end }}
{{- end }}

View File

@ -14,7 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -25,20 +27,12 @@ data:
bootstrap.sh: |+ bootstrap.sh: |+
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.manifests_enabled.storage_secrets }}
ceph-key.py: |+ ceph-key.py: |+
{{ tuple "bin/_ceph-key.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceph-key.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceph-key.sh: |+ ceph-key.sh: |+
{{ tuple "bin/_ceph-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceph-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceph-storage-key.sh: |+ ceph-storage-key.sh: |+
{{ tuple "bin/_ceph-storage-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceph-storage-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- if .Values.manifests_enabled.client_secrets }}
ceph-namespace-client-key.sh: |+
{{ tuple "bin/_ceph-namespace-client-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceph-namespace-client-key-cleaner.sh: |+
{{ tuple "bin/_ceph-namespace-client-key-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
init_dirs.sh: |+ init_dirs.sh: |+
{{ tuple "bin/_init_dirs.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_init_dirs.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
common_functions.sh: |+ common_functions.sh: |+
@ -67,6 +61,8 @@ data:
{{ tuple "bin/_start_mds.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_start_mds.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
start_rgw.sh: |+ start_rgw.sh: |+
{{ tuple "bin/_start_rgw.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_start_rgw.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
init_rgw_ks.sh: |+
{{ tuple "bin/_init_rgw_ks.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
watch_mon_health.sh: |+ watch_mon_health.sh: |+
{{ tuple "bin/_watch_mon_health.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_watch_mon_health.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
variables_entrypoint.sh: | variables_entrypoint.sh: |
@ -75,3 +71,5 @@ data:
{{ tuple "bin/_check_zombie_mons.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_check_zombie_mons.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rbd-provisioner.sh: | rbd-provisioner.sh: |
{{ tuple "bin/_rbd-provisioner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_rbd-provisioner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- end }}

View File

@ -14,13 +14,13 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if or (.Values.deployment.ceph) (.Values.deployment.client_secrets) }}
{{- if empty .Values.conf.ceph.config.global.mon_host -}} {{- if empty .Values.conf.ceph.config.global.mon_host -}}
{{- $monHost := tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $monHost := tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
{{- $monHostDomain := default .Release.Namespace .Values.ceph.namespace }} {{- $monHost | set .Values.conf.ceph.config.global "mon_host" | quote | trunc 0 -}}
{{- $monHostURI := cat $monHost "." $monHostDomain | nospace -}}
{{- $monHostURI | set .Values.conf.ceph.config.global "mon_host" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceph.config.global.fsid -}} {{- if empty .Values.conf.ceph.config.global.fsid -}}
@ -43,3 +43,5 @@ metadata:
data: data:
ceph.conf: |+ ceph.conf: |+
{{ include "helm-toolkit.utils.to_ini" .Values.conf.ceph.config | indent 4 }} {{ include "helm-toolkit.utils.to_ini" .Values.conf.ceph.config | indent 4 }}
{{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.storage_secrets }} {{- if .Values.manifests.configmap_templates }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.storage_secrets }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@ -33,3 +34,4 @@ data:
mon.keyring: |+ mon.keyring: |+
{{ tuple "templates/_mon.keyring.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "templates/_mon.keyring.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.daemonset_mon }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- $dependencies := .Values.dependencies.mon }} {{- $dependencies := .Values.dependencies.mon }}
--- ---
kind: DaemonSet kind: DaemonSet
@ -82,6 +83,15 @@ spec:
- /remove-mon.sh - /remove-mon.sh
ports: ports:
- containerPort: 6789 - containerPort: 6789
livenessProbe:
tcpSocket:
port: 6789
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: 6789
timeoutSeconds: 5
volumeMounts: volumeMounts:
- name: ceph-bin - name: ceph-bin
mountPath: /start_mon.sh mountPath: /start_mon.sh
@ -129,15 +139,6 @@ spec:
- name: pod-run - name: pod-run
mountPath: /run mountPath: /run
readOnly: false readOnly: false
livenessProbe:
tcpSocket:
port: 6789
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: 6789
timeoutSeconds: 5
volumes: volumes:
- name: ceph-bin - name: ceph-bin
configMap: configMap:
@ -168,3 +169,4 @@ spec:
secret: secret:
secretName: {{ .Values.secrets.keyrings.rgw }} secretName: {{ .Values.secrets.keyrings.rgw }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.daemonset_osd }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- $dependencies := .Values.dependencies.osd }} {{- $dependencies := .Values.dependencies.osd }}
--- ---
kind: DaemonSet kind: DaemonSet
@ -167,3 +168,4 @@ spec:
hostPath: hostPath:
path: {{ .Values.ceph.storage.osd_directory }} path: {{ .Values.ceph.storage.osd_directory }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.deployment_mds }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- if .Values.ceph.enabled.mds }} {{- if .Values.ceph.enabled.mds }}
{{- $dependencies := .Values.dependencies.mds }} {{- $dependencies := .Values.dependencies.mds }}
--- ---
@ -70,6 +71,15 @@ spec:
- /start_mds.sh - /start_mds.sh
ports: ports:
- containerPort: 6800 - containerPort: 6800
livenessProbe:
tcpSocket:
port: 6800
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: 6800
timeoutSeconds: 5
volumeMounts: volumeMounts:
- name: ceph-bin - name: ceph-bin
mountPath: /start_mds.sh mountPath: /start_mds.sh
@ -109,15 +119,6 @@ spec:
- name: pod-run - name: pod-run
mountPath: /run mountPath: /run
readOnly: false readOnly: false
livenessProbe:
tcpSocket:
port: 6800
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: 6800
timeoutSeconds: 5
volumes: volumes:
- name: ceph-etc - name: ceph-etc
configMap: configMap:
@ -149,3 +150,4 @@ spec:
secretName: {{ .Values.secrets.keyrings.rgw }} secretName: {{ .Values.secrets.keyrings.rgw }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.deployment_moncheck }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- $dependencies := .Values.dependencies.moncheck }} {{- $dependencies := .Values.dependencies.moncheck }}
--- ---
kind: Deployment kind: Deployment
@ -23,7 +24,7 @@ apiVersion: apps/v1beta1
metadata: metadata:
name: ceph-mon-check name: ceph-mon-check
spec: spec:
replicas: {{ .Values.replicas.mon_check }} replicas: {{ .Values.pod.replicas.mon_check }}
template: template:
metadata: metadata:
labels: labels:
@ -143,3 +144,4 @@ spec:
secret: secret:
secretName: {{ .Values.secrets.keyrings.rgw }} secretName: {{ .Values.secrets.keyrings.rgw }}
{{- end }} {{- end }}
{{- end }}

