Merge pull request #289 from portdirect/0.3.0/db-management-job-scripts

feat: replace ansible with PyMySQL for DB Creation
2017-04-06 08:39:05 -05:00 · 2017-04-06 08:39:05 -05:00 · d0a9bd2202
commit d0a9bd2202
parent 2da1aa68f5 c0141e1442
39 changed files with 556 additions and 311 deletions
--- a/cinder/templates/bin/_db-init.sh.tpl
+++ b/cinder/templates/bin/_db-init.sh.tpl
@ -1,36 +0,0 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export HOME=/tmp
 ansible localhost -vvv \
    -m mysql_db -a "login_host='{{ .Values.database.address }}' \
                    login_port='{{ .Values.database.port }}' \
                    login_user='{{ .Values.database.root_user }}' \
                    login_password='{{ .Values.database.root_password }}' \
                    name='{{ .Values.database.cinder_database_name }}'"
 ansible localhost -vvv \
    -m mysql_user -a "login_host='{{ .Values.database.address }}' \
                      login_port='{{ .Values.database.port }}' \
                      login_user='{{ .Values.database.root_user }}' \
                      login_password='{{ .Values.database.root_password }}' \
                      name='{{ .Values.database.cinder_user }}' \
                      password='{{ .Values.database.cinder_password }}' \
                      host='%' \
                      priv='{{ .Values.database.cinder_database_name }}.*:ALL' \
                      append_privs='yes'"
--- a/cinder/templates/bin/_db-sync.sh.tpl
+++ b/cinder/templates/bin/_db-sync.sh.tpl
@ -0,0 +1,19 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 cinder-manage db sync
--- a/cinder/templates/configmap-bin.yaml
+++ b/cinder/templates/configmap-bin.yaml
@ -17,8 +17,10 @@ kind: ConfigMap
 metadata:
  name: cinder-bin
 data:
-  db-init.sh: |+
+  db-init.py: |
-{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- include "helm-toolkit.db_init" . | indent 4 }}
  db-sync.sh: |
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  ks-service.sh: |+
 {{- include "helm-toolkit.keystone_service" . | indent 4 }}
  ks-endpoints.sh: |+
--- a/cinder/templates/etc/_cinder.conf.tpl
+++ b/cinder/templates/etc/_cinder.conf.tpl
@ -40,7 +40,7 @@ os_region_name = {{ .Values.keystone.cinder_region_name }}
 host=cinder-volume-worker
 [database]
-connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }}
+connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
 max_retries = -1
 [keystone_authtoken]
--- a/cinder/templates/job-db-init.yaml
+++ b/cinder/templates/job-db-init.yaml
@ -43,17 +43,37 @@ spec:
              cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }}
          {{- end }}
          env:
-          - name: ANSIBLE_LIBRARY
+            - name: ROOT_DB_CONNECTION
-            value: /usr/share/ansible/
+              valueFrom:
                secretKeyRef:
                  name: cinder-db-root
                  key: DB_CONNECTION
            - name: OPENSTACK_CONFIG_FILE
              value: /etc/cinder/cinder.conf
            - name: OPENSTACK_CONFIG_DB_SECTION
              value: database
            - name: OPENSTACK_CONFIG_DB_KEY
              value: connection
          command:
-            - bash
+            - python
-            - /tmp/db-init.sh
+            - /tmp/db-init.py
          volumeMounts:
-            - name: dbinitsh
+            - name: cinder-bin
-              mountPath: /tmp/db-init.sh
+              mountPath: /tmp/db-init.py
-              subPath: db-init.sh
+              subPath: db-init.py
              readOnly: true
            - name: etccinder
              mountPath: /etc/cinder
            - name: cinderconf
              mountPath: /etc/cinder/cinder.conf
              subPath: cinder.conf
              readOnly: true
      volumes:
-        - name: dbinitsh
+        - name: etccinder
          emptyDir: {}
        - name: cinderconf
          configMap:
            name: cinder-etc
        - name: cinder-bin
          configMap:
            name: cinder-bin
--- a/cinder/templates/job-db-sync.yaml
+++ b/cinder/templates/job-db-sync.yaml
@ -43,22 +43,25 @@ spec:
              cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }}
          {{- end }}
          command:
-            - cinder-manage
+            - bash
-          args:
+            - /tmp/db-sync.sh
            - --config-dir
            - /etc/cinder/conf
            - db
            - sync
          volumeMounts:
-            - name: pod-etc-cinder
+            - name: cinder-bin
              mountPath: /tmp/db-sync.sh
              subPath: db-sync.sh
              readOnly: true
            - name: etccinder
