From f88c401e9ece9ead01270bd513932ea22977ee2c Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 28 Mar 2017 13:46:16 -0500 Subject: [PATCH 1/9] Add Python DB Init Script --- .../templates/scripts/_db-init.py.tpl | 137 ++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 helm-toolkit/templates/scripts/_db-init.py.tpl diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl new file mode 100644 index 0000000000..ca64dc8743 --- /dev/null +++ b/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -0,0 +1,137 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- define "helm-toolkit.db_init" }} +#!/usr/bin/env python + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Creates db and user for an OpenStack Service: +# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain +# SQLAlchemy strings for the root connection to the database and the one you +# wish the service to use. Alternatively, you can use an ini formatted config +# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string +# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by +# OPENSTACK_CONFIG_DB_SECTION. + +import os +import sys +import ConfigParser +from sqlalchemy import create_engine + +# Get the connection string for the service db root user +if "ROOT_DB_CONNECTION" in os.environ: + db_connection = os.environ['ROOT_DB_CONNECTION'] +else: + print 'ROOT_DB_CONNECTION env var missing' + sys.exit(1) + +# Get the connection string for the service db +if "OPENSTACK_CONFIG_FILE" in os.environ: + try: + os_conf = os.environ['OPENSTACK_CONFIG_FILE'] + if "OPENSTACK_CONFIG_DB_SECTION" in os.environ: + os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION'] + else: + print 'Env var OPENSTACK_CONFIG_DB_SECTION not set' + sys.exit(1) + if "OPENSTACK_CONFIG_DB_KEY" in os.environ: + os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY'] + else: + print 'Env var OPENSTACK_CONFIG_DB_KEY not set' + sys.exit(1) + config = ConfigParser.RawConfigParser() + print("Using {0} as db config source".format(os_conf)) + config.read(os_conf) + print("Trying to load db config from {0}:{1}".format( + os_conf_section, os_conf_key)) + user_db_conn = config.get(os_conf_section, os_conf_key) + print("Got config from {0}".format(os_conf)) + except: + print("Tried to load config from {0} but failed.".format(os_conf)) + sys.exit(1) +elif "DB_CONNECTION" in os.environ: + user_db_conn = os.environ['DB_CONNECTION'] + print 'Got config from DB_CONNECTION env var' +else: + print 'Could not get db config, either from config file or env var' + sys.exit(1) + +# Root DB engine +try: + root_engine_full = create_engine(db_connection) + root_user = root_engine_full.url.username + root_password = root_engine_full.url.password + drivername = root_engine_full.url.drivername + host = root_engine_full.url.host + port = root_engine_full.url.port + root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)]) + root_engine = create_engine(root_engine_url) + connection = root_engine.connect() + connection.close() +except: + print 'Could not connect to database as root user' + sys.exit(1) + +# User DB engine +try: + user_engine = create_engine(user_db_conn) + # Get our user data out of the user_engine + database = user_engine.url.database + user = user_engine.url.username + password = user_engine.url.password + print 'Got user db config' +except: + print 'Could not get user database config' + sys.exit(1) + +# Create DB +try: + root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database)) + print("Created database {0}".format(database)) +except: + print("Could not create database {0}".format(database)) + sys.exit(1) + +# Create DB User +try: + root_engine.execute( + "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format( + database, user, password)) + print("Created user {0} for {1}".format(user, database)) +except: + print("Could not create user {0} for {1}".format(user, database)) + sys.exit(1) + +# Test connection +try: + connection = user_engine.connect() + connection.close() + print 'Database connection for user ok' +except: + print 'Could not connect to database as user' + sys.exit(1) +{{- end }} From 2a2ae0dc4ab5cce54b5e1f708d94ace3a2286eed Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 28 Mar 2017 14:33:49 -0500 Subject: [PATCH 2/9] PyMySQL Keystone Jobs --- keystone/templates/bin/_init.sh.tpl | 36 ---------------------- keystone/templates/configmap-bin.yaml | 4 +-- keystone/templates/job-db-init.yaml | 21 ++++++++++--- keystone/templates/secret-db-root.env.yaml | 7 +++++ keystone/values.yaml | 34 +++++++++++++------- 5 files changed, 48 insertions(+), 54 deletions(-) delete mode 100644 keystone/templates/bin/_init.sh.tpl create mode 100644 keystone/templates/secret-db-root.env.yaml diff --git a/keystone/templates/bin/_init.sh.tpl b/keystone/templates/bin/_init.sh.tpl deleted file mode 100644 index 020e245b6c..0000000000 --- a/keystone/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \ - password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \ - host='%' \ - priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \ - append_privs='yes'" diff --git a/keystone/templates/configmap-bin.yaml b/keystone/templates/configmap-bin.yaml index 75c90284eb..f91c2953f2 100644 --- a/keystone/templates/configmap-bin.yaml +++ b/keystone/templates/configmap-bin.yaml @@ -19,9 +19,9 @@ kind: ConfigMap metadata: name: keystone-bin data: + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} db-sync.sh: | {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - init.sh: | -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} start.sh: | {{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml index 574899d632..93593af8dd 100644 --- a/keystone/templates/job-db-init.yaml +++ b/keystone/templates/job-db-init.yaml @@ -36,7 +36,7 @@ spec: - name: keystone-db-init image: {{ .Values.images.db_init }} imagePullPolicy: {{ .Values.images.pull_policy }} - {{- if .Values.resources.enabled }} + {{- if .Values.resources.enabled }} resources: limits: cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }} @@ -45,11 +45,22 @@ spec: cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }} memory: {{ .Values.resources.jobs.init.requests.memory | quote }} {{- end }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: keystone-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/keystone/keystone.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh - volumeMounts: + - python + - /tmp/db-init.py + volumeMounts: {{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }} volumes: {{ toYaml $mounts_keystone_db_init.volumes | indent 8 }} - diff --git a/keystone/templates/secret-db-root.env.yaml b/keystone/templates/secret-db-root.env.yaml new file mode 100644 index 0000000000..62da0ff317 --- /dev/null +++ b/keystone/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keystone-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/keystone/values.yaml b/keystone/values.yaml index a9a1edadce..24526c0d88 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -24,7 +24,7 @@ labels: node_selector_value: enabled images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-keystone-api:newton db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton api: quay.io/stackanetes/stackanetes-keystone-api:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 @@ -97,15 +97,27 @@ resources: mounts: keystone_db_init: init_container: null - keystone_db_init: + keystone_db_init: volumes: + - name: empty + emptyDir: {} + - name: keystone-etc + configMap: + name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: + - name: empty + mountPath: /etc/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true - name: keystone-bin - mountPath: /tmp/init.sh - subPath: init.sh + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true keystone_db_sync: init_container: null keystone_db_sync: @@ -117,7 +129,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -128,7 +140,7 @@ mounts: - name: keystone-bin mountPath: /tmp/db-sync.sh subPath: db-sync.sh - readOnly: true + readOnly: true keystone_api: init_container: null keystone_api: @@ -140,7 +152,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -171,7 +183,7 @@ mounts: - name: keystone-bin mountPath: /tmp/start.sh subPath: start.sh - readOnly: true + readOnly: true conf: paste: @@ -183,7 +195,7 @@ conf: keystone: override: append: - token: + token: keystone: provider: uuid database: @@ -231,7 +243,7 @@ endpoints: path: /openstack scheme: rabbit port: - amqp: 5672 + amqp: 5672 oslo_cache: hosts: default: memcache From deabf4389f774222b6dffb18bdf3a44d39ede990 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 28 Mar 2017 15:07:29 -0500 Subject: [PATCH 3/9] Remove Personal Copywrite from DB Script I am removing my copywrite and transfering it to the OpenStack-Helm Authors for the DB Managment Script. As although this was primarily written while an independant OSS Developer, it is not currently present in any other codebase and will only be merged post commencing work on the project in an official capacity. This does not affect the copywrite of any other code contibuted to the project by myself or any other party. --- helm-toolkit/templates/scripts/_db-init.py.tpl | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl index ca64dc8743..e5132bbfcc 100644 --- a/helm-toolkit/templates/scripts/_db-init.py.tpl +++ b/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -15,20 +15,6 @@ {{- define "helm-toolkit.db_init" }} #!