Keystone: break domain management out of generic bootstrap
This PS breaks domain management out of the generic bootstrap job. Change-Id: I9d26b58cffee0cd13f75113b2dbdf4eac16a6cf7
This commit is contained in:
parent
96ca93521d
commit
cf34a995ac
@ -17,8 +17,5 @@ limitations under the License.
|
|||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
{{- range $k, $v := .Values.conf.ks_domains }}
|
|
||||||
openstack --debug domain create --or-show {{ $k }}
|
|
||||||
keystone-manage domain_config_upload --domain-name {{ $k }} || true
|
|
||||||
{{- end }}
|
|
||||||
{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
|
{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
|
||||||
|
22
keystone/templates/bin/_domain-manage-init.sh.tpl
Normal file
22
keystone/templates/bin/_domain-manage-init.sh.tpl
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||||
|
openstack --debug domain create --or-show {{ $k }}
|
||||||
|
{{- end }}
|
22
keystone/templates/bin/_domain-manage.sh.tpl
Normal file
22
keystone/templates/bin/_domain-manage.sh.tpl
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||||
|
keystone-manage domain_config_upload --domain-name {{ $k }} || true
|
||||||
|
{{- end }}
|
@ -41,4 +41,8 @@ data:
|
|||||||
{{ tuple "bin/_keystone-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_keystone-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
fernet-manage.py: |
|
fernet-manage.py: |
|
||||||
{{ tuple "bin/_fernet-manage.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_fernet-manage.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
domain-manage-init.sh: |
|
||||||
|
{{ tuple "bin/_domain-manage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
domain-manage.sh: |
|
||||||
|
{{ tuple "bin/_domain-manage.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
{{ tuple $envAll $dependencies $mounts_keystone_bootstrap_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll $dependencies $mounts_keystone_bootstrap_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: keystone-bootstrap
|
- name: keystone-bootstrap
|
||||||
image: {{ .Values.images.tags.keystone_bootstrap }}
|
image: {{ .Values.images.tags.bootstrap }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
env:
|
env:
|
||||||
|
117
keystone/templates/job-domain-manage.yaml
Normal file
117
keystone/templates/job-domain-manage.yaml
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_domain_manage }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- $dependencies := .Values.dependencies.domain_manage }}
|
||||||
|
|
||||||
|
{{- $mounts_keystone_domain_manage := .Values.pod.mounts.keystone_domain_manage.keystone_domain_manage }}
|
||||||
|
{{- $mounts_keystone_domain_manage_init := .Values.pod.mounts.keystone_domain_manage.init_container }}
|
||||||
|
|
||||||
|
{{- $serviceAccountName := "keystone-domain-manage" }}
|
||||||
|
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: keystone-domain-manage
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "keystone" "domain-manage" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll $dependencies $mounts_keystone_domain_manage_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
- name: keystone-domain-manage-init
|
||||||
|
image: {{ .Values.images.tags.bootstrap }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
command:
|
||||||
|
- /tmp/domain-manage-init.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: keystone-bin
|
||||||
|
mountPath: /tmp/domain-manage-init.sh
|
||||||
|
subPath: domain-manage-init.sh
|
||||||
|
readOnly: true
|
||||||
|
containers:
|
||||||
|
- name: keystone-domain-manage
|
||||||
|
image: {{ .Values.images.tags.keystone_domain_manage }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
command:
|
||||||
|
- /tmp/domain-manage.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: etckeystonedomains
|
||||||
|
mountPath: {{ .Values.conf.keystone.identity.domain_config_dir | default "/etc/keystonedomains" }}
|
||||||
|
- name: etckeystone
|
||||||
|
mountPath: /etc/keystone
|
||||||
|
- name: keystone-bin
|
||||||
|
mountPath: /tmp/domain-manage.sh
|
||||||
|
subPath: domain-manage.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: keystone-etc
