Merge pull request #11 from alanmeadows/master

General Cleanup
2016-11-28 16:47:27 -05:00 · 2016-11-28 16:47:27 -05:00 · c0588c16d4
commit c0588c16d4
parent f96b434821 d01ba4526c
59 changed files with 349 additions and 280 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,4 @@
 **/*.tgz
 .idea/
 **/_partials.tpl
-
+**/_common.tpl
--- a/37
+++ b/37
@ -1,30 +1,47 @@
-.PHONY: ceph mariadb all clean base64
+.PHONY: ceph mariadb keystone memcached rabbitmq openstack-base openstack all clean base64

-B64_DIRS := utils/secrets
-B64_EXCLUDE := $(wildcard utils/secrets/*.b64)
+B64_DIRS := openstack-base/secrets
+B64_EXCLUDE := $(wildcard openstack-base/secrets/*.b64)

-all: base64 utils ceph mariadb openstack
+CHARTS := ceph mariadb rabbitmq memcached keystone openstack
+COMMON_TPL := openstack-base/templates/_common.tpl

-utils: build-utils
+all: openstack-base ceph mariadb rabbitmq memcached keystone openstack
+
+openstack-base: build-openstack-base

 ceph: build-ceph

 mariadb: build-mariadb

+keystone: build-keystone
+
+rabbitmq: build-rabbitmq
+
+memcached: build-memcached	
+
 openstack: build-openstack
 	
 clean:  
-	$(shell find . -name '*.b64' -exec rm {} \;)
-	$(shell find . -name '_partials.tpl' -exec rm {} \;)
-	echo "Removed all .b64 and _partials.tpl"
+	$(shell rm -rf openstack-base/secrets/*.b64)
+	$(shell rm -rf */templates/_partials.tpl)
+	$(shell rm -rf */templates/_common.tpl)
+	echo "Removed all .b64, _partials.tpl, and _common.tpl files"

-base64: 
+build-openstack-base:
 	# rebuild all base64 values
 	$(eval B64_OBJS = $(foreach dir,$(B64_DIRS),$(shell find $(dir)/* -type f $(foreach e,$(B64_EXCLUDE), -not -path "$(e)"))))
 	$(foreach var,$(B64_OBJS),cat $(var) | base64 | perl -pe 'chomp if eof' > $(var).b64;)

-
+	if [ -f openstack-base/Makefile ]; then make -C openstack-base; fi
+	if [ -f openstack-base/requirements.yaml ]; then helm dep up openstack-base; fi
+	helm lint openstack-base
+	helm package openstack-base
+	$(foreach var,$(CHARTS),$(shell cp $(COMMON_TPL) $(var)/templates))
+	
 build-%:
+	if [ ! -f $*/templates/_common.tpl ]; then echo; seq -s= 30|tr -d '[:digit:]'; echo "You need to run 'make openstack-base' first to generate _common.tpl"; seq -s= 30|tr -d '[:digit:]'; exit 1; fi; 
 	if [ -f $*/Makefile ]; then make -C $*; fi
 	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	helm lint $*
 	helm package $*
--- a/README.md
+++ b/README.md
@ -57,7 +57,7 @@ make
 # generate secrets (ceph, etc.)
 export osd_cluster_network=10.32.0.0/12
 export osd_public_network=10.32.0.0/12
-cd utils/utils/generator
+cd openstack-base/utils/secret-generator
 ./generate_secrets.sh all `./generate_secrets.sh fsid`
 cd ../../..

