vexxhost/openstack-operator
Code Issues Proposed changes

Merge "Add Magnum"

Browse Source
This commit is contained in:
Zuul 2020-06-22 19:21:32 +00:00 committed by Gerrit Code Review
commit da95d122d7
16 changed files with 815 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -6,6 +6,8 @@ images:
docker build images/heat --target heat-api-cfn -t vexxhost/heat-api-cfn:latest
docker build images/heat --target heat-engine -t vexxhost/heat-engine:latest
docker build images/chronyd -t vexxhost/chronyd:latest
docker build images/magnum --target magnum-api -t vexxhost/magnum-api:latest
docker build images/magnum --target magnum-conductor -t vexxhost/magnum-conductor:latest
docker build images/mcrouter -t vexxhost/mcrouter:latest
docker build images/mcrouter-exporter -t vexxhost/mcrouter-exporter:latest
docker build images/memcached -t vexxhost/memcached:latest

2
chart/test-values.yaml
View File

@ -10,4 +10,6 @@ configMap:
configDir: /etc/keystone
heat:
configDir: /etc/heat
magnum:
configDir: /etc/magnum
chronyd: {}

2
config/samples/operator-config.yaml
View File

@ -17,4 +17,6 @@ data:
host:
api: "h-api.vexxhost.com"
api-cfn: "h-api-cfn.vexxhost.com"
magnum:
configDir: /etc/magnum
chronyd: {}

