From f02e0eb78dcee498c6522dd1e21c2b98d66799dd Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:00:13 +0000 Subject: [PATCH 01/39] OpenStack Heat Initial Commit Initial commit of Heat Chart --- Makefile | 8 +- heat/Chart.yaml | 3 + heat/requirements.yaml | 4 + heat/templates/_heat_config_helpers.tpl | 90 ++++++++++ heat/templates/_helpers.tpl | 73 ++++++++ .../config/contents/_heat-api-paste.ini.tpl | 105 +++++++++++ .../config/contents/_heat-cache.conf.tpl | 4 + .../config/contents/_heat-db.conf.tpl | 3 + .../config/contents/_heat-endpoints.conf.tpl | 4 + .../config/contents/_heat-keystone.conf.tpl | 15 ++ .../config/contents/_heat-log.conf.tpl | 4 + .../config/contents/_heat-messaging.conf.tpl | 5 + .../config/contents/_heat-options.conf.tpl | 3 + .../config/contents/_heat-paste.conf.tpl | 2 + .../config/contents/_heat-policy.json.tpl | 96 ++++++++++ .../contents/_heat-stack-domain.conf.tpl | 4 + .../config/contents/_heat-trustee.conf.tpl | 22 +++ .../contents/components/_heat-api.conf.tpl | 4 + .../contents/components/_heat-cfn.conf.tpl | 4 + .../components/_heat-cloudwatch.conf.tpl | 4 + .../contents/components/_heat-engine.conf.tpl | 2 + heat/templates/config/heat-api-paste.ini.yaml | 7 + heat/templates/config/heat-api.conf.yaml | 7 + heat/templates/config/heat-cache.conf.yaml | 7 + heat/templates/config/heat-cfn.conf.yaml | 7 + .../config/heat-cloudwatch.conf.yaml | 7 + heat/templates/config/heat-db.conf.yaml | 8 + .../templates/config/heat-endpoints.conf.yaml | 7 + heat/templates/config/heat-engine.conf.yaml | 7 + .../config/heat-keystone-admin.env.yaml | 20 +++ heat/templates/config/heat-keystone.conf.yaml | 22 +++ heat/templates/config/heat-log.conf.yaml | 7 + .../templates/config/heat-messaging.conf.yaml | 8 + heat/templates/config/heat-options.conf.yaml | 7 + heat/templates/config/heat-paste.conf.yaml | 7 + heat/templates/config/heat-policy.json.yaml | 7 + .../config/heat-stack-domain.conf.yaml | 16 ++ heat/templates/config/heat-trustee.conf.yaml | 22 +++ heat/templates/deployment/api/api.sh.yaml | 7 + heat/templates/deployment/api/api.yaml | 76 ++++++++ heat/templates/deployment/api/bin/_api.sh.tpl | 4 + heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 + heat/templates/deployment/cfn/cfn.sh.yaml | 7 + heat/templates/deployment/cfn/cfn.yaml | 76 ++++++++ .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 + .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 + .../deployment/cloudwatch/cloudwatch.yaml | 76 ++++++++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + heat/templates/jobs/db/init/db-init.sh.yaml | 7 + heat/templates/jobs/db/init/db-init.yaml | 54 ++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 ++ heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 + heat/templates/jobs/db/sync/db-sync.yaml | 69 ++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 +++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 ++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 48 +++++ .../keystone/user/bin/_ks-domain-user.sh.tpl | 55 ++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ++++++ .../jobs/keystone/user/ks-user.sh.yaml | 9 + .../templates/jobs/keystone/user/ks-user.yaml | 167 ++++++++++++++++++ heat/templates/service-api.yaml | 9 + heat/templates/service-cfn.yaml | 9 + heat/templates/service-cloudwatch.yaml | 9 + .../statefulset/engine/bin/_engine.sh.tpl | 4 + .../statefulset/engine/engine.sh.yaml | 7 + heat/templates/statefulset/engine/engine.yaml | 65 +++++++ heat/values.yaml | 155 ++++++++++++++++ 70 files changed, 1853 insertions(+), 3 deletions(-) create mode 100644 heat/Chart.yaml create mode 100644 heat/requirements.yaml create mode 100644 heat/templates/_heat_config_helpers.tpl create mode 100644 heat/templates/_helpers.tpl create mode 100755 heat/templates/config/contents/_heat-api-paste.ini.tpl create mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl create mode 100644 heat/templates/config/contents/_heat-db.conf.tpl create mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl create mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl create mode 100644 heat/templates/config/contents/_heat-log.conf.tpl create mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl create mode 100644 heat/templates/config/contents/_heat-options.conf.tpl create mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl create mode 100644 heat/templates/config/contents/_heat-policy.json.tpl create mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl create mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl create mode 100755 heat/templates/config/heat-api-paste.ini.yaml create mode 100644 heat/templates/config/heat-api.conf.yaml create mode 100644 heat/templates/config/heat-cache.conf.yaml create mode 100644 heat/templates/config/heat-cfn.conf.yaml create mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml create mode 100644 heat/templates/config/heat-db.conf.yaml create mode 100644 heat/templates/config/heat-endpoints.conf.yaml create mode 100644 heat/templates/config/heat-engine.conf.yaml create mode 100644 heat/templates/config/heat-keystone-admin.env.yaml create mode 100644 heat/templates/config/heat-keystone.conf.yaml create mode 100644 heat/templates/config/heat-log.conf.yaml create mode 100644 heat/templates/config/heat-messaging.conf.yaml create mode 100644 heat/templates/config/heat-options.conf.yaml create mode 100644 heat/templates/config/heat-paste.conf.yaml create mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/config/heat-stack-domain.conf.yaml create mode 100644 heat/templates/config/heat-trustee.conf.yaml create mode 100755 heat/templates/deployment/api/api.sh.yaml create mode 100755 heat/templates/deployment/api/api.yaml create mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl create mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl create mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml create mode 100644 heat/templates/deployment/cfn/cfn.yaml create mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.yaml create mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml create mode 100644 heat/templates/jobs/db/init/db-init.yaml create mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 heat/templates/jobs/db/sync/db-sync.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 heat/templates/jobs/keystone/service/ks-service.yaml create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 heat/templates/jobs/keystone/user/ks-user.yaml create mode 100644 heat/templates/service-api.yaml create mode 100644 heat/templates/service-cfn.yaml create mode 100644 heat/templates/service-cloudwatch.yaml create mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl create mode 100644 heat/templates/statefulset/engine/engine.sh.yaml create mode 100644 heat/templates/statefulset/engine/engine.yaml create mode 100644 heat/values.yaml diff --git a/Makefile b/Makefile index 0021fb204f..d7345126e3 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack common: build-common @@ -19,6 +19,8 @@ mariadb: build-mariadb keystone: build-keystone +heat: build-heat + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/heat/Chart.yaml b/heat/Chart.yaml new file mode 100644 index 0000000000..65c0ea4b74 --- /dev/null +++ b/heat/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for heat +name: heat +version: 0.1.0 diff --git a/heat/requirements.yaml b/heat/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/heat/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl new file mode 100644 index 0000000000..eb0878881a --- /dev/null +++ b/heat/templates/_heat_config_helpers.tpl @@ -0,0 +1,90 @@ +{{- define "heat_config_volume_mounts" }} +- name: pod-etc-heat + mountPath: /etc/heat +- name: pod-var-cache-heat + mountPath: /var/cache/heat +- name: heat-json-policy + mountPath: /etc/heat/policy.json + subPath: policy.json + readOnly: true +- name: heat-conf-cache + mountPath: /etc/heat/conf/heat-cache.conf + subPath: heat-cache.conf + readOnly: true +- name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true +- name: heat-conf-endpoints + mountPath: /etc/heat/conf/heat-endpoints.conf + subPath: heat-endpoints.conf + readOnly: true +- name: heat-conf-keystone + mountPath: /etc/heat/conf/heat-keystone.conf + subPath: heat-keystone.conf + readOnly: true +- name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true +- name: heat-conf-messaging + mountPath: /etc/heat/conf/heat-messaging.conf + subPath: heat-messaging.conf + readOnly: true +- name: heat-conf-options + mountPath: /etc/heat/conf/heat-options.conf + subPath: heat-options.conf + readOnly: true +- name: heat-conf-paste + mountPath: /etc/heat/conf/heat-paste.conf + subPath: heat-paste.conf + readOnly: true +- name: heat-conf-stack-domain + mountPath: /etc/heat/conf/heat-stack-domain.conf + subPath: heat-stack-domain.conf + readOnly: true +- name: heat-conf-trustee + mountPath: /etc/heat/conf/heat-trustee.conf + subPath: heat-trustee.conf + readOnly: true +{{- end }} + +{{- define "heat_config_volumes" }} +- name: pod-etc-heat + emptyDir: {} +- name: pod-var-cache-heat + emptyDir: {} +- name: heat-json-policy + configMap: + name: heat-json-policy +- name: heat-conf-cache + configMap: + name: heat-conf-cache +- name: heat-conf-db + secret: + secretName: heat-conf-db +- name: heat-conf-endpoints + configMap: + name: heat-conf-endpoints +- name: heat-conf-keystone + secret: + secretName: heat-conf-keystone +- name: heat-conf-log + configMap: + name: heat-conf-log +- name: heat-conf-messaging + secret: + secretName: heat-conf-messaging +- name: heat-conf-options + configMap: + name: heat-conf-options +- name: heat-conf-paste + configMap: + name: heat-conf-paste +- name: heat-conf-stack-domain + secret: + secretName: heat-conf-stack-domain +- name: heat-conf-trustee + secret: + secretName: heat-conf-trustee +{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl new file mode 100644 index 0000000000..745e619571 --- /dev/null +++ b/heat/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/config/contents/_heat-api-paste.ini.tpl new file mode 100755 index 0000000000..5ea89b5aee --- /dev/null +++ b/heat/templates/config/contents/_heat-api-paste.ini.tpl @@ -0,0 +1,105 @@ + +# heat-api pipeline +[pipeline:heat-api] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app + +# heat-api pipeline for standalone heat +# ie. uses alternative auth backend that authenticates users against keystone +# using username and password instead of validating token (which requires +# an admin/service token). +# To enable, in heat.conf: +# [paste_deploy] +# flavor = standalone +# +[pipeline:heat-api-standalone] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app + +# heat-api pipeline for custom cloud backends +# i.e. in heat.conf: +# [paste_deploy] +# flavor = custombackend +# +[pipeline:heat-api-custombackend] +pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app + +# heat-api-cfn pipeline +[pipeline:heat-api-cfn] +pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app + +# heat-api-cfn pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cfn-standalone] +pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app + +# heat-api-cloudwatch pipeline +[pipeline:heat-api-cloudwatch] +pipeline = cors versionnegotiation osprofiler ec2authtoken authtoken context apicwapp + +# heat-api-cloudwatch pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cloudwatch-standalone] +pipeline = cors versionnegotiation ec2authtoken context apicwapp + +[app:apiv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.openstack.v1:API + +[app:apicfnv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cfn.v1:API + +[app:apicwapp] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cloudwatch:API + +[filter:versionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:version_negotiation_filter + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = heat + +[filter:faultwrap] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:faultwrap_filter + +[filter:cfnversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cfn:version_negotiation_filter + +[filter:cwversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter + +[filter:context] +paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory + +[filter:ec2authtoken] +paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory + +# Middleware to set auth_url header appropriately +[filter:authurl] +paste.filter_factory = heat.common.auth_url:filter_factory + +# Auth middleware that validates token against keystone +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +# Auth middleware that validates username/password against keystone +[filter:authpassword] +paste.filter_factory = heat.common.auth_password:filter_factory + +# Auth middleware that validates against custom backend +[filter:custombackendauth] +paste.filter_factory = heat.common.custom_backend_auth:filter_factory + +# Middleware to set x-openstack-request-id in http response header +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl new file mode 100644 index 0000000000..a6fd1728e8 --- /dev/null +++ b/heat/templates/config/contents/_heat-cache.conf.tpl @@ -0,0 +1,4 @@ +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl new file mode 100644 index 0000000000..0213e750a0 --- /dev/null +++ b/heat/templates/config/contents/_heat-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl new file mode 100644 index 0000000000..f9fc3fd077 --- /dev/null +++ b/heat/templates/config/contents/_heat-endpoints.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl new file mode 100644 index 0000000000..994981572b --- /dev/null +++ b/heat/templates/config/contents/_heat-keystone.conf.tpl @@ -0,0 +1,15 @@ +[keystone_authtoken] +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl new file mode 100644 index 0000000000..a0ec3d1f2f --- /dev/null +++ b/heat/templates/config/contents/_heat-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl new file mode 100644 index 0000000000..819bd099f3 --- /dev/null +++ b/heat/templates/config/contents/_heat-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl new file mode 100644 index 0000000000..1f764f7912 --- /dev/null +++ b/heat/templates/config/contents/_heat-options.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +enable_stack_adopt = "True" +enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl new file mode 100644 index 0000000000..5d6dcd6411 --- /dev/null +++ b/heat/templates/config/contents/_heat-paste.conf.tpl @@ -0,0 +1,2 @@ +[paste_deploy] +config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/config/contents/_heat-policy.json.tpl new file mode 100644 index 0000000000..c9aae5ff79 --- /dev/null +++ b/heat/templates/config/contents/_heat-policy.json.tpl @@ -0,0 +1,96 @@ +{ + "context_is_admin": "role:admin and is_admin_project:True", + "project_admin": "role:admin", + "deny_stack_user": "not role:heat_stack_user", + "deny_everybody": "!", + + "cloudformation:ListStacks": "rule:deny_stack_user", + "cloudformation:CreateStack": "rule:deny_stack_user", + "cloudformation:DescribeStacks": "rule:deny_stack_user", + "cloudformation:DeleteStack": "rule:deny_stack_user", + "cloudformation:UpdateStack": "rule:deny_stack_user", + "cloudformation:CancelUpdateStack": "rule:deny_stack_user", + "cloudformation:DescribeStackEvents": "rule:deny_stack_user", + "cloudformation:ValidateTemplate": "rule:deny_stack_user", + "cloudformation:GetTemplate": "rule:deny_stack_user", + "cloudformation:EstimateTemplateCost": "rule:deny_stack_user", + "cloudformation:DescribeStackResource": "", + "cloudformation:DescribeStackResources": "rule:deny_stack_user", + "cloudformation:ListStackResources": "rule:deny_stack_user", + + "cloudwatch:DeleteAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user", + "cloudwatch:DescribeAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user", + "cloudwatch:DisableAlarmActions": "rule:deny_stack_user", + "cloudwatch:EnableAlarmActions": "rule:deny_stack_user", + "cloudwatch:GetMetricStatistics": "rule:deny_stack_user", + "cloudwatch:ListMetrics": "rule:deny_stack_user", + "cloudwatch:PutMetricAlarm": "rule:deny_stack_user", + "cloudwatch:PutMetricData": "", + "cloudwatch:SetAlarmState": "rule:deny_stack_user", + + "actions:action": "rule:deny_stack_user", + "build_info:build_info": "rule:deny_stack_user", + "events:index": "rule:deny_stack_user", + "events:show": "rule:deny_stack_user", + "resource:index": "rule:deny_stack_user", + "resource:metadata": "", + "resource:signal": "", + "resource:mark_unhealthy": "rule:deny_stack_user", + "resource:show": "rule:deny_stack_user", + "stacks:abandon": "rule:deny_stack_user", + "stacks:create": "rule:deny_stack_user", + "stacks:delete": "rule:deny_stack_user", + "stacks:detail": "rule:deny_stack_user", + "stacks:export": "rule:deny_stack_user", + "stacks:generate_template": "rule:deny_stack_user", + "stacks:global_index": "rule:deny_everybody", + "stacks:index": "rule:deny_stack_user", + "stacks:list_resource_types": "rule:deny_stack_user", + "stacks:list_template_versions": "rule:deny_stack_user", + "stacks:list_template_functions": "rule:deny_stack_user", + "stacks:lookup": "", + "stacks:preview": "rule:deny_stack_user", + "stacks:resource_schema": "rule:deny_stack_user", + "stacks:show": "rule:deny_stack_user", + "stacks:template": "rule:deny_stack_user", + "stacks:environment": "rule:deny_stack_user", + "stacks:files": "rule:deny_stack_user", + "stacks:update": "rule:deny_stack_user", + "stacks:update_patch": "rule:deny_stack_user", + "stacks:preview_update": "rule:deny_stack_user", + "stacks:preview_update_patch": "rule:deny_stack_user", + "stacks:validate_template": "rule:deny_stack_user", + "stacks:snapshot": "rule:deny_stack_user", + "stacks:show_snapshot": "rule:deny_stack_user", + "stacks:delete_snapshot": "rule:deny_stack_user", + "stacks:list_snapshots": "rule:deny_stack_user", + "stacks:restore_snapshot": "rule:deny_stack_user", + "stacks:list_outputs": "rule:deny_stack_user", + "stacks:show_output": "rule:deny_stack_user", + + "software_configs:global_index": "rule:deny_everybody", + "software_configs:index": "rule:deny_stack_user", + "software_configs:create": "rule:deny_stack_user", + "software_configs:show": "rule:deny_stack_user", + "software_configs:delete": "rule:deny_stack_user", + "software_deployments:index": "rule:deny_stack_user", + "software_deployments:create": "rule:deny_stack_user", + "software_deployments:show": "rule:deny_stack_user", + "software_deployments:update": "rule:deny_stack_user", + "software_deployments:delete": "rule:deny_stack_user", + "software_deployments:metadata": "", + + "service:index": "rule:context_is_admin", + + "resource_types:OS::Nova::Flavor": "rule:project_admin", + "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin", + "resource_types:OS::Cinder::VolumeType": "rule:project_admin", + "resource_types:OS::Cinder::Quota": "rule:project_admin", + "resource_types:OS::Manila::ShareType": "rule:project_admin", + "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin", + "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin", + "resource_types:OS::Nova::HostAggregate": "rule:project_admin", + "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin" +} diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl new file mode 100644 index 0000000000..75afba0804 --- /dev/null +++ b/heat/templates/config/contents/_heat-stack-domain.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl new file mode 100644 index 0000000000..41776515af --- /dev/null +++ b/heat/templates/config/contents/_heat-trustee.conf.tpl @@ -0,0 +1,22 @@ +[DEFAULT] +trusts_delegated_roles = "Member" +deferred_auth_method = "trusts" + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] + +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl new file mode 100644 index 0000000000..6828788896 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-api.conf.tpl @@ -0,0 +1,4 @@ +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl new file mode 100644 index 0000000000..d6c42a1796 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cfn.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl new file mode 100644 index 0000000000..b99262222b --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl new file mode 100644 index 0000000000..1a22c602c6 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-engine.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml new file mode 100755 index 0000000000..22031118a2 --- /dev/null +++ b/heat/templates/config/heat-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml new file mode 100644 index 0000000000..cffa497ac0 --- /dev/null +++ b/heat/templates/config/heat-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-api +data: + heat-api.conf: |+ +{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml new file mode 100644 index 0000000000..b7b4eb9ed9 --- /dev/null +++ b/heat/templates/config/heat-cache.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cache +data: + heat-cache.conf: | +{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml new file mode 100644 index 0000000000..3d1c96511a --- /dev/null +++ b/heat/templates/config/heat-cfn.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cfn +data: + heat-cfn.conf: |+ +{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml new file mode 100644 index 0000000000..cf244f76a6 --- /dev/null +++ b/heat/templates/config/heat-cloudwatch.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cloudwatch +data: + heat-cloudwatch.conf: |+ +{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml new file mode 100644 index 0000000000..a8e2cf20d2 --- /dev/null +++ b/heat/templates/config/heat-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-db +type: Opaque +data: + heat-db.conf: | +{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml new file mode 100644 index 0000000000..535e90cfff --- /dev/null +++ b/heat/templates/config/heat-endpoints.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-endpoints +data: + heat-endpoints.conf: | +{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml new file mode 100644 index 0000000000..cb5855786a --- /dev/null +++ b/heat/templates/config/heat-engine.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-engine +data: + heat-engine.conf: |+ +{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/config/heat-keystone-admin.env.yaml new file mode 100644 index 0000000000..275c1d2798 --- /dev/null +++ b/heat/templates/config/heat-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/config/heat-keystone.conf.yaml new file mode 100644 index 0000000000..514a577445 --- /dev/null +++ b/heat/templates/config/heat-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-keystone +type: Opaque +data: + heat-keystone.conf: | +{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml new file mode 100644 index 0000000000..86a5a19be3 --- /dev/null +++ b/heat/templates/config/heat-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-log +data: + heat-log.conf: |+ +{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml new file mode 100644 index 0000000000..2bb408a68b --- /dev/null +++ b/heat/templates/config/heat-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-messaging +type: Opaque +data: + heat-messaging.conf: | +{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml new file mode 100644 index 0000000000..8ac2ebf4ba --- /dev/null +++ b/heat/templates/config/heat-options.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-options +data: + heat-options.conf: | +{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml new file mode 100644 index 0000000000..29f96e71da --- /dev/null +++ b/heat/templates/config/heat-paste.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-paste +data: + heat-paste.conf: | +{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml new file mode 100644 index 0000000000..1b96f2a57c --- /dev/null +++ b/heat/templates/config/heat-policy.json.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-json-policy +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/config/heat-stack-domain.conf.yaml new file mode 100644 index 0000000000..f870bf29ee --- /dev/null +++ b/heat/templates/config/heat-stack-domain.conf.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-stack-domain +type: Opaque +data: + heat-stack-domain.conf: | +{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} + OS_DOMAIN_NAME: | +{{ .Values.keystone.heat_stack_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_stack_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_stack_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/config/heat-trustee.conf.yaml new file mode 100644 index 0000000000..57906ad636 --- /dev/null +++ b/heat/templates/config/heat-trustee.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-trustee +type: Opaque +data: + heat-trustee.conf: | +{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_trustee_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_trustee_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_trustee_password | b64enc | indent 4 }} diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml new file mode 100755 index 0000000000..ff6918201c --- /dev/null +++ b/heat/templates/deployment/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment/api/api.yaml new file mode 100755 index 0000000000..451769051d --- /dev/null +++ b/heat/templates/deployment/api/api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: heat-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-api + mountPath: /etc/heat/conf/heat-api.conf + subPath: heat-api.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-api-sh + configMap: + name: heat-api-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-api + configMap: + name: heat-conf-api +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl new file mode 100755 index 0000000000..d4cc64865b --- /dev/null +++ b/heat/templates/deployment/api/bin/_api.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl new file mode 100644 index 0000000000..30dcfad519 --- /dev/null +++ b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml new file mode 100644 index 0000000000..71efedd864 --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cfn-sh +data: + start.sh: |+ +{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment/cfn/cfn.yaml new file mode 100644 index 0000000000..4063084ea8 --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cfn +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cfn + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cfn + image: {{ .Values.images.cfn }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cfn.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cfn.port }} + volumeMounts: + - name: heat-cfn-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cfn + mountPath: /etc/heat/conf/heat-cfn.conf + subPath: heat-cfn.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cfn-sh + configMap: + name: heat-cfn-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cfn + configMap: + name: heat-conf-cfn +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl new file mode 100644 index 0000000000..4703d33e03 --- /dev/null +++ b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml new file mode 100644 index 0000000000..6127e95bf5 --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cloudwatch-sh +data: + start.sh: |+ +{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.yaml new file mode 100644 index 0000000000..396633e19a --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cloudwatch +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cloudwatch + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cloudwatch + image: {{ .Values.images.cloudwatch }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cloudwatch.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cloudwatch.port }} + volumeMounts: + - name: heat-cloudwatch-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cloudwatch + mountPath: /etc/heat/conf/heat-cloudwatch.conf + subPath: heat-cloudwatch.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cloudwatch-sh + configMap: + name: heat-cloudwatch-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cloudwatch + configMap: + name: heat-conf-cloudwatch +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..2c4cc09ee1 --- /dev/null +++ b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 0000000000..9f8b2262ee --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/jobs/db/init/db-init.yaml new file mode 100644 index 0000000000..a7d15d76c3 --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: heat-db-init-sh diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..4532bdfe0b --- /dev/null +++ b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 0000000000..59aaa8d24c --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 0000000000..b42da03273 --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-heat + mountPath: /etc/heat + - name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true + - name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: heat-db-sync-sh + - name: pod-etc-heat + emptyDir: {} + - name: heat-conf-db + secret: + secretName: heat-conf-db + - name: heat-conf-log + configMap: + name: heat-conf-log diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100755 index 0000000000..3f802d2313 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SVC_ENDPOINT} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100755 index 0000000000..04ed895793 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100755 index 0000000000..84f6617189 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-endpoints-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-cfn-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 0000000000..4777d08c48 --- /dev/null +++ b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 0000000000..4c30bee642 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 0000000000..8a03bf2696 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-service-orchestration +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat" + - name: OS_SERVICE_TYPE + value: "orchestration" + - name: heat-ks-service-cloudformation +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat-cfn" + - name: OS_SERVICE_TYPE + value: "cloudformation" + volumes: + - name: ks-service-sh + configMap: + name: heat-ks-service-sh diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl new file mode 100644 index 0000000000..4b4f940245 --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl @@ -0,0 +1,55 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage domain +SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + "${SERVICE_OS_DOMAIN_NAME}") + +# Display domain +openstack domain show "${SERVICE_OS_DOMAIN_ID}" + +# Manage user +SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}") + +# Display user +openstack user show "${SERVICE_OS_USERID}" + +# Manage role +SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" || openstack role create -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" ) + +# Manage user role assignment +openstack role add \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE_ID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 0000000000..fdc7358b32 --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 0000000000..d9e6730b12 --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 0000000000..f243474e94 --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,167 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_user_role | quote }} + - name: heat-ks-trustee-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_trustee_user_role | quote }} + - name: heat-ks-domain-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-domain-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-domain-user.sh + subPath: ks-domain-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_REGION_NAME + - name: SERVICE_OS_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_stack_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: heat-ks-user-sh diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml new file mode 100644 index 0000000000..482a116bfb --- /dev/null +++ b/heat/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: heat-api diff --git a/heat/templates/service-cfn.yaml b/heat/templates/service-cfn.yaml new file mode 100644 index 0000000000..799e57d133 --- /dev/null +++ b/heat/templates/service-cfn.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cfn.name }} +spec: + ports: + - port: {{ .Values.service.cfn.port }} + selector: + app: heat-cfn diff --git a/heat/templates/service-cloudwatch.yaml b/heat/templates/service-cloudwatch.yaml new file mode 100644 index 0000000000..071f2c928c --- /dev/null +++ b/heat/templates/service-cloudwatch.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cloudwatch.name }} +spec: + ports: + - port: {{ .Values.service.cloudwatch.port }} + selector: + app: heat-cloudwatch diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl new file mode 100644 index 0000000000..dabae086c4 --- /dev/null +++ b/heat/templates/statefulset/engine/bin/_engine.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml new file mode 100644 index 0000000000..534d6ef8df --- /dev/null +++ b/heat/templates/statefulset/engine/engine.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-engine-sh +data: + start.sh: |+ +{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset/engine/engine.yaml new file mode 100644 index 0000000000..5e25152328 --- /dev/null +++ b/heat/templates/statefulset/engine/engine.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: heat-engine +spec: + serviceName: heat-engine + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-engine + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-engine + image: {{ .Values.images.engine }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + volumeMounts: + - name: heat-engine-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-conf-engine + mountPath: /etc/heat/conf/heat-engine.conf + subPath: heat-engine.