View File

@ -1,19 +1,22 @@
# Copyright 2017 The Openstack-Helm Authors. {{/*
# Copyright 2017 The Openstack-Helm Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests_enabled.rbd_provisioner }} Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_rbd_provisioner }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.rbd_provisioner }}
{{- $dependencies := .Values.dependencies.rbd_provisioner }} {{- $dependencies := .Values.dependencies.rbd_provisioner }}
--- ---
kind: Deployment kind: Deployment
@ -21,7 +24,7 @@ apiVersion: extensions/v1beta1
metadata: metadata:
name: ceph-rbd-provisioner name: ceph-rbd-provisioner
spec: spec:
replicas: {{ .Values.replicas.rbd_provisioner }} replicas: {{ .Values.pod.replicas.rbd_provisioner }}
strategy: strategy:
type: Recreate type: Recreate
template: template:
@ -56,3 +59,4 @@ spec:
name: ceph-bin name: ceph-bin
defaultMode: 0555 defaultMode: 0555
{{- end }} {{- end }}
{{- end }}

View File

@ -14,9 +14,10 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.deployment_rgw }}
{{- if .Values.ceph.enabled.rgw }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- if .Values.ceph.enabled.rgw }}
{{- $dependencies := .Values.dependencies.rgw }} {{- $dependencies := .Values.dependencies.rgw }}
--- ---
kind: Deployment kind: Deployment
@ -24,7 +25,7 @@ apiVersion: apps/v1beta1
metadata: metadata:
name: ceph-rgw name: ceph-rgw
spec: spec:
replicas: {{ .Values.replicas.rgw }} replicas: {{ .Values.pod.replicas.rgw }}
template: template:
metadata: metadata:
labels: labels:
@ -57,6 +58,38 @@ spec:
- name: pod-run - name: pod-run
mountPath: /run mountPath: /run
readOnly: false readOnly: false
{{ if .Values.ceph.rgw_keystone_auth }}
- name: ceph-rgw-ks-init
image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.rgw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: KEYSTONE_URL
value: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path.default | quote }}
- name: RGW_CIVETWEB_PORT
value: "{{ .Values.network.port.rgw }}"
command:
- /tmp/init_rgw_ks.sh
volumeMounts:
- name: pod-etc-ceph
mountPath: /etc/ceph
- name: ceph-bin
mountPath: /tmp/init_rgw_ks.sh
subPath: init_rgw_ks.sh
readOnly: true
- name: ceph-etc
mountPath: /tmp/ceph.conf
subPath: ceph.conf
readOnly: true
{{ end }}
containers: containers:
- name: ceph-rgw - name: ceph-rgw
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
@ -64,23 +97,31 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.rgw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.rgw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env: env:
- name: RGW_CIVETWEB_PORT - name: RGW_CIVETWEB_PORT
value: "{{ .Values.network.port.rgw_target }}" value: "{{ .Values.network.port.rgw }}"
command: command:
- /start_rgw.sh - /start_rgw.sh
ports: ports:
- containerPort: {{ .Values.network.port.rgw_target }} - containerPort: {{ .Values.network.port.rgw }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
port: {{ .Values.network.port.rgw_target }} port: {{ .Values.network.port.rgw }}
initialDelaySeconds: 120 initialDelaySeconds: 120
timeoutSeconds: 5 timeoutSeconds: 5
readinessProbe: readinessProbe:
httpGet: httpGet:
path: / path: /
port: {{ .Values.network.port.rgw_target }} port: {{ .Values.network.port.rgw }}
timeoutSeconds: 5 timeoutSeconds: 5
volumeMounts: volumeMounts:
- name: pod-etc-ceph
mountPath: /etc/ceph
{{- if not .Values.ceph.rgw_keystone_auth }}
- name: ceph-etc
mountPath: /ceph/ceph.conf
subPath: ceph.conf
readOnly: true
{{- end }}
- name: ceph-bin - name: ceph-bin
mountPath: /start_rgw.sh mountPath: /start_rgw.sh
subPath: start_rgw.sh subPath: start_rgw.sh
@ -89,10 +130,6 @@ spec:
mountPath: /common_functions.sh mountPath: /common_functions.sh
subPath: common_functions.sh subPath: common_functions.sh
readOnly: true readOnly: true
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-client-admin-keyring - name: ceph-client-admin-keyring
mountPath: /etc/ceph/ceph.client.admin.keyring mountPath: /etc/ceph/ceph.client.admin.keyring
subPath: ceph.client.admin.keyring subPath: ceph.client.admin.keyring
@ -120,6 +157,8 @@ spec:
mountPath: /run mountPath: /run
readOnly: false readOnly: false
volumes: volumes:
- name: pod-etc-ceph
emptyDir: {}
- name: ceph-bin - name: ceph-bin
configMap: configMap:
name: ceph-bin name: ceph-bin
@ -150,3 +189,4 @@ spec:
secretName: {{ .Values.secrets.keyrings.rgw }} secretName: {{ .Values.secrets.keyrings.rgw }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.job_bootstrap }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.bootstrap.enabled }} {{- if .Values.bootstrap.enabled }}
{{- $dependencies := .Values.dependencies.bootstrap }} {{- $dependencies := .Values.dependencies.bootstrap }}
@ -30,7 +31,7 @@ spec:
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
nodeSelector: nodeSelector:
{{ .Values.labels.bootstrap.node_selector_key }}: {{ .Values.labels.bootstrap.node_selector_value }} {{ .Values.labels.jobs.node_selector_key }}: {{ .Values.labels.jobs.node_selector_value }}
initContainers: initContainers:
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers: containers:
@ -66,3 +67,4 @@ spec:
secret: secret:
secretName: {{ .Values.secrets.keyrings.admin }} secretName: {{ .Values.secrets.keyrings.admin }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.storage_secrets }} {{- if .Values.manifests.job_keyring }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.storage_secrets }}
{{- range $key1, $cephBootstrapKey := tuple "mds" "osd" "rgw" "mon" }} {{- range $key1, $cephBootstrapKey := tuple "mds" "osd" "rgw" "mon" }}
{{- $jobName := print $cephBootstrapKey "-keyring-generator" }} {{- $jobName := print $cephBootstrapKey "-keyring-generator" }}
--- ---
@ -30,19 +31,13 @@ spec:
{{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
containers: containers:
- name: ceph-{{ $jobName }} - name: ceph-{{ $jobName }}
image: {{ $envAll.Values.images.ceph_config_helper }} image: {{ $envAll.Values.images.ceph_config_helper }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{- if $envAll.Values.pod.resources.enabled }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
resources:
requests:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.requests.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.requests.cpu | quote }}
limits:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.limits.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.limits.cpu | quote }}
{{- end }}
env: env:
- name: DEPLOYMENT_NAMESPACE - name: DEPLOYMENT_NAMESPACE
valueFrom: valueFrom:
@ -88,5 +83,6 @@ spec:
configMap: configMap:
name: ceph-templates name: ceph-templates
defaultMode: 0444 defaultMode: 0444
{{ end }} {{- end }}
{{ end }} {{- end }}
{{- end }}