--- a/ceph/README.md
+++ b/ceph/README.md
@ -84,7 +84,7 @@ kubectl label nodes node-type=storage --all
 You will need to generate ceph keys and configuration.  There is a simple to use utility that can do this quickly.  Please note the generator utility (per ceph-docker) requires the sigil template framework: (https://github.com/gliderlabs/sigil) to be installed and on the current path.

 ```
-cd utils/utils/generator
+cd openstack-base/utils/secret-generator
 ./generate_secrets.sh all `./generate_secrets.sh fsid`
 cd ../../..
 ```
--- a/ceph/requirements.lock
+++ b/ceph/requirements.lock
@ -1,6 +1,3 @@
-dependencies:
- name: utils
-  repository: http://localhost:8879/charts
-  version: 0.1.0
-digest: sha256:9054fd53dcc5ca45243141487390640dedd7d74aa773b814da975030fcb0e902
-generated: 2016-11-23T10:08:51.239134703-08:00
+dependencies: []
+digest: sha256:81059fe6210ccee4e3349c0f34c12d180f995150128a913d63b65b7937c6b152
+generated: 2016-11-25T16:24:27.602432249-08:00
--- a/ceph/requirements.yaml
+++ b/ceph/requirements.yaml
@ -1,13 +1 @@
-dependencies:
-  # - name: memcached
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
-  # - name: rabbitmq
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
-  # - name: keystone
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
-  - name: utils
-    repository: http://localhost:8879/charts
-    version: 0.1.0
+dependencies: []
--- a/ceph/templates/daemonset.yaml
+++ b/ceph/templates/daemonset.yaml
@ -14,7 +14,7 @@ spec:
        daemon: osd
    spec:
      nodeSelector:
-        node-type: storage
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      volumes:
        - name: devices
          hostPath:
@ -41,7 +41,7 @@ spec:
 #            path: /home/core/data/ceph/osd
      containers:
        - name: osd-pod
-          image: {{ .Values.image_ceph_daemon }}
+          image: {{ .Values.images.daemon }}
          imagePullPolicy: Always
          volumeMounts:
            - name: devices
--- a/ceph/templates/deployment.yaml
+++ b/ceph/templates/deployment.yaml
@ -16,7 +16,7 @@ spec:
        daemon: mds
    spec:
      nodeSelector:
-        node-type: storage
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      serviceAccount: default
      volumes:
        - name: ceph-conf
@ -33,7 +33,7 @@ spec:
            secretName: ceph-bootstrap-rgw-keyring
      containers:
        - name: ceph-mon
-          image: {{ .Values.image_ceph_daemon }}
+          image: {{ .Values.images.daemon }}
          ports:
            - containerPort: 6800
          env:
@ -103,7 +103,7 @@ spec:
            secretName: ceph-bootstrap-rgw-keyring
      containers:
        - name: ceph-mon
-          image: {{ .Values.image_ceph_daemon }}
+          image: {{ .Values.images.daemon }}
          imagePullPolicy: Always
          ports:
            - containerPort: 6789
@ -185,7 +185,7 @@ spec:
            secretName: ceph-bootstrap-rgw-keyring
      containers:
        - name: ceph-mon
-          image: {{ .Values.image_ceph_daemon }}
+          image: {{ .Values.images.daemon }}
 #          imagePullPolicy: Always
          lifecycle:
            preStop:
@ -248,7 +248,7 @@ spec:
    spec:
      hostNetwork: true
      nodeSelector:
-        node-type: storage
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      serviceAccount: default
      volumes:
        - name: ceph-conf
@ -265,12 +265,12 @@ spec:
            secretName: ceph-bootstrap-rgw-keyring
      containers:
        - name: ceph-rgw
-          image: {{ .Values.image_ceph_daemon }}
+          image: {{ .Values.images.daemon }}
          ports:
-            - containerPort: {{ .Values.ceph_rgw_target_port }}
+            - containerPort: {{ .Values.network.port.rgw_target }}
          env:
            - name: RGW_CIVETWEB_PORT
-              value: "{{ .Values.ceph_rgw_target_port }}"
+              value: "{{ .Values.network.port.rgw_target }}"
            - name: CEPH_DAEMON
              value: RGW
            - name: KV_TYPE
@ -289,13 +289,13 @@ spec:
          livenessProbe:
              httpGet:
                path: /
-                port: {{ .Values.ceph_rgw_target_port }}
+                port: {{ .Values.network.port.rgw_target }}
              initialDelaySeconds: 120
              timeoutSeconds: 5
          readinessProbe:
              httpGet:
                path: /
-                port: {{ .Values.ceph_rgw_target_port }}
+                port: {{ .Values.network.port.rgw_target }}
              timeoutSeconds: 5
          resources:
            requests:
--- a/ceph/templates/secrets.yaml
+++ b/ceph/templates/secrets.yaml
@ -2,7 +2,6 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-conf-combined-storageclass"
 type: kubernetes.io/rbd
 data:
@ -11,7 +10,6 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-conf-combined"
 type: Opaque
 data:
@ -25,7 +23,6 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-bootstrap-rgw-keyring"
 type: Opaque
 data:
@ -35,7 +32,6 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-bootstrap-mds-keyring"
 type: Opaque
 data:
@ -45,7 +41,6 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-bootstrap-osd-keyring"
 type: Opaque
 data:
@ -55,7 +50,6 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  namespace: {{.Release.Namespace}}
  name: "ceph-client-key"
 type: Opaque
 data:
--- a/ceph/templates/service.yaml
+++ b/ceph/templates/service.yaml
@ -8,9 +8,9 @@ metadata:
    daemon: mon
 spec:
  ports:
-  - port: {{ .Values.ceph_mon_port }}
+  - port: {{ .Values.network.port.mon }}
    protocol: TCP
-    targetPort: {{ .Values.ceph_mon_port }}
+    targetPort: {{ .Values.network.port.mon }}
  selector:
    app: ceph
    daemon: mon
@ -25,9 +25,9 @@ metadata:
    daemon: rgw
 spec:
  ports:
-  - port: {{ .Values.ceph_rgw_ingress_port }}
+  - port: {{ .Values.network.port.rgw_ingress }}
    protocol: TCP
-    targetPort: {{ .Values.ceph_rgw_target_port }}
+    targetPort: {{ .Values.network.port.rgw_target }}
  selector:
    app: ceph
    daemon: rgw
--- a/ceph/values.yaml
+++ b/ceph/values.yaml
@ -7,8 +7,16 @@
 # tunables available - parameterizing more of the elements
 # in the manifests is a work in progress