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-engine-sh + configMap: + name: heat-engine-sh + - name: heat-conf-engine + configMap: + name: heat-conf-engine +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/values.yaml b/heat/values.yaml new file mode 100644 index 0000000000..cba2b59e62 --- /dev/null +++ b/heat/values.yaml @@ -0,0 +1,155 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cfn: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cloudwatch: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + heat_user: "heat" + heat_user_domain: "default" + heat_user_role: "admin" + heat_password: "password" + heat_project_name: "service" + heat_project_domain: "default" + heat_region_name: "RegionOne" + + heat_trustee_user: "heat-trust" + heat_trustee_user_domain: "default" + heat_trustee_user_role: "admin" + heat_trustee_password: "password" + heat_trustee_project_name: "service" + heat_trustee_project_domain: "default" + heat_trustee_region_name: "RegionOne" + + heat_stack_user: "heat-domain" + heat_stack_domain: "heat" + heat_stack_user_role: "admin" + heat_stack_password: "password" + heat_stack_region_name: "RegionOne" + +service: + api: + name: "heat-api" + port: 8004 + proto: "http" + cfn: + name: "heat-cfn" + port: 8000 + proto: "http" + cloudwatch: + name: "heat-cloudwatch" + port: 8003 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + heat_database_name: heat + heat_password: password + heat_user: heat + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + +memcached: + host: memcached + port: 11211 + +resources: + api: + workers: 8 + cfn: + workers: 8 + cloudwatch: + workers: 8 + engine: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - heat-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - heat-ks-service + service: + - keystone-api + api: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cfn: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cloudwatch: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + engine: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb From bcf23c7399ded7dfdd61f7cfdb95facbef892f71 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 12:20:26 -0800 Subject: [PATCH 02/39] Endpoint lookup fixes for consistent keystone catalog endpoints This introduces changes across several charts, for consistent endpoint lookup routines. Today, only the internal endpoints are defined (and copied to admin and public). This can later be expanded to handle unique public and admin endpoints. This ensures the catalog is populated with consistent URLs for all services. --- common/templates/_endpoints.tpl | 87 ++++++++++++++++++- common/templates/_hosts.tpl | 19 ++++ common/values.yaml | 3 + glance/templates/_helpers.tpl | 5 -- .../templates/ceph.client.glance.keyring.yaml | 6 +- glance/templates/ceph.conf.yaml | 5 ++ glance/templates/glance-api.conf.yaml | 3 +- glance/templates/post.sh.yaml | 8 +- glance/templates/post.yaml | 3 + glance/values.yaml | 35 +++++++- horizon/values.yaml | 2 +- keystone/templates/_helpers.tpl | 3 - keystone/templates/bin/_db-sync.sh.tpl | 7 +- keystone/templates/etc/_keystone.conf.tpl | 6 +- keystone/values.yaml | 17 +++- 15 files changed, 183 insertions(+), 26 deletions(-) delete mode 100644 glance/templates/_helpers.tpl delete mode 100644 keystone/templates/_helpers.tpl diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 0170b4eb5c..68914d6dfc 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -1,9 +1,94 @@ #----------------------------------------- # endpoints #----------------------------------------- + +# this should be a generic function leveraging a tuple +# for input, e.g. { endpoint keystone internal . } +# however, constructing this appears to be a +# herculean effort in gotpl + {{- define "endpoint_keystone_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} {{- with .Values.endpoints.keystone -}} - {{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}} {{- end -}} {{- end -}} +{{- define "endpoint_keystone_admin" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_metadata_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_novncproxy_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_registry_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_neutron_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.neutron -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +#------------------------------- +# kolla helpers +#------------------------------- +{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} + diff --git a/common/templates/_hosts.tpl b/common/templates/_hosts.tpl index 6655a88710..941ece39c6 100644 --- a/common/templates/_hosts.tpl +++ b/common/templates/_hosts.tpl @@ -2,6 +2,14 @@ {{- define "region"}}cluster{{- end}} {{- define "tld"}}local{{- end}} +{{- define "fqdn" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- $fqdn -}} +{{- end -}} + #----------------------------------------- # hosts #----------------------------------------- @@ -17,3 +25,14 @@ {{- define "keystone_api_endpoint_host_internal"}}keystone-api.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{- end}} {{- define "keystone_api_endpoint_host_public"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{- end}} {{- define "keystone_api_endpoint_host_admin_ext"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{- end}} + +# glance defaults +{{- define "glance_registry_host"}}glance-registry.{{ include "fqdn" . }}{{- end}} + +# nova defaults +{{- define "nova_metadata_host"}}nova-api.{{ include "fqdn" . }}{{- end}} + +# neutron defaults +{{- define "neutron_db_host"}}{{ include "mariadb_host" . }}{{- end}} +{{- define "neutron_rabbit_host"}}{{- include "rabbitmq_host" .}}{{- end}} + diff --git a/common/values.yaml b/common/values.yaml index da62e63235..20eb7c7c3c 100644 --- a/common/values.yaml +++ b/common/values.yaml @@ -7,3 +7,6 @@ global: region: cluster tld: local +endpoints: + fqdn: null + diff --git a/glance/templates/_helpers.tpl b/glance/templates/_helpers.tpl deleted file mode 100644 index 932d1900b7..0000000000 --- a/glance/templates/_helpers.tpl +++ /dev/null @@ -1,5 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{ define "keystone_auth" }}{'auth_url':'{{ .Values.keystone.auth_url }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/glance/templates/ceph.client.glance.keyring.yaml b/glance/templates/ceph.client.glance.keyring.yaml index 27eeac7ed2..915324809b 100644 --- a/glance/templates/ceph.client.glance.keyring.yaml +++ b/glance/templates/ceph.client.glance.keyring.yaml @@ -5,5 +5,9 @@ metadata: data: ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+ [client.{{ .Values.ceph.glance_user }}] + {{- if .Values.ceph.glance_keyring }} key = {{ .Values.ceph.glance_keyring }} - + {{- else }} + key = {{- include "secrets/ceph-client-key" . -}} + {{- end }} + diff --git a/glance/templates/ceph.conf.yaml b/glance/templates/ceph.conf.yaml index 28982f320e..3c3aed3074 100644 --- a/glance/templates/ceph.conf.yaml +++ b/glance/templates/ceph.conf.yaml @@ -7,12 +7,17 @@ data: [global] rgw_thread_pool_size = 1024 rgw_num_rados_handles = 100 + {{- if .Values.ceph.monitors }} [mon] {{ range .Values.ceph.monitors }} [mon.{{ . }}] host = {{ . }} mon_addr = {{ . }} {{ end }} + {{- else }} + mon_host = ceph-mon.ceph + {{- end }} [client] rbd_cache_enabled = true rbd_cache_writethrough_until_flush = true + diff --git a/glance/templates/glance-api.conf.yaml b/glance/templates/glance-api.conf.yaml index b7e45d36e7..ee61d333ec 100644 --- a/glance/templates/glance-api.conf.yaml +++ b/glance/templates/glance-api.conf.yaml @@ -12,7 +12,7 @@ data: bind_port = {{ .Values.network.port.api }} workers = {{ .Values.misc.workers }} - registry_host = glance-registry + registry_host = {{ include "glance_registry_host" . }} # Enable Copy-on-Write show_image_direct_url = True @@ -45,3 +45,4 @@ data: rbd_store_user = {{ .Values.ceph.glance_user }} rbd_store_ceph_conf = /etc/ceph/ceph.conf rbd_store_chunk_size = 8 + diff --git a/glance/templates/post.sh.yaml b/glance/templates/post.sh.yaml index 2415cc8e91..156b60d605 100644 --- a/glance/templates/post.sh.yaml +++ b/glance/templates/post.sh.yaml @@ -6,12 +6,13 @@ data: post.sh: |+ #!/bin/bash set -ex + export HOME=/tmp ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='http://glance-api:{{ .Values.network.port.api }}' \ + url='{{ include "endpoint_glance_api_internal" . }}' \ interface=admin \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "keystone_auth" . }}'" \ @@ -21,7 +22,7 @@ data: service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='http://glance-api:{{ .Values.network.port.api }}' \ + url='{{ include "endpoint_glance_api_internal" . }}' \ interface=internal \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "keystone_auth" . }}'" \ @@ -31,7 +32,7 @@ data: service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='http://glance-api:{{ .Values.network.port.api }}' \ + url='{{ include "endpoint_glance_api_internal" . }}' \ interface=public \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "keystone_auth" . }}'" \ @@ -44,3 +45,4 @@ data: region_name={{ .Values.keystone.admin_region_name }} \ auth='{{ include "keystone_auth" . }}'" \ -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" + diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml index 111f9bdcd7..4fe1c195bf 100644 --- a/glance/templates/post.yaml +++ b/glance/templates/post.yaml @@ -32,6 +32,8 @@ spec: } ]' spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} restartPolicy: OnFailure containers: - name: glance-post @@ -51,3 +53,4 @@ spec: - name: postsh configMap: name: glance-postsh + diff --git a/glance/values.yaml b/glance/values.yaml index 6e2b4cd35b..a94a1bcc1c 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -33,7 +33,7 @@ network: port: api: 9292 registry: 9191 - ip_address: "{{ .IP }}" + ip_address: "0.0.0.0" database: address: mariadb @@ -47,9 +47,12 @@ database: ceph: enabled: true monitors: [] - glance_user: "glance" + glance_user: "admin" glance_pool: "images" - glance_keyring: "" + # a null value for the keyring will + # attempt to use the key from + # common/secrets/ceph-client-key + glance_keyring: null misc: workers: 8 @@ -97,4 +100,28 @@ dependencies: - mariadb - keystone-api - glance-api - - glance-registry \ No newline at end of file + - glance-registry + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + diff --git a/horizon/values.yaml b/horizon/values.yaml index f1dd9a1aa9..6de7d8e116 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -38,6 +38,6 @@ endpoints: type: identity scheme: 'http' port: - admin: 35356 + admin: 35357 public: 5000 diff --git a/keystone/templates/_helpers.tpl b/keystone/templates/_helpers.tpl deleted file mode 100644 index d2f33bc897..0000000000 --- a/keystone/templates/_helpers.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl index b6679c7318..89c4c5de84 100644 --- a/keystone/templates/bin/_db-sync.sh.tpl +++ b/keystone/templates/bin/_db-sync.sh.tpl @@ -15,7 +15,8 @@ set -ex keystone-manage db_sync kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \ {{ .Values.keystone.admin_project_name }} admin \ - {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_admin" . }}:{{ .Values.network.port.admin }}/{{ .Values.keystone.version }} \ - {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_internal" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \ - {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_public" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \ + {{ include "endpoint_keystone_admin" . }} \ + {{ include "endpoint_keystone_internal" . }} \ + {{ include "endpoint_keystone_internal" . }} \ {{ .Values.keystone.admin_region_name }} + diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl index c62d524516..58603001ba 100644 --- a/keystone/templates/etc/_keystone.conf.tpl +++ b/keystone/templates/etc/_keystone.conf.tpl @@ -9,11 +9,11 @@ connection = mysql+pymysql://{{ .Values.database.keystone_user }}:{{ .Values.dat max_retries = -1 [memcache] -servers = {{ include "memcached_host" . }} +servers = {{ include "memcached_host" . }}:11211 [cache] backend = dogpile.cache.memcached -memcache_servers = {{ include "memcached_host" . }} +memcache_servers = {{ include "memcached_host" . }}:11211 config_prefix = cache.keystone -distributed_lock = True enabled = True + diff --git a/keystone/values.yaml b/keystone/values.yaml index 3b7b8e67b0..80801204e7 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -17,7 +17,7 @@ images: pull_policy: "IfNotPresent" keystone: - version: v2.0 + version: v3 scheme: http admin_region_name: RegionOne admin_user: admin @@ -67,3 +67,18 @@ dependencies: - mariadb-seed service: - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + From b366dc252a9a87b2b6678add751631cd17e59270 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 12:23:25 -0800 Subject: [PATCH 03/39] Refactor ceph to allow monitors to leverage a stateful set. The IPs of ceph monitors cannot (or should not) change. This refactor allows the ceph monitors to act as statefulsets. It also persists their on disk data to nodeDirs, to allow cluster wide restarts (in parallel), where previously this would lose data. This is accompanied by some docker images changes that ensure that auth for the OSDs is restored/reinserted as auth data is somehow not persisted to disk at this time. --- .../{daemonset.yaml => daemonset-osd.yaml} | 8 +- ceph/templates/deployment-mds.yaml | 72 ++++ ceph/templates/deployment-moncheck.yaml | 64 ++++ ceph/templates/deployment-rgw.yaml | 77 +++++ ceph/templates/deployment.yaml | 310 ------------------ ceph/templates/service.yaml | 3 + ceph/templates/statefulset-mon.yaml | 105 ++++++ ceph/templates/storage.yaml | 3 +- ceph/values.yaml | 52 ++- 9 files changed, 378 insertions(+), 316 deletions(-) rename ceph/templates/{daemonset.yaml => daemonset-osd.yaml} (89%) create mode 100644 ceph/templates/deployment-mds.yaml create mode 100644 ceph/templates/deployment-moncheck.yaml create mode 100644 ceph/templates/deployment-rgw.yaml delete mode 100644 ceph/templates/deployment.yaml create mode 100644 ceph/templates/statefulset-mon.yaml diff --git a/ceph/templates/daemonset.yaml b/ceph/templates/daemonset-osd.yaml similarity index 89% rename from ceph/templates/daemonset.yaml rename to ceph/templates/daemonset-osd.yaml index 6c350cbe05..1ad4b24fbf 100644 --- a/ceph/templates/daemonset.yaml +++ b/ceph/templates/daemonset-osd.yaml @@ -78,8 +78,8 @@ spec: timeoutSeconds: 5 resources: requests: - memory: "512Mi" - cpu: "1000m" + memory: {{ .Values.resources.osd.requests.memory | quote }} + cpu: {{ .Values.resources.osd.requests.cpu | quote }} limits: - memory: "1024Mi" - cpu: "2000m" + memory: {{ .Values.resources.osd.limits.memory | quote }} + cpu: {{ .Values.resources.osd.limits.cpu | quote }} diff --git a/ceph/templates/deployment-mds.yaml b/ceph/templates/deployment-mds.yaml new file mode 100644 index 0000000000..9a4f5eadd9 --- /dev/null +++ b/ceph/templates/deployment-mds.yaml @@ -0,0 +1,72 @@ +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + labels: + app: ceph + daemon: mds + name: ceph-mds +spec: + replicas: 1 + template: + metadata: + name: ceph-mds + labels: + app: ceph + daemon: mds + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + serviceAccount: default + volumes: + - name: ceph-conf + secret: + secretName: ceph-conf-combined + - name: ceph-bootstrap-osd-keyring + secret: + secretName: ceph-bootstrap-osd-keyring + - name: ceph-bootstrap-mds-keyring + secret: + secretName: ceph-bootstrap-mds-keyring + - name: ceph-bootstrap-rgw-keyring + secret: + secretName: ceph-bootstrap-rgw-keyring + containers: + - name: ceph-mon + image: {{ .Values.images.daemon }} + ports: + - containerPort: 6800 + env: + - name: CEPH_DAEMON + value: MDS + - name: CEPHFS_CREATE + value: "1" + - name: KV_TYPE + value: k8s + - name: CLUSTER + value: ceph + volumeMounts: + - name: ceph-conf + mountPath: /etc/ceph + - name: ceph-bootstrap-osd-keyring + mountPath: /var/lib/ceph/bootstrap-osd + - name: ceph-bootstrap-mds-keyring + mountPath: /var/lib/ceph/bootstrap-mds + - name: ceph-bootstrap-rgw-keyring + mountPath: /var/lib/ceph/bootstrap-rgw + livenessProbe: + tcpSocket: + port: 6800 + initialDelaySeconds: 60 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 6800 + timeoutSeconds: 5 + resources: + requests: + memory: {{ .Values.resources.mds.requests.memory | quote }} + cpu: {{ .Values.resources.mds.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.mds.limits.memory | quote }} + cpu: {{ .Values.resources.mds.limits.cpu | quote }} diff --git a/ceph/templates/deployment-moncheck.yaml b/ceph/templates/deployment-moncheck.yaml new file mode 100644 index 0000000000..aa829b09c1 --- /dev/null +++ b/ceph/templates/deployment-moncheck.yaml @@ -0,0 +1,64 @@ +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + labels: + app: ceph + daemon: moncheck + name: ceph-mon-check +spec: + replicas: {{ .Values.replicas.mon_check }} + template: + metadata: + name: ceph-mon + labels: + app: ceph + daemon: moncheck + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + serviceAccount: default + volumes: + - name: ceph-conf + secret: + secretName: ceph-conf-combined + - name: ceph-bootstrap-osd-keyring + secret: + secretName: ceph-bootstrap-osd-keyring + - name: ceph-bootstrap-mds-keyring + secret: + secretName: ceph-bootstrap-mds-keyring + - name: ceph-bootstrap-rgw-keyring + secret: + secretName: ceph-bootstrap-rgw-keyring + containers: + - name: ceph-mon + image: {{ .Values.images.daemon }} + imagePullPolicy: Always + ports: + - containerPort: 6789 + env: + - name: CEPH_DAEMON + value: MON_HEALTH + - name: KV_TYPE + value: k8s + - name: MON_IP_AUTO_DETECT + value: "1" + - name: CLUSTER + value: ceph + volumeMounts: + - name: ceph-conf + mountPath: /etc/ceph + - name: ceph-bootstrap-osd-keyring + mountPath: /var/lib/ceph/bootstrap-osd + - name: ceph-bootstrap-mds-keyring + mountPath: /var/lib/ceph/bootstrap-mds + - name: ceph-bootstrap-rgw-keyring + mountPath: /var/lib/ceph/bootstrap-rgw + resources: + requests: + memory: {{ .Values.resources.mon_check.requests.memory | quote }} + cpu: {{ .Values.resources.mon_check.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.mon_check.limits.memory | quote }} + cpu: {{ .Values.resources.mon_check.limits.cpu | quote }} \ No newline at end of file diff --git a/ceph/templates/deployment-rgw.yaml b/ceph/templates/deployment-rgw.yaml new file mode 100644 index 0000000000..a22c2ad367 --- /dev/null +++ b/ceph/templates/deployment-rgw.yaml @@ -0,0 +1,77 @@ +{{- if .Values.rgw.enabled }} +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + labels: + app: ceph + daemon: rgw + name: ceph-rgw +spec: + replicas: {{ .Values.replicas.rgw }} + template: + metadata: + name: ceph-rgw + labels: + app: ceph + daemon: rgw + spec: + hostNetwork: true + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + serviceAccount: default + volumes: + - name: ceph-conf + secret: + secretName: ceph-conf-combined + - name: ceph-bootstrap-osd-keyring + secret: + secretName: ceph-bootstrap-osd-keyring + - name: ceph-bootstrap-mds-keyring + secret: + secretName: ceph-bootstrap-mds-keyring + - name: ceph-bootstrap-rgw-keyring + secret: + secretName: ceph-bootstrap-rgw-keyring + containers: + - name: ceph-rgw + image: {{ .Values.images.daemon }} + ports: + - containerPort: {{ .Values.network.port.rgw_target }} + env: + - name: RGW_CIVETWEB_PORT + value: "{{ .Values.network.port.rgw_target }}" + - name: CEPH_DAEMON + value: RGW + - name: KV_TYPE + value: k8s + - name: CLUSTER + value: ceph + volumeMounts: + - name: ceph-conf + mountPath: /etc/ceph + - name: ceph-bootstrap-osd-keyring + mountPath: /var/lib/ceph/bootstrap-osd + - name: ceph-bootstrap-mds-keyring + mountPath: /var/lib/ceph/bootstrap-mds + - name: ceph-bootstrap-rgw-keyring + mountPath: /var/lib/ceph/bootstrap-rgw + livenessProbe: + httpGet: + path: / + port: {{ .Values.network.port.rgw_target }} + initialDelaySeconds: 120 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: {{ .Values.network.port.rgw_target }} + timeoutSeconds: 5 + resources: + requests: + memory: {{ .Values.resources.rgw.requests.memory | quote }} + cpu: {{ .Values.resources.rgwrequests.cpu | quote }} + limits: + memory: {{ .Values.resources.rgw.limits.memory | quote }} + cpu: {{ .Values.resources.rgw.limits.cpu | quote }} +{{- end }} diff --git a/ceph/templates/deployment.yaml b/ceph/templates/deployment.yaml deleted file mode 100644 index 26012c1167..0000000000 --- a/ceph/templates/deployment.yaml +++ /dev/null @@ -1,310 +0,0 @@ ---- -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - labels: - app: ceph - daemon: mds - name: ceph-mds -spec: - replicas: 1 - template: - metadata: - name: ceph-mds - labels: - app: ceph - daemon: mds - spec: - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - serviceAccount: default - volumes: - - name: ceph-conf - secret: - secretName: ceph-conf-combined - - name: ceph-bootstrap-osd-keyring - secret: - secretName: ceph-bootstrap-osd-keyring - - name: ceph-bootstrap-mds-keyring - secret: - secretName: ceph-bootstrap-mds-keyring - - name: ceph-bootstrap-rgw-keyring - secret: - secretName: ceph-bootstrap-rgw-keyring - containers: - - name: ceph-mon - image: {{ .Values.images.daemon }} - ports: - - containerPort: 6800 - env: - - name: CEPH_DAEMON - value: MDS - - name: CEPHFS_CREATE - value: "1" - - name: KV_TYPE - value: k8s - - name: CLUSTER - value: ceph - volumeMounts: - - name: ceph-conf - mountPath: /etc/ceph - - name: ceph-bootstrap-osd-keyring - mountPath: /var/lib/ceph/bootstrap-osd - - name: ceph-bootstrap-mds-keyring - mountPath: /var/lib/ceph/bootstrap-mds - - name: ceph-bootstrap-rgw-keyring - mountPath: /var/lib/ceph/bootstrap-rgw - livenessProbe: - tcpSocket: - port: 6800 - initialDelaySeconds: 60 - timeoutSeconds: 5 - readinessProbe: - tcpSocket: - port: 6800 - timeoutSeconds: 5 - resources: - requests: - memory: "10Mi" - cpu: "250m" - limits: - memory: "50Mi" - cpu: "500m" ---- -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - labels: - app: ceph - daemon: moncheck - name: ceph-mon-check -spec: - replicas: 1 - template: - metadata: - name: ceph-mon - labels: - app: ceph - daemon: moncheck - spec: - serviceAccount: default - volumes: - - name: ceph-conf - secret: - secretName: ceph-conf-combined - - name: ceph-bootstrap-osd-keyring - secret: - secretName: ceph-bootstrap-osd-keyring - - name: ceph-bootstrap-mds-keyring - secret: - secretName: ceph-bootstrap-mds-keyring - - name: ceph-bootstrap-rgw-keyring - secret: - secretName: ceph-bootstrap-rgw-keyring - containers: - - name: ceph-mon - image: {{ .Values.images.daemon }} - imagePullPolicy: Always - ports: - - containerPort: 6789 - env: - - name: CEPH_DAEMON - value: MON_HEALTH - - name: KV_TYPE - value: k8s - - name: MON_IP_AUTO_DETECT - value: "1" - - name: CLUSTER - value: ceph - volumeMounts: - - name: ceph-conf - mountPath: /etc/ceph - - name: ceph-bootstrap-osd-keyring - mountPath: /var/lib/ceph/bootstrap-osd - - name: ceph-bootstrap-mds-keyring - mountPath: /var/lib/ceph/bootstrap-mds - - name: ceph-bootstrap-rgw-keyring - mountPath: /var/lib/ceph/bootstrap-rgw - resources: - requests: - memory: "5Mi" - cpu: "250m" - limits: - memory: "50Mi" - cpu: "500m" ---- -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - labels: - app: ceph - daemon: mon - name: ceph-mon -spec: - replicas: 3 - template: - metadata: - name: ceph-mon - labels: - app: ceph - daemon: mon - annotations: - # alanmeadows: this soft requirement allows single - # host deployments to spawn several ceph-mon - # containers - scheduler.alpha.kubernetes.io/affinity: > - { - "podAntiAffinity": { - "preferredDuringSchedulingIgnoredDuringExecution": [{ - "labelSelector": { - "matchExpressions": [{ - "key": "daemon", - "operator": "In", - "values":["mon"] - }] - }, - "topologyKey": "kubernetes.io/hostname", - "weight": 10 - }] - } - } - spec: - serviceAccount: default - volumes: - - name: ceph-conf - secret: - secretName: ceph-conf-combined - - name: ceph-bootstrap-osd-keyring - secret: - secretName: ceph-bootstrap-osd-keyring - - name: ceph-bootstrap-mds-keyring - secret: - secretName: ceph-bootstrap-mds-keyring - - name: ceph-bootstrap-rgw-keyring - secret: - secretName: ceph-bootstrap-rgw-keyring - containers: - - name: ceph-mon - image: {{ .Values.images.daemon }} -# imagePullPolicy: Always - lifecycle: - preStop: - exec: - # remove the mon on Pod stop. - command: - - "/remove-mon.sh" - ports: - - containerPort: 6789 - env: - - name: CEPH_DAEMON - value: MON - - name: KV_TYPE - value: k8s - - name: NETWORK_AUTO_DETECT - value: "1" - - name: CLUSTER - value: ceph - volumeMounts: - - name: ceph-conf - mountPath: /etc/ceph - - name: ceph-bootstrap-osd-keyring - mountPath: /var/lib/ceph/bootstrap-osd - - name: ceph-bootstrap-mds-keyring - mountPath: /var/lib/ceph/bootstrap-mds - - name: ceph-bootstrap-rgw-keyring - mountPath: /var/lib/ceph/bootstrap-rgw - livenessProbe: - tcpSocket: - port: 6789 - initialDelaySeconds: 60 - timeoutSeconds: 5 - readinessProbe: - tcpSocket: - port: 6789 - timeoutSeconds: 5 - resources: - requests: - memory: "50Mi" - cpu: "1000m" - limits: - memory: "100Mi" - cpu: "2000m" ---- -# rgw not required: using if statement for deployment -{{- if .Values.rgw.enabled }} -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - labels: - app: ceph - daemon: rgw - name: ceph-rgw -spec: - replicas: 3 - template: - metadata: - name: ceph-rgw - labels: - app: ceph - daemon: rgw - spec: - hostNetwork: true - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - serviceAccount: default - volumes: - - name: ceph-conf - secret: - secretName: ceph-conf-combined - - name: ceph-bootstrap-osd-keyring - secret: - secretName: ceph-bootstrap-osd-keyring - - name: ceph-bootstrap-mds-keyring - secret: - secretName: ceph-bootstrap-mds-keyring - - name: ceph-bootstrap-rgw-keyring - secret: - secretName: ceph-bootstrap-rgw-keyring - containers: - - name: ceph-rgw - image: {{ .Values.images.daemon }} - ports: - - containerPort: {{ .Values.network.port.rgw_target }} - env: - - name: RGW_CIVETWEB_PORT - value: "{{ .Values.network.port.rgw_target }}" - - name: CEPH_DAEMON - value: RGW - - name: KV_TYPE - value: k8s - - name: CLUSTER - value: ceph - volumeMounts: - - name: ceph-conf - mountPath: /etc/ceph - - name: ceph-bootstrap-osd-keyring - mountPath: /var/lib/ceph/bootstrap-osd - - name: ceph-bootstrap-mds-keyring - mountPath: /var/lib/ceph/bootstrap-mds - - name: ceph-bootstrap-rgw-keyring - mountPath: /var/lib/ceph/bootstrap-rgw - livenessProbe: - httpGet: - path: / - port: {{ .Values.network.port.rgw_target }} - initialDelaySeconds: 120 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: {{ .Values.network.port.rgw_target }} - timeoutSeconds: 5 - resources: - requests: - memory: "500Mi" - cpu: ".5" - limits: - memory: "500Mi" - cpu: ".5" -{{ end }} -# end: rgw removed optionally diff --git a/ceph/templates/service.yaml b/ceph/templates/service.yaml index 49a9afb6c1..cdfd4f5590 100644 --- a/ceph/templates/service.yaml +++ b/ceph/templates/service.yaml @@ -15,6 +15,8 @@ spec: app: ceph daemon: mon clusterIP: None + +{{- if .Values.rgw.enabled }} --- apiVersion: v1 kind: Service @@ -32,3 +34,4 @@ spec: app: ceph daemon: rgw type: LoadBalancer +{{- end }} diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml new file mode 100644 index 0000000000..5ef33cd8e2 --- /dev/null +++ b/ceph/templates/statefulset-mon.yaml @@ -0,0 +1,105 @@ +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + labels: + app: ceph + daemon: mon + name: ceph-mon +spec: + serviceName: {{ .Values.service.mon.name | quote }} + replicas: {{ .Values.replicas.mon }} + template: + metadata: + name: ceph-mon + labels: + app: ceph + daemon: mon + annotations: + # alanmeadows: this soft requirement allows single + # host deployments to spawn several ceph-mon + # containers + scheduler.alpha.kubernetes.io/affinity: > + { + "podAntiAffinity": { + "preferredDuringSchedulingIgnoredDuringExecution": [{ + "labelSelector": { + "matchExpressions": [{ + "key": "daemon", + "operator": "In", + "values":["mon"] + }] + }, + "topologyKey": "kubernetes.io/hostname", + "weight": 10 + }] + } + } + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + serviceAccount: default + volumes: + - name: ceph-conf + secret: + secretName: ceph-conf-combined + - name: ceph-bootstrap-osd-keyring + secret: + secretName: ceph-bootstrap-osd-keyring + - name: ceph-bootstrap-mds-keyring + secret: + secretName: ceph-bootstrap-mds-keyring + - name: ceph-bootstrap-rgw-keyring + secret: + secretName: ceph-bootstrap-rgw-keyring + - name: ceph-monfs + hostPath: + path: {{ .Values.storage.mon_directory }} + containers: + - name: ceph-mon + image: {{ .Values.images.daemon }} + imagePullPolicy: Always + lifecycle: + preStop: + exec: + # remove the mon on Pod stop. + command: + - "/remove-mon.sh" + ports: + - containerPort: 6789 + env: + - name: CEPH_DAEMON + value: MON + - name: KV_TYPE + value: k8s + - name: NETWORK_AUTO_DETECT + value: "1" + - name: CLUSTER + value: ceph + volumeMounts: + - name: ceph-conf + mountPath: /etc/ceph + - name: ceph-bootstrap-osd-keyring + mountPath: /var/lib/ceph/bootstrap-osd + - name: ceph-bootstrap-mds-keyring + mountPath: /var/lib/ceph/bootstrap-mds + - name: ceph-bootstrap-rgw-keyring + mountPath: /var/lib/ceph/bootstrap-rgw + - name: ceph-monfs + mountPath: /var/lib/ceph/mon + livenessProbe: + tcpSocket: + port: 6789 + initialDelaySeconds: 60 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 6789 + timeoutSeconds: 5 + resources: + requests: + memory: {{ .Values.resources.mon.requests.memory | quote }} + cpu: {{ .Values.resources.mon.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.mon.limits.memory | quote }} + cpu: {{ .Values.resources.mon.limits.cpu | quote }} diff --git a/ceph/templates/storage.yaml b/ceph/templates/storage.yaml index 9ef1eae2c7..b60221c10a 100644 --- a/ceph/templates/storage.yaml +++ b/ceph/templates/storage.yaml @@ -10,7 +10,8 @@ parameters: monitors: {{ .Values.storageclass.monitors | default "ceph-mon.ceph:6789" }} adminId: {{ .Values.storageclass.admin_id }} adminSecretName: {{ .Values.storageclass.admin_secret_name }} - ## forcing namespace due to issue with -- default "{{ .Release.Namespace }}" }} -- + # forcing namespace due to issue with default pipeline of "{{ .Release.Namespace }}" }} + # during helm lint adminSecretNamespace: {{ .Values.storageclass.admin_secret_namespace | default "ceph" }} pool: {{ .Values.storageclass.pool }} userId: {{ .Values.storageclass.user_id }} diff --git a/ceph/values.yaml b/ceph/values.yaml index 76b4ac4643..33c6da2410 100644 --- a/ceph/values.yaml +++ b/ceph/values.yaml @@ -7,6 +7,15 @@ # tunables available - parameterizing more of the elements # in the manifests is a work in progress +replicas: + mon: 3 + rgw: 3 + mon_check: 1 + +service: + mon: + name: ceph-mon + images: daemon: quay.io/attcomdev/ceph-daemon:latest @@ -23,11 +32,52 @@ network: storage: osd_directory: /var/lib/openstack-helm/ceph/osd var_directory: /var/lib/openstack-helm/ceph/ceph + mon_directory: /var/lib/openstack-helm/ceph/mon # rgw is optionall disabled rgw: enabled: false +rgw: + enabled: false + +resources: + osd: + requests: + memory: "512Mi" + cpu: "1000m" + limits: + memory: "1024Mi" + cpu: "2000m" + mds: + requests: + memory: "10Mi" + cpu: "250m" + limits: + memory: "50Mi" + cpu: "500m" + mon: + requests: + memory: "50Mi" + cpu: "1000m" + limits: + memory: "100Mi" + cpu: "2000m" + mon_check: + requests: + memory: "5Mi" + cpu: "250m" + limits: + memory: "50Mi" + cpu: "500m" + rgw: + requests: + memory: "5Mi" + cpu: "250m" + limits: + memory: "50Mi" + cpu: "500m" + # Setting this to false will assume you will # setup and orchestrate your own secrets and # configmaps outside of this helm chart @@ -63,7 +113,7 @@ secrets: storageclass: provision_storage_class: true name: general - monitors: null + monitors: null pool: rbd admin_id: admin admin_secret_name: pvc-ceph-conf-combined-storageclass From b9a4a0b31de129372f10eb5ee7b7d404266e330e Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 12:28:44 -0800 Subject: [PATCH 04/39] Commit neutron chart This is a functioning neutron chart that leverages a flat network but supports vxlan and gre networks in values.yaml. We were unable to test the vxlan functionality as it tickles the bnx2x cards in our HP blade lab. For now, this leverages daemonsets which make sense. It does require a new label, namely openvswitch=enabled as we need a label that can be applied both to the control plane and tenant compute hosts as both require neutron agents and openvswitch. The interfaces today match our labs, namely enp11s0f0 for the flat network on physnet1 and enp12s0f0 for the external network. These can be overriden in values.yaml via set or a global environmental file. It depends on the keystone endpoint work. This chart was tested against a working nova chart not commited as DTadrzak has one open in PR#45 --- Makefile | 14 +- neutron/Chart.yaml | 3 + neutron/requirements.yaml | 4 + neutron/templates/bin/_init.sh.tpl | 18 ++ .../bin/_neutron-openvswitch-agent.sh.tpl | 16 ++ .../bin/_openvswitch-db-server.sh.tpl | 10 + .../bin/_openvswitch-ensure-configured.sh.tpl | 20 ++ .../bin/_openvswitch-vswitchd.sh.tpl | 14 + neutron/templates/bin/_post.sh.tpl | 41 +++ neutron/templates/configmap-bin.yaml | 17 ++ neutron/templates/configmap-etc.yaml | 19 ++ neutron/templates/daemonset-dhcp-agent.yaml | 83 ++++++ neutron/templates/daemonset-l3-agent.yaml | 77 ++++++ .../templates/daemonset-metadata-agent.yaml | 79 ++++++ neutron/templates/daemonset-openvswitch.yaml | 166 ++++++++++++ neutron/templates/deployment-server.yaml | 53 ++++ neutron/templates/etc/_dhcp-agent.ini.tpl | 5 + neutron/templates/etc/_l3-agent.ini.tpl | 4 + neutron/templates/etc/_metadata-agent.ini.tpl | 31 +++ neutron/templates/etc/_ml2-conf.ini.tpl | 43 ++++ neutron/templates/etc/_neutron.conf.tpl | 71 ++++++ neutron/templates/etc/_resolv.conf.tpl | 5 + neutron/templates/job-db-sync.yaml | 43 ++++ neutron/templates/job-init.yaml | 37 +++ neutron/templates/job-post.yaml | 39 +++ neutron/templates/service.yaml | 9 + neutron/values.yaml | 241 ++++++++++++++++++ 27 files changed, 1153 insertions(+), 9 deletions(-) create mode 100644 neutron/Chart.yaml create mode 100644 neutron/requirements.yaml create mode 100644 neutron/templates/bin/_init.sh.tpl create mode 100644 neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-db-server.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-vswitchd.sh.tpl create mode 100644 neutron/templates/bin/_post.sh.tpl create mode 100644 neutron/templates/configmap-bin.yaml create mode 100644 neutron/templates/configmap-etc.yaml create mode 100644 neutron/templates/daemonset-dhcp-agent.yaml create mode 100644 neutron/templates/daemonset-l3-agent.yaml create mode 100644 neutron/templates/daemonset-metadata-agent.yaml create mode 100644 neutron/templates/daemonset-openvswitch.yaml create mode 100644 neutron/templates/deployment-server.yaml create mode 100644 neutron/templates/etc/_dhcp-agent.ini.tpl create mode 100644 neutron/templates/etc/_l3-agent.ini.tpl create mode 100644 neutron/templates/etc/_metadata-agent.ini.tpl create mode 100644 neutron/templates/etc/_ml2-conf.ini.tpl create mode 100644 neutron/templates/etc/_neutron.conf.tpl create mode 100644 neutron/templates/etc/_resolv.conf.tpl create mode 100644 neutron/templates/job-db-sync.yaml create mode 100644 neutron/templates/job-init.yaml create mode 100644 neutron/templates/job-post.yaml create mode 100644 neutron/templates/service.yaml create mode 100644 neutron/values.yaml diff --git a/Makefile b/Makefile index 0021fb204f..b1ca636d4b 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack common: build-common @@ -25,6 +25,8 @@ rabbitmq: build-rabbitmq glance: build-glance +glance: build-neutron + memcached: build-memcached openstack: build-openstack @@ -41,9 +43,3 @@ build-%: helm lint $* helm package $* -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml new file mode 100644 index 0000000000..f295ecfa07 --- /dev/null +++ b/neutron/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for neutron +name: neutron +version: 0.1.0 diff --git a/neutron/requirements.yaml b/neutron/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/neutron/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/neutron/templates/bin/_init.sh.tpl b/neutron/templates/bin/_init.sh.tpl new file mode 100644 index 0000000000..1498bbc233 --- /dev/null +++ b/neutron/templates/bin/_init.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_user }}' \ +password='{{ .Values.database.neutron_password }}' \ +host='%' \ +priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'" diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl new file mode 100644 index 0000000000..5860e3b973 --- /dev/null +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -0,0 +1,16 @@ +#!/bin/bash +set -x +chown neutron: /run/openvswitch/db.sock + +# determine local-ip dynamically based on interface provided but only if tunnel_types is not null +{{- if .Values.ml2.agent.tunnel_types }} +IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +cat </tmp/ml2-local-ip.ini +[ovs] +local_ip = $IP +EOF +{{- else }} +touch /tmp/ml2-local-ip.ini +{{- end }} + +exec sudo -E -u neutron neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini --config-file /tmp/ml2-local-ip.ini diff --git a/neutron/templates/bin/_openvswitch-db-server.sh.tpl b/neutron/templates/bin/_openvswitch-db-server.sh.tpl new file mode 100644 index 0000000000..48acfafa0b --- /dev/null +++ b/neutron/templates/bin/_openvswitch-db-server.sh.tpl @@ -0,0 +1,10 @@ +#!