From f02e0eb78dcee498c6522dd1e21c2b98d66799dd Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:00:13 +0000 Subject: [PATCH 01/54] OpenStack Heat Initial Commit Initial commit of Heat Chart --- Makefile | 8 +- heat/Chart.yaml | 3 + heat/requirements.yaml | 4 + heat/templates/_heat_config_helpers.tpl | 90 ++++++++++ heat/templates/_helpers.tpl | 73 ++++++++ .../config/contents/_heat-api-paste.ini.tpl | 105 +++++++++++ .../config/contents/_heat-cache.conf.tpl | 4 + .../config/contents/_heat-db.conf.tpl | 3 + .../config/contents/_heat-endpoints.conf.tpl | 4 + .../config/contents/_heat-keystone.conf.tpl | 15 ++ .../config/contents/_heat-log.conf.tpl | 4 + .../config/contents/_heat-messaging.conf.tpl | 5 + .../config/contents/_heat-options.conf.tpl | 3 + .../config/contents/_heat-paste.conf.tpl | 2 + .../config/contents/_heat-policy.json.tpl | 96 ++++++++++ .../contents/_heat-stack-domain.conf.tpl | 4 + .../config/contents/_heat-trustee.conf.tpl | 22 +++ .../contents/components/_heat-api.conf.tpl | 4 + .../contents/components/_heat-cfn.conf.tpl | 4 + .../components/_heat-cloudwatch.conf.tpl | 4 + .../contents/components/_heat-engine.conf.tpl | 2 + heat/templates/config/heat-api-paste.ini.yaml | 7 + heat/templates/config/heat-api.conf.yaml | 7 + heat/templates/config/heat-cache.conf.yaml | 7 + heat/templates/config/heat-cfn.conf.yaml | 7 + .../config/heat-cloudwatch.conf.yaml | 7 + heat/templates/config/heat-db.conf.yaml | 8 + .../templates/config/heat-endpoints.conf.yaml | 7 + heat/templates/config/heat-engine.conf.yaml | 7 + .../config/heat-keystone-admin.env.yaml | 20 +++ heat/templates/config/heat-keystone.conf.yaml | 22 +++ heat/templates/config/heat-log.conf.yaml | 7 + .../templates/config/heat-messaging.conf.yaml | 8 + heat/templates/config/heat-options.conf.yaml | 7 + heat/templates/config/heat-paste.conf.yaml | 7 + heat/templates/config/heat-policy.json.yaml | 7 + .../config/heat-stack-domain.conf.yaml | 16 ++ heat/templates/config/heat-trustee.conf.yaml | 22 +++ heat/templates/deployment/api/api.sh.yaml | 7 + heat/templates/deployment/api/api.yaml | 76 ++++++++ heat/templates/deployment/api/bin/_api.sh.tpl | 4 + heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 + heat/templates/deployment/cfn/cfn.sh.yaml | 7 + heat/templates/deployment/cfn/cfn.yaml | 76 ++++++++ .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 + .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 + .../deployment/cloudwatch/cloudwatch.yaml | 76 ++++++++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + heat/templates/jobs/db/init/db-init.sh.yaml | 7 + heat/templates/jobs/db/init/db-init.yaml | 54 ++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 ++ heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 + heat/templates/jobs/db/sync/db-sync.yaml | 69 ++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 +++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 ++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 48 +++++ .../keystone/user/bin/_ks-domain-user.sh.tpl | 55 ++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ++++++ .../jobs/keystone/user/ks-user.sh.yaml | 9 + .../templates/jobs/keystone/user/ks-user.yaml | 167 ++++++++++++++++++ heat/templates/service-api.yaml | 9 + heat/templates/service-cfn.yaml | 9 + heat/templates/service-cloudwatch.yaml | 9 + .../statefulset/engine/bin/_engine.sh.tpl | 4 + .../statefulset/engine/engine.sh.yaml | 7 + heat/templates/statefulset/engine/engine.yaml | 65 +++++++ heat/values.yaml | 155 ++++++++++++++++ 70 files changed, 1853 insertions(+), 3 deletions(-) create mode 100644 heat/Chart.yaml create mode 100644 heat/requirements.yaml create mode 100644 heat/templates/_heat_config_helpers.tpl create mode 100644 heat/templates/_helpers.tpl create mode 100755 heat/templates/config/contents/_heat-api-paste.ini.tpl create mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl create mode 100644 heat/templates/config/contents/_heat-db.conf.tpl create mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl create mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl create mode 100644 heat/templates/config/contents/_heat-log.conf.tpl create mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl create mode 100644 heat/templates/config/contents/_heat-options.conf.tpl create mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl create mode 100644 heat/templates/config/contents/_heat-policy.json.tpl create mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl create mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl create mode 100755 heat/templates/config/heat-api-paste.ini.yaml create mode 100644 heat/templates/config/heat-api.conf.yaml create mode 100644 heat/templates/config/heat-cache.conf.yaml create mode 100644 heat/templates/config/heat-cfn.conf.yaml create mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml create mode 100644 heat/templates/config/heat-db.conf.yaml create mode 100644 heat/templates/config/heat-endpoints.conf.yaml create mode 100644 heat/templates/config/heat-engine.conf.yaml create mode 100644 heat/templates/config/heat-keystone-admin.env.yaml create mode 100644 heat/templates/config/heat-keystone.conf.yaml create mode 100644 heat/templates/config/heat-log.conf.yaml create mode 100644 heat/templates/config/heat-messaging.conf.yaml create mode 100644 heat/templates/config/heat-options.conf.yaml create mode 100644 heat/templates/config/heat-paste.conf.yaml create mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/config/heat-stack-domain.conf.yaml create mode 100644 heat/templates/config/heat-trustee.conf.yaml create mode 100755 heat/templates/deployment/api/api.sh.yaml create mode 100755 heat/templates/deployment/api/api.yaml create mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl create mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl create mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml create mode 100644 heat/templates/deployment/cfn/cfn.yaml create mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.yaml create mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml create mode 100644 heat/templates/jobs/db/init/db-init.yaml create mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 heat/templates/jobs/db/sync/db-sync.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 heat/templates/jobs/keystone/service/ks-service.yaml create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 heat/templates/jobs/keystone/user/ks-user.yaml create mode 100644 heat/templates/service-api.yaml create mode 100644 heat/templates/service-cfn.yaml create mode 100644 heat/templates/service-cloudwatch.yaml create mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl create mode 100644 heat/templates/statefulset/engine/engine.sh.yaml create mode 100644 heat/templates/statefulset/engine/engine.yaml create mode 100644 heat/values.yaml diff --git a/Makefile b/Makefile index 0021fb20..d7345126 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack common: build-common @@ -19,6 +19,8 @@ mariadb: build-mariadb keystone: build-keystone +heat: build-heat + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/heat/Chart.yaml b/heat/Chart.yaml new file mode 100644 index 00000000..65c0ea4b --- /dev/null +++ b/heat/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for heat +name: heat +version: 0.1.0 diff --git a/heat/requirements.yaml b/heat/requirements.yaml new file mode 100644 index 00000000..2350b1fa --- /dev/null +++ b/heat/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl new file mode 100644 index 00000000..eb087888 --- /dev/null +++ b/heat/templates/_heat_config_helpers.tpl @@ -0,0 +1,90 @@ +{{- define "heat_config_volume_mounts" }} +- name: pod-etc-heat + mountPath: /etc/heat +- name: pod-var-cache-heat + mountPath: /var/cache/heat +- name: heat-json-policy + mountPath: /etc/heat/policy.json + subPath: policy.json + readOnly: true +- name: heat-conf-cache + mountPath: /etc/heat/conf/heat-cache.conf + subPath: heat-cache.conf + readOnly: true +- name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true +- name: heat-conf-endpoints + mountPath: /etc/heat/conf/heat-endpoints.conf + subPath: heat-endpoints.conf + readOnly: true +- name: heat-conf-keystone + mountPath: /etc/heat/conf/heat-keystone.conf + subPath: heat-keystone.conf + readOnly: true +- name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true +- name: heat-conf-messaging + mountPath: /etc/heat/conf/heat-messaging.conf + subPath: heat-messaging.conf + readOnly: true +- name: heat-conf-options + mountPath: /etc/heat/conf/heat-options.conf + subPath: heat-options.conf + readOnly: true +- name: heat-conf-paste + mountPath: /etc/heat/conf/heat-paste.conf + subPath: heat-paste.conf + readOnly: true +- name: heat-conf-stack-domain + mountPath: /etc/heat/conf/heat-stack-domain.conf + subPath: heat-stack-domain.conf + readOnly: true +- name: heat-conf-trustee + mountPath: /etc/heat/conf/heat-trustee.conf + subPath: heat-trustee.conf + readOnly: true +{{- end }} + +{{- define "heat_config_volumes" }} +- name: pod-etc-heat + emptyDir: {} +- name: pod-var-cache-heat + emptyDir: {} +- name: heat-json-policy + configMap: + name: heat-json-policy +- name: heat-conf-cache + configMap: + name: heat-conf-cache +- name: heat-conf-db + secret: + secretName: heat-conf-db +- name: heat-conf-endpoints + configMap: + name: heat-conf-endpoints +- name: heat-conf-keystone + secret: + secretName: heat-conf-keystone +- name: heat-conf-log + configMap: + name: heat-conf-log +- name: heat-conf-messaging + secret: + secretName: heat-conf-messaging +- name: heat-conf-options + configMap: + name: heat-conf-options +- name: heat-conf-paste + configMap: + name: heat-conf-paste +- name: heat-conf-stack-domain + secret: + secretName: heat-conf-stack-domain +- name: heat-conf-trustee + secret: + secretName: heat-conf-trustee +{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl new file mode 100644 index 00000000..745e6195 --- /dev/null +++ b/heat/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/config/contents/_heat-api-paste.ini.tpl new file mode 100755 index 00000000..5ea89b5a --- /dev/null +++ b/heat/templates/config/contents/_heat-api-paste.ini.tpl @@ -0,0 +1,105 @@ + +# heat-api pipeline +[pipeline:heat-api] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app + +# heat-api pipeline for standalone heat +# ie. uses alternative auth backend that authenticates users against keystone +# using username and password instead of validating token (which requires +# an admin/service token). +# To enable, in heat.conf: +# [paste_deploy] +# flavor = standalone +# +[pipeline:heat-api-standalone] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app + +# heat-api pipeline for custom cloud backends +# i.e. in heat.conf: +# [paste_deploy] +# flavor = custombackend +# +[pipeline:heat-api-custombackend] +pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app + +# heat-api-cfn pipeline +[pipeline:heat-api-cfn] +pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app + +# heat-api-cfn pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cfn-standalone] +pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app + +# heat-api-cloudwatch pipeline +[pipeline:heat-api-cloudwatch] +pipeline = cors versionnegotiation osprofiler ec2authtoken authtoken context apicwapp + +# heat-api-cloudwatch pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cloudwatch-standalone] +pipeline = cors versionnegotiation ec2authtoken context apicwapp + +[app:apiv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.openstack.v1:API + +[app:apicfnv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cfn.v1:API + +[app:apicwapp] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cloudwatch:API + +[filter:versionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:version_negotiation_filter + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = heat + +[filter:faultwrap] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:faultwrap_filter + +[filter:cfnversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cfn:version_negotiation_filter + +[filter:cwversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter + +[filter:context] +paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory + +[filter:ec2authtoken] +paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory + +# Middleware to set auth_url header appropriately +[filter:authurl] +paste.filter_factory = heat.common.auth_url:filter_factory + +# Auth middleware that validates token against keystone +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +# Auth middleware that validates username/password against keystone +[filter:authpassword] +paste.filter_factory = heat.common.auth_password:filter_factory + +# Auth middleware that validates against custom backend +[filter:custombackendauth] +paste.filter_factory = heat.common.custom_backend_auth:filter_factory + +# Middleware to set x-openstack-request-id in http response header +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl new file mode 100644 index 00000000..a6fd1728 --- /dev/null +++ b/heat/templates/config/contents/_heat-cache.conf.tpl @@ -0,0 +1,4 @@ +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl new file mode 100644 index 00000000..0213e750 --- /dev/null +++ b/heat/templates/config/contents/_heat-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl new file mode 100644 index 00000000..f9fc3fd0 --- /dev/null +++ b/heat/templates/config/contents/_heat-endpoints.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl new file mode 100644 index 00000000..99498157 --- /dev/null +++ b/heat/templates/config/contents/_heat-keystone.conf.tpl @@ -0,0 +1,15 @@ +[keystone_authtoken] +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl new file mode 100644 index 00000000..a0ec3d1f --- /dev/null +++ b/heat/templates/config/contents/_heat-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl new file mode 100644 index 00000000..819bd099 --- /dev/null +++ b/heat/templates/config/contents/_heat-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl new file mode 100644 index 00000000..1f764f79 --- /dev/null +++ b/heat/templates/config/contents/_heat-options.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +enable_stack_adopt = "True" +enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl new file mode 100644 index 00000000..5d6dcd64 --- /dev/null +++ b/heat/templates/config/contents/_heat-paste.conf.tpl @@ -0,0 +1,2 @@ +[paste_deploy] +config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/config/contents/_heat-policy.json.tpl new file mode 100644 index 00000000..c9aae5ff --- /dev/null +++ b/heat/templates/config/contents/_heat-policy.json.tpl @@ -0,0 +1,96 @@ +{ + "context_is_admin": "role:admin and is_admin_project:True", + "project_admin": "role:admin", + "deny_stack_user": "not role:heat_stack_user", + "deny_everybody": "!", + + "cloudformation:ListStacks": "rule:deny_stack_user", + "cloudformation:CreateStack": "rule:deny_stack_user", + "cloudformation:DescribeStacks": "rule:deny_stack_user", + "cloudformation:DeleteStack": "rule:deny_stack_user", + "cloudformation:UpdateStack": "rule:deny_stack_user", + "cloudformation:CancelUpdateStack": "rule:deny_stack_user", + "cloudformation:DescribeStackEvents": "rule:deny_stack_user", + "cloudformation:ValidateTemplate": "rule:deny_stack_user", + "cloudformation:GetTemplate": "rule:deny_stack_user", + "cloudformation:EstimateTemplateCost": "rule:deny_stack_user", + "cloudformation:DescribeStackResource": "", + "cloudformation:DescribeStackResources": "rule:deny_stack_user", + "cloudformation:ListStackResources": "rule:deny_stack_user", + + "cloudwatch:DeleteAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user", + "cloudwatch:DescribeAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user", + "cloudwatch:DisableAlarmActions": "rule:deny_stack_user", + "cloudwatch:EnableAlarmActions": "rule:deny_stack_user", + "cloudwatch:GetMetricStatistics": "rule:deny_stack_user", + "cloudwatch:ListMetrics": "rule:deny_stack_user", + "cloudwatch:PutMetricAlarm": "rule:deny_stack_user", + "cloudwatch:PutMetricData": "", + "cloudwatch:SetAlarmState": "rule:deny_stack_user", + + "actions:action": "rule:deny_stack_user", + "build_info:build_info": "rule:deny_stack_user", + "events:index": "rule:deny_stack_user", + "events:show": "rule:deny_stack_user", + "resource:index": "rule:deny_stack_user", + "resource:metadata": "", + "resource:signal": "", + "resource:mark_unhealthy": "rule:deny_stack_user", + "resource:show": "rule:deny_stack_user", + "stacks:abandon": "rule:deny_stack_user", + "stacks:create": "rule:deny_stack_user", + "stacks:delete": "rule:deny_stack_user", + "stacks:detail": "rule:deny_stack_user", + "stacks:export": "rule:deny_stack_user", + "stacks:generate_template": "rule:deny_stack_user", + "stacks:global_index": "rule:deny_everybody", + "stacks:index": "rule:deny_stack_user", + "stacks:list_resource_types": "rule:deny_stack_user", + "stacks:list_template_versions": "rule:deny_stack_user", + "stacks:list_template_functions": "rule:deny_stack_user", + "stacks:lookup": "", + "stacks:preview": "rule:deny_stack_user", + "stacks:resource_schema": "rule:deny_stack_user", + "stacks:show": "rule:deny_stack_user", + "stacks:template": "rule:deny_stack_user", + "stacks:environment": "rule:deny_stack_user", + "stacks:files": "rule:deny_stack_user", + "stacks:update": "rule:deny_stack_user", + "stacks:update_patch": "rule:deny_stack_user", + "stacks:preview_update": "rule:deny_stack_user", + "stacks:preview_update_patch": "rule:deny_stack_user", + "stacks:validate_template": "rule:deny_stack_user", + "stacks:snapshot": "rule:deny_stack_user", + "stacks:show_snapshot": "rule:deny_stack_user", + "stacks:delete_snapshot": "rule:deny_stack_user", + "stacks:list_snapshots": "rule:deny_stack_user", + "stacks:restore_snapshot": "rule:deny_stack_user", + "stacks:list_outputs": "rule:deny_stack_user", + "stacks:show_output": "rule:deny_stack_user", + + "software_configs:global_index": "rule:deny_everybody", + "software_configs:index": "rule:deny_stack_user", + "software_configs:create": "rule:deny_stack_user", + "software_configs:show": "rule:deny_stack_user", + "software_configs:delete": "rule:deny_stack_user", + "software_deployments:index": "rule:deny_stack_user", + "software_deployments:create": "rule:deny_stack_user", + "software_deployments:show": "rule:deny_stack_user", + "software_deployments:update": "rule:deny_stack_user", + "software_deployments:delete": "rule:deny_stack_user", + "software_deployments:metadata": "", + + "service:index": "rule:context_is_admin", + + "resource_types:OS::Nova::Flavor": "rule:project_admin", + "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin", + "resource_types:OS::Cinder::VolumeType": "rule:project_admin", + "resource_types:OS::Cinder::Quota": "rule:project_admin", + "resource_types:OS::Manila::ShareType": "rule:project_admin", + "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin", + "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin", + "resource_types:OS::Nova::HostAggregate": "rule:project_admin", + "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin" +} diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl new file mode 100644 index 00000000..75afba08 --- /dev/null +++ b/heat/templates/config/contents/_heat-stack-domain.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl new file mode 100644 index 00000000..41776515 --- /dev/null +++ b/heat/templates/config/contents/_heat-trustee.conf.tpl @@ -0,0 +1,22 @@ +[DEFAULT] +trusts_delegated_roles = "Member" +deferred_auth_method = "trusts" + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] + +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl new file mode 100644 index 00000000..68287888 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-api.conf.tpl @@ -0,0 +1,4 @@ +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl new file mode 100644 index 00000000..d6c42a17 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cfn.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl new file mode 100644 index 00000000..b9926222 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl new file mode 100644 index 00000000..1a22c602 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-engine.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml new file mode 100755 index 00000000..22031118 --- /dev/null +++ b/heat/templates/config/heat-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml new file mode 100644 index 00000000..cffa497a --- /dev/null +++ b/heat/templates/config/heat-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-api +data: + heat-api.conf: |+ +{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml new file mode 100644 index 00000000..b7b4eb9e --- /dev/null +++ b/heat/templates/config/heat-cache.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cache +data: + heat-cache.conf: | +{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml new file mode 100644 index 00000000..3d1c9651 --- /dev/null +++ b/heat/templates/config/heat-cfn.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cfn +data: + heat-cfn.conf: |+ +{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml new file mode 100644 index 00000000..cf244f76 --- /dev/null +++ b/heat/templates/config/heat-cloudwatch.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cloudwatch +data: + heat-cloudwatch.conf: |+ +{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml new file mode 100644 index 00000000..a8e2cf20 --- /dev/null +++ b/heat/templates/config/heat-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-db +type: Opaque +data: + heat-db.conf: | +{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml new file mode 100644 index 00000000..535e90cf --- /dev/null +++ b/heat/templates/config/heat-endpoints.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-endpoints +data: + heat-endpoints.conf: | +{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml new file mode 100644 index 00000000..cb585578 --- /dev/null +++ b/heat/templates/config/heat-engine.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-engine +data: + heat-engine.conf: |+ +{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/config/heat-keystone-admin.env.yaml new file mode 100644 index 00000000..275c1d27 --- /dev/null +++ b/heat/templates/config/heat-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/config/heat-keystone.conf.yaml new file mode 100644 index 00000000..514a5774 --- /dev/null +++ b/heat/templates/config/heat-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-keystone +type: Opaque +data: + heat-keystone.conf: | +{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml new file mode 100644 index 00000000..86a5a19b --- /dev/null +++ b/heat/templates/config/heat-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-log +data: + heat-log.conf: |+ +{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml new file mode 100644 index 00000000..2bb408a6 --- /dev/null +++ b/heat/templates/config/heat-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-messaging +type: Opaque +data: + heat-messaging.conf: | +{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml new file mode 100644 index 00000000..8ac2ebf4 --- /dev/null +++ b/heat/templates/config/heat-options.