|
||||||
|
mountPath: /etc/keystone/keystone.conf
|
||||||
|
subPath: keystone.conf
|
||||||
|
readOnly: true
|
||||||
|
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||||
|
- name: keystone-etc
|
||||||
|
mountPath: {{ $envAll.Values.conf.keystone.identity.domain_config_dir | default "/etc/keystonedomains" }}/keystone.{{ $k }}.conf
|
||||||
|
subPath: keystone.{{ $k }}.conf
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
||||||
|
- name: keystone-fernet-keys
|
||||||
|
mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }}
|
||||||
|
{{- end }}
|
||||||
|
- name: keystone-credential-keys
|
||||||
|
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
|
||||||
|
{{ if $mounts_keystone_domain_manage.volumeMounts }}{{ toYaml $mounts_keystone_domain_manage.volumeMounts | indent 12 }}{{ end }}
|
||||||
|
volumes:
|
||||||
|
- name: etckeystone
|
||||||
|
emptyDir: {}
|
||||||
|
- name: etckeystonedomains
|
||||||
|
emptyDir: {}
|
||||||
|
- name: keystone-etc
|
||||||
|
configMap:
|
||||||
|
name: keystone-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
- name: keystone-bin
|
||||||
|
configMap:
|
||||||
|
name: keystone-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
||||||
|
- name: keystone-fernet-keys
|
||||||
|
secret:
|
||||||
|
secretName: keystone-fernet-keys
|
||||||
|
{{- end }}
|
||||||
|
- name: keystone-credential-keys
|
||||||
|
secret:
|
||||||
|
secretName: keystone-credential-keys
|
||||||
|
{{ if $mounts_keystone_domain_manage.volumes }}{{ toYaml $mounts_keystone_domain_manage.volumes | indent 9 }}{{ end }}
|
||||||
|
{{- end }}
|
@ -25,7 +25,7 @@ release_group: null
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
keystone_bootstrap: docker.io/openstackhelm/heat:newton
|
bootstrap: docker.io/openstackhelm/heat:newton
|
||||||
test: docker.io/kolla/ubuntu-source-rally:4.0.0
|
test: docker.io/kolla/ubuntu-source-rally:4.0.0
|
||||||
db_init: docker.io/openstackhelm/heat:newton
|
db_init: docker.io/openstackhelm/heat:newton
|
||||||
keystone_db_sync: docker.io/openstackhelm/keystone:newton
|
keystone_db_sync: docker.io/openstackhelm/keystone:newton
|
||||||
@ -36,6 +36,7 @@ images:
|
|||||||
keystone_credential_setup: docker.io/openstackhelm/keystone:newton
|
keystone_credential_setup: docker.io/openstackhelm/keystone:newton
|
||||||
keystone_credential_rotate: docker.io/openstackhelm/keystone:newton
|
keystone_credential_rotate: docker.io/openstackhelm/keystone:newton
|
||||||
keystone_api: docker.io/openstackhelm/keystone:newton
|
keystone_api: docker.io/openstackhelm/keystone:newton
|
||||||
|
keystone_domain_manage: docker.io/openstackhelm/keystone:newton
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
pull_policy: "IfNotPresent"
|
pull_policy: "IfNotPresent"
|
||||||
|
|
||||||
@ -112,6 +113,12 @@ dependencies:
|
|||||||
services:
|
services:
|
||||||
- service: identity
|
- service: identity
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
jobs:
|
||||||
|
- keystone-domain-manage
|
||||||
|
domain_manage:
|
||||||
|
services:
|
||||||
|
- service: identity
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
affinity:
|
affinity:
|
||||||
@ -148,6 +155,9 @@ pod:
|
|||||||
keystone_credential_rotate:
|
keystone_credential_rotate:
|
||||||
init_container: null
|
init_container: null
|
||||||
keystone_credential_rotate:
|
keystone_credential_rotate:
|
||||||
|
keystone_domain_manage:
|
||||||
|
init_container: null
|
||||||
|
keystone_domain_manage:
|
||||||
replicas:
|
replicas:
|
||||||
api: 1
|
api: 1
|
||||||
lifecycle:
|
lifecycle:
|
||||||
@ -181,6 +191,13 @@ pod:
|
|||||||
limits:
|
limits:
|
||||||
memory: "1024Mi"
|
memory: "1024Mi"
|
||||||
cpu: "2000m"
|
cpu: "2000m"
|
||||||
|
domain_manage:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
db_init:
|
db_init:
|
||||||
requests:
|
requests:
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
@ -807,6 +824,7 @@ manifests:
|
|||||||
job_db_init: true
|
job_db_init: true
|
||||||
job_db_sync: true
|
job_db_sync: true
|
||||||
job_db_drop: false
|
job_db_drop: false
|
||||||
|
job_domain_manage: true
|
||||||
job_fernet_setup: true