410
devstack/lib/magnum Normal file
View File

@ -0,0 +1,410 @@
#!/bin/bash
#
# lib/magnum
# Functions to control the configuration and operation of the **magnum** service
# Dependencies:
#
# - ``functions`` file
# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# - install_magnum
# - configure_magnum
# - create_magnum_conf
# - init_magnum
# - magnum_register_image
# - magnum_configure_flavor
# - start_magnum
# - configure_iptables_magnum
# - configure_apache_magnum
# - stop_magnum
# - cleanup_magnum
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
# Set up default directories
MAGNUM_REPO=${MAGNUM_REPO:-${GIT_BASE}/openstack/magnum.git}
MAGNUM_BRANCH=${MAGNUM_BRANCH:-master}
MAGNUM_DIR=$DEST/magnum
GITREPO["python-magnumclient"]=${MAGNUMCLIENT_REPO:-${GIT_BASE}/openstack/python-magnumclient.git}
GITBRANCH["python-magnumclient"]=${MAGNUMCLIENT_BRANCH:-master}
GITDIR["python-magnumclient"]=$DEST/python-magnumclient
MAGNUM_STATE_PATH=${MAGNUM_STATE_PATH:=$DATA_DIR/magnum}
MAGNUM_AUTH_CACHE_DIR=${MAGNUM_AUTH_CACHE_DIR:-/var/cache/magnum}
MAGNUM_CERTIFICATE_CACHE_DIR=${MAGNUM_CERTIFICATE_CACHE_DIR:-/var/lib/magnum/certificate-cache}
MAGNUM_CONF_DIR=/etc/magnum
MAGNUM_CONF=$MAGNUM_CONF_DIR/magnum.conf
MAGNUM_API_PASTE=$MAGNUM_CONF_DIR/api-paste.ini
MAGNUM_K8S_KEYSTONE_AUTH_DEFAULT_POLICY=$MAGNUM_CONF_DIR/k8s_keystone_auth_default_policy.json
MAGNUM_POLICY=$MAGNUM_CONF_DIR/policy.yaml
if is_ssl_enabled_service "magnum" || is_service_enabled tls-proxy; then
MAGNUM_SERVICE_PROTOCOL="https"
fi
# Public facing bits
MAGNUM_SERVICE_HOST=${MAGNUM_SERVICE_HOST:-$HOST_IP}
MAGNUM_SERVICE_PORT=${MAGNUM_SERVICE_PORT:-9511}
MAGNUM_SERVICE_PORT_INT=${MAGNUM_SERVICE_PORT_INT:-19511}
MAGNUM_SERVICE_PROTOCOL=${MAGNUM_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD=${MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD:-secret}
MAGNUM_SWIFT_REGISTRY_CONTAINER=${MAGNUM_SWIFT_REGISTRY_CONTAINER:-docker_registry}
# Support entry points installation of console scripts
if [[ -d $MAGNUM_DIR/bin ]]; then
MAGNUM_BIN_DIR=$MAGNUM_DIR/bin
else
MAGNUM_BIN_DIR=$(get_python_exec_prefix)
fi
MAGNUM_CONFIGURE_IPTABLES=${MAGNUM_CONFIGURE_IPTABLES:-True}
# Functions
# ---------
# Test if any magnum services are enabled
# is_magnum_enabled
function is_magnum_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"magnum-" ]] && return 0
return 1
}
# cleanup_magnum() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_magnum {
echo noop
}
# configure_magnum() - Set config files, create data dirs, etc
function configure_magnum {
# Put config files in ``/etc/magnum`` for everyone to find
if [[ ! -d $MAGNUM_CONF_DIR ]]; then
sudo mkdir -p $MAGNUM_CONF_DIR
sudo chown $STACK_USER $MAGNUM_CONF_DIR
fi
# Rebuild the config file from scratch
create_magnum_conf
create_api_paste_conf
create_k8s_keystone_auth_default_poliy
}
# create_magnum_accounts() - Set up common required magnum accounts
#
# Project User Roles
# ------------------------------------------------------------------
# SERVICE_PROJECT_NAME magnum service
function create_magnum_accounts {
create_service_user "magnum" "admin"
get_or_create_service "magnum" "container-infra" "Container Infrastructure Management Service"
get_or_create_endpoint "container-infra" \
"$REGION_NAME" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1"
# Create for Kubernetes Keystone auth
get_or_create_role k8s_admin
get_or_create_role k8s_developer
get_or_create_role k8s_viewer
}
# create_magnum_conf() - Create a new magnum.conf file
function create_magnum_conf {
# (Re)create ``magnum.conf``
rm -f $MAGNUM_CONF
HOSTNAME=`hostname`
iniset $MAGNUM_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
iniset $MAGNUM_CONF DEFAULT transport_url $(get_transport_url)
iniset $MAGNUM_CONF DEFAULT host "$HOSTNAME"
iniset $MAGNUM_CONF database connection `database_connection_url magnum`
iniset $MAGNUM_CONF api host "$MAGNUM_SERVICE_HOST"
if is_service_enabled tls-proxy; then
iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT_INT"
iniset $MAGNUM_CONF drivers verify_ca true
iniset $MAGNUM_CONF drivers openstack_ca_file $SSL_BUNDLE_FILE
else
iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT"
iniset $MAGNUM_CONF drivers verify_ca false
fi
iniset $MAGNUM_CONF cluster temp_cache_dir $MAGNUM_CERTIFICATE_CACHE_DIR
