From b1e3de020bda125a4020b7d1256c10be682851ee Mon Sep 17 00:00:00 2001 From: harbor Date: Sat, 7 Jan 2017 02:41:30 +0000 Subject: [PATCH] Heat Initial Refactor --- common/templates/_endpoints.tpl | 136 +++++++++++++++++- common/templates/_funcs.tpl | 1 - .../templates/scripts}/_ks-endpoints.sh.tpl | 2 + .../templates/scripts}/_ks-service.sh.tpl | 2 + .../templates/scripts}/_ks-user.sh.tpl | 8 +- common/templates/snippets/_ks_env_openrc.tpl | 40 ++++++ .../snippets/_ks_env_user_create_openrc.tpl | 33 +++++ heat/templates/_heat_config_helpers.tpl | 90 ------------ heat/templates/_helpers.tpl | 73 ---------- heat/templates/bin/_db-init.sh.tpl | 21 +++ .../user => }/bin/_ks-domain-user.sh.tpl | 0 .../config/contents/_heat-cache.conf.tpl | 4 - .../config/contents/_heat-db.conf.tpl | 3 - .../config/contents/_heat-endpoints.conf.tpl | 4 - .../config/contents/_heat-keystone.conf.tpl | 15 -- .../config/contents/_heat-log.conf.tpl | 4 - .../config/contents/_heat-messaging.conf.tpl | 5 - .../config/contents/_heat-options.conf.tpl | 3 - .../config/contents/_heat-paste.conf.tpl | 2 - .../contents/_heat-stack-domain.conf.tpl | 4 - .../config/contents/_heat-trustee.conf.tpl | 22 --- .../contents/components/_heat-api.conf.tpl | 4 - .../contents/components/_heat-cfn.conf.tpl | 4 - .../components/_heat-cloudwatch.conf.tpl | 4 - .../contents/components/_heat-engine.conf.tpl | 2 - heat/templates/config/heat-api-paste.ini.yaml | 7 - heat/templates/config/heat-api.conf.yaml | 7 - heat/templates/config/heat-cache.conf.yaml | 7 - heat/templates/config/heat-cfn.conf.yaml | 7 - .../config/heat-cloudwatch.conf.yaml | 7 - heat/templates/config/heat-db.conf.yaml | 8 -- .../templates/config/heat-endpoints.conf.yaml | 7 - heat/templates/config/heat-engine.conf.yaml | 7 - heat/templates/config/heat-log.conf.yaml | 7 - .../templates/config/heat-messaging.conf.yaml | 8 -- heat/templates/config/heat-options.conf.yaml | 7 - heat/templates/config/heat-paste.conf.yaml | 7 - heat/templates/config/heat-policy.json.yaml | 7 - heat/templates/configmap-bin.yaml | 15 ++ heat/templates/configmap-etc.yaml | 11 ++ ...yaml => configmap-keystone-admin.env.yaml} | 0 ...=> configmap-keystone-stack-user.env.yaml} | 4 +- ...ml => configmap-keystone-trustee.env.yaml} | 4 +- ....yaml => configmap-keystone-user.env.yaml} | 4 +- .../api/api.yaml => deployment-api.yaml} | 41 +++--- .../cfn/cfn.yaml => deployment-cfn.yaml} | 41 +++--- ...dwatch.yaml => deployment-cloudwatch.yaml} | 41 +++--- heat/templates/deployment/api/api.sh.yaml | 7 - heat/templates/deployment/api/bin/_api.sh.tpl | 4 - heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 - heat/templates/deployment/cfn/cfn.sh.yaml | 7 - .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 - .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 - .../contents => etc}/_heat-api-paste.ini.tpl | 1 - .../contents => etc}/_heat-policy.json.tpl | 0 heat/templates/etc/_heat.conf.tpl | 84 +++++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 31 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ .../ks-service.yaml => job-ks-service.yaml} | 33 ++++- .../user/ks-user.yaml => job-ks-user.yaml} | 93 ++++-------- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - heat/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ------------- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/user/ks-user.sh.yaml | 9 -- .../engine.yaml => statefulset-engine.yaml} | 32 ++--- .../statefulset/engine/bin/_engine.sh.tpl | 4 - .../statefulset/engine/engine.sh.yaml | 7 - heat/values.yaml | 42 ++++++ 73 files changed, 616 insertions(+), 719 deletions(-) rename {heat/templates/jobs/keystone/endpoints/bin => common/templates/scripts}/_ks-endpoints.sh.tpl (97%) rename {heat/templates/jobs/keystone/service/bin => common/templates/scripts}/_ks-service.sh.tpl (96%) rename {heat/templates/jobs/keystone/user/bin => common/templates/scripts}/_ks-user.sh.tpl (83%) create mode 100644 common/templates/snippets/_ks_env_openrc.tpl create mode 100644 common/templates/snippets/_ks_env_user_create_openrc.tpl delete mode 100644 heat/templates/_heat_config_helpers.tpl delete mode 100644 heat/templates/_helpers.tpl create mode 100644 heat/templates/bin/_db-init.sh.tpl rename heat/templates/{jobs/keystone/user => }/bin/_ks-domain-user.sh.tpl (100%) delete mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-db.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-log.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-options.