              mountPath: /etc/cinder
-            - name: cinderconf
+            - name: cinderapiconf
-              mountPath: /etc/cinder/conf/cinder.conf
+              mountPath: /etc/cinder/cinder.conf
              subPath: cinder.conf
              readOnly: true
      volumes:
-        - name: pod-etc-cinder
+        - name: etccinder
          emptyDir: {}
-        - name: cinderconf
+        - name: cinderapiconf
          configMap:
            name: cinder-etc
        - name: cinder-bin
          configMap:
            name: cinder-bin
--- a/cinder/templates/secret-db-root.env.yaml
+++ b/cinder/templates/secret-db-root.env.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: cinder-db-root
 type: Opaque
 data:
  DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -27,15 +27,15 @@ labels:
  node_selector_value: enabled
 images:
-  dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
+  db_init: quay.io/stackanetes/stackanetes-cinder-api:newton
  db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
  ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
  api: quay.io/stackanetes/stackanetes-cinder-api:newton
  scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
  volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
  dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
  pull_policy: "IfNotPresent"
 upgrades:
@ -69,15 +69,6 @@ network:
      enabled: false
      port: 30877
 database:
  address: mariadb
  port: 3306
  root_user: root
  root_password: password
  cinder_database_name: cinder
  cinder_password: password
  cinder_user: cinder
 ceph:
  enabled: true
  monitors: []
@ -203,6 +194,20 @@ endpoints:
    scheme: 'http'
    port:
      api: 8776
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      user:
        username: cinder
        password: password
    hosts:
      default: mariadb
    path: /cinder
    scheme: mysql+pymysql
    port:
      mysql: 3306
 resources:
  enabled: false
--- a/glance/templates/bin/_db-sync.sh.tpl
+++ b/glance/templates/bin/_db-sync.sh.tpl
@ -0,0 +1,19 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 glance-manage db_sync
--- a/glance/templates/bin/_init.sh.tpl
+++ b/glance/templates/bin/_init.sh.tpl
@ -1,32 +0,0 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export HOME=/tmp
 ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
 login_port='{{ .Values.database.port }}' \
 login_user='{{ .Values.database.root_user }}' \
 login_password='{{ .Values.database.root_password }}' \
 name='{{ .Values.database.glance_database_name }}'"
 ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
 login_port='{{ .Values.database.port }}' \
 login_user='{{ .Values.database.root_user }}' \
 login_password='{{ .Values.database.root_password }}' \
 name='{{ .Values.database.glance_user }}' \
 password='{{ .Values.database.glance_password }}' \
 host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"
--- a/glance/templates/configmap-bin.yaml
+++ b/glance/templates/configmap-bin.yaml
@ -17,8 +17,10 @@ kind: ConfigMap
 metadata:
  name: glance-bin
 data:
-  init.sh: |+
+  db-init.py: |
-{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- include "helm-toolkit.db_init" . | indent 4 }}
  db-sync.sh: |
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  ks-service.sh: |+
 {{- include "helm-toolkit.keystone_service" . | indent 4 }}
  ks-endpoints.sh: |+
--- a/glance/templates/etc/_glance-api.conf.tpl
+++ b/glance/templates/etc/_glance-api.conf.tpl
@ -24,7 +24,7 @@ registry_host = glance-registry
 show_image_direct_url = True
 [database]
-connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
+connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
 max_retries = -1
 [keystone_authtoken]
--- a/glance/templates/etc/_glance-registry.conf.tpl
+++ b/glance/templates/etc/_glance-registry.conf.tpl
@ -21,7 +21,7 @@ bind_port = {{ .Values.network.registry.port }}
 workers = {{ .Values.misc.workers }}
 [database]
-connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
+connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
 max_retries = -1
 [keystone_authtoken]
--- a/glance/templates/job-db-init.yaml
+++ b/glance/templates/job-db-init.yaml
@ -43,16 +43,37 @@ spec:
              memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
          {{- end }}
          env:
-          - name: ANSIBLE_LIBRARY
+            - name: ROOT_DB_CONNECTION
-            value: /usr/share/ansible/
+              valueFrom:
                secretKeyRef:
                  name: glance-db-root
                  key: DB_CONNECTION
            - name: OPENSTACK_CONFIG_FILE