/bin/bash +set -ex + +mkdir -p "/run/openvswitch" +if [[ ! -e "/run/openvswitch/conf.db" ]]; then + ovsdb-tool create "/run/openvswitch/conf.db" +fi + +umask 000 +exec /usr/sbin/ovsdb-server /run/openvswitch/conf.db -vconsole:emer -vconsole:err -vconsole:info --remote=punix:/run/openvswitch/db.sock diff --git a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl new file mode 100644 index 0000000000..041af73752 --- /dev/null +++ b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash +set -x + +bridge=$1 +port=$2 + +# one time deal +ovs-vsctl --no-wait --if-exists del-port physnet1 enp11s0f0 +ovs-vsctl --no-wait --if-exists del-br physnet1 + +# note that only "br-ex" is definable right now + +ovs-vsctl --no-wait --may-exist add-br $bridge +ovs-vsctl --no-wait --may-exist add-port $bridge $port + +# handle any bridge mappings +{{- range $bridge, $port := .Values.ml2.ovs.auto_bridge_add }} +ovs-vsctl --no-wait --may-exist add-br {{ $bridge }} +ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }} +{{- end}} diff --git a/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl new file mode 100644 index 0000000000..c946e2c84e --- /dev/null +++ b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl @@ -0,0 +1,14 @@ +#!/bin/bash +set -ex + +# load tunnel kernel modules we may use and gre/vxlan +modprobe openvswitch + +{{- if .Values.ml2.agent.tunnel_types }} +modprobe gre +modprobe vxlan +{{- end }} + +ovs-vsctl --no-wait show +bash /tmp/openvswitch-ensure-configured.sh {{ .Values.network.external_bridge }} {{ .Values.network.interface.external | default .Values.network.interface.default }} +exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock --mlockall -vconsole:emer -vconsole:err -vconsole:info diff --git a/neutron/templates/bin/_post.sh.tpl b/neutron/templates/bin/_post.sh.tpl new file mode 100644 index 0000000000..77c818121d --- /dev/null +++ b/neutron/templates/bin/_post.sh.tpl @@ -0,0 +1,41 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.neutron_user }} \ +password={{ .Values.keystone.neutron_password }} \ +role=admin \ +region_name={{ .Values.keystone.neutron_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml new file mode 100644 index 0000000000..c74d116902 --- /dev/null +++ b/neutron/templates/configmap-bin.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-bin +data: + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + neutron-openvswitch-agent.sh: | +{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "template" | indent 4 }} + openvswitch-db-server.sh: | +{{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "template" | indent 4 }} + openvswitch-ensure-configured.sh: | +{{ tuple "bin/_openvswitch-ensure-configured.sh.tpl" . | include "template" | indent 4 }} + openvswitch-vswitchd.sh: | +{{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml new file mode 100644 index 0000000000..7019200e0c --- /dev/null +++ b/neutron/templates/configmap-etc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-etc +data: + dhcp-agent.ini: | +{{ tuple "etc/_dhcp-agent.ini.tpl" . | include "template" | indent 4 }} + l3-agent.ini: | +{{ tuple "etc/_l3-agent.ini.tpl" . | include "template" | indent 4 }} + metadata-agent.ini: | +{{ tuple "etc/_metadata-agent.ini.tpl" . | include "template" | indent 4 }} + ml2-conf.ini: | +{{ tuple "etc/_ml2-conf.ini.tpl" . | include "template" | indent 4 }} + neutron.conf: | +{{ tuple "etc/_neutron.conf.tpl" . | include "template" | indent 4 }} + resolv.conf: | +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + dnsmasq.conf: "" + \ No newline at end of file diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml new file mode 100644 index 0000000000..dfd4a94694 --- /dev/null +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -0,0 +1,83 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-dhcp-agent +spec: + template: + metadata: + labels: + app: neutron-dhcp-agent + spec: + nodeSelector: + {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-dhcp-agent + image: {{ .Values.images.dhcp }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: dhcpagentini + mountPath: /etc/neutron/dhcp-agent.ini + subPath: dhcp-agent.ini + - name: dnsmasqconf + mountPath: /etc/neutron/dnsmasq.conf + subPath: dnsmasq.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/openstack-helm + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: dhcpagentini + configMap: + name: neutron-etc + - name: dnsmasqconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: resolvconf + configMap: + name: neutron-etc + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml new file mode 100644 index 0000000000..7fb63e7635 --- /dev/null +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -0,0 +1,77 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-l3-agent +spec: + template: + metadata: + labels: + app: neutron-l3-agent + spec: + nodeSelector: + {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-l3-agent + image: {{ .Values.images.l3 }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.l3.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.l3.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.l3.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: l3agentini + mountPath: /etc/neutron/l3-agent.ini + subPath: l3-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: l3agentini + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/stackanetes diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml new file mode 100644 index 0000000000..d8e8daaaf0 --- /dev/null +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -0,0 +1,79 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-metadata-agent +spec: + template: + metadata: + labels: + app: neutron-metadata-agent + spec: + nodeSelector: + {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-metadata-agent + image: {{ .Values.images.metadata }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.daemonset }}" + ports: + - containerPort: {{ .Values.network.port.metadata }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: metadataagentini + mountPath: /etc/neutron/metadata-agent.ini + subPath: metadata-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: metadataagentini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-openvswitch.yaml b/neutron/templates/daemonset-openvswitch.yaml new file mode 100644 index 0000000000..576dd386e2 --- /dev/null +++ b/neutron/templates/daemonset-openvswitch.yaml @@ -0,0 +1,166 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-openvswitch +spec: + template: + metadata: + labels: + app: neutron-openvswitch + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-openvswitch-agent + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: + exec: + command: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/neutron-openvswitch-agent.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}" + - name: DEPENDENCY_CONTAINER + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}" + volumeMounts: + - name: neutronopenvswitchagentsh + mountPath: /tmp/neutron-openvswitch-agent.sh + subPath: neutron-openvswitch-agent.sh + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: openvswitch-db-server + image: {{ .Values.images.openvswitch_db_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-db-server.sh" + volumeMounts: + - name: openvswitchdbserversh + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: varlibopenvswitch + mountPath: /var/lib/openvswitch/ + - name: run + mountPath: /run + + - name: openvswitch-vswitchd + image: {{ .Values.images.openvswitch_vswitchd }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can speak to the ovs database + # successfully before its marked as ready + readinessProbe: + exec: + command: + - /usr/bin/ovs-vsctl + - show + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-vswitchd.sh" + - name: DEPENDENCY_CONTAINER + value: "openvswitch-db-server" + volumeMounts: + - name: openvswitchvswitchdsh + mountPath: /tmp/openvswitch-vswitchd.sh + subPath: openvswitch-vswitchd.sh + - name: openvswitchensureconfiguredsh + mountPath: /tmp/openvswitch-ensure-configured.sh + subPath: openvswitch-ensure-configured.sh + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + volumes: + - name: openvswitchdbserversh + configMap: + name: neutron-bin + - name: openvswitchvswitchdsh + configMap: + name: neutron-bin + - name: openvswitchensureconfiguredsh + configMap: + name: neutron-bin + - name: varlibopenvswitch + emptyDir: {} + - name: neutronopenvswitchagentsh + configMap: + name: neutron-bin + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run \ No newline at end of file diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml new file mode 100644 index 0000000000..6dcef74103 --- /dev/null +++ b/neutron/templates/deployment-server.yaml @@ -0,0 +1,53 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: neutron-server +spec: + replicas: {{ .Values.replicas.server }} + template: + metadata: + labels: + app: neutron-server + spec: + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + containers: + - name: neutron-server + image: {{ .Values.images.server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.server.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.server.service }}" + ports: + - containerPort: {{ .Values.network.port.server }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.server }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/etc/_dhcp-agent.ini.tpl b/neutron/templates/etc/_dhcp-agent.ini.tpl new file mode 100644 index 0000000000..f580c1190f --- /dev/null +++ b/neutron/templates/etc/_dhcp-agent.ini.tpl @@ -0,0 +1,5 @@ +[DEFAULT] +dnsmasq_config_file = /etc/neutron/dnsmasq.conf +enable_isolated_metadata = true +force_metadata = true +interface_driver = openvswitch \ No newline at end of file diff --git a/neutron/templates/etc/_l3-agent.ini.tpl b/neutron/templates/etc/_l3-agent.ini.tpl new file mode 100644 index 0000000000..38b17395c9 --- /dev/null +++ b/neutron/templates/etc/_l3-agent.ini.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +agent_mode = legacy +enable_metadata_proxy = True +enable_isolated_metadata = True \ No newline at end of file diff --git a/neutron/templates/etc/_metadata-agent.ini.tpl b/neutron/templates/etc/_metadata-agent.ini.tpl new file mode 100644 index 0000000000..c0239e974d --- /dev/null +++ b/neutron/templates/etc/_metadata-agent.ini.tpl @@ -0,0 +1,31 @@ +[DEFAULT] +debug = {{ .Values.metadata_agent.default.debug }} + +# Neutron credentials for API access +auth_plugin = password +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_region = {{ .Values.keystone.neutron_region_name }} +admin_tenant_name = service +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.admin_user }} +password = {{ .Values.keystone.admin_password }} +endpoint_type = adminURL + +# Nova metadata service IP and port +nova_metadata_ip = {{ include "nova_metadata_host" . }} +nova_metadata_port = {{ .Values.network.port.metadata }} +nova_metadata_protocol = http + +# Metadata proxy shared secret +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} + +metadata_port = {{ .Values.network.port.metadata }} + +# Workers and backlog requests +metadata_workers = {{ .Values.metadata.workers }} + +# Caching +cache_url = memory://?default_ttl=5 \ No newline at end of file diff --git a/neutron/templates/etc/_ml2-conf.ini.tpl b/neutron/templates/etc/_ml2-conf.ini.tpl new file mode 100644 index 0000000000..8a903a1715 --- /dev/null +++ b/neutron/templates/etc/_ml2-conf.ini.tpl @@ -0,0 +1,43 @@ +[ml2] +# Changing type_drivers after bootstrap can lead to database inconsistencies +type_drivers = {{ include "joinListWithColon" .Values.ml2.type_drivers }} +tenant_network_types = {{ .Values.ml2.tenant_network_types }} +mechanism_drivers = {{ include "joinListWithColon" .Values.ml2.mechanism_drivers }} + +[ml2_type_flat] +flat_networks = {{ include "joinListWithColon" .Values.ml2.ml2_type_flat.flat_networks }} + +[ml2_type_gre] +# (ListOpt) Comma-separated list of : tuples enumerating ranges +# of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = {{ .Values.ml2.ml2_type_gre.tunnel_id_ranges }} + +[ml2_type_vxlan] +vni_ranges = {{ .Values.ml2.ml2_type_vxlan.vni_ranges }} +vxlan_group = {{ .Values.ml2.ml2_type_vxlan.vxlan_group }} + +[ml2_type_vlan] +# (ListOpt) List of [::] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +network_vlan_ranges = {{ .Values.ml2.ml2_type_vlan.network_vlan_ranges }} + +[securitygroup] +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +{{- if .Values.ml2.agent.tunnel_types }} +[agent] +tunnel_types = {{ .Values.ml2.agent.tunnel_types }} +l2_population = false +arp_responder = false +{{- end }} + +[ovs] +bridge_mappings = {{ include "joinListWithColon" .Values.ml2.ovs.bridge_mappings }} +tenant_network_type = {{ .Values.ml2.agent.tunnel_types }} + +[vxlan] +l2_population = true +ovsdb_interface = {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl new file mode 100644 index 0000000000..859dd817d8 --- /dev/null +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -0,0 +1,71 @@ +[DEFAULT] +debug = {{ .Values.neutron.default.debug }} +use_syslog = False +use_stderr = True + +bind_host = {{ .Values.network.ip_address }} +bind_port = {{ .Values.network.port.server }} + +#lock_path = /var/lock/neutron +api_paste_config = /usr/share/neutron/api-paste.ini + +api_workers = {{ .Values.neutron.workers }} + +allow_overlapping_ips = True +core_plugin = ml2 +service_plugins = router + +interface_driver = openvswitch + +metadata_proxy_socket = /var/lib/neutron/openstack-helm/metadata_proxy + +allow_automatic_l3agent_failover = True +l3_ha = true +min_l3_agents_per_router = 1 +max_l3_agents_per_router = 2 +l3_ha_network_type = {{ .Values.neutron.default.l3_ha_network_type }} + +dhcp_agents_per_network = 3 + +network_auto_schedule = True +router_auto_schedule = True + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[nova] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +endpoint_type = internal +region_name = {{ .Values.keystone.nova_region_name }} +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[oslo_concurrency] +lock_path = /var/lib/neutron/tmp + +[ovs] +ovsdb_connection = unix:/var/run/openvswitch/db.sock + +[agent] +root_helper = sudo /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf +l2_population = true +arp_responder = true + +[database] +connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "neutron_db_host" . }}/{{ .Values.database.neutron_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[oslo_messaging_notifications] +driver = noop \ No newline at end of file diff --git a/neutron/templates/etc/_resolv.conf.tpl b/neutron/templates/etc/_resolv.conf.tpl new file mode 100644 index 0000000000..68dc696756 --- /dev/null +++ b/neutron/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 \ No newline at end of file diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml new file mode 100644 index 0000000000..1514fe87a0 --- /dev/null +++ b/neutron/templates/job-db-sync.yaml @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-db-sync +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini upgrade head" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml new file mode 100644 index 0000000000..c21cd69324 --- /dev/null +++ b/neutron/templates/job-init.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-init +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-init + image: {{ .Values.images.init }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/init.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + volumeMounts: + - name: initsh + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: initsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml new file mode 100644 index 0000000000..936d299fe3 --- /dev/null +++ b/neutron/templates/job-post.yaml @@ -0,0 +1,39 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-post +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-post + image: {{ .Values.images.post }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/post.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: postsh + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: postsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/service.yaml b/neutron/templates/service.yaml new file mode 100644 index 0000000000..24aa4cef30 --- /dev/null +++ b/neutron/templates/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: neutron-server +spec: + ports: + - port: {{ .Values.network.port.server }} + selector: + app: neutron-server \ No newline at end of file diff --git a/neutron/values.yaml b/neutron/values.yaml new file mode 100644 index 0000000000..3c6268f45b --- /dev/null +++ b/neutron/values.yaml @@ -0,0 +1,241 @@ +# Default values for memcached. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: + server: 1 + +images: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona + server: quay.io/stackanetes/stackanetes-neutron-server:barcelona + dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona + metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona + l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona + neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona + openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest + openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +labels: + # ovs is a special case, requiring a special + # label that can apply to both control hosts + # and compute hosts, until we get more sophisticated + # with our daemonset scheduling + ovs: + node_selector_key: openvswitch + node_selector_value: enabled + agent: + dhcp: + node_selector_key: openstack-control-plane + node_selector_value: enabled + l3: + node_selector_key: openstack-control-plane + node_selector_value: enabled + metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +network: + dns: + kubernetes_domain: cluster.local + # this must list the skydns server first, and in calico + # this is consistently 10.96.0.10 + servers: + - 10.96.0.10 + - 8.8.8.8 + external_bridge: br-ex + ip_address: 0.0.0.0 + interface: + external: enp12s0f0 + default: enp11s0f0 + port: + server: 9696 + metadata: 8775 + +memcached: + address: "memcached:11211" + +rabbitmq: + address: rabbitmq + admin_user: rabbitmq + admin_password: password + port: 5672 + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +database: + port: 3306 + root_user: root + root_password: password + neutron_database_name: neutron + neutron_password: password + neutron_user: neutron + +metadata_agent: + default: + debug: 'True' + +neutron: + workers: 4 + default: + l3_ha_network_type: gre + debug: 'True' +metadata: + workers: 4 + +ml2: + tenant_network_types: "flat" + agent: + tunnel_types: null + type_drivers: + - flat + mechanism_drivers: + - openvswitch + - l2population + ml2_type_vxlan: + vni_ranges: "1:1000" + vxlan_group: 239.1.1.1 + ml2_type_gre: + tunnel_id_ranges: "1:1000" + ml2_type_flat: + flat_networks: + - "*" + ml2_type_vlan: + network_vlan_ranges: "physnet1:1100:1110" + ovs: + auto_bridge_add: + br-physnet1: enp11s0f0 + bridge_mappings: + - "physnet1:br-physnet1" + +dependencies: + server: + jobs: + - neutron-db-sync + - mariadb-seed + service: + - rabbitmq + - mariadb + - keystone-api + - memcached + dhcp: + service: + - neutron-server + - rabbitmq + - nova-api + jobs: + - neutron-init + - nova-post + daemonset: + - neutron-openvswitch + metadata: + jobs: + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + openvswitchagent: + jobs: + - neutron-post + - nova-post + service: + - keystone-api + - rabbitmq + - neutron-server + container: + - openvswitch-db-server + - openvswitch-vswitchd + l3: + jobs: + - nova-init + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + db_sync: + jobs: + - neutron-init + - mariadb-seed + service: + - mariadb + init: + jobs: + - mariadb-seed + service: + - mariadb + post: + jobs: + - neutron-db-sync + service: + - keystone-api + - neutron-server + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696 From 4d1b5320f7864462657fe93df498b3e3c4db6bca Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 12:42:51 -0800 Subject: [PATCH 05/39] Fix typo in Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b1ca636d4b..de505d3ce3 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ rabbitmq: build-rabbitmq glance: build-glance -glance: build-neutron +neutron: build-neutron memcached: build-memcached From f9cb3fc8461cf6506ac03e85e07b19774267933d Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 15:53:06 -0800 Subject: [PATCH 06/39] Bugfix a few typos from last three PRs This resolves a few issues that crept in with the last three pull requests. --- Makefile | 6 ++++-- ceph/templates/service.yaml | 1 - .../templates/bin/_openvswitch-ensure-configured.sh.tpl | 7 ++----- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index de505d3ce3..e41c249ce6 100644 --- a/Makefile +++ b/Makefile @@ -3,10 +3,10 @@ B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron nova openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova openstack common: build-common @@ -27,6 +27,8 @@ glance: build-glance neutron: build-neutron +nova: build-nova + memcached: build-memcached openstack: build-openstack diff --git a/ceph/templates/service.yaml b/ceph/templates/service.yaml index cdfd4f5590..1a5f85b88e 100644 --- a/ceph/templates/service.yaml +++ b/ceph/templates/service.yaml @@ -33,5 +33,4 @@ spec: selector: app: ceph daemon: rgw - type: LoadBalancer {{- end }} diff --git a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl index 041af73752..5571408dc2 100644 --- a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl +++ b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl @@ -4,12 +4,9 @@ set -x bridge=$1 port=$2 -# one time deal -ovs-vsctl --no-wait --if-exists del-port physnet1 enp11s0f0 -ovs-vsctl --no-wait --if-exists del-br physnet1 - # note that only "br-ex" is definable right now - +# and br-int and br-tun are assumed and handled +# by the agent ovs-vsctl --no-wait --may-exist add-br $bridge ovs-vsctl --no-wait --may-exist add-port $bridge $port From c93eea00ae9fb6d674b3e9606d72668debae6492 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Tue, 3 Jan 2017 18:41:00 -0600 Subject: [PATCH 07/39] minikube.md proofreading Made a few grammatical tweaks to minikube.md. --- docs/developer/minikube.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 6e1216659f..5d8c93c472 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -1,9 +1,9 @@ # Development of Openstack-Helm -Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcomed to contribute to this project. Below are some instructions and suggestions to help you get started. +Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcome to contribute to this project. Below are some instructions and suggestions to help you get started. # Requirements -We've tried to minimize the amount of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm. +We've tried to minimize the number of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm. **Kubernetes Minikube:** Ensure that you have installed a recent version of [Kubernetes/Minikube](http://kubernetes.io/docs/getting-started-guides/minikube/). @@ -75,7 +75,7 @@ kube-system tiller-deploy-3299276078-n98ct 1/1 Running 0 With Helm installed, you will need to start a local [Helm server](https://github.com/kubernetes/helm/blob/7a15ad381eae794a36494084972e350306e498fd/docs/helm/helm_serve.md#helm-serve) (in the background), and point to a locally configured Helm [repository](https://github.com/kubernetes/helm/blob/7a15ad381eae794a36494084972e350306e498fd/docs/helm/helm_repo_index.md#helm-repo-index): ``` -$ helm serve . & +$ helm serve & $ helm repo add local http://localhost:8879/charts "local" has been added to your repositories ``` @@ -107,13 +107,13 @@ Perfect! You’re ready to install, develop, deploy, destroy, and repeat (when n # Installation and Testing -After following the instructions above you're environment is in a state where you can enhance the current charts, or develop new charts for the project. If you need to make changes to a chart, simply re-run `make` against the project in the top-tier directory. The charts will be updated and automatically re-pushed to your local repository. +After following the instructions above your environment is in a state where you can enhance the current charts, or develop new charts for the project. If you need to make changes to a chart, simply re-run `make` against the project in the top-tier directory. The charts will be updated and automatically re-pushed to your local repository. Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: @@ -167,7 +167,7 @@ $ helm install --name=neutron local/neutron --namespace=openstack # Horizon Management -After each of the chart is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. +After each of the charts is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. ``` $ sudo kubectl edit svc horizon -n openstack @@ -201,7 +201,7 @@ status: ``` **Accessing Horizon:**
-*Now you're ready to manage Openstack! Point your browser to the following:*
+*Now you're ready to manage OpenStack! Point your browser to the following:*
***URL:*** *http://192.168.99.100:31537/*
***User:*** *admin*
***Pass:*** *password*
@@ -210,7 +210,7 @@ If you have any questions, comments, or find any bugs, please submit an issue so # Troubleshooting -In order to protect your general sanity, we've included a currated list of verification and troubleshooting steps that may help you avoid some potential issues while developing Openstack-Helm. +In order to protect your general sanity, we've included a curated list of verification and troubleshooting steps that may help you avoid some potential issues while developing Openstack-Helm. **MariaDB**
To verify the state of MariaDB, use the following command: From c089434209f78b9dfd81090b6a995aefd494115b Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 16:53:06 -0800 Subject: [PATCH 08/39] Remove nova entry from Makefile that inadvertantly crept in --- Makefile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index e41c249ce6..de505d3ce3 100644 --- a/Makefile +++ b/Makefile @@ -3,10 +3,10 @@ B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron nova openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack common: build-common @@ -27,8 +27,6 @@ glance: build-glance neutron: build-neutron -nova: build-nova - memcached: build-memcached openstack: build-openstack From 4eecdbaf87bb9a483ea9a711d0955fa3997d8046 Mon Sep 17 00:00:00 2001 From: Larry Rensing Date: Tue, 3 Jan 2017 03:58:35 +0000 Subject: [PATCH 09/39] adding support for postgres volume mount --- Makefile | 8 +- maas/requirements.yaml | 4 + maas/templates/_helpers.tpl | 3 + maas/templates/bin/_start.sh.tpl | 14 ++ maas/templates/configmap-bin.yaml | 7 + maas/templates/configmap-etc.yaml | 7 + maas/templates/configmap-var.yaml | 10 ++ maas/templates/deploy-region.yaml | 89 ++++++++++- maas/templates/etc/_region-dns-config.tpl | 4 + maas/templates/service.yaml | 3 +- .../var/_maas-region-controller.postinst.tpl | 149 ++++++++++++++++++ maas/templates/var/_secret.tpl | 1 + maas/values.yaml | 6 +- 13 files changed, 297 insertions(+), 8 deletions(-) create mode 100644 maas/requirements.yaml create mode 100644 maas/templates/_helpers.tpl create mode 100644 maas/templates/bin/_start.sh.tpl create mode 100644 maas/templates/configmap-bin.yaml create mode 100644 maas/templates/configmap-etc.yaml create mode 100644 maas/templates/configmap-var.yaml create mode 100644 maas/templates/etc/_region-dns-config.tpl create mode 100644 maas/templates/var/_maas-region-controller.postinst.tpl create mode 100644 maas/templates/var/_secret.tpl diff --git a/Makefile b/Makefile index de505d3ce3..5c7e2a1e61 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron maas openstack common: build-common @@ -27,6 +27,8 @@ glance: build-glance neutron: build-neutron +maas: build-maas + memcached: build-memcached openstack: build-openstack diff --git a/maas/requirements.yaml b/maas/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/maas/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/maas/templates/_helpers.tpl b/maas/templates/_helpers.tpl new file mode 100644 index 0000000000..d2f33bc897 --- /dev/null +++ b/maas/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} diff --git a/maas/templates/bin/_start.sh.tpl b/maas/templates/bin/_start.sh.tpl new file mode 100644 index 0000000000..372bd5c0d6 --- /dev/null +++ b/maas/templates/bin/_start.sh.tpl @@ -0,0 +1,14 @@ +#!/bin/bash +set -ex + +if ! find "/etc/postgresql" -mindepth 1 -print -quit | grep -q .; then + pg_createcluster 9.5 main +fi + +cp -r /etc/postgresql/9.5/main/*.conf /var/lib/postgresql/9.5/main/ +pg_ctlcluster 9.5 main start + +echo 'running postinst' + +chmod 755 /var/lib/dpkg/info/maas-region-controller.postinst +/bin/sh /var/lib/dpkg/info/maas-region-controller.postinst configure diff --git a/maas/templates/configmap-bin.yaml b/maas/templates/configmap-bin.yaml new file mode 100644 index 0000000000..53b2d94dbc --- /dev/null +++ b/maas/templates/configmap-bin.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: maas-region-bin +data: + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} diff --git a/maas/templates/configmap-etc.yaml b/maas/templates/configmap-etc.yaml new file mode 100644 index 0000000000..2597a28cac --- /dev/null +++ b/maas/templates/configmap-etc.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: maas-region-etc +data: + named.conf.options: |+ +{{ tuple "etc/_region-dns-config.tpl" . | include "template" | indent 4 }} diff --git a/maas/templates/configmap-var.yaml b/maas/templates/configmap-var.yaml new file mode 100644 index 0000000000..422c0ed503 --- /dev/null +++ b/maas/templates/configmap-var.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: maas-region-var +data: + maas-region-controller.postinst: | +{{ tuple "var/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }} + secret: | +{{ tuple "var/_secret.tpl" . | include "template" | indent 4 }} + diff --git a/maas/templates/deploy-region.yaml b/maas/templates/deploy-region.yaml index ed0e3f7613..f044a09c5d 100644 --- a/maas/templates/deploy-region.yaml +++ b/maas/templates/deploy-region.yaml @@ -1,12 +1,55 @@ -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: maas-region spec: + serviceName: "{{ .Values.service_name }}" template: metadata: labels: app: maas-region + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.images.maas_region }}", + "imagePullPolicy": "Always", + "command": [ + "/bin/bash", "-c" + ], + "args": [ + "chmod +x /tmp/start.sh; /tmp/start.sh" + ], + "volumeMounts": [ + { + "name": "maas-config", + "mountPath": "/etc/maas/" + }, + { + "name": "postgresql-config", + "mountPath": "/etc/postgresql" + }, + { + "name": "postgresql-data", + "mountPath": "/var/lib/postgresql" + }, + { + "name": "postgresql-run", + "mountPath": "/var/run/postgresql" + }, + { + "name": "startsh", + "mountPath": "/tmp/start.sh", + "subPath": "start.sh" + }, + { + "name": "maasregionpostinst", + "mountPath": "/var/lib/dpkg/info/maas-region-controller.postinst", + "subPath": "maas-region-controller.postinst" + } + ] + } + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} @@ -18,3 +61,45 @@ spec: - containerPort: {{ .Values.network.port.region_container }} securityContext: privileged: true + volumeMounts: + - name: postgresql-data + mountPath: /var/lib/postgresql + - name: postgresql-run + mountPath: /var/run/postgresql + - name: maas-lib + mountPath: /var/lib/maas + - name: maas-region-secret + mountPath: /var/lib/maas/secret + subPath: secret + - name: postgresql-config + mountPath: /etc/postgresql + - name: maas-dns-config + mountPath: /etc/bind/named.conf.options + subPath: named.conf.options + - name: maas-config + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + volumes: + - name: postgresql-data + hostPath: + path: /var/lib/postgresql + - name: postgresql-run + emptyDir: {} + - name: postgresql-config + emptyDir: {} + - name: maas-lib + emptyDir: {} + - name: maas-region-secret + configMap: + name: maas-region-var + - name: maas-config + emptyDir: {} + - name: maas-dns-config + configMap: + name: maas-region-etc + - name: startsh + configMap: + name: maas-region-bin + - name: maasregionpostinst + configMap: + name: maas-region-var diff --git a/maas/templates/etc/_region-dns-config.tpl b/maas/templates/etc/_region-dns-config.tpl new file mode 100644 index 0000000000..bfcdce4a7c --- /dev/null +++ b/maas/templates/etc/_region-dns-config.tpl @@ -0,0 +1,4 @@ +options { directory "/var/cache/bind"; +auth-nxdomain no; +listen-on-v6 { any; }; +include "/etc/bind/maas/named.conf.options.inside.maas"; }; diff --git a/maas/templates/service.yaml b/maas/templates/service.yaml index 2be9c7adda..fce28c7ac8 100644 --- a/maas/templates/service.yaml +++ b/maas/templates/service.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: maas-region-ui + name: {{ .Values.service_name }} labels: app: maas-region-ui spec: + type: NodePort ports: - port: {{ .Values.network.port.service_gui }} targetPort: {{ .Values.network.port.service_gui_target }} diff --git a/maas/templates/var/_maas-region-controller.postinst.tpl b/maas/templates/var/_maas-region-controller.postinst.tpl new file mode 100644 index 0000000000..6c6ac31f12 --- /dev/null +++ b/maas/templates/var/_maas-region-controller.postinst.tpl @@ -0,0 +1,149 @@ +#!/bin/sh + +set -ex + +. /usr/share/debconf/confmodule +db_version 2.0 + +if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postinst.pgsql +fi + +RELEASE=`lsb_release -rs` || RELEASE="" + +maas_sync_migrate_db(){ + maas-region dbupgrade +} + +restart_postgresql(){ + invoke-rc.d --force postgresql restart || true +} + +configure_maas_default_url() { + local ipaddr="$1" + # The given address is either "[IPv6_IP]" or "IPv4_IP" or "name", such as + # [2001:db8::3:1]:5555 or 127.0.0.1 or maas.example.com. + # The ugly sed splits the given thing as: + # (string of anything but ":", or [ipv6_ip]), + # optionally followed by :port. + local address=$(echo "$ipaddr" | + sed -rn 's/^([^:]*|\[[0-9a-fA-F:]*\])(|:[0-9]*)?$/\1/p') + local port=$(echo "$ipaddr" | + sed -rn 's/^([^:]*|\[[0-9a-fA-F:]*\])(|:[0-9]*)?$/\2/p') + test -n "$port" || port=":80" + ipaddr="${ipaddr}${port}" + maas-region local_config_set --maas-url "http://${ipaddr}/MAAS" +} + +get_default_route_ip6() { + while read Src SrcPref Dest DestPref Gateway Metric RefCnt Use Flags Iface + do + [ "$SrcPref" = 00 ] && [ "$Iface" != lo ] && break + done < /proc/net/ipv6_route + if [ -n "$Iface" ]; then + LC_ALL=C /sbin/ip -6 addr list dev "$Iface" scope global permanent | + sed -n '/ inet6 /s/.*inet6 \([0-9a-fA-F:]*\).*/[\1]/p' | head -1 + fi +} + +get_default_route_ip4() { + while read Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT + do + [ "$Mask" = "00000000" ] && break + done < /proc/net/route + if [ -n "$Iface" ]; then + ipaddr=$(LC_ALL=C /sbin/ip -4 addr list dev "$Iface" scope global) + ipaddr=${ipaddr#* inet } + ipaddr=${ipaddr%%/*} + echo $ipaddr + fi +} + +extract_default_maas_url() { + # Extract DEFAULT_MAAS_URL IP/host setting from config file $1. + grep "^DEFAULT_MAAS_URL" "$1" | cut -d"/" -f3 +} + +configure_migrate_maas_dns() { + # This only runs on upgrade. We only run this if the + # there are forwarders to migrate or no + # named.conf.options.inside.maas are present. + maas-region edit_named_options \ + --migrate-conflicting-options --config-path \ + /etc/bind/named.conf.options + invoke-rc.d bind9 restart || true +} + +if [ "$1" = "configure" ] && [ -z "$2" ]; then + ######################################################### + ########## Configure DEFAULT_MAAS_URL ################# + ######################################################### + + # Obtain IP address of default route and change DEFAULT_MAAS_URL + # if default-maas-url has not been preseeded. Prefer ipv4 addresses if + # present, and use "localhost" only if there is no default route in either + # address family. + db_get maas/default-maas-url + ipaddr="$RET" + if [ -z "$ipaddr" ]; then + #ipaddr=$(get_default_route_ip4) + ipaddr="maas-region-ui.