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-options +data: + heat-options.conf: | +{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml new file mode 100644 index 00000000..29f96e71 --- /dev/null +++ b/heat/templates/config/heat-paste.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-paste +data: + heat-paste.conf: | +{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml new file mode 100644 index 00000000..1b96f2a5 --- /dev/null +++ b/heat/templates/config/heat-policy.json.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-json-policy +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/config/heat-stack-domain.conf.yaml new file mode 100644 index 00000000..f870bf29 --- /dev/null +++ b/heat/templates/config/heat-stack-domain.conf.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-stack-domain +type: Opaque +data: + heat-stack-domain.conf: | +{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} + OS_DOMAIN_NAME: | +{{ .Values.keystone.heat_stack_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_stack_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_stack_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/config/heat-trustee.conf.yaml new file mode 100644 index 00000000..57906ad6 --- /dev/null +++ b/heat/templates/config/heat-trustee.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-trustee +type: Opaque +data: + heat-trustee.conf: | +{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_trustee_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_trustee_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_trustee_password | b64enc | indent 4 }} diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml new file mode 100755 index 00000000..ff691820 --- /dev/null +++ b/heat/templates/deployment/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment/api/api.yaml new file mode 100755 index 00000000..45176905 --- /dev/null +++ b/heat/templates/deployment/api/api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: heat-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-api + mountPath: /etc/heat/conf/heat-api.conf + subPath: heat-api.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-api-sh + configMap: + name: heat-api-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-api + configMap: + name: heat-conf-api +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl new file mode 100755 index 00000000..d4cc6486 --- /dev/null +++ b/heat/templates/deployment/api/bin/_api.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl new file mode 100644 index 00000000..30dcfad5 --- /dev/null +++ b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml new file mode 100644 index 00000000..71efedd8 --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cfn-sh +data: + start.sh: |+ +{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment/cfn/cfn.yaml new file mode 100644 index 00000000..4063084e --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cfn +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cfn + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cfn + image: {{ .Values.images.cfn }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cfn.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cfn.port }} + volumeMounts: + - name: heat-cfn-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cfn + mountPath: /etc/heat/conf/heat-cfn.conf + subPath: heat-cfn.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cfn-sh + configMap: + name: heat-cfn-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cfn + configMap: + name: heat-conf-cfn +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl new file mode 100644 index 00000000..4703d33e --- /dev/null +++ b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml new file mode 100644 index 00000000..6127e95b --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cloudwatch-sh +data: + start.sh: |+ +{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.yaml new file mode 100644 index 00000000..396633e1 --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cloudwatch +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cloudwatch + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cloudwatch + image: {{ .Values.images.cloudwatch }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cloudwatch.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cloudwatch.port }} + volumeMounts: + - name: heat-cloudwatch-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cloudwatch + mountPath: /etc/heat/conf/heat-cloudwatch.conf + subPath: heat-cloudwatch.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cloudwatch-sh + configMap: + name: heat-cloudwatch-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cloudwatch + configMap: + name: heat-conf-cloudwatch +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 00000000..2c4cc09e --- /dev/null +++ b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 00000000..9f8b2262 --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/jobs/db/init/db-init.yaml new file mode 100644 index 00000000..a7d15d76 --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: heat-db-init-sh diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..4532bdfe --- /dev/null +++ b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 00000000..59aaa8d2 --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 00000000..b42da032 --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-heat + mountPath: /etc/heat + - name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true + - name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: heat-db-sync-sh + - name: pod-etc-heat + emptyDir: {} + - name: heat-conf-db + secret: + secretName: heat-conf-db + - name: heat-conf-log + configMap: + name: heat-conf-log diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100755 index 00000000..3f802d23 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SVC_ENDPOINT} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100755 index 00000000..04ed8957 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100755 index 00000000..84f66171 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-endpoints-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-cfn-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 00000000..4777d08c --- /dev/null +++ b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 00000000..4c30bee6 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 00000000..8a03bf26 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-service-orchestration +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat" + - name: OS_SERVICE_TYPE + value: "orchestration" + - name: heat-ks-service-cloudformation +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat-cfn" + - name: OS_SERVICE_TYPE + value: "cloudformation" + volumes: + - name: ks-service-sh + configMap: + name: heat-ks-service-sh diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl new file mode 100644 index 00000000..4b4f9402 --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl @@ -0,0 +1,55 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage domain +SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + "${SERVICE_OS_DOMAIN_NAME}") + +# Display domain +openstack domain show "${SERVICE_OS_DOMAIN_ID}" + +# Manage user +SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}") + +# Display user +openstack user show "${SERVICE_OS_USERID}" + +# Manage role +SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" || openstack role create -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" ) + +# Manage user role assignment +openstack role add \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE_ID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 00000000..fdc7358b --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 00000000..d9e6730b --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 00000000..f243474e --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,167 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_user_role | quote }} + - name: heat-ks-trustee-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_trustee_user_role | quote }} + - name: heat-ks-domain-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-domain-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-domain-user.sh + subPath: ks-domain-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_REGION_NAME + - name: SERVICE_OS_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_stack_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: heat-ks-user-sh diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml new file mode 100644 index 00000000..482a116b --- /dev/null +++ b/heat/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: heat-api diff --git a/heat/templates/service-cfn.yaml b/heat/templates/service-cfn.yaml new file mode 100644 index 00000000..799e57d1 --- /dev/null +++ b/heat/templates/service-cfn.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cfn.name }} +spec: + ports: + - port: {{ .Values.service.cfn.port }} + selector: + app: heat-cfn diff --git a/heat/templates/service-cloudwatch.yaml b/heat/templates/service-cloudwatch.yaml new file mode 100644 index 00000000..071f2c92 --- /dev/null +++ b/heat/templates/service-cloudwatch.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cloudwatch.name }} +spec: + ports: + - port: {{ .Values.service.cloudwatch.port }} + selector: + app: heat-cloudwatch diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl new file mode 100644 index 00000000..dabae086 --- /dev/null +++ b/heat/templates/statefulset/engine/bin/_engine.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml new file mode 100644 index 00000000..534d6ef8 --- /dev/null +++ b/heat/templates/statefulset/engine/engine.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-engine-sh +data: + start.sh: |+ +{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset/engine/engine.yaml new file mode 100644 index 00000000..5e251523 --- /dev/null +++ b/heat/templates/statefulset/engine/engine.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: heat-engine +spec: + serviceName: heat-engine + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-engine + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-engine + image: {{ .Values.images.engine }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + volumeMounts: + - name: heat-engine-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-conf-engine + mountPath: /etc/heat/conf/heat-engine.conf + subPath: heat-engine.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-engine-sh + configMap: + name: heat-engine-sh + - name: heat-conf-engine + configMap: + name: heat-conf-engine +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/values.yaml b/heat/values.yaml new file mode 100644 index 00000000..cba2b59e --- /dev/null +++ b/heat/values.yaml @@ -0,0 +1,155 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cfn: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cloudwatch: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + heat_user: "heat" + heat_user_domain: "default" + heat_user_role: "admin" + heat_password: "password" + heat_project_name: "service" + heat_project_domain: "default" + heat_region_name: "RegionOne" + + heat_trustee_user: "heat-trust" + heat_trustee_user_domain: "default" + heat_trustee_user_role: "admin" + heat_trustee_password: "password" + heat_trustee_project_name: "service" + heat_trustee_project_domain: "default" + heat_trustee_region_name: "RegionOne" + + heat_stack_user: "heat-domain" + heat_stack_domain: "heat" + heat_stack_user_role: "admin" + heat_stack_password: "password" + heat_stack_region_name: "RegionOne" + +service: + api: + name: "heat-api" + port: 8004 + proto: "http" + cfn: + name: "heat-cfn" + port: 8000 + proto: "http" + cloudwatch: + name: "heat-cloudwatch" + port: 8003 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + heat_database_name: heat + heat_password: password + heat_user: heat + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + +memcached: + host: memcached + port: 11211 + +resources: + api: + workers: 8 + cfn: + workers: 8 + cloudwatch: + workers: 8 + engine: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - heat-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - heat-ks-service + service: + - keystone-api + api: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cfn: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cloudwatch: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + engine: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb From c93eea00ae9fb6d674b3e9606d72668debae6492 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Tue, 3 Jan 2017 18:41:00 -0600 Subject: [PATCH 02/54] minikube.md proofreading Made a few grammatical tweaks to minikube.md. --- docs/developer/minikube.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 6e121665..5d8c93c4 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -1,9 +1,9 @@ # Development of Openstack-Helm -Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcomed to contribute to this project. Below are some instructions and suggestions to help you get started. +Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcome to contribute to this project. Below are some instructions and suggestions to help you get started. # Requirements -We've tried to minimize the amount of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm. +We've tried to minimize the number of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm. **Kubernetes Minikube:** Ensure that you have installed a recent version of [Kubernetes/Minikube](http://kubernetes.io/docs/getting-started-guides/minikube/). @@ -75,7 +75,7 @@ kube-system tiller-deploy-3299276078-n98ct 1/1 Running 0 With Helm installed, you will need to start a local [Helm server](https://github.com/kubernetes/helm/blob/7a15ad381eae794a36494084972e350306e498fd/docs/helm/helm_serve.md#helm-serve) (in the background), and point to a locally configured Helm [repository](https://github.com/kubernetes/helm/blob/7a15ad381eae794a36494084972e350306e498fd/docs/helm/helm_repo_index.md#helm-repo-index): ``` -$ helm serve . & +$ helm serve & $ helm repo add local http://localhost:8879/charts "local" has been added to your repositories ``` @@ -107,13 +107,13 @@ Perfect! You’re ready to install, develop, deploy, destroy, and repeat (when n # Installation and Testing -After following the instructions above you're environment is in a state where you can enhance the current charts, or develop new charts for the project. If you need to make changes to a chart, simply re-run `make` against the project in the top-tier directory. The charts will be updated and automatically re-pushed to your local repository. +After following the instructions above your environment is in a state where you can enhance the current charts, or develop new charts for the project. If you need to make changes to a chart, simply re-run `make` against the project in the top-tier directory. The charts will be updated and automatically re-pushed to your local repository. Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: @@ -167,7 +167,7 @@ $ helm install --name=neutron local/neutron --namespace=openstack # Horizon Management -After each of the chart is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. +After each of the charts is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. ``` $ sudo kubectl edit svc horizon -n openstack @@ -201,7 +201,7 @@ status: ``` **Accessing Horizon:**
-*Now you're ready to manage Openstack! Point your browser to the following:*
+*Now you're ready to manage OpenStack! Point your browser to the following:*
***URL:*** *http://192.168.99.100:31537/*
***User:*** *admin*
***Pass:*** *password*
@@ -210,7 +210,7 @@ If you have any questions, comments, or find any bugs, please submit an issue so # Troubleshooting -In order to protect your general sanity, we've included a currated list of verification and troubleshooting steps that may help you avoid some potential issues while developing Openstack-Helm. +In order to protect your general sanity, we've included a curated list of verification and troubleshooting steps that may help you avoid some potential issues while developing Openstack-Helm. **MariaDB**
To verify the state of MariaDB, use the following command: From 8afa729ffba9378b76e63dfc282f16ecf1d9baa9 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Wed, 4 Jan 2017 13:19:04 -0800 Subject: [PATCH 03/54] OpenStack Nova Helm Chart Initial Commit This is an initial commit of a functional nova chart. It has been tested with the neutron chart using a flat network configuration. --- Makefile | 8 +- nova/Chart.yaml | 3 + nova/requirements.yaml | 4 + nova/templates/bin/_db-sync.sh.tpl | 6 + nova/templates/bin/_init.sh.tpl | 36 ++++ nova/templates/bin/_libvirt.sh.tpl | 35 ++++ nova/templates/bin/_post.sh.tpl | 57 ++++++ nova/templates/bin/_start.sh.tpl | 12 ++ nova/templates/configmap-bin.yaml | 15 ++ nova/templates/configmap-etc.yaml | 13 ++ nova/templates/daemonset-compute.yaml | 138 +++++++++++++ nova/templates/daemonset-libvirt.yaml | 132 +++++++++++++ nova/templates/deployment-api.yaml | 70 +++++++ nova/templates/deployment-conductor.yaml | 61 ++++++ nova/templates/deployment-consoleauth.yaml | 61 ++++++ nova/templates/deployment-scheduler.yaml | 61 ++++++ nova/templates/etc/_ceph.conf.tpl | 18 ++ nova/templates/etc/_libvirtd.conf.tpl | 6 + nova/templates/etc/_nova.conf.tpl | 108 +++++++++++ nova/templates/etc/_resolv.conf.tpl | 5 + nova/templates/job-db-sync.yaml | 56 ++++++ nova/templates/job-init.yaml | 50 +++++ nova/templates/job-post.yaml | 59 ++++++ nova/templates/service-api.yaml | 12 ++ nova/values.yaml | 213 +++++++++++++++++++++ 25 files changed, 1236 insertions(+), 3 deletions(-) create mode 100644 nova/Chart.yaml create mode 100644 nova/requirements.yaml create mode 100644 nova/templates/bin/_db-sync.sh.tpl create mode 100644 nova/templates/bin/_init.sh.tpl create mode 100644 nova/templates/bin/_libvirt.sh.tpl create mode 100644 nova/templates/bin/_post.sh.tpl create mode 100644 nova/templates/bin/_start.sh.tpl create mode 100644 nova/templates/configmap-bin.yaml create mode 100644 nova/templates/configmap-etc.yaml create mode 100644 nova/templates/daemonset-compute.yaml create mode 100644 nova/templates/daemonset-libvirt.yaml create mode 100644 nova/templates/deployment-api.yaml create mode 100644 nova/templates/deployment-conductor.yaml create mode 100644 nova/templates/deployment-consoleauth.yaml create mode 100644 nova/templates/deployment-scheduler.yaml create mode 100644 nova/templates/etc/_ceph.conf.tpl create mode 100644 nova/templates/etc/_libvirtd.conf.tpl create mode 100644 nova/templates/etc/_nova.conf.tpl create mode 100644 nova/templates/etc/_resolv.conf.tpl create mode 100644 nova/templates/job-db-sync.yaml create mode 100644 nova/templates/job-init.yaml create mode 100644 nova/templates/job-post.yaml create mode 100644 nova/templates/service-api.yaml create mode 100644 nova/values.yaml diff --git a/Makefile b/Makefile index 5c7e2a1e..4ae089a7 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron nova maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron maas openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron nova maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron nova maas openstack common: build-common @@ -27,6 +27,8 @@ glance: build-glance neutron: build-neutron +nova: build-nova + maas: build-maas memcached: build-memcached diff --git a/nova/Chart.yaml b/nova/Chart.yaml new file mode 100644 index 00000000..85f08c32 --- /dev/null +++ b/nova/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for nova +name: nova +version: 0.1.0 diff --git a/nova/requirements.yaml b/nova/requirements.yaml new file mode 100644 index 00000000..2350b1fa --- /dev/null +++ b/nova/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nova/templates/bin/_db-sync.sh.tpl b/nova/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..b447fad1 --- /dev/null +++ b/nova/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex + +nova-manage db sync +nova-manage api_db sync +nova-manage db online_data_migrations diff --git a/nova/templates/bin/_init.sh.tpl b/nova/templates/bin/_init.sh.tpl new file mode 100644 index 00000000..b175ca7d --- /dev/null +++ b/nova/templates/bin/_init.sh.tpl @@ -0,0 +1,36 @@ +#!/bin/bash + +echo "Hello World" + +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_database_name }}.*:ALL' append_privs='yes'" + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_api_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.nova_user }}' \ +password='{{ .Values.database.nova_password }}' \ +host='%' \ +priv='{{ .Values.database.nova_api_database_name }}.*:ALL' append_privs='yes'" diff --git a/nova/templates/bin/_libvirt.sh.tpl b/nova/templates/bin/_libvirt.sh.tpl new file mode 100644 index 00000000..33fc015e --- /dev/null +++ b/nova/templates/bin/_libvirt.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex + +if [[ -f /var/run/libvirtd.pid ]]; then + test -d /proc/$(< /var/run/libvirtd.pid) && \ + ( echo "Libvirtd daemon is running" && exit 10 ) +fi + +rm -f /var/run/libvirtd.pid + +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:kvm /dev/kvm +fi + + +sleep 30 + +{{- if .Values.ceph.enabled }} +cat > /tmp/secret.xml < + {{ .Values.ceph.secret_uuid }} + + client.{{ .Values.ceph.cinder_user }} secret + + +EOF + +virsh secret-define --file /tmp/secret.xml +virsh secret-set-value --secret {{ .Values.ceph.secret_uuid }} --base64 {{ .Values.ceph.cinder_keyring }} +rm /tmp/secret.xml +{{- end }} + + +exec libvirtd -v --listen diff --git a/nova/templates/bin/_post.sh.tpl b/nova/templates/bin/_post.sh.tpl new file mode 100644 index 00000000..67925680 --- /dev/null +++ b/nova/templates/bin/_post.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ +service_type=compute \ +description='Openstack Compute' \ +endpoint_region={{ .Values.keystone.nova_region_name }} \ +url='{{ include "endpoint_nova_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.nova_user }} \ +password={{ .Values.keystone.nova_password }} \ +role=admin \ +region_name={{ .Values.keystone.nova_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_nova_auth':{{ include "keystone_auth" .}}}" + +cat </tmp/openrc +export OS_USERNAME={{.Values.keystone.admin_user}} +export OS_PASSWORD={{.Values.keystone.admin_password}} +export OS_PROJECT_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_USER_DOMAIN_NAME={{.Values.keystone.domain_name}} +export OS_PROJECT_NAME={{.Values.keystone.admin_project_name}} +export OS_AUTH_URL={{include "endpoint_keystone_internal" .}} +export OS_AUTH_STRATEGY=keystone +export OS_REGION_NAME={{.Values.keystone.admin_region_name}} +export OS_INSECURE=1 +EOF + +. /tmp/openrc +env +openstack --debug role create _member_ --or-show diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl new file mode 100644 index 00000000..7c802358 --- /dev/null +++ b/nova/templates/bin/_start.sh.tpl @@ -0,0 +1,12 @@ +#!