/usr/bin/env python -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - # Creates db and user for an OpenStack Service: # Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain # SQLAlchemy strings for the root connection to the database and the one you From 549bfea927c815f9cbbd586974192614b72b625e Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Mon, 3 Apr 2017 10:30:25 -0500 Subject: [PATCH 4/9] Update DB Init script to include tracebacks and improved output --- .../templates/scripts/_db-init.py.tpl | 60 +++++++++++++------ 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl index e5132bbfcc..ca17f8b9a3 100644 --- a/helm-toolkit/templates/scripts/_db-init.py.tpl +++ b/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -26,13 +26,27 @@ import os import sys import ConfigParser +import logging from sqlalchemy import create_engine +# Create logger, console handler and formatter +logger = logging.getLogger('OpenStack-Helm DB Init') +logger.setLevel(logging.DEBUG) +ch = logging.StreamHandler() +ch.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + +# Set the formatter and add the handler +ch.setFormatter(formatter) +logger.addHandler(ch) + + # Get the connection string for the service db root user if "ROOT_DB_CONNECTION" in os.environ: db_connection = os.environ['ROOT_DB_CONNECTION'] + logger.info('Got DB root connection') else: - print 'ROOT_DB_CONNECTION env var missing' + logger.critical('environment variable ROOT_DB_CONNECTION not set') sys.exit(1) # Get the connection string for the service db @@ -42,28 +56,28 @@ if "OPENSTACK_CONFIG_FILE" in os.environ: if "OPENSTACK_CONFIG_DB_SECTION" in os.environ: os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION'] else: - print 'Env var OPENSTACK_CONFIG_DB_SECTION not set' + logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set') sys.exit(1) if "OPENSTACK_CONFIG_DB_KEY" in os.environ: os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY'] else: - print 'Env var OPENSTACK_CONFIG_DB_KEY not set' + logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set') sys.exit(1) config = ConfigParser.RawConfigParser() - print("Using {0} as db config source".format(os_conf)) + logger.info("Using {0} as db config source".format(os_conf)) config.read(os_conf) - print("Trying to load db config from {0}:{1}".format( + logger.info("Trying to load db config from {0}:{1}".format( os_conf_section, os_conf_key)) user_db_conn = config.get(os_conf_section, os_conf_key) - print("Got config from {0}".format(os_conf)) + logger.info("Got config from {0}".format(os_conf)) except: - print("Tried to load config from {0} but failed.".format(os_conf)) + logger.critical("Tried to load config from {0} but failed.".format(os_conf)) sys.exit(1) elif "DB_CONNECTION" in os.environ: user_db_conn = os.environ['DB_CONNECTION'] - print 'Got config from DB_CONNECTION env var' + logger.info('Got config from DB_CONNECTION env var') else: - print 'Could not get db config, either from config file or env var' + logger.critical('Could not get db config, either from config file or env var') sys.exit(1) # Root DB engine @@ -78,8 +92,11 @@ try: root_engine = create_engine(root_engine_url) connection = root_engine.connect() connection.close() + logger.info("Tested connection to DB @ {0}:{1} as {2}".format( + host, port, root_user)) except: - print 'Could not connect to database as root user' + logger.critical('Could not connect to database as root user') + raise sys.exit(1) # User DB engine @@ -89,17 +106,19 @@ try: database = user_engine.url.database user = user_engine.url.username password = user_engine.url.password - print 'Got user db config' + logger.info('Got user db config') except: - print 'Could not get user database config' + logger.critical('Could not get user database config') + raise