{{ .Release.Namespace }}" + fi + if [ -z "$ipaddr" ]; then + #ipaddr=$(get_default_route_ip6) + ipaddr="maas-region-ui.{{ .Release.Namespace }}" + fi + # Fallback default is "localhost" + if [ -z "$ipaddr" ]; then + ipaddr=localhost + fi + # Set the IP address of the interface with default route + configure_maas_default_url "$ipaddr" + db_subst maas/installation-note MAAS_URL "$ipaddr" + db_set maas/default-maas-url "$ipaddr" + + ######################################################### + ################ Configure Database ################### + ######################################################### + + # Need to for postgresql start so it doesn't fail on the installer + restart_postgresql + + # Create the database + dbc_go maas-region-controller $@ + maas-region local_config_set \ + --database-host "localhost" --database-name "$dbc_dbname" \ + --database-user "$dbc_dbuser" --database-pass "$dbc_dbpass" + + # Only syncdb if we have selected to install it with dbconfig-common. + db_get maas-region-controller/dbconfig-install + if [ "$RET" = "true" ]; then + maas_sync_migrate_db + configure_migrate_maas_dns + fi + + db_get maas/username + username="$RET" + if [ -n "$username" ]; then + db_get maas/password + password="$RET" + if [ -n "$password" ]; then + maas-region createadmin --username "$username" --password "$password" --email "$username@maas" + fi + fi + + # Display installation note + db_input low maas/installation-note || true + db_go + +fi + +systemctl enable maas-regiond >/dev/null || true +systemctl restart maas-regiond >/dev/null || true +invoke-rc.d apache2 restart || true + +if [ -f /lib/systemd/system/maas-rackd.service ]; then + systemctl restart maas-rackd >/dev/null || true +fi + +db_stop diff --git a/maas/templates/var/_secret.tpl b/maas/templates/var/_secret.tpl new file mode 100644 index 0000000000..48aad03a88 --- /dev/null +++ b/maas/templates/var/_secret.tpl @@ -0,0 +1 @@ +3858f62230ac3c915f300c664312c63f diff --git a/maas/values.yaml b/maas/values.yaml index f643a2592d..0f46f04f67 100644 --- a/maas/values.yaml +++ b/maas/values.yaml @@ -3,8 +3,8 @@ # Declare variables to be passed into your templates. images: - maas_region: quay.io/attcomdev/maas-region:1.0.1 - maas_rack: quay.io/attcomdev/maas-rack:1.0.1 + maas_region: quay.io/attcomdev/maas-region:2.1.2-1 + maas_rack: quay.io/attcomdev/maas-rack:2.1.2 labels: node_selector_key: openstack-control-plane @@ -17,3 +17,5 @@ network: service_gui_target: 80 service_proxy: 8000 service_proxy_target: 8000 + +service_name: maas-region-ui From 8afa729ffba9378b76e63dfc282f16ecf1d9baa9 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Wed, 4 Jan 2017 13:19:04 -0800 Subject: [PATCH 10/39] OpenStack Nova Helm Chart Initial Commit This is an initial commit of a functional nova chart. It has been tested with the neutron chart using a flat network configuration. --- Makefile | 8 +- nova/Chart.yaml | 3 + nova/requirements.yaml | 4 + nova/templates/bin/_db-sync.sh.tpl | 6 + nova/templates/bin/_init.sh.tpl | 36 ++++ nova/templates/bin/_libvirt.sh.tpl | 35 ++++ nova/templates/bin/_post.sh.tpl | 57 ++++++ nova/templates/bin/_start.sh.tpl | 12 ++ nova/templates/configmap-bin.yaml | 15 ++ nova/templates/configmap-etc.yaml | 13 ++ nova/templates/daemonset-compute.yaml | 138 +++++++++++++ nova/templates/daemonset-libvirt.yaml | 132 +++++++++++++ nova/templates/deployment-api.yaml | 70 +++++++ nova/templates/deployment-conductor.yaml | 61 ++++++ nova/templates/deployment-consoleauth.yaml | 61 ++++++ nova/templates/deployment-scheduler.yaml | 61 ++++++ nova/templates/etc/_ceph.conf.tpl | 18 ++ nova/templates/etc/_libvirtd.conf.tpl | 6 + nova/templates/etc/_nova.conf.tpl | 108 +++++++++++ nova/templates/etc/_resolv.conf.tpl | 5 + nova/templates/job-db-sync.yaml | 56 ++++++ nova/templates/job-init.yaml | 50 +++++ nova/templates/job-post.yaml | 59 ++++++ nova/templates/service-api.yaml | 12 ++ nova/values.yaml | 213 +++++++++++++++++++++ 25 files changed, 1236 insertions(+), 3 deletions(-) create mode 100644 nova/Chart.yaml create mode 100644 nova/requirements.yaml create mode 100644 nova/templates/bin/_db-sync.sh.tpl create mode 100644 nova/templates/bin/_init.sh.tpl create mode 100644 nova/templates/bin/_libvirt.sh.tpl create mode 100644 nova/templates/bin/_post.sh.tpl create mode 100644 nova/templates/bin/_start.sh.tpl create mode 100644 nova/templates/configmap-bin.yaml create mode 100644 nova/templates/configmap-etc.yaml create mode 100644 nova/templates/daemonset-compute.yaml create mode 100644 nova/templates/daemonset-libvirt.yaml create mode 100644 nova/templates/deployment-api.yaml create mode 100644 nova/templates/deployment-conductor.yaml create mode 100644 nova/templates/deployment-consoleauth.yaml create mode 100644 nova/templates/deployment-scheduler.yaml create mode 100644 nova/templates/etc/_ceph.conf.tpl create mode 100644 nova/templates/etc/_libvirtd.conf.tpl create mode 100644 nova/templates/etc/_nova.conf.tpl create mode 100644 nova/templates/etc/_resolv.conf.tpl create mode 100644 nova/templates/job-db-sync.yaml create mode 100644 nova/templates/job-init.yaml create mode 100644 nova/templates/job-post.yaml create mode 100644 nova/templates/service-api.yaml create mode 100644 nova/values.yaml diff --git a/Makefile b/Makefile index 5c7e2a1e61..4ae089a7fd 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron nova maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron maas openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron nova maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova maas openstack common: build-common @@ -27,6 +27,8 @@ glance: build-glance neutron: build-neutron +nova: build-nova + maas: build-maas memcached: build-memcached diff --git a/nova/Chart.yaml b/nova/Chart.yaml new file mode 100644 index 0000000000..85f08c3269 --- /dev/null +++ b/nova/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for nova +name: nova +version: 0.1.0 diff --git a/nova/requirements.yaml b/nova/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/nova/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nova/templates/bin/_db-sync.sh.tpl b/nova/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..b447fad189 --- /dev/null +++ b/nova/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex + +nova-manage db sync +nova-manage api_db sync +nova-manage db online_data_migrations diff --git a/nova/templates/bin/_init.sh.tpl b/nova/templates/bin/_init.sh.tpl new file mode 100644 index 0000000000..b175ca7d5a --- /dev/null +++ b/nova/templates/bin/_init.sh.tpl @@ -0,0 +1,36 @@ +#!/bin/bash + +echo "Hello World" + +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_database_name }}.*:ALL' append_privs='yes'" + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_api_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_api_database_name }}.*:ALL' append_privs='yes'" diff --git a/nova/templates/bin/_libvirt.sh.tpl b/nova/templates/bin/_libvirt.sh.tpl new file mode 100644 index 0000000000..33fc015e0e --- /dev/null +++ b/nova/templates/bin/_libvirt.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex + +if [[ -f /var/run/libvirtd.pid ]]; then + test -d /proc/$(< /var/run/libvirtd.pid) && \ + ( echo "Libvirtd daemon is running" && exit 10 ) +fi + +rm -f /var/run/libvirtd.pid + +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:kvm /dev/kvm +fi + + +sleep 30 + +{{- if .Values.ceph.enabled }} +cat > /tmp/secret.xml < + {{ .Values.ceph.secret_uuid }} + + client.{{ .Values.ceph.cinder_user }} secret + + +EOF + +virsh secret-define --file /tmp/secret.xml +virsh secret-set-value --secret {{ .Values.ceph.secret_uuid }} --base64 {{ .Values.ceph.cinder_keyring }} +rm /tmp/secret.xml +{{- end }} + + +exec libvirtd -v --listen diff --git a/nova/templates/bin/_post.sh.tpl b/nova/templates/bin/_post.sh.tpl new file mode 100644 index 0000000000..6792568029 --- /dev/null +++ b/nova/templates/bin/_post.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.nova_user }} \ +password={{ .Values.keystone.nova_password }} \ +role=admin \ +region_name={{ .Values.keystone.nova_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +cat </tmp/openrc +export OS_USERNAME={{.Values.keystone.admin_user}} +export OS_PASSWORD={{.Values.keystone.admin_password}} +export OS_PROJECT_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_USER_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_PROJECT_NAME={{.Values.keystone.admin_project_name}} +export OS_AUTH_URL={{include "endpoint_keystone_internal" .}} +export OS_AUTH_STRATEGY=keystone +export OS_REGION_NAME={{.Values.keystone.admin_region_name}} +export OS_INSECURE=1 +EOF + +. /tmp/openrc +env +openstack --debug role create _member_ --or-show diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl new file mode 100644 index 0000000000..7c802358bc --- /dev/null +++ b/nova/templates/bin/_start.sh.tpl @@ -0,0 +1,12 @@ +#!/bin/bash +set -ex + +# link our keystone wsgi to apaches running config +ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf + +# Loading Apache2 ENV variables +source /etc/apache2/envvars +rm -rf /var/run/apache2/* +APACHE_DIR="apache2" + +apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml new file mode 100644 index 0000000000..6c7d10cebd --- /dev/null +++ b/nova/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-bin +data: + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} + libvirt.sh: | +{{ tuple "bin/_libvirt.sh.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml new file mode 100644 index 0000000000..f96fbcefea --- /dev/null +++ b/nova/templates/configmap-etc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-etc +data: + nova.conf: |+ +{{ tuple "etc/_nova.conf.tpl" . | include "template" | indent 4 }} + ceph.client.cinder.keyring.yaml: |+ +{{ tuple "etc/_ceph.client.cinder.keyring.yaml.tpl" . | include "template" | indent 4 }} + resolv.conf: |+ +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + libvirtd.conf: |+ +{{ tuple "etc/_libvirtd.conf.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml new file mode 100644 index 0000000000..53f4c6ce8b --- /dev/null +++ b/nova/templates/daemonset-compute.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-compute +spec: + template: + metadata: + labels: + app: nova-compute + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" + }, + { + "name": "DEPENDENCY_DAEMONSET", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + hostPID: true + dnsPolicy: ClusterFirst + containers: + - name: nova-compute + image: {{ .Values.image.compute }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - nova-compute + - --config-file + - /etc/nova/nova.conf + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml new file mode 100644 index 0000000000..31d442e14b --- /dev/null +++ b/nova/templates/daemonset-libvirt.yaml @@ -0,0 +1,132 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-libvirt +spec: + template: + metadata: + labels: + app: nova-libvirt + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + dnsPolicy: ClusterFirst + containers: + - name: nova-libvirt + image: {{ .Values.image.libvirt }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - bash + - /tmp/libvirt.sh + volumeMounts: + - name: libvirtdconf + mountPath: /etc/libvirt/libvirtd.conf + subPath: libvirtd.conf + - name: libvirtsh + mountPath: /tmp/libvirt.sh + subPath: libvirt.sh + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: libvirtdconf + configMap: + name: nova-etc + items: + - key: libvirtd.conf + path: libvirtd.conf + - name: libvirtsh + configMap: + name: nova-bin + items: + - key: libvirt.sh + path: libvirt.sh + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api.yaml new file mode 100644 index 0000000000..4ce90155aa --- /dev/null +++ b/nova/templates/deployment-api.yaml @@ -0,0 +1,70 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-api +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-api + image: {{ .Values.image.api }} + # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 + securityContext: + privileged: true + command: + - nova-api + - --config-file + - /etc/nova/nova.conf + ports: + - containerPort: {{ .Values.network.port.api }} + - containerPort: {{ .Values.network.port.metadata }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.api }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml new file mode 100644 index 0000000000..5ff5239381 --- /dev/null +++ b/nova/templates/deployment-conductor.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-conductor +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-conductor + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-conductor + image: {{ .Values.image.conductor }} + command: + - nova-conductor + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml new file mode 100644 index 0000000000..52596ae6e1 --- /dev/null +++ b/nova/templates/deployment-consoleauth.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-consoleauth +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-consoleauth + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-consoleauth + image: {{ .Values.image.consoleauth }} + command: + - nova-consoleauth + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml new file mode 100644 index 0000000000..6188cd7bf5 --- /dev/null +++ b/nova/templates/deployment-scheduler.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-scheduler +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-scheduler + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-scheduler + image: {{ .Values.image.scheduler }} + command: + - nova-scheduler + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/etc/_ceph.conf.tpl b/nova/templates/etc/_ceph.conf.tpl new file mode 100644 index 0000000000..d41b65bd62 --- /dev/null +++ b/nova/templates/etc/_ceph.conf.tpl @@ -0,0 +1,18 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.enabled }} +[mon] +{{- if .Values.ceph.monitors }} +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/nova/templates/etc/_libvirtd.conf.tpl b/nova/templates/etc/_libvirtd.conf.tpl new file mode 100644 index 0000000000..d7d0c36e89 --- /dev/null +++ b/nova/templates/etc/_libvirtd.conf.tpl @@ -0,0 +1,6 @@ +listen_tcp = 1 +auth_tcp = "none" +ca_file = "" +log_level = 2 +log_outputs = "2:stderr" +listen_addr = "{{ .Values.network.ip_address }}" \ No newline at end of file diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl new file mode 100644 index 0000000000..e3a46eef20 --- /dev/null +++ b/nova/templates/etc/_nova.conf.tpl @@ -0,0 +1,108 @@ +[DEFAULT] +debug = {{ .Values.nova.default.debug }} +default_ephemeral_format = ext4 +host_subset_size = 30 +ram_allocation_ratio=1.0 +disk_allocation_ratio=1.0 +cpu_allocation_ratio=3.0 +force_config_drive = {{ .Values.nova.default.force_config_drive }} +state_path = /var/lib/nova + +osapi_compute_listen = {{ .Values.network.ip_address }} +osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} + +workers = {{ .Values.nova.default.osapi_workers }} +metadata_workers = {{ .Values.nova.default.metadata_workers }} + +use_neutron = True +firewall_driver = nova.virt.firewall.NoopFirewallDriver +linuxnet_interface_driver = openvswitch + +allow_resize_to_same_host = True + +compute_driver = libvirt.LibvirtDriver + +# Though my_ip is not used directly, lots of other variables use $my_ip +my_ip = {{ .Values.network.ip_address }} + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[vnc] +novncproxy_host = {{ .Values.network.ip_address }} +novncproxy_port = {{ .Values.network.port.novncproxy }} +vncserver_listen = 0.0.0.0 +vncserver_proxyclient_address = {{ .Values.network.ip_address }} + +novncproxy_base_url = http://{{ .Values.network.external_ips }}:{{ .Values.network.port.novncproxy }}/vnc_auto.html + +[oslo_concurrency] +lock_path = /var/lib/nova/tmp + +[conductor] +workers = {{ .Values.nova.default.conductor_workers }} + +[glance] +api_servers = {{ include "endpoint_glance_api_internal" . }} +num_retries = 3 + +[cinder] +catalog_info = volume:cinder:internalURL + +[neutron] +url = {{ include "endpoint_neutron_api_internal" . }} + +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} +service_metadata_proxy = True + +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_name = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_database_name }} +max_retries = -1 + +[api_database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_api_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[libvirt] +connection_uri = "qemu+tcp://127.0.0.1/system" +images_type = qcow2 +# Enabling live-migration without hostname resolution +# live_migration_inbound_addr = {{ .Values.network.ip_address }} + +{{- if .Values.ceph.enabled }} +images_rbd_pool = {{ .Values.ceph.nova_pool }} +images_rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_user = {{ .Values.ceph.cinder_user }} +rbd_secret_uuid = {{ .Values.ceph.secret_uuid }} +{{- end }} +disk_cachemodes="network=writeback" +hw_disk_discard = unmap + +[upgrade_levels] +compute = auto + +[cache] +enabled = True +backend = oslo_cache.memcache_pool +memcache_servers = {{ .Values.memcached.address }} + +[wsgi] +api_paste_config = /etc/nova/api-paste.ini diff --git a/nova/templates/etc/_resolv.conf.tpl b/nova/templates/etc/_resolv.conf.tpl new file mode 100644 index 0000000000..7c1e9d839a --- /dev/null +++ b/nova/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml new file mode 100644 index 0000000000..0e5c2102a0 --- /dev/null +++ b/nova/templates/job-db-sync.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-db-sync + image: {{ .Values.image.db_sync }} + imagePullPolicy: Always + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml new file mode 100644 index 0000000000..16a2201ad8 --- /dev/null +++ b/nova/templates/job-init.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-init + image: {{ .Values.image.init }} + imagePullPolicy: Always + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml new file mode 100644 index 0000000000..48b0f3e52d --- /dev/null +++ b/nova/templates/job-post.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-post +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-post + image: {{ .Values.image.post }} + imagePullPolicy: Always + command: + - bash + - /tmp/post.sh + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/service-api.yaml b/nova/templates/service-api.yaml new file mode 100644 index 0000000000..6aa4144d2a --- /dev/null +++ b/nova/templates/service-api.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nova-api +spec: + ports: + - name: nova-api + port: {{ .Values.network.port.api }} + - name: nova-metadata + port: {{ .Values.network.port.metadata }} + selector: + app: nova-api diff --git a/nova/values.yaml b/nova/values.yaml new file mode 100644 index 0000000000..2530bc1c06 --- /dev/null +++ b/nova/values.yaml @@ -0,0 +1,213 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + control_node_selector_key: openstack-control-plane + control_node_selector_value: enabled + compute_node_selector_key: openstack-compute-node + compute_node_selector_value: enabled + +control_replicas: 1 +compute_replicas: 1 + +image: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona + api: quay.io/stackanetes/stackanetes-nova-api:barcelona + conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona + compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +network: + ip_address: "0.0.0.0" + # TODO(DTadrzak): move external IPs to common, this variable should be shared with + # horizon service + external_ips: "" + minion_interface_name: "eno1" + dns: + servers: + - "10.96.0.10" + - "8.8.8.8" + kubernetes_domain: "cluster.local" + other_domains: "" + + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + +nova: + default: + debug: false + osapi_workers: 8 + metadata_workers: 8 + conductor_workers: 8 + force_config_drive: True + drain_timeout: 60 + +database: + address: "mariadb" + port: 3306 + root_user: "root" + root_password: "password" + + nova_user: "nova" + nova_password: "password" + nova_database_name: "nova" + nova_api_database_name: "nova_api" + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +rabbitmq: + address: "rabbitmq" + admin_user: "rabbitmq" + admin_password: "password" + port: 5672 + +ceph: + enabled: false + monitors: [] + cinder_user: "cinder" + cinder_keyring: null + nova_pool: "vms" + secret_uuid: "" + +neutron: + metadata_secret: "password" + +memcached: + address: "memcached:11211" + +dependencies: + api: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + post: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + - nova-api + init: + jobs: + - mariadb-seed + service: + - mariadb + compute: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + daemonset: + - nova-libvirt + libvirt: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + consoleauth: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + scheduler: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + conductor: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 From 76086e2f2f72caf1ae51bc935df4abc1882d6661 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 5 Jan 2017 13:27:39 -0800 Subject: [PATCH 11/39] Resolve feedback from PR#60 This commit addresses: * Separating out stacked ovs daemonset into separate daemonsets. * Fixes line ending issues. * Enhances agents ovs pre-flight checks by using neutron-sanity-check. --- .../bin/_neutron-openvswitch-agent.sh.tpl | 10 ++ neutron/templates/daemonset-dhcp-agent.yaml | 2 +- neutron/templates/daemonset-openvswitch.yaml | 166 ------------------ neutron/templates/daemonset-ovs-agent.yaml | 86 +++++++++ neutron/templates/daemonset-ovs-db.yaml | 61 +++++++ neutron/templates/daemonset-ovs-vswitchd.yaml | 67 +++++++ neutron/templates/deployment-server.yaml | 2 +- neutron/templates/etc/_l3-agent.ini.tpl | 2 +- neutron/templates/etc/_metadata-agent.ini.tpl | 2 +- neutron/templates/etc/_neutron.conf.tpl | 2 +- neutron/templates/etc/_resolv.conf.tpl | 2 +- neutron/values.yaml | 21 +-- 12 files changed, 239 insertions(+), 184 deletions(-) delete mode 100644 neutron/templates/daemonset-openvswitch.yaml create mode 100644 neutron/templates/daemonset-ovs-agent.yaml create mode 100644 neutron/templates/daemonset-ovs-db.yaml create mode 100644 neutron/templates/daemonset-ovs-vswitchd.yaml diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl index 5860e3b973..48e061a39c 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -2,6 +2,16 @@ set -x chown neutron: /run/openvswitch/db.sock +# ensure we can talk to openvswitch or bail early +# this is until we can setup a proper dependency +# on deaemonsets - note that a show is not sufficient +# here, we need to communicate with both the db and vswitchd +# which means we need to do a create action +# +# see https://github.com/att-comdev/openstack-helm/issues/88 +timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --ovsdb_native --nokeepalived_ipv6_support + + # determine local-ip dynamically based on interface provided but only if tunnel_types is not null {{- if .Values.ml2.agent.tunnel_types }} IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index dfd4a94694..d34c6d9906 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -80,4 +80,4 @@ spec: name: neutron-etc - name: socket hostPath: - path: /var/lib/neutron/openstack-helm \ No newline at end of file + path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-openvswitch.yaml b/neutron/templates/daemonset-openvswitch.yaml deleted file mode 100644 index 576dd386e2..0000000000 --- a/neutron/templates/daemonset-openvswitch.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: neutron-openvswitch -spec: - template: - metadata: - labels: - app: neutron-openvswitch - spec: - nodeSelector: - {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} - securityContext: - runAsUser: 0 - dnsPolicy: ClusterFirst - hostNetwork: true - containers: - - name: neutron-openvswitch-agent - image: {{ .Values.images.neutron_openvswitch_agent }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - # ensures this container can can see a br-int - # bridge before its marked as ready - readinessProbe: - exec: - command: - - bash - - -c - - 'ovs-vsctl list-br | grep -q br-int' - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/neutron-openvswitch-agent.sh" - - name: DEPENDENCY_JOBS - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}" - - name: DEPENDENCY_SERVICE - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}" - - name: DEPENDENCY_CONTAINER - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}" - volumeMounts: - - name: neutronopenvswitchagentsh - mountPath: /tmp/neutron-openvswitch-agent.sh - subPath: neutron-openvswitch-agent.sh - - name: neutronconf - mountPath: /etc/neutron/neutron.conf - subPath: neutron.conf - - name: ml2confini - mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini - subPath: ml2-conf.ini - - name: libmodules - mountPath: /lib/modules - readOnly: true - - name: run - mountPath: /run - - mountPath: /etc/resolv.conf - name: resolvconf - subPath: resolv.conf - - name: openvswitch-db-server - image: {{ .Values.images.openvswitch_db_server }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/openvswitch-db-server.sh" - volumeMounts: - - name: openvswitchdbserversh - mountPath: /tmp/openvswitch-db-server.sh - subPath: openvswitch-db-server.sh - - mountPath: /etc/resolv.conf - name: resolvconf - subPath: resolv.conf - - name: varlibopenvswitch - mountPath: /var/lib/openvswitch/ - - name: run - mountPath: /run - - - name: openvswitch-vswitchd - image: {{ .Values.images.openvswitch_vswitchd }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - # ensures this container can speak to the ovs database - # successfully before its marked as ready - readinessProbe: - exec: - command: - - /usr/bin/ovs-vsctl - - show - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/openvswitch-vswitchd.sh" - - name: DEPENDENCY_CONTAINER - value: "openvswitch-db-server" - volumeMounts: - - name: openvswitchvswitchdsh - mountPath: /tmp/openvswitch-vswitchd.sh - subPath: openvswitch-vswitchd.sh - - name: openvswitchensureconfiguredsh - mountPath: /tmp/openvswitch-ensure-configured.sh - subPath: openvswitch-ensure-configured.sh - - name: libmodules - mountPath: /lib/modules - readOnly: true - - name: run - mountPath: /run - volumes: - - name: openvswitchdbserversh - configMap: - name: neutron-bin - - name: openvswitchvswitchdsh - configMap: - name: neutron-bin - - name: openvswitchensureconfiguredsh - configMap: - name: neutron-bin - - name: varlibopenvswitch - emptyDir: {} - - name: neutronopenvswitchagentsh - configMap: - name: neutron-bin - - name: neutronconf - configMap: - name: neutron-etc - - name: ml2confini - configMap: - name: neutron-etc - - name: resolvconf - configMap: - name: neutron-etc - - name: libmodules - hostPath: - path: /lib/modules - - name: run - hostPath: - path: /run \ No newline at end of file diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml new file mode 100644 index 0000000000..9cea0896b7 --- /dev/null +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -0,0 +1,86 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-agent +spec: + template: + metadata: + labels: + app: ovs-agent + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-agent + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: + exec: + command: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/neutron-openvswitch-agent.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.service }}" + volumeMounts: + - name: neutronopenvswitchagentsh + mountPath: /tmp/neutron-openvswitch-agent.sh + subPath: neutron-openvswitch-agent.sh + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + volumes: + - name: varlibopenvswitch + emptyDir: {} + - name: neutronopenvswitchagentsh + configMap: + name: neutron-bin + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml new file mode 100644 index 0000000000..c22ab52c7d --- /dev/null +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-db +spec: + template: + metadata: + labels: + app: ovs-db + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-db + image: {{ .Values.images.openvswitch_db_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-db-server.sh" + volumeMounts: + - name: openvswitchdbserversh + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: varlibopenvswitch + mountPath: /var/lib/openvswitch/ + - name: run + mountPath: /run + volumes: + - name: openvswitchdbserversh + configMap: + name: neutron-bin + - name: varlibopenvswitch + emptyDir: {} + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run \ No newline at end of file diff --git a/neutron/templates/daemonset-ovs-vswitchd.yaml b/neutron/templates/daemonset-ovs-vswitchd.yaml new file mode 100644 index 0000000000..9db15ac4cf --- /dev/null +++ b/neutron/templates/daemonset-ovs-vswitchd.yaml @@ -0,0 +1,67 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-vswitchd +spec: + template: + metadata: + labels: + app: ovs-vswitchd + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-vswitchd + image: {{ .Values.images.openvswitch_vswitchd }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can speak to the ovs database + # successfully before its marked as ready + readinessProbe: + exec: + command: + - /usr/bin/ovs-vsctl + - show + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-vswitchd.sh" + volumeMounts: + - name: openvswitchvswitchdsh + mountPath: /tmp/openvswitch-vswitchd.sh + subPath: openvswitch-vswitchd.sh + - name: openvswitchensureconfiguredsh + mountPath: /tmp/openvswitch-ensure-configured.sh + subPath: openvswitch-ensure-configured.sh + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + volumes: + - name: openvswitchvswitchdsh + configMap: + name: neutron-bin + - name: openvswitchensureconfiguredsh + configMap: + name: neutron-bin + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 6dcef74103..21004eb353 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -50,4 +50,4 @@ spec: name: neutron-etc - name: ml2confini configMap: - name: neutron-etc \ No newline at end of file + name: neutron-etc diff --git a/neutron/templates/etc/_l3-agent.ini.tpl b/neutron/templates/etc/_l3-agent.ini.tpl index 38b17395c9..3760b3e6c6 100644 --- a/neutron/templates/etc/_l3-agent.ini.tpl +++ b/neutron/templates/etc/_l3-agent.ini.tpl @@ -1,4 +1,4 @@ [DEFAULT] agent_mode = legacy enable_metadata_proxy = True -enable_isolated_metadata = True \ No newline at end of file +enable_isolated_metadata = True diff --git a/neutron/templates/etc/_metadata-agent.ini.tpl b/neutron/templates/etc/_metadata-agent.ini.tpl index c0239e974d..f6cd65e6d7 100644 --- a/neutron/templates/etc/_metadata-agent.ini.tpl +++ b/neutron/templates/etc/_metadata-agent.ini.tpl @@ -28,4 +28,4 @@ metadata_port = {{ .Values.network.port.metadata }} metadata_workers = {{ .Values.metadata.workers }} # Caching -cache_url = memory://?default_ttl=5 \ No newline at end of file +cache_url = memory://?default_ttl=5 diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl index 859dd817d8..60849d21d2 100644 --- a/neutron/templates/etc/_neutron.conf.tpl +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -68,4 +68,4 @@ username = {{ .Values.keystone.neutron_user }} password = {{ .Values.keystone.neutron_password }} [oslo_messaging_notifications] -driver = noop \ No newline at end of file +driver = noop diff --git a/neutron/templates/etc/_resolv.conf.tpl b/neutron/templates/etc/_resolv.conf.tpl index 68dc696756..7c1e9d839a 100644 --- a/neutron/templates/etc/_resolv.conf.tpl +++ b/neutron/templates/etc/_resolv.conf.tpl @@ -2,4 +2,4 @@ search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} {{- range .Values.network.dns.servers }} nameserver {{ . | title }} {{- end }} -options ndots:5 \ No newline at end of file +options ndots:5 diff --git a/neutron/values.yaml b/neutron/values.yaml index 3c6268f45b..298417a3ff 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -7,16 +7,16 @@ replicas: server: 1 images: - init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona - db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona - server: quay.io/stackanetes/stackanetes-neutron-server:barcelona - dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona - metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona - l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona - neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona + init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton + server: quay.io/stackanetes/stackanetes-neutron-server:newton + dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:newton + metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:newton + l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:newton + neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:newton openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest - post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -159,7 +159,7 @@ dependencies: - nova-api daemonset: - neutron-openvswitch - openvswitchagent: + ovs_agent: jobs: - neutron-post - nova-post @@ -167,9 +167,6 @@ dependencies: - keystone-api - rabbitmq - neutron-server - container: - - openvswitch-db-server - - openvswitch-vswitchd l3: jobs: - nova-init From 4cef79295ab07bec433b2a602510508e2fdc00d6 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Fri, 6 Jan 2017 09:04:57 -0600 Subject: [PATCH 12/39] Additional tweaks per pull request review. --- docs/developer/minikube.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 5d8c93c472..dbf41a3ce4 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -113,7 +113,7 @@ After following the instructions above your environment is in a state where you Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself with `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: @@ -167,7 +167,7 @@ $ helm install --name=neutron local/neutron --namespace=openstack # Horizon Management -After each of the charts is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. +After each chart is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. ``` $ sudo kubectl edit svc horizon -n openstack From 4a6b5e42c6a1cf5fce21629c43fdd57153033b94 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Fri, 6 Jan 2017 09:14:22 -0600 Subject: [PATCH 13/39] %s/wtih/with/g :) --- docs/developer/minikube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index dbf41a3ce4..b005c3ff9f 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -113,7 +113,7 @@ After following the instructions above your environment is in a state where you Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself with `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself with `values.yaml` included with the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: From f2d9a39bc4d97a71a4aa79f59e84d259039ec727 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Fri, 6 Jan 2017 10:24:00 -0800 Subject: [PATCH 14/39] Prune dependencies in values per PR#60 feedback --- neutron/values.yaml | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/neutron/values.yaml b/neutron/values.yaml index 298417a3ff..f37c9006bd 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -133,7 +133,6 @@ dependencies: server: jobs: - neutron-db-sync - - mariadb-seed service: - rabbitmq - mariadb @@ -148,17 +147,16 @@ dependencies: - neutron-init - nova-post daemonset: - - neutron-openvswitch + - ovs-agent metadata: + service: + - rabbitmq + - nova-api jobs: - neutron-init - nova-post - service: - - neutron-server - - rabbitmq - - nova-api daemonset: - - neutron-openvswitch + - ovs-agent ovs_agent: jobs: - neutron-post @@ -168,20 +166,19 @@ dependencies: - rabbitmq - neutron-server l3: - jobs: - - nova-init - - neutron-init - - nova-post service: - neutron-server - rabbitmq - nova-api + jobs: + - nova-init + - neutron-init + - nova-post daemonset: - - neutron-openvswitch + - ovs-agent db_sync: jobs: - neutron-init - - mariadb-seed service: - mariadb init: @@ -190,11 +187,10 @@ dependencies: service: - mariadb post: - jobs: - - neutron-db-sync service: - keystone-api - - neutron-server + jobs: + - neutron-db-sync # typically overriden by environmental # values, but should include all endpoints From b1e3de020bda125a4020b7d1256c10be682851ee Mon Sep 17 00:00:00 2001 From: harbor Date: Sat, 7 Jan 2017 02:41:30 +0000 Subject: [PATCH 15/39] Heat Initial Refactor --- common/templates/_endpoints.tpl | 136 +++++++++++++++++- common/templates/_funcs.tpl | 1 - .../templates/scripts}/_ks-endpoints.sh.tpl | 2 + .../templates/scripts}/_ks-service.sh.tpl | 2 + .../templates/scripts}/_ks-user.sh.tpl | 8 +- common/templates/snippets/_ks_env_openrc.tpl | 40 ++++++ .../snippets/_ks_env_user_create_openrc.tpl | 33 +++++ heat/templates/_heat_config_helpers.tpl | 90 ------------ heat/templates/_helpers.tpl | 73 ---------- heat/templates/bin/_db-init.sh.tpl | 21 +++ .../user => }/bin/_ks-domain-user.sh.tpl | 0 .../config/contents/_heat-cache.conf.tpl | 4 - .../config/contents/_heat-db.conf.tpl | 3 - .../config/contents/_heat-endpoints.conf.tpl | 4 - .../config/contents/_heat-keystone.conf.tpl | 15 -- .../config/contents/_heat-log.conf.tpl | 4 - .../config/contents/_heat-messaging.conf.tpl | 5 - .../config/contents/_heat-options.conf.tpl | 3 - .../config/contents/_heat-paste.conf.tpl | 2 - .../contents/_heat-stack-domain.conf.tpl | 4 - .../config/contents/_heat-trustee.conf.tpl | 22 --- .../contents/components/_heat-api.conf.tpl | 4 - .../contents/components/_heat-cfn.conf.tpl | 4 - .../components/_heat-cloudwatch.conf.tpl | 4 - .../contents/components/_heat-engine.conf.tpl | 2 - heat/templates/config/heat-api-paste.ini.yaml | 7 - heat/templates/config/heat-api.conf.yaml | 7 - heat/templates/config/heat-cache.conf.yaml | 7 - heat/templates/config/heat-cfn.conf.yaml | 7 - .../config/heat-cloudwatch.conf.yaml | 7 - heat/templates/config/heat-db.conf.yaml | 8 -- .../templates/config/heat-endpoints.conf.yaml | 7 - heat/templates/config/heat-engine.conf.yaml | 7 - heat/templates/config/heat-log.conf.yaml | 7 - .../templates/config/heat-messaging.conf.yaml | 8 -- heat/templates/config/heat-options.conf.yaml | 7 - heat/templates/config/heat-paste.conf.yaml | 7 - heat/templates/config/heat-policy.json.yaml | 7 - heat/templates/configmap-bin.yaml | 15 ++ heat/templates/configmap-etc.yaml | 11 ++ ...yaml => configmap-keystone-admin.env.yaml} | 0 ...