View File

@ -0,0 +1,71 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: ceph-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "ceph" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "object-store" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: ceph-bin-ks
defaultMode: 0555
{{- end }}
{{- end }}

View File

@ -0,0 +1,65 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_service }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- $dependencies := .Values.dependencies.ks_service }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: ceph-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "ceph" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "object-store" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: ceph-bin-ks
defaultMode: 0555
{{- end }}
{{- end }}

View File

@ -0,0 +1,66 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- $dependencies := .Values.dependencies.ks_user }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: ceph-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "ceph" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ceph-ks-user
image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceph"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: ceph-bin-ks
defaultMode: 0555
{{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.client_secrets }} {{- if .Values.manifests.job_namespace_client_key_cleaner }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.client_secrets }}
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -30,19 +31,13 @@ spec:
{{ tuple $envAll "ceph" "client-key-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "ceph" "client-key-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
containers: containers:
- name: ceph-namespace-client-keys-cleaner - name: ceph-namespace-client-keys-cleaner
image: {{ .Values.images.ceph_config_helper }} image: {{ .Values.images.ceph_config_helper }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.pod.resources.enabled }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
resources:
requests:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.requests.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.requests.cpu | quote }}
limits:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.limits.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.limits.cpu | quote }}
{{- end }}
env: env:
- name: DEPLOYMENT_NAMESPACE - name: DEPLOYMENT_NAMESPACE
valueFrom: valueFrom:
@ -60,6 +55,7 @@ spec:
volumes: volumes:
- name: ceph-bin - name: ceph-bin
configMap: configMap:
name: ceph-bin name: ceph-bin-clients
defaultMode: 0555 defaultMode: 0555
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.client_secrets }} {{- if .Values.manifests.job_namespace_client_key }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.client_secrets }}
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -28,19 +29,13 @@ spec:
{{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
containers: containers:
- name: ceph-storage-keys-generator - name: ceph-storage-keys-generator
image: {{ .Values.images.ceph_config_helper }} image: {{ .Values.images.ceph_config_helper }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.pod.resources.enabled }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
resources:
requests:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.requests.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.requests.cpu | quote }}
limits:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.limits.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.limits.cpu | quote }}
{{- end }}
env: env:
- name: DEPLOYMENT_NAMESPACE - name: DEPLOYMENT_NAMESPACE
valueFrom: valueFrom:
@ -62,6 +57,7 @@ spec:
volumes: volumes:
- name: ceph-bin - name: ceph-bin
configMap: configMap:
name: ceph-bin name: ceph-bin-clients
defaultMode: 0555 defaultMode: 0555
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.storage_secrets }} {{- if .Values.manifests.job_storage_admin_keys }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.storage_secrets }}
--- ---
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
@ -28,19 +29,13 @@ spec:
{{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
containers: containers:
- name: ceph-storage-keys-generator - name: ceph-storage-keys-generator
image: {{ .Values.images.ceph_config_helper }} image: {{ .Values.images.ceph_config_helper }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.pod.resources.enabled }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
resources:
requests:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.requests.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.requests.cpu | quote }}
limits:
memory: {{ .Values.pod.resources.jobs.secret_provisioning.limits.memory | quote }}
cpu: {{ .Values.pod.resources.jobs.secret_provisioning.limits.cpu | quote }}
{{- end }}
env: env:
- name: DEPLOYMENT_NAMESPACE - name: DEPLOYMENT_NAMESPACE
valueFrom: valueFrom:
@ -82,3 +77,4 @@ spec:
name: ceph-templates name: ceph-templates
defaultMode: 0444 defaultMode: 0444
{{- end }} {{- end }}
{{- end }}

View File

@ -0,0 +1,32 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone_rgw }}
{{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- range $key1, $userClass := tuple "user" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,32 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.service_mon }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
--- ---
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
@ -38,3 +39,4 @@ spec:
{{ tuple $envAll "ceph" "mon" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ceph" "mon" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
clusterIP: None clusterIP: None
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.service_rgw }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- if .Values.ceph.enabled.rgw }} {{- if .Values.ceph.enabled.rgw }}
--- ---
apiVersion: v1 apiVersion: v1
@ -24,10 +25,11 @@ metadata:
name: ceph-rgw name: ceph-rgw
spec: spec:
ports: ports:
- port: {{ .Values.network.port.rgw_ingress }} - port: {{ .Values.network.port.rgw }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.network.port.rgw_target }} targetPort: {{ .Values.network.port.rgw }}
selector: selector:
{{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

