openstack/openstack-helm
Code Issues Proposed changes

Merge pull request #289 from portdirect/0.3.0/db-management-job-scripts

Browse Source 
feat: replace ansible with PyMySQL for DB Creation
This commit is contained in:
wilkers-steve 2017-04-06 08:39:05 -05:00 committed by GitHub
commit d0a9bd2202
39 changed files with 556 additions and 311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cinder/templates/bin/_db-init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.cinder_database_name }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.cinder_user }}' \
password='{{ .Values.database.cinder_password }}' \
host='%' \
priv='{{ .Values.database.cinder_database_name }}.*:ALL' \
append_privs='yes'"

19
cinder/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
cinder-manage db sync

6
cinder/templates/configmap-bin.yaml
View File

@ -17,8 +17,10 @@ kind: ConfigMap
metadata:
name: cinder-bin
data:
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+

2
cinder/templates/etc/_cinder.conf.tpl
View File

@ -40,7 +40,7 @@ os_region_name = {{ .Values.keystone.cinder_region_name }}
host=cinder-volume-worker
[database]
connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

36
cinder/templates/job-db-init.yaml
View File

@ -43,17 +43,37 @@ spec:
cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: cinder-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/cinder/cinder.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/db-init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: dbinitsh
mountPath: /tmp/db-init.sh
subPath: db-init.sh
- name: cinder-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etccinder
mountPath: /etc/cinder
- name: cinderconf
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
readOnly: true
volumes:
- name: dbinitsh
- name: etccinder
emptyDir: {}
- name: cinderconf
configMap:
name: cinder-etc
- name: cinder-bin
configMap:
name: cinder-bin

25
cinder/templates/job-db-sync.yaml
View File

@ -43,22 +43,25 @@ spec:
cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }}
{{- end }}
command:
- cinder-manage
args:
- --config-dir
- /etc/cinder/conf
- db
- sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: pod-etc-cinder
- name: cinder-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etccinder
mountPath: /etc/cinder
- name: cinderconf
mountPath: /etc/cinder/conf/cinder.conf
- name: cinderapiconf
mountPath: /etc/cinder/cinder.conf
subPath: cinder.conf
readOnly: true
volumes:
- name: pod-etc-cinder
- name: etccinder
emptyDir: {}
- name: cinderconf
- name: cinderapiconf
configMap:
name: cinder-etc
- name: cinder-bin
configMap:
name: cinder-bin

7
cinder/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: cinder-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

29
cinder/values.yaml
View File

@ -27,15 +27,15 @@ labels:
node_selector_value: enabled
images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
db_init: quay.io/stackanetes/stackanetes-cinder-api:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
api: quay.io/stackanetes/stackanetes-cinder-api:newton
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
pull_policy: "IfNotPresent"
upgrades:
@ -69,15 +69,6 @@ network:
enabled: false
port: 30877
database:
address: mariadb
port: 3306
root_user: root
root_password: password
cinder_database_name: cinder
cinder_password: password
cinder_user: cinder
ceph:
enabled: true
monitors: []
@ -203,6 +194,20 @@ endpoints:
scheme: 'http'
port:
api: 8776
oslo_db:
auth:
admin:
username: root
password: password
user:
username: cinder
password: password
hosts:
default: mariadb
path: /cinder
scheme: mysql+pymysql
port:
mysql: 3306
resources:
enabled: false

19
glance/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
glance-manage db_sync

32
glance/templates/bin/_init.sh.tpl
View File

@ -1,32 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_database_name }}'"
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_user }}' \
password='{{ .Values.database.glance_password }}' \
host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"

6
glance/templates/configmap-bin.yaml
View File

@ -17,8 +17,10 @@ kind: ConfigMap
metadata:
name: glance-bin
data:
init.sh: |+
{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+

2
glance/templates/etc/_glance-api.conf.tpl
View File

@ -24,7 +24,7 @@ registry_host = glance-registry
show_image_direct_url = True
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

2
glance/templates/etc/_glance-registry.conf.tpl
View File

@ -21,7 +21,7 @@ bind_port = {{ .Values.network.registry.port }}
workers = {{ .Values.misc.workers }}
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

37
glance/templates/job-db-init.yaml
View File

@ -43,16 +43,37 @@ spec:
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: glance-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/glance/glance-api.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: initsh
mountPath: /tmp/init.sh
subPath: init.sh
- name: glance-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etcglance
mountPath: /etc/glance
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
volumes:
- name: initsh
- name: etcglance
emptyDir: {}
- name: glanceapiconf
configMap:
name: glance-etc
- name: glance-bin
configMap:
name: glance-bin