=> configmap-keystone-stack-user.env.yaml} | 4 +- ...ml => configmap-keystone-trustee.env.yaml} | 4 +- ....yaml => configmap-keystone-user.env.yaml} | 4 +- .../api/api.yaml => deployment-api.yaml} | 41 +++--- .../cfn/cfn.yaml => deployment-cfn.yaml} | 41 +++--- ...dwatch.yaml => deployment-cloudwatch.yaml} | 41 +++--- heat/templates/deployment/api/api.sh.yaml | 7 - heat/templates/deployment/api/bin/_api.sh.tpl | 4 - heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 - heat/templates/deployment/cfn/cfn.sh.yaml | 7 - .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 - .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 - .../contents => etc}/_heat-api-paste.ini.tpl | 1 - .../contents => etc}/_heat-policy.json.tpl | 0 heat/templates/etc/_heat.conf.tpl | 84 +++++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 31 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ .../ks-service.yaml => job-ks-service.yaml} | 33 ++++- .../user/ks-user.yaml => job-ks-user.yaml} | 93 ++++-------- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - heat/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ------------- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/user/ks-user.sh.yaml | 9 -- .../engine.yaml => statefulset-engine.yaml} | 32 ++--- .../statefulset/engine/bin/_engine.sh.tpl | 4 - .../statefulset/engine/engine.sh.yaml | 7 - heat/values.yaml | 42 ++++++ 73 files changed, 616 insertions(+), 719 deletions(-) rename {heat/templates/jobs/keystone/endpoints/bin => common/templates/scripts}/_ks-endpoints.sh.tpl (97%) rename {heat/templates/jobs/keystone/service/bin => common/templates/scripts}/_ks-service.sh.tpl (96%) rename {heat/templates/jobs/keystone/user/bin => common/templates/scripts}/_ks-user.sh.tpl (83%) create mode 100644 common/templates/snippets/_ks_env_openrc.tpl create mode 100644 common/templates/snippets/_ks_env_user_create_openrc.tpl delete mode 100644 heat/templates/_heat_config_helpers.tpl delete mode 100644 heat/templates/_helpers.tpl create mode 100644 heat/templates/bin/_db-init.sh.tpl rename heat/templates/{jobs/keystone/user => }/bin/_ks-domain-user.sh.tpl (100%) delete mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-db.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-log.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-options.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl delete mode 100755 heat/templates/config/heat-api-paste.ini.yaml delete mode 100644 heat/templates/config/heat-api.conf.yaml delete mode 100644 heat/templates/config/heat-cache.conf.yaml delete mode 100644 heat/templates/config/heat-cfn.conf.yaml delete mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml delete mode 100644 heat/templates/config/heat-db.conf.yaml delete mode 100644 heat/templates/config/heat-endpoints.conf.yaml delete mode 100644 heat/templates/config/heat-engine.conf.yaml delete mode 100644 heat/templates/config/heat-log.conf.yaml delete mode 100644 heat/templates/config/heat-messaging.conf.yaml delete mode 100644 heat/templates/config/heat-options.conf.yaml delete mode 100644 heat/templates/config/heat-paste.conf.yaml delete mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/configmap-bin.yaml create mode 100644 heat/templates/configmap-etc.yaml rename heat/templates/{config/heat-keystone-admin.env.yaml => configmap-keystone-admin.env.yaml} (100%) rename heat/templates/{config/heat-stack-domain.conf.yaml => configmap-keystone-stack-user.env.yaml} (71%) rename heat/templates/{config/heat-trustee.conf.yaml => configmap-keystone-trustee.env.yaml} (82%) rename heat/templates/{config/heat-keystone.conf.yaml => configmap-keystone-user.env.yaml} (81%) rename heat/templates/{deployment/api/api.yaml => deployment-api.yaml} (70%) rename heat/templates/{deployment/cfn/cfn.yaml => deployment-cfn.yaml} (70%) rename heat/templates/{deployment/cloudwatch/cloudwatch.yaml => deployment-cloudwatch.yaml} (70%) delete mode 100755 heat/templates/deployment/api/api.sh.yaml delete mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl delete mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl delete mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml delete mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl delete mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml rename heat/templates/{config/contents => etc}/_heat-api-paste.ini.tpl (99%) mode change 100755 => 100644 rename heat/templates/{config/contents => etc}/_heat-policy.json.tpl (100%) create mode 100644 heat/templates/etc/_heat.conf.tpl rename heat/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename heat/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 heat/templates/job-ks-endpoints.yaml.yaml rename heat/templates/{jobs/keystone/service/ks-service.yaml => job-ks-service.yaml} (54%) rename heat/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (55%) delete mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml rename heat/templates/{statefulset/engine/engine.yaml => statefulset-engine.yaml} (71%) delete mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl delete mode 100644 heat/templates/statefulset/engine/engine.sh.yaml diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 0170b4eb5c..5f1be74867 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -1,9 +1,139 @@ #----------------------------------------- # endpoints #----------------------------------------- -{{- define "endpoint_keystone_internal" -}} -{{- with .Values.endpoints.keystone -}} - {{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}} + +# this function returns the endpoint uri for a service, it takes an tuple +# input in ther form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointScheme := index $endpointMap "scheme" }} +{{- $endpointPath := index $endpointMap "path" }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} {{- end -}} {{- end -}} + +# this should be a generic function leveraging a tuple +# for input, e.g. { endpoint keystone internal . } +# however, constructing this appears to be a +# herculean effort in gotpl + +{{- define "endpoint_keystone_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_keystone_admin" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_metadata_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_novncproxy_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_registry_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_neutron_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.neutron -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint type lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple heat . | include "ks_endpoint_type" } +# will return "orchestration" + +{{- define "endpoint_type_lookup" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointType := index $endpointMap "type" }} +{{- $endpointType | quote -}} +{{- end -}} + + +#------------------------------- +# kolla helpers +#------------------------------- +{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index e83d171a97..fe6c9a675e 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -21,4 +21,3 @@ {{- $wtf := $context.Template.Name | replace $last $name -}} {{- include $wtf $context | sha256sum | quote -}} {{- end -}} - diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/common/templates/scripts/_ks-endpoints.sh.tpl similarity index 97% rename from heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl rename to common/templates/scripts/_ks-endpoints.sh.tpl index 3f802d2313..1c70a499a1 100755 --- a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ b/common/templates/scripts/_ks-endpoints.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_endpoints" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -61,3 +62,4 @@ fi # Display the Endpoint openstack endpoint show ${OS_ENDPOINT_ID} +{{- end }} diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/common/templates/scripts/_ks-service.sh.tpl similarity index 96% rename from heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl rename to common/templates/scripts/_ks-service.sh.tpl index 4777d08c48..7c6f2580f3 100644 --- a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ b/common/templates/scripts/_ks-service.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_service" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -33,3 +34,4 @@ if [[ -z ${OS_SERVICE_ID} ]]; then --enable \ "${OS_SERVICE_TYPE}") fi +{{- end }} diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/common/templates/scripts/_ks-user.sh.tpl similarity index 83% rename from heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl rename to common/templates/scripts/_ks-user.sh.tpl index fdc7358b32..e815da3049 100644 --- a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ b/common/templates/scripts/_ks-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -17,20 +18,22 @@ set -ex # Manage user project +USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="${USER_PROJECT_DESC}" \ "${SERVICE_OS_PROJECT_NAME}"); # Display project openstack project show "${USER_PROJECT_ID}" # Manage user +USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" USER_ID=$(openstack user create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --description="${USER_DESC}" \ --password="${SERVICE_OS_PASSWORD}" \ "${SERVICE_OS_USERNAME}"); @@ -54,3 +57,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE}" \ --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --user="${USER_ID}" +{{- end }} diff --git a/common/templates/snippets/_ks_env_openrc.tpl b/common/templates/snippets/_ks_env_openrc.tpl new file mode 100644 index 0000000000..140ce25c97 --- /dev/null +++ b/common/templates/snippets/_ks_env_openrc.tpl @@ -0,0 +1,40 @@ +{{- define "env_ks_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/common/templates/snippets/_ks_env_user_create_openrc.tpl b/common/templates/snippets/_ks_env_user_create_openrc.tpl new file mode 100644 index 0000000000..5ce6e58077 --- /dev/null +++ b/common/templates/snippets/_ks_env_user_create_openrc.tpl @@ -0,0 +1,33 @@ +{{- define "env_ks_user_create_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl deleted file mode 100644 index eb0878881a..0000000000 --- a/heat/templates/_heat_config_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{- define "heat_config_volume_mounts" }} -- name: pod-etc-heat - mountPath: /etc/heat -- name: pod-var-cache-heat - mountPath: /var/cache/heat -- name: heat-json-policy - mountPath: /etc/heat/policy.json - subPath: policy.json - readOnly: true -- name: heat-conf-cache - mountPath: /etc/heat/conf/heat-cache.conf - subPath: heat-cache.conf - readOnly: true -- name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true -- name: heat-conf-endpoints - mountPath: /etc/heat/conf/heat-endpoints.conf - subPath: heat-endpoints.conf - readOnly: true -- name: heat-conf-keystone - mountPath: /etc/heat/conf/heat-keystone.conf - subPath: heat-keystone.conf - readOnly: true -- name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf - readOnly: true -- name: heat-conf-messaging - mountPath: /etc/heat/conf/heat-messaging.conf - subPath: heat-messaging.conf - readOnly: true -- name: heat-conf-options - mountPath: /etc/heat/conf/heat-options.conf - subPath: heat-options.conf - readOnly: true -- name: heat-conf-paste - mountPath: /etc/heat/conf/heat-paste.conf - subPath: heat-paste.conf - readOnly: true -- name: heat-conf-stack-domain - mountPath: /etc/heat/conf/heat-stack-domain.conf - subPath: heat-stack-domain.conf - readOnly: true -- name: heat-conf-trustee - mountPath: /etc/heat/conf/heat-trustee.conf - subPath: heat-trustee.conf - readOnly: true -{{- end }} - -{{- define "heat_config_volumes" }} -- name: pod-etc-heat - emptyDir: {} -- name: pod-var-cache-heat - emptyDir: {} -- name: heat-json-policy - configMap: - name: heat-json-policy -- name: heat-conf-cache - configMap: - name: heat-conf-cache -- name: heat-conf-db - secret: - secretName: heat-conf-db -- name: heat-conf-endpoints - configMap: - name: heat-conf-endpoints -- name: heat-conf-keystone - secret: - secretName: heat-conf-keystone -- name: heat-conf-log - configMap: - name: heat-conf-log -- name: heat-conf-messaging - secret: - secretName: heat-conf-messaging -- name: heat-conf-options - configMap: - name: heat-conf-options -- name: heat-conf-paste - configMap: - name: heat-conf-paste -- name: heat-conf-stack-domain - secret: - secretName: heat-conf-stack-domain -- name: heat-conf-trustee - secret: - secretName: heat-conf-trustee -{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl deleted file mode 100644 index 745e619571..0000000000 --- a/heat/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..ba1c302c03 --- /dev/null +++ b/heat/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_user }}' \ + password='{{ .Values.database.heat_password }}' \ + host='%' \ + priv='{{ .Values.database.heat_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/bin/_ks-domain-user.sh.tpl similarity index 100% rename from heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl rename to heat/templates/bin/_ks-domain-user.sh.tpl diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl deleted file mode 100644 index a6fd1728e8..0000000000 --- a/heat/templates/config/contents/_heat-cache.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[cache] -enabled = "True" -backend = oslo_cache.memcache_pool -memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl deleted file mode 100644 index 0213e750a0..0000000000 --- a/heat/templates/config/contents/_heat-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} -max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl deleted file mode 100644 index f9fc3fd077..0000000000 --- a/heat/templates/config/contents/_heat-endpoints.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} -heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition -heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl deleted file mode 100644 index 994981572b..0000000000 --- a/heat/templates/config/contents/_heat-keystone.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -[keystone_authtoken] -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_region_name }} -project_domain_name = {{ .Values.keystone.heat_project_domain }} -project_name = {{ .Values.keystone.heat_project_name }} -user_domain_name = {{ .Values.keystone.heat_user_domain }} -username = {{ .Values.keystone.heat_user }} -password = {{ .Values.keystone.heat_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl deleted file mode 100644 index a0ec3d1f2f..0000000000 --- a/heat/templates/config/contents/_heat-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl deleted file mode 100644 index 819bd099f3..0000000000 --- a/heat/templates/config/contents/_heat-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl deleted file mode 100644 index 1f764f7912..0000000000 --- a/heat/templates/config/contents/_heat-options.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -enable_stack_adopt = "True" -enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl deleted file mode 100644 index 5d6dcd6411..0000000000 --- a/heat/templates/config/contents/_heat-paste.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[paste_deploy] -config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl deleted file mode 100644 index 75afba0804..0000000000 --- a/heat/templates/config/contents/_heat-stack-domain.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} -stack_domain_admin = {{ .Values.keystone.heat_stack_user }} -stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl deleted file mode 100644 index 41776515af..0000000000 --- a/heat/templates/config/contents/_heat-trustee.conf.tpl +++ /dev/null @@ -1,22 +0,0 @@ -[DEFAULT] -trusts_delegated_roles = "Member" -deferred_auth_method = "trusts" - -[trustee] -auth_type = "password" -auth_section = "trustee_keystone" - -[trustee_keystone] - -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_trustee_region_name }} -user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} -username = {{ .Values.keystone.heat_trustee_user }} -password = {{ .Values.keystone.heat_trustee_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl deleted file mode 100644 index 6828788896..0000000000 --- a/heat/templates/config/contents/components/_heat-api.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api] -bind_port = {{ .Values.service.api.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl deleted file mode 100644 index d6c42a1796..0000000000 --- a/heat/templates/config/contents/components/_heat-cfn.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cfn] -bind_port = {{ .Values.service.cfn.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl deleted file mode 100644 index b99262222b..0000000000 --- a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cloudwatch] -bind_port = {{ .Values.service.cloudwatch.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl deleted file mode 100644 index 1a22c602c6..0000000000 --- a/heat/templates/config/contents/components/_heat-engine.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml deleted file mode 100755 index 22031118a2..0000000000 --- a/heat/templates/config/heat-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml deleted file mode 100644 index cffa497ac0..0000000000 --- a/heat/templates/config/heat-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-api -data: - heat-api.conf: |+ -{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml deleted file mode 100644 index b7b4eb9ed9..0000000000 --- a/heat/templates/config/heat-cache.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cache -data: - heat-cache.conf: | -{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml deleted file mode 100644 index 3d1c96511a..0000000000 --- a/heat/templates/config/heat-cfn.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cfn -data: - heat-cfn.conf: |+ -{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml deleted file mode 100644 index cf244f76a6..0000000000 --- a/heat/templates/config/heat-cloudwatch.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cloudwatch -data: - heat-cloudwatch.conf: |+ -{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml deleted file mode 100644 index a8e2cf20d2..0000000000 --- a/heat/templates/config/heat-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-db -type: Opaque -data: - heat-db.conf: | -{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml deleted file mode 100644 index 535e90cfff..0000000000 --- a/heat/templates/config/heat-endpoints.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-endpoints -data: - heat-endpoints.conf: | -{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml deleted file mode 100644 index cb5855786a..0000000000 --- a/heat/templates/config/heat-engine.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-engine -data: - heat-engine.conf: |+ -{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml deleted file mode 100644 index 86a5a19be3..0000000000 --- a/heat/templates/config/heat-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-log -data: - heat-log.conf: |+ -{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml deleted file mode 100644 index 2bb408a68b..0000000000 --- a/heat/templates/config/heat-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-messaging -type: Opaque -data: - heat-messaging.conf: | -{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml deleted file mode 100644 index 8ac2ebf4ba..0000000000 --- a/heat/templates/config/heat-options.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-options -data: - heat-options.conf: | -{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml deleted file mode 100644 index 29f96e71da..0000000000 --- a/heat/templates/config/heat-paste.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-paste -data: - heat-paste.conf: | -{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml deleted file mode 100644 index 1b96f2a57c..0000000000 --- a/heat/templates/config/heat-policy.json.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-json-policy -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml new file mode 100644 index 0000000000..41e3ce81fe --- /dev/null +++ b/heat/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml new file mode 100644 index 0000000000..c3039714c8 --- /dev/null +++ b/heat/templates/configmap-etc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-etc +data: + heat.conf: |+ +{{ tuple "etc/_heat.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/configmap-keystone-admin.env.yaml similarity index 100% rename from heat/templates/config/heat-keystone-admin.env.yaml rename to heat/templates/configmap-keystone-admin.env.yaml diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/configmap-keystone-stack-user.env.yaml similarity index 71% rename from heat/templates/config/heat-stack-domain.conf.yaml rename to heat/templates/configmap-keystone-stack-user.env.yaml index f870bf29ee..e95e5f3f8a 100644 --- a/heat/templates/config/heat-stack-domain.conf.yaml +++ b/heat/templates/configmap-keystone-stack-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-stack-domain + name: heat-env-keystone-stack-user type: Opaque data: - heat-stack-domain.conf: | -{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} OS_DOMAIN_NAME: | diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/configmap-keystone-trustee.env.yaml similarity index 82% rename from heat/templates/config/heat-trustee.conf.yaml rename to heat/templates/configmap-keystone-trustee.env.yaml index 57906ad636..72a74bdf14 100644 --- a/heat/templates/config/heat-trustee.conf.yaml +++ b/heat/templates/configmap-keystone-trustee.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-trustee + name: heat-env-keystone-trustee type: Opaque data: - heat-trustee.conf: | -{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/configmap-keystone-user.env.yaml similarity index 81% rename from heat/templates/config/heat-keystone.conf.yaml rename to heat/templates/configmap-keystone-user.env.yaml index 514a577445..c3730107e8 100644 --- a/heat/templates/config/heat-keystone.conf.yaml +++ b/heat/templates/configmap-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-keystone + name: heat-env-keystone-user type: Opaque data: - heat-keystone.conf: | -{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment-api.yaml similarity index 70% rename from heat/templates/deployment/api/api.yaml rename to heat/templates/deployment-api.yaml index 451769051d..781aa72a46 100755 --- a/heat/templates/deployment/api/api.yaml +++ b/heat/templates/deployment-api.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.api.port }} readinessProbe: tcpSocket: port: {{ .Values.service.api.port }} volumeMounts: - - name: heat-api-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-api - mountPath: /etc/heat/conf/heat-api.conf - subPath: heat-api.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-api-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-api-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-api + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-api -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment-cfn.yaml similarity index 70% rename from heat/templates/deployment/cfn/cfn.yaml rename to heat/templates/deployment-cfn.yaml index 4063084ea8..7d10b9ec54 100644 --- a/heat/templates/deployment/cfn/cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cfn }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cfn + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cfn.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cfn.port }} volumeMounts: - - name: heat-cfn-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cfn - mountPath: /etc/heat/conf/heat-cfn.conf - subPath: heat-cfn.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cfn-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cfn-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cfn + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cfn -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml similarity index 70% rename from heat/templates/deployment/cloudwatch/cloudwatch.yaml rename to heat/templates/deployment-cloudwatch.yaml index 396633e19a..3bd5c8d037 100644 --- a/heat/templates/deployment/cloudwatch/cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cloudwatch }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cloudwatch + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cloudwatch.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cloudwatch.port }} volumeMounts: - - name: heat-cloudwatch-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cloudwatch - mountPath: /etc/heat/conf/heat-cloudwatch.conf - subPath: heat-cloudwatch.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cloudwatch-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cloudwatch-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cloudwatch + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cloudwatch -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml deleted file mode 100755 index ff6918201c..0000000000 --- a/heat/templates/deployment/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl deleted file mode 100755 index d4cc64865b..0000000000 --- a/heat/templates/deployment/api/bin/_api.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl deleted file mode 100644 index 30dcfad519..0000000000 --- a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml deleted file mode 100644 index 71efedd864..0000000000 --- a/heat/templates/deployment/cfn/cfn.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cfn-sh -data: - start.sh: |+ -{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl deleted file mode 100644 index 4703d33e03..0000000000 --- a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml deleted file mode 100644 index 6127e95bf5..0000000000 --- a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cloudwatch-sh -data: - start.sh: |+ -{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/etc/_heat-api-paste.ini.tpl old mode 100755 new mode 100644 similarity index 99% rename from heat/templates/config/contents/_heat-api-paste.ini.tpl rename to heat/templates/etc/_heat-api-paste.ini.tpl index 5ea89b5aee..ad6501e662 --- a/heat/templates/config/contents/_heat-api-paste.ini.tpl +++ b/heat/templates/etc/_heat-api-paste.ini.tpl @@ -1,4 +1,3 @@ - # heat-api pipeline [pipeline:heat-api] pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/etc/_heat-policy.json.tpl similarity index 100% rename from heat/templates/config/contents/_heat-policy.json.tpl rename to heat/templates/etc/_heat-policy.json.tpl diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl new file mode 100644 index 0000000000..d4faf13038 --- /dev/null +++ b/heat/templates/etc/_heat.conf.tpl @@ -0,0 +1,84 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +deferred_auth_method = "trusts" + +enable_stack_adopt = "True" +enable_stack_abandon = "True" + +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} + +num_engine_workers = {{ .Values.resources.engine.workers }} + +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} + +trusts_delegated_roles = "Member" + +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" + +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 + +[keystone_authtoken] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} + +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} + +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[paste_deploy] +config_file = /etc/heat/api-paste.ini + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/job-db-init.yaml similarity index 88% rename from heat/templates/jobs/db/init/db-init.yaml rename to heat/templates/job-db-init.yaml index a7d15d76c3..affd85693c 100644 --- a/heat/templates/jobs/db/init/db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: heat-db-init-sh + name: heat-bin diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/job-db-sync.yaml similarity index 66% rename from heat/templates/jobs/db/sync/db-sync.yaml rename to heat/templates/job-db-sync.yaml index b42da03273..3c66c4c5af 100644 --- a/heat/templates/jobs/db/sync/db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -38,32 +38,21 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - heat-manage + args: + - --config-dir + - /etc/heat/conf + - db_sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-heat mountPath: /etc/heat - - name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true - - name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: heat-db-sync-sh - name: pod-etc-heat emptyDir: {} - - name: heat-conf-db - secret: - secretName: heat-conf-db - - name: heat-conf-log + - name: heatconf configMap: - name: heat-conf-log + name: heat-etc diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 0000000000..ec01159e9f --- /dev/null +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-bin diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/job-ks-service.yaml similarity index 54% rename from heat/templates/jobs/keystone/service/ks-service.yaml rename to heat/templates/job-ks-service.yaml index 8a03bf2696..a66d7c8034 100644 --- a/heat/templates/jobs/keystone/service/ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job metadata: @@ -31,13 +32,39 @@ spec: restartPolicy: OnFailure containers: - name: heat-ks-service-orchestration -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat" - name: OS_SERVICE_TYPE value: "orchestration" - name: heat-ks-service-cloudformation -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat-cfn" - name: OS_SERVICE_TYPE @@ -45,4 +72,4 @@ spec: volumes: - name: ks-service-sh configMap: - name: heat-ks-service-sh + name: heat-bin diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/job-ks-user.yaml similarity index 55% rename from heat/templates/jobs/keystone/user/ks-user.yaml rename to heat/templates/job-ks-user.yaml index f243474e94..ae19b217a9 100644 --- a/heat/templates/jobs/keystone/user/ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,3 +1,8 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user +{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} +{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -42,39 +47,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user @@ -89,39 +69,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_user_role | quote }} - name: heat-ks-domain-user @@ -136,32 +91,34 @@ spec: subPath: ks-domain-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: heat-ks-user-sh + name: heat-bin diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 2c4cc09ee1..0000000000 --- a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 9f8b2262ee..0000000000 --- a/heat/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index 4532bdfe0b..0000000000 --- a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index 59aaa8d24c..0000000000 --- a/heat/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100755 index 04ed895793..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100755 index 84f6617189..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: heat-ks-endpoints-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-cfn-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - volumes: - - name: ks-endpoints-sh - configMap: - name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index 4c30bee642..0000000000 --- a/heat/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index d9e6730b12..0000000000 --- a/heat/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} - ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset-engine.yaml similarity index 71% rename from heat/templates/statefulset/engine/engine.yaml rename to heat/templates/statefulset-engine.yaml index 5e25152328..8b79d9f4a4 100644 --- a/heat/templates/statefulset/engine/engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -43,23 +43,23 @@ spec: image: {{ .Values.images.engine }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-engine + - --config-dir + - /etc/heat/conf volumeMounts: - - name: heat-engine-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-conf-engine - mountPath: /etc/heat/conf/heat-engine.conf - subPath: heat-engine.conf - readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-engine-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-engine-sh - - name: heat-conf-engine - configMap: - name: heat-conf-engine -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl deleted file mode 100644 index dabae086c4..0000000000 --- a/heat/templates/statefulset/engine/bin/_engine.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml deleted file mode 100644 index 534d6ef8df..0000000000 --- a/heat/templates/statefulset/engine/engine.