              value: /etc/glance/glance-api.conf
            - name: OPENSTACK_CONFIG_DB_SECTION
              value: database
            - name: OPENSTACK_CONFIG_DB_KEY
              value: connection
          command:
-            - bash
+            - python
-            - /tmp/init.sh
+            - /tmp/db-init.py
          volumeMounts:
-            - name: initsh
+            - name: glance-bin
-              mountPath: /tmp/init.sh
+              mountPath: /tmp/db-init.py
-              subPath: init.sh
+              subPath: db-init.py
              readOnly: true
            - name: etcglance
              mountPath: /etc/glance
            - name: glanceapiconf
              mountPath: /etc/glance/glance-api.conf
              subPath: glance-api.conf
              readOnly: true
      volumes:
-        - name: initsh
+        - name: etcglance
          emptyDir: {}
        - name: glanceapiconf
          configMap:
            name: glance-etc
        - name: glance-bin
          configMap:
            name: glance-bin
--- a/glance/templates/job-db-sync.yaml
+++ b/glance/templates/job-db-sync.yaml
@ -43,13 +43,25 @@ spec:
              memory: {{ .Values.resources.jobs.db.requests.memory | quote }}
          {{- end }}
          command:
-            - glance-manage
+            - bash
-            - db_sync
+            - /tmp/db-sync.sh
          volumeMounts:
            - name: glance-bin
              mountPath: /tmp/db-sync.sh
              subPath: db-sync.sh
              readOnly: true
            - name: etcglance
              mountPath: /etc/glance
            - name: glanceapiconf
              mountPath: /etc/glance/glance-api.conf
              subPath: glance-api.conf
              readOnly: true
      volumes:
        - name: etcglance
          emptyDir: {}
        - name: glanceapiconf
          configMap:
            name: glance-etc
        - name: glance-bin
          configMap:
            name: glance-bin
--- a/glance/templates/secret-db-root.env.yaml
+++ b/glance/templates/secret-db-root.env.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: glance-db-root
 type: Opaque
 data:
  DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -30,7 +30,7 @@ labels:
  node_selector_value: enabled
 images:
-  db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+  db_init: quay.io/stackanetes/stackanetes-glance-api:newton
  db_sync: quay.io/stackanetes/stackanetes-glance-api:newton
  ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -77,15 +77,6 @@ network:
      enabled: false
      port: 30091
 database:
  address: mariadb
  port: 3306
  root_user: root
  root_password: password
  glance_database_name: glance
  glance_password: password
  glance_user: glance
 ceph:
  enabled: true
  monitors: []
@ -201,3 +192,17 @@ endpoints:
    port:
      api: 9292
      registry: 9191
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      user:
        username: glance
        password: password
    hosts:
      default: mariadb
    path: /glance
    scheme: mysql+pymysql
    port:
      mysql: 3306
--- a/heat/templates/bin/_db-init.sh.tpl
+++ b/heat/templates/bin/_db-init.sh.tpl
@ -1,36 +0,0 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export HOME=/tmp
 ansible localhost -vvv \
    -m mysql_db -a "login_host='{{ .Values.database.address }}' \
                    login_port='{{ .Values.database.port }}' \
                    login_user='{{ .Values.database.root_user }}' \
                    login_password='{{ .Values.database.root_password }}' \
                    name='{{ .Values.database.heat_database_name }}'"
 ansible localhost -vvv \
    -m mysql_user -a "login_host='{{ .Values.database.address }}' \
                      login_port='{{ .Values.database.port }}' \
                      login_user='{{ .Values.database.root_user }}' \
                      login_password='{{ .Values.database.root_password }}' \
                      name='{{ .Values.database.heat_user }}' \
                      password='{{ .Values.database.heat_password }}' \
                      host='%' \
                      priv='{{ .Values.database.heat_database_name }}.*:ALL' \
                      append_privs='yes'"
--- a/heat/templates/bin/_db-sync.sh.tpl
+++ b/heat/templates/bin/_db-sync.sh.tpl
@ -0,0 +1,19 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 heat-manage db_sync
--- a/heat/templates/configmap-bin.yaml
+++ b/heat/templates/configmap-bin.yaml
@ -17,8 +17,10 @@ kind: ConfigMap
 metadata:
  name: heat-bin
 data:
-  db-init.sh: |+
+  db-init.py: |