-image_ceph_daemon: quay.io/attcomdev/ceph-daemon:latest
-node_label: storage
-ceph_mon_port: 6789
-ceph_rgw_ingress_port: 80
-ceph_rgw_target_port: 8088
+
+images:
+  daemon: quay.io/attcomdev/ceph-daemon:latest
+
+labels:
+  node_selector_key: ceph-storage
+  node_selector_value: enabled
+
+network:
+  port: 
+    mon: 6789
+    rgw_ingress: 80
+    rgw_target: 8088
--- a/keystone/requirements.lock
+++ b/keystone/requirements.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: memcached
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+digest: sha256:481dd0955bd39e18cee2026239f140f595f08b988736ad8c1ef95c6212f619c4
+generated: 2016-11-25T16:15:47.611304031-08:00
--- a/keystone/requirements.yaml
+++ b/keystone/requirements.yaml
@ -0,0 +1,16 @@
+dependencies:
+  - name: openstack-base
+    repository: http://localhost:8879/charts
+    version: 0.1.0
+dependencies:
+  - name: mariadb
+    repository: http://localhost:8879/charts
+    version: 0.1.0    
+dependencies:
+  - name: rabbitmq
+    repository: http://localhost:8879/charts
+    version: 0.1.0    
+dependencies:
+  - name: memcached
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/keystone/templates/db-sync.sh.yaml
+++ b/keystone/templates/db-sync.sh.yaml
@ -7,5 +7,21 @@ data:
    #!/bin/bash
    set -ex

+    # order of kolla_keystone_bootstrap urls
+    # for those of looking for a little expanation
+    # to a mysterious blackbox
+    # 
+    # these will feed into the keystone endpoints
+    # so it is important they are correct
+    #
+    # keystone_admin_url
+    # keystone_internal_url 
+    # keystone_public_url 
+
    keystone-manage db_sync
-      kolla_keystone_bootstrap {{ .Values.global.keystone.admin_user }} {{ .Values.global.keystone.admin_password }} {{ .Values.global.keystone.admin_project_name }} admin http://keystone-api:{{ .Values.global.network.port.admin }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 {{ .Values.global.keystone.admin_region_name }}
+    kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \
+      {{ .Values.keystone.admin_project_name }} admin \
+      {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_admin" . }}:{{ .Values.network.port.admin }}/{{ .Values.keystone.version }} \
+      {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_internal" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \
+      {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_public" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \
+      {{ .Values.keystone.admin_region_name }}
--- a/keystone/templates/db-sync.yaml
+++ b/keystone/templates/db-sync.yaml
@ -11,6 +11,10 @@ spec:
            "name": "init",
            "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
            "env": [
+              {
+                "name": "NAMESPACE",
+                "value": "{{ .Release.Namespace }}"
+              },            
              {
                "name": "DEPENDENCY_SERVICE",
                "value": "mariadb"
@ -26,33 +30,15 @@ spec:
            ]
          }
        ]'
- 
    spec:
      restartPolicy: OnFailure
      containers:
-        - name: keystone-init
-          image: {{ .Values.global.deployment.image.db_sync }}
+        - name: keystone-db-sync
+          image: {{ .Values.images.db_sync }}
          imagePullPolicy: Always
          command:
-          - bash
-          - /tmp/db-sync.sh
-          env:
-            - name: INTERFACE_NAME
-              value: "eth0"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: COMMAND
-              value: "bash /tmp/db-sync.sh"
-            - name: DEPENDENCY_JOBS
-              value: "keystone-init,mariadb-seed"
-            - name: DEPENDENCY_SERVICE
-              value: "mariadb"
+            - bash
+            - /tmp/db-sync.sh
          volumeMounts:
            - name: keystoneconf
              mountPath: /etc/keystone/keystone.conf
--- a/keystone/templates/deployment.yaml
+++ b/keystone/templates/deployment.yaml
@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  name: keystone-api
 spec:
-  replicas: {{ .Values.global.deployment.replicas }}
+  replicas: {{ .Values.replicas }}
  template:
    metadata:
      labels:
@ -14,55 +14,44 @@ spec:
            "name": "init",
            "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
            "env": [
+              {
+                "name": "NAMESPACE",
+                "value": "{{ .Release.Namespace }}"
+              },
              {
                "name": "DEPENDENCY_SERVICE",
-                "value": "mariadb"
+                "value": "mariadb,rabbitmq"
              },
              {
                "name": "DEPENDENCY_JOBS",
-                "value": "mariadb-seed,nova-db-sync"
+                "value": "mariadb-seed"
+              },
+              {
+                "name": "DEPENDENCY_CONFIG",
+                "value": "/etc/apache2/conf-enabled/wsgi-keystone.conf"
              },
              {
                "name": "COMMAND",
                "value": "echo done"
-              }
+              }              
            ]
          }
        ]'
    spec:
      nodeSelector:
-        {{ .Values.global.deployment.control_node_label }}: enabled
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      containers:
        - name: keystone-api
-          image: {{ .Values.global.deployment.image.api }}
+          image: {{ .Values.images.api }}
          command:
-          - bash 
-          - /tmp/start.sh
-          env:
-            - name: INTERFACE_NAME
-              value: "eth0"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: COMMAND
-              value: "bash /tmp/start.sh"
-            - name: DEPENDENCY_JOBS
-              value: "keystone-init,keystone-db-sync,mariadb-seed"
-            - name: DEPENDENCY_SERVICE
-              value: "mariadb,rabbitmq"
-            - name: DEPENDENCY_CONFIG
-              value: "/etc/apache2/conf-enabled/wsgi-keystone.conf"
+            - bash
+            - /tmp/start.sh
          ports:
-            - containerPort: {{ .Values.global.network.port.public }}
-            - containerPort: {{ .Values.global.network.port.admin }}
+            - containerPort: {{ .Values.network.port.public }}
+            - containerPort: {{ .Values.network.port.admin }}
          readinessProbe:
            tcpSocket:
-              port: {{ .Values.global.network.port.public }}
+              port: {{ .Values.network.port.public }}
          volumeMounts:
            - name: keystoneconf
              mountPath: /etc/keystone/keystone.conf
--- a/keystone/templates/init.sh.yaml
+++ b/keystone/templates/init.sh.yaml
@ -8,6 +8,6 @@ data:
    set -ex
    export HOME=/tmp
    