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-engine-sh -data: - start.sh: |+ -{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/values.yaml b/heat/values.yaml index cba2b59e62..dca675b541 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -99,6 +99,9 @@ resources: misc: debug: false +secrets: + keystone_admin: + dependencies: db_init: jobs: @@ -153,3 +156,42 @@ dependencies: service: - keystone-api - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + heat: + hosts: + default: heat-api + path: '/v1/%(project_id)s' + type: orchestration + scheme: 'http' + port: + api: 8004 + heat_cfn: + hosts: + default: heat-cfn + path: /v1 + type: cloudformation + scheme: 'http' + port: + api: 8000 +# Cloudwatch does not get an entry in the keystone service catalog + heat_cloudwatch: + hosts: + default: heat-cloudwatch + path: null + type: null + scheme: 'http' + port: + api: 8003 From 75d3cb659f9fadb29b759eb28ea79ebb6451e47b Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:26:48 +0000 Subject: [PATCH 16/39] Heat rebase against current master --- Makefile | 21 ++++---- common/templates/_endpoints.tpl | 52 +++++++++---------- ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...ml => secret-keystone-stack-user.env.yaml} | 0 ....yaml => secret-keystone-trustee.env.yaml} | 0 ...env.yaml => secret-keystone-user.env.yaml} | 0 6 files changed, 34 insertions(+), 39 deletions(-) rename heat/templates/{configmap-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename heat/templates/{configmap-keystone-stack-user.env.yaml => secret-keystone-stack-user.env.yaml} (100%) rename heat/templates/{configmap-keystone-trustee.env.yaml => secret-keystone-trustee.env.yaml} (100%) rename heat/templates/{configmap-keystone-user.env.yaml => secret-keystone-user.env.yaml} (100%) diff --git a/Makefile b/Makefile index d7345126e3..e3c08d22c4 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack common: build-common @@ -19,14 +19,18 @@ mariadb: build-mariadb keystone: build-keystone -heat: build-heat - horizon: build-horizon rabbitmq: build-rabbitmq glance: build-glance +neutron: build-neutron + +heat: build-heat + +maas: build-maas + memcached: build-memcached openstack: build-openstack @@ -42,10 +46,3 @@ build-%: if [ -f $*/requirements.yaml ]; then helm dep up $*; fi helm lint $* helm package $* - -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 5f1be74867..fe0a7d1888 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -2,32 +2,6 @@ # endpoints #----------------------------------------- -# this function returns the endpoint uri for a service, it takes an tuple -# input in ther form: service-name, endpoint-class, port-name. eg: -# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } -# will return the appropriate URI - -{{- define "endpoint_addr_lookup" -}} -{{- $name := index . 0 -}} -{{- $endpoint := index . 1 -}} -{{- $port := index . 2 -}} -{{- $context := index . 3 -}} -{{- $nameNorm := $name | replace "-" "_" }} -{{- $endpointMap := index $context.Values.endpoints $nameNorm }} -{{- $endpointScheme := index $endpointMap "scheme" }} -{{- $endpointPath := index $endpointMap "path" }} -{{- $fqdn := $context.Release.Namespace -}} -{{- if $context.Values.endpoints.fqdn -}} -{{- $fqdn := $context.Values.endpoints.fqdn -}} -{{- end -}} -{{- with $endpointMap -}} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} -{{- end -}} -{{- end -}} - - # this should be a generic function leveraging a tuple # for input, e.g. { endpoint keystone internal . } # however, constructing this appears to be a @@ -113,6 +87,31 @@ {{- end -}} {{- end -}} +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + #------------------------------- # endpoint type lookup @@ -132,7 +131,6 @@ {{- $endpointType | quote -}} {{- end -}} - #------------------------------- # kolla helpers #------------------------------- diff --git a/heat/templates/configmap-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-admin.env.yaml rename to heat/templates/secret-keystone-admin.env.yaml diff --git a/heat/templates/configmap-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-stack-user.env.yaml rename to heat/templates/secret-keystone-stack-user.env.yaml diff --git a/heat/templates/configmap-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-trustee.env.yaml rename to heat/templates/secret-keystone-trustee.env.yaml diff --git a/heat/templates/configmap-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-user.env.yaml rename to heat/templates/secret-keystone-user.env.yaml From 4e6f72476141fd0f31f2d3aef4ad42e496d445ba Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:56:15 +0000 Subject: [PATCH 17/39] Update Heat Service Creation Job --- heat/templates/job-ks-service.yaml | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index a66d7c8034..ad5d75f138 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job @@ -31,9 +32,10 @@ spec: spec: restartPolicy: OnFailure containers: - - name: heat-ks-service-orchestration - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: - bash - /tmp/ks-service.sh @@ -47,28 +49,10 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: "heat" + value: {{ $osServiceName }} - name: OS_SERVICE_TYPE - value: "orchestration" - - name: heat-ks-service-cloudformation - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "env_ks_openrc_tpl" $env | indent 12 }} + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} {{- end }} - - name: OS_SERVICE_NAME - value: "heat-cfn" - - name: OS_SERVICE_TYPE - value: "cloudformation" volumes: - name: ks-service-sh configMap: From 4403ed40c7afd377504f1f366ae2759613499e1f Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:58:27 +0000 Subject: [PATCH 18/39] Add Heat to developer documentation --- docs/developer/minikube.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index b005c3ff9f..4ee88495a8 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -163,6 +163,7 @@ $ helm install --name=horizon local/horizon --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack +$ helm install --name=heat local/heat --namespace=openstack ``` # Horizon Management @@ -173,7 +174,7 @@ After each chart is deployed, you may wish to change the typical service endpoin $ sudo kubectl edit svc horizon -n openstack ``` -With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). +With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). ``` apiVersion: v1 @@ -224,7 +225,7 @@ $ kubectl exec mariadb-0 -it -n openstack -- mysql -uroot -ppassword -e 'show da | mysql | | performance_schema | +--------------------+ -$ +$ ``` **Helm Server/Repository**
@@ -251,7 +252,7 @@ $ helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com/ local http://localhost:8879/charts -$ +$ $ helm repo remove local ``` From 3c56140da31e486c30de10de6b2d370d01508250 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 07:08:13 -0800 Subject: [PATCH 19/39] Resolve missing newline --- neutron/templates/daemonset-ovs-db.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml index c22ab52c7d..f817fa92bf 100644 --- a/neutron/templates/daemonset-ovs-db.yaml +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -58,4 +58,5 @@ spec: path: /lib/modules - name: run hostPath: - path: /run \ No newline at end of file + path: /run + From 88a85ae7d5289625f2200f445e313bc699d73381 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 07:49:44 -0800 Subject: [PATCH 20/39] Implement requested feedback in PR#91 - Split out osapi and metadata api to remove unnecessary security privileges - Prune dependencies - Fix static imagePullPolicies - Remove extraneous start.sh imported accidently from keystone chart --- nova/templates/bin/_start-osapi.sh.tpl | 21 ++++++ nova/templates/bin/_start.sh.tpl | 12 --- nova/templates/configmap-bin.yaml | 4 +- nova/templates/daemonset-compute.yaml | 9 --- ...-api.yaml => deployment-api-metadata.yaml} | 13 ++-- nova/templates/deployment-api-osapi.yaml | 75 +++++++++++++++++++ nova/templates/etc/_nova.conf.tpl | 2 +- nova/templates/job-db-sync.yaml | 4 +- nova/templates/job-init.yaml | 2 +- nova/templates/job-post.yaml | 2 +- ...service-api.yaml => service-metadata.yaml} | 4 +- nova/templates/service-osapi.yaml | 13 ++++ nova/values.yaml | 35 ++++----- 13 files changed, 136 insertions(+), 60 deletions(-) create mode 100644 nova/templates/bin/_start-osapi.sh.tpl delete mode 100644 nova/templates/bin/_start.sh.tpl rename nova/templates/{deployment-api.yaml => deployment-api-metadata.yaml} (88%) create mode 100644 nova/templates/deployment-api-osapi.yaml rename nova/templates/{service-api.yaml => service-metadata.yaml} (66%) create mode 100644 nova/templates/service-osapi.yaml diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl new file mode 100644 index 0000000000..d1f0313299 --- /dev/null +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh +# +# start nova-api-osapi service +# +# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges +# by stubbing in a fake iptables scripts + +echo </tmp/iptables +#!/bin/sh +# nova-api-metadata trys to run some iptables commands +# This enables the api-only container to run without NET_ADMIN privileges +true +EOF + +# make it executable and copy it over whatever iptables may be underneath in this image +chmod +x /tmp/iptables +cp -p /tmp/iptables /sbin/iptables +cp -p /tmp/iptables /sbin/iptables-restore +cp -p /tmp/iptables /sbin/iptables-save + +exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl deleted file mode 100644 index 7c802358bc..0000000000 --- a/nova/templates/bin/_start.sh.tpl +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -ex - -# link our keystone wsgi to apaches running config -ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf - -# Loading Apache2 ENV variables -source /etc/apache2/envvars -rm -rf /var/run/apache2/* -APACHE_DIR="apache2" - -apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 6c7d10cebd..f3d1fca6f3 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,8 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start.sh: | -{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + start-osapi.sh: | +{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 53f4c6ce8b..60529cfbb0 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -59,15 +59,6 @@ spec: - nova-compute - --config-file - /etc/nova/nova.conf - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api-metadata.yaml similarity index 88% rename from nova/templates/deployment-api.yaml rename to nova/templates/deployment-api-metadata.yaml index 4ce90155aa..a81444e5c5 100644 --- a/nova/templates/deployment-api.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -46,17 +46,16 @@ spec: image: {{ .Values.image.api }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: - privileged: true + capabilities: + add: + - NET_ADMIN command: - - nova-api - - --config-file - - /etc/nova/nova.conf + - nova-api-metadata --config-file=/etc/nova/nova.conf ports: - - containerPort: {{ .Values.network.port.api }} - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.api }} + port: {{ .Values.network.port.osapi }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -67,4 +66,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf + path: nova.conf \ No newline at end of file diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml new file mode 100644 index 0000000000..b9a50bbf8b --- /dev/null +++ b/nova/templates/deployment-api-osapi.yaml @@ -0,0 +1,75 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-osapi +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-osapi + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-osapi + image: {{ .Values.image.api }} + command: + - bash + - /tmp/start-osapi.sh + ports: + - containerPort: {{ .Values.network.port.osapi }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.osapi }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumeMounts: + - name: startsh + mountPath: /tmp/start-osapi.sh + subPath: start-osapi.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: startsh + configMap: + name: nova-bin + items: + - key: start-osapi.sh + path: start-osapi.sh diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl index e3a46eef20..900e341ae1 100644 --- a/nova/templates/etc/_nova.conf.tpl +++ b/nova/templates/etc/_nova.conf.tpl @@ -9,7 +9,7 @@ force_config_drive = {{ .Values.nova.default.force_config_drive }} state_path = /var/lib/nova osapi_compute_listen = {{ .Values.network.ip_address }} -osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_listen_port = {{ .Values.network.port.osapi }} osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} workers = {{ .Values.nova.default.osapi_workers }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 0e5c2102a0..013ad07569 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -10,7 +10,7 @@ spec: { "name": "init", "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", "env": [ { "name": "NAMESPACE", @@ -36,7 +36,7 @@ spec: containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/db-sync.sh diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 16a2201ad8..70c873641e 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-init image: {{ .Values.image.init }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/init.sh diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 48b0f3e52d..2c6fd237eb 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-post image: {{ .Values.image.post }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/post.sh diff --git a/nova/templates/service-api.yaml b/nova/templates/service-metadata.yaml similarity index 66% rename from nova/templates/service-api.yaml rename to nova/templates/service-metadata.yaml index 6aa4144d2a..0e0bac07f6 100644 --- a/nova/templates/service-api.yaml +++ b/nova/templates/service-metadata.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Service metadata: - name: nova-api + name: nova-metadata spec: ports: - - name: nova-api - port: {{ .Values.network.port.api }} - name: nova-metadata port: {{ .Values.network.port.metadata }} selector: diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml new file mode 100644 index 0000000000..3821bdd633 --- /dev/null +++ b/nova/templates/service-osapi.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + # alanmeadows(TODO): refactor to nova-osapi + # which requires updating other charts + # dependencies + name: nova-api +spec: + ports: + - name: nova-osapi + port: {{ .Values.network.port.osapi }} + selector: + app: nova-osapi diff --git a/nova/values.yaml b/nova/values.yaml index 2530bc1c06..d4f315f94a 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -13,16 +13,16 @@ control_replicas: 1 compute_replicas: 1 image: - init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona - db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona - api: quay.io/stackanetes/stackanetes-nova-api:barcelona - conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona - scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona - novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona - consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona - compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona - libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona - post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-nova-api:newton + api: quay.io/stackanetes/stackanetes-nova-api:newton + conductor: quay.io/stackanetes/stackanetes-nova-conductor:newton + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:newton + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:newton + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:newton + compute: quay.io/stackanetes/stackanetes-nova-compute:newton + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton + post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -40,7 +40,7 @@ network: other_domains: "" port: - api: 8774 + osapi: 8774 metadata: 8775 novncproxy: 6080 @@ -51,7 +51,6 @@ nova: metadata_workers: 8 conductor_workers: 8 force_config_drive: True - drain_timeout: 60 database: address: "mariadb" @@ -103,7 +102,6 @@ memcached: dependencies: api: jobs: - - mariadb-seed - keystone-db-sync - nova-init - nova-db-sync @@ -121,6 +119,7 @@ dependencies: - nova-init - keystone-init - mariadb-seed + - keystone-db-sync service: - mariadb post: @@ -130,7 +129,7 @@ dependencies: - mariadb-seed service: - mariadb - - nova-api + - keystone-api init: jobs: - mariadb-seed @@ -138,9 +137,7 @@ dependencies: - mariadb compute: jobs: - - nova-init - nova-post - - nova-db-sync service: - keystone-api - nova-api @@ -164,17 +161,11 @@ dependencies: - mariadb scheduler: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb conductor: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb From 943b5a3706645a522214175ce66a0841b2e6f356 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:22:25 -0800 Subject: [PATCH 21/39] Bugfix missing space to start nove-api --- nova/templates/bin/_start-osapi.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index d1f0313299..5e51c57f7c 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -18,4 +18,4 @@ cp -p /tmp/iptables /sbin/iptables cp -p /tmp/iptables /sbin/iptables-restore cp -p /tmp/iptables /sbin/iptables-save -exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file +exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file From bab75eff7fd6c9a404e7149290e5e8516693bbc4 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:36:08 -0800 Subject: [PATCH 22/39] Keep consistent with our set -ex approach on all shell scripts --- nova/templates/bin/_start-osapi.sh.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index 5e51c57f7c..a2bf2a2ff4 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -1,4 +1,6 @@ -#!/bin/sh +#!/bin/bash +set -ex + # # start nova-api-osapi service # From d8a07ee1cbee0154ecead3aed9882092c84822b5 Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 19:50:33 +0000 Subject: [PATCH 23/39] Update Heat PR to relect changes reqested in review This commit addresses the concerns raised in: https://github.com/att-comdev/openstack-helm/pull/77#pullrequestreview-15758654 --- .../templates/scripts}/_ks-domain-user.sh.tpl | 2 ++ heat/templates/configmap-bin.yaml | 2 +- heat/templates/deployment-api.yaml | 2 +- heat/templates/deployment-cfn.yaml | 2 +- heat/templates/deployment-cloudwatch.yaml | 2 +- heat/templates/etc/_heat.conf.tpl | 6 ++---- heat/templates/job-ks-endpoints.yaml.yaml | 2 +- heat/templates/job-ks-service.yaml | 2 +- heat/templates/job-ks-user.yaml | 10 +++++----- heat/templates/secret-keystone-admin.env.yaml | 2 +- .../templates/secret-keystone-stack-user.env.yaml | 2 +- heat/templates/secret-keystone-trustee.env.yaml | 2 +- heat/templates/secret-keystone-user.env.yaml | 2 +- heat/templates/statefulset-engine.yaml | 2 +- heat/values.yaml | 15 +++++++++++++-- 15 files changed, 33 insertions(+), 22 deletions(-) rename {heat/templates/bin => common/templates/scripts}/_ks-domain-user.sh.tpl (97%) diff --git a/heat/templates/bin/_ks-domain-user.sh.tpl b/common/templates/scripts/_ks-domain-user.sh.tpl similarity index 97% rename from heat/templates/bin/_ks-domain-user.sh.tpl rename to common/templates/scripts/_ks-domain-user.sh.tpl index 4b4f940245..44bfd27684 100644 --- a/heat/templates/bin/_ks-domain-user.sh.tpl +++ b/common/templates/scripts/_ks-domain-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_domain_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -53,3 +54,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE_ID}" \ --user-domain="${SERVICE_OS_DOMAIN_ID}" \ --user="${SERVICE_OS_USERID}" +{{- end }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml index 41e3ce81fe..27da8c6947 100644 --- a/heat/templates/configmap-bin.yaml +++ b/heat/templates/configmap-bin.yaml @@ -12,4 +12,4 @@ data: ks-user.sh: |+ {{- include "common_keystone_user" . | indent 4 }} ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} +{{- include "common_keystone_domain_user" . | indent 4 }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 781aa72a46..759571c4e3 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} template: metadata: labels: diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 7d10b9ec54..94d6d55e35 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cfn spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cfn }} template: metadata: labels: diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3bd5c8d037..d4753011c6 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cloudwatch spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cloudwatch }} template: metadata: labels: diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index d4faf13038..e902fe7114 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -33,8 +33,7 @@ max_retries = -1 signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_region_name }} project_domain_name = {{ .Values.keystone.heat_project_domain }} @@ -75,8 +74,7 @@ auth_section = "trustee_keystone" signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_trustee_region_name }} user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index ec01159e9f..4b3f30036a 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index ad5d75f138..3ce06a12a1 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index ae19b217a9..66981c9f0d 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,8 +1,8 @@ -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} -{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} +{{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user -{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} -{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} +{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }} +{{- $ksStackUserSecret := .Values.keystone_secrets.stack }} apiVersion: batch/v1 kind: Job metadata: @@ -78,7 +78,7 @@ spec: {{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE - value: {{ .Values.keystone.heat_trustee_user_role | quote }} + value: {{ .Values.keystone.heat_trustee_role | quote }} - name: heat-ks-domain-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} diff --git a/heat/templates/secret-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml index 275c1d2798..ddbc7cece2 100644 --- a/heat/templates/secret-keystone-admin.env.yaml +++ b/heat/templates/secret-keystone-admin.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-admin + name: {{ .Values.keystone_secrets.admin }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml index e95e5f3f8a..703bd37097 100644 --- a/heat/templates/secret-keystone-stack-user.env.yaml +++ b/heat/templates/secret-keystone-stack-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-stack-user + name: {{ .Values.keystone_secrets.stack }} type: Opaque data: OS_REGION_NAME: | diff --git a/heat/templates/secret-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml index 72a74bdf14..63db347e87 100644 --- a/heat/templates/secret-keystone-trustee.env.yaml +++ b/heat/templates/secret-keystone-trustee.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-trustee + name: {{ .Values.keystone_secrets.trustee }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml index c3730107e8..f54a264f1b 100644 --- a/heat/templates/secret-keystone-user.env.yaml +++ b/heat/templates/secret-keystone-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-user + name: {{ .Values.keystone_secrets.user }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 8b79d9f4a4..0478e39173 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -4,7 +4,7 @@ metadata: name: heat-engine spec: serviceName: heat-engine - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.engine }} template: metadata: labels: diff --git a/heat/values.yaml b/heat/values.yaml index dca675b541..6373aa22de 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -3,7 +3,12 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 + +replicas: + api: 1 + cfn: 1 + cloudwatch: 1 + engine: 1 labels: node_selector_key: openstack-control-plane @@ -22,6 +27,12 @@ images: engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 pull_policy: "IfNotPresent" +keystone_secrets: + admin: "heat-env-keystone-admin" + user: "heat-env-keystone-user" + trustee: "heat-env-keystone-trustee" + stack: "heat-env-keystone-stack-user" + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" @@ -42,7 +53,7 @@ keystone: heat_trustee_user: "heat-trust" heat_trustee_user_domain: "default" - heat_trustee_user_role: "admin" + heat_trustee_role: "admin" heat_trustee_password: "password" heat_trustee_project_name: "service" heat_trustee_project_domain: "default" From c9d27bac4d84cb5dd8fe2d393c7f54896ce6485c Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:08:46 -0800 Subject: [PATCH 24/39] Add rolling update parameters to all current charts This ensures that all charts have a consistent and overridable approach to their pod replacement strategies, along with sane defaults. --- glance/templates/api.yaml | 9 +++++++++ glance/values.yaml | 7 +++++++ horizon/templates/deployment.yaml | 8 ++++++++ horizon/values.yaml | 7 +++++++ keystone/templates/deployment.yaml | 8 ++++++++ keystone/values.yaml | 7 +++++++ memcached/templates/deployment.yaml | 8 ++++++++ memcached/values.yaml | 7 +++++++ neutron/templates/deployment-server.yaml | 8 ++++++++ neutron/values.yaml | 7 +++++++ rabbitmq/templates/deployment.yaml | 8 ++++++++ rabbitmq/values.yaml | 8 +++++++- 12 files changed, 91 insertions(+), 1 deletion(-) diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index 659e53a399..53e9cc77b0 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -4,6 +4,14 @@ metadata: name: glance-api spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: @@ -37,6 +45,7 @@ spec: spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: - name: glance-api image: {{ .Values.images.api }} diff --git a/glance/values.yaml b/glance/values.yaml index a94a1bcc1c..a3c6886a54 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -17,6 +17,13 @@ images: post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 2baa6bc36f..f3a65f02e7 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: horizon spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/horizon/values.yaml b/horizon/values.yaml index 6de7d8e116..a7d97e6121 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -10,6 +10,13 @@ images: horizon: quay.io/stackanetes/stackanetes-horizon:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: node_selector_key: openstack-control-plane node_selector_value: enabled diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 2a94d2498c..827cb9c3b9 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: keystone-api spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/keystone/values.yaml b/keystone/values.yaml index 80801204e7..a89452e14d 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -16,6 +16,13 @@ images: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: version: v3 scheme: http diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 41dd4faa0e..020265758e 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: memcached spec: replicas: {{ .Values.resources.memcached.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/memcached/values.yaml b/memcached/values.yaml index 16c0e7020c..c00dcdcc03 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -7,6 +7,13 @@ images: memcached: quay.io/stackanetes/stackanetes-memcached:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: node_selector_key: openstack-control-plane node_selector_value: enabled diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 21004eb353..a9c37a3458 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -4,6 +4,14 @@ metadata: name: neutron-server spec: replicas: {{ .Values.replicas.server }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/neutron/values.yaml b/neutron/values.yaml index f37c9006bd..434ea41fd7 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -20,6 +20,13 @@ images: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: # ovs is a special case, requiring a special # label that can apply to both control hosts diff --git a/rabbitmq/templates/deployment.yaml b/rabbitmq/templates/deployment.yaml index 21bbd5f8fa..d4c19ccf9c 100644 --- a/rabbitmq/templates/deployment.yaml +++ b/rabbitmq/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: rabbitmq spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 1efabe6964..8d44741b0b 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -8,7 +8,13 @@ replicas: "1" # this must be quoted to deal with atoi labels: node_selector_key: openstack-control-plane node_selector_value: enabled - + +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 auth: default_user: openstack default_pass: password From 0a481a8ef2bd5c2bf91d9ce1a51eb37909355e36 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:18:58 -0800 Subject: [PATCH 25/39] Consistent config map hashing across all existing charts * These annotations ensure that if configmaps change, the pods are redeployed according to their upgrade strategy. * This change excludes glance which has a pull request in progress to refactor it. --- keystone/templates/deployment.yaml | 2 ++ neutron/templates/daemonset-dhcp-agent.yaml | 3 +++ neutron/templates/daemonset-l3-agent.yaml | 3 +++ neutron/templates/daemonset-metadata-agent.yaml | 3 +++ neutron/templates/daemonset-ovs-agent.yaml | 3 +++ neutron/templates/daemonset-ovs-db.yaml | 3 +++ neutron/templates/daemonset-ovs-vswitchd.yaml | 3 +++ neutron/templates/deployment-server.yaml | 3 +++ rabbitmq/templates/{bin-configmap.yaml => configmap-bin.yaml} | 0 rabbitmq/templates/deployment.yaml | 2 ++ 10 files changed, 25 insertions(+) rename rabbitmq/templates/{bin-configmap.yaml => configmap-bin.yaml} (100%) diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 827cb9c3b9..49917adaed 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -17,6 +17,8 @@ spec: labels: app: keystone-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index d34c6d9906..11ef4e05c9 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-dhcp-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 7fb63e7635..7428f94419 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-l3-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index d8e8daaaf0..2ffc16df5c 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-metadata-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 9cea0896b7..f1518ab3aa 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml index f817fa92bf..6b877abff9 100644 --- a/neutron/templates/daemonset-ovs-db.yaml +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-db + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-vswitchd.yaml b/neutron/templates/daemonset-ovs-vswitchd.yaml index 9db15ac4cf..b07047e376 100644 --- a/neutron/templates/daemonset-ovs-vswitchd.yaml +++ b/neutron/templates/daemonset-ovs-vswitchd.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-vswitchd + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index a9c37a3458..66aa7412d7 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -16,6 +16,9 @@ spec: metadata: labels: app: neutron-server + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} diff --git a/rabbitmq/templates/bin-configmap.yaml b/rabbitmq/templates/configmap-bin.yaml similarity index 100% rename from rabbitmq/templates/bin-configmap.yaml rename to rabbitmq/templates/configmap-bin.yaml diff --git a/rabbitmq/templates/deployment.yaml b/rabbitmq/templates/deployment.yaml index d4c19ccf9c..d622f8c56e 100644 --- a/rabbitmq/templates/deployment.yaml +++ b/rabbitmq/templates/deployment.yaml @@ -16,6 +16,8 @@ spec: metadata: labels: app: rabbitmq + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} From 7c6e26f1ba21bf28229fe8d32e0cb8e1fa213ff8 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:33:04 -0800 Subject: [PATCH 26/39] Add rolling update and template hashing to new nova chart --- nova/templates/daemonset-compute.yaml | 2 ++ nova/templates/daemonset-libvirt.yaml | 2 ++ nova/templates/deployment-api-metadata.yaml | 10 ++++++++++ nova/templates/deployment-api-osapi.yaml | 10 ++++++++++ nova/templates/deployment-conductor.yaml | 10 ++++++++++ nova/templates/deployment-consoleauth.yaml | 10 ++++++++++ nova/templates/deployment-scheduler.yaml | 10 ++++++++++ nova/values.yaml | 7 +++++++ 8 files changed, 61 insertions(+) diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 60529cfbb0..26299ea050 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-compute annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 31d442e14b..6ffa346f1f 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-libvirt annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index a81444e5c5..52e21cc12b 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -4,11 +4,21 @@ metadata: name: nova-api spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index b9a50bbf8b..5c294db27e 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -4,11 +4,21 @@ metadata: name: nova-osapi spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-osapi annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 5ff5239381..e5977ef417 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -4,11 +4,21 @@ metadata: name: nova-conductor spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-conductor annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 52596ae6e1..d5688579ff 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -4,11 +4,21 @@ metadata: name: nova-consoleauth spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-consoleauth annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 6188cd7bf5..27cf414e1e 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -4,11 +4,21 @@ metadata: name: nova-scheduler spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-scheduler annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/values.yaml b/nova/values.yaml index d4f315f94a..179eae08c3 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -26,6 +26,13 @@ image: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + network: ip_address: "0.0.0.0" # TODO(DTadrzak): move external IPs to common, this variable should be shared with From adbe8f75408f0045c2ee9b35ed1f58f53839b582 Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:05:49 +0000 Subject: [PATCH 27/39] OpenStack Cinder WIP Cinder WIP --- Makefile | 9 +- cinder/Chart.yaml | 3 + cinder/requirements.yaml | 4 + cinder/templates/_helpers.tpl | 73 +++++++++ .../config/cinder-api-paste.ini.yaml | 7 + cinder/templates/config/cinder-api.conf.yaml | 7 + .../config/cinder-backend-rbd1.conf.yaml | 7 + .../config/cinder-backends.conf.yaml | 7 + .../config/cinder-concurrency.conf.yaml | 7 + cinder/templates/config/cinder-db.conf.yaml | 8 + .../templates/config/cinder-glance.conf.yaml | 7 + .../config/cinder-keystone-admin.env.yaml | 20 +++ .../config/cinder-keystone.conf.yaml | 22 +++ cinder/templates/config/cinder-log.conf.yaml | 7 + .../config/cinder-messaging.conf.yaml | 8 + .../config/contents/_cinder-api-paste.ini.tpl | 75 ++++++++++ .../config/contents/_cinder-api.conf.tpl | 12 ++ .../contents/_cinder-backend-rbd1.conf.tpl | 11 ++ .../config/contents/_cinder-backends.conf.tpl | 2 + .../contents/_cinder-concurrency.conf.tpl | 2 + .../config/contents/_cinder-db.conf.tpl | 3 + .../config/contents/_cinder-glance.conf.tpl | 3 + .../config/contents/_cinder-keystone.conf.tpl | 13 ++ .../config/contents/_cinder-log.conf.tpl | 4 + .../contents/_cinder-messaging.conf.tpl | 5 + cinder/templates/deployments/api/api.sh.yaml | 7 + cinder/templates/deployments/api/api.yaml | 138 ++++++++++++++++++ .../templates/deployments/api/bin/_api.sh.tpl | 19 +++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + cinder/templates/jobs/db/init/db-init.sh.yaml | 7 + cinder/templates/jobs/db/init/db-init.yaml | 54 +++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 +++ cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 + cinder/templates/jobs/db/sync/db-sync.yaml | 69 +++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 ++++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 +++++++++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 +++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 54 +++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 +++++++ .../jobs/keystone/user/ks-user.sh.yaml | 7 + .../templates/jobs/keystone/user/ks-user.yaml | 82 +++++++++++ cinder/templates/service-api.yaml | 9 ++ cinder/values.yaml | 110 ++++++++++++++ docs/developer/minikube.md | 1 + 46 files changed, 1210 insertions(+), 3 deletions(-) create mode 100644 cinder/Chart.yaml create mode 100644 cinder/requirements.yaml create mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml create mode 100644 cinder/templates/config/cinder-api.conf.yaml create mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml create mode 100644 cinder/templates/config/cinder-backends.conf.yaml create mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml create mode 100644 cinder/templates/config/cinder-db.conf.yaml create mode 100644 cinder/templates/config/cinder-glance.conf.yaml create mode 100644 cinder/templates/config/cinder-keystone-admin.env.yaml create mode 100644 cinder/templates/config/cinder-keystone.conf.yaml create mode 100644 cinder/templates/config/cinder-log.conf.yaml create mode 100644 cinder/templates/config/cinder-messaging.conf.yaml create mode 100644 cinder/templates/config/contents/_cinder-api-paste.ini.tpl create mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/deployments/api/api.sh.yaml create mode 100644 cinder/templates/deployments/api/api.yaml create mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl create mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml create mode 100644 cinder/templates/jobs/db/init/db-init.yaml create mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 cinder/templates/jobs/db/sync/db-sync.