iniset $MAGNUM_CONF oslo_policy policy_file $MAGNUM_POLICY
iniset $MAGNUM_CONF keystone_auth auth_type password
iniset $MAGNUM_CONF keystone_auth username magnum
iniset $MAGNUM_CONF keystone_auth password $SERVICE_PASSWORD
iniset $MAGNUM_CONF keystone_auth project_name $SERVICE_PROJECT_NAME
iniset $MAGNUM_CONF keystone_auth project_domain_id default
iniset $MAGNUM_CONF keystone_auth user_domain_id default
configure_auth_token_middleware $MAGNUM_CONF magnum
iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
# FIXME(pauloewerton): keystone_authtoken section is deprecated. Remove it
# after deprecation period.
iniset $MAGNUM_CONF keystone_authtoken www_authenticate_uri $KEYSTONE_SERVICE_URI_V3
iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
iniset $MAGNUM_CONF keystone_authtoken auth_version v3
if is_fedora || is_suse; then
# magnum defaults to /usr/local/bin, but fedora and suse pip like to
# install things in /usr/bin
iniset $MAGNUM_CONF DEFAULT bindir "/usr/bin"
fi
if [ -n "$MAGNUM_STATE_PATH" ]; then
iniset $MAGNUM_CONF DEFAULT state_path "$MAGNUM_STATE_PATH"
iniset $MAGNUM_CONF oslo_concurrency lock_path "$MAGNUM_STATE_PATH"
fi
if [ "$USE_SYSTEMD" != "False" ]; then
setup_systemd_logging $MAGNUM_CONF
fi
# Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$USE_SYSTEMD" == "False" ]; then
setup_colorized_logging $MAGNUM_CONF DEFAULT
fi
# Register SSL certificates if provided
if is_ssl_enabled_service magnum; then
ensure_certificates MAGNUM
iniset $MAGNUM_CONF DEFAULT ssl_cert_file "$MAGNUM_SSL_CERT"
iniset $MAGNUM_CONF DEFAULT ssl_key_file "$MAGNUM_SSL_KEY"
iniset $MAGNUM_CONF DEFAULT enabled_ssl_apis "$MAGNUM_ENABLED_APIS"
fi
if is_service_enabled ceilometer; then
iniset $MAGNUM_CONF oslo_messaging_notifications driver "messaging"
fi
if is_service_enabled barbican; then
iniset $MAGNUM_CONF certificates cert_manager_type "barbican"
else
iniset $MAGNUM_CONF certificates cert_manager_type "x509keypair"
fi
trustee_domain_id=$(get_or_create_domain magnum 'Owns users and projects created by magnum')
trustee_domain_admin_id=$(get_or_create_user trustee_domain_admin $MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD $trustee_domain_id)
openstack --os-auth-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version 3 role add \
--user $trustee_domain_admin_id --domain $trustee_domain_id \
admin
iniset $MAGNUM_CONF trust cluster_user_trust True
iniset $MAGNUM_CONF trust trustee_domain_name magnum
iniset $MAGNUM_CONF trust trustee_domain_admin_name trustee_domain_admin
iniset $MAGNUM_CONF trust trustee_domain_admin_password $MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD
iniset $MAGNUM_CONF trust trustee_keystone_interface public
iniset $MAGNUM_CONF cinder_client region_name $REGION_NAME
if is_service_enabled swift; then
iniset $MAGNUM_CONF docker_registry swift_region $REGION_NAME
iniset $MAGNUM_CONF docker_registry swift_registry_container $MAGNUM_SWIFT_REGISTRY_CONTAINER
fi
# Get the default volume type from cinder.conf and set the coresponding
# default in magnum.conf
default_volume_type=$(iniget /etc/cinder/cinder.conf DEFAULT default_volume_type)
iniset $MAGNUM_CONF cinder default_docker_volume_type $default_volume_type
iniset $MAGNUM_CONF drivers send_cluster_metrics False
iniset $MAGNUM_CONF kubernetes keystone_auth_default_policy $MAGNUM_K8S_KEYSTONE_AUTH_DEFAULT_POLICY
}
function create_api_paste_conf {
# copy api_paste.ini
cp $MAGNUM_DIR/etc/magnum/api-paste.ini $MAGNUM_API_PASTE
}
function create_k8s_keystone_auth_default_poliy {
cp $MAGNUM_DIR/etc/magnum/keystone_auth_default_policy.sample $MAGNUM_K8S_KEYSTONE_AUTH_DEFAULT_POLICY
}
# create_magnum_cache_dir() - Part of the init_magnum() process
function create_magnum_cache_dir {
# Create cache dir
sudo mkdir -p $1
sudo chown $STACK_USER $1
rm -f $1/*
}
# init_magnum() - Initialize databases, etc.
function init_magnum {
# NOTE: Permissions here are bad but it's temporary so we don't care as much.
sudo chmod -Rv 777 /etc/heat
# Only do this step once on the API node for an entire cluster.
if is_service_enabled $DATABASE_BACKENDS; then
# (Re)create magnum database
recreate_database magnum
# Migrate magnum database
time_start "dbsync"