-    ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_database_name }}'"
-    ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_user }}' password='{{ .Values.global.database.keystone_password }}' host='%' priv='{{ .Values.global.database.keystone_database_name }}.*:ALL' append_privs='yes'"
+    ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_database_name }}'"
+    ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_user }}' password='{{ .Values.database.keystone_password }}' host='%' priv='{{ .Values.database.keystone_database_name }}.*:ALL' append_privs='yes'"

--- a/keystone/templates/init.yaml
+++ b/keystone/templates/init.yaml
@ -11,13 +11,17 @@ spec:
            "name": "init",
            "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
            "env": [
+              {
+                "name": "NAMESPACE",
+                "value": "{{ .Release.Namespace }}"
+              },
              {
                "name": "DEPENDENCY_SERVICE",
                "value": "mariadb"
              },
              {
                "name": "DEPENDENCY_JOBS",
-                "value": "mariadb-seed,keystone-init"
+                "value": "mariadb-seed"
              },
              {
                "name": "COMMAND",
@ -30,25 +34,8 @@ spec:
      restartPolicy: OnFailure
      containers:
        - name: keystone-init
-          image: {{ .Values.global.deployment.image.init }}
+          image: {{ .Values.images.init }}
          imagePullPolicy: Always
-          env:
-            - name: INTERFACE_NAME
-              value: "eth0"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: COMMAND
-              value: "bash /tmp/init.sh"
-            - name: DEPENDENCY_JOBS
-              value: "mariadb-seed"
-            - name: DEPENDENCY_SERVICE
-              value: "mariadb"
          volumeMounts:
            - name: initsh
              mountPath: /tmp/init.sh
--- a/keystone/templates/keystone.conf.yaml
+++ b/keystone/templates/keystone.conf.yaml
@ -5,21 +5,21 @@ metadata:
 data:
  keystone.conf: |+
    [DEFAULT]
-    debug = {{ .Values.global.misc.debug }}
+    debug = {{ .Values.misc.debug }}
    use_syslog = False
    use_stderr = True
-    workers = {{ .Values.global.misc.workers }}
+    workers = {{ .Values.misc.workers }}

    [database]
-    connection = mysql+pymysql://{{ .Values.global.database.keystone_user }}:{{ .Values.global.database.keystone_password }}@{{ .Values.global.database.address }}/{{ .Values.global.database.keystone_database_name }}
+    connection = mysql+pymysql://{{ .Values.database.keystone_user }}:{{ .Values.database.keystone_password }}@{{ include "keystone_db_host" . }}/{{ .Values.database.keystone_database_name }}
    max_retries = -1

    [memcache]
-    servers = {{ .Values.global.memcached.address }}
+    servers = {{ include "memcached_host" . }}