/bin/bash +set -ex + +# link our keystone wsgi to apaches running config +ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf + +# Loading Apache2 ENV variables +source /etc/apache2/envvars +rm -rf /var/run/apache2/* +APACHE_DIR="apache2" + +apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml new file mode 100644 index 00000000..6c7d10ce --- /dev/null +++ b/nova/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-bin +data: + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} + libvirt.sh: | +{{ tuple "bin/_libvirt.sh.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml new file mode 100644 index 00000000..f96fbcef --- /dev/null +++ b/nova/templates/configmap-etc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-etc +data: + nova.conf: |+ +{{ tuple "etc/_nova.conf.tpl" . | include "template" | indent 4 }} + ceph.client.cinder.keyring.yaml: |+ +{{ tuple "etc/_ceph.client.cinder.keyring.yaml.tpl" . | include "template" | indent 4 }} + resolv.conf: |+ +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + libvirtd.conf: |+ +{{ tuple "etc/_libvirtd.conf.tpl" . | include "template" | indent 4 }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml new file mode 100644 index 00000000..53f4c6ce --- /dev/null +++ b/nova/templates/daemonset-compute.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-compute +spec: + template: + metadata: + labels: + app: nova-compute + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" + }, + { + "name": "DEPENDENCY_DAEMONSET", + "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + hostPID: true + dnsPolicy: ClusterFirst + containers: + - name: nova-compute + image: {{ .Values.image.compute }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - nova-compute + - --config-file + - /etc/nova/nova.conf + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml new file mode 100644 index 00000000..31d442e1 --- /dev/null +++ b/nova/templates/daemonset-libvirt.yaml @@ -0,0 +1,132 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nova-libvirt +spec: + template: + metadata: + labels: + app: nova-libvirt + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: true + dnsPolicy: ClusterFirst + containers: + - name: nova-libvirt + image: {{ .Values.image.libvirt }} + imagePullPolicy: Always + securityContext: + privileged: true + command: + - bash + - /tmp/libvirt.sh + volumeMounts: + - name: libvirtdconf + mountPath: /etc/libvirt/libvirtd.conf + subPath: libvirtd.conf + - name: libvirtsh + mountPath: /tmp/libvirt.sh + subPath: libvirt.sh + - mountPath: /lib/modules + name: libmodules + readOnly: true + - mountPath: /var/lib/nova + name: varlibnova + - mountPath: /var/lib/libvirt + name: varliblibvirt + - mountPath: /run + name: run + - mountPath: /sys/fs/cgroup + name: cgroup + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + {{- if .Values.ceph.enabled }} + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + {{- end }} + volumes: + - name: libvirtdconf + configMap: + name: nova-etc + items: + - key: libvirtd.conf + path: libvirtd.conf + - name: libvirtsh + configMap: + name: nova-bin + items: + - key: libvirt.sh + path: libvirt.sh + - name: resolvconf + configMap: + name: nova-etc + items: + - key: resolv.conf + path: resolv.conf + - name: libmodules + hostPath: + path: /lib/modules + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + {{- if .Values.ceph.enabled }} + - name: cephconf + configMap: + name: nova-etc + items: + - key: ceph.conf + path: ceph.conf + - name: cephclientcinderkeyring + configMap: + name: nova-etc + items: + - key: ceph.client.cinder.keyring.yaml + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api.yaml new file mode 100644 index 00000000..4ce90155 --- /dev/null +++ b/nova/templates/deployment-api.yaml @@ -0,0 +1,70 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-api +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-api + image: {{ .Values.image.api }} + # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 + securityContext: + privileged: true + command: + - nova-api + - --config-file + - /etc/nova/nova.conf + ports: + - containerPort: {{ .Values.network.port.api }} + - containerPort: {{ .Values.network.port.metadata }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.api }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml new file mode 100644 index 00000000..5ff52393 --- /dev/null +++ b/nova/templates/deployment-conductor.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-conductor +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-conductor + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-conductor + image: {{ .Values.image.conductor }} + command: + - nova-conductor + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml new file mode 100644 index 00000000..52596ae6 --- /dev/null +++ b/nova/templates/deployment-consoleauth.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-consoleauth +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-consoleauth + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-consoleauth + image: {{ .Values.image.consoleauth }} + command: + - nova-consoleauth + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml new file mode 100644 index 00000000..6188cd7b --- /dev/null +++ b/nova/templates/deployment-scheduler.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-scheduler +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-scheduler + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-scheduler + image: {{ .Values.image.scheduler }} + command: + - nova-scheduler + - --config-file + - /etc/nova/nova.conf + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf diff --git a/nova/templates/etc/_ceph.conf.tpl b/nova/templates/etc/_ceph.conf.tpl new file mode 100644 index 00000000..d41b65bd --- /dev/null +++ b/nova/templates/etc/_ceph.conf.tpl @@ -0,0 +1,18 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.enabled }} +[mon] +{{- if .Values.ceph.monitors }} +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/nova/templates/etc/_libvirtd.conf.tpl b/nova/templates/etc/_libvirtd.conf.tpl new file mode 100644 index 00000000..d7d0c36e --- /dev/null +++ b/nova/templates/etc/_libvirtd.conf.tpl @@ -0,0 +1,6 @@ +listen_tcp = 1 +auth_tcp = "none" +ca_file = "" +log_level = 2 +log_outputs = "2:stderr" +listen_addr = "{{ .Values.network.ip_address }}" \ No newline at end of file diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl new file mode 100644 index 00000000..e3a46eef --- /dev/null +++ b/nova/templates/etc/_nova.conf.tpl @@ -0,0 +1,108 @@ +[DEFAULT] +debug = {{ .Values.nova.default.debug }} +default_ephemeral_format = ext4 +host_subset_size = 30 +ram_allocation_ratio=1.0 +disk_allocation_ratio=1.0 +cpu_allocation_ratio=3.0 +force_config_drive = {{ .Values.nova.default.force_config_drive }} +state_path = /var/lib/nova + +osapi_compute_listen = {{ .Values.network.ip_address }} +osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} + +workers = {{ .Values.nova.default.osapi_workers }} +metadata_workers = {{ .Values.nova.default.metadata_workers }} + +use_neutron = True +firewall_driver = nova.virt.firewall.NoopFirewallDriver +linuxnet_interface_driver = openvswitch + +allow_resize_to_same_host = True + +compute_driver = libvirt.LibvirtDriver + +# Though my_ip is not used directly, lots of other variables use $my_ip +my_ip = {{ .Values.network.ip_address }} + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[vnc] +novncproxy_host = {{ .Values.network.ip_address }} +novncproxy_port = {{ .Values.network.port.novncproxy }} +vncserver_listen = 0.0.0.0 +vncserver_proxyclient_address = {{ .Values.network.ip_address }} + +novncproxy_base_url = http://{{ .Values.network.external_ips }}:{{ .Values.network.port.novncproxy }}/vnc_auto.html + +[oslo_concurrency] +lock_path = /var/lib/nova/tmp + +[conductor] +workers = {{ .Values.nova.default.conductor_workers }} + +[glance] +api_servers = {{ include "endpoint_glance_api_internal" . }} +num_retries = 3 + +[cinder] +catalog_info = volume:cinder:internalURL + +[neutron] +url = {{ include "endpoint_neutron_api_internal" . }} + +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} +service_metadata_proxy = True + +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_name = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_database_name }} +max_retries = -1 + +[api_database] +connection = mysql+pymysql://{{ .Values.database.nova_user }}:{{ .Values.database.nova_password }}@{{ .Values.database.address }}/{{ .Values.database.nova_api_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[libvirt] +connection_uri = "qemu+tcp://127.0.0.1/system" +images_type = qcow2 +# Enabling live-migration without hostname resolution +# live_migration_inbound_addr = {{ .Values.network.ip_address }} + +{{- if .Values.ceph.enabled }} +images_rbd_pool = {{ .Values.ceph.nova_pool }} +images_rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_user = {{ .Values.ceph.cinder_user }} +rbd_secret_uuid = {{ .Values.ceph.secret_uuid }} +{{- end }} +disk_cachemodes="network=writeback" +hw_disk_discard = unmap + +[upgrade_levels] +compute = auto + +[cache] +enabled = True +backend = oslo_cache.memcache_pool +memcache_servers = {{ .Values.memcached.address }} + +[wsgi] +api_paste_config = /etc/nova/api-paste.ini diff --git a/nova/templates/etc/_resolv.conf.tpl b/nova/templates/etc/_resolv.conf.tpl new file mode 100644 index 00000000..7c1e9d83 --- /dev/null +++ b/nova/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml new file mode 100644 index 00000000..0e5c2102 --- /dev/null +++ b/nova/templates/job-db-sync.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-db-sync + image: {{ .Values.image.db_sync }} + imagePullPolicy: Always + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml new file mode 100644 index 00000000..16a2201a --- /dev/null +++ b/nova/templates/job-init.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-init + image: {{ .Values.image.init }} + imagePullPolicy: Always + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: nova-bin + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml new file mode 100644 index 00000000..48b0f3e5 --- /dev/null +++ b/nova/templates/job-post.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-post +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: nova-post + image: {{ .Values.image.post }} + imagePullPolicy: Always + command: + - bash + - /tmp/post.sh + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + - name: nova-bin + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + - name: nova-bin + configMap: + name: nova-bin diff --git a/nova/templates/service-api.yaml b/nova/templates/service-api.yaml new file mode 100644 index 00000000..6aa4144d --- /dev/null +++ b/nova/templates/service-api.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nova-api +spec: + ports: + - name: nova-api + port: {{ .Values.network.port.api }} + - name: nova-metadata + port: {{ .Values.network.port.metadata }} + selector: + app: nova-api diff --git a/nova/values.yaml b/nova/values.yaml new file mode 100644 index 00000000..2530bc1c --- /dev/null +++ b/nova/values.yaml @@ -0,0 +1,213 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + control_node_selector_key: openstack-control-plane + control_node_selector_value: enabled + compute_node_selector_key: openstack-compute-node + compute_node_selector_value: enabled + +control_replicas: 1 +compute_replicas: 1 + +image: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona + api: quay.io/stackanetes/stackanetes-nova-api:barcelona + conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona + compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +network: + ip_address: "0.0.0.0" + # TODO(DTadrzak): move external IPs to common, this variable should be shared with + # horizon service + external_ips: "" + minion_interface_name: "eno1" + dns: + servers: + - "10.96.0.10" + - "8.8.8.8" + kubernetes_domain: "cluster.local" + other_domains: "" + + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + +nova: + default: + debug: false + osapi_workers: 8 + metadata_workers: 8 + conductor_workers: 8 + force_config_drive: True + drain_timeout: 60 + +database: + address: "mariadb" + port: 3306 + root_user: "root" + root_password: "password" + + nova_user: "nova" + nova_password: "password" + nova_database_name: "nova" + nova_api_database_name: "nova_api" + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +rabbitmq: + address: "rabbitmq" + admin_user: "rabbitmq" + admin_password: "password" + port: 5672 + +ceph: + enabled: false + monitors: [] + cinder_user: "cinder" + cinder_keyring: null + nova_pool: "vms" + secret_uuid: "" + +neutron: + metadata_secret: "password" + +memcached: + address: "memcached:11211" + +dependencies: + api: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + post: + jobs: + - nova-init + - keystone-init + - mariadb-seed + service: + - mariadb + - nova-api + init: + jobs: + - mariadb-seed + service: + - mariadb + compute: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + daemonset: + - nova-libvirt + libvirt: + jobs: + - nova-init + - nova-post + - nova-db-sync + service: + - keystone-api + - nova-api + consoleauth: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + scheduler: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + conductor: + jobs: + - mariadb-seed + - keystone-db-sync + - nova-init + - nova-db-sync + service: + - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 From 76086e2f2f72caf1ae51bc935df4abc1882d6661 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 5 Jan 2017 13:27:39 -0800 Subject: [PATCH 04/54] Resolve feedback from PR#60 This commit addresses: * Separating out stacked ovs daemonset into separate daemonsets. * Fixes line ending issues. * Enhances agents ovs pre-flight checks by using neutron-sanity-check. --- .../bin/_neutron-openvswitch-agent.sh.tpl | 10 ++ neutron/templates/daemonset-dhcp-agent.yaml | 2 +- neutron/templates/daemonset-openvswitch.yaml | 166 ------------------ neutron/templates/daemonset-ovs-agent.yaml | 86 +++++++++ neutron/templates/daemonset-ovs-db.yaml | 61 +++++++ neutron/templates/daemonset-ovs-vswitchd.yaml | 67 +++++++ neutron/templates/deployment-server.yaml | 2 +- neutron/templates/etc/_l3-agent.ini.tpl | 2 +- neutron/templates/etc/_metadata-agent.ini.tpl | 2 +- neutron/templates/etc/_neutron.conf.tpl | 2 +- neutron/templates/etc/_resolv.conf.tpl | 2 +- neutron/values.yaml | 21 +-- 12 files changed, 239 insertions(+), 184 deletions(-) delete mode 100644 neutron/templates/daemonset-openvswitch.yaml create mode 100644 neutron/templates/daemonset-ovs-agent.yaml create mode 100644 neutron/templates/daemonset-ovs-db.yaml create mode 100644 neutron/templates/daemonset-ovs-vswitchd.yaml diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl index 5860e3b9..48e061a3 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -2,6 +2,16 @@ set -x chown neutron: /run/openvswitch/db.sock +# ensure we can talk to openvswitch or bail early +# this is until we can setup a proper dependency +# on deaemonsets - note that a show is not sufficient +# here, we need to communicate with both the db and vswitchd +# which means we need to do a create action +# +# see https://github.com/att-comdev/openstack-helm/issues/88 +timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --ovsdb_native --nokeepalived_ipv6_support + + # determine local-ip dynamically based on interface provided but only if tunnel_types is not null {{- if .Values.ml2.agent.tunnel_types }} IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index dfd4a946..d34c6d99 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -80,4 +80,4 @@ spec: name: neutron-etc - name: socket hostPath: - path: /var/lib/neutron/openstack-helm \ No newline at end of file + path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-openvswitch.yaml b/neutron/templates/daemonset-openvswitch.yaml deleted file mode 100644 index 576dd386..00000000 --- a/neutron/templates/daemonset-openvswitch.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: neutron-openvswitch -spec: - template: - metadata: - labels: - app: neutron-openvswitch - spec: - nodeSelector: - {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} - securityContext: - runAsUser: 0 - dnsPolicy: ClusterFirst - hostNetwork: true - containers: - - name: neutron-openvswitch-agent - image: {{ .Values.images.neutron_openvswitch_agent }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - # ensures this container can can see a br-int - # bridge before its marked as ready - readinessProbe: - exec: - command: - - bash - - -c - - 'ovs-vsctl list-br | grep -q br-int' - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/neutron-openvswitch-agent.sh" - - name: DEPENDENCY_JOBS - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}" - - name: DEPENDENCY_SERVICE - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}" - - name: DEPENDENCY_CONTAINER - value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}" - volumeMounts: - - name: neutronopenvswitchagentsh - mountPath: /tmp/neutron-openvswitch-agent.sh - subPath: neutron-openvswitch-agent.sh - - name: neutronconf - mountPath: /etc/neutron/neutron.conf - subPath: neutron.conf - - name: ml2confini - mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini - subPath: ml2-conf.ini - - name: libmodules - mountPath: /lib/modules - readOnly: true - - name: run - mountPath: /run - - mountPath: /etc/resolv.conf - name: resolvconf - subPath: resolv.conf - - name: openvswitch-db-server - image: {{ .Values.images.openvswitch_db_server }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/openvswitch-db-server.sh" - volumeMounts: - - name: openvswitchdbserversh - mountPath: /tmp/openvswitch-db-server.sh - subPath: openvswitch-db-server.sh - - mountPath: /etc/resolv.conf - name: resolvconf - subPath: resolv.conf - - name: varlibopenvswitch - mountPath: /var/lib/openvswitch/ - - name: run - mountPath: /run - - - name: openvswitch-vswitchd - image: {{ .Values.images.openvswitch_vswitchd }} - imagePullPolicy: {{ .Values.images.pull_policy }} - securityContext: - privileged: true - # ensures this container can speak to the ovs database - # successfully before its marked as ready - readinessProbe: - exec: - command: - - /usr/bin/ovs-vsctl - - show - env: - - name: INTERFACE_NAME - value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: COMMAND - value: "bash /tmp/openvswitch-vswitchd.sh" - - name: DEPENDENCY_CONTAINER - value: "openvswitch-db-server" - volumeMounts: - - name: openvswitchvswitchdsh - mountPath: /tmp/openvswitch-vswitchd.sh - subPath: openvswitch-vswitchd.sh - - name: openvswitchensureconfiguredsh - mountPath: /tmp/openvswitch-ensure-configured.sh - subPath: openvswitch-ensure-configured.sh - - name: libmodules - mountPath: /lib/modules - readOnly: true - - name: run - mountPath: /run - volumes: - - name: openvswitchdbserversh - configMap: - name: neutron-bin - - name: openvswitchvswitchdsh - configMap: - name: neutron-bin - - name: openvswitchensureconfiguredsh - configMap: - name: neutron-bin - - name: varlibopenvswitch - emptyDir: {} - - name: neutronopenvswitchagentsh - configMap: - name: neutron-bin - - name: neutronconf - configMap: - name: neutron-etc - - name: ml2confini - configMap: - name: neutron-etc - - name: resolvconf - configMap: - name: neutron-etc - - name: libmodules - hostPath: - path: /lib/modules - - name: run - hostPath: - path: /run \ No newline at end of file diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml new file mode 100644 index 00000000..9cea0896 --- /dev/null +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -0,0 +1,86 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-agent +spec: + template: + metadata: + labels: + app: ovs-agent + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-agent + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: + exec: + command: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/neutron-openvswitch-agent.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.service }}" + volumeMounts: + - name: neutronopenvswitchagentsh + mountPath: /tmp/neutron-openvswitch-agent.sh + subPath: neutron-openvswitch-agent.sh + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + volumes: + - name: varlibopenvswitch + emptyDir: {} + - name: neutronopenvswitchagentsh + configMap: + name: neutron-bin + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml new file mode 100644 index 00000000..c22ab52c --- /dev/null +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -0,0 +1,61 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-db +spec: + template: + metadata: + labels: + app: ovs-db + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-db + image: {{ .Values.images.openvswitch_db_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-db-server.sh" + volumeMounts: + - name: openvswitchdbserversh + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: varlibopenvswitch + mountPath: /var/lib/openvswitch/ + - name: run + mountPath: /run + volumes: + - name: openvswitchdbserversh + configMap: + name: neutron-bin + - name: varlibopenvswitch + emptyDir: {} + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run \ No newline at end of file diff --git a/neutron/templates/daemonset-ovs-vswitchd.yaml b/neutron/templates/daemonset-ovs-vswitchd.yaml new file mode 100644 index 00000000..9db15ac4 --- /dev/null +++ b/neutron/templates/daemonset-ovs-vswitchd.yaml @@ -0,0 +1,67 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ovs-vswitchd +spec: + template: + metadata: + labels: + app: ovs-vswitchd + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: ovs-vswitchd + image: {{ .Values.images.openvswitch_vswitchd }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can speak to the ovs database + # successfully before its marked as ready + readinessProbe: + exec: + command: + - /usr/bin/ovs-vsctl + - show + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-vswitchd.sh" + volumeMounts: + - name: openvswitchvswitchdsh + mountPath: /tmp/openvswitch-vswitchd.sh + subPath: openvswitch-vswitchd.sh + - name: openvswitchensureconfiguredsh + mountPath: /tmp/openvswitch-ensure-configured.sh + subPath: openvswitch-ensure-configured.sh + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + volumes: + - name: openvswitchvswitchdsh + configMap: + name: neutron-bin + - name: openvswitchensureconfiguredsh + configMap: + name: neutron-bin + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 6dcef741..21004eb3 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -50,4 +50,4 @@ spec: name: neutron-etc - name: ml2confini configMap: - name: neutron-etc \ No newline at end of file + name: neutron-etc diff --git a/neutron/templates/etc/_l3-agent.ini.tpl b/neutron/templates/etc/_l3-agent.ini.tpl index 38b17395..3760b3e6 100644 --- a/neutron/templates/etc/_l3-agent.ini.tpl +++ b/neutron/templates/etc/_l3-agent.ini.tpl @@ -1,4 +1,4 @@ [DEFAULT] agent_mode = legacy enable_metadata_proxy = True -enable_isolated_metadata = True \ No newline at end of file +enable_isolated_metadata = True diff --git a/neutron/templates/etc/_metadata-agent.ini.tpl b/neutron/templates/etc/_metadata-agent.ini.tpl index c0239e97..f6cd65e6 100644 --- a/neutron/templates/etc/_metadata-agent.ini.tpl +++ b/neutron/templates/etc/_metadata-agent.ini.tpl @@ -28,4 +28,4 @@ metadata_port = {{ .Values.network.port.metadata }} metadata_workers = {{ .Values.metadata.workers }} # Caching -cache_url = memory://?default_ttl=5 \ No newline at end of file +cache_url = memory://?default_ttl=5 diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl index 859dd817..60849d21 100644 --- a/neutron/templates/etc/_neutron.conf.tpl +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -68,4 +68,4 @@ username = {{ .Values.keystone.neutron_user }} password = {{ .Values.keystone.neutron_password }} [oslo_messaging_notifications] -driver = noop \ No newline at end of file +driver = noop diff --git a/neutron/templates/etc/_resolv.conf.tpl b/neutron/templates/etc/_resolv.conf.tpl index 68dc6967..7c1e9d83 100644 --- a/neutron/templates/etc/_resolv.conf.tpl +++ b/neutron/templates/etc/_resolv.conf.tpl @@ -2,4 +2,4 @@ search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} {{- range .Values.network.dns.servers }} nameserver {{ . | title }} {{- end }} -options ndots:5 \ No newline at end of file +options ndots:5 diff --git a/neutron/values.yaml b/neutron/values.yaml index 3c6268f4..298417a3 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -7,16 +7,16 @@ replicas: server: 1 images: - init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona - db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona - server: quay.io/stackanetes/stackanetes-neutron-server:barcelona - dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona - metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona - l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona - neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona + init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton + server: quay.io/stackanetes/stackanetes-neutron-server:newton + dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:newton + metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:newton + l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:newton + neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:newton openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest - post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -159,7 +159,7 @@ dependencies: - nova-api daemonset: - neutron-openvswitch - openvswitchagent: + ovs_agent: jobs: - neutron-post - nova-post @@ -167,9 +167,6 @@ dependencies: - keystone-api - rabbitmq - neutron-server - container: - - openvswitch-db-server - - openvswitch-vswitchd l3: jobs: - nova-init From 4cef79295ab07bec433b2a602510508e2fdc00d6 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Fri, 6 Jan 2017 09:04:57 -0600 Subject: [PATCH 05/54] Additional tweaks per pull request review. --- docs/developer/minikube.