-{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- include "helm-toolkit.db_init" . | indent 4 }}
  db-sync.sh: |
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  ks-service.sh: |+
 {{- include "helm-toolkit.keystone_service" . | indent 4 }}
  ks-endpoints.sh: |+
--- a/heat/templates/etc/_heat.conf.tpl
+++ b/heat/templates/etc/_heat.conf.tpl
@ -40,7 +40,7 @@ backend = oslo_cache.memcache_pool
 memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}"
 [database]
-connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }}
+connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
 max_retries = -1
 [keystone_authtoken]
--- a/heat/templates/job-db-init.yaml
+++ b/heat/templates/job-db-init.yaml
@ -43,17 +43,37 @@ spec:
              cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }}
          {{- end }}
          env:
-          - name: ANSIBLE_LIBRARY
+            - name: ROOT_DB_CONNECTION
-            value: /usr/share/ansible/
+              valueFrom:
                secretKeyRef:
                  name: heat-db-root
                  key: DB_CONNECTION
            - name: OPENSTACK_CONFIG_FILE
              value: /etc/heat/heat.conf
            - name: OPENSTACK_CONFIG_DB_SECTION
              value: database
            - name: OPENSTACK_CONFIG_DB_KEY
              value: connection
          command:
-            - bash
+            - python
-            - /tmp/db-init.sh
+            - /tmp/db-init.py
          volumeMounts:
-            - name: dbinitsh
+            - name: heat-bin
-              mountPath: /tmp/db-init.sh
+              mountPath: /tmp/db-init.py
-              subPath: db-init.sh
+              subPath: db-init.py
              readOnly: true
            - name: etcheat
              mountPath: /etc/heat
            - name: heatapiconf
              mountPath: /etc/heat/heat.conf
              subPath: heat.conf
              readOnly: true
      volumes:
-        - name: dbinitsh
+        - name: etcheat
          emptyDir: {}
        - name: heatapiconf
          configMap:
            name: heat-etc
        - name: heat-bin
          configMap:
            name: heat-bin
--- a/heat/templates/job-db-sync.yaml
+++ b/heat/templates/job-db-sync.yaml
@ -43,21 +43,25 @@ spec:
              cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }}
          {{- end }}
          command:
-            - heat-manage
+            - bash
-          args:
+            - /tmp/db-sync.sh
            - --config-dir
            - /etc/heat/conf
            - db_sync
          volumeMounts:
-            - name: pod-etc-heat
+            - name: heat-bin
              mountPath: /tmp/db-sync.sh
              subPath: db-sync.sh
              readOnly: true
            - name: etcheat
              mountPath: /etc/heat
-            - name: heatconf
+            - name: heatapiconf
-              mountPath: /etc/heat/conf/heat.conf
+              mountPath: /etc/heat/heat.conf
              subPath: heat.conf
              readOnly: true
      volumes:
-        - name: pod-etc-heat
+        - name: etcheat
          emptyDir: {}
-        - name: heatconf
+        - name: heatapiconf
          configMap:
            name: heat-etc
        - name: heat-bin
          configMap:
            name: heat-bin
--- a/heat/templates/secret-db-root.env.yaml
+++ b/heat/templates/secret-db-root.env.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: heat-db-root
 type: Opaque
 data:
  DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -30,7 +30,7 @@ labels:
 images:
  dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
-  db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+  db_init: docker.io/kolla/ubuntu-source-heat-api:3.0.1
  db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1
  ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -100,15 +100,6 @@ network:
      enabled: false
      port: 30003
 database:
  address: mariadb
  port: 3306
  root_user: root
  root_password: password
  heat_database_name: heat
  heat_password: password
  heat_user: heat
 messaging:
  hosts: rabbitmq
  user: rabbitmq
@ -218,6 +209,20 @@ endpoints:
    scheme: 'http'
    port:
      api: 8003
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      user:
        username: heat
        password: password
    hosts:
      default: mariadb
    path: /heat
    scheme: mysql+pymysql
    port:
      mysql: 3306
 resources:
  enabled: false
--- a/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/helm-toolkit/templates/scripts/_db-init.py.tpl
@ -0,0 +1,147 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 {{- define "helm-toolkit.db_init" }}