    [cache]
    backend = dogpile.cache.memcached
-    memcache_servers = {{.Values.global.memcached.address}}
+    memcache_servers = {{ include "memcached_host" . }}
    config_prefix = cache.keystone
    distributed_lock = True
    enabled = True
--- a/keystone/templates/service.yaml
+++ b/keystone/templates/service.yaml
@ -5,8 +5,8 @@ metadata:
 spec:
  ports:
  - name: keystone-api-public
-    port: {{ .Values.global.network.port.public }}
+    port: {{ .Values.network.port.public }}
  - name: keystone-api-admin
-    port: {{ .Values.global.network.port.admin }}
+    port: {{ .Values.network.port.admin }}
  selector:
    app: keystone-api
--- a/keystone/templates/wsgi-keystone.conf.yaml
+++ b/keystone/templates/wsgi-keystone.conf.yaml
@ -4,10 +4,10 @@ metadata:
  name: keystone-wsgikeystone
 data:
  wsgi-keystone.conf: |+
-    Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.public }}
-    Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.admin }}
+    Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }}
+    Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}

-    <VirtualHost *:{{ .Values.global.network.port.public }}>
+    <VirtualHost *:{{ .Values.network.port.public }}>
        WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-public
        WSGIScriptAlias / /var/www/cgi-bin/keystone/main
@ -20,7 +20,7 @@ data:
        CustomLog "|/bin/cat" combined
    </VirtualHost>

-    <VirtualHost *:{{ .Values.global.network.port.admin }}>
+    <VirtualHost *:{{ .Values.network.port.admin }}>
        WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP}
        WSGIProcessGroup keystone-admin
        WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -1,31 +1,41 @@
-global:
-  deployment:
-    replicas: 1
-    control_node_label: openstack-control-plane
-    image:
-      db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
-      api: quay.io/stackanetes/stackanetes-keystone-api:newton 
-      init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
-  network:
-    port:
-      admin: 35357
-      public: 5000
-    ip_address: "{{ .IP }}"
-  database:
-    address: mariadb
-    port: 3306
-    root_user: root
-    root_password: password
-    keystone_database_name: keystone
-    keystone_password: password
-    keystone_user: keystone
-  keystone:
-    admin_region_name: RegionOne 
-    admin_user: admin
-    admin_password: password
-    admin_project_name: admin
-  memcached:
-    address: memcached
-  misc:
-    workers: 8
-    debug: false
+# Default values for keystone.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+replicas: 1
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+images:
+  db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
+  api: quay.io/stackanetes/stackanetes-keystone-api:newton 
+  init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+
+keystone:
+  version: v2.0
+  scheme: http
+  admin_region_name: RegionOne 
+  admin_user: admin
+  admin_password: password
+  admin_project_name: admin
+
+network:
+  port:
+    admin: 35357
+    public: 5000
+  ip_address: "{{ .IP }}"
+
+database:
+  port: 3306
+  root_user: root
+  root_password: password
+  keystone_database_name: keystone
+  keystone_password: password
+  keystone_user: keystone
+
+misc:
+  workers: 8
+  debug: false
--- a/mariadb/requirements.lock
+++ b/mariadb/requirements.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: openstack-base
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
+generated: 2016-11-25T16:24:28.454876345-08:00
--- a/mariadb/requirements.yaml
+++ b/mariadb/requirements.yaml
@ -0,0 +1,4 @@
+dependencies:
+  - name: openstack-base
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/mariadb/templates/mariadb-deployment.yaml
+++ b/mariadb/templates/mariadb-deployment.yaml
@ -2,20 +2,20 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: infra-db
+  name: mariadb
 spec:
  ports:
    - name: db
      port: {{ .Values.network.port.mariadb }}
  selector:
    app: mariadb
-    {{- $root := . -}}
+{{- $root := . -}}
 {{ range $k, $v := until (atoi .Values.replicas) }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: infra-db-{{$v}}
+  name: mariadb-{{$v}}
  labels:
    release: {{ $root.Release.Name | quote }}
    chart: "{{ $root.Chart.Name }}-{{ $root.Chart.Version }}"
@ -85,7 +85,7 @@ spec:
          }        
    spec:
      nodeSelector:
-        {{ $root.Values.labels.control_node_label }}: enabled
+        {{ $root.Values.labels.node_selector_key }}: {{ $root.Values.labels.node_selector_value }}
      containers:
        - name: mariadb-{{$v}}
          image: {{ $root.Values.images.mariadb }}
@ -203,4 +203,4 @@ spec:
            matchLabels:
              server-id: "{{$v}}"
            claimName: mariadb-{{$v}}
-  {{ end }}
+  {{ end }}
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@ -1,11 +1,20 @@
+# Default values for mariadb.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
 replicas: "3" # this must be quoted to deal with atoi
+
 images:
  mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
-  ceph_rbd_job: quay.io/attcomdev/ceph-daemon:latest
+
 volume:
  size: 20Gi
+
 labels:
-  control_node_label: openstack-control-plane
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
 network:
  port:
    wsrep: 4567 
@ -13,6 +22,7 @@ network:
  dns:
    kubernetes_domain: cluster.local
  ip_address: "{{ .IP }}"
+  
 database:
  root_password: password
  cluster_name: mariadb
--- a/memcached/requirements.lock
+++ b/memcached/requirements.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: openstack-base
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
+generated: 2016-11-25T16:24:49.79575501-08:00
--- a/memcached/requirements.yaml
+++ b/memcached/requirements.yaml
@ -0,0 +1,4 @@
+dependencies:
+  - name: openstack-base
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/memcached/templates/deployment.yaml
+++ b/memcached/templates/deployment.yaml
@ -10,24 +10,12 @@ spec:
        app: memcached
    spec:
      nodeSelector:
-        {{ .Values.global.deployment.control_node_label }}: enabled
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      containers:
        - name: memcached
-          image: {{ .Values.global.deployment.image.memcached }}
+          image: {{ .Values.images.memcached }}
          imagePullPolicy: Always
-          env:
-            - name: INTERFACE_NAME
-              value: "eth0"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: COMMAND
-              value: "memcached -v -p {{ .Values.network.port }} -U 0 -c 8192 -m 1024"
+          command: "memcached -v -p {{ .Values.network.port }} -U 0 -c 8192 -m 1024"
          ports:
            - containerPort: {{ .Values.network.port }}
          readinessProbe:
--- a/memcached/values.yaml
+++ b/memcached/values.yaml
@ -1,7 +1,14 @@
-global:
-  deployment:
-    image: 
-      memcached: quay.io/stackanetes/stackanetes-memcached:newton
-    control_node_label: openstack-control-plane
+# Default values for memcached.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+images:
+  memcached: quay.io/stackanetes/stackanetes-memcached:newton
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
 network:
  port: 11211
--- a/openstack-base/.gitignore
+++ b/openstack-base/.gitignore
--- a/openstack-base/.helmignore
+++ b/openstack-base/.helmignore
--- a/openstack-base/Chart.yaml
+++ b/openstack-base/Chart.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+description: A base chart for all openstack charts
+name: openstack-base
+version: 0.1.0
--- a/openstack-base/Makefile
+++ b/openstack-base/Makefile
@ -1,7 +1,7 @@
-EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/*
+EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/* openstack-base/Chart.yaml
 FILES := $(shell find * -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") )