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 5d8c93c4..dbf41a3c 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -113,7 +113,7 @@ After following the instructions above your environment is in a state where you Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself wtih `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself with `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: @@ -167,7 +167,7 @@ $ helm install --name=neutron local/neutron --namespace=openstack # Horizon Management -After each of the charts is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. +After each chart is deployed, you may wish to change the typical service endpoint for Horizon to a `nodePort` service endpoint (this is unique to Minikube deployments). Use the `kubectl edit` command to edit this service manually. ``` $ sudo kubectl edit svc horizon -n openstack From 4a6b5e42c6a1cf5fce21629c43fdd57153033b94 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Fri, 6 Jan 2017 09:14:22 -0600 Subject: [PATCH 06/54] %s/wtih/with/g :) --- docs/developer/minikube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index dbf41a3c..b005c3ff 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -113,7 +113,7 @@ After following the instructions above your environment is in a state where you Consider the following when using Minikube and development mode: * Persistent Storage used for Minikube development mode is `hostPath`. The Ceph PVC's included with this project are not intended to work with Minikube. * There is *no need* to install the `common` `ceph` or `bootstrap` charts. These charts are required for deploying Ceph PVC's. -* Familiarize yourself with `values.yaml` included wtih the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. +* Familiarize yourself with `values.yaml` included with the MariaDB chart. You will want to have the `hostPath` directory created prior to deploying MariaDB. * If Ceph development is required, you will need to follow the [getting started guide](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md) rather than this development mode documentation. To deploy Openstack-Helm in development mode, ensure you've created a minikube-approved `hostPath` volume. Minikube is very specific about what is expected for `hostPath` volumes. The following volumes are acceptable for minikube deployments: From f2d9a39bc4d97a71a4aa79f59e84d259039ec727 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Fri, 6 Jan 2017 10:24:00 -0800 Subject: [PATCH 07/54] Prune dependencies in values per PR#60 feedback --- neutron/values.yaml | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/neutron/values.yaml b/neutron/values.yaml index 298417a3..f37c9006 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -133,7 +133,6 @@ dependencies: server: jobs: - neutron-db-sync - - mariadb-seed service: - rabbitmq - mariadb @@ -148,17 +147,16 @@ dependencies: - neutron-init - nova-post daemonset: - - neutron-openvswitch + - ovs-agent metadata: + service: + - rabbitmq + - nova-api jobs: - neutron-init - nova-post - service: - - neutron-server - - rabbitmq - - nova-api daemonset: - - neutron-openvswitch + - ovs-agent ovs_agent: jobs: - neutron-post @@ -168,20 +166,19 @@ dependencies: - rabbitmq - neutron-server l3: - jobs: - - nova-init - - neutron-init - - nova-post service: - neutron-server - rabbitmq - nova-api + jobs: + - nova-init + - neutron-init + - nova-post daemonset: - - neutron-openvswitch + - ovs-agent db_sync: jobs: - neutron-init - - mariadb-seed service: - mariadb init: @@ -190,11 +187,10 @@ dependencies: service: - mariadb post: - jobs: - - neutron-db-sync service: - keystone-api - - neutron-server + jobs: + - neutron-db-sync # typically overriden by environmental # values, but should include all endpoints From b1e3de020bda125a4020b7d1256c10be682851ee Mon Sep 17 00:00:00 2001 From: harbor Date: Sat, 7 Jan 2017 02:41:30 +0000 Subject: [PATCH 08/54] Heat Initial Refactor --- common/templates/_endpoints.tpl | 136 +++++++++++++++++- common/templates/_funcs.tpl | 1 - .../templates/scripts}/_ks-endpoints.sh.tpl | 2 + .../templates/scripts}/_ks-service.sh.tpl | 2 + .../templates/scripts}/_ks-user.sh.tpl | 8 +- common/templates/snippets/_ks_env_openrc.tpl | 40 ++++++ .../snippets/_ks_env_user_create_openrc.tpl | 33 +++++ heat/templates/_heat_config_helpers.tpl | 90 ------------ heat/templates/_helpers.tpl | 73 ---------- heat/templates/bin/_db-init.sh.tpl | 21 +++ .../user => }/bin/_ks-domain-user.sh.tpl | 0 .../config/contents/_heat-cache.conf.tpl | 4 - .../config/contents/_heat-db.conf.tpl | 3 - .../config/contents/_heat-endpoints.conf.tpl | 4 - .../config/contents/_heat-keystone.conf.tpl | 15 -- .../config/contents/_heat-log.conf.tpl | 4 - .../config/contents/_heat-messaging.conf.tpl | 5 - .../config/contents/_heat-options.conf.tpl | 3 - .../config/contents/_heat-paste.conf.tpl | 2 - .../contents/_heat-stack-domain.conf.tpl | 4 - .../config/contents/_heat-trustee.conf.tpl | 22 --- .../contents/components/_heat-api.conf.tpl | 4 - .../contents/components/_heat-cfn.conf.tpl | 4 - .../components/_heat-cloudwatch.conf.tpl | 4 - .../contents/components/_heat-engine.conf.tpl | 2 - heat/templates/config/heat-api-paste.ini.yaml | 7 - heat/templates/config/heat-api.conf.yaml | 7 - heat/templates/config/heat-cache.conf.yaml | 7 - heat/templates/config/heat-cfn.conf.yaml | 7 - .../config/heat-cloudwatch.conf.yaml | 7 - heat/templates/config/heat-db.conf.yaml | 8 -- .../templates/config/heat-endpoints.conf.yaml | 7 - heat/templates/config/heat-engine.conf.yaml | 7 - heat/templates/config/heat-log.conf.yaml | 7 - .../templates/config/heat-messaging.conf.yaml | 8 -- heat/templates/config/heat-options.conf.yaml | 7 - heat/templates/config/heat-paste.conf.yaml | 7 - heat/templates/config/heat-policy.json.yaml | 7 - heat/templates/configmap-bin.yaml | 15 ++ heat/templates/configmap-etc.yaml | 11 ++ ...yaml => configmap-keystone-admin.env.yaml} | 0 ...=> configmap-keystone-stack-user.env.yaml} | 4 +- ...ml => configmap-keystone-trustee.env.yaml} | 4 +- ....yaml => configmap-keystone-user.env.yaml} | 4 +- .../api/api.yaml => deployment-api.yaml} | 41 +++--- .../cfn/cfn.yaml => deployment-cfn.yaml} | 41 +++--- ...dwatch.yaml => deployment-cloudwatch.yaml} | 41 +++--- heat/templates/deployment/api/api.sh.yaml | 7 - heat/templates/deployment/api/bin/_api.sh.tpl | 4 - heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 - heat/templates/deployment/cfn/cfn.sh.yaml | 7 - .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 - .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 - .../contents => etc}/_heat-api-paste.ini.tpl | 1 - .../contents => etc}/_heat-policy.json.tpl | 0 heat/templates/etc/_heat.conf.tpl | 84 +++++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 31 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ .../ks-service.yaml => job-ks-service.yaml} | 33 ++++- .../user/ks-user.yaml => job-ks-user.yaml} | 93 ++++-------- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - heat/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ------------- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/user/ks-user.sh.yaml | 9 -- .../engine.yaml => statefulset-engine.yaml} | 32 ++--- .../statefulset/engine/bin/_engine.sh.tpl | 4 - .../statefulset/engine/engine.sh.yaml | 7 - heat/values.yaml | 42 ++++++ 73 files changed, 616 insertions(+), 719 deletions(-) rename {heat/templates/jobs/keystone/endpoints/bin => common/templates/scripts}/_ks-endpoints.sh.tpl (97%) rename {heat/templates/jobs/keystone/service/bin => common/templates/scripts}/_ks-service.sh.tpl (96%) rename {heat/templates/jobs/keystone/user/bin => common/templates/scripts}/_ks-user.sh.tpl (83%) create mode 100644 common/templates/snippets/_ks_env_openrc.tpl create mode 100644 common/templates/snippets/_ks_env_user_create_openrc.tpl delete mode 100644 heat/templates/_heat_config_helpers.tpl delete mode 100644 heat/templates/_helpers.tpl create mode 100644 heat/templates/bin/_db-init.sh.tpl rename heat/templates/{jobs/keystone/user => }/bin/_ks-domain-user.sh.tpl (100%) delete mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-db.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-log.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-options.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl delete mode 100755 heat/templates/config/heat-api-paste.ini.yaml delete mode 100644 heat/templates/config/heat-api.conf.yaml delete mode 100644 heat/templates/config/heat-cache.conf.yaml delete mode 100644 heat/templates/config/heat-cfn.conf.yaml delete mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml delete mode 100644 heat/templates/config/heat-db.conf.yaml delete mode 100644 heat/templates/config/heat-endpoints.conf.yaml delete mode 100644 heat/templates/config/heat-engine.conf.yaml delete mode 100644 heat/templates/config/heat-log.conf.yaml delete mode 100644 heat/templates/config/heat-messaging.conf.yaml delete mode 100644 heat/templates/config/heat-options.conf.yaml delete mode 100644 heat/templates/config/heat-paste.conf.yaml delete mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/configmap-bin.yaml create mode 100644 heat/templates/configmap-etc.yaml rename heat/templates/{config/heat-keystone-admin.env.yaml => configmap-keystone-admin.env.yaml} (100%) rename heat/templates/{config/heat-stack-domain.conf.yaml => configmap-keystone-stack-user.env.yaml} (71%) rename heat/templates/{config/heat-trustee.conf.yaml => configmap-keystone-trustee.env.yaml} (82%) rename heat/templates/{config/heat-keystone.conf.yaml => configmap-keystone-user.env.yaml} (81%) rename heat/templates/{deployment/api/api.yaml => deployment-api.yaml} (70%) rename heat/templates/{deployment/cfn/cfn.yaml => deployment-cfn.yaml} (70%) rename heat/templates/{deployment/cloudwatch/cloudwatch.yaml => deployment-cloudwatch.yaml} (70%) delete mode 100755 heat/templates/deployment/api/api.sh.yaml delete mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl delete mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl delete mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml delete mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl delete mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml rename heat/templates/{config/contents => etc}/_heat-api-paste.ini.tpl (99%) mode change 100755 => 100644 rename heat/templates/{config/contents => etc}/_heat-policy.json.tpl (100%) create mode 100644 heat/templates/etc/_heat.conf.tpl rename heat/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename heat/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 heat/templates/job-ks-endpoints.yaml.yaml rename heat/templates/{jobs/keystone/service/ks-service.yaml => job-ks-service.yaml} (54%) rename heat/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (55%) delete mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml rename heat/templates/{statefulset/engine/engine.yaml => statefulset-engine.yaml} (71%) delete mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl delete mode 100644 heat/templates/statefulset/engine/engine.sh.yaml diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 0170b4eb..5f1be748 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -1,9 +1,139 @@ #----------------------------------------- # endpoints #----------------------------------------- -{{- define "endpoint_keystone_internal" -}} -{{- with .Values.endpoints.keystone -}} - {{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}} + +# this function returns the endpoint uri for a service, it takes an tuple +# input in ther form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointScheme := index $endpointMap "scheme" }} +{{- $endpointPath := index $endpointMap "path" }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} {{- end -}} {{- end -}} + +# this should be a generic function leveraging a tuple +# for input, e.g. { endpoint keystone internal . } +# however, constructing this appears to be a +# herculean effort in gotpl + +{{- define "endpoint_keystone_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_keystone_admin" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_metadata_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_novncproxy_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_registry_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_neutron_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.neutron -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint type lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple heat . | include "ks_endpoint_type" } +# will return "orchestration" + +{{- define "endpoint_type_lookup" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointType := index $endpointMap "type" }} +{{- $endpointType | quote -}} +{{- end -}} + + +#------------------------------- +# kolla helpers +#------------------------------- +{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index e83d171a..fe6c9a67 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -21,4 +21,3 @@ {{- $wtf := $context.Template.Name | replace $last $name -}} {{- include $wtf $context | sha256sum | quote -}} {{- end -}} - diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/common/templates/scripts/_ks-endpoints.sh.tpl similarity index 97% rename from heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl rename to common/templates/scripts/_ks-endpoints.sh.tpl index 3f802d23..1c70a499 100755 --- a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ b/common/templates/scripts/_ks-endpoints.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_endpoints" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -61,3 +62,4 @@ fi # Display the Endpoint openstack endpoint show ${OS_ENDPOINT_ID} +{{- end }} diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/common/templates/scripts/_ks-service.sh.tpl similarity index 96% rename from heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl rename to common/templates/scripts/_ks-service.sh.tpl index 4777d08c..7c6f2580 100644 --- a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ b/common/templates/scripts/_ks-service.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_service" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -33,3 +34,4 @@ if [[ -z ${OS_SERVICE_ID} ]]; then --enable \ "${OS_SERVICE_TYPE}") fi +{{- end }} diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/common/templates/scripts/_ks-user.sh.tpl similarity index 83% rename from heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl rename to common/templates/scripts/_ks-user.sh.tpl index fdc7358b..e815da30 100644 --- a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ b/common/templates/scripts/_ks-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -17,20 +18,22 @@ set -ex # Manage user project +USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="${USER_PROJECT_DESC}" \ "${SERVICE_OS_PROJECT_NAME}"); # Display project openstack project show "${USER_PROJECT_ID}" # Manage user +USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" USER_ID=$(openstack user create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --description="${USER_DESC}" \ --password="${SERVICE_OS_PASSWORD}" \ "${SERVICE_OS_USERNAME}"); @@ -54,3 +57,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE}" \ --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --user="${USER_ID}" +{{- end }} diff --git a/common/templates/snippets/_ks_env_openrc.tpl b/common/templates/snippets/_ks_env_openrc.tpl new file mode 100644 index 00000000..140ce25c --- /dev/null +++ b/common/templates/snippets/_ks_env_openrc.tpl @@ -0,0 +1,40 @@ +{{- define "env_ks_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/common/templates/snippets/_ks_env_user_create_openrc.tpl b/common/templates/snippets/_ks_env_user_create_openrc.tpl new file mode 100644 index 00000000..5ce6e580 --- /dev/null +++ b/common/templates/snippets/_ks_env_user_create_openrc.tpl @@ -0,0 +1,33 @@ +{{- define "env_ks_user_create_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl deleted file mode 100644 index eb087888..00000000 --- a/heat/templates/_heat_config_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{- define "heat_config_volume_mounts" }} -- name: pod-etc-heat - mountPath: /etc/heat -- name: pod-var-cache-heat - mountPath: /var/cache/heat -- name: heat-json-policy - mountPath: /etc/heat/policy.json - subPath: policy.json - readOnly: true -- name: heat-conf-cache - mountPath: /etc/heat/conf/heat-cache.conf - subPath: heat-cache.conf - readOnly: true -- name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true -- name: heat-conf-endpoints - mountPath: /etc/heat/conf/heat-endpoints.conf - subPath: heat-endpoints.conf - readOnly: true -- name: heat-conf-keystone - mountPath: /etc/heat/conf/heat-keystone.conf - subPath: heat-keystone.conf - readOnly: true -- name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf - readOnly: true -- name: heat-conf-messaging - mountPath: /etc/heat/conf/heat-messaging.conf - subPath: heat-messaging.conf - readOnly: true -- name: heat-conf-options - mountPath: /etc/heat/conf/heat-options.conf - subPath: heat-options.conf - readOnly: true -- name: heat-conf-paste - mountPath: /etc/heat/conf/heat-paste.conf - subPath: heat-paste.conf - readOnly: true -- name: heat-conf-stack-domain - mountPath: /etc/heat/conf/heat-stack-domain.conf - subPath: heat-stack-domain.conf - readOnly: true -- name: heat-conf-trustee - mountPath: /etc/heat/conf/heat-trustee.conf - subPath: heat-trustee.conf - readOnly: true -{{- end }} - -{{- define "heat_config_volumes" }} -- name: pod-etc-heat - emptyDir: {} -- name: pod-var-cache-heat - emptyDir: {} -- name: heat-json-policy - configMap: - name: heat-json-policy -- name: heat-conf-cache - configMap: - name: heat-conf-cache -- name: heat-conf-db - secret: - secretName: heat-conf-db -- name: heat-conf-endpoints - configMap: - name: heat-conf-endpoints -- name: heat-conf-keystone - secret: - secretName: heat-conf-keystone -- name: heat-conf-log - configMap: - name: heat-conf-log -- name: heat-conf-messaging - secret: - secretName: heat-conf-messaging -- name: heat-conf-options - configMap: - name: heat-conf-options -- name: heat-conf-paste - configMap: - name: heat-conf-paste -- name: heat-conf-stack-domain - secret: - secretName: heat-conf-stack-domain -- name: heat-conf-trustee - secret: - secretName: heat-conf-trustee -{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl deleted file mode 100644 index 745e6195..00000000 --- a/heat/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl new file mode 100644 index 00000000..ba1c302c --- /dev/null +++ b/heat/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_user }}' \ + password='{{ .Values.database.heat_password }}' \ + host='%' \ + priv='{{ .Values.database.heat_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/bin/_ks-domain-user.sh.tpl similarity index 100% rename from heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl rename to heat/templates/bin/_ks-domain-user.sh.tpl diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl deleted file mode 100644 index a6fd1728..00000000 --- a/heat/templates/config/contents/_heat-cache.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[cache] -enabled = "True" -backend = oslo_cache.memcache_pool -memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl deleted file mode 100644 index 0213e750..00000000 --- a/heat/templates/config/contents/_heat-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} -max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl deleted file mode 100644 index f9fc3fd0..00000000 --- a/heat/templates/config/contents/_heat-endpoints.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} -heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition -heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl deleted file mode 100644 index 99498157..00000000 --- a/heat/templates/config/contents/_heat-keystone.