 #!/usr/bin/env python
 # Creates db and user for an OpenStack Service:
 # Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain
 # SQLAlchemy strings for the root connection to the database and the one you
 # wish the service to use. Alternatively, you can use an ini formatted config
 # at the location specified by OPENSTACK_CONFIG_FILE, and extract the string
 # from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by
 # OPENSTACK_CONFIG_DB_SECTION.
 import os
 import sys
 import ConfigParser
 import logging
 from sqlalchemy import create_engine
 # Create logger, console handler and formatter
 logger = logging.getLogger('OpenStack-Helm DB Init')
 logger.setLevel(logging.DEBUG)
 ch = logging.StreamHandler()
 ch.setLevel(logging.DEBUG)
 formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
 # Set the formatter and add the handler
 ch.setFormatter(formatter)
 logger.addHandler(ch)
 # Get the connection string for the service db root user
 if "ROOT_DB_CONNECTION" in os.environ:
    db_connection = os.environ['ROOT_DB_CONNECTION']
    logger.info('Got DB root connection')
 else:
    logger.critical('environment variable ROOT_DB_CONNECTION not set')
    sys.exit(1)
 # Get the connection string for the service db
 if "OPENSTACK_CONFIG_FILE" in os.environ:
    try:
        os_conf = os.environ['OPENSTACK_CONFIG_FILE']
        if "OPENSTACK_CONFIG_DB_SECTION" in os.environ:
            os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION']
        else:
            logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set')
            sys.exit(1)
        if "OPENSTACK_CONFIG_DB_KEY" in os.environ:
            os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY']
        else:
            logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set')
            sys.exit(1)
        config = ConfigParser.RawConfigParser()
        logger.info("Using {0} as db config source".format(os_conf))
        config.read(os_conf)
        logger.info("Trying to load db config from {0}:{1}".format(
            os_conf_section, os_conf_key))
        user_db_conn = config.get(os_conf_section, os_conf_key)
        logger.info("Got config from {0}".format(os_conf))
    except:
        logger.critical("Tried to load config from {0} but failed.".format(os_conf))
        sys.exit(1)
 elif "DB_CONNECTION" in os.environ:
    user_db_conn = os.environ['DB_CONNECTION']
    logger.info('Got config from DB_CONNECTION env var')
 else:
    logger.critical('Could not get db config, either from config file or env var')
    sys.exit(1)
 # Root DB engine
 try:
    root_engine_full = create_engine(db_connection)
    root_user = root_engine_full.url.username
    root_password = root_engine_full.url.password
    drivername = root_engine_full.url.drivername
    host = root_engine_full.url.host
    port = root_engine_full.url.port
    root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
    root_engine = create_engine(root_engine_url)
    connection = root_engine.connect()
    connection.close()
    logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
        host, port, root_user))
 except:
    logger.critical('Could not connect to database as root user')
    raise
    sys.exit(1)
 # User DB engine
 try:
    user_engine = create_engine(user_db_conn)
    # Get our user data out of the user_engine
    database = user_engine.url.database
    user = user_engine.url.username
    password = user_engine.url.password
    logger.info('Got user db config')
 except:
    logger.critical('Could not get user database config')
    raise
    sys.exit(1)
 # Create DB
 try:
    root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
    logger.info("Created database {0}".format(database))
 except:
    logger.critical("Could not create database {0}".format(database))
    raise
    sys.exit(1)
 # Create DB User
 try:
    root_engine.execute(
        "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format(
            database, user, password))
    logger.info("Created user {0} for {1}".format(user, database))
 except:
    logger.critical("Could not create user {0} for {1}".format(user, database))
    raise
    sys.exit(1)
 # Test connection
 try:
    connection = user_engine.connect()
    connection.close()
    logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format(
        host, port, database, user))
 except:
    logger.critical('Could not connect to database as user')
    raise
    sys.exit(1)
 logger.info('Finished DB Management')
 {{- end }}
--- a/keystone/templates/bin/_init.sh.tpl
+++ b/keystone/templates/bin/_init.sh.tpl
@ -1,36 +0,0 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export HOME=/tmp
 ansible localhost -vvv \
  -m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
                  login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
                  login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
                  login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
                  name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'"