|
job_fernet_setup: true
|
||||||
pdb_api: true
|
pdb_api: true
|
||||||
pod_rally_test: true
|
pod_rally_test: true
|
||||||
|
@ -242,21 +242,22 @@ data:
|
|||||||
labels:
|
labels:
|
||||||
application: keystone
|
application: keystone
|
||||||
component: credential-setup
|
component: credential-setup
|
||||||
- name: keystone-db-init
|
- type: job
|
||||||
type: job
|
|
||||||
labels:
|
labels:
|
||||||
application: keystone
|
application: keystone
|
||||||
component: db-init
|
component: db-init
|
||||||
- name: keystone-db-sync
|
- type: job
|
||||||
type: job
|
|
||||||
labels:
|
labels:
|
||||||
application: keystone
|
application: keystone
|
||||||
component: db-sync
|
component: db-sync
|
||||||
- name: keystone-fernet-setup
|
- type: job
|
||||||
type: job
|
|
||||||
labels:
|
labels:
|
||||||
application: keystone
|
application: keystone
|
||||||
component: fernet-setup
|
component: fernet-setup
|
||||||
|
- type: job
|
||||||
|
labels:
|
||||||
|
application: keystone
|
||||||
|
component: domain-manage
|
||||||
values:
|
values:
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
|
@ -35,11 +35,17 @@ images:
|
|||||||
heat_engine: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
heat_engine: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||||
horizon: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
horizon: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
||||||
horizon_db_sync: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
horizon_db_sync: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
||||||
|
ironic_api: 'docker.io/kolla/ubuntu-source-ironic-api:3.0.3'
|
||||||
|
ironic_bootstrap: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||||
|
ironic_conductor: 'docker.io/kolla/ubuntu-source-ironic-conductor:3.0.3'
|
||||||
|
ironic_db_sync: 'docker.io/kolla/ubuntu-source-ironic-api:3.0.3'
|
||||||
|
ironic_pxe: 'docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3'
|
||||||
|
ironic_pxe_init: 'docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3'
|
||||||
keystone_api: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_api: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
keystone_bootstrap: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
|
||||||
keystone_credential_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_credential_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
keystone_credential_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_credential_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
keystone_db_sync: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_db_sync: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
|
keystone_domain_manage: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
keystone_fernet_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_fernet_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
keystone_fernet_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
keystone_fernet_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||||
ks_endpoints: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
ks_endpoints: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||||
@ -74,12 +80,6 @@ images:
|
|||||||
senlin_db_sync: 'docker.io/kolla/ubuntu-source-senlin-api:3.0.3'
|
senlin_db_sync: 'docker.io/kolla/ubuntu-source-senlin-api:3.0.3'
|
||||||
senlin_engine: 'docker.io/kolla/ubuntu-source-senlin-engine:3.0.3'
|
senlin_engine: 'docker.io/kolla/ubuntu-source-senlin-engine:3.0.3'
|
||||||
test: 'docker.io/kolla/ubuntu-source-rally:4.0.0'
|
test: 'docker.io/kolla/ubuntu-source-rally:4.0.0'
|
||||||
ironic_bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
||||||
ironic_db_sync: docker.io/kolla/ubuntu-source-ironic-api:3.0.3
|
|
||||||
ironic_api: docker.io/kolla/ubuntu-source-ironic-api:3.0.3
|
|
||||||
ironic_conductor: docker.io/kolla/ubuntu-source-ironic-conductor:3.0.3
|
|
||||||
ironic_pxe: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3
|
|
||||||
ironic_pxe_init: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3
|
|
||||||
pod:
|
pod:
|
||||||
user:
|
user:
|
||||||
barbican:
|
barbican:
|
||||||
|
Loading…
Reference in New Issue
Block a user