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -[keystone_authtoken] -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_region_name }} -project_domain_name = {{ .Values.keystone.heat_project_domain }} -project_name = {{ .Values.keystone.heat_project_name }} -user_domain_name = {{ .Values.keystone.heat_user_domain }} -username = {{ .Values.keystone.heat_user }} -password = {{ .Values.keystone.heat_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl deleted file mode 100644 index a0ec3d1f..00000000 --- a/heat/templates/config/contents/_heat-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl deleted file mode 100644 index 819bd099..00000000 --- a/heat/templates/config/contents/_heat-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl deleted file mode 100644 index 1f764f79..00000000 --- a/heat/templates/config/contents/_heat-options.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -enable_stack_adopt = "True" -enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl deleted file mode 100644 index 5d6dcd64..00000000 --- a/heat/templates/config/contents/_heat-paste.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[paste_deploy] -config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl deleted file mode 100644 index 75afba08..00000000 --- a/heat/templates/config/contents/_heat-stack-domain.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} -stack_domain_admin = {{ .Values.keystone.heat_stack_user }} -stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl deleted file mode 100644 index 41776515..00000000 --- a/heat/templates/config/contents/_heat-trustee.conf.tpl +++ /dev/null @@ -1,22 +0,0 @@ -[DEFAULT] -trusts_delegated_roles = "Member" -deferred_auth_method = "trusts" - -[trustee] -auth_type = "password" -auth_section = "trustee_keystone" - -[trustee_keystone] - -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_trustee_region_name }} -user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} -username = {{ .Values.keystone.heat_trustee_user }} -password = {{ .Values.keystone.heat_trustee_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl deleted file mode 100644 index 68287888..00000000 --- a/heat/templates/config/contents/components/_heat-api.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api] -bind_port = {{ .Values.service.api.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl deleted file mode 100644 index d6c42a17..00000000 --- a/heat/templates/config/contents/components/_heat-cfn.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cfn] -bind_port = {{ .Values.service.cfn.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl deleted file mode 100644 index b9926222..00000000 --- a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cloudwatch] -bind_port = {{ .Values.service.cloudwatch.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl deleted file mode 100644 index 1a22c602..00000000 --- a/heat/templates/config/contents/components/_heat-engine.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml deleted file mode 100755 index 22031118..00000000 --- a/heat/templates/config/heat-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml deleted file mode 100644 index cffa497a..00000000 --- a/heat/templates/config/heat-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-api -data: - heat-api.conf: |+ -{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml deleted file mode 100644 index b7b4eb9e..00000000 --- a/heat/templates/config/heat-cache.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cache -data: - heat-cache.conf: | -{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml deleted file mode 100644 index 3d1c9651..00000000 --- a/heat/templates/config/heat-cfn.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cfn -data: - heat-cfn.conf: |+ -{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml deleted file mode 100644 index cf244f76..00000000 --- a/heat/templates/config/heat-cloudwatch.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cloudwatch -data: - heat-cloudwatch.conf: |+ -{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml deleted file mode 100644 index a8e2cf20..00000000 --- a/heat/templates/config/heat-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-db -type: Opaque -data: - heat-db.conf: | -{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml deleted file mode 100644 index 535e90cf..00000000 --- a/heat/templates/config/heat-endpoints.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-endpoints -data: - heat-endpoints.conf: | -{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml deleted file mode 100644 index cb585578..00000000 --- a/heat/templates/config/heat-engine.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-engine -data: - heat-engine.conf: |+ -{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml deleted file mode 100644 index 86a5a19b..00000000 --- a/heat/templates/config/heat-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-log -data: - heat-log.conf: |+ -{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml deleted file mode 100644 index 2bb408a6..00000000 --- a/heat/templates/config/heat-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-messaging -type: Opaque -data: - heat-messaging.conf: | -{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml deleted file mode 100644 index 8ac2ebf4..00000000 --- a/heat/templates/config/heat-options.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-options -data: - heat-options.conf: | -{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml deleted file mode 100644 index 29f96e71..00000000 --- a/heat/templates/config/heat-paste.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-paste -data: - heat-paste.conf: | -{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml deleted file mode 100644 index 1b96f2a5..00000000 --- a/heat/templates/config/heat-policy.json.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-json-policy -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml new file mode 100644 index 00000000..41e3ce81 --- /dev/null +++ b/heat/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml new file mode 100644 index 00000000..c3039714 --- /dev/null +++ b/heat/templates/configmap-etc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-etc +data: + heat.conf: |+ +{{ tuple "etc/_heat.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/configmap-keystone-admin.env.yaml similarity index 100% rename from heat/templates/config/heat-keystone-admin.env.yaml rename to heat/templates/configmap-keystone-admin.env.yaml diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/configmap-keystone-stack-user.env.yaml similarity index 71% rename from heat/templates/config/heat-stack-domain.conf.yaml rename to heat/templates/configmap-keystone-stack-user.env.yaml index f870bf29..e95e5f3f 100644 --- a/heat/templates/config/heat-stack-domain.conf.yaml +++ b/heat/templates/configmap-keystone-stack-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-stack-domain + name: heat-env-keystone-stack-user type: Opaque data: - heat-stack-domain.conf: | -{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} OS_DOMAIN_NAME: | diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/configmap-keystone-trustee.env.yaml similarity index 82% rename from heat/templates/config/heat-trustee.conf.yaml rename to heat/templates/configmap-keystone-trustee.env.yaml index 57906ad6..72a74bdf 100644 --- a/heat/templates/config/heat-trustee.conf.yaml +++ b/heat/templates/configmap-keystone-trustee.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-trustee + name: heat-env-keystone-trustee type: Opaque data: - heat-trustee.conf: | -{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/configmap-keystone-user.env.yaml similarity index 81% rename from heat/templates/config/heat-keystone.conf.yaml rename to heat/templates/configmap-keystone-user.env.yaml index 514a5774..c3730107 100644 --- a/heat/templates/config/heat-keystone.conf.yaml +++ b/heat/templates/configmap-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-keystone + name: heat-env-keystone-user type: Opaque data: - heat-keystone.conf: | -{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment-api.yaml similarity index 70% rename from heat/templates/deployment/api/api.yaml rename to heat/templates/deployment-api.yaml index 45176905..781aa72a 100755 --- a/heat/templates/deployment/api/api.yaml +++ b/heat/templates/deployment-api.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.api.port }} readinessProbe: tcpSocket: port: {{ .Values.service.api.port }} volumeMounts: - - name: heat-api-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-api - mountPath: /etc/heat/conf/heat-api.conf - subPath: heat-api.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-api-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-api-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-api + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-api -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment-cfn.yaml similarity index 70% rename from heat/templates/deployment/cfn/cfn.yaml rename to heat/templates/deployment-cfn.yaml index 4063084e..7d10b9ec 100644 --- a/heat/templates/deployment/cfn/cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cfn }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cfn + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cfn.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cfn.port }} volumeMounts: - - name: heat-cfn-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cfn - mountPath: /etc/heat/conf/heat-cfn.conf - subPath: heat-cfn.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cfn-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cfn-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cfn + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cfn -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml similarity index 70% rename from heat/templates/deployment/cloudwatch/cloudwatch.yaml rename to heat/templates/deployment-cloudwatch.yaml index 396633e1..3bd5c8d0 100644 --- a/heat/templates/deployment/cloudwatch/cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cloudwatch }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cloudwatch + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cloudwatch.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cloudwatch.port }} volumeMounts: - - name: heat-cloudwatch-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cloudwatch - mountPath: /etc/heat/conf/heat-cloudwatch.conf - subPath: heat-cloudwatch.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cloudwatch-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cloudwatch-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cloudwatch + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cloudwatch -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml deleted file mode 100755 index ff691820..00000000 --- a/heat/templates/deployment/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl deleted file mode 100755 index d4cc6486..00000000 --- a/heat/templates/deployment/api/bin/_api.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl deleted file mode 100644 index 30dcfad5..00000000 --- a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml deleted file mode 100644 index 71efedd8..00000000 --- a/heat/templates/deployment/cfn/cfn.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cfn-sh -data: - start.sh: |+ -{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl deleted file mode 100644 index 4703d33e..00000000 --- a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml deleted file mode 100644 index 6127e95b..00000000 --- a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cloudwatch-sh -data: - start.sh: |+ -{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/etc/_heat-api-paste.ini.tpl old mode 100755 new mode 100644 similarity index 99% rename from heat/templates/config/contents/_heat-api-paste.ini.tpl rename to heat/templates/etc/_heat-api-paste.ini.tpl index 5ea89b5a..ad6501e6 --- a/heat/templates/config/contents/_heat-api-paste.ini.tpl +++ b/heat/templates/etc/_heat-api-paste.ini.tpl @@ -1,4 +1,3 @@ - # heat-api pipeline [pipeline:heat-api] pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/etc/_heat-policy.json.tpl similarity index 100% rename from heat/templates/config/contents/_heat-policy.json.tpl rename to heat/templates/etc/_heat-policy.json.tpl diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl new file mode 100644 index 00000000..d4faf130 --- /dev/null +++ b/heat/templates/etc/_heat.conf.tpl @@ -0,0 +1,84 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +deferred_auth_method = "trusts" + +enable_stack_adopt = "True" +enable_stack_abandon = "True" + +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} + +num_engine_workers = {{ .Values.resources.engine.workers }} + +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} + +trusts_delegated_roles = "Member" + +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" + +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 + +[keystone_authtoken] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} + +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} + +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[paste_deploy] +config_file = /etc/heat/api-paste.ini + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/job-db-init.yaml similarity index 88% rename from heat/templates/jobs/db/init/db-init.yaml rename to heat/templates/job-db-init.yaml index a7d15d76..affd8569 100644 --- a/heat/templates/jobs/db/init/db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: heat-db-init-sh + name: heat-bin diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/job-db-sync.yaml similarity index 66% rename from heat/templates/jobs/db/sync/db-sync.yaml rename to heat/templates/job-db-sync.yaml index b42da032..3c66c4c5 100644 --- a/heat/templates/jobs/db/sync/db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -38,32 +38,21 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - heat-manage + args: + - --config-dir + - /etc/heat/conf + - db_sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-heat mountPath: /etc/heat - - name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true - - name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: heat-db-sync-sh - name: pod-etc-heat emptyDir: {} - - name: heat-conf-db - secret: - secretName: heat-conf-db - - name: heat-conf-log + - name: heatconf configMap: - name: heat-conf-log + name: heat-etc diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 00000000..ec01159e --- /dev/null +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-bin diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/job-ks-service.yaml similarity index 54% rename from heat/templates/jobs/keystone/service/ks-service.yaml rename to heat/templates/job-ks-service.yaml index 8a03bf26..a66d7c80 100644 --- a/heat/templates/jobs/keystone/service/ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job metadata: @@ -31,13 +32,39 @@ spec: restartPolicy: OnFailure containers: - name: heat-ks-service-orchestration -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat" - name: OS_SERVICE_TYPE value: "orchestration" - name: heat-ks-service-cloudformation -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat-cfn" - name: OS_SERVICE_TYPE @@ -45,4 +72,4 @@ spec: volumes: - name: ks-service-sh configMap: - name: heat-ks-service-sh + name: heat-bin diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/job-ks-user.yaml similarity index 55% rename from heat/templates/jobs/keystone/user/ks-user.yaml rename to heat/templates/job-ks-user.yaml index f243474e..ae19b217 100644 --- a/heat/templates/jobs/keystone/user/ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,3 +1,8 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user +{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} +{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -42,39 +47,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user @@ -89,39 +69,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_user_role | quote }} - name: heat-ks-domain-user @@ -136,32 +91,34 @@ spec: subPath: ks-domain-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: heat-ks-user-sh + name: heat-bin diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 2c4cc09e..00000000 --- a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 9f8b2262..00000000 --- a/heat/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index 4532bdfe..00000000 --- a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index 59aaa8d2..00000000 --- a/heat/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100755 index 04ed8957..00000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100755 index 84f66171..00000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: heat-ks-endpoints-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-cfn-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - volumes: - - name: ks-endpoints-sh - configMap: - name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index 4c30bee6..00000000 --- a/heat/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index d9e6730b..00000000 --- a/heat/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} - ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset-engine.yaml similarity index 71% rename from heat/templates/statefulset/engine/engine.yaml rename to heat/templates/statefulset-engine.yaml index 5e251523..8b79d9f4 100644 --- a/heat/templates/statefulset/engine/engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -43,23 +43,23 @@ spec: image: {{ .Values.images.engine }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-engine + - --config-dir + - /etc/heat/conf volumeMounts: - - name: heat-engine-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-conf-engine - mountPath: /etc/heat/conf/heat-engine.conf - subPath: heat-engine.conf - readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-engine-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-engine-sh - - name: heat-conf-engine - configMap: - name: heat-conf-engine -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl deleted file mode 100644 index dabae086..00000000 --- a/heat/templates/statefulset/engine/bin/_engine.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml deleted file mode 100644 index 534d6ef8..00000000 --- a/heat/templates/statefulset/engine/engine.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-engine-sh -data: - start.sh: |+ -{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/values.yaml b/heat/values.yaml index cba2b59e..dca675b5 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -99,6 +99,9 @@ resources: misc: debug: false +secrets: + keystone_admin: + dependencies: db_init: jobs: @@ -153,3 +156,42 @@ dependencies: service: - keystone-api - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + heat: + hosts: + default: heat-api + path: '/v1/%(project_id)s' + type: orchestration + scheme: 'http' + port: + api: 8004 + heat_cfn: + hosts: + default: heat-cfn + path: /v1 + type: cloudformation + scheme: 'http' + port: + api: 8000 +# Cloudwatch does not get an entry in the keystone service catalog + heat_cloudwatch: + hosts: + default: heat-cloudwatch + path: null + type: null + scheme: 'http' + port: + api: 8003 From 75d3cb659f9fadb29b759eb28ea79ebb6451e47b Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:26:48 +0000 Subject: [PATCH 09/54] Heat rebase against current master --- Makefile | 21 ++++---- common/templates/_endpoints.tpl | 52 +++++++++---------- ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...ml => secret-keystone-stack-user.env.yaml} | 0 ....yaml => secret-keystone-trustee.env.yaml} | 0 ...env.yaml => secret-keystone-user.env.yaml} | 0 6 files changed, 34 insertions(+), 39 deletions(-) rename heat/templates/{configmap-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename heat/templates/{configmap-keystone-stack-user.env.yaml => secret-keystone-stack-user.env.yaml} (100%) rename heat/templates/{configmap-keystone-trustee.env.yaml => secret-keystone-trustee.env.yaml} (100%) rename heat/templates/{configmap-keystone-user.env.yaml => secret-keystone-user.env.yaml} (100%) diff --git a/Makefile b/Makefile index d7345126..e3c08d22 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack common: build-common @@ -19,14 +19,18 @@ mariadb: build-mariadb keystone: build-keystone -heat: build-heat - horizon: build-horizon rabbitmq: build-rabbitmq glance: build-glance +neutron: build-neutron + +heat: build-heat + +maas: build-maas + memcached: build-memcached openstack: build-openstack @@ -42,10 +46,3 @@ build-%: if [ -f $*/requirements.yaml ]; then helm dep up $*; fi helm lint $* helm package $* - -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 5f1be748..fe0a7d18 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -2,32 +2,6 @@ # endpoints #----------------------------------------- -# this function returns the endpoint uri for a service, it takes an tuple -# input in ther form: service-name, endpoint-class, port-name. eg: -# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } -# will return the appropriate URI - -{{- define "endpoint_addr_lookup" -}} -{{- $name := index . 0 -}} -{{- $endpoint := index . 1 -}} -{{- $port := index . 2 -}} -{{- $context := index . 3 -}} -{{- $nameNorm := $name | replace "-" "_" }} -{{- $endpointMap := index $context.Values.endpoints $nameNorm }} -{{- $endpointScheme := index $endpointMap "scheme" }} -{{- $endpointPath := index $endpointMap "path" }} -{{- $fqdn := $context.Release.Namespace -}} -{{- if $context.Values.endpoints.fqdn -}} -{{- $fqdn := $context.Values.endpoints.fqdn -}} -{{- end -}} -{{- with $endpointMap -}} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} -{{- end -}} -{{- end -}} - - # this should be a generic function leveraging a tuple # for input, e.g. { endpoint keystone internal . } # however, constructing this appears to be a @@ -113,6 +87,31 @@ {{- end -}} {{- end -}} +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + #------------------------------- # endpoint type lookup @@ -132,7 +131,6 @@ {{- $endpointType | quote -}} {{- end -}} - #------------------------------- # kolla helpers #------------------------------- diff --git a/heat/templates/configmap-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-admin.env.yaml rename to heat/templates/secret-keystone-admin.env.yaml diff --git a/heat/templates/configmap-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-stack-user.env.yaml rename to heat/templates/secret-keystone-stack-user.env.yaml diff --git a/heat/templates/configmap-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-trustee.env.yaml rename to heat/templates/secret-keystone-trustee.env.yaml diff --git a/heat/templates/configmap-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-user.env.yaml rename to heat/templates/secret-keystone-user.env.yaml From 4e6f72476141fd0f31f2d3aef4ad42e496d445ba Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:56:15 +0000 Subject: [PATCH 10/54] Update Heat Service Creation Job --- heat/templates/job-ks-service.yaml | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index a66d7c80..ad5d75f1 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job @@ -31,9 +32,10 @@ spec: spec: restartPolicy: OnFailure containers: - - name: heat-ks-service-orchestration - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: - bash - /tmp/ks-service.sh @@ -47,28 +49,10 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: "heat" + value: {{ $osServiceName }} - name: OS_SERVICE_TYPE - value: "orchestration" - - name: heat-ks-service-cloudformation - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "env_ks_openrc_tpl" $env | indent 12 }} + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} {{- end }} - - name: OS_SERVICE_NAME - value: "heat-cfn" - - name: OS_SERVICE_TYPE - value: "cloudformation" volumes: - name: ks-service-sh configMap: From 4403ed40c7afd377504f1f366ae2759613499e1f Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:58:27 +0000 Subject: [PATCH 11/54] Add Heat to developer documentation --- docs/developer/minikube.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index b005c3ff..4ee88495 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -163,6 +163,7 @@ $ helm install --name=horizon local/horizon --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack +$ helm install --name=heat local/heat --namespace=openstack ``` # Horizon Management @@ -173,7 +174,7 @@ After each chart is deployed, you may wish to change the typical service endpoin $ sudo kubectl edit svc horizon -n openstack ``` -With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). +With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). ``` apiVersion: v1 @@ -224,7 +225,7 @@ $ kubectl exec mariadb-0 -it -n openstack -- mysql -uroot -ppassword -e 'show da | mysql | | performance_schema | +--------------------+ -$ +$ ``` **Helm Server/Repository**