View File

@ -14,8 +14,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests_enabled.deployment }} {{- if .Values.manifests.storageclass }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }}
--- ---
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
kind: StorageClass kind: StorageClass
@ -31,3 +32,4 @@ parameters:
userId: {{ .Values.storageclass.user_id }} userId: {{ .Values.storageclass.user_id }}
userSecretName: {{ .Values.storageclass.user_secret_name }} userSecretName: {{ .Values.storageclass.user_secret_name }}
{{- end }} {{- end }}
{{- end }}

View File

@ -12,22 +12,17 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
manifests_enabled: deployment:
ceph: true
storage_secrets: true storage_secrets: true
client_secrets: true client_secrets: true
deployment: true
rbd_provisioner: true rbd_provisioner: true
rgw_keystone_user_and_endpoints: false
replicas:
rgw: 1
mon_check: 1
rbd_provisioner: 2
service:
mon:
name: ceph-mon
images: images:
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
bootstrap: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 bootstrap: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
daemon: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 daemon: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04
@ -36,6 +31,9 @@ images:
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
labels: labels:
jobs:
node_selector_key: openstack-control-plane
node_selector_value: enabled
mon: mon:
node_selector_key: ceph-mon node_selector_key: ceph-mon
node_selector_value: enabled node_selector_value: enabled
@ -48,12 +46,13 @@ labels:
rgw: rgw:
node_selector_key: ceph-rgw node_selector_key: ceph-rgw
node_selector_value: enabled node_selector_value: enabled
bootstrap:
node_selector_key: ceph-mon
node_selector_value: enabled
pod: pod:
dns_policy: "ClusterFirstWithHostNet" dns_policy: "ClusterFirstWithHostNet"
replicas:
rgw: 1
mon_check: 1
rbd_provisioner: 2
affinity: affinity:
anti: anti:
type: type:
@ -119,6 +118,27 @@ pod:
requests: requests:
memory: "128Mi" memory: "128Mi"
cpu: "500m" cpu: "500m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets: secrets:
keyrings: keyrings:
@ -127,18 +147,25 @@ secrets:
osd: ceph-bootstrap-osd-keyring osd: ceph-bootstrap-osd-keyring
rgw: ceph-bootstrap-rgw-keyring rgw: ceph-bootstrap-rgw-keyring
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
identity:
admin: ceph-keystone-admin
user: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw
network: network:
# public: "192.168.0.0/16" public: 192.168.0.0/16
# cluster: "192.168.0.0/16" cluster: 192.168.0.0/16
public: "10.1.10.0/24"
cluster: "10.1.10.0/24"
port: port:
mon: 6789 mon: 6789
rgw_ingress: 80 rgw: 8088
rgw_target: 8088
conf: conf:
rgw_ks:
config:
rgw_keystone_api_version: 3
rgw_keystone_accepted_roles: "admin, _member_"
rgw_keystone_implicit_tenants: true
rgw_s3_auth_use_keystone: true
ceph: ceph:
override: override:
append: append:
@ -233,20 +260,31 @@ dependencies:
jobs: jobs:
- service: ceph_mon - service: ceph_mon
endpoint: internal endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- ceph-ks-service
services:
- service: identity
endpoint: internal
ceph: ceph:
rgw_keystone_auth: false
enabled: enabled:
mds: true mds: true
rgw: false rgw: true
storage: storage:
osd_directory: /var/lib/openstack-helm/ceph/osd osd_directory: /var/lib/openstack-helm/ceph/osd
var_directory: /var/lib/openstack-helm/ceph/ceph var_directory: /var/lib/openstack-helm/ceph/ceph
mon_directory: /var/lib/openstack-helm/ceph/mon mon_directory: /var/lib/openstack-helm/ceph/mon
# rgw is optionally disabled
rgw:
enabled: false
bootstrap: bootstrap:
enabled: false enabled: false
script: | script: |
@ -256,7 +294,6 @@ bootstrap:
} }
ensure_pool volumes 8 ensure_pool volumes 8
ensure_pool images 8 ensure_pool images 8
ensure_pool vms 8
# if you change provision_storage_class to false # if you change provision_storage_class to false
# it is presumed you manage your own storage # it is presumed you manage your own storage
@ -275,7 +312,55 @@ storageclass:
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
identity:
name: keystone
namespace: null
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: swift
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
object_store:
name: swift
namespace: null
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /swift/v1
scheme:
default: http
port:
api:
default: 8088
ceph_mon: ceph_mon:
namespace: null
hosts: hosts:
default: ceph-mon default: ceph-mon
host_fqdn_override: host_fqdn_override:
@ -283,3 +368,30 @@ endpoints:
port: port:
mon: mon:
default: 6789 default: 6789
manifests:
configmap_bin_clients: true
configmap_bin_ks: true
configmap_bin: true
configmap_etc: true
configmap_templates: true
daemonset_mon: true
daemonset_osd: true
deployment_mds: true
deployment_moncheck: true
deployment_rbd_provisioner: true
deployment_rgw: true
job_bootstrap: true
job_keyring: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_namespace_client_key_cleaner: true
job_namespace_client_key: true
job_storage_admin_keys: true
secret_keystone_rgw: true
secret_keystone: true
service_mon: true
service_rgw: true
storageclass: true