sudo docker run -v $MAGNUM_CONF_DIR:$MAGNUM_CONF_DIR vexxhost/magnum-conductor:latest magnum-db-manage upgrade
time_stop "dbsync"
fi
}
# magnum_register_image - Register heat image for magnum with property os_distro
function magnum_register_image {
local magnum_image_property="--property os_distro="
local atomic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io 'atomic' || true;)"
if [ ! -z "$atomic" ]; then
magnum_image_property=$magnum_image_property"fedora-atomic --property hw_rng_model=virtio"
fi
local ubuntu="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io "ubuntu" || true;)"
if [ ! -z "$ubuntu" ]; then
magnum_image_property=$magnum_image_property"ubuntu"
fi
local coreos="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io "^coreos" || true;)"
if [ ! -z "$coreos" ]; then
magnum_image_property=$magnum_image_property"coreos"
fi
local fedora_coreos="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io "fedora-coreos" || true;)"
if [ ! -z "$fedora_coreos" ]; then
magnum_image_property=$magnum_image_property"fedora-coreos"
fi
# os_distro property for fedora ironic image
local fedora_ironic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -i "ironic" \
| grep -io "fedora" || true;)"
if [ ! -z "$fedora_ironic" ]; then
magnum_image_property=$magnum_image_property"fedora"
fi
# get the image name
local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL")
local image_name=""
for extension in "tgz" "img" "qcow2" "iso" "vhd" "vhdx" "tar.gz" "img.gz" "img.bz2" "vhd.gz" "vhdx.gz" "qcow2.xz"
do
if [ $(expr match "${image_filename}" ".*\.${extension}$") -ne 0 ]; then
image_name=$(basename "$image_filename" ".${extension}")
break
fi
done
if [ -z ${image_name} ]; then
echo "Unknown image extension in $image_filename, supported extensions: tgz, img, qcow2, iso, vhd, vhdx, tar.gz, img.gz, img.bz2, vhd.gz, vhdx.gz, qcow2.xz"; false
fi
openstack image set $image_name $magnum_image_property
}
#magnum_configure_flavor - set hw_rng property for flavor to address the potential entropy issue
function magnum_configure_flavor {
local magnum_flavor_property="--property hw_rng:allowed=True --property hw_rng:rate_bytes=1024 --property hw_rng:rate_period=1"
local FLAVOR_LIST=$(openstack flavor list -c Name -f value)
for flavor in ${FLAVOR_LIST}; do
openstack flavor set $flavor $magnum_flavor_property
done
}
# install_magnumclient() - Collect source and prepare
function install_magnumclient {
pip_install "python-magnumclient"
}
# install_magnum() - Collect source and prepare
function install_magnum {
echo noop
}
# configure_iptables_magnum() - Configure the IP table rules for Magnum
function configure_iptables_magnum {
if [ "$MAGNUM_CONFIGURE_IPTABLES" != "False" ]; then
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
# bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
# allow access to keystone etc (http and https)
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
fi
}
function configure_apache_magnum {
# Set redirection for kubernetes openstack cloud provider
# FIXME: When [1] is in kubernetes, we won't need the redirection anymore.
# [1] https://github.com/gophercloud/gophercloud/pull/423
HTACCESS_PATH=/var/www/html
if is_ubuntu; then
OVERRIDE_CONF_FILE=/etc/apache2/apache2.conf
elif is_fedora; then
OVERRIDE_CONF_FILE=/etc/httpd/conf/httpd.conf
fi
# If horizon is enabled then we need
if is_service_enabled horizon; then
HTACCESS_PATH=$DEST/horizon/.blackhole
sudo tee -a $APACHE_CONF_DIR/horizon.conf <<EOF
<Directory $HTACCESS_PATH>
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
EOF
else
sudo tee -a $OVERRIDE_CONF_FILE <<EOF
<Directory $HTACCESS_PATH>
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
EOF
fi
sudo mkdir -p $HTACCESS_PATH
sudo tee $HTACCESS_PATH/.htaccess <<EOF
RewriteEngine on
RewriteRule ^v2\.0(.*) /identity/v2.0\$1
RewriteRule ^v3(.*) /identity/v3\$1
EOF
enable_apache_mod rewrite
}
# start_magnum() - Start running processes, including screen
function start_magnum {
kubernetes_rollout_restart magnum-api
kubernetes_rollout_restart magnum-conductor
kubernetes_rollout_status magnum-api
kubernetes_rollout_status magnum-conductor
proxy_pass_to_kubernetes /magnum-api magnum-api magnum-api-wsgi
}
# stop_magnum() - Stop running processes (non-screen)
function stop_magnum {
echo noop
}
# Restore xtrace
$XTRACE