sys.exit(1) # Create DB try: root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database)) - print("Created database {0}".format(database)) + logger.info("Created database {0}".format(database)) except: - print("Could not create database {0}".format(database)) + logger.critical("Could not create database {0}".format(database)) + raise sys.exit(1) # Create DB User @@ -107,17 +126,22 @@ try: root_engine.execute( "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format( database, user, password)) - print("Created user {0} for {1}".format(user, database)) + logger.info("Created user {0} for {1}".format(user, database)) except: - print("Could not create user {0} for {1}".format(user, database)) + logger.critical("Could not create user {0} for {1}".format(user, database)) + raise sys.exit(1) # Test connection try: connection = user_engine.connect() connection.close() - print 'Database connection for user ok' + logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format( + host, port, database, user)) except: - print 'Could not connect to database as user' + logger.critical('Could not connect to database as user') + raise sys.exit(1) + +logger.info('Finished DB Management') {{- end }} From 64bbf6700ccf227932a7a78006165667544c052e Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Mon, 3 Apr 2017 10:58:51 -0500 Subject: [PATCH 5/9] Update Glance DB Jobs --- glance/templates/bin/_db-sync.sh.tpl | 19 ++++++++++ glance/templates/bin/_init.sh.tpl | 32 ---------------- glance/templates/configmap-bin.yaml | 6 ++- glance/templates/etc/_glance-api.conf.tpl | 2 +- .../templates/etc/_glance-registry.conf.tpl | 2 +- glance/templates/job-db-init.yaml | 37 +++++++++++++++---- glance/templates/job-db-sync.yaml | 16 +++++++- glance/templates/secret-db-root.env.yaml | 7 ++++ glance/values.yaml | 25 ++++++++----- 9 files changed, 90 insertions(+), 56 deletions(-) create mode 100644 glance/templates/bin/_db-sync.sh.tpl delete mode 100644 glance/templates/bin/_init.sh.tpl create mode 100644 glance/templates/secret-db-root.env.yaml diff --git a/glance/templates/bin/_db-sync.sh.tpl b/glance/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..512fc2d5ce --- /dev/null +++ b/glance/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +glance-manage db_sync diff --git a/glance/templates/bin/_init.sh.tpl b/glance/templates/bin/_init.sh.tpl deleted file mode 100644 index 199cd48c9d..0000000000 --- a/glance/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.glance_database_name }}'" - -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.glance_user }}' \ -password='{{ .Values.database.glance_password }}' \ -host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'" diff --git a/glance/templates/configmap-bin.yaml b/glance/templates/configmap-bin.yaml index 1cd58c1c02..5bfbdcd86d 100644 --- a/glance/templates/configmap-bin.yaml +++ b/glance/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: glance-bin data: - init.sh: |+ -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl index 03648ab9e9..e872c2fe4d 100644 --- a/glance/templates/etc/_glance-api.conf.tpl +++ b/glance/templates/etc/_glance-api.conf.tpl @@ -24,7 +24,7 @@ registry_host = glance-registry show_image_direct_url = True [database] -connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl index 24f60dc62b..1a32f09928 100644 --- a/glance/templates/etc/_glance-registry.conf.tpl +++ b/glance/templates/etc/_glance-registry.conf.tpl @@ -21,7 +21,7 @@ bind_port = {{ .Values.network.port.registry }} workers = {{ .Values.misc.workers }} [database] -connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml index a8450ecbf7..2283d4dffd 100644 --- a/glance/templates/job-db-init.yaml +++ b/glance/templates/job-db-init.yaml @@ -43,16 +43,37 @@ spec: memory: {{ .Values.resources.jobs.init.requests.memory | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: glance-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/glance/glance-api.