-templates/_partials.tpl: Makefile $(FILES)
+templates/_common.tpl: Makefile $(FILES)
 	echo Generating $(CURDIR)/$@
 	rm -f $@
 	for i in $(FILES); do  printf '{{ define "'$$i'" }}' >> $@; cat $$i >> $@; printf "{{ end }}\n" >> $@; done
--- a/openstack-base/requirements.lock
+++ b/openstack-base/requirements.lock
@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:81059fe6210ccee4e3349c0f34c12d180f995150128a913d63b65b7937c6b152
+generated: 2016-11-25T16:25:49.376763578-08:00
--- a/openstack-base/requirements.yaml
+++ b/openstack-base/requirements.yaml
@ -0,0 +1 @@
+dependencies: []
--- a/openstack-base/templates/_hosts.tpl
+++ b/openstack-base/templates/_hosts.tpl
@ -0,0 +1,15 @@
+# fqdn
+{{define "region"}}cluster{{end}}
+{{define "tld"}}local{{end}}
+
+# infrastructure services
+{{define "rabbitmq_host"}}rabbitmq.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+{{define "memcached_host"}}memcached.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+{{define "mariadb_host"}}mariadb.{{.Release.Namespace}}.svc.kubernetes.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+
+# keystone
+{{define "keystone_db_host"}} {{ include "mariadb_host" . }}{{end}}
+{{define "keystone_api_endpoint_host_admin"}}keystone-api.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+{{define "keystone_api_endpoint_host_internal"}}keystone-api.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+{{define "keystone_api_endpoint_host_public"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{end}}
+{{define "keystone_api_endpoint_host_admin_ext"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{end}}
--- a/openstack-base/utils/secret-generator/README.md
+++ b/openstack-base/utils/secret-generator/README.md
--- a/openstack-base/utils/secret-generator/ceph-key.py
+++ b/openstack-base/utils/secret-generator/ceph-key.py
--- a/openstack-base/utils/secret-generator/generate_secrets.sh
+++ b/openstack-base/utils/secret-generator/generate_secrets.sh
--- a/openstack-base/utils/secret-generator/templates/ceph/admin.keyring.tmpl
+++ b/openstack-base/utils/secret-generator/templates/ceph/admin.keyring.tmpl
--- a/openstack-base/utils/secret-generator/templates/ceph/bootstrap.keyring.tmpl
+++ b/openstack-base/utils/secret-generator/templates/ceph/bootstrap.keyring.tmpl
--- a/openstack-base/utils/secret-generator/templates/ceph/ceph.conf.tmpl
+++ b/openstack-base/utils/secret-generator/templates/ceph/ceph.conf.tmpl
--- a/openstack-base/utils/secret-generator/templates/ceph/mon.keyring.tmpl
+++ b/openstack-base/utils/secret-generator/templates/ceph/mon.keyring.tmpl
--- a/openstack-base/utils/test/ceph-rbd-test.yaml
+++ b/openstack-base/utils/test/ceph-rbd-test.yaml
--- a/openstack-base/values.yaml
+++ b/openstack-base/values.yaml
@ -2,3 +2,7 @@
 # This is a YAML-formatted file.
 # Declare name/value pairs to be passed into your templates.
 # name: value
+
+global:
+  region: cluster
+  tld: local
--- a/openstack/Makefile
+++ b/openstack/Makefile
@ -1,4 +1,4 @@
-EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/*
+EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile openstack-base/Chart.yaml
 FILES := $(shell find * -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") )