@@ -251,7 +252,7 @@ $ helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com/ local http://localhost:8879/charts -$ +$ $ helm repo remove local ``` From 3c56140da31e486c30de10de6b2d370d01508250 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 07:08:13 -0800 Subject: [PATCH 12/54] Resolve missing newline --- neutron/templates/daemonset-ovs-db.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml index c22ab52c..f817fa92 100644 --- a/neutron/templates/daemonset-ovs-db.yaml +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -58,4 +58,5 @@ spec: path: /lib/modules - name: run hostPath: - path: /run \ No newline at end of file + path: /run + From 88a85ae7d5289625f2200f445e313bc699d73381 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 07:49:44 -0800 Subject: [PATCH 13/54] Implement requested feedback in PR#91 - Split out osapi and metadata api to remove unnecessary security privileges - Prune dependencies - Fix static imagePullPolicies - Remove extraneous start.sh imported accidently from keystone chart --- nova/templates/bin/_start-osapi.sh.tpl | 21 ++++++ nova/templates/bin/_start.sh.tpl | 12 --- nova/templates/configmap-bin.yaml | 4 +- nova/templates/daemonset-compute.yaml | 9 --- ...-api.yaml => deployment-api-metadata.yaml} | 13 ++-- nova/templates/deployment-api-osapi.yaml | 75 +++++++++++++++++++ nova/templates/etc/_nova.conf.tpl | 2 +- nova/templates/job-db-sync.yaml | 4 +- nova/templates/job-init.yaml | 2 +- nova/templates/job-post.yaml | 2 +- ...service-api.yaml => service-metadata.yaml} | 4 +- nova/templates/service-osapi.yaml | 13 ++++ nova/values.yaml | 35 ++++----- 13 files changed, 136 insertions(+), 60 deletions(-) create mode 100644 nova/templates/bin/_start-osapi.sh.tpl delete mode 100644 nova/templates/bin/_start.sh.tpl rename nova/templates/{deployment-api.yaml => deployment-api-metadata.yaml} (88%) create mode 100644 nova/templates/deployment-api-osapi.yaml rename nova/templates/{service-api.yaml => service-metadata.yaml} (66%) create mode 100644 nova/templates/service-osapi.yaml diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl new file mode 100644 index 00000000..d1f03132 --- /dev/null +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh +# +# start nova-api-osapi service +# +# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges +# by stubbing in a fake iptables scripts + +echo </tmp/iptables +#!/bin/sh +# nova-api-metadata trys to run some iptables commands +# This enables the api-only container to run without NET_ADMIN privileges +true +EOF + +# make it executable and copy it over whatever iptables may be underneath in this image +chmod +x /tmp/iptables +cp -p /tmp/iptables /sbin/iptables +cp -p /tmp/iptables /sbin/iptables-restore +cp -p /tmp/iptables /sbin/iptables-save + +exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/bin/_start.sh.tpl b/nova/templates/bin/_start.sh.tpl deleted file mode 100644 index 7c802358..00000000 --- a/nova/templates/bin/_start.sh.tpl +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -ex - -# link our keystone wsgi to apaches running config -ln -s /configmaps/wsgi-keystone.conf /etc/apache2/sites-enabled/wsgi-keystone.conf - -# Loading Apache2 ENV variables -source /etc/apache2/envvars -rm -rf /var/run/apache2/* -APACHE_DIR="apache2" - -apache2 -DFOREGROUND diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 6c7d10ce..f3d1fca6 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,8 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start.sh: | -{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }} + start-osapi.sh: | +{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 53f4c6ce..60529cfb 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -59,15 +59,6 @@ spec: - nova-compute - --config-file - /etc/nova/nova.conf - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf diff --git a/nova/templates/deployment-api.yaml b/nova/templates/deployment-api-metadata.yaml similarity index 88% rename from nova/templates/deployment-api.yaml rename to nova/templates/deployment-api-metadata.yaml index 4ce90155..a81444e5 100644 --- a/nova/templates/deployment-api.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -46,17 +46,16 @@ spec: image: {{ .Values.image.api }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: - privileged: true + capabilities: + add: + - NET_ADMIN command: - - nova-api - - --config-file - - /etc/nova/nova.conf + - nova-api-metadata --config-file=/etc/nova/nova.conf ports: - - containerPort: {{ .Values.network.port.api }} - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.api }} + port: {{ .Values.network.port.osapi }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -67,4 +66,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf + path: nova.conf \ No newline at end of file diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml new file mode 100644 index 00000000..b9a50bbf --- /dev/null +++ b/nova/templates/deployment-api-osapi.yaml @@ -0,0 +1,75 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nova-osapi +spec: + replicas: {{ .Values.control_replicas }} + template: + metadata: + labels: + app: nova-osapi + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": "{{ .Values.image.entrypoint }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: + - name: nova-osapi + image: {{ .Values.image.api }} + command: + - bash + - /tmp/start-osapi.sh + ports: + - containerPort: {{ .Values.network.port.osapi }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.osapi }} + volumeMounts: + - name: novaconf + mountPath: /etc/nova/nova.conf + subPath: nova.conf + volumeMounts: + - name: startsh + mountPath: /tmp/start-osapi.sh + subPath: start-osapi.sh + volumes: + - name: novaconf + configMap: + name: nova-etc + items: + - key: nova.conf + path: nova.conf + - name: startsh + configMap: + name: nova-bin + items: + - key: start-osapi.sh + path: start-osapi.sh diff --git a/nova/templates/etc/_nova.conf.tpl b/nova/templates/etc/_nova.conf.tpl index e3a46eef..900e341a 100644 --- a/nova/templates/etc/_nova.conf.tpl +++ b/nova/templates/etc/_nova.conf.tpl @@ -9,7 +9,7 @@ force_config_drive = {{ .Values.nova.default.force_config_drive }} state_path = /var/lib/nova osapi_compute_listen = {{ .Values.network.ip_address }} -osapi_compute_listen_port = {{ .Values.network.port.api }} +osapi_compute_listen_port = {{ .Values.network.port.osapi }} osapi_compute_workers = {{ .Values.nova.default.osapi_workers }} workers = {{ .Values.nova.default.osapi_workers }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 0e5c2102..013ad075 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -10,7 +10,7 @@ spec: { "name": "init", "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", + "imagePullPolicy": "{{ .Values.image.pull_policy }}", "env": [ { "name": "NAMESPACE", @@ -36,7 +36,7 @@ spec: containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/db-sync.sh diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 16a2201a..70c87364 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-init image: {{ .Values.image.init }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/init.sh diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 48b0f3e5..2c6fd237 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -36,7 +36,7 @@ spec: containers: - name: nova-post image: {{ .Values.image.post }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} command: - bash - /tmp/post.sh diff --git a/nova/templates/service-api.yaml b/nova/templates/service-metadata.yaml similarity index 66% rename from nova/templates/service-api.yaml rename to nova/templates/service-metadata.yaml index 6aa4144d..0e0bac07 100644 --- a/nova/templates/service-api.yaml +++ b/nova/templates/service-metadata.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Service metadata: - name: nova-api + name: nova-metadata spec: ports: - - name: nova-api - port: {{ .Values.network.port.api }} - name: nova-metadata port: {{ .Values.network.port.metadata }} selector: diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml new file mode 100644 index 00000000..3821bdd6 --- /dev/null +++ b/nova/templates/service-osapi.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + # alanmeadows(TODO): refactor to nova-osapi + # which requires updating other charts + # dependencies + name: nova-api +spec: + ports: + - name: nova-osapi + port: {{ .Values.network.port.osapi }} + selector: + app: nova-osapi diff --git a/nova/values.yaml b/nova/values.yaml index 2530bc1c..d4f315f9 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -13,16 +13,16 @@ control_replicas: 1 compute_replicas: 1 image: - init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona - db_sync: quay.io/stackanetes/stackanetes-nova-api:barcelona - api: quay.io/stackanetes/stackanetes-nova-api:barcelona - conductor: quay.io/stackanetes/stackanetes-nova-conductor:barcelona - scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:barcelona - novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:barcelona - consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:barcelona - compute: quay.io/stackanetes/stackanetes-nova-compute:barcelona - libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:barcelona - post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-nova-api:newton + api: quay.io/stackanetes/stackanetes-nova-api:newton + conductor: quay.io/stackanetes/stackanetes-nova-conductor:newton + scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:newton + novncproxy: quay.io/stackanetes/stackanetes-nova-novncproxy:newton + consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:newton + compute: quay.io/stackanetes/stackanetes-nova-compute:newton + libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton + post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -40,7 +40,7 @@ network: other_domains: "" port: - api: 8774 + osapi: 8774 metadata: 8775 novncproxy: 6080 @@ -51,7 +51,6 @@ nova: metadata_workers: 8 conductor_workers: 8 force_config_drive: True - drain_timeout: 60 database: address: "mariadb" @@ -103,7 +102,6 @@ memcached: dependencies: api: jobs: - - mariadb-seed - keystone-db-sync - nova-init - nova-db-sync @@ -121,6 +119,7 @@ dependencies: - nova-init - keystone-init - mariadb-seed + - keystone-db-sync service: - mariadb post: @@ -130,7 +129,7 @@ dependencies: - mariadb-seed service: - mariadb - - nova-api + - keystone-api init: jobs: - mariadb-seed @@ -138,9 +137,7 @@ dependencies: - mariadb compute: jobs: - - nova-init - nova-post - - nova-db-sync service: - keystone-api - nova-api @@ -164,17 +161,11 @@ dependencies: - mariadb scheduler: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb conductor: jobs: - - mariadb-seed - - keystone-db-sync - - nova-init - nova-db-sync service: - mariadb From 943b5a3706645a522214175ce66a0841b2e6f356 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:22:25 -0800 Subject: [PATCH 14/54] Bugfix missing space to start nove-api --- nova/templates/bin/_start-osapi.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index d1f03132..5e51c57f 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -18,4 +18,4 @@ cp -p /tmp/iptables /sbin/iptables cp -p /tmp/iptables /sbin/iptables-restore cp -p /tmp/iptables /sbin/iptables-save -exec nova-api--config-file /etc/nova/nova.conf \ No newline at end of file +exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file From bab75eff7fd6c9a404e7149290e5e8516693bbc4 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 08:36:08 -0800 Subject: [PATCH 15/54] Keep consistent with our set -ex approach on all shell scripts --- nova/templates/bin/_start-osapi.sh.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl index 5e51c57f..a2bf2a2f 100644 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ b/nova/templates/bin/_start-osapi.sh.tpl @@ -1,4 +1,6 @@ -#!/bin/sh +#!/bin/bash +set -ex + # # start nova-api-osapi service # From d8a07ee1cbee0154ecead3aed9882092c84822b5 Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 19:50:33 +0000 Subject: [PATCH 16/54] Update Heat PR to relect changes reqested in review This commit addresses the concerns raised in: https://github.com/att-comdev/openstack-helm/pull/77#pullrequestreview-15758654 --- .../templates/scripts}/_ks-domain-user.sh.tpl | 2 ++ heat/templates/configmap-bin.yaml | 2 +- heat/templates/deployment-api.yaml | 2 +- heat/templates/deployment-cfn.yaml | 2 +- heat/templates/deployment-cloudwatch.yaml | 2 +- heat/templates/etc/_heat.conf.tpl | 6 ++---- heat/templates/job-ks-endpoints.yaml.yaml | 2 +- heat/templates/job-ks-service.yaml | 2 +- heat/templates/job-ks-user.yaml | 10 +++++----- heat/templates/secret-keystone-admin.env.yaml | 2 +- .../templates/secret-keystone-stack-user.env.yaml | 2 +- heat/templates/secret-keystone-trustee.env.yaml | 2 +- heat/templates/secret-keystone-user.env.yaml | 2 +- heat/templates/statefulset-engine.yaml | 2 +- heat/values.yaml | 15 +++++++++++++-- 15 files changed, 33 insertions(+), 22 deletions(-) rename {heat/templates/bin => common/templates/scripts}/_ks-domain-user.sh.tpl (97%) diff --git a/heat/templates/bin/_ks-domain-user.sh.tpl b/common/templates/scripts/_ks-domain-user.sh.tpl similarity index 97% rename from heat/templates/bin/_ks-domain-user.sh.tpl rename to common/templates/scripts/_ks-domain-user.sh.tpl index 4b4f9402..44bfd276 100644 --- a/heat/templates/bin/_ks-domain-user.sh.tpl +++ b/common/templates/scripts/_ks-domain-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_domain_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -53,3 +54,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE_ID}" \ --user-domain="${SERVICE_OS_DOMAIN_ID}" \ --user="${SERVICE_OS_USERID}" +{{- end }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml index 41e3ce81..27da8c69 100644 --- a/heat/templates/configmap-bin.yaml +++ b/heat/templates/configmap-bin.yaml @@ -12,4 +12,4 @@ data: ks-user.sh: |+ {{- include "common_keystone_user" . | indent 4 }} ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} +{{- include "common_keystone_domain_user" . | indent 4 }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 781aa72a..759571c4 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} template: metadata: labels: diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 7d10b9ec..94d6d55e 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cfn spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cfn }} template: metadata: labels: diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3bd5c8d0..d4753011 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cloudwatch spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cloudwatch }} template: metadata: labels: diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index d4faf130..e902fe71 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -33,8 +33,7 @@ max_retries = -1 signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_region_name }} project_domain_name = {{ .Values.keystone.heat_project_domain }} @@ -75,8 +74,7 @@ auth_section = "trustee_keystone" signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_trustee_region_name }} user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index ec01159e..4b3f3003 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index ad5d75f1..3ce06a12 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index ae19b217..66981c9f 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,8 +1,8 @@ -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} -{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} +{{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user -{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} -{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} +{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }} +{{- $ksStackUserSecret := .Values.keystone_secrets.stack }} apiVersion: batch/v1 kind: Job metadata: @@ -78,7 +78,7 @@ spec: {{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE - value: {{ .Values.keystone.heat_trustee_user_role | quote }} + value: {{ .Values.keystone.heat_trustee_role | quote }} - name: heat-ks-domain-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} diff --git a/heat/templates/secret-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml index 275c1d27..ddbc7cec 100644 --- a/heat/templates/secret-keystone-admin.env.yaml +++ b/heat/templates/secret-keystone-admin.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-admin + name: {{ .Values.keystone_secrets.admin }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml index e95e5f3f..703bd370 100644 --- a/heat/templates/secret-keystone-stack-user.env.yaml +++ b/heat/templates/secret-keystone-stack-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-stack-user + name: {{ .Values.keystone_secrets.stack }} type: Opaque data: OS_REGION_NAME: | diff --git a/heat/templates/secret-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml index 72a74bdf..63db347e 100644 --- a/heat/templates/secret-keystone-trustee.env.yaml +++ b/heat/templates/secret-keystone-trustee.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-trustee + name: {{ .Values.keystone_secrets.trustee }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml index c3730107..f54a264f 100644 --- a/heat/templates/secret-keystone-user.env.yaml +++ b/heat/templates/secret-keystone-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-user + name: {{ .Values.keystone_secrets.user }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 8b79d9f4..0478e391 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -4,7 +4,7 @@ metadata: name: heat-engine spec: serviceName: heat-engine - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.engine }} template: metadata: labels: diff --git a/heat/values.yaml b/heat/values.yaml index dca675b5..6373aa22 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -3,7 +3,12 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 + +replicas: + api: 1 + cfn: 1 + cloudwatch: 1 + engine: 1 labels: node_selector_key: openstack-control-plane @@ -22,6 +27,12 @@ images: engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 pull_policy: "IfNotPresent" +keystone_secrets: + admin: "heat-env-keystone-admin" + user: "heat-env-keystone-user" + trustee: "heat-env-keystone-trustee" + stack: "heat-env-keystone-stack-user" + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" @@ -42,7 +53,7 @@ keystone: heat_trustee_user: "heat-trust" heat_trustee_user_domain: "default" - heat_trustee_user_role: "admin" + heat_trustee_role: "admin" heat_trustee_password: "password" heat_trustee_project_name: "service" heat_trustee_project_domain: "default" From c9d27bac4d84cb5dd8fe2d393c7f54896ce6485c Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:08:46 -0800 Subject: [PATCH 17/54] Add rolling update parameters to all current charts This ensures that all charts have a consistent and overridable approach to their pod replacement strategies, along with sane defaults. --- glance/templates/api.yaml | 9 +++++++++ glance/values.yaml | 7 +++++++ horizon/templates/deployment.yaml | 8 ++++++++ horizon/values.yaml | 7 +++++++ keystone/templates/deployment.yaml | 8 ++++++++ keystone/values.yaml | 7 +++++++ memcached/templates/deployment.yaml | 8 ++++++++ memcached/values.yaml | 7 +++++++ neutron/templates/deployment-server.yaml | 8 ++++++++ neutron/values.yaml | 7 +++++++ rabbitmq/templates/deployment.yaml | 8 ++++++++ rabbitmq/values.yaml | 8 +++++++- 12 files changed, 91 insertions(+), 1 deletion(-) diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index 659e53a3..53e9cc77 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -4,6 +4,14 @@ metadata: name: glance-api spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: @@ -37,6 +45,7 @@ spec: spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: - name: glance-api image: {{ .Values.images.api }} diff --git a/glance/values.yaml b/glance/values.yaml index a94a1bcc..a3c6886a 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -17,6 +17,13 @@ images: post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 2baa6bc3..f3a65f02 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: horizon spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/horizon/values.yaml b/horizon/values.yaml index 6de7d8e1..a7d97e61 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -10,6 +10,13 @@ images: horizon: quay.io/stackanetes/stackanetes-horizon:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: node_selector_key: openstack-control-plane node_selector_value: enabled diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 2a94d249..827cb9c3 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: keystone-api spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/keystone/values.yaml b/keystone/values.yaml index 80801204..a89452e1 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -16,6 +16,13 @@ images: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: version: v3 scheme: http diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 41dd4faa..02026575 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: memcached spec: replicas: {{ .Values.resources.memcached.