Keystone: break domain management out of generic bootstrap
This PS breaks domain management out of the generic bootstrap job. Change-Id: I9d26b58cffee0cd13f75113b2dbdf4eac16a6cf7
This commit is contained in:
parent
96ca93521d
commit
cf34a995ac
@ -17,8 +17,5 @@ limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||
openstack --debug domain create --or-show {{ $k }}
|
||||
keystone-manage domain_config_upload --domain-name {{ $k }} || true
|
||||
{{- end }}
|
||||
|
||||
{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
|
||||
|
22
keystone/templates/bin/_domain-manage-init.sh.tpl
Normal file
22
keystone/templates/bin/_domain-manage-init.sh.tpl
Normal file
@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||
openstack --debug domain create --or-show {{ $k }}
|
||||
{{- end }}
|
22
keystone/templates/bin/_domain-manage.sh.tpl
Normal file
22
keystone/templates/bin/_domain-manage.sh.tpl
Normal file
@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||
keystone-manage domain_config_upload --domain-name {{ $k }} || true
|
||||
{{- end }}
|
@ -41,4 +41,8 @@ data:
|
||||
{{ tuple "bin/_keystone-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
fernet-manage.py: |
|
||||
{{ tuple "bin/_fernet-manage.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
domain-manage-init.sh: |
|
||||
{{ tuple "bin/_domain-manage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
domain-manage.sh: |
|
||||
{{ tuple "bin/_domain-manage.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
{{ tuple $envAll $dependencies $mounts_keystone_bootstrap_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: keystone-bootstrap
|
||||
image: {{ .Values.images.tags.keystone_bootstrap }}
|
||||
image: {{ .Values.images.tags.bootstrap }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
117
keystone/templates/job-domain-manage.yaml
Normal file
117
keystone/templates/job-domain-manage.yaml
Normal file
@ -0,0 +1,117 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_domain_manage }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.domain_manage }}
|
||||
|
||||
{{- $mounts_keystone_domain_manage := .Values.pod.mounts.keystone_domain_manage.keystone_domain_manage }}
|
||||
{{- $mounts_keystone_domain_manage_init := .Values.pod.mounts.keystone_domain_manage.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "keystone-domain-manage" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: keystone-domain-manage
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "keystone" "domain-manage" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_keystone_domain_manage_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: keystone-domain-manage-init
|
||||
image: {{ .Values.images.tags.bootstrap }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/domain-manage-init.sh
|
||||
volumeMounts:
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/domain-manage-init.sh
|
||||
subPath: domain-manage-init.sh
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: keystone-domain-manage
|
||||
image: {{ .Values.images.tags.keystone_domain_manage }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/domain-manage.sh
|
||||
volumeMounts:
|
||||
- name: etckeystonedomains
|
||||
mountPath: {{ .Values.conf.keystone.identity.domain_config_dir | default "/etc/keystonedomains" }}
|
||||
- name: etckeystone
|
||||
mountPath: /etc/keystone
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/domain-manage.sh
|
||||
subPath: domain-manage.sh
|
||||
readOnly: true
|
||||
- name: keystone-etc
|
||||
mountPath: /etc/keystone/keystone.conf
|
||||
subPath: keystone.conf
|
||||
readOnly: true
|
||||
{{- range $k, $v := .Values.conf.ks_domains }}
|
||||
- name: keystone-etc
|
||||
mountPath: {{ $envAll.Values.conf.keystone.identity.domain_config_dir | default "/etc/keystonedomains" }}/keystone.{{ $k }}.conf
|
||||
subPath: keystone.{{ $k }}.conf
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
||||
- name: keystone-fernet-keys
|
||||
mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }}
|
||||
{{- end }}
|
||||
- name: keystone-credential-keys
|
||||
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
|
||||
{{ if $mounts_keystone_domain_manage.volumeMounts }}{{ toYaml $mounts_keystone_domain_manage.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: etckeystone
|
||||
emptyDir: {}
|
||||
- name: etckeystonedomains
|
||||
emptyDir: {}
|
||||
- name: keystone-etc
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
defaultMode: 0444
|
||||
- name: keystone-bin
|
||||
configMap:
|
||||
name: keystone-bin
|
||||
defaultMode: 0555
|
||||
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
||||
- name: keystone-fernet-keys
|
||||
secret:
|
||||