View File

@ -233,6 +233,7 @@ Nodes are labeled according to their Openstack roles:
* **Ceph MON Nodes:** ``ceph-mon`` * **Ceph MON Nodes:** ``ceph-mon``
* **Ceph OSD Nodes:** ``ceph-osd`` * **Ceph OSD Nodes:** ``ceph-osd``
* **Ceph MDS Nodes:** ``ceph-mds`` * **Ceph MDS Nodes:** ``ceph-mds``
* **Ceph RGW Nodes:** ``ceph-rgw``
* **Control Plane:** ``openstack-control-plane`` * **Control Plane:** ``openstack-control-plane``
* **Compute Nodes:** ``openvswitch``, ``openstack-compute-node`` * **Compute Nodes:** ``openvswitch``, ``openstack-compute-node``
@ -242,6 +243,7 @@ Nodes are labeled according to their Openstack roles:
kubectl label nodes ceph-mon=enabled --all kubectl label nodes ceph-mon=enabled --all
kubectl label nodes ceph-osd=enabled --all kubectl label nodes ceph-osd=enabled --all
kubectl label nodes ceph-mds=enabled --all kubectl label nodes ceph-mds=enabled --all
kubectl label nodes ceph-rgw=enabled --all
kubectl label nodes openvswitch=enabled --all kubectl label nodes openvswitch=enabled --all
kubectl label nodes openstack-compute-node=enabled --all kubectl label nodes openstack-compute-node=enabled --all
@ -267,8 +269,8 @@ by issuing the following commands:
:: ::
export osd_cluster_network=10.26.0.0/26 export OSD_CLUSTER_NETWORK=10.26.0.0/26
export osd_public_network=10.26.0.0/26 export OSD_PUBLIC_NETWORK=10.26.0.0/26
Helm Preparation Helm Preparation
---------------- ----------------
@ -325,19 +327,42 @@ Ceph Installation and Verification
---------------------------------- ----------------------------------
Install the first service, which is Ceph. If all instructions have been Install the first service, which is Ceph. If all instructions have been
followed as mentioned above, this installation should go smoothly. Use followed as mentioned above, this installation should go smoothly. It is at this
the following command to install Ceph in the ``openstack-helm`` project folder: point you can also decide to enable keystone authentication for the RadosGW if
you wish to use ceph for tenant facing object storage. If you do not wish to do
this then you should set the value of ``CEPH_RGW_KEYSTONE_ENABLED=false`` before
running the following commands in the ``openstack-helm`` project folder:
:: ::
helm install --namespace=ceph ./ceph --name=ceph \ : ${CEPH_RGW_KEYSTONE_ENABLED:="true"}
--set manifests_enabled.client_secrets=false \ helm install --namespace=ceph ${WORK_DIR}/ceph --name=ceph \
--set network.public=$osd_public_network \ --set endpoints.identity.namespace=openstack \
--set network.cluster=$osd_cluster_network \ --set endpoints.object_store.namespace=ceph \
--set endpoints.ceph_mon.namespace=ceph \
--set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${OSD_PUBLIC_NETWORK} \
--set network.cluster=${OSD_CLUSTER_NETWORK} \
--set deployment.storage_secrets=true \
--set deployment.ceph=true \
--set deployment.rbd_provisioner=true \
--set deployment.client_secrets=false \
--set deployment.rgw_keystone_user_and_endpoints=false \
--set bootstrap.enabled=true --set bootstrap.enabled=true
You may want to validate that Ceph is deployed successfully. For more After Ceph has deployed and all the pods are running, you can check the health
information on this, please see the section entitled `Ceph of your cluster by running:
::
MON_POD=$(kubectl get pods \
--namespace=ceph \
--selector="application=ceph" \
--selector="component=mon" \
--no-headers | awk '{ print $1; exit }')
kubectl exec -n ceph ${MON_POD} -- ceph -s
For more information on this, please see the section entitled `Ceph
Troubleshooting <../../operator/troubleshooting/persistent-storage.html>`__. Troubleshooting <../../operator/troubleshooting/persistent-storage.html>`__.
Activating Control-Plane Namespace for Ceph Activating Control-Plane Namespace for Ceph
@ -351,12 +376,19 @@ deploy the client keyring and ``ceph.conf`` to the ``openstack`` namespace:
:: ::
helm install --namespace=openstack ./ceph --name=ceph-openstack-config \ : ${CEPH_RGW_KEYSTONE_ENABLED:="true"}
--set manifests_enabled.storage_secrets=false \ helm install --namespace=openstack ${WORK_DIR}/ceph --name=ceph-openstack-config \
--set manifests_enabled.deployment=false \ --set endpoints.identity.namespace=openstack \
--set ceph.namespace=ceph \ --set endpoints.object_store.namespace=ceph \
--set network.public=$osd_public_network \ --set endpoints.ceph_mon.namespace=ceph \
--set network.cluster=$osd_cluster_network --set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${OSD_PUBLIC_NETWORK} \
--set network.cluster=${OSD_CLUSTER_NETWORK} \
--set deployment.storage_secrets=false \
--set deployment.ceph=false \
--set deployment.rbd_provisioner=false \
--set deployment.client_secrets=true \
--set deployment.rgw_keystone_user_and_endpoints=false
MariaDB Installation and Verification MariaDB Installation and Verification
------------------------------------- -------------------------------------
@ -390,6 +422,26 @@ Now you can easily install the other services simply by going in order:
helm install --namespace=openstack --name=keystone ./keystone \ helm install --namespace=openstack --name=keystone ./keystone \
--set pod.replicas.api=2 --set pod.replicas.api=2
**Install RadosGW Object Storage:**
If you elected to install Ceph with Keystone support for the RadosGW you can
now create endpoints in the Keystone service catalog:
::
helm install --namespace=openstack ${WORK_DIR}/ceph --name=radosgw-openstack \
--set endpoints.identity.namespace=openstack \
--set endpoints.object_store.namespace=ceph \
--set endpoints.ceph_mon.namespace=ceph \
--set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${OSD_PUBLIC_NETWORK} \
--set network.cluster=${OSD_CLUSTER_NETWORK} \
--set deployment.storage_secrets=false \
--set deployment.ceph=false \
--set deployment.rbd_provisioner=false \
--set deployment.client_secrets=false \
--set deployment.rgw_keystone_user_and_endpoints=true
**Install Horizon:** **Install Horizon:**
:: ::