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: initsh - mountPath: /tmp/init.sh - subPath: init.sh + - name: glance-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcglance + mountPath: /etc/glance + - name: glanceapiconf + mountPath: /etc/glance/glance-api.conf + subPath: glance-api.conf + readOnly: true volumes: - - name: initsh + - name: etcglance + emptyDir: {} + - name: glanceapiconf + configMap: + name: glance-etc + - name: glance-bin configMap: name: glance-bin diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml index f3987ba01d..c1545f28e3 100644 --- a/glance/templates/job-db-sync.yaml +++ b/glance/templates/job-db-sync.yaml @@ -43,13 +43,25 @@ spec: memory: {{ .Values.resources.jobs.db.requests.memory | quote }} {{- end }} command: - - glance-manage - - db_sync + - bash + - /tmp/db-sync.sh volumeMounts: + - name: glance-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcglance + mountPath: /etc/glance - name: glanceapiconf mountPath: /etc/glance/glance-api.conf subPath: glance-api.conf + readOnly: true volumes: + - name: etcglance + emptyDir: {} - name: glanceapiconf configMap: name: glance-etc + - name: glance-bin + configMap: + name: glance-bin diff --git a/glance/templates/secret-db-root.env.yaml b/glance/templates/secret-db-root.env.yaml new file mode 100644 index 0000000000..188e4d7924 --- /dev/null +++ b/glance/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: glance-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/glance/values.yaml b/glance/values.yaml index c02d11b764..a5e1132d53 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -30,7 +30,7 @@ labels: node_selector_value: enabled images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-glance-api:newton db_sync: quay.io/stackanetes/stackanetes-glance-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -68,15 +68,6 @@ network: api: 9292 registry: 9191 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - glance_database_name: glance - glance_password: password - glance_user: glance - ceph: enabled: true monitors: [] @@ -192,3 +183,17 @@ endpoints: port: api: 9292 registry: 9191 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: glance + password: password + hosts: + default: mariadb + path: /glance + scheme: mysql+pymysql + port: + mysql: 3306 From 105349a95b2cf33ad711ece09ce5c54a10b07093 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Mon, 3 Apr 2017 12:09:51 -0500 Subject: [PATCH 6/9] Update Cinder DB Jobs --- cinder/templates/bin/_db-init.sh.tpl | 36 ------------------------ cinder/templates/bin/_db-sync.sh.tpl | 19 +++++++++++++ cinder/templates/configmap-bin.yaml | 6 ++-- cinder/templates/etc/_cinder.conf.tpl | 2 +- cinder/templates/job-db-init.yaml | 36 ++++++++++++++++++------ cinder/templates/job-db-sync.yaml | 27 ++++++++++-------- cinder/templates/secret-db-root.env.yaml | 7 +++++ cinder/values.yaml | 29 +++++++++++-------- 8 files changed, 91 insertions(+), 71 deletions(-) delete mode 100644 cinder/templates/bin/_db-init.sh.tpl create mode 100644 cinder/templates/bin/_db-sync.sh.tpl create mode 100644 cinder/templates/secret-db-root.env.yaml diff --git a/cinder/templates/bin/_db-init.sh.tpl b/cinder/templates/bin/_db-init.sh.tpl deleted file mode 100644 index 1762c2f706..0000000000 --- a/cinder/templates/bin/_db-init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.cinder_database_name }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.cinder_user }}' \ - password='{{ .Values.database.cinder_password }}' \ - host='%' \ - priv='{{ .Values.database.cinder_database_name }}.*:ALL' \ - append_privs='yes'" diff --git a/cinder/templates/bin/_db-sync.sh.tpl b/cinder/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..9353596a3f --- /dev/null +++ b/cinder/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +glance-manage db sync diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml index 96d78bf203..92cdb13653 100644 --- a/cinder/templates/configmap-bin.yaml +++ b/cinder/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: cinder-bin data: - db-init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index cb336d6485..e1ce7a90f6 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -40,7 +40,7 @@ os_region_name = {{ .Values.keystone.cinder_region_name }} host=cinder-volume-worker [database] -connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index c9bff2261e..bbc079e369 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -43,17 +43,37 @@ spec: cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: cinder-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/cinder/cinder.