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl delete mode 100755 heat/templates/config/heat-api-paste.ini.yaml delete mode 100644 heat/templates/config/heat-api.conf.yaml delete mode 100644 heat/templates/config/heat-cache.conf.yaml delete mode 100644 heat/templates/config/heat-cfn.conf.yaml delete mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml delete mode 100644 heat/templates/config/heat-db.conf.yaml delete mode 100644 heat/templates/config/heat-endpoints.conf.yaml delete mode 100644 heat/templates/config/heat-engine.conf.yaml delete mode 100644 heat/templates/config/heat-log.conf.yaml delete mode 100644 heat/templates/config/heat-messaging.conf.yaml delete mode 100644 heat/templates/config/heat-options.conf.yaml delete mode 100644 heat/templates/config/heat-paste.conf.yaml delete mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/configmap-bin.yaml create mode 100644 heat/templates/configmap-etc.yaml rename heat/templates/{config/heat-keystone-admin.env.yaml => configmap-keystone-admin.env.yaml} (100%) rename heat/templates/{config/heat-stack-domain.conf.yaml => configmap-keystone-stack-user.env.yaml} (71%) rename heat/templates/{config/heat-trustee.conf.yaml => configmap-keystone-trustee.env.yaml} (82%) rename heat/templates/{config/heat-keystone.conf.yaml => configmap-keystone-user.env.yaml} (81%) rename heat/templates/{deployment/api/api.yaml => deployment-api.yaml} (70%) rename heat/templates/{deployment/cfn/cfn.yaml => deployment-cfn.yaml} (70%) rename heat/templates/{deployment/cloudwatch/cloudwatch.yaml => deployment-cloudwatch.yaml} (70%) delete mode 100755 heat/templates/deployment/api/api.sh.yaml delete mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl delete mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl delete mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml delete mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl delete mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml rename heat/templates/{config/contents => etc}/_heat-api-paste.ini.tpl (99%) mode change 100755 => 100644 rename heat/templates/{config/contents => etc}/_heat-policy.json.tpl (100%) create mode 100644 heat/templates/etc/_heat.conf.tpl rename heat/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename heat/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 heat/templates/job-ks-endpoints.yaml.yaml rename heat/templates/{jobs/keystone/service/ks-service.yaml => job-ks-service.yaml} (54%) rename heat/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (55%) delete mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml rename heat/templates/{statefulset/engine/engine.yaml => statefulset-engine.yaml} (71%) delete mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl delete mode 100644 heat/templates/statefulset/engine/engine.sh.yaml diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 0170b4eb5c..5f1be74867 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -1,9 +1,139 @@ #----------------------------------------- # endpoints #----------------------------------------- -{{- define "endpoint_keystone_internal" -}} -{{- with .Values.endpoints.keystone -}} - {{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}} + +# this function returns the endpoint uri for a service, it takes an tuple +# input in ther form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointScheme := index $endpointMap "scheme" }} +{{- $endpointPath := index $endpointMap "path" }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} {{- end -}} {{- end -}} + +# this should be a generic function leveraging a tuple +# for input, e.g. { endpoint keystone internal . } +# however, constructing this appears to be a +# herculean effort in gotpl + +{{- define "endpoint_keystone_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_keystone_admin" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_metadata_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_novncproxy_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_registry_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_neutron_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.neutron -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint type lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple heat . | include "ks_endpoint_type" } +# will return "orchestration" + +{{- define "endpoint_type_lookup" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointType := index $endpointMap "type" }} +{{- $endpointType | quote -}} +{{- end -}} + + +#------------------------------- +# kolla helpers +#------------------------------- +{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index e83d171a97..fe6c9a675e 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -21,4 +21,3 @@ {{- $wtf := $context.Template.Name | replace $last $name -}} {{- include $wtf $context | sha256sum | quote -}} {{- end -}} - diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/common/templates/scripts/_ks-endpoints.sh.tpl similarity index 97% rename from heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl rename to common/templates/scripts/_ks-endpoints.sh.tpl index 3f802d2313..1c70a499a1 100755 --- a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ b/common/templates/scripts/_ks-endpoints.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_endpoints" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -61,3 +62,4 @@ fi # Display the Endpoint openstack endpoint show ${OS_ENDPOINT_ID} +{{- end }} diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/common/templates/scripts/_ks-service.sh.tpl similarity index 96% rename from heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl rename to common/templates/scripts/_ks-service.sh.tpl index 4777d08c48..7c6f2580f3 100644 --- a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ b/common/templates/scripts/_ks-service.