 ansible localhost -vvv \
  -m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
                    login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
                    login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
                    login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
                    name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \
                    password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \
                    host='%' \
                    priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \
                    append_privs='yes'"
--- a/keystone/templates/configmap-bin.yaml
+++ b/keystone/templates/configmap-bin.yaml
@ -19,9 +19,9 @@ kind: ConfigMap
 metadata:
  name: keystone-bin
 data:
  db-init.py: |
 {{- include "helm-toolkit.db_init" . | indent 4 }}
  db-sync.sh: |
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  init.sh: |
 {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  start.sh: |
 {{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
--- a/keystone/templates/job-db-init.yaml
+++ b/keystone/templates/job-db-init.yaml
@ -45,11 +45,22 @@ spec:
              cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
              memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
          {{- end }}
          env:
            - name: ROOT_DB_CONNECTION
              valueFrom:
                secretKeyRef:
                  name: keystone-db-root
                  key: DB_CONNECTION
            - name: OPENSTACK_CONFIG_FILE
              value: /etc/keystone/keystone.conf
            - name: OPENSTACK_CONFIG_DB_SECTION
              value: database
            - name: OPENSTACK_CONFIG_DB_KEY
              value: connection
          command:
-            - bash
+            - python
-            - /tmp/init.sh
+            - /tmp/db-init.py
          volumeMounts:
 {{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
      volumes:
 {{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}
--- a/keystone/templates/secret-db-root.env.yaml
+++ b/keystone/templates/secret-db-root.env.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: keystone-db-root
 type: Opaque
 data:
  DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -24,7 +24,7 @@ labels:
  node_selector_value: enabled
 images:
-  db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+  db_init: quay.io/stackanetes/stackanetes-keystone-api:newton
  db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
  api: quay.io/stackanetes/stackanetes-keystone-api:newton
  dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
@ -108,13 +108,25 @@ mounts:
    init_container: null
    keystone_db_init:
      volumes:
      - name: empty
        emptyDir: {}
      - name: keystone-etc
        configMap:
          name: keystone-etc
      - name: keystone-bin
        configMap:
          name: keystone-bin
      volumeMounts:
      - name: empty
        mountPath: /etc/keystone
      - name: keystone-etc
        mountPath: /etc/keystone/keystone.conf
        subPath: keystone.conf
        readOnly: true
      - name: keystone-bin
-        mountPath: /tmp/init.sh
+        mountPath: /tmp/db-init.py
-        subPath: init.sh
+        subPath: db-init.py
        readOnly: true
  keystone_db_sync:
    init_container: null
    keystone_db_sync:
--- a/neutron/templates/bin/_db-sync.sh.tpl
+++ b/neutron/templates/bin/_db-sync.sh.tpl
@ -0,0 +1,22 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 neutron-db-manage \
  --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2-conf.ini \
  upgrade head
--- a/neutron/templates/bin/_init.sh.tpl
+++ b/neutron/templates/bin/_init.sh.tpl
@ -1,33 +0,0 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -ex
 export HOME=/tmp
 ansible localhost -vvv -m mysql_db -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \
 login_port='{{ .Values.database.port }}' \
 login_user='{{ .Values.database.root_user }}' \
 login_password='{{ .Values.database.root_password }}' \
 name='{{ .Values.database.neutron_database_name }}'"
 ansible localhost -vvv -m mysql_user -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \
 login_port='{{ .Values.database.port }}' \
 login_user='{{ .Values.database.root_user }}' \
 login_password='{{ .Values.database.root_password }}' \
 name='{{ .Values.database.neutron_user }}' \
 password='{{ .Values.database.neutron_password }}' \
 host='%' \
 priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'"
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -17,14 +17,16 @@ kind: ConfigMap
 metadata:
  name: neutron-bin
 data:
  db-init.py: |
 {{- include "helm-toolkit.db_init" . | indent 4 }}
  db-sync.sh: |
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  ks-service.sh: |+
 {{- include "helm-toolkit.keystone_service" . | indent 4 }}
  ks-endpoints.sh: |+
 {{- include "helm-toolkit.keystone_endpoints" . | indent 4 }}
  ks-user.sh: |+
 {{- include "helm-toolkit.keystone_user" . | indent 4 }}