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/memcached/values.yaml b/memcached/values.yaml index 16c0e702..c00dcdcc 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -7,6 +7,13 @@ images: memcached: quay.io/stackanetes/stackanetes-memcached:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: node_selector_key: openstack-control-plane node_selector_value: enabled diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 21004eb3..a9c37a34 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -4,6 +4,14 @@ metadata: name: neutron-server spec: replicas: {{ .Values.replicas.server }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/neutron/values.yaml b/neutron/values.yaml index f37c9006..434ea41f 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -20,6 +20,13 @@ images: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + labels: # ovs is a special case, requiring a special # label that can apply to both control hosts diff --git a/rabbitmq/templates/deployment.yaml b/rabbitmq/templates/deployment.yaml index 21bbd5f8..d4c19ccf 100644 --- a/rabbitmq/templates/deployment.yaml +++ b/rabbitmq/templates/deployment.yaml @@ -4,6 +4,14 @@ metadata: name: rabbitmq spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 1efabe69..8d44741b 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -8,7 +8,13 @@ replicas: "1" # this must be quoted to deal with atoi labels: node_selector_key: openstack-control-plane node_selector_value: enabled - + +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 auth: default_user: openstack default_pass: password From 0a481a8ef2bd5c2bf91d9ce1a51eb37909355e36 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:18:58 -0800 Subject: [PATCH 18/54] Consistent config map hashing across all existing charts * These annotations ensure that if configmaps change, the pods are redeployed according to their upgrade strategy. * This change excludes glance which has a pull request in progress to refactor it. --- keystone/templates/deployment.yaml | 2 ++ neutron/templates/daemonset-dhcp-agent.yaml | 3 +++ neutron/templates/daemonset-l3-agent.yaml | 3 +++ neutron/templates/daemonset-metadata-agent.yaml | 3 +++ neutron/templates/daemonset-ovs-agent.yaml | 3 +++ neutron/templates/daemonset-ovs-db.yaml | 3 +++ neutron/templates/daemonset-ovs-vswitchd.yaml | 3 +++ neutron/templates/deployment-server.yaml | 3 +++ rabbitmq/templates/{bin-configmap.yaml => configmap-bin.yaml} | 0 rabbitmq/templates/deployment.yaml | 2 ++ 10 files changed, 25 insertions(+) rename rabbitmq/templates/{bin-configmap.yaml => configmap-bin.yaml} (100%) diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 827cb9c3..49917ada 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -17,6 +17,8 @@ spec: labels: app: keystone-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index d34c6d99..11ef4e05 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-dhcp-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 7fb63e76..7428f944 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-l3-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index d8e8daaa..2ffc16df 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: neutron-metadata-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 9cea0896..f1518ab3 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-agent + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml index f817fa92..6b877abf 100644 --- a/neutron/templates/daemonset-ovs-db.yaml +++ b/neutron/templates/daemonset-ovs-db.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-db + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/daemonset-ovs-vswitchd.yaml b/neutron/templates/daemonset-ovs-vswitchd.yaml index 9db15ac4..b07047e3 100644 --- a/neutron/templates/daemonset-ovs-vswitchd.yaml +++ b/neutron/templates/daemonset-ovs-vswitchd.yaml @@ -7,6 +7,9 @@ spec: metadata: labels: app: ovs-vswitchd + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index a9c37a34..66aa7412 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -16,6 +16,9 @@ spec: metadata: labels: app: neutron-server + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} diff --git a/rabbitmq/templates/bin-configmap.yaml b/rabbitmq/templates/configmap-bin.yaml similarity index 100% rename from rabbitmq/templates/bin-configmap.yaml rename to rabbitmq/templates/configmap-bin.yaml diff --git a/rabbitmq/templates/deployment.yaml b/rabbitmq/templates/deployment.yaml index d4c19ccf..d622f8c5 100644 --- a/rabbitmq/templates/deployment.yaml +++ b/rabbitmq/templates/deployment.yaml @@ -16,6 +16,8 @@ spec: metadata: labels: app: rabbitmq + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} From 7c6e26f1ba21bf28229fe8d32e0cb8e1fa213ff8 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Mon, 9 Jan 2017 15:33:04 -0800 Subject: [PATCH 19/54] Add rolling update and template hashing to new nova chart --- nova/templates/daemonset-compute.yaml | 2 ++ nova/templates/daemonset-libvirt.yaml | 2 ++ nova/templates/deployment-api-metadata.yaml | 10 ++++++++++ nova/templates/deployment-api-osapi.yaml | 10 ++++++++++ nova/templates/deployment-conductor.yaml | 10 ++++++++++ nova/templates/deployment-consoleauth.yaml | 10 ++++++++++ nova/templates/deployment-scheduler.yaml | 10 ++++++++++ nova/values.yaml | 7 +++++++ 8 files changed, 61 insertions(+) diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 60529cfb..26299ea0 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-compute annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 31d442e1..6ffa346f 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -8,6 +8,8 @@ spec: labels: app: nova-libvirt annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index a81444e5..52e21cc1 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -4,11 +4,21 @@ metadata: name: nova-api spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index b9a50bbf..5c294db2 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -4,11 +4,21 @@ metadata: name: nova-osapi spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-osapi annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 5ff52393..e5977ef4 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -4,11 +4,21 @@ metadata: name: nova-conductor spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-conductor annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 52596ae6..d5688579 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -4,11 +4,21 @@ metadata: name: nova-consoleauth spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-consoleauth annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 6188cd7b..27cf414e 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -4,11 +4,21 @@ metadata: name: nova-scheduler spec: replicas: {{ .Values.control_replicas }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: nova-scheduler annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/nova/values.yaml b/nova/values.yaml index d4f315f9..179eae08 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -26,6 +26,13 @@ image: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + network: ip_address: "0.0.0.0" # TODO(DTadrzak): move external IPs to common, this variable should be shared with From adbe8f75408f0045c2ee9b35ed1f58f53839b582 Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:05:49 +0000 Subject: [PATCH 20/54] OpenStack Cinder WIP Cinder WIP --- Makefile | 9 +- cinder/Chart.yaml | 3 + cinder/requirements.yaml | 4 + cinder/templates/_helpers.tpl | 73 +++++++++ .../config/cinder-api-paste.ini.yaml | 7 + cinder/templates/config/cinder-api.conf.yaml | 7 + .../config/cinder-backend-rbd1.conf.yaml | 7 + .../config/cinder-backends.conf.yaml | 7 + .../config/cinder-concurrency.conf.yaml | 7 + cinder/templates/config/cinder-db.conf.yaml | 8 + .../templates/config/cinder-glance.conf.yaml | 7 + .../config/cinder-keystone-admin.env.yaml | 20 +++ .../config/cinder-keystone.conf.yaml | 22 +++ cinder/templates/config/cinder-log.conf.yaml | 7 + .../config/cinder-messaging.conf.yaml | 8 + .../config/contents/_cinder-api-paste.ini.tpl | 75 ++++++++++ .../config/contents/_cinder-api.conf.tpl | 12 ++ .../contents/_cinder-backend-rbd1.conf.tpl | 11 ++ .../config/contents/_cinder-backends.conf.tpl | 2 + .../contents/_cinder-concurrency.conf.tpl | 2 + .../config/contents/_cinder-db.conf.tpl | 3 + .../config/contents/_cinder-glance.conf.tpl | 3 + .../config/contents/_cinder-keystone.conf.tpl | 13 ++ .../config/contents/_cinder-log.conf.tpl | 4 + .../contents/_cinder-messaging.conf.tpl | 5 + cinder/templates/deployments/api/api.sh.yaml | 7 + cinder/templates/deployments/api/api.yaml | 138 ++++++++++++++++++ .../templates/deployments/api/bin/_api.sh.tpl | 19 +++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + cinder/templates/jobs/db/init/db-init.sh.yaml | 7 + cinder/templates/jobs/db/init/db-init.yaml | 54 +++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 +++ cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 + cinder/templates/jobs/db/sync/db-sync.yaml | 69 +++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 ++++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 +++++++++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 +++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 54 +++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 +++++++ .../jobs/keystone/user/ks-user.sh.yaml | 7 + .../templates/jobs/keystone/user/ks-user.yaml | 82 +++++++++++ cinder/templates/service-api.yaml | 9 ++ cinder/values.yaml | 110 ++++++++++++++ docs/developer/minikube.md | 1 + 46 files changed, 1210 insertions(+), 3 deletions(-) create mode 100644 cinder/Chart.yaml create mode 100644 cinder/requirements.yaml create mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml create mode 100644 cinder/templates/config/cinder-api.conf.yaml create mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml create mode 100644 cinder/templates/config/cinder-backends.conf.yaml create mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml create mode 100644 cinder/templates/config/cinder-db.conf.yaml create mode 100644 cinder/templates/config/cinder-glance.conf.yaml create mode 100644 cinder/templates/config/cinder-keystone-admin.env.yaml create mode 100644 cinder/templates/config/cinder-keystone.conf.yaml create mode 100644 cinder/templates/config/cinder-log.conf.yaml create mode 100644 cinder/templates/config/cinder-messaging.conf.yaml create mode 100644 cinder/templates/config/contents/_cinder-api-paste.ini.tpl create mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/deployments/api/api.sh.yaml create mode 100644 cinder/templates/deployments/api/api.yaml create mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl create mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml create mode 100644 cinder/templates/jobs/db/init/db-init.yaml create mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 cinder/templates/jobs/db/sync/db-sync.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml create mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 cinder/templates/jobs/keystone/user/ks-user.yaml create mode 100644 cinder/templates/service-api.yaml create mode 100644 cinder/values.yaml diff --git a/Makefile b/Makefile index e3c08d22..9915074e 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,13 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron cinder heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack +CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack + common: build-common @@ -19,6 +20,8 @@ mariadb: build-mariadb keystone: build-keystone +cinder: build-cinder + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml new file mode 100644 index 00000000..890af01e --- /dev/null +++ b/cinder/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for cinder +name: cinder +version: 0.1.0 diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml new file mode 100644 index 00000000..2350b1fa --- /dev/null +++ b/cinder/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 00000000..80039684 --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml new file mode 100644 index 00000000..a0d87145 --- /dev/null +++ b/cinder/templates/config/cinder-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml new file mode 100644 index 00000000..ae0df426 --- /dev/null +++ b/cinder/templates/config/cinder-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-api +data: + cinder-api.conf: |+ +{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml new file mode 100644 index 00000000..1beb4016 --- /dev/null +++ b/cinder/templates/config/cinder-backend-rbd1.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backend-rbd1 +data: + cinder-backend-rbd1.conf: |+ +{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml new file mode 100644 index 00000000..b5f839c5 --- /dev/null +++ b/cinder/templates/config/cinder-backends.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backends +data: + cinder-backends.conf: |+ +{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml new file mode 100644 index 00000000..3385d54b --- /dev/null +++ b/cinder/templates/config/cinder-concurrency.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-concurrency +data: + cinder-concurrency.conf: |+ +{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml new file mode 100644 index 00000000..80a10531 --- /dev/null +++ b/cinder/templates/config/cinder-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-db +type: Opaque +data: + cinder-db.conf: | +{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml new file mode 100644 index 00000000..a1c7e91a --- /dev/null +++ b/cinder/templates/config/cinder-glance.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-glance +data: + cinder-glance.conf: |+ +{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/config/cinder-keystone-admin.env.yaml new file mode 100644 index 00000000..885c5807 --- /dev/null +++ b/cinder/templates/config/cinder-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/config/cinder-keystone.conf.yaml new file mode 100644 index 00000000..992a6d43 --- /dev/null +++ b/cinder/templates/config/cinder-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-keystone +type: Opaque +data: + cinder-keystone.conf: | +{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.cinder_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.cinder_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.cinder_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.cinder_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.cinder_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml new file mode 100644 index 00000000..683a5893 --- /dev/null +++ b/cinder/templates/config/cinder-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-log +data: + cinder-log.conf: |+ +{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml new file mode 100644 index 00000000..0645feed --- /dev/null +++ b/cinder/templates/config/cinder-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-messaging +type: Opaque +data: + cinder-messaging.conf: | +{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl new file mode 100644 index 00000000..a761f53d --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl @@ -0,0 +1,75 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl new file mode 100644 index 00000000..b4ac6621 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api.conf.tpl @@ -0,0 +1,12 @@ +[DEFAULT] +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl new file mode 100644 index 00000000..abd6eeda --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl @@ -0,0 +1,11 @@ +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl new file mode 100644 index 00000000..62a1dbcc --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backends.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl new file mode 100644 index 00000000..06be34ce --- /dev/null +++ b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl @@ -0,0 +1,2 @@ +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl new file mode 100644 index 00000000..1b676790 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl new file mode 100644 index 00000000..31807c7a --- /dev/null +++ b/cinder/templates/config/contents/_cinder-glance.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl new file mode 100644 index 00000000..1311ed69 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-keystone.conf.tpl @@ -0,0 +1,13 @@ +[DEFAULT] +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl new file mode 100644 index 00000000..a0ec3d1f --- /dev/null +++ b/cinder/templates/config/contents/_cinder-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl new file mode 100644 index 00000000..819bd099 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml new file mode 100644 index 00000000..bda7100b --- /dev/null +++ b/cinder/templates/deployments/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml new file mode 100644 index 00000000..63e40bd6 --- /dev/null +++ b/cinder/templates/deployments/api/api.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: cinder-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-lib-cinder-tmp + mountPath: /var/lib/cinder/tmp + - name: cinder-ini-api-paste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinder-conf-api + mountPath: /etc/cinder/conf/cinder-api.conf + subPath: cinder-api.conf + readOnly: true + - name: cinder-conf-backends + mountPath: /etc/cinder/conf/cinder-backends.conf + subPath: cinder-backends.conf + readOnly: true + - name: cinder-conf-backend-rbd1 + mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf + subPath: cinder-backend-rbd1.conf + readOnly: true + - name: cinder-conf-concurrency + mountPath: /etc/cinder/conf/cinder-concurrency.conf + subPath: cinder-concurrency.conf + readOnly: true + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-glance + mountPath: /etc/cinder/conf/cinder-glance.conf + subPath: cinder-glance.conf + readOnly: true + - name: cinder-conf-keystone + mountPath: /etc/cinder/conf/cinder-keystone.conf + subPath: cinder-keystone.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + - name: cinder-conf-messaging + mountPath: /etc/cinder/conf/cinder-messaging.conf + subPath: cinder-messaging.conf + readOnly: true + volumes: + - name: cinder-api-sh + configMap: + name: cinder-api-sh + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-lib-cinder-tmp + emptyDir: {} + - name: cinder-ini-api-paste + configMap: + name: cinder-ini-api-paste + - name: cinder-conf-api + configMap: + name: cinder-conf-api + - name: cinder-conf-backends + configMap: + name: cinder-conf-backends + - name: cinder-conf-backend-rbd1 + configMap: + name: cinder-conf-backend-rbd1 + - name: cinder-conf-concurrency + configMap: + name: cinder-conf-concurrency + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-glance + configMap: + name: cinder-conf-glance + - name: cinder-conf-keystone + secret: + secretName: cinder-conf-keystone + - name: cinder-conf-log + configMap: + name: cinder-conf-log + - name: cinder-conf-messaging + secret: + secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl new file mode 100644 index 00000000..91e4f3a9 --- /dev/null +++ b/cinder/templates/deployments/api/bin/_api.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 00000000..66e953e9 --- /dev/null +++ b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 00000000..74875985 --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/jobs/db/init/db-init.yaml new file mode 100644 index 00000000..4c27f8c8 --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: cinder-db-init-sh diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..a36edc6c --- /dev/null +++ b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 00000000..f395f01e --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 00000000..ba4d31ef --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: cinder-db-sync-sh + - name: pod-etc-cinder + emptyDir: {} + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-log + configMap: + name: cinder-conf-log diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100644 index 00000000..264d1b13 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SERVICE_INTERFACE} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100644 index 00000000..b4841d89 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100644 index 00000000..1c23325d --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,130 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-endpoints-v1-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v2-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v3-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 00000000..4777d08c --- /dev/null +++ b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 00000000..e4ea00a3 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 00000000..38934338 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-service-v1 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volume" + - name: cinder-ks-service-v2 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev2" + - name: cinder-ks-service-v3 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev3" + volumes: + - name: ks-service-sh + configMap: + name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 00000000..fdc7358b --- /dev/null +++ b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 00000000..52e6941d --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 00000000..06c4e863 --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "cinder" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.cinder_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: cinder-ks-user-sh diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml new file mode 100644 index 00000000..809211c9 --- /dev/null +++ b/cinder/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml new file mode 100644 index 00000000..0fd29665 --- /dev/null +++ b/cinder/values.yaml @@ -0,0 +1,110 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: quay.io/stackanetes/stackanetes-cinder-api:newton + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + cinder_user: "cinder" + cinder_user_domain: "default" + cinder_user_role: "admin" + cinder_password: "password" + cinder_project_name: "service" + cinder_project_domain: "default" + cinder_region_name: "RegionOne" + +service: + api: + name: "cinder-api" + port: 8776 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + cinder_database_name: cinder + cinder_password: password + cinder_user: cinder + +backends: + enabled: + - rbd1 + rbd1: + secret: "" + user: "cinder" + pool: "volumes" + +glance: + proto: "http" + host: "glance-api" + port: 9292 + version: 2 + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + + +api: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - cinder-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - cinder-ks-service + service: + - keystone-api + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + service: + - mariadb + - keystone-api diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 4ee88495..1058a984 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -160,6 +160,7 @@ $ helm install --name=memcached local/memcached --namespace=openstack $ helm install --name=rabbitmq local/rabbitmq --namespace=openstack $ helm install --name=keystone local/keystone --namespace=openstack $ helm install --name=horizon local/horizon --namespace=openstack +$ helm install --name=cinder local/cinder --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack From 4479a0d93fabd34d84bb6412635b34137f97885c Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 02:09:40 +0000 Subject: [PATCH 21/54] Cinder Refactor WIP This work is dependant on the Common Chart elements introduced with the Heat PR, and should not be merged prior to https://github.com/att-comdev/openstack-helm/pull/77 --- cinder/templates/_helpers.tpl | 73 --------- cinder/templates/bin/_db-init.sh.tpl | 21 +++ .../config/cinder-api-paste.ini.yaml | 7 - cinder/templates/config/cinder-api.conf.yaml | 7 - .../config/cinder-backend-rbd1.conf.yaml | 7 - .../config/cinder-backends.conf.yaml | 7 - .../config/cinder-concurrency.conf.yaml | 7 - cinder/templates/config/cinder-db.conf.yaml | 8 - .../templates/config/cinder-glance.conf.yaml | 7 - cinder/templates/config/cinder-log.conf.yaml | 7 - .../config/cinder-messaging.conf.yaml | 8 - .../config/contents/_cinder-api.conf.tpl | 12 -- .../contents/_cinder-backend-rbd1.conf.tpl | 11 -- .../config/contents/_cinder-backends.conf.tpl | 2 - .../contents/_cinder-concurrency.conf.tpl | 2 - .../config/contents/_cinder-db.conf.tpl | 3 - .../config/contents/_cinder-glance.conf.tpl | 3 - .../config/contents/_cinder-keystone.conf.tpl | 13 -- .../config/contents/_cinder-log.conf.tpl | 4 - .../contents/_cinder-messaging.conf.tpl | 5 - cinder/templates/configmap-bin.yaml | 13 ++ cinder/templates/configmap-etc.yaml | 9 ++ cinder/templates/deployment-api.yaml | 76 ++++++++++ cinder/templates/deployments/api/api.sh.yaml | 7 - cinder/templates/deployments/api/api.yaml | 138 ------------------ .../templates/deployments/api/bin/_api.sh.tpl | 19 --- .../_cinder-api-paste.ini.tpl | 0 cinder/templates/etc/_cinder.conf.tpl | 57 ++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 32 ++-- cinder/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ cinder/templates/job-ks-service.yaml | 59 ++++++++ .../user/ks-user.yaml => job-ks-user.yaml} | 44 ++---- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - cinder/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../endpoints/bin/_ks-endpoints.sh.tpl | 63 -------- .