34
images/magnum/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
# Copyright (c) 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM docker.io/opendevorg/python-builder as builder
COPY bindep.txt /tmp/src/bindep.txt
ADD https://releases.openstack.org/constraints/upper/ussuri /tmp/src/upper-constraints.txt
RUN assemble magnum==10.0.0 \
python-memcached \
PyMySQL
FROM docker.io/opendevorg/uwsgi-base AS magnum-api-base
COPY --from=builder /output/ /output
RUN /output/install-from-bindep
FROM magnum-api-base AS magnum-api
EXPOSE 9511
ENV UWSGI_HTTP_SOCKET=:9511 UWSGI_WSGI_FILE=/usr/local/bin/magnum-api-wsgi
FROM docker.io/opendevorg/python-base AS magnum-conductor
COPY --from=builder /output/ /output
RUN /output/install-from-bindep
CMD ["/usr/local/bin/magnum-conductor"]

2
images/magnum/bindep.txt Normal file
View File

@ -0,0 +1,2 @@
gcc [compile]
libc-dev [compile]

58
openstack_operator/magnum.py Normal file
View File

@ -0,0 +1,58 @@
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Magnum Operator
This module maintains the operator for Magnum, it takes care of creating
the appropriate deployments, an instance of Memcache, RabbitMQ and a database
server for the installation.
"""
from openstack_operator import utils
def create_or_resume(name, spec, **_):
"""Create and re-sync any Magnum instances
This function is called when a new resource is created but also when we
start the service up for the first time.
"""
env = utils.get_uwsgi_env()
config_hash = utils.generate_hash(spec)
for component in ("api", "conductor"):
utils.create_or_update('magnum/deployment.yml.j2',
name=name, spec=spec,
component=component, env=env,
config_hash=config_hash)
utils.create_or_update('magnum/horizontalpodautoscaler.yml.j2',
name=name, component=component)
utils.create_or_update('magnum/service.yml.j2',
name=name)
if "ingress" in spec:
utils.create_or_update('magnum/ingress.yml.j2',
name=name, spec=spec)
def update(name, spec, **_):
"""Update a Magnum
This function updates the deployment for Magnum if there are any
changes that happen within it.
"""
if "ingress" in spec:
utils.create_or_update('magnum/ingress.yml.j2',
name=name, spec=spec)

3
openstack_operator/operator.py
View File

@ -27,6 +27,7 @@ from openstack_operator import chronyd
from openstack_operator import heat
from openstack_operator import horizon
from openstack_operator import keystone
from openstack_operator import magnum
from openstack_operator import utils
@ -60,6 +61,8 @@ def deploy(name, namespace, new, **_):
horizon.create_or_resume("horizon", config["horizon"])
if "heat" in config:
heat.create_or_resume("heat", config["heat"])
if "magnum" in config:
magnum.create_or_resume("magnum", config["magnum"])
if "chronyd" in config:
chronyd.create_or_resume(config["chronyd"])
if "ceilometer" in config:

89
openstack_operator/templates/magnum/deployment.yml.j2 Normal file
View File

@ -0,0 +1,89 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: magnum-{{ component }}
namespace: openstack
labels:
{{ labels("magnum", name, component) | indent(4) }}
spec:
replicas: 3
selector:
matchLabels:
{{ labels("magnum", name, component) | indent(6) }}
template:
metadata:
labels:
{{ labels("magnum", name, component) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
containers:
- name: magnum-{{ component }}
image: vexxhost/magnum-{{ component }}:latest
imagePullPolicy: Always
{% if env is defined %}
env:
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
{% endif %}
{% if 'api' in component %}
ports:
- name: magnum-{{ component }}
protocol: TCP
containerPort: 9511
livenessProbe:
tcpSocket:
port: magnum-{{ component }}
readinessProbe:
tcpSocket:
port: magnum-{{ component }}
{% endif %}
resources:
limits:
cpu: 500m
ephemeral-storage: 50M
memory: 512M
requests:
cpu: 50m
ephemeral-storage: 50M
memory: 64M
securityContext:
runAsUser: 65534
runAsGroup: 65534
volumeMounts:
- mountPath: /etc/magnum
name: config
volumes:
- name: config
hostPath:
path: {{ spec['configDir'] }}
type: Directory
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}

30
openstack_operator/templates/magnum/horizontalpodautoscaler.yml.j2 Normal file
View File

@ -0,0 +1,30 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: magnum-{{ component }}
namespace: openstack
labels:
{{ labels("magnum", name) | indent(4) }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: magnum-{{ component }}
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 90

55
openstack_operator/templates/magnum/ingress.yml.j2 Normal file
View File

@ -0,0 +1,55 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: magnum
namespace: openstack
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
{% if spec.ingress.host is defined %}
rules:
- host: {{ spec.ingress.host }}
http:
paths:
- path: /
backend:
serviceName: magnum-api
servicePort: 80
tls:
- hosts:
- {{ spec.ingress.host }}
secretName: magnum-tls
{% else %}
rules:
{% for v in spec.ingress %}
- host: {{ v.host }}
http:
paths:
- path: /
backend:
serviceName: magnum-api
servicePort: 80
{% endfor %}
tls:
- hosts:
{% for v in spec.ingress %}
- {{ v.host }}
{% endfor %}
secretName: magnum-tls
{% endif %}

28
openstack_operator/templates/magnum/service.yml.j2 Normal file
View File

@ -0,0 +1,28 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: magnum-api
namespace: openstack
spec:
ports:
- name: magnum-api
protocol: TCP
port: 80
targetPort: magnum-api
selector:
{{ labels("magnum", name, "api") | indent(4) }}