View File

@ -28,7 +28,8 @@ limitations under the License.
{{- $userclass := index . 2 -}} {{- $userclass := index . 2 -}}
{{- $port := index . 3 -}} {{- $port := index . 3 -}}
{{- $context := index . 4 -}} {{- $context := index . 4 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- $userMap := index $endpointMap.auth $userclass }} {{- $userMap := index $endpointMap.auth $userclass }}
{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} {{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }}
{{- with $endpointMap -}} {{- with $endpointMap -}}

View File

@ -27,7 +27,8 @@ limitations under the License.
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $port := index . 2 -}} {{- $port := index . 2 -}}
{{- $context := index . 3 -}} {{- $context := index . 3 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $endpointPortMAP := index .port $port }} {{- $endpointPortMAP := index .port $port }}
{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} {{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }}

View File

@ -27,8 +27,9 @@ limitations under the License.
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $port := index . 2 -}} {{- $port := index . 2 -}}
{{- $context := index . 3 -}} {{- $context := index . 3 -}}
{{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} {{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $namespace := .namespace | default $context.Release.Namespace }} {{- $namespace := .namespace | default $context.Release.Namespace }}
{{- $endpointScheme := .scheme }} {{- $endpointScheme := .scheme }}

View File

@ -24,8 +24,9 @@ limitations under the License.
{{- $type := index . 0 -}} {{- $type := index . 0 -}}
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $context := index . 2 -}} {{- $context := index . 2 -}}
{{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} {{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $namespace := .namespace | default $context.Release.Namespace }} {{- $namespace := .namespace | default $context.Release.Namespace }}
{{- $endpointScheme := .scheme }} {{- $endpointScheme := .scheme }}

View File

@ -24,7 +24,8 @@ limitations under the License.
{{- $type := index . 0 -}} {{- $type := index . 0 -}}
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $context := index . 2 -}} {{- $context := index . 2 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $namespace := .namespace | default $context.Release.Namespace }} {{- $namespace := .namespace | default $context.Release.Namespace }}
{{- $endpointScheme := .scheme }} {{- $endpointScheme := .scheme }}

View File

@ -24,7 +24,8 @@ limitations under the License.
{{- $type := index . 0 -}} {{- $type := index . 0 -}}
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $context := index . 2 -}} {{- $context := index . 2 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $endpointScheme := .scheme }} {{- $endpointScheme := .scheme }}
{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} {{- $endpointHost := index .hosts $endpoint | default .hosts.default}}

View File

@ -22,7 +22,8 @@ limitations under the License.
{{- define "helm-toolkit.endpoints.keystone_endpoint_name_lookup" -}} {{- define "helm-toolkit.endpoints.keystone_endpoint_name_lookup" -}}
{{- $type := index . 0 -}} {{- $type := index . 0 -}}
{{- $context := index . 1 -}} {{- $context := index . 1 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- $endpointName := index $endpointMap "name" }} {{- $endpointName := index $endpointMap "name" }}
{{- $endpointName | quote -}} {{- $endpointName | quote -}}
{{- end -}} {{- end -}}

View File

@ -24,7 +24,8 @@ limitations under the License.
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $port := index . 2 -}} {{- $port := index . 2 -}}
{{- $context := index . 3 -}} {{- $context := index . 3 -}}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $endpointPath := index .path $endpoint | default .path.default | default "/" }} {{- $endpointPath := index .path $endpoint | default .path.default | default "/" }}
{{- printf "%s" $endpointPath -}} {{- printf "%s" $endpointPath -}}

View File

@ -24,8 +24,9 @@ limitations under the License.
{{- $endpoint := index . 1 -}} {{- $endpoint := index . 1 -}}
{{- $port := index . 2 -}} {{- $port := index . 2 -}}
{{- $context := index . 3 -}} {{- $context := index . 3 -}}
{{- $typeYamlSafe := $type | replace "-" "_" }}
{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} {{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }}
{{- $endpointMap := index $context.Values.endpoints $type }} {{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
{{- with $endpointMap -}} {{- with $endpointMap -}}
{{- $namespace := $endpointMap.namespace | default $context.Release.Namespace }} {{- $namespace := $endpointMap.namespace | default $context.Release.Namespace }}
{{- $endpointScheme := index .scheme $endpoint | default .scheme.default }} {{- $endpointScheme := index .scheme $endpoint | default .scheme.default }}

View File

@ -201,7 +201,7 @@ endpoints:
default: 35357 default: 35357
api: api:
default: 80 default: 80
container-infra: container_infra:
name: magnum name: magnum
hosts: hosts:
default: magnum-api default: magnum-api

View File

@ -68,13 +68,26 @@ data:
- component: osd-keyring-generator - component: osd-keyring-generator
- release_group: osh-ceph - release_group: osh-ceph
values: values:
manifests_enabled: endpoints:
client_secrets: False identity:
bootstrap: namespace: openstack
enabled: True object_store:
namespace: ceph
ceph_mon:
namespace: ceph
ceph:
rgw_keystone_auth: true
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
cluster: 192.168.0.0/16 cluster: 192.168.0.0/16
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: true
conf: conf:
ceph: ceph:
config: config:
@ -112,14 +125,31 @@ data:
- component: namespace-client-key-generator - component: namespace-client-key-generator
- release_group: osh-ceph - release_group: osh-ceph
values: values:
ceph: endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph namespace: ceph
manifests_enabled: ceph_mon:
deployment: False namespace: ceph
storage_secrets: False ceph:
rgw_keystone_auth: true
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
cluster: 192.168.0.0/16 cluster: 192.168.0.0/16
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
conf:
ceph:
config:
global:
osd_pool_default_size: 1
osd:
osd_crush_chooseleaf_type: 0
source: source:
type: local type: local
location: /opt/openstack-helm/charts location: /opt/openstack-helm/charts
@ -337,6 +367,54 @@ data:
- helm-toolkit - helm-toolkit
--- ---
schema: armada/Chart/v1 schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ceph-radosgw-keystone
data:
chart_name: ceph-radosgw-keystone
release: ceph-radosgw-keystone
namespace: openstack
timeout: 3600
install:
no_hooks: false
upgrade:
no_hooks: false
values:
endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph
endpoints:
ceph_mon:
namespace: ceph
ceph:
rgw_keystone_auth: true
network:
public: 192.168.0.0/16
cluster: 192.168.0.0/16
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: true
conf:
ceph:
config:
global:
osd_pool_default_size: 1
osd:
osd_crush_chooseleaf_type: 0
source:
type: local
location: /opt/openstack-helm/charts
subpath: ceph
reference: master
dependencies:
- helm-toolkit
---
schema: armada/Chart/v1
metadata: metadata:
schema: metadata/Document/v1 schema: metadata/Document/v1
name: horizon name: horizon
@ -760,6 +838,7 @@ data:
sequenced: False sequenced: False
chart_group: chart_group:
- keystone - keystone
- ceph-radosgw-keystone
- horizon - horizon
- glance - glance
- neutron - neutron