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_service" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -33,3 +34,4 @@ if [[ -z ${OS_SERVICE_ID} ]]; then --enable \ "${OS_SERVICE_TYPE}") fi +{{- end }} diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/common/templates/scripts/_ks-user.sh.tpl similarity index 83% rename from heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl rename to common/templates/scripts/_ks-user.sh.tpl index fdc7358b32..e815da3049 100644 --- a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ b/common/templates/scripts/_ks-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -17,20 +18,22 @@ set -ex # Manage user project +USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="${USER_PROJECT_DESC}" \ "${SERVICE_OS_PROJECT_NAME}"); # Display project openstack project show "${USER_PROJECT_ID}" # Manage user +USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" USER_ID=$(openstack user create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --description="${USER_DESC}" \ --password="${SERVICE_OS_PASSWORD}" \ "${SERVICE_OS_USERNAME}"); @@ -54,3 +57,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE}" \ --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --user="${USER_ID}" +{{- end }} diff --git a/common/templates/snippets/_ks_env_openrc.tpl b/common/templates/snippets/_ks_env_openrc.tpl new file mode 100644 index 0000000000..140ce25c97 --- /dev/null +++ b/common/templates/snippets/_ks_env_openrc.tpl @@ -0,0 +1,40 @@ +{{- define "env_ks_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/common/templates/snippets/_ks_env_user_create_openrc.tpl b/common/templates/snippets/_ks_env_user_create_openrc.tpl new file mode 100644 index 0000000000..5ce6e58077 --- /dev/null +++ b/common/templates/snippets/_ks_env_user_create_openrc.tpl @@ -0,0 +1,33 @@ +{{- define "env_ks_user_create_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl deleted file mode 100644 index eb0878881a..0000000000 --- a/heat/templates/_heat_config_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{- define "heat_config_volume_mounts" }} -- name: pod-etc-heat - mountPath: /etc/heat -- name: pod-var-cache-heat - mountPath: /var/cache/heat -- name: heat-json-policy - mountPath: /etc/heat/policy.json - subPath: policy.json - readOnly: true -- name: heat-conf-cache - mountPath: /etc/heat/conf/heat-cache.conf - subPath: heat-cache.conf - readOnly: true -- name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true -- name: heat-conf-endpoints - mountPath: /etc/heat/conf/heat-endpoints.conf - subPath: heat-endpoints.conf - readOnly: true -- name: heat-conf-keystone - mountPath: /etc/heat/conf/heat-keystone.conf - subPath: heat-keystone.conf - readOnly: true -- name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf - readOnly: true -- name: heat-conf-messaging - mountPath: /etc/heat/conf/heat-messaging.conf - subPath: heat-messaging.conf - readOnly: true -- name: heat-conf-options - mountPath: /etc/heat/conf/heat-options.conf - subPath: heat-options.conf - readOnly: true -- name: heat-conf-paste - mountPath: /etc/heat/conf/heat-paste.conf - subPath: heat-paste.conf - readOnly: true -- name: heat-conf-stack-domain - mountPath: /etc/heat/conf/heat-stack-domain.conf - subPath: heat-stack-domain.conf - readOnly: true -- name: heat-conf-trustee - mountPath: /etc/heat/conf/heat-trustee.conf - subPath: heat-trustee.conf - readOnly: true -{{- end }} - -{{- define "heat_config_volumes" }} -- name: pod-etc-heat - emptyDir: {} -- name: pod-var-cache-heat - emptyDir: {} -- name: heat-json-policy - configMap: - name: heat-json-policy -- name: heat-conf-cache - configMap: - name: heat-conf-cache -- name: heat-conf-db - secret: - secretName: heat-conf-db -- name: heat-conf-endpoints - configMap: - name: heat-conf-endpoints -- name: heat-conf-keystone - secret: - secretName: heat-conf-keystone -- name: heat-conf-log - configMap: - name: heat-conf-log -- name: heat-conf-messaging - secret: - secretName: heat-conf-messaging -- name: heat-conf-options - configMap: - name: heat-conf-options -- name: heat-conf-paste - configMap: - name: heat-conf-paste -- name: heat-conf-stack-domain - secret: - secretName: heat-conf-stack-domain -- name: heat-conf-trustee - secret: - secretName: heat-conf-trustee -{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl deleted file mode 100644 index 745e619571..0000000000 --- a/heat/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..ba1c302c03 --- /dev/null +++ b/heat/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_user }}' \ + password='{{ .Values.database.heat_password }}' \ + host='%' \ + priv='{{ .Values.database.heat_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/bin/_ks-domain-user.sh.tpl similarity index 100% rename from heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl rename to heat/templates/bin/_ks-domain-user.sh.tpl diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl deleted file mode 100644 index a6fd1728e8..0000000000 --- a/heat/templates/config/contents/_heat-cache.