 templates/_partials.tpl: Makefile $(FILES)
--- a/openstack/requirements.lock
+++ b/openstack/requirements.lock
@ -1,6 +1,18 @@
 dependencies:
+- name: openstack-base
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+- name: memcached
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+- name: rabbitmq
+  repository: http://localhost:8879/charts
+  version: 0.1.0
 - name: mariadb
  repository: http://localhost:8879/charts
  version: 0.1.0
-digest: sha256:4a2c3cbe5841ba5b4cefeb9b9929b5ebf52d7779b279a45c9f1bb229b1e358da
-generated: 2016-11-23T10:08:51.688995889-08:00
+- name: keystone
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+digest: sha256:cbe0cda88c1f8f7daf37f58e8d38c913478630687b22f8e622950c08cb2fdc6d
+generated: 2016-11-25T15:34:47.932395616-08:00
--- a/openstack/requirements.yaml
+++ b/openstack/requirements.yaml
@ -1,13 +1,16 @@
 dependencies:
-  # - name: memcached
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
-  # - name: rabbitmq
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
-  # - name: keystone
-  #   repository: http://localhost:8879/charts
-  #   version: 0.1.0
+  - name: openstack-base
+    version: 0.1.0
+    repository: http://localhost:8879/charts
+  - name: memcached
+    repository: http://localhost:8879/charts
+    version: 0.1.0
+  - name: rabbitmq
+    repository: http://localhost:8879/charts
+    version: 0.1.0
  - name: mariadb
    repository: http://localhost:8879/charts
    version: 0.1.0
+  - name: keystone
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/openstack/values.yaml
+++ b/openstack/values.yaml
@ -3,10 +3,14 @@
 # Declare name/value pairs to be passed into your templates.
 # name: value

-global:
-  # (alanmeadows) NOTE: these two items are not easily changeable yet
-  region: cluster
-  tld: local
+mariadb:
+  images:
+    mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
+  volume:
+    size: 20Gi
+  labels:
+    control_node_label: openstack-control-plane
+
  images:
    ceph_rbd_job: quay.io/attcomdev/ceph-daemon:latest

--- a/rabbitmq/requirements.lock
+++ b/rabbitmq/requirements.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: openstack-base
+  repository: http://localhost:8879/charts
+  version: 0.1.0
+digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
+generated: 2016-11-25T16:24:29.266938266-08:00
--- a/rabbitmq/requirements.yaml
+++ b/rabbitmq/requirements.yaml
@ -0,0 +1,4 @@
+dependencies:
+  - name: openstack-base
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/rabbitmq/templates/deployment.yaml
+++ b/rabbitmq/templates/deployment.yaml
@ -3,14 +3,14 @@ apiVersion: extensions/v1beta1
 metadata:
  name: rabbitmq
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicas }}
  template:
    metadata:
      labels:
        app: rabbitmq
    spec:
      nodeSelector:
-        {{.Values.global.label.control_node}}: enabled
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      volumes:
        - name: rabbitmq-emptydir
          emptyDir: {}
@ -19,18 +19,20 @@ spec:
            name: start-rabbitmq
      containers:
        - name: rabbitmq
-          image: rabbitmq:3-management
+          image: {{ .Values.images.rabbitmq }}
          command:
            - bash
            - /tmp/start_rabbitmq.sh
          livenessProbe:
            tcpSocket:
-              port: {{.Values.global.rabbitmq_port_public}}
+              port: {{.Values.network.port.public}}
            initialDelaySeconds: 60
            timeoutSeconds: 5
          ports:
            - name: rabbitmq
-              containerPort: {{.Values.global.rabbitmq_port_public}}
+              containerPort: {{.Values.network.port.public}}
+            - name: management
+              containerPort: {{.Values.network.port.management}}
          volumeMounts:
            - name: rabbitmq-emptydir
              mountPath: /var/lib/rabbitmq
--- a/rabbitmq/templates/service.yaml
+++ b/rabbitmq/templates/service.yaml
@ -4,6 +4,6 @@ metadata:
  name: rabbitmq
 spec:
  ports:
-  - port: {{.Values.global.rabbitmq_port_public}}
+  - port: {{.Values.network.port.public}}
  selector:
-    app: rabbitmq
+    app: rabbitmq
--- a/rabbitmq/templates/start_rabbitmq.yaml
+++ b/rabbitmq/templates/start_rabbitmq.yaml
@ -17,14 +17,14 @@ data:
    rabbitmq-plugins enable rabbitmq_tracing
    rabbitmqctl trace_on