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml create mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 cinder/templates/jobs/keystone/user/ks-user.yaml create mode 100644 cinder/templates/service-api.yaml create mode 100644 cinder/values.yaml diff --git a/Makefile b/Makefile index e3c08d22c4..9915074e28 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,13 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron cinder heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack +CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack + common: build-common @@ -19,6 +20,8 @@ mariadb: build-mariadb keystone: build-keystone +cinder: build-cinder + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml new file mode 100644 index 0000000000..890af01e45 --- /dev/null +++ b/cinder/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for cinder +name: cinder +version: 0.1.0 diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/cinder/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 0000000000..80039684b4 --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml new file mode 100644 index 0000000000..a0d87145f7 --- /dev/null +++ b/cinder/templates/config/cinder-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml new file mode 100644 index 0000000000..ae0df4269b --- /dev/null +++ b/cinder/templates/config/cinder-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-api +data: + cinder-api.conf: |+ +{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml new file mode 100644 index 0000000000..1beb401635 --- /dev/null +++ b/cinder/templates/config/cinder-backend-rbd1.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backend-rbd1 +data: + cinder-backend-rbd1.conf: |+ +{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml new file mode 100644 index 0000000000..b5f839c5e6 --- /dev/null +++ b/cinder/templates/config/cinder-backends.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backends +data: + cinder-backends.conf: |+ +{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml new file mode 100644 index 0000000000..3385d54bc0 --- /dev/null +++ b/cinder/templates/config/cinder-concurrency.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-concurrency +data: + cinder-concurrency.conf: |+ +{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml new file mode 100644 index 0000000000..80a10531fe --- /dev/null +++ b/cinder/templates/config/cinder-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-db +type: Opaque +data: + cinder-db.conf: | +{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml new file mode 100644 index 0000000000..a1c7e91a96 --- /dev/null +++ b/cinder/templates/config/cinder-glance.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-glance +data: + cinder-glance.conf: |+ +{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/config/cinder-keystone-admin.env.yaml new file mode 100644 index 0000000000..885c58076b --- /dev/null +++ b/cinder/templates/config/cinder-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/config/cinder-keystone.conf.yaml new file mode 100644 index 0000000000..992a6d43bd --- /dev/null +++ b/cinder/templates/config/cinder-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-keystone +type: Opaque +data: + cinder-keystone.conf: | +{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.cinder_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.cinder_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.cinder_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.cinder_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.cinder_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml new file mode 100644 index 0000000000..683a58930c --- /dev/null +++ b/cinder/templates/config/cinder-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-log +data: + cinder-log.conf: |+ +{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml new file mode 100644 index 0000000000..0645feed73 --- /dev/null +++ b/cinder/templates/config/cinder-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-messaging +type: Opaque +data: + cinder-messaging.conf: | +{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl new file mode 100644 index 0000000000..a761f53d07 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl @@ -0,0 +1,75 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl new file mode 100644 index 0000000000..b4ac662150 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api.conf.tpl @@ -0,0 +1,12 @@ +[DEFAULT] +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl new file mode 100644 index 0000000000..abd6eeda39 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl @@ -0,0 +1,11 @@ +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl new file mode 100644 index 0000000000..62a1dbcc41 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backends.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl new file mode 100644 index 0000000000..06be34ce23 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl @@ -0,0 +1,2 @@ +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl new file mode 100644 index 0000000000..1b67679065 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl new file mode 100644 index 0000000000..31807c7aa3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-glance.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl new file mode 100644 index 0000000000..1311ed69db --- /dev/null +++ b/cinder/templates/config/contents/_cinder-keystone.conf.tpl @@ -0,0 +1,13 @@ +[DEFAULT] +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl new file mode 100644 index 0000000000..a0ec3d1f2f --- /dev/null +++ b/cinder/templates/config/contents/_cinder-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl new file mode 100644 index 0000000000..819bd099f3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml new file mode 100644 index 0000000000..bda7100b28 --- /dev/null +++ b/cinder/templates/deployments/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml new file mode 100644 index 0000000000..63e40bd604 --- /dev/null +++ b/cinder/templates/deployments/api/api.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: cinder-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-lib-cinder-tmp + mountPath: /var/lib/cinder/tmp + - name: cinder-ini-api-paste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinder-conf-api + mountPath: /etc/cinder/conf/cinder-api.conf + subPath: cinder-api.conf + readOnly: true + - name: cinder-conf-backends + mountPath: /etc/cinder/conf/cinder-backends.conf + subPath: cinder-backends.conf + readOnly: true + - name: cinder-conf-backend-rbd1 + mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf + subPath: cinder-backend-rbd1.conf + readOnly: true + - name: cinder-conf-concurrency + mountPath: /etc/cinder/conf/cinder-concurrency.conf + subPath: cinder-concurrency.conf + readOnly: true + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-glance + mountPath: /etc/cinder/conf/cinder-glance.conf + subPath: cinder-glance.conf + readOnly: true + - name: cinder-conf-keystone + mountPath: /etc/cinder/conf/cinder-keystone.conf + subPath: cinder-keystone.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + - name: cinder-conf-messaging + mountPath: /etc/cinder/conf/cinder-messaging.conf + subPath: cinder-messaging.conf + readOnly: true + volumes: + - name: cinder-api-sh + configMap: + name: cinder-api-sh + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-lib-cinder-tmp + emptyDir: {} + - name: cinder-ini-api-paste + configMap: + name: cinder-ini-api-paste + - name: cinder-conf-api + configMap: + name: cinder-conf-api + - name: cinder-conf-backends + configMap: + name: cinder-conf-backends + - name: cinder-conf-backend-rbd1 + configMap: + name: cinder-conf-backend-rbd1 + - name: cinder-conf-concurrency + configMap: + name: cinder-conf-concurrency + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-glance + configMap: + name: cinder-conf-glance + - name: cinder-conf-keystone + secret: + secretName: cinder-conf-keystone + - name: cinder-conf-log + configMap: + name: cinder-conf-log + - name: cinder-conf-messaging + secret: + secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl new file mode 100644 index 0000000000..91e4f3a933 --- /dev/null +++ b/cinder/templates/deployments/api/bin/_api.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..66e953e971 --- /dev/null +++ b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 0000000000..74875985bf --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/jobs/db/init/db-init.yaml new file mode 100644 index 0000000000..4c27f8c888 --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: cinder-db-init-sh diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..a36edc6c92 --- /dev/null +++ b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 0000000000..f395f01ecc --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 0000000000..ba4d31efb1 --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: cinder-db-sync-sh + - name: pod-etc-cinder + emptyDir: {} + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-log + configMap: + name: cinder-conf-log diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100644 index 0000000000..264d1b1384 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SERVICE_INTERFACE} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100644 index 0000000000..b4841d89d4 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100644 index 0000000000..1c23325d6f --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,130 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-endpoints-v1-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v2-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v3-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 0000000000..4777d08c48 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 0000000000..e4ea00a37f --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 0000000000..3893433885 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-service-v1 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volume" + - name: cinder-ks-service-v2 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev2" + - name: cinder-ks-service-v3 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev3" + volumes: + - name: ks-service-sh + configMap: + name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 0000000000..fdc7358b32 --- /dev/null +++ b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 0000000000..52e6941d0c --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 0000000000..06c4e8637f --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "cinder" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.cinder_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: cinder-ks-user-sh diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml new file mode 100644 index 0000000000..809211c92a --- /dev/null +++ b/cinder/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml new file mode 100644 index 0000000000..0fd2966596 --- /dev/null +++ b/cinder/values.yaml @@ -0,0 +1,110 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: quay.io/stackanetes/stackanetes-cinder-api:newton + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + cinder_user: "cinder" + cinder_user_domain: "default" + cinder_user_role: "admin" + cinder_password: "password" + cinder_project_name: "service" + cinder_project_domain: "default" + cinder_region_name: "RegionOne" + +service: + api: + name: "cinder-api" + port: 8776 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + cinder_database_name: cinder + cinder_password: password + cinder_user: cinder + +backends: + enabled: + - rbd1 + rbd1: + secret: "" + user: "cinder" + pool: "volumes" + +glance: + proto: "http" + host: "glance-api" + port: 9292 + version: 2 + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + + +api: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - cinder-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - cinder-ks-service + service: + - keystone-api + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + service: + - mariadb + - keystone-api diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 4ee88495a8..1058a984ed 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -160,6 +160,7 @@ $ helm install --name=memcached local/memcached --namespace=openstack $ helm install --name=rabbitmq local/rabbitmq --namespace=openstack $ helm install --name=keystone local/keystone --namespace=openstack $ helm install --name=horizon local/horizon --namespace=openstack +$ helm install --name=cinder local/cinder --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack From 4479a0d93fabd34d84bb6412635b34137f97885c Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 02:09:40 +0000 Subject: [PATCH 28/39] Cinder Refactor WIP This work is dependant on the Common Chart elements introduced with the Heat PR, and should not be merged prior to https://github.com/att-comdev/openstack-helm/pull/77 --- cinder/templates/_helpers.tpl | 73 --------- cinder/templates/bin/_db-init.sh.tpl | 21 +++ .../config/cinder-api-paste.ini.yaml | 7 - cinder/templates/config/cinder-api.conf.yaml | 7 - .../config/cinder-backend-rbd1.conf.yaml | 7 - .../config/cinder-backends.conf.yaml | 7 - .../config/cinder-concurrency.conf.yaml | 7 - cinder/templates/config/cinder-db.conf.yaml | 8 - .../templates/config/cinder-glance.conf.yaml | 7 - cinder/templates/config/cinder-log.conf.yaml | 7 - .../config/cinder-messaging.conf.yaml | 8 - .../config/contents/_cinder-api.conf.tpl | 12 -- .../contents/_cinder-backend-rbd1.conf.tpl | 11 -- .../config/contents/_cinder-backends.conf.tpl | 2 - .../contents/_cinder-concurrency.conf.tpl | 2 - .../config/contents/_cinder-db.conf.tpl | 3 - .../config/contents/_cinder-glance.conf.tpl | 3 - .../config/contents/_cinder-keystone.conf.tpl | 13 -- .../config/contents/_cinder-log.conf.tpl | 4 - .../contents/_cinder-messaging.conf.tpl | 5 - cinder/templates/configmap-bin.yaml | 13 ++ cinder/templates/configmap-etc.yaml | 9 ++ cinder/templates/deployment-api.yaml | 76 ++++++++++ cinder/templates/deployments/api/api.sh.yaml | 7 - cinder/templates/deployments/api/api.yaml | 138 ------------------ .../templates/deployments/api/bin/_api.sh.tpl | 19 --- .../_cinder-api-paste.ini.tpl | 0 cinder/templates/etc/_cinder.conf.tpl | 57 ++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 32 ++-- cinder/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ cinder/templates/job-ks-service.yaml | 59 ++++++++ .../user/ks-user.yaml => job-ks-user.yaml} | 44 ++---- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - cinder/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../endpoints/bin/_ks-endpoints.sh.tpl | 63 -------- .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 ----------------- .../keystone/service/bin/_ks-service.sh.tpl | 35 ----- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/service/ks-service.yaml | 54 ------- .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ------- .../jobs/keystone/user/ks-user.sh.yaml | 7 - ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...onf.yaml => secret-keystone-user.env.yaml} | 4 +- cinder/values.yaml | 37 +++++ 48 files changed, 366 insertions(+), 818 deletions(-) delete mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml delete mode 100644 cinder/templates/config/cinder-api.conf.yaml delete mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml delete mode 100644 cinder/templates/config/cinder-backends.conf.yaml delete mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml delete mode 100644 cinder/templates/config/cinder-db.conf.yaml delete mode 100644 cinder/templates/config/cinder-glance.conf.yaml delete mode 100644 cinder/templates/config/cinder-log.conf.yaml delete mode 100644 cinder/templates/config/cinder-messaging.conf.yaml delete mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/configmap-bin.yaml create mode 100644 cinder/templates/configmap-etc.yaml create mode 100644 cinder/templates/deployment-api.yaml delete mode 100644 cinder/templates/deployments/api/api.sh.yaml delete mode 100644 cinder/templates/deployments/api/api.yaml delete mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl rename cinder/templates/{config/contents => etc}/_cinder-api-paste.ini.tpl (100%) create mode 100644 cinder/templates/etc/_cinder.conf.tpl rename cinder/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename cinder/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 cinder/templates/job-ks-endpoints.yaml.yaml create mode 100644 cinder/templates/job-ks-service.yaml rename cinder/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (51%) delete mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml delete mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml rename cinder/templates/{config/cinder-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename cinder/templates/{config/cinder-keystone.conf.yaml => secret-keystone-user.env.yaml} (80%) diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl deleted file mode 100644 index 80039684b4..0000000000 --- a/cinder/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/cinder/templates/bin/_db-init.sh.tpl b/cinder/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..93bd518bb1 --- /dev/null +++ b/cinder/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_user }}' \ + password='{{ .Values.database.cinder_password }}' \ + host='%' \ + priv='{{ .Values.database.cinder_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml deleted file mode 100644 index a0d87145f7..0000000000 --- a/cinder/templates/config/cinder-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml deleted file mode 100644 index ae0df4269b..0000000000 --- a/cinder/templates/config/cinder-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-api -data: - cinder-api.conf: |+ -{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml deleted file mode 100644 index 1beb401635..0000000000 --- a/cinder/templates/config/cinder-backend-rbd1.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backend-rbd1 -data: - cinder-backend-rbd1.conf: |+ -{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml deleted file mode 100644 index b5f839c5e6..0000000000 --- a/cinder/templates/config/cinder-backends.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backends -data: - cinder-backends.conf: |+ -{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml deleted file mode 100644 index 3385d54bc0..0000000000 --- a/cinder/templates/config/cinder-concurrency.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-concurrency -data: - cinder-concurrency.conf: |+ -{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml deleted file mode 100644 index 80a10531fe..0000000000 --- a/cinder/templates/config/cinder-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-db -type: Opaque -data: - cinder-db.conf: | -{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml deleted file mode 100644 index a1c7e91a96..0000000000 --- a/cinder/templates/config/cinder-glance.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-glance -data: - cinder-glance.conf: |+ -{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml deleted file mode 100644 index 683a58930c..0000000000 --- a/cinder/templates/config/cinder-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-log -data: - cinder-log.conf: |+ -{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml deleted file mode 100644 index 0645feed73..0000000000 --- a/cinder/templates/config/cinder-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-messaging -type: Opaque -data: - cinder-messaging.conf: | -{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl deleted file mode 100644 index b4ac662150..0000000000 --- a/cinder/templates/config/contents/_cinder-api.conf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -[DEFAULT] -enable_v1_api = false -volume_name_template = %s - -osapi_volume_workers = {{ .Values.api.workers }} -osapi_volume_listen = 0.0.0.0 -osapi_volume_listen_port = {{ .Values.service.api.port }} - -api_paste_config = /etc/cinder/api-paste.ini - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl deleted file mode 100644 index abd6eeda39..0000000000 --- a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -[rbd1] -volume_driver = cinder.volume.drivers.rbd.RBDDriver -rbd_pool = {{ .Values.backends.rbd1.pool }} -rbd_ceph_conf = /etc/ceph/ceph.conf -rbd_flatten_volume_from_snapshot = false -rbd_max_clone_depth = 5 -rbd_store_chunk_size = 4 -rados_connect_timeout = -1 -rbd_user = {{ .Values.backends.rbd1.user }} -rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} -report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl deleted file mode 100644 index 62a1dbcc41..0000000000 --- a/cinder/templates/config/contents/_cinder-backends.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl deleted file mode 100644 index 06be34ce23..0000000000 --- a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl deleted file mode 100644 index 1b67679065..0000000000 --- a/cinder/templates/config/contents/_cinder-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} -max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl deleted file mode 100644 index 31807c7aa3..0000000000 --- a/cinder/templates/config/contents/_cinder-glance.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" -glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl deleted file mode 100644 index 1311ed69db..0000000000 --- a/cinder/templates/config/contents/_cinder-keystone.conf.tpl +++ /dev/null @@ -1,13 +0,0 @@ -[DEFAULT] -auth_strategy = keystone -os_region_name = {{ .Values.keystone.cinder_region_name }} - -[keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -project_domain_name = {{ .Values.keystone.cinder_project_domain }} -user_domain_name = {{ .Values.keystone.cinder_user_domain }} -project_name = {{ .Values.keystone.cinder_project_name }} -username = {{ .Values.keystone.cinder_user }} -password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl deleted file mode 100644 index a0ec3d1f2f..0000000000 --- a/cinder/templates/config/contents/_cinder-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl deleted file mode 100644 index 819bd099f3..0000000000 --- a/cinder/templates/config/contents/_cinder-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml new file mode 100644 index 0000000000..b549121df9 --- /dev/null +++ b/cinder/templates/configmap-bin.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml new file mode 100644 index 0000000000..d3c2bab33d --- /dev/null +++ b/cinder/templates/configmap-etc.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-etc +data: + cinder.conf: |+ +{{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml new file mode 100644 index 0000000000..4cd72f3acb --- /dev/null +++ b/cinder/templates/deployment-api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-api + - --config-dir + - /etc/cinder/conf + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml deleted file mode 100644 index bda7100b28..0000000000 --- a/cinder/templates/deployments/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml deleted file mode 100644 index 63e40bd604..0000000000 --- a/cinder/templates/deployments/api/api.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: cinder-api -spec: - replicas: {{ .Values.replicas }} - template: - metadata: - labels: - app: cinder-api - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - containers: - - name: cinder-api - image: {{ .Values.images.api }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/start.sh - ports: - - containerPort: {{ .Values.service.api.port }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.api.port }} - volumeMounts: - - name: cinder-api-sh - mountPath: /tmp/start.sh - subPath: start.sh - readOnly: true - - name: pod-etc-cinder - mountPath: /etc/cinder - - name: pod-var-lib-cinder-tmp - mountPath: /var/lib/cinder/tmp - - name: cinder-ini-api-paste - mountPath: /etc/cinder/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: cinder-conf-api - mountPath: /etc/cinder/conf/cinder-api.conf - subPath: cinder-api.conf - readOnly: true - - name: cinder-conf-backends - mountPath: /etc/cinder/conf/cinder-backends.conf - subPath: cinder-backends.conf - readOnly: true - - name: cinder-conf-backend-rbd1 - mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf - subPath: cinder-backend-rbd1.conf - readOnly: true - - name: cinder-conf-concurrency - mountPath: /etc/cinder/conf/cinder-concurrency.conf - subPath: cinder-concurrency.conf - readOnly: true - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-glance - mountPath: /etc/cinder/conf/cinder-glance.conf - subPath: cinder-glance.conf - readOnly: true - - name: cinder-conf-keystone - mountPath: /etc/cinder/conf/cinder-keystone.conf - subPath: cinder-keystone.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf - readOnly: true - - name: cinder-conf-messaging - mountPath: /etc/cinder/conf/cinder-messaging.conf - subPath: cinder-messaging.conf - readOnly: true - volumes: - - name: cinder-api-sh - configMap: - name: cinder-api-sh - - name: pod-etc-cinder - emptyDir: {} - - name: pod-var-lib-cinder-tmp - emptyDir: {} - - name: cinder-ini-api-paste - configMap: - name: cinder-ini-api-paste - - name: cinder-conf-api - configMap: - name: cinder-conf-api - - name: cinder-conf-backends - configMap: - name: cinder-conf-backends - - name: cinder-conf-backend-rbd1 - configMap: - name: cinder-conf-backend-rbd1 - - name: cinder-conf-concurrency - configMap: - name: cinder-conf-concurrency - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-glance - configMap: - name: cinder-conf-glance - - name: cinder-conf-keystone - secret: - secretName: cinder-conf-keystone - - name: cinder-conf-log - configMap: - name: cinder-conf-log - - name: cinder-conf-messaging - secret: - secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl deleted file mode 100644 index 91e4f3a933..0000000000 --- a/cinder/templates/deployments/api/bin/_api.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/etc/_cinder-api-paste.ini.tpl similarity index 100% rename from cinder/templates/config/contents/_cinder-api-paste.ini.tpl rename to cinder/templates/etc/_cinder-api-paste.ini.tpl diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl new file mode 100644 index 0000000000..1253606039 --- /dev/null +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -0,0 +1,57 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} + +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} + +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + + +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/job-db-init.yaml similarity index 88% rename from cinder/templates/jobs/db/init/db-init.yaml rename to cinder/templates/job-db-init.yaml index 4c27f8c888..6d59153ede 100644 --- a/cinder/templates/jobs/db/init/db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: cinder-db-init-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/job-db-sync.yaml similarity index 66% rename from cinder/templates/jobs/db/sync/db-sync.yaml rename to cinder/templates/job-db-sync.yaml index ba4d31efb1..6be19e7084 100644 --- a/cinder/templates/jobs/db/sync/db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -38,32 +38,22 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - cinder-manage + args: + - --config-dir + - /etc/cinder/conf + - db + - sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-cinder mountPath: /etc/cinder - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: cinder-db-sync-sh - name: pod-etc-cinder emptyDir: {} - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-log + - name: cinderconf configMap: - name: cinder-conf-log + name: cinder-etc diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 0000000000..e2e082bd64 --- /dev/null +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml new file mode 100644 index 0000000000..b22ee7aa3c --- /dev/null +++ b/cinder/templates/job-ks-service.yaml @@ -0,0 +1,59 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/job-ks-user.yaml similarity index 51% rename from cinder/templates/jobs/keystone/user/ks-user.yaml rename to cinder/templates/job-ks-user.yaml index 06c4e8637f..b8cdec3dd4 100644 --- a/cinder/templates/jobs/keystone/user/ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -1,3 +1,5 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -18,7 +20,7 @@ spec: }, { "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" }, { "name": "COMMAND", @@ -40,43 +42,19 @@ spec: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh + readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "cinder" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.cinder_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: cinder-ks-user-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 66e953e971..0000000000 --- a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 74875985bf..0000000000 --- a/cinder/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index a36edc6c92..0000000000 --- a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index f395f01ecc..0000000000 --- a/cinder/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl deleted file mode 100644 index 264d1b1384..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Get Service ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# Get Endpoint ID if it exists -OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ - grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ - awk -F ',' '{ print $1 }' ) - -# Making sure only a single endpoint exists for a service within a region -if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then - echo "More than one endpoint found, cleaning up" - for ENDPOINT_ID in $OS_ENDPOINT_ID; do - openstack endpoint delete ${ENDPOINT_ID} - done - unset OS_ENDPOINT_ID -fi - -# Determine if Endpoint needs updated -if [[ ${OS_ENDPOINT_ID} ]]; then - OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) - if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then - echo "Endpoints Match: no action required" - OS_ENDPOINT_UPDATE="False" - else - echo "Endpoints Dont Match: removing existing entries" - openstack endpoint delete ${OS_ENDPOINT_ID} - OS_ENDPOINT_UPDATE="True" - fi -else - OS_ENDPOINT_UPDATE="True" -fi - -# Update Endpoint if required -if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then - OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ - --region="${OS_REGION_NAME}" \ - "${OS_SERVICE_ID}" \ - ${OS_SERVICE_INTERFACE} \ - "${OS_SERVICE_ENDPOINT}" ) -fi - -# Display the Endpoint -openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100644 index b4841d89d4..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100644 index 1c23325d6f..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-endpoints-v1-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v2-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v3-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - volumes: - - name: ks-endpoints-sh - configMap: - name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl deleted file mode 100644 index 4777d08c48..0000000000 --- a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Service boilerplate description -OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" - -# Get Service ID if it exists -unset OS_SERVICE_ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# If a Service ID was not found, then create the service -if [[ -z ${OS_SERVICE_ID} ]]; then - OS_SERVICE_ID=$(openstack service create -f value -c id \ - --name="${OS_SERVICE_NAME}" \ - --description "${OS_SERVICE_DESC}" \ - --enable \ - "${OS_SERVICE_TYPE}") -fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index e4ea00a37f..0000000000 --- a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml deleted file mode 100644 index 3893433885..0000000000 --- a/cinder/templates/jobs/keystone/service/ks-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-service -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-service-v1 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volume" - - name: cinder-ks-service-v2 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev2" - - name: cinder-ks-service-v3 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev3" - volumes: - - name: ks-service-sh - configMap: - name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl deleted file mode 100644 index fdc7358b32..0000000000 --- a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Manage user project -USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - "${SERVICE_OS_PROJECT_NAME}"); - -# Display project -openstack project show "${USER_PROJECT_ID}" - -# Manage user -USER_ID=$(openstack user create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ - --password="${SERVICE_OS_PASSWORD}" \ - "${SERVICE_OS_USERNAME}"); - -# Display user -openstack user show "${USER_ID}" - -# Manage user role -USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ - "${SERVICE_OS_ROLE}"); - -# Manage user role assignment -openstack role add \ - --user="${USER_ID}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - "${USER_ROLE_ID}" - -# Display user role assignment -openstack role assignment list \ - --role="${SERVICE_OS_ROLE}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index 52e6941d0c..0000000000 --- a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml similarity index 100% rename from cinder/templates/config/cinder-keystone-admin.env.yaml rename to cinder/templates/secret-keystone-admin.env.yaml diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/secret-keystone-user.env.yaml similarity index 80% rename from cinder/templates/config/cinder-keystone.conf.yaml rename to cinder/templates/secret-keystone-user.env.yaml index 992a6d43bd..e0f5ad63af 100644 --- a/cinder/templates/config/cinder-keystone.conf.