  init.sh: |
 {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  neutron-openvswitch-agent.sh: |
 {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
  openvswitch-db-server.sh: |
--- a/neutron/templates/etc/_neutron.conf.tpl
+++ b/neutron/templates/etc/_neutron.conf.tpl
@ -70,7 +70,7 @@ l2_population = true
 arp_responder = true
 [database]
-connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "helm-toolkit.mariadb_host" . }}/{{ .Values.database.neutron_database_name }}
+connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
 max_retries = -1
 [keystone_authtoken]
--- a/neutron/templates/job-db-init.yaml
+++ b/neutron/templates/job-db-init.yaml
@ -33,14 +33,38 @@ spec:
        - name: neutron-db-init
          image: {{ .Values.images.db_init }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
          env:
            - name: ROOT_DB_CONNECTION
              valueFrom:
                secretKeyRef:
                  name: neutron-db-root
                  key: DB_CONNECTION
            - name: OPENSTACK_CONFIG_FILE
              value: /etc/neutron/neutron.conf
            - name: OPENSTACK_CONFIG_DB_SECTION
              value: database
            - name: OPENSTACK_CONFIG_DB_KEY
              value: connection
          command:
-            - bash
+            - python
-            - /tmp/init.sh
+            - /tmp/db-init.py
          volumeMounts:
-            - name: initsh
+            - name: neutron-bin
-              mountPath: /tmp/init.sh
+              mountPath: /tmp/db-init.py
-              subPath: init.sh
+              subPath: db-init.py
              readOnly: true
            - name: etcneutron
              mountPath: /etc/neutron
            - name: neutronconf
              mountPath: /etc/neutron/neutron.conf
              subPath: neutron.conf
              readOnly: true
      volumes:
-        - name: initsh
+        - name: etcneutron
          emptyDir: {}
        - name: neutronconf
          configMap:
            name: neutron-etc
        - name: neutron-bin
          configMap:
            name: neutron-bin
--- a/neutron/templates/job-db-sync.yaml
+++ b/neutron/templates/job-db-sync.yaml
@ -33,14 +33,6 @@ spec:
        - name: neutron-db-sync
          image: {{ .Values.images.db_sync }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
          command:
            - neutron-db-manage
            - --config-file
            - /etc/neutron/neutron.conf
            - --config-file
            - /etc/neutron/plugins/ml2/ml2-conf.ini
            - upgrade
            - head
          {{- if .Values.resources.enabled }}
          resources:
            limits:
@ -50,21 +42,30 @@ spec:
              cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
              memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
          {{- end }}
          command:
            - bash
            - /tmp/db-sync.sh
          volumeMounts:
-            - name: pod-etc-neutron
+            - name: neutron-bin
              mountPath: /tmp/db-sync.sh
              subPath: db-sync.sh
              readOnly: true
            - name: etcneutron
              mountPath: /etc/neutron
            - name: neutronconf
              mountPath: /etc/neutron/neutron.conf
              subPath: neutron.conf
-            - name: ml2confini
+              readOnly: true
            - name: neutronconf
              mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
              subPath: ml2-conf.ini
              readOnly: true
      volumes:
-        - name: pod-etc-neutron
+        - name: etcneutron
          emptyDir: {}
        - name: neutronconf
          configMap:
            name: neutron-etc
-        - name: ml2confini
+        - name: neutron-bin
          configMap:
-            name: neutron-etc
+            name: neutron-bin
--- a/neutron/templates/secret-db-root.env.yaml
+++ b/neutron/templates/secret-db-root.env.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: neutron-db-root
 type: Opaque
 data:
  DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -21,7 +21,7 @@ replicas:
  server: 1
 images:
-  db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+  db_init: quay.io/stackanetes/stackanetes-neutron-server:newton
  db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton
  ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
  ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -122,14 +122,6 @@ keystone:
  nova_project_domain: "default"
  nova_region_name: "RegionOne"
 database:
  port: 3306
  root_user: root
  root_password: password
  neutron_database_name: neutron
  neutron_password: password
  neutron_user: neutron
 metadata_agent:
  default:
    debug: 'True'
@ -336,3 +328,17 @@ endpoints:
    scheme: 'http'
    port:
      api: 9696
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      user:
        username: neutron
        password: password
    hosts:
      default: mariadb
    path: /neutron
    scheme: mysql+pymysql
    port:
      mysql: 3306