-    rabbitmqctl add_user {{ .Values.global.rabbitmq_default_user }} {{ .Values.global.rabbitmq_default_pass }} || true
-    rabbitmqctl set_permissions {{ .Values.global.rabbitmq_default_user }} ".*" ".*" ".*" || true
+    rabbitmqctl add_user {{ .Values.auth.default_user }} {{ .Values.auth.default_pass }} || true
+    rabbitmqctl set_permissions {{ .Values.auth.default_user }} ".*" ".*" ".*" || true

-    rabbitmqctl add_user {{ .Values.global.rabbitmq_admin_user }} {{ .Values.global.rabbitmq_admin_pass }}|| true
-    rabbitmqctl set_permissions {{ .Values.global.rabbitmq_admin_user }} ".*" ".*" ".*" || true
-    rabbitmqctl set_user_tags {{ .Values.global.rabbitmq_admin_user }} administrator || true
+    rabbitmqctl add_user {{ .Values.auth.admin_user }} {{ .Values.auth.admin_pass }}|| true
+    rabbitmqctl set_permissions {{ .Values.auth.admin_user }} ".*" ".*" ".*" || true
+    rabbitmqctl set_user_tags {{ .Values.auth.admin_user }} administrator || true

-    rabbitmqctl change_password guest  {{ .Values.global.rabbitmq_default_pass }} || true
+    rabbitmqctl change_password guest  {{ .Values.auth.default_pass }} || true
    rabbitmqctl set_user_tags guest monitoring || true
    /etc/init.d/rabbitmq-server stop
    exec rabbitmq-server
--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
@ -2,16 +2,23 @@
 # This is a YAML-formatted file.
 # Declare name/value pairs to be passed into your templates.
 # name: value
-global:
-  rabbitmq_default_user: openstack
-  rabbitmq_admin_user: rabbitmq
-  rabbitmq_port_public: '5672'
-  rabbitmq_port_management: '15672'

-  rabbitmq_default_pass: password
-  rabbitmq_admin_pass: password
-  label:
-    control_node: "openstack-control-plane"
-# TODO(DTadrzak): delete me
-local:
-  image: "quay.io/stackanetes/stackanetes-rabbitmq:newton"
+replicas: "1" # this must be quoted to deal with atoi
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+auth:
+  default_user: openstack
+  default_pass: password
+  admin_user: rabbitmq
+  admin_pass: password
+
+network:
+  port:
+    public: '5672'
+    management: '15672'
+
+images:
+  rabbitmq: "rabbitmq:3-management"
--- a/utils/Chart.yaml
+++ b/utils/Chart.yaml
@ -1,4 +0,0 @@
-apiVersion: v1
-description: A Helm chart for Kubernetes
-name: utils
-version: 0.1.0
--- a/utils/templates/_common.sh
+++ b/utils/templates/_common.sh
@ -1,22 +0,0 @@
-{{define "common.sh"}}
-#!/usr/bin/env bash
-
-
-function start_application {
-
-if [ "$DEBUG_CONTAINER" = "true" ]
-then
-    tail -f /dev/null
-else
-    _start_application
-fi
-
-}
-
-CLUSTER_SCRIPT_PATH=/openstack-kube/openstack-kube/scripts
-CLUSTER_CONFIG_PATH=/openstack-kube/openstack-kube/etc
-
-export MY_IP=$(ip route get 1 | awk '{print $NF;exit}')
-
-
-{{end}}
--- a/utils/templates/_hosts.tpl
+++ b/utils/templates/_hosts.tpl
@ -1,9 +0,0 @@
-{{define "rabbitmq_host"}}rabbitmq.{{.Release.Namespace}}.svc.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "memcached_host"}}memcached.{{.Release.Namespace}}.svc.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "infra-db"}}infra-db.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-
-{{define "keystone_db_host"}}infra-db.{{.Release.Namespace}}.svc.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "keystone_api_endpoint_host_admin"}}keystone.{{.Release.Namespace}}.svc.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "keystone_api_endpoint_host_internal"}}keystone.{{.Release.Namespace}}.svc.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "keystone_api_endpoint_host_public"}}identity-3.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}
-{{define "keystone_api_endpoint_host_admin_ext"}}identity-admin-3.{{.Values.global.region}}.{{.Values.global.tld}}{{end}}