37
openstack_operator/tests/unit/test_magnum.py Normal file
View File

@ -0,0 +1,37 @@
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for Magnum Operator
This module contains all the tests for the Magnum operator.
"""
from openstack_operator.tests.unit import base
class MagnumAPIDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the API Deployment."""
RELEASE_TYPE = 'magnum'
TEMPLATE_FILE = 'magnum/deployment.yml.j2'
TEMPLATE_PARAMS = {'component': 'api'}
class MagnumConductorDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the Conductor Deployment."""
RELEASE_TYPE = 'magnum'
TEMPLATE_FILE = 'magnum/deployment.yml.j2'
TEMPLATE_PARAMS = {'component': 'conductor'}
PORT_EXPOSED = False

9
playbooks/functional/devstack.yaml
View File

@ -69,6 +69,15 @@
become: true
command: rsync -av src/opendev.org/vexxhost/openstack-operator/devstack/lib/heat /opt/stack/heat/devstack/lib/heat
- name: Copy magnum repo into devstack working directory
git:
repo: https://github.com/openstack/magnum
dest: /opt/stack/magnum
become: true
- name: Override magnum lib functions
become: true
command: rsync -av src/opendev.org/vexxhost/openstack-operator/devstack/lib/magnum /opt/stack/magnum/devstack/lib/magnum
# Changes that run through devstack-tempest are likely to have an impact on
# the devstack part of the job, so we keep devstack in the main play to
# avoid zuul retrying on legitimate failures.

16
zuul.d/functional-jobs.yaml
View File

@ -9,6 +9,8 @@
required-projects:
- openstack/heat
- openstack/heat-tempest-plugin
- openstack/magnum
- openstack/magnum-tempest-plugin
vars:
devstack_services:
etcd3: false
@ -17,13 +19,15 @@
devstack_plugins:
openstack-operator: https://opendev.org/vexxhost/openstack-operator
heat: https://github.com/openstack/heat
magnum: https://github.com/openstack/magnum
devstack_source_dirs:
- src/opendev.org/openstack
- src/opendev.org/vexxhost
- src/opendev.org/openstack
- src/opendev.org/vexxhost
tempest_plugins:
- heat-tempest-plugin
- heat-tempest-plugin
- magnum-tempest-plugin
devstack_localrc:
TEMPEST_PLUGINS: '/opt/stack/heat-tempest-plugin'
TEMPEST_PLUGINS: '/opt/stack/heat-tempest-plugin /opt/stack/magnum-tempest-plugin'
docker_use_buildset_registry: true
minikube_dns_resolvers: [1.1.1.1, 8.8.8.8]
@ -38,6 +42,8 @@
soft: true
- name: openstack-operator:images:build:chronyd
soft: true
- name: openstack-operator:images:build:magnum
soft: true
- name: openstack-operator:images:build:rabbitmq
soft: true
- name: openstack-operator:images:build:ceilometer
@ -63,6 +69,8 @@
soft: true
- name: openstack-operator:images:upload:chronyd
soft: true
- name: openstack-operator:images:upload:magnum
soft: true
- name: openstack-operator:images:upload:rabbitmq
soft: true
- name: openstack-operator:images:upload:ceilometer

42
zuul.d/magnum-jobs.yaml Normal file
View File

@ -0,0 +1,42 @@
- job:
name: openstack-operator:images:build:magnum
parent: vexxhost-build-docker-image
provides: openstack-operator:image:magnum
vars: &id001
docker_images:
- context: images/magnum
repository: vexxhost/magnum-api-base
target: magnum-api-base
- context: images/magnum
repository: vexxhost/magnum-api
target: magnum-api
- context: images/magnum
repository: vexxhost/magnum-conductor
target: magnum-conductor
dependencies:
- openstack-operator:images:build:openstack-operator
files: &id002
- ^images/magnum/.*
- job:
name: openstack-operator:images:upload:magnum
parent: vexxhost-upload-docker-image
provides: openstack-operator:image:magnum
vars: *id001
dependencies:
- openstack-operator:images:upload:openstack-operator
files: *id002
- job:
name: openstack-operator:images:promote:magnum
parent: vexxhost-promote-docker-image
vars: *id001
files: *id002
- project:
check:
jobs:
- openstack-operator:images:build:magnum
gate:
jobs:
- openstack-operator:images:upload:magnum
promote:
jobs:
- openstack-operator:images:promote:magnum