16
glance/templates/job-db-sync.yaml
View File

@ -43,13 +43,25 @@ spec:
memory: {{ .Values.resources.jobs.db.requests.memory | quote }}
{{- end }}
command:
- glance-manage
- db_sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: glance-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcglance
mountPath: /etc/glance
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
volumes:
- name: etcglance
emptyDir: {}
- name: glanceapiconf
configMap:
name: glance-etc
- name: glance-bin
configMap:
name: glance-bin

7
glance/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: glance-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

25
glance/values.yaml
View File

@ -30,7 +30,7 @@ labels:
node_selector_value: enabled
images:
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-glance-api:newton
db_sync: quay.io/stackanetes/stackanetes-glance-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -77,15 +77,6 @@ network:
enabled: false
port: 30091
database:
address: mariadb
port: 3306
root_user: root
root_password: password
glance_database_name: glance
glance_password: password
glance_user: glance
ceph:
enabled: true
monitors: []
@ -201,3 +192,17 @@ endpoints:
port:
api: 9292
registry: 9191
oslo_db:
auth:
admin:
username: root
password: password
user:
username: glance
password: password
hosts:
default: mariadb
path: /glance
scheme: mysql+pymysql
port:
mysql: 3306

36
heat/templates/bin/_db-init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.heat_database_name }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.heat_user }}' \
password='{{ .Values.database.heat_password }}' \
host='%' \
priv='{{ .Values.database.heat_database_name }}.*:ALL' \
append_privs='yes'"

19
heat/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
heat-manage db_sync

6
heat/templates/configmap-bin.yaml
View File

@ -17,8 +17,10 @@ kind: ConfigMap
metadata:
name: heat-bin
data:
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+

2
heat/templates/etc/_heat.conf.tpl
View File

@ -40,7 +40,7 @@ backend = oslo_cache.memcache_pool
memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}"
[database]
connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

36
heat/templates/job-db-init.yaml
View File

@ -43,17 +43,37 @@ spec:
cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }}
{{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: heat-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/heat/heat.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/db-init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: dbinitsh
mountPath: /tmp/db-init.sh
subPath: db-init.sh
- name: heat-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etcheat
mountPath: /etc/heat
- name: heatapiconf
mountPath: /etc/heat/heat.conf
subPath: heat.conf
readOnly: true
volumes:
- name: dbinitsh
- name: etcheat
emptyDir: {}
- name: heatapiconf
configMap:
name: heat-etc
- name: heat-bin
configMap:
name: heat-bin

24
heat/templates/job-db-sync.yaml
View File

@ -43,21 +43,25 @@ spec:
cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }}
{{- end }}
command:
- heat-manage
args:
- --config-dir
- /etc/heat/conf
- db_sync
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: pod-etc-heat
- name: heat-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcheat
mountPath: /etc/heat
- name: heatconf
mountPath: /etc/heat/conf/heat.conf
- name: heatapiconf
mountPath: /etc/heat/heat.conf
subPath: heat.conf
readOnly: true
volumes:
- name: pod-etc-heat
- name: etcheat
emptyDir: {}
- name: heatconf
- name: heatapiconf
configMap:
name: heat-etc
- name: heat-bin
configMap:
name: heat-bin

7
heat/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: heat-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

25
heat/values.yaml
View File

@ -30,7 +30,7 @@ labels:
images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: docker.io/kolla/ubuntu-source-heat-api:3.0.1
db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -100,15 +100,6 @@ network:
enabled: false
port: 30003
database:
address: mariadb
port: 3306
root_user: root
root_password: password
heat_database_name: heat
heat_password: password
heat_user: heat
messaging:
hosts: rabbitmq
user: rabbitmq
@ -218,6 +209,20 @@ endpoints:
scheme: 'http'
port:
api: 8003
oslo_db:
auth:
admin:
username: root
password: password
user:
username: heat
password: password
hosts:
default: mariadb
path: /heat
scheme: mysql+pymysql
port:
mysql: 3306
resources:
enabled: false