View File

@ -68,13 +68,26 @@ data:
- component: osd-keyring-generator - component: osd-keyring-generator
- release_group: osh-ceph - release_group: osh-ceph
values: values:
manifests_enabled: endpoints:
client_secrets: False identity:
bootstrap: namespace: openstack
enabled: True object_store:
namespace: ceph
ceph_mon:
namespace: ceph
ceph:
rgw_keystone_auth: true
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
cluster: 192.168.0.0/16 cluster: 192.168.0.0/16
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: true
source: source:
type: local type: local
location: /opt/openstack-helm/charts location: /opt/openstack-helm/charts
@ -105,14 +118,24 @@ data:
- component: namespace-client-key-generator - component: namespace-client-key-generator
- release_group: osh-ceph - release_group: osh-ceph
values: values:
ceph: endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph namespace: ceph
manifests_enabled: ceph_mon:
deployment: False namespace: ceph
storage_secrets: False ceph:
rgw_keystone_auth: true
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
cluster: 192.168.0.0/16 cluster: 192.168.0.0/16
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
source: source:
type: local type: local
location: /opt/openstack-helm/charts location: /opt/openstack-helm/charts
@ -330,6 +353,47 @@ data:
- helm-toolkit - helm-toolkit
--- ---
schema: armada/Chart/v1 schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ceph-radosgw-keystone
data:
chart_name: ceph-radosgw-keystone
release: ceph-radosgw-keystone
namespace: openstack
timeout: 3600
install:
no_hooks: false
upgrade:
no_hooks: false
values:
endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph
endpoints:
ceph_mon:
namespace: ceph
ceph:
rgw_keystone_auth: true
network:
public: 192.168.0.0/16
cluster: 192.168.0.0/16
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: true
source:
type: local
location: /opt/openstack-helm/charts
subpath: ceph
reference: master
dependencies:
- helm-toolkit
---
schema: armada/Chart/v1
metadata: metadata:
schema: metadata/Document/v1 schema: metadata/Document/v1
name: horizon name: horizon
@ -753,6 +817,7 @@ data:
sequenced: False sequenced: False
chart_group: chart_group:
- keystone - keystone
- ceph-radosgw-keystone
- horizon - horizon
- glance - glance
- neutron - neutron

View File

@ -70,3 +70,10 @@ It is also possible to customise the CNI used in the deployment:
export KUBE_CNI=calico # or "canal" "weave" "flannel" export KUBE_CNI=calico # or "canal" "weave" "flannel"
export CNI_POD_CIDR=192.168.0.0/16 export CNI_POD_CIDR=192.168.0.0/16
If you wish to deploy using Armada then you just need to export the following
variable:
.. code:: bash
export INTEGRATION_TYPE=armada

View File

@ -39,6 +39,7 @@ sudo docker run -d \
sudo docker exec armada armada tiller --status sudo docker exec armada armada tiller --status
sudo docker exec armada armada apply ${ARMADA_MANIFEST} sudo docker exec armada armada apply ${ARMADA_MANIFEST}
sudo docker rm -f armada
kube_wait_for_pods ceph 600 kube_wait_for_pods ceph 600
kube_wait_for_pods openstack 1200 kube_wait_for_pods openstack 1200