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[cache] -enabled = "True" -backend = oslo_cache.memcache_pool -memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl deleted file mode 100644 index 0213e750a0..0000000000 --- a/heat/templates/config/contents/_heat-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} -max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl deleted file mode 100644 index f9fc3fd077..0000000000 --- a/heat/templates/config/contents/_heat-endpoints.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} -heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition -heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl deleted file mode 100644 index 994981572b..0000000000 --- a/heat/templates/config/contents/_heat-keystone.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -[keystone_authtoken] -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_region_name }} -project_domain_name = {{ .Values.keystone.heat_project_domain }} -project_name = {{ .Values.keystone.heat_project_name }} -user_domain_name = {{ .Values.keystone.heat_user_domain }} -username = {{ .Values.keystone.heat_user }} -password = {{ .Values.keystone.heat_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl deleted file mode 100644 index a0ec3d1f2f..0000000000 --- a/heat/templates/config/contents/_heat-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl deleted file mode 100644 index 819bd099f3..0000000000 --- a/heat/templates/config/contents/_heat-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl deleted file mode 100644 index 1f764f7912..0000000000 --- a/heat/templates/config/contents/_heat-options.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -enable_stack_adopt = "True" -enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl deleted file mode 100644 index 5d6dcd6411..0000000000 --- a/heat/templates/config/contents/_heat-paste.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[paste_deploy] -config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl deleted file mode 100644 index 75afba0804..0000000000 --- a/heat/templates/config/contents/_heat-stack-domain.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} -stack_domain_admin = {{ .Values.keystone.heat_stack_user }} -stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl deleted file mode 100644 index 41776515af..0000000000 --- a/heat/templates/config/contents/_heat-trustee.conf.tpl +++ /dev/null @@ -1,22 +0,0 @@ -[DEFAULT] -trusts_delegated_roles = "Member" -deferred_auth_method = "trusts" - -[trustee] -auth_type = "password" -auth_section = "trustee_keystone" - -[trustee_keystone] - -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_trustee_region_name }} -user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} -username = {{ .Values.keystone.heat_trustee_user }} -password = {{ .Values.keystone.heat_trustee_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl deleted file mode 100644 index 6828788896..0000000000 --- a/heat/templates/config/contents/components/_heat-api.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api] -bind_port = {{ .Values.service.api.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl deleted file mode 100644 index d6c42a1796..0000000000 --- a/heat/templates/config/contents/components/_heat-cfn.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cfn] -bind_port = {{ .Values.service.cfn.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl deleted file mode 100644 index b99262222b..0000000000 --- a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cloudwatch] -bind_port = {{ .Values.service.cloudwatch.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl deleted file mode 100644 index 1a22c602c6..0000000000 --- a/heat/templates/config/contents/components/_heat-engine.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml deleted file mode 100755 index 22031118a2..0000000000 --- a/heat/templates/config/heat-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml deleted file mode 100644 index cffa497ac0..0000000000 --- a/heat/templates/config/heat-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-api -data: - heat-api.conf: |+ -{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml deleted file mode 100644 index b7b4eb9ed9..0000000000 --- a/heat/templates/config/heat-cache.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cache -data: - heat-cache.conf: | -{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml deleted file mode 100644 index 3d1c96511a..0000000000 --- a/heat/templates/config/heat-cfn.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cfn -data: - heat-cfn.conf: |+ -{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml deleted file mode 100644 index cf244f76a6..0000000000 --- a/heat/templates/config/heat-cloudwatch.