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/db-init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: dbinitsh - mountPath: /tmp/db-init.sh - subPath: db-init.sh + - name: cinder-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etccinder + mountPath: /etc/cinder + - name: cinderconf + mountPath: /etc/cinder/cinder.conf + subPath: cinder.conf readOnly: true volumes: - - name: dbinitsh + - name: etccinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 47bfd85e96..78ff2631fd 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -43,22 +43,25 @@ spec: cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }} {{- end }} command: - - cinder-manage - args: - - --config-dir - - /etc/cinder/conf - - db - - sync + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-cinder + - name: cinder-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etccinder mountPath: /etc/cinder - - name: cinderconf - mountPath: /etc/cinder/conf/cinder.conf - subPath: cinder.conf + - name: cinderapiconf + mountPath: /etc/cinder/cinder-api.conf + subPath: cinder-api.conf readOnly: true volumes: - - name: pod-etc-cinder + - name: etccinder emptyDir: {} - - name: cinderconf + - name: cinderapiconf configMap: name: cinder-etc + - name: cinder-bin + configMap: + name: cinder-bin diff --git a/cinder/templates/secret-db-root.env.yaml b/cinder/templates/secret-db-root.env.yaml new file mode 100644 index 0000000000..7411f1c230 --- /dev/null +++ b/cinder/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/cinder/values.yaml b/cinder/values.yaml index 9cbb4a8124..97b86537db 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -27,15 +27,15 @@ labels: node_selector_value: enabled images: - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 + db_init: quay.io/stackanetes/stackanetes-cinder-api:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 pull_policy: "IfNotPresent" upgrades: @@ -65,15 +65,6 @@ network: port: api: 8776 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - cinder_database_name: cinder - cinder_password: password - cinder_user: cinder - ceph: enabled: true monitors: [] @@ -199,6 +190,20 @@ endpoints: scheme: 'http' port: api: 8776 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: cinder + password: password + hosts: + default: mariadb + path: /cinder + scheme: mysql+pymysql + port: + mysql: 3306 resources: enabled: false From a0092c79225871b64dff7c59ea07d61ba47c549b Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 4 Apr 2017 10:34:25 -0500 Subject: [PATCH 7/9] Update Neutron DB Jobs --- neutron/templates/bin/_db-sync.sh.tpl | 22 ++++++++++++++ neutron/templates/bin/_init.sh.tpl | 33 --------------------- neutron/templates/configmap-bin.yaml | 6 ++-- neutron/templates/etc/_neutron.conf.tpl | 2 +- neutron/templates/job-db-init.yaml | 36 +++++++++++++++++++---- neutron/templates/job-db-sync.yaml | 27 +++++++++-------- neutron/templates/secret-db-root.env.yaml | 7 +++++ neutron/values.yaml | 24 +++++++++------ 8 files changed, 93 insertions(+), 64 deletions(-) create mode 100644 neutron/templates/bin/_db-sync.sh.tpl delete mode 100644 neutron/templates/bin/_init.sh.tpl create mode 100644 neutron/templates/secret-db-root.env.yaml diff --git a/neutron/templates/bin/_db-sync.sh.tpl b/neutron/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..e5f5931a0e --- /dev/null +++ b/neutron/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2-conf.ini \ + upgrade head diff --git a/neutron/templates/bin/_init.sh.tpl b/neutron/templates/bin/_init.sh.tpl deleted file mode 100644 index f8f942a4af..0000000000 --- a/neutron/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.neutron_database_name }}'" - -ansible localhost -vvv -m mysql_user -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.neutron_user }}' \ -password='{{ .Values.database.neutron_password }}' \ -host='%' \ -priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 5db74eb60a..1d39df34cd 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -17,14 +17,16 @@ kind: ConfigMap metadata: name: neutron-bin data: + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ {{- include "helm-toolkit.keystone_endpoints" . | indent 4 }} ks-user.sh: |+ {{- include "helm-toolkit.keystone_user" . | indent 4 }} - init.sh: | -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} neutron-openvswitch-agent.sh: | {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} openvswitch-db-server.sh: | diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl index 4adcf32805..cae62114b3 100644 --- a/neutron/templates/etc/_neutron.conf.tpl +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -70,7 +70,7 @@ l2_population = true arp_responder = true [database] -connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "helm-toolkit.mariadb_host" . }}/{{ .Values.database.neutron_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/neutron/templates/job-db-init.yaml b/neutron/templates/job-db-init.yaml index b2ee4e2602..13456fc465 100644 --- a/neutron/templates/job-db-init.yaml +++ b/neutron/templates/job-db-init.yaml @@ -33,14 +33,38 @@ spec: - name: neutron-db-init image: {{ .Values.images.db_init }} imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: neutron-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/neutron/neutron.