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: cinder-conf-keystone + name: cinder-env-keystone-user type: Opaque data: - cinder-keystone.conf: | -{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/cinder/values.yaml b/cinder/values.yaml index 0fd2966596..e0d7e35522 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -108,3 +108,40 @@ dependencies: service: - mariadb - keystone-api + +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + cinder: + hosts: + default: cinder-api + path: '/v1/%(tenant_id)s' + type: volume + scheme: 'http' + port: + api: 8776 + cinderv2: + name: cinder + hosts: + default: cinder-api + path: '/v2/%(tenant_id)s' + type: volumev2 + scheme: 'http' + port: + api: 8776 + cinderv3: + name: cinder + hosts: + default: cinder-api + path: '/v3/%(tenant_id)s' + type: volumev3 + scheme: 'http' + port: + api: 8776 From 1e94b125bf7fe0bbf006a8cfeb7fadabf10c6670 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:28:42 +0000 Subject: [PATCH 29/39] WIP Update cinder Endpoint and service creation to support multiple versions This commmit addresses issues with the endpoint layout in the values.yaml As a result it does for now not use the common functions for some tasks. --- cinder/templates/_helpers.tpl | 45 +++++++++++++++++++++ cinder/templates/job-ks-endpoints.yaml.yaml | 10 ++--- cinder/templates/job-ks-service.yaml | 8 ++-- cinder/values.yaml | 31 ++++++++++---- 4 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 cinder/templates/_helpers.tpl diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 0000000000..97ab3325eb --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,45 @@ +# This file is required because we use a slightly different endpoint layout in +# the values yaml, until we can make this change for all services. + + +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "endpoint_type_lookup_addr" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_type_lookup_addr" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint name lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "ks_endpoint_type" } +# will return "heat" + +{{- define "endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index e2e082bd64..999aed4e8d 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -32,9 +32,9 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} image: {{ $envAll.Values.images.ks_endpoints }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -52,11 +52,11 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "endpoint_type_lookup_addr" }} {{- end }} {{- end }} volumes: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index b22ee7aa3c..d7035eb834 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -32,8 +32,8 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} - - name: {{ $osServiceName }}-ks-service-registration +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} + - name: {{ $osServiceType }}-ks-service-registration image: {{ $envAll.Values.images.ks_service }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -49,9 +49,9 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} {{- end }} volumes: - name: ks-service-sh diff --git a/cinder/values.yaml b/cinder/values.yaml index e0d7e35522..c1956baa26 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -52,6 +52,16 @@ database: cinder_password: password cinder_user: cinder +ceph: + enabled: true + monitors: [] + cinder_user: "admin" + cinder_pool: "volumes" + # a null value for the keyring will + # attempt to use the key from + # common/secrets/ceph-client-key + cinder_keyring: null + backends: enabled: - rbd1 @@ -108,40 +118,45 @@ dependencies: service: - mariadb - keystone-api + volume: + service: + - keystone-api + - cinder-api +# We use a different layout of the endpoints here to account for versioning +# this swaps the service name and type, and should be rolled out to other +# services. endpoints: - keystone: + identity: + name: keystone hosts: default: keystone-api path: /v3 - type: identity scheme: 'http' port: admin: 35357 public: 5000 - cinder: + volume: + name: cinder hosts: default: cinder-api path: '/v1/%(tenant_id)s' - type: volume scheme: 'http' port: api: 8776 - cinderv2: + volumev2: name: cinder hosts: default: cinder-api path: '/v2/%(tenant_id)s' - type: volumev2 scheme: 'http' port: api: 8776 - cinderv3: + volumev3: name: cinder hosts: default: cinder-api path: '/v3/%(tenant_id)s' - type: volumev3 scheme: 'http' port: api: 8776 From f34441a373651b5db424a125eeeab775d8d9a4b7 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:52:29 +0000 Subject: [PATCH 30/39] Cinder Ceph RBD backend This commit adds support for a Ceph RBD backend --- cinder/templates/configmap-etc.yaml | 4 + cinder/templates/deployment-volume.yaml | 74 +++++++++++++++++++ cinder/templates/etc/_ceph-cinder.keyring.tpl | 6 ++ cinder/templates/etc/_ceph.conf.tpl | 16 ++++ cinder/values.yaml | 1 + 5 files changed, 101 insertions(+) create mode 100644 cinder/templates/deployment-volume.yaml create mode 100644 cinder/templates/etc/_ceph-cinder.keyring.tpl create mode 100644 cinder/templates/etc/_ceph.conf.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index d3c2bab33d..9563ed8707 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,3 +7,7 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + ceph.conf: |+ +{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} + ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ +{{ tuple "etc/_ceph-cinder.keyring.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml new file mode 100644 index 0000000000..24d5763679 --- /dev/null +++ b/cinder/templates/deployment-volume.yaml @@ -0,0 +1,74 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-volume +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-volume + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-volume + image: {{ .Values.images.volume }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-volume + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cephconf + configMap: + name: cinder-etc + - name: cephclientcinderkeyring + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_ceph-cinder.keyring.tpl b/cinder/templates/etc/_ceph-cinder.keyring.tpl new file mode 100644 index 0000000000..fb65f1ff57 --- /dev/null +++ b/cinder/templates/etc/_ceph-cinder.keyring.tpl @@ -0,0 +1,6 @@ +[client.{{ .Values.ceph.cinder_user }}] +{{- if .Values.ceph.cinder_keyring }} + key = {{ .Values.ceph.cinder_keyring }} +{{- else }} + key = {{- include "secrets/ceph-client-key" . -}} +{{- end }} diff --git a/cinder/templates/etc/_ceph.conf.tpl b/cinder/templates/etc/_ceph.conf.tpl new file mode 100644 index 0000000000..7d2576bf65 --- /dev/null +++ b/cinder/templates/etc/_ceph.conf.tpl @@ -0,0 +1,16 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.monitors }} +[mon] +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/cinder/values.yaml b/cinder/values.yaml index c1956baa26..a08d392372 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -17,6 +17,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" keystone: From 3f491f5be71343f1657b23ae3ec4b15f011c0997 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:59:56 +0000 Subject: [PATCH 31/39] Cinder add policy.json --- cinder/templates/configmap-etc.yaml | 2 + cinder/templates/deployment-api.yaml | 7 ++ cinder/templates/etc/_policy.json.tpl | 138 ++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 cinder/templates/etc/_policy.json.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 9563ed8707..bb3b8f8c04 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,6 +7,8 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} ceph.conf: |+ {{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 4cd72f3acb..037fdf91c2 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -63,6 +63,10 @@ spec: mountPath: /etc/cinder/api-paste.ini subPath: api-paste.ini readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true volumes: - name: pod-etc-cinder emptyDir: {} @@ -74,3 +78,6 @@ spec: - name: cinderpaste configMap: name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_policy.json.tpl b/cinder/templates/etc/_policy.json.tpl new file mode 100644 index 0000000000..8818372051 --- /dev/null +++ b/cinder/templates/etc/_policy.json.tpl @@ -0,0 +1,138 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True", + + "volume:create": "", + "volume:delete": "rule:admin_or_owner", + "volume:get": "rule:admin_or_owner", + "volume:get_all": "rule:admin_or_owner", + "volume:get_volume_metadata": "rule:admin_or_owner", + "volume:create_volume_metadata": "rule:admin_or_owner", + "volume:delete_volume_metadata": "rule:admin_or_owner", + "volume:update_volume_metadata": "rule:admin_or_owner", + "volume:get_volume_admin_metadata": "rule:admin_api", + "volume:update_volume_admin_metadata": "rule:admin_api", + "volume:get_snapshot": "rule:admin_or_owner", + "volume:get_all_snapshots": "rule:admin_or_owner", + "volume:create_snapshot": "rule:admin_or_owner", + "volume:delete_snapshot": "rule:admin_or_owner", + "volume:update_snapshot": "rule:admin_or_owner", + "volume:get_snapshot_metadata": "rule:admin_or_owner", + "volume:delete_snapshot_metadata": "rule:admin_or_owner", + "volume:update_snapshot_metadata": "rule:admin_or_owner", + "volume:extend": "rule:admin_or_owner", + "volume:update_readonly_flag": "rule:admin_or_owner", + "volume:retype": "rule:admin_or_owner", + "volume:update": "rule:admin_or_owner", + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:access_types_qos_specs_id": "rule:admin_api", + "volume_extension:access_types_extra_specs": "rule:admin_api", + "volume_extension:volume_type_access": "rule:admin_or_owner", + "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api", + "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api", + "volume_extension:volume_type_encryption": "rule:admin_api", + "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", + "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner", + "volume_extension:volume_image_metadata": "rule:admin_or_owner", + + "volume_extension:quotas:show": "", + "volume_extension:quotas:update": "rule:admin_api", + "volume_extension:quotas:delete": "rule:admin_api", + "volume_extension:quota_classes": "rule:admin_api", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api", + + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", + "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", + "volume_extension:backup_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", + + "volume_extension:volume_actions:upload_public": "rule:admin_api", + "volume_extension:volume_actions:upload_image": "rule:admin_or_owner", + + "volume_extension:volume_host_attribute": "rule:admin_api", + "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", + "volume_extension:volume_mig_status_attribute": "rule:admin_api", + "volume_extension:hosts": "rule:admin_api", + "volume_extension:services:index": "rule:admin_api", + "volume_extension:services:update" : "rule:admin_api", + + "volume_extension:volume_manage": "rule:admin_api", + "volume_extension:volume_unmanage": "rule:admin_api", + "volume_extension:list_manageable": "rule:admin_api", + + "volume_extension:capabilities": "rule:admin_api", + + "volume:create_transfer": "rule:admin_or_owner", + "volume:accept_transfer": "", + "volume:delete_transfer": "rule:admin_or_owner", + "volume:get_transfer": "rule:admin_or_owner", + "volume:get_all_transfers": "rule:admin_or_owner", + + "volume_extension:replication:promote": "rule:admin_api", + "volume_extension:replication:reenable": "rule:admin_api", + + "volume:failover_host": "rule:admin_api", + "volume:freeze_host": "rule:admin_api", + "volume:thaw_host": "rule:admin_api", + + "backup:create" : "", + "backup:delete": "rule:admin_or_owner", + "backup:get": "rule:admin_or_owner", + "backup:get_all": "rule:admin_or_owner", + "backup:restore": "rule:admin_or_owner", + "backup:backup-import": "rule:admin_api", + "backup:backup-export": "rule:admin_api", + "backup:update": "rule:admin_or_owner", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "", + "snapshot_extension:snapshot_manage": "rule:admin_api", + "snapshot_extension:snapshot_unmanage": "rule:admin_api", + "snapshot_extension:list_manageable": "rule:admin_api", + + "consistencygroup:create" : "group:nobody", + "consistencygroup:delete": "group:nobody", + "consistencygroup:update": "group:nobody", + "consistencygroup:get": "group:nobody", + "consistencygroup:get_all": "group:nobody", + + "consistencygroup:create_cgsnapshot" : "group:nobody", + "consistencygroup:delete_cgsnapshot": "group:nobody", + "consistencygroup:get_cgsnapshot": "group:nobody", + "consistencygroup:get_all_cgsnapshots": "group:nobody", + + "group:group_types_manage": "rule:admin_api", + "group:group_types_specs": "rule:admin_api", + "group:access_group_types_specs": "rule:admin_api", + "group:group_type_access": "rule:admin_or_owner", + + "group:create" : "", + "group:delete": "rule:admin_or_owner", + "group:update": "rule:admin_or_owner", + "group:get": "rule:admin_or_owner", + "group:get_all": "rule:admin_or_owner", + + "group:create_group_snapshot": "", + "group:delete_group_snapshot": "rule:admin_or_owner", + "group:update_group_snapshot": "rule:admin_or_owner", + "group:get_group_snapshot": "rule:admin_or_owner", + "group:get_all_group_snapshots": "rule:admin_or_owner", + + "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api", + "message:delete": "rule:admin_or_owner", + "message:get": "rule:admin_or_owner", + "message:get_all": "rule:admin_or_owner", + + "clusters:get": "rule:admin_api", + "clusters:get_all": "rule:admin_api", + "clusters:update": "rule:admin_api" +} From 3163f1e64cb5edb15692f5876e8d37f1848edb0d Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:06:56 +0000 Subject: [PATCH 32/39] Add configmap hashing and rolling update to cinder This brings Cinder in line with the following PRs: * https://github.com/att-comdev/openstack-helm/pull/98 * https://github.com/att-comdev/openstack-helm/pull/97 --- cinder/templates/deployment-api.yaml | 12 +++++++++++- cinder/templates/deployment-volume.yaml | 12 +++++++++++- cinder/values.yaml | 11 ++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 037fdf91c2..6abc136d1a 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 24d5763679..81922f5a5c 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-volume spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.volume }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-volume annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/values.yaml b/cinder/values.yaml index a08d392372..2da493a3db 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -3,7 +3,9 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 +replicas: + api: 1 + volume: 1 labels: node_selector_key: openstack-control-plane @@ -20,6 +22,13 @@ images: volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" From a5688da7f5e51da62a19679e266498c4fcf78195 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:17:18 +0000 Subject: [PATCH 33/39] Fix Cinder conf Keystone Endpoint --- cinder/templates/etc/_cinder.conf.tpl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 1253606039..2934c28e49 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,8 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 192bcd69cc372095b4f988536f618ff21dde0695 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 03:02:59 +0000 Subject: [PATCH 34/39] Cinder revert cinder.conf keystone endpoints Untill the endpoint values.yaml is brought into line with other services, we need to use the old method of setting the keystone URL in cinder.conf. --- cinder/templates/etc/_cinder.conf.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 2934c28e49..9ffe740629 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,7 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_url = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ .Values.keystone.auth_url }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 831f63d486ccb08f92a71434b3541a622f1788b4 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 10 Jan 2017 19:03:57 +0000 Subject: [PATCH 35/39] Update Cinder PR to enable Ceph Backend --- cinder/templates/deployment-scheduler.yaml | 88 ++++++++++++++++++++++ cinder/templates/etc/_cinder.conf.tpl | 8 ++ cinder/values.yaml | 11 ++- 3 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 cinder/templates/deployment-scheduler.yaml diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml new file mode 100644 index 0000000000..fabcf3361a --- /dev/null +++ b/cinder/templates/deployment-scheduler.yaml @@ -0,0 +1,88 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-scheduler +spec: + replicas: {{ .Values.replicas.scheduler }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} + template: + metadata: + labels: + app: cinder-scheduler + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-scheduler + image: {{ .Values.images.scheduler }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-scheduler + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 9ffe740629..a576fe1fa0 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -20,6 +20,10 @@ enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} auth_strategy = keystone os_region_name = {{ .Values.keystone.cinder_region_name }} +# ensures that our volume worker service-list doesn't +# explode with dead agents from terminated containers +# by pinning the agent identifier +host=cinder-volume-worker [database] connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} @@ -51,6 +55,10 @@ rbd_flatten_volume_from_snapshot = false rbd_max_clone_depth = 5 rbd_store_chunk_size = 4 rados_connect_timeout = -1 +{{- if .Values.backends.rbd1.secret }} rbd_user = {{ .Values.backends.rbd1.user }} +{{- else }} +rbd_secret_uuid = {{- include "secrets/ceph-client-key" . -}} +{{- end }} rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} report_discard_supported = True diff --git a/cinder/values.yaml b/cinder/values.yaml index 2da493a3db..5ea0cb62a9 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -6,6 +6,7 @@ replicas: api: 1 volume: 1 + scheduler: 1 labels: node_selector_key: openstack-control-plane @@ -19,6 +20,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" @@ -66,7 +68,6 @@ ceph: enabled: true monitors: [] cinder_user: "admin" - cinder_pool: "volumes" # a null value for the keyring will # attempt to use the key from # common/secrets/ceph-client-key @@ -76,8 +77,8 @@ backends: enabled: - rbd1 rbd1: - secret: "" - user: "cinder" + secret: null + user: "admin" pool: "volumes" glance: @@ -132,6 +133,10 @@ dependencies: service: - keystone-api - cinder-api + scheduler: + service: + - keystone-api + - cinder-api # We use a different layout of the endpoints here to account for versioning # this swaps the service name and type, and should be rolled out to other From d5d3a6fda55be913125382b7c11b6ba232b3490f Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 10 Jan 2017 15:22:50 -0800 Subject: [PATCH 36/39] Fix daemonset dependency name to match neutron rename --- nova/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/values.yaml b/nova/values.yaml index 179eae08c3..3444ef8183 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -149,7 +149,7 @@ dependencies: - keystone-api - nova-api daemonset: - - nova-libvirt + - ovs-agent libvirt: jobs: - nova-init From 6f124d51072faa350da668708f9547070f833f19 Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Wed, 11 Jan 2017 15:01:58 +0100 Subject: [PATCH 37/39] Adding NodeSelector field to Jobs According to #101 Signed-off-by: DTadrzak --- cinder/templates/job-db-init.yaml | 2 ++ cinder/templates/job-db-sync.yaml | 2 ++ cinder/templates/job-ks-endpoints.yaml.yaml | 2 ++ cinder/templates/job-ks-service.yaml | 2 ++ cinder/templates/job-ks-user.yaml | 2 ++ glance/templates/db-sync.yaml | 2 ++ glance/templates/init.yaml | 2 ++ heat/templates/job-db-init.yaml | 2 ++ heat/templates/job-db-sync.yaml | 2 ++ heat/templates/job-ks-endpoints.yaml.yaml | 2 ++ heat/templates/job-ks-service.yaml | 2 ++ heat/templates/job-ks-user.yaml | 2 ++ keystone/templates/job-db-sync.yaml | 2 ++ keystone/templates/job-init.yaml | 2 ++ mariadb/templates/job-seed.yaml | 2 ++ neutron/templates/job-db-sync.yaml | 2 ++ neutron/templates/job-init.yaml | 2 ++ neutron/templates/job-post.yaml | 2 ++ nova/templates/job-db-sync.yaml | 2 ++ nova/templates/job-init.yaml | 2 ++ nova/templates/job-post.yaml | 2 ++ 21 files changed, 42 insertions(+) diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index 6d59153ede..951c6d1718 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-db-init image: {{ .Values.images.db_init | quote }} diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 6be19e7084..b44d4799cf 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-db-sync image: {{ .Values.images.db_sync }} diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 999aed4e8d..936a866b1b 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index d7035eb834..6a6f32a42a 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} - name: {{ $osServiceType }}-ks-service-registration diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index b8cdec3dd4..6690863997 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-ks-user image: {{ .Values.images.ks_user }} diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml index 1b65da9e1e..fe0c1f56a3 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: glance-db-sync image: {{ .Values.images.db_sync }} diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml index 5d8baa0c35..48b97a7cbd 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: glance-init image: {{ .Values.images.init }} diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index affd85693c..de256fbdf0 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-db-init image: {{ .Values.images.db_init | quote }} diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 3c66c4c5af..8a7f90f3ed 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-db-sync image: {{ .Values.images.db_sync }} diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index 4b3f30036a..d82c4fd525 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index 3ce06a12a1..651422c355 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} - name: {{ $osServiceName }}-ks-service-registration diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index 66981c9f0d..89c2d21f76 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -34,6 +34,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-ks-user image: {{ .Values.images.ks_user }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index a1fe50e1ec..c1f4954279 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: keystone-db-sync image: {{ .Values.images.db_sync }} diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index fa9f68081f..1f395255dc 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: keystone-init image: {{ .Values.images.init }} diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml index 3b84b283aa..0495174af1 100644 --- a/mariadb/templates/job-seed.yaml +++ b/mariadb/templates/job-seed.yaml @@ -10,6 +10,8 @@ spec: app: mariadb spec: restartPolicy: Never + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: mariadb-init image: {{ .Values.images.mariadb }} diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index 1514fe87a0..ff546f790b 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-db-sync image: {{ .Values.images.db_sync }} diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml index c21cd69324..ef29d574a6 100644 --- a/neutron/templates/job-init.yaml +++ b/neutron/templates/job-init.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-init image: {{ .Values.images.init }} diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml index 936d299fe3..847a19274e 100644 --- a/neutron/templates/job-post.yaml +++ b/neutron/templates/job-post.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-post image: {{ .Values.images.post }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 013ad07569..da81fe0e13 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 70c873641e..2ca373358a 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-init image: {{ .Values.image.init }} diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 2c6fd237eb..e22373e02f 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-post image: {{ .Values.image.post }} From da00a3edf680af8d015b93c47a41e51b878e8256 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Thu, 12 Jan 2017 11:19:58 -0600 Subject: [PATCH 38/39] Removed the ``worker`` from keystone configuration The configuration of ``worker`` can be removed for two reasons: * In Mitaka (and onward), it is two separate parameters: ``public_workers`` and ``admin_workers`` under section [eventlet_server], as shown in [1]. In master (Ocata), these options were removed. * In the preferred keystone deployment of using u/wsgi, and not eventlet server, this setting does not really take effect - as Apache will manage this instead of keystone. These options can be removed. Also, removed extra EOL spaces. [1] https://github.com/openstack/keystone/blob/stable/mitaka/etc/keystone.conf.sample#L678-L696 --- keystone/templates/etc/_keystone.conf.tpl | 1 - keystone/values.yaml | 7 +++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl index 58603001ba..a503b4a0e5 100644 --- a/keystone/templates/etc/_keystone.conf.tpl +++ b/keystone/templates/etc/_keystone.conf.tpl @@ -2,7 +2,6 @@ debug = {{ .Values.misc.debug }} use_syslog = False use_stderr = True -workers = {{ .Values.misc.workers }} [database] connection = mysql+pymysql://{{ .Values.database.keystone_user }}:{{ .Values.database.keystone_password }}@{{ include "keystone_db_host" . }}/{{ .Values.database.keystone_database_name }} diff --git a/keystone/values.yaml b/keystone/values.yaml index a89452e14d..e6ead52acc 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -38,11 +38,11 @@ network: # alanmeadows(TODO): I seem unable to use {{ .IP }} here # but it does work for wsrep.conf in mariadb, I have spent # time trying to figure this out am completely stumped - # + # # helm --debug --dry-run shows me that the config map # contains {{ .IP }} but its simply translated by K8s # to "" - ip_address: "0.0.0.0" + ip_address: "0.0.0.0" database: port: 3306 @@ -53,12 +53,11 @@ database: keystone_user: keystone misc: - workers: 8 debug: false dependencies: api: - jobs: + jobs: - mariadb-seed - keystone-db-sync service: From db0db427eee9ab393c9f2834e15f3da293f2206e Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 12 Jan 2017 14:51:36 -0800 Subject: [PATCH 39/39] Critical fixes required for 0.1.0 tagging * Add imagePullPolicy to ceph with default * Add imagePullPolicy to mariadb with default * Add missing imagePullPolicies to nova with defaults * Remove malfunctioning daemonset dependency from nova * Add missing neutron endpoint definition to nova values * Force v4 networking in ceph. Repeated bootstrapping is unreliable without this. * Update cinder dependencies based on testing * Optonal Horizon NodePort * Revert iptables stub for nova-api-osapi because we lack permississions to overwrite /sbin/iptables. We will continue to run in a privileged security context until we have a working solution. --- ceph/templates/daemonset-osd.yaml | 2 +- ceph/templates/deployment-mds.yaml | 1 + ceph/templates/deployment-moncheck.yaml | 6 +++--- ceph/templates/deployment-rgw.yaml | 1 + ceph/templates/statefulset-mon.yaml | 4 ++-- ceph/values.yaml | 1 + cinder/templates/deployment-volume.yaml | 4 ++++ cinder/values.yaml | 12 +++++++++-- horizon/templates/service.yaml | 12 +++++++++++ horizon/values.yaml | 2 ++ mariadb/templates/deployment.yaml | 2 +- mariadb/templates/job-seed.yaml | 2 +- mariadb/values.yaml | 1 + nova/templates/bin/_start-osapi.sh.tpl | 23 --------------------- nova/templates/configmap-bin.yaml | 2 -- nova/templates/daemonset-compute.yaml | 6 +----- nova/templates/daemonset-libvirt.yaml | 2 +- nova/templates/deployment-api-metadata.yaml | 14 +++++++------ nova/templates/deployment-api-osapi.yaml | 23 ++++++++------------- nova/templates/deployment-conductor.yaml | 1 + nova/templates/deployment-consoleauth.yaml | 1 + nova/templates/deployment-scheduler.yaml | 1 + nova/values.yaml | 8 +++++++ 23 files changed, 70 insertions(+), 61 deletions(-) delete mode 100644 nova/templates/bin/_start-osapi.sh.tpl diff --git a/ceph/templates/daemonset-osd.yaml b/ceph/templates/daemonset-osd.yaml index 1ad4b24fbf..9f85d599c1 100644 --- a/ceph/templates/daemonset-osd.yaml +++ b/ceph/templates/daemonset-osd.yaml @@ -40,7 +40,7 @@ spec: containers: - name: osd-pod image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} volumeMounts: - name: devices mountPath: /dev diff --git a/ceph/templates/deployment-mds.yaml b/ceph/templates/deployment-mds.yaml index 9a4f5eadd9..0485c5e719 100644 --- a/ceph/templates/deployment-mds.yaml +++ b/ceph/templates/deployment-mds.yaml @@ -34,6 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6800 env: diff --git a/ceph/templates/deployment-moncheck.yaml b/ceph/templates/deployment-moncheck.yaml index aa829b09c1..459074f067 100644 --- a/ceph/templates/deployment-moncheck.yaml +++ b/ceph/templates/deployment-moncheck.yaml @@ -34,7 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6789 env: @@ -42,8 +42,8 @@ spec: value: MON_HEALTH - name: KV_TYPE value: k8s - - name: MON_IP_AUTO_DETECT - value: "1" + - name: NETWORK_AUTO_DETECT + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/templates/deployment-rgw.yaml b/ceph/templates/deployment-rgw.yaml index a22c2ad367..57ba1c9538 100644 --- a/ceph/templates/deployment-rgw.yaml +++ b/ceph/templates/deployment-rgw.yaml @@ -36,6 +36,7 @@ spec: containers: - name: ceph-rgw image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: {{ .Values.network.port.rgw_target }} env: diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml index 5ef33cd8e2..d7971a72a2 100644 --- a/ceph/templates/statefulset-mon.yaml +++ b/ceph/templates/statefulset-mon.yaml @@ -58,7 +58,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} lifecycle: preStop: exec: @@ -73,7 +73,7 @@ spec: - name: KV_TYPE value: k8s - name: NETWORK_AUTO_DETECT - value: "1" + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/values.yaml b/ceph/values.yaml index 33c6da2410..b88644a641 100644 --- a/ceph/values.yaml +++ b/ceph/values.yaml @@ -18,6 +18,7 @@ service: images: daemon: quay.io/attcomdev/ceph-daemon:latest + pull_policy: IfNotPresent labels: node_selector_key: ceph-storage diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 81922f5a5c..7f6cc18bd6 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -33,6 +33,10 @@ spec: "name": "DEPENDENCY_SERVICE", "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}" + }, { "name": "COMMAND", "value": "echo done" diff --git a/cinder/values.yaml b/cinder/values.yaml index 5ea0cb62a9..120d4d484f 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -14,11 +14,11 @@ labels: images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton @@ -130,10 +130,18 @@ dependencies: - mariadb - keystone-api volume: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api scheduler: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml index 1c2fe3865a..a8b59d7606 100644 --- a/horizon/templates/service.yaml +++ b/horizon/templates/service.yaml @@ -4,6 +4,18 @@ metadata: name: horizon spec: ports: + {{ if .Values.network.enable_node_port }} + - nodePort: {{ .Values.network.node_port }} + port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ else }} - port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ end }} selector: app: horizon + {{ if .Values.network.enable_node_port }} + type: NodePort + {{ end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index a7d97e6121..f9a19fd4ee 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -23,6 +23,8 @@ labels: network: port: 80 + node_port: 30000 + enable_node_port: false local_settings: horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c diff --git a/mariadb/templates/deployment.yaml b/mariadb/templates/deployment.yaml index 3867213fb8..8a456ee3ba 100644 --- a/mariadb/templates/deployment.yaml +++ b/mariadb/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: containers: - name: {{ .Values.service_name }} image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml index 0495174af1..c8930621a0 100644 --- a/mariadb/templates/job-seed.yaml +++ b/mariadb/templates/job-seed.yaml @@ -15,7 +15,7 @@ spec: containers: - name: mariadb-init image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/values.yaml b/mariadb/values.yaml index ce3656a6cc..0a13e96581 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -26,6 +26,7 @@ service_name: mariadb images: mariadb: quay.io/stackanetes/stackanetes-mariadb:newton + pull_policy: IfNotPresent volume: class_path: volume.beta.kubernetes.io/storage-class diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl deleted file mode 100644 index a2bf2a2ff4..0000000000 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -set -ex - -# -# start nova-api-osapi service -# -# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges -# by stubbing in a fake iptables scripts - -echo </tmp/iptables -#!/bin/sh -# nova-api-metadata trys to run some iptables commands -# This enables the api-only container to run without NET_ADMIN privileges -true -EOF - -# make it executable and copy it over whatever iptables may be underneath in this image -chmod +x /tmp/iptables -cp -p /tmp/iptables /sbin/iptables -cp -p /tmp/iptables /sbin/iptables-restore -cp -p /tmp/iptables /sbin/iptables-save - -exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index f3d1fca6f3..78573783b5 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,6 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start-osapi.sh: | -{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 26299ea050..f9fcafd931 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -32,10 +32,6 @@ spec: "name": "DEPENDENCY_JOBS", "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" }, - { - "name": "DEPENDENCY_DAEMONSET", - "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" - }, { "name": "COMMAND", "value": "echo done" @@ -54,7 +50,7 @@ spec: containers: - name: nova-compute image: {{ .Values.image.compute }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 6ffa346f1f..3511c0a2e7 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -49,7 +49,7 @@ spec: containers: - name: nova-libvirt image: {{ .Values.image.libvirt }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 52e21cc12b..2e1a6929f6 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-api + name: nova-api-metadata spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -15,7 +15,7 @@ spec: template: metadata: labels: - app: nova-api + app: nova-api-metadata annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} @@ -52,20 +52,22 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-api + - name: nova-api-metadata image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: capabilities: add: - NET_ADMIN command: - - nova-api-metadata --config-file=/etc/nova/nova.conf + - nova-api-metadata + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.osapi }} + port: {{ .Values.network.port.metadata }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -76,4 +78,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf \ No newline at end of file + path: nova.conf diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 5c294db27e..b37fe438fa 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-osapi + name: nova-api-osapi spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -52,11 +52,16 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-osapi + - name: nova-api-osapi image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN command: - - bash - - /tmp/start-osapi.sh + - nova-api + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.osapi }} readinessProbe: @@ -66,10 +71,6 @@ spec: - name: novaconf mountPath: /etc/nova/nova.conf subPath: nova.conf - volumeMounts: - - name: startsh - mountPath: /tmp/start-osapi.sh - subPath: start-osapi.sh volumes: - name: novaconf configMap: @@ -77,9 +78,3 @@ spec: items: - key: nova.conf path: nova.conf - - name: startsh - configMap: - name: nova-bin - items: - - key: start-osapi.sh - path: start-osapi.sh diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index e5977ef417..1d300e109a 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-conductor image: {{ .Values.image.conductor }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-conductor - --config-file diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index d5688579ff..453647b41e 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-consoleauth image: {{ .Values.image.consoleauth }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-consoleauth - --config-file diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 27cf414e1e..ebef279bc8 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-scheduler image: {{ .Values.image.scheduler }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-scheduler - --config-file diff --git a/nova/values.yaml b/nova/values.yaml index 3444ef8183..199e2e2142 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -209,3 +209,11 @@ endpoints: port: admin: 35357 public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696