147
helm-toolkit/templates/scripts/_db-init.py.tpl Normal file
View File

@ -0,0 +1,147 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- define "helm-toolkit.db_init" }}
#!/usr/bin/env python
# Creates db and user for an OpenStack Service:
# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain
# SQLAlchemy strings for the root connection to the database and the one you
# wish the service to use. Alternatively, you can use an ini formatted config
# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string
# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by
# OPENSTACK_CONFIG_DB_SECTION.
import os
import sys
import ConfigParser
import logging
from sqlalchemy import create_engine
# Create logger, console handler and formatter
logger = logging.getLogger('OpenStack-Helm DB Init')
logger.setLevel(logging.DEBUG)
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
# Set the formatter and add the handler
ch.setFormatter(formatter)
logger.addHandler(ch)
# Get the connection string for the service db root user
if "ROOT_DB_CONNECTION" in os.environ:
db_connection = os.environ['ROOT_DB_CONNECTION']
logger.info('Got DB root connection')
else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
try:
os_conf = os.environ['OPENSTACK_CONFIG_FILE']
if "OPENSTACK_CONFIG_DB_SECTION" in os.environ:
os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set')
sys.exit(1)
if "OPENSTACK_CONFIG_DB_KEY" in os.environ:
os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set')
sys.exit(1)
config = ConfigParser.RawConfigParser()
logger.info("Using {0} as db config source".format(os_conf))
config.read(os_conf)
logger.info("Trying to load db config from {0}:{1}".format(
os_conf_section, os_conf_key))
user_db_conn = config.get(os_conf_section, os_conf_key)
logger.info("Got config from {0}".format(os_conf))
except:
logger.critical("Tried to load config from {0} but failed.".format(os_conf))
sys.exit(1)
elif "DB_CONNECTION" in os.environ:
user_db_conn = os.environ['DB_CONNECTION']
logger.info('Got config from DB_CONNECTION env var')
else:
logger.critical('Could not get db config, either from config file or env var')
sys.exit(1)
# Root DB engine
try:
root_engine_full = create_engine(db_connection)
root_user = root_engine_full.url.username
root_password = root_engine_full.url.password
drivername = root_engine_full.url.drivername
host = root_engine_full.url.host
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
host, port, root_user))
except:
logger.critical('Could not connect to database as root user')
raise
sys.exit(1)
# User DB engine
try:
user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
password = user_engine.url.password
logger.info('Got user db config')
except:
logger.critical('Could not get user database config')
raise
sys.exit(1)
# Create DB
try:
root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
logger.info("Created database {0}".format(database))
except:
logger.critical("Could not create database {0}".format(database))
raise
sys.exit(1)
# Create DB User
try:
root_engine.execute(
"GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format(
database, user, password))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
raise
sys.exit(1)
# Test connection
try:
connection = user_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format(
host, port, database, user))
except:
logger.critical('Could not connect to database as user')
raise
sys.exit(1)
logger.info('Finished DB Management')
{{- end }}

36
keystone/templates/bin/_init.sh.tpl
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv \
-m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'"
ansible localhost -vvv \
-m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \
login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \
login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \
login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \
name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \
password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \
host='%' \
priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \
append_privs='yes'"

4
keystone/templates/configmap-bin.yaml
View File

@ -19,9 +19,9 @@ kind: ConfigMap
metadata:
name: keystone-bin
data:
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
init.sh: |
{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}

21
keystone/templates/job-db-init.yaml
View File

@ -36,7 +36,7 @@ spec:
- name: keystone-db-init
image: {{ .Values.images.db_init }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.resources.enabled }}
{{- if .Values.resources.enabled }}
resources:
limits:
cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
@ -45,11 +45,22 @@ spec:
cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
{{- end }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: keystone-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/keystone/keystone.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/init.sh
volumeMounts:
- python
- /tmp/db-init.py
volumeMounts:
{{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
volumes:
{{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}

7
keystone/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: keystone-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