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: initsh - mountPath: /tmp/init.sh - subPath: init.sh + - name: neutron-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcneutron + mountPath: /etc/neutron + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true volumes: - - name: initsh + - name: etcneutron + emptyDir: {} + - name: neutronconf + configMap: + name: neutron-etc + - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index 99b702c3d9..2fde70568a 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -33,14 +33,6 @@ spec: - name: neutron-db-sync image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - neutron-db-manage - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/plugins/ml2/ml2-conf.ini - - upgrade - - head {{- if .Values.resources.enabled }} resources: limits: @@ -50,21 +42,30 @@ spec: cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }} memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }} {{- end }} + command: + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-neutron + - name: neutron-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcneutron mountPath: /etc/neutron - name: neutronconf mountPath: /etc/neutron/neutron.conf subPath: neutron.conf - - name: ml2confini + readOnly: true + - name: neutronconf mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini subPath: ml2-conf.ini + readOnly: true volumes: - - name: pod-etc-neutron + - name: etcneutron emptyDir: {} - name: neutronconf configMap: name: neutron-etc - - name: ml2confini + - name: neutron-bin configMap: - name: neutron-etc + name: neutron-bin diff --git a/neutron/templates/secret-db-root.env.yaml b/neutron/templates/secret-db-root.env.yaml new file mode 100644 index 0000000000..5d81dd0be6 --- /dev/null +++ b/neutron/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: neutron-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/neutron/values.yaml b/neutron/values.yaml index fddc039575..448154d95a 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -21,7 +21,7 @@ replicas: server: 1 images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-neutron-server:newton db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -116,14 +116,6 @@ keystone: nova_project_domain: "default" nova_region_name: "RegionOne" -database: - port: 3306 - root_user: root - root_password: password - neutron_database_name: neutron - neutron_password: password - neutron_user: neutron - metadata_agent: default: debug: 'True' @@ -330,3 +322,17 @@ endpoints: scheme: 'http' port: api: 9696 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: neutron + password: password + hosts: + default: mariadb + path: /neutron + scheme: mysql+pymysql + port: + mysql: 3306 From 90c4496bb2d215bee7b8e862e856bf884854f7f5 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 4 Apr 2017 10:35:52 -0500 Subject: [PATCH 8/9] Update Cinder DB Jobs --- cinder/templates/bin/_db-sync.sh.tpl | 2 +- cinder/templates/job-db-sync.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cinder/templates/bin/_db-sync.sh.tpl b/cinder/templates/bin/_db-sync.sh.tpl index 9353596a3f..51b2adaeca 100644 --- a/cinder/templates/bin/_db-sync.sh.tpl +++ b/cinder/templates/bin/_db-sync.sh.tpl @@ -16,4 +16,4 @@ set -ex -glance-manage db sync +cinder-manage db sync diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 78ff2631fd..71d2a92a5b 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -53,8 +53,8 @@ spec: - name: etccinder mountPath: /etc/cinder - name: cinderapiconf - mountPath: /etc/cinder/cinder-api.conf - subPath: cinder-api.conf + mountPath: /etc/cinder/cinder.conf + subPath: cinder.conf readOnly: true volumes: - name: etccinder From c0141e14423e37b87f86ca442d9977bb8874c674 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 4 Apr 2017 10:42:12 -0500 Subject: [PATCH 9/9] Update Heat DB