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cloudwatch -data: - heat-cloudwatch.conf: |+ -{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml deleted file mode 100644 index a8e2cf20d2..0000000000 --- a/heat/templates/config/heat-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-db -type: Opaque -data: - heat-db.conf: | -{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml deleted file mode 100644 index 535e90cfff..0000000000 --- a/heat/templates/config/heat-endpoints.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-endpoints -data: - heat-endpoints.conf: | -{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml deleted file mode 100644 index cb5855786a..0000000000 --- a/heat/templates/config/heat-engine.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-engine -data: - heat-engine.conf: |+ -{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml deleted file mode 100644 index 86a5a19be3..0000000000 --- a/heat/templates/config/heat-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-log -data: - heat-log.conf: |+ -{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml deleted file mode 100644 index 2bb408a68b..0000000000 --- a/heat/templates/config/heat-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-messaging -type: Opaque -data: - heat-messaging.conf: | -{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml deleted file mode 100644 index 8ac2ebf4ba..0000000000 --- a/heat/templates/config/heat-options.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-options -data: - heat-options.conf: | -{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml deleted file mode 100644 index 29f96e71da..0000000000 --- a/heat/templates/config/heat-paste.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-paste -data: - heat-paste.conf: | -{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml deleted file mode 100644 index 1b96f2a57c..0000000000 --- a/heat/templates/config/heat-policy.json.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-json-policy -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml new file mode 100644 index 0000000000..41e3ce81fe --- /dev/null +++ b/heat/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml new file mode 100644 index 0000000000..c3039714c8 --- /dev/null +++ b/heat/templates/configmap-etc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-etc +data: + heat.conf: |+ +{{ tuple "etc/_heat.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/configmap-keystone-admin.env.yaml similarity index 100% rename from heat/templates/config/heat-keystone-admin.env.yaml rename to heat/templates/configmap-keystone-admin.env.yaml diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/configmap-keystone-stack-user.env.yaml similarity index 71% rename from heat/templates/config/heat-stack-domain.conf.yaml rename to heat/templates/configmap-keystone-stack-user.env.yaml index f870bf29ee..e95e5f3f8a 100644 --- a/heat/templates/config/heat-stack-domain.conf.yaml +++ b/heat/templates/configmap-keystone-stack-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-stack-domain + name: heat-env-keystone-stack-user type: Opaque data: - heat-stack-domain.conf: | -{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} OS_DOMAIN_NAME: | diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/configmap-keystone-trustee.env.yaml similarity index 82% rename from heat/templates/config/heat-trustee.conf.yaml rename to heat/templates/configmap-keystone-trustee.env.yaml index 57906ad636..72a74bdf14 100644 --- a/heat/templates/config/heat-trustee.conf.yaml +++ b/heat/templates/configmap-keystone-trustee.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-trustee + name: heat-env-keystone-trustee type: Opaque data: - heat-trustee.conf: | -{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/configmap-keystone-user.env.yaml similarity index 81% rename from heat/templates/config/heat-keystone.conf.yaml rename to heat/templates/configmap-keystone-user.env.yaml index 514a577445..c3730107e8 100644 --- a/heat/templates/config/heat-keystone.conf.yaml +++ b/heat/templates/configmap-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-keystone + name: heat-env-keystone-user type: Opaque data: - heat-keystone.conf: | -{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment-api.yaml similarity index 70% rename from heat/templates/deployment/api/api.yaml rename to heat/templates/deployment-api.yaml index 451769051d..781aa72a46 100755 --- a/heat/templates/deployment/api/api.yaml +++ b/heat/templates/deployment-api.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.api.port }} readinessProbe: tcpSocket: port: {{ .Values.service.api.port }} volumeMounts: - - name: heat-api-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-api - mountPath: /etc/heat/conf/heat-api.conf - subPath: heat-api.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-api-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-api-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-api + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-api -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment-cfn.yaml similarity index 70% rename from heat/templates/deployment/cfn/cfn.yaml rename to heat/templates/deployment-cfn.yaml index 4063084ea8..7d10b9ec54 100644 --- a/heat/templates/deployment/cfn/cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cfn }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cfn + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cfn.