34
keystone/values.yaml
View File

@ -24,7 +24,7 @@ labels:
node_selector_value: enabled
images:
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-keystone-api:newton
db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
api: quay.io/stackanetes/stackanetes-keystone-api:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1
@ -106,15 +106,27 @@ resources:
mounts:
keystone_db_init:
init_container: null
keystone_db_init:
keystone_db_init:
volumes:
- name: empty
emptyDir: {}
- name: keystone-etc
configMap:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
- name: keystone-etc
mountPath: /etc/keystone/keystone.conf
subPath: keystone.conf
readOnly: true
- name: keystone-bin
mountPath: /tmp/init.sh
subPath: init.sh
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
keystone_db_sync:
init_container: null
keystone_db_sync:
@ -126,7 +138,7 @@ mounts:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
@ -137,7 +149,7 @@ mounts:
- name: keystone-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
readOnly: true
keystone_api:
init_container: null
keystone_api:
@ -149,7 +161,7 @@ mounts:
name: keystone-etc
- name: keystone-bin
configMap:
name: keystone-bin
name: keystone-bin
volumeMounts:
- name: empty
mountPath: /etc/keystone
@ -180,7 +192,7 @@ mounts:
- name: keystone-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
readOnly: true
conf:
paste:
@ -192,7 +204,7 @@ conf:
keystone:
override:
append:
token:
token:
keystone:
provider: uuid
database:
@ -240,7 +252,7 @@ endpoints:
path: /openstack
scheme: rabbit
port:
amqp: 5672
amqp: 5672
oslo_cache:
hosts:
default: memcache

22
neutron/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2-conf.ini \
upgrade head

33
neutron/templates/bin/_init.sh.tpl
View File

@ -1,33 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
export HOME=/tmp
ansible localhost -vvv -m mysql_db -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.neutron_database_name }}'"
ansible localhost -vvv -m mysql_user -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.neutron_user }}' \
password='{{ .Values.database.neutron_password }}' \
host='%' \
priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'"

6
neutron/templates/configmap-bin.yaml
View File

@ -17,14 +17,16 @@ kind: ConfigMap
metadata:
name: neutron-bin
data:
db-init.py: |
{{- include "helm-toolkit.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+
{{- include "helm-toolkit.keystone_endpoints" . | indent 4 }}
ks-user.sh: |+
{{- include "helm-toolkit.keystone_user" . | indent 4 }}
init.sh: |
{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
neutron-openvswitch-agent.sh: |
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.template" | indent 4 }}
openvswitch-db-server.sh: |

2
neutron/templates/etc/_neutron.conf.tpl
View File

@ -70,7 +70,7 @@ l2_population = true
arp_responder = true
[database]
connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "helm-toolkit.mariadb_host" . }}/{{ .Values.database.neutron_database_name }}
connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }}
max_retries = -1
[keystone_authtoken]

36
neutron/templates/job-db-init.yaml
View File

@ -33,14 +33,38 @@ spec:
- name: neutron-db-init
image: {{ .Values.images.db_init }}
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: neutron-db-root
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/neutron/neutron.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- bash
- /tmp/init.sh
- python
- /tmp/db-init.py
volumeMounts:
- name: initsh
mountPath: /tmp/init.sh
subPath: init.sh
- name: neutron-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etcneutron
mountPath: /etc/neutron
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
volumes:
- name: initsh
- name: etcneutron
emptyDir: {}
- name: neutronconf
configMap:
name: neutron-etc
- name: neutron-bin
configMap:
name: neutron-bin

27
neutron/templates/job-db-sync.yaml
View File

@ -33,14 +33,6 @@ spec:
- name: neutron-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- neutron-db-manage
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/plugins/ml2/ml2-conf.ini
- upgrade
- head
{{- if .Values.resources.enabled }}
resources:
limits:
@ -50,21 +42,30 @@ spec:
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
{{- end }}
command:
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: pod-etc-neutron
- name: neutron-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcneutron
mountPath: /etc/neutron
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
- name: ml2confini
readOnly: true
- name: neutronconf
mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
subPath: ml2-conf.ini
readOnly: true
volumes:
- name: pod-etc-neutron
- name: etcneutron
emptyDir: {}
- name: neutronconf
configMap:
name: neutron-etc
- name: ml2confini
- name: neutron-bin
configMap:
name: neutron-etc
name: neutron-bin

7
neutron/templates/secret-db-root.env.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: neutron-db-root
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }}

24
neutron/values.yaml
View File

@ -21,7 +21,7 @@ replicas:
server: 1
images:
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-neutron-server:newton
db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
@ -122,14 +122,6 @@ keystone:
nova_project_domain: "default"
nova_region_name: "RegionOne"
database:
port: 3306
root_user: root
root_password: password
neutron_database_name: neutron
neutron_password: password
neutron_user: neutron
metadata_agent:
default:
debug: 'True'
@ -336,3 +328,17 @@ endpoints:
scheme: 'http'
port:
api: 9696
oslo_db:
auth:
admin:
username: root
password: password
user:
username: neutron
password: password
hosts:
default: mariadb
path: /neutron
scheme: mysql+pymysql
port:
mysql: 3306