View File

@ -29,37 +29,59 @@ if [ "x$PVC_BACKEND" == "xceph" ]; then
SUBNET_RANGE=$(find_subnet_range) SUBNET_RANGE=$(find_subnet_range)
fi fi
export osd_cluster_network=${SUBNET_RANGE}
export osd_public_network=${SUBNET_RANGE}
if [ "x$INTEGRATION" == "xaio" ]; then if [ "x$INTEGRATION" == "xaio" ]; then
helm install --namespace=ceph ${WORK_DIR}/ceph --name=ceph \ helm install --namespace=ceph ${WORK_DIR}/ceph --name=ceph \
--set manifests_enabled.client_secrets=false \ --set endpoints.identity.namespace=openstack \
--set network.public=$osd_public_network \ --set endpoints.object_store.namespace=ceph \
--set network.cluster=$osd_cluster_network \ --set endpoints.ceph_mon.namespace=ceph \
--set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${SUBNET_RANGE} \
--set network.cluster=${SUBNET_RANGE} \
--set deployment.storage_secrets=true \
--set deployment.ceph=true \
--set deployment.rbd_provisioner=true \
--set deployment.client_secrets=false \
--set deployment.rgw_keystone_user_and_endpoints=false \
--set bootstrap.enabled=true \ --set bootstrap.enabled=true \
--values=${WORK_DIR}/tools/overrides/mvp/ceph.yaml --values=${WORK_DIR}/tools/overrides/mvp/ceph.yaml
else else
helm install --namespace=ceph ${WORK_DIR}/ceph --name=ceph \ helm install --namespace=ceph ${WORK_DIR}/ceph --name=ceph \
--set manifests_enabled.client_secrets=false \ --set endpoints.identity.namespace=openstack \
--set network.public=$osd_public_network \ --set endpoints.object_store.namespace=ceph \
--set network.cluster=$osd_cluster_network \ --set endpoints.ceph_mon.namespace=ceph \
--set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${SUBNET_RANGE} \
--set network.cluster=${SUBNET_RANGE} \
--set deployment.storage_secrets=true \
--set deployment.ceph=true \
--set deployment.rbd_provisioner=true \
--set deployment.client_secrets=false \
--set deployment.rgw_keystone_user_and_endpoints=false \
--set bootstrap.enabled=true --set bootstrap.enabled=true
fi fi
kube_wait_for_pods ceph ${SERVICE_LAUNCH_TIMEOUT} kube_wait_for_pods ceph ${SERVICE_LAUNCH_TIMEOUT}
MON_POD=$(kubectl get pods -l application=ceph -l component=mon -n ceph --no-headers | awk '{ print $1; exit }') MON_POD=$(kubectl get pods \
--namespace=ceph \
--selector="application=ceph" \
--selector="component=mon" \
--no-headers | awk '{ print $1; exit }')
kubectl exec -n ceph ${MON_POD} -- ceph -s kubectl exec -n ceph ${MON_POD} -- ceph -s
helm install --namespace=openstack ${WORK_DIR}/ceph --name=ceph-openstack-config \ helm install --namespace=openstack ${WORK_DIR}/ceph --name=ceph-openstack-config \
--set manifests_enabled.storage_secrets=false \ --set endpoints.identity.namespace=openstack \
--set manifests_enabled.deployment=false \ --set endpoints.object_store.namespace=ceph \
--set manifests_enabled.rbd_provisioner=false \ --set endpoints.ceph_mon.namespace=ceph \
--set ceph.namespace=ceph \ --set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=$osd_public_network \ --set network.public=${SUBNET_RANGE} \
--set network.cluster=$osd_cluster_network --set network.cluster=${SUBNET_RANGE} \
--set deployment.storage_secrets=false \
--set deployment.ceph=false \
--set deployment.rbd_provisioner=false \
--set deployment.client_secrets=true \
--set deployment.rgw_keystone_user_and_endpoints=false
kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT} kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT}
fi fi
@ -72,12 +94,33 @@ else
--set=pod.replicas.server=1 --set=pod.replicas.server=1
fi fi
helm install --namespace=openstack ${WORK_DIR}/memcached --name=memcached helm install --namespace=openstack ${WORK_DIR}/memcached --name=memcached
kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT}
helm install --namespace=openstack ${WORK_DIR}/keystone --name=keystone
kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT}
if [ "x$OPENSTACK_OBJECT_STORAGE" == "xradosgw" ]; then
helm install --namespace=openstack ${WORK_DIR}/ceph --name=radosgw-openstack \
--set endpoints.identity.namespace=openstack \
--set endpoints.object_store.namespace=ceph \
--set endpoints.ceph_mon.namespace=ceph \
--set ceph.rgw_keystone_auth=${CEPH_RGW_KEYSTONE_ENABLED} \
--set network.public=${SUBNET_RANGE} \
--set network.cluster=${SUBNET_RANGE} \
--set deployment.storage_secrets=false \
--set deployment.ceph=false \
--set deployment.rbd_provisioner=false \
--set deployment.client_secrets=false \
--set deployment.rgw_keystone_user_and_endpoints=true
kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT}
fi
helm install --namespace=openstack ${WORK_DIR}/etcd --name=etcd-rabbitmq helm install --namespace=openstack ${WORK_DIR}/etcd --name=etcd-rabbitmq
helm install --namespace=openstack ${WORK_DIR}/rabbitmq --name=rabbitmq helm install --namespace=openstack ${WORK_DIR}/rabbitmq --name=rabbitmq
helm install --namespace=openstack ${WORK_DIR}/libvirt --name=libvirt helm install --namespace=openstack ${WORK_DIR}/libvirt --name=libvirt
helm install --namespace=openstack ${WORK_DIR}/openvswitch --name=openvswitch helm install --namespace=openstack ${WORK_DIR}/openvswitch --name=openvswitch
kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT} kube_wait_for_pods openstack ${SERVICE_LAUNCH_TIMEOUT}
helm install --namespace=openstack ${WORK_DIR}/keystone --name=keystone
if [ "x$PVC_BACKEND" == "xceph" ]; then if [ "x$PVC_BACKEND" == "xceph" ]; then
helm install --namespace=openstack ${WORK_DIR}/glance --name=glance helm install --namespace=openstack ${WORK_DIR}/glance --name=glance
else else

View File

@ -31,6 +31,7 @@ if [ "x$PVC_BACKEND" == "xceph" ]; then
kubectl label nodes ceph-mon=enabled --all kubectl label nodes ceph-mon=enabled --all
kubectl label nodes ceph-osd=enabled --all kubectl label nodes ceph-osd=enabled --all
kubectl label nodes ceph-mds=enabled --all kubectl label nodes ceph-mds=enabled --all
kubectl label nodes ceph-rgw=enabled --all
fi fi
helm install --namespace=openstack ${WORK_DIR}/dns-helper --name=dns-helper helm install --namespace=openstack ${WORK_DIR}/dns-helper --name=dns-helper

View File

@ -37,6 +37,10 @@ export KUBE_CNI=${KUBE_CNI:="calico"}
# Set PVC Backend # Set PVC Backend
export PVC_BACKEND=${PVC_BACKEND:-"ceph"} export PVC_BACKEND=${PVC_BACKEND:-"ceph"}
# Set Object Storage options
export CEPH_RGW_KEYSTONE_ENABLED=${CEPH_RGW_KEYSTONE_ENABLED:-"true"}
export OPENSTACK_OBJECT_STORAGE=${OPENSTACK_OBJECT_STORAGE:-"radosgw"}
# Set Upstream DNS # Set Upstream DNS
export UPSTREAM_DNS=${UPSTREAM_DNS:-"8.8.8.8"} export UPSTREAM_DNS=${UPSTREAM_DNS:-"8.8.8.8"}