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cfn.port }} volumeMounts: - - name: heat-cfn-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cfn - mountPath: /etc/heat/conf/heat-cfn.conf - subPath: heat-cfn.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cfn-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cfn-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cfn + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cfn -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml similarity index 70% rename from heat/templates/deployment/cloudwatch/cloudwatch.yaml rename to heat/templates/deployment-cloudwatch.yaml index 396633e19a..3bd5c8d037 100644 --- a/heat/templates/deployment/cloudwatch/cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cloudwatch }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cloudwatch + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cloudwatch.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cloudwatch.port }} volumeMounts: - - name: heat-cloudwatch-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cloudwatch - mountPath: /etc/heat/conf/heat-cloudwatch.conf - subPath: heat-cloudwatch.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cloudwatch-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cloudwatch-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cloudwatch + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cloudwatch -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml deleted file mode 100755 index ff6918201c..0000000000 --- a/heat/templates/deployment/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl deleted file mode 100755 index d4cc64865b..0000000000 --- a/heat/templates/deployment/api/bin/_api.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl deleted file mode 100644 index 30dcfad519..0000000000 --- a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml deleted file mode 100644 index 71efedd864..0000000000 --- a/heat/templates/deployment/cfn/cfn.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cfn-sh -data: - start.sh: |+ -{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl deleted file mode 100644 index 4703d33e03..0000000000 --- a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml deleted file mode 100644 index 6127e95bf5..0000000000 --- a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cloudwatch-sh -data: - start.sh: |+ -{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/etc/_heat-api-paste.ini.tpl old mode 100755 new mode 100644 similarity index 99% rename from heat/templates/config/contents/_heat-api-paste.ini.tpl rename to heat/templates/etc/_heat-api-paste.ini.tpl index 5ea89b5aee..ad6501e662 --- a/heat/templates/config/contents/_heat-api-paste.ini.tpl +++ b/heat/templates/etc/_heat-api-paste.ini.tpl @@ -1,4 +1,3 @@ - # heat-api pipeline [pipeline:heat-api] pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/etc/_heat-policy.json.tpl similarity index 100% rename from heat/templates/config/contents/_heat-policy.json.tpl rename to heat/templates/etc/_heat-policy.json.tpl diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl new file mode 100644 index 0000000000..d4faf13038 --- /dev/null +++ b/heat/templates/etc/_heat.conf.tpl @@ -0,0 +1,84 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +deferred_auth_method = "trusts" + +enable_stack_adopt = "True" +enable_stack_abandon = "True" + +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} + +num_engine_workers = {{ .Values.resources.engine.workers }} + +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} + +trusts_delegated_roles = "Member" + +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" + +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 + +[keystone_authtoken] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} + +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} + +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[paste_deploy] +config_file = /etc/heat/api-paste.ini + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/job-db-init.yaml similarity index 88% rename from heat/templates/jobs/db/init/db-init.yaml rename to heat/templates/job-db-init.yaml index a7d15d76c3..affd85693c 100644 --- a/heat/templates/jobs/db/init/db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: heat-db-init-sh + name: heat-bin diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/job-db-sync.yaml similarity index 66% rename from heat/templates/jobs/db/sync/db-sync.yaml rename to heat/templates/job-db-sync.yaml index b42da03273..3c66c4c5af 100644 --- a/heat/templates/jobs/db/sync/db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -38,32 +38,21 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - heat-manage + args: + - --config-dir + - /etc/heat/conf + - db_sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-heat mountPath: /etc/heat - - name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true - - name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: heat-db-sync-sh - name: pod-etc-heat emptyDir: {} - - name: heat-conf-db - secret: - secretName: heat-conf-db - - name: heat-conf-log + - name: heatconf configMap: - name: heat-conf-log + name: heat-etc diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 0000000000..ec01159e9f --- /dev/null +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-bin diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/job-ks-service.yaml similarity index 54% rename from heat/templates/jobs/keystone/service/ks-service.yaml rename to heat/templates/job-ks-service.yaml index 8a03bf2696..a66d7c8034 100644 --- a/heat/templates/jobs/keystone/service/ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job metadata: @@ -31,13 +32,39 @@ spec: restartPolicy: OnFailure containers: - name: heat-ks-service-orchestration -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat" - name: OS_SERVICE_TYPE value: "orchestration" - name: heat-ks-service-cloudformation -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat-cfn" - name: OS_SERVICE_TYPE @@ -45,4 +72,4 @@ spec: volumes: - name: ks-service-sh configMap: - name: heat-ks-service-sh + name: heat-bin diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/job-ks-user.yaml similarity index 55% rename from heat/templates/jobs/keystone/user/ks-user.yaml rename to heat/templates/job-ks-user.yaml index f243474e94..ae19b217a9 100644 --- a/heat/templates/jobs/keystone/user/ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,3 +1,8 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user +{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} +{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -42,39 +47,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user @@ -89,39 +69,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_user_role | quote }} - name: heat-ks-domain-user @@ -136,32 +91,34 @@ spec: subPath: ks-domain-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: heat-ks-user-sh + name: heat-bin diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 2c4cc09ee1..0000000000 --- a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 9f8b2262ee..0000000000 --- a/heat/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index 4532bdfe0b..0000000000 --- a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index 59aaa8d24c..0000000000 --- a/heat/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100755 index 04ed895793..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100755 index 84f6617189..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: heat-ks-endpoints-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-cfn-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - volumes: - - name: ks-endpoints-sh - configMap: - name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index 4c30bee642..0000000000 --- a/heat/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index d9e6730b12..0000000000 --- a/heat/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} - ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset-engine.yaml similarity index 71% rename from heat/templates/statefulset/engine/engine.yaml rename to heat/templates/statefulset-engine.yaml index 5e25152328..8b79d9f4a4 100644 --- a/heat/templates/statefulset/engine/engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -43,23 +43,23 @@ spec: image: {{ .Values.images.engine }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-engine + - --config-dir + - /etc/heat/conf volumeMounts: - - name: heat-engine-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-conf-engine - mountPath: /etc/heat/conf/heat-engine.conf - subPath: heat-engine.conf - readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-engine-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-engine-sh - - name: heat-conf-engine - configMap: - name: heat-conf-engine -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl deleted file mode 100644 index dabae086c4..0000000000 --- a/heat/templates/statefulset/engine/bin/_engine.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml deleted file mode 100644 index 534d6ef8df..0000000000 --- a/heat/templates/statefulset/engine/engine.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-engine-sh -data: - start.sh: |+ -{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/values.yaml b/heat/values.yaml index cba2b59e62..dca675b541 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -99,6 +99,9 @@ resources: misc: debug: false +secrets: + keystone_admin: + dependencies: db_init: jobs: @@ -153,3 +156,42 @@ dependencies: service: - keystone-api - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + heat: + hosts: + default: heat-api + path: '/v1/%(project_id)s' + type: orchestration + scheme: 'http' + port: + api: 8004 + heat_cfn: + hosts: + default: heat-cfn + path: /v1 + type: cloudformation + scheme: 'http' + port: + api: 8000 +# Cloudwatch does not get an entry in the keystone service catalog + heat_cloudwatch: + hosts: + default: heat-cloudwatch + path: null + type: null + scheme: 'http' + port: + api: 8003