secretName: keystone-fernet-keys
|
||||
{{- end }}
|
||||
- name: keystone-credential-keys
|
||||
secret:
|
||||
secretName: keystone-credential-keys
|
||||
{{ if $mounts_keystone_domain_manage.volumes }}{{ toYaml $mounts_keystone_domain_manage.volumes | indent 9 }}{{ end }}
|
||||
{{- end }}
|
@ -25,7 +25,7 @@ release_group: null
|
||||
|
||||
images:
|
||||
tags:
|
||||
keystone_bootstrap: docker.io/openstackhelm/heat:newton
|
||||
bootstrap: docker.io/openstackhelm/heat:newton
|
||||
test: docker.io/kolla/ubuntu-source-rally:4.0.0
|
||||
db_init: docker.io/openstackhelm/heat:newton
|
||||
keystone_db_sync: docker.io/openstackhelm/keystone:newton
|
||||
@ -36,6 +36,7 @@ images:
|
||||
keystone_credential_setup: docker.io/openstackhelm/keystone:newton
|
||||
keystone_credential_rotate: docker.io/openstackhelm/keystone:newton
|
||||
keystone_api: docker.io/openstackhelm/keystone:newton
|
||||
keystone_domain_manage: docker.io/openstackhelm/keystone:newton
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
@ -112,6 +113,12 @@ dependencies:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
jobs:
|
||||
- keystone-domain-manage
|
||||
domain_manage:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
|
||||
pod:
|
||||
affinity:
|
||||
@ -148,6 +155,9 @@ pod:
|
||||
keystone_credential_rotate:
|
||||
init_container: null
|
||||
keystone_credential_rotate:
|
||||
keystone_domain_manage:
|
||||
init_container: null
|
||||
keystone_domain_manage:
|
||||
replicas:
|
||||
api: 1
|
||||
lifecycle:
|
||||
@ -181,6 +191,13 @@ pod:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
domain_manage:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_init:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
@ -807,6 +824,7 @@ manifests:
|
||||
job_db_init: true
|
||||
job_db_sync: true
|
||||
job_db_drop: false
|
||||
job_domain_manage: true
|
||||
job_fernet_setup: true
|
||||
pdb_api: true
|
||||
pod_rally_test: true
|
||||
|
@ -242,21 +242,22 @@ data:
|
||||
labels:
|
||||
application: keystone
|
||||
component: credential-setup
|
||||
- name: keystone-db-init
|
||||
type: job
|
||||
- type: job
|
||||
labels:
|
||||
application: keystone
|
||||
component: db-init
|
||||
- name: keystone-db-sync
|
||||
type: job
|
||||
- type: job
|
||||
labels:
|
||||
application: keystone
|
||||
component: db-sync
|
||||
- name: keystone-fernet-setup
|
||||
type: job
|
||||
- type: job
|
||||
labels:
|
||||
application: keystone
|
||||
component: fernet-setup
|
||||
- type: job
|
||||
labels:
|
||||
application: keystone
|
||||
component: domain-manage
|
||||
values:
|
||||
endpoints:
|
||||
identity:
|
||||
|
@ -35,11 +35,17 @@ images:
|
||||
heat_engine: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||
horizon: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
||||
horizon_db_sync: 'docker.io/kolla/ubuntu-source-horizon:ocata'
|
||||
ironic_api: 'docker.io/kolla/ubuntu-source-ironic-api:3.0.3'
|
||||
ironic_bootstrap: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||
ironic_conductor: 'docker.io/kolla/ubuntu-source-ironic-conductor:3.0.3'
|
||||
ironic_db_sync: 'docker.io/kolla/ubuntu-source-ironic-api:3.0.3'
|
||||
ironic_pxe: 'docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3'
|
||||
ironic_pxe_init: 'docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3'
|
||||
keystone_api: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_bootstrap: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_credential_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_credential_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_db_sync: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_domain_manage: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_fernet_rotate: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
keystone_fernet_setup: 'docker.io/kolla/ubuntu-source-keystone:3.0.3'
|
||||
ks_endpoints: 'docker.io/kolla/ubuntu-source-heat-engine:3.0.3'
|
||||
@ -74,12 +80,6 @@ images:
|
||||
senlin_db_sync: 'docker.io/kolla/ubuntu-source-senlin-api:3.0.3'
|
||||
senlin_engine: 'docker.io/kolla/ubuntu-source-senlin-engine:3.0.3'
|
||||
test: 'docker.io/kolla/ubuntu-source-rally:4.0.0'
|
||||
ironic_bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
||||
ironic_db_sync: docker.io/kolla/ubuntu-source-ironic-api:3.0.3
|
||||
ironic_api: docker.io/kolla/ubuntu-source-ironic-api:3.0.3
|
||||
ironic_conductor: docker.io/kolla/ubuntu-source-ironic-conductor:3.0.3
|
||||
ironic_pxe: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3
|
||||
ironic_pxe_init: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3
|
||||
pod:
|
||||
user:
|
||||
barbican:
|
||||
|
Loading…
Reference in New Issue
Block a user