Jobs --- heat/templates/bin/_db-init.sh.tpl | 36 -------------------------- heat/templates/bin/_db-sync.sh.tpl | 19 ++++++++++++++ heat/templates/configmap-bin.yaml | 6 +++-- heat/templates/etc/_heat.conf.tpl | 2 +- heat/templates/job-db-init.yaml | 36 ++++++++++++++++++++------ heat/templates/job-db-sync.yaml | 24 ++++++++++------- heat/templates/secret-db-root.env.yaml | 7 +++++ heat/values.yaml | 25 +++++++++++------- 8 files changed, 88 insertions(+), 67 deletions(-) delete mode 100644 heat/templates/bin/_db-init.sh.tpl create mode 100644 heat/templates/bin/_db-sync.sh.tpl create mode 100644 heat/templates/secret-db-root.env.yaml diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl deleted file mode 100644 index a2a6a629ce..0000000000 --- a/heat/templates/bin/_db-init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.heat_database_name }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.heat_user }}' \ - password='{{ .Values.database.heat_password }}' \ - host='%' \ - priv='{{ .Values.database.heat_database_name }}.*:ALL' \ - append_privs='yes'" diff --git a/heat/templates/bin/_db-sync.sh.tpl b/heat/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..214887b43c --- /dev/null +++ b/heat/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +heat-manage db_sync diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml index 518742c85f..60fd2bde50 100644 --- a/heat/templates/configmap-bin.yaml +++ b/heat/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: heat-bin data: - db-init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index c07ecd1297..702d04ade7 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -40,7 +40,7 @@ backend = oslo_cache.memcache_pool memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" [database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index b7b560536b..41edc90568 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -43,17 +43,37 @@ spec: cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: heat-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/heat/heat.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/db-init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: dbinitsh - mountPath: /tmp/db-init.sh - subPath: db-init.sh + - name: heat-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcheat + mountPath: /etc/heat + - name: heatapiconf + mountPath: /etc/heat/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: dbinitsh + - name: etcheat + emptyDir: {} + - name: heatapiconf + configMap: + name: heat-etc + - name: heat-bin configMap: name: heat-bin diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 187f1c21dd..5f8d340b46 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -43,21 +43,25 @@ spec: cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }} {{- end }} command: - - heat-manage - args: - - --config-dir - - /etc/heat/conf - - db_sync + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-heat + - name: heat-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcheat mountPath: /etc/heat - - name: heatconf - mountPath: /etc/heat/conf/heat.conf + - name: heatapiconf + mountPath: /etc/heat/heat.conf subPath: heat.conf readOnly: true volumes: - - name: pod-etc-heat + - name: etcheat emptyDir: {} - - name: heatconf + - name: heatapiconf configMap: name: heat-etc + - name: heat-bin + configMap: + name: heat-bin diff --git a/heat/templates/secret-db-root.env.yaml b/heat/templates/secret-db-root.env.yaml new file mode 100644 index 0000000000..f8346a2eab --- /dev/null +++ b/heat/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/heat/values.yaml b/heat/values.yaml index 61ff920eba..f591a396f5 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -30,7 +30,7 @@ labels: images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: docker.io/kolla/ubuntu-source-heat-api:3.0.1 db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1 ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -100,15 +100,6 @@ network: enabled: false port: 30003 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - heat_database_name: heat - heat_password: password - heat_user: heat - messaging: hosts: rabbitmq user: rabbitmq @@ -218,6 +209,20 @@ endpoints: scheme: 'http' port: api: 8003 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: heat + password: password + hosts: + default: mariadb + path: /heat + scheme: mysql+pymysql + port: + mysql: 3306 resources: enabled: false