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 ----------------- .../keystone/service/bin/_ks-service.sh.tpl | 35 ----- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/service/ks-service.yaml | 54 ------- .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ------- .../jobs/keystone/user/ks-user.sh.yaml | 7 - ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...onf.yaml => secret-keystone-user.env.yaml} | 4 +- cinder/values.yaml | 37 +++++ 48 files changed, 366 insertions(+), 818 deletions(-) delete mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml delete mode 100644 cinder/templates/config/cinder-api.conf.yaml delete mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml delete mode 100644 cinder/templates/config/cinder-backends.conf.yaml delete mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml delete mode 100644 cinder/templates/config/cinder-db.conf.yaml delete mode 100644 cinder/templates/config/cinder-glance.conf.yaml delete mode 100644 cinder/templates/config/cinder-log.conf.yaml delete mode 100644 cinder/templates/config/cinder-messaging.conf.yaml delete mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/configmap-bin.yaml create mode 100644 cinder/templates/configmap-etc.yaml create mode 100644 cinder/templates/deployment-api.yaml delete mode 100644 cinder/templates/deployments/api/api.sh.yaml delete mode 100644 cinder/templates/deployments/api/api.yaml delete mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl rename cinder/templates/{config/contents => etc}/_cinder-api-paste.ini.tpl (100%) create mode 100644 cinder/templates/etc/_cinder.conf.tpl rename cinder/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename cinder/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 cinder/templates/job-ks-endpoints.yaml.yaml create mode 100644 cinder/templates/job-ks-service.yaml rename cinder/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (51%) delete mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml delete mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml rename cinder/templates/{config/cinder-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename cinder/templates/{config/cinder-keystone.conf.yaml => secret-keystone-user.env.yaml} (80%) diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl deleted file mode 100644 index 80039684..00000000 --- a/cinder/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/cinder/templates/bin/_db-init.sh.tpl b/cinder/templates/bin/_db-init.sh.tpl new file mode 100644 index 00000000..93bd518b --- /dev/null +++ b/cinder/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_user }}' \ + password='{{ .Values.database.cinder_password }}' \ + host='%' \ + priv='{{ .Values.database.cinder_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml deleted file mode 100644 index a0d87145..00000000 --- a/cinder/templates/config/cinder-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml deleted file mode 100644 index ae0df426..00000000 --- a/cinder/templates/config/cinder-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-api -data: - cinder-api.conf: |+ -{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml deleted file mode 100644 index 1beb4016..00000000 --- a/cinder/templates/config/cinder-backend-rbd1.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backend-rbd1 -data: - cinder-backend-rbd1.conf: |+ -{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml deleted file mode 100644 index b5f839c5..00000000 --- a/cinder/templates/config/cinder-backends.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backends -data: - cinder-backends.conf: |+ -{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml deleted file mode 100644 index 3385d54b..00000000 --- a/cinder/templates/config/cinder-concurrency.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-concurrency -data: - cinder-concurrency.conf: |+ -{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml deleted file mode 100644 index 80a10531..00000000 --- a/cinder/templates/config/cinder-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-db -type: Opaque -data: - cinder-db.conf: | -{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml deleted file mode 100644 index a1c7e91a..00000000 --- a/cinder/templates/config/cinder-glance.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-glance -data: - cinder-glance.conf: |+ -{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml deleted file mode 100644 index 683a5893..00000000 --- a/cinder/templates/config/cinder-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-log -data: - cinder-log.conf: |+ -{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml deleted file mode 100644 index 0645feed..00000000 --- a/cinder/templates/config/cinder-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-messaging -type: Opaque -data: - cinder-messaging.conf: | -{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl deleted file mode 100644 index b4ac6621..00000000 --- a/cinder/templates/config/contents/_cinder-api.conf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -[DEFAULT] -enable_v1_api = false -volume_name_template = %s - -osapi_volume_workers = {{ .Values.api.workers }} -osapi_volume_listen = 0.0.0.0 -osapi_volume_listen_port = {{ .Values.service.api.port }} - -api_paste_config = /etc/cinder/api-paste.ini - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl deleted file mode 100644 index abd6eeda..00000000 --- a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -[rbd1] -volume_driver = cinder.volume.drivers.rbd.RBDDriver -rbd_pool = {{ .Values.backends.rbd1.pool }} -rbd_ceph_conf = /etc/ceph/ceph.conf -rbd_flatten_volume_from_snapshot = false -rbd_max_clone_depth = 5 -rbd_store_chunk_size = 4 -rados_connect_timeout = -1 -rbd_user = {{ .Values.backends.rbd1.user }} -rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} -report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl deleted file mode 100644 index 62a1dbcc..00000000 --- a/cinder/templates/config/contents/_cinder-backends.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl deleted file mode 100644 index 06be34ce..00000000 --- a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl deleted file mode 100644 index 1b676790..00000000 --- a/cinder/templates/config/contents/_cinder-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} -max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl deleted file mode 100644 index 31807c7a..00000000 --- a/cinder/templates/config/contents/_cinder-glance.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" -glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl deleted file mode 100644 index 1311ed69..00000000 --- a/cinder/templates/config/contents/_cinder-keystone.conf.tpl +++ /dev/null @@ -1,13 +0,0 @@ -[DEFAULT] -auth_strategy = keystone -os_region_name = {{ .Values.keystone.cinder_region_name }} - -[keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -project_domain_name = {{ .Values.keystone.cinder_project_domain }} -user_domain_name = {{ .Values.keystone.cinder_user_domain }} -project_name = {{ .Values.keystone.cinder_project_name }} -username = {{ .Values.keystone.cinder_user }} -password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl deleted file mode 100644 index a0ec3d1f..00000000 --- a/cinder/templates/config/contents/_cinder-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl deleted file mode 100644 index 819bd099..00000000 --- a/cinder/templates/config/contents/_cinder-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml new file mode 100644 index 00000000..b549121d --- /dev/null +++ b/cinder/templates/configmap-bin.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml new file mode 100644 index 00000000..d3c2bab3 --- /dev/null +++ b/cinder/templates/configmap-etc.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-etc +data: + cinder.conf: |+ +{{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml new file mode 100644 index 00000000..4cd72f3a --- /dev/null +++ b/cinder/templates/deployment-api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-api + - --config-dir + - /etc/cinder/conf + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml deleted file mode 100644 index bda7100b..00000000 --- a/cinder/templates/deployments/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml deleted file mode 100644 index 63e40bd6..00000000 --- a/cinder/templates/deployments/api/api.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: cinder-api -spec: - replicas: {{ .Values.replicas }} - template: - metadata: - labels: - app: cinder-api - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - containers: - - name: cinder-api - image: {{ .Values.images.api }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/start.sh - ports: - - containerPort: {{ .Values.service.api.port }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.api.port }} - volumeMounts: - - name: cinder-api-sh - mountPath: /tmp/start.sh - subPath: start.sh - readOnly: true - - name: pod-etc-cinder - mountPath: /etc/cinder - - name: pod-var-lib-cinder-tmp - mountPath: /var/lib/cinder/tmp - - name: cinder-ini-api-paste - mountPath: /etc/cinder/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: cinder-conf-api - mountPath: /etc/cinder/conf/cinder-api.conf - subPath: cinder-api.conf - readOnly: true - - name: cinder-conf-backends - mountPath: /etc/cinder/conf/cinder-backends.conf - subPath: cinder-backends.conf - readOnly: true - - name: cinder-conf-backend-rbd1 - mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf - subPath: cinder-backend-rbd1.conf - readOnly: true - - name: cinder-conf-concurrency - mountPath: /etc/cinder/conf/cinder-concurrency.conf - subPath: cinder-concurrency.conf - readOnly: true - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-glance - mountPath: /etc/cinder/conf/cinder-glance.conf - subPath: cinder-glance.conf - readOnly: true - - name: cinder-conf-keystone - mountPath: /etc/cinder/conf/cinder-keystone.conf - subPath: cinder-keystone.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf - readOnly: true - - name: cinder-conf-messaging - mountPath: /etc/cinder/conf/cinder-messaging.conf - subPath: cinder-messaging.conf - readOnly: true - volumes: - - name: cinder-api-sh - configMap: - name: cinder-api-sh - - name: pod-etc-cinder - emptyDir: {} - - name: pod-var-lib-cinder-tmp - emptyDir: {} - - name: cinder-ini-api-paste - configMap: - name: cinder-ini-api-paste - - name: cinder-conf-api - configMap: - name: cinder-conf-api - - name: cinder-conf-backends - configMap: - name: cinder-conf-backends - - name: cinder-conf-backend-rbd1 - configMap: - name: cinder-conf-backend-rbd1 - - name: cinder-conf-concurrency - configMap: - name: cinder-conf-concurrency - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-glance - configMap: - name: cinder-conf-glance - - name: cinder-conf-keystone - secret: - secretName: cinder-conf-keystone - - name: cinder-conf-log - configMap: - name: cinder-conf-log - - name: cinder-conf-messaging - secret: - secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl deleted file mode 100644 index 91e4f3a9..00000000 --- a/cinder/templates/deployments/api/bin/_api.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/etc/_cinder-api-paste.ini.tpl similarity index 100% rename from cinder/templates/config/contents/_cinder-api-paste.ini.tpl rename to cinder/templates/etc/_cinder-api-paste.ini.tpl diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl new file mode 100644 index 00000000..12536060 --- /dev/null +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -0,0 +1,57 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} + +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} + +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + + +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/job-db-init.yaml similarity index 88% rename from cinder/templates/jobs/db/init/db-init.yaml rename to cinder/templates/job-db-init.yaml index 4c27f8c8..6d59153e 100644 --- a/cinder/templates/jobs/db/init/db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: cinder-db-init-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/job-db-sync.yaml similarity index 66% rename from cinder/templates/jobs/db/sync/db-sync.yaml rename to cinder/templates/job-db-sync.yaml index ba4d31ef..6be19e70 100644 --- a/cinder/templates/jobs/db/sync/db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -38,32 +38,22 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - cinder-manage + args: + - --config-dir + - /etc/cinder/conf + - db + - sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-cinder mountPath: /etc/cinder - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: cinder-db-sync-sh - name: pod-etc-cinder emptyDir: {} - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-log + - name: cinderconf configMap: - name: cinder-conf-log + name: cinder-etc diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 00000000..e2e082bd --- /dev/null +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml new file mode 100644 index 00000000..b22ee7aa --- /dev/null +++ b/cinder/templates/job-ks-service.yaml @@ -0,0 +1,59 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/job-ks-user.yaml similarity index 51% rename from cinder/templates/jobs/keystone/user/ks-user.yaml rename to cinder/templates/job-ks-user.yaml index 06c4e863..b8cdec3d 100644 --- a/cinder/templates/jobs/keystone/user/ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -1,3 +1,5 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -18,7 +20,7 @@ spec: }, { "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" }, { "name": "COMMAND", @@ -40,43 +42,19 @@ spec: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh + readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "cinder" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.cinder_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: cinder-ks-user-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 66e953e9..00000000 --- a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 74875985..00000000 --- a/cinder/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index a36edc6c..00000000 --- a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index f395f01e..00000000 --- a/cinder/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl deleted file mode 100644 index 264d1b13..00000000 --- a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Get Service ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# Get Endpoint ID if it exists -OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ - grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ - awk -F ',' '{ print $1 }' ) - -# Making sure only a single endpoint exists for a service within a region -if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then - echo "More than one endpoint found, cleaning up" - for ENDPOINT_ID in $OS_ENDPOINT_ID; do - openstack endpoint delete ${ENDPOINT_ID} - done - unset OS_ENDPOINT_ID -fi - -# Determine if Endpoint needs updated -if [[ ${OS_ENDPOINT_ID} ]]; then - OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) - if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then - echo "Endpoints Match: no action required" - OS_ENDPOINT_UPDATE="False" - else - echo "Endpoints Dont Match: removing existing entries" - openstack endpoint delete ${OS_ENDPOINT_ID} - OS_ENDPOINT_UPDATE="True" - fi -else - OS_ENDPOINT_UPDATE="True" -fi - -# Update Endpoint if required -if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then - OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ - --region="${OS_REGION_NAME}" \ - "${OS_SERVICE_ID}" \ - ${OS_SERVICE_INTERFACE} \ - "${OS_SERVICE_ENDPOINT}" ) -fi - -# Display the Endpoint -openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100644 index b4841d89..00000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100644 index 1c23325d..00000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-endpoints-v1-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v2-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v3-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - volumes: - - name: ks-endpoints-sh - configMap: - name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl deleted file mode 100644 index 4777d08c..00000000 --- a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Service boilerplate description -OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" - -# Get Service ID if it exists -unset OS_SERVICE_ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# If a Service ID was not found, then create the service -if [[ -z ${OS_SERVICE_ID} ]]; then - OS_SERVICE_ID=$(openstack service create -f value -c id \ - --name="${OS_SERVICE_NAME}" \ - --description "${OS_SERVICE_DESC}" \ - --enable \ - "${OS_SERVICE_TYPE}") -fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index e4ea00a3..00000000 --- a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml deleted file mode 100644 index 38934338..00000000 --- a/cinder/templates/jobs/keystone/service/ks-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-service -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-service-v1 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volume" - - name: cinder-ks-service-v2 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev2" - - name: cinder-ks-service-v3 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev3" - volumes: - - name: ks-service-sh - configMap: - name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl deleted file mode 100644 index fdc7358b..00000000 --- a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Manage user project -USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - "${SERVICE_OS_PROJECT_NAME}"); - -# Display project -openstack project show "${USER_PROJECT_ID}" - -# Manage user -USER_ID=$(openstack user create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ - --password="${SERVICE_OS_PASSWORD}" \ - "${SERVICE_OS_USERNAME}"); - -# Display user -openstack user show "${USER_ID}" - -# Manage user role -USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ - "${SERVICE_OS_ROLE}"); - -# Manage user role assignment -openstack role add \ - --user="${USER_ID}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - "${USER_ROLE_ID}" - -# Display user role assignment -openstack role assignment list \ - --role="${SERVICE_OS_ROLE}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index 52e6941d..00000000 --- a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml similarity index 100% rename from cinder/templates/config/cinder-keystone-admin.env.yaml rename to cinder/templates/secret-keystone-admin.env.yaml diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/secret-keystone-user.env.yaml similarity index 80% rename from cinder/templates/config/cinder-keystone.conf.yaml rename to cinder/templates/secret-keystone-user.env.yaml index 992a6d43..e0f5ad63 100644 --- a/cinder/templates/config/cinder-keystone.conf.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: cinder-conf-keystone + name: cinder-env-keystone-user type: Opaque data: - cinder-keystone.conf: | -{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/cinder/values.yaml b/cinder/values.yaml index 0fd29665..e0d7e355 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -108,3 +108,40 @@ dependencies: service: - mariadb - keystone-api + +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + cinder: + hosts: + default: cinder-api + path: '/v1/%(tenant_id)s' + type: volume + scheme: 'http' + port: + api: 8776 + cinderv2: + name: cinder + hosts: + default: cinder-api + path: '/v2/%(tenant_id)s' + type: volumev2 + scheme: 'http' + port: + api: 8776 + cinderv3: + name: cinder + hosts: + default: cinder-api + path: '/v3/%(tenant_id)s' + type: volumev3 + scheme: 'http' + port: + api: 8776 From 1e94b125bf7fe0bbf006a8cfeb7fadabf10c6670 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:28:42 +0000 Subject: [PATCH 22/54] WIP Update cinder Endpoint and service creation to support multiple versions This commmit addresses issues with the endpoint layout in the values.yaml As a result it does for now not use the common functions for some tasks. --- cinder/templates/_helpers.tpl | 45 +++++++++++++++++++++ cinder/templates/job-ks-endpoints.yaml.yaml | 10 ++--- cinder/templates/job-ks-service.yaml | 8 ++-- cinder/values.yaml | 31 ++++++++++---- 4 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 cinder/templates/_helpers.tpl diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 00000000..97ab3325 --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,45 @@ +# This file is required because we use a slightly different endpoint layout in +# the values yaml, until we can make this change for all services. + + +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "endpoint_type_lookup_addr" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_type_lookup_addr" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint name lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "ks_endpoint_type" } +# will return "heat" + +{{- define "endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index e2e082bd..999aed4e 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -32,9 +32,9 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} image: {{ $envAll.Values.images.ks_endpoints }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -52,11 +52,11 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "endpoint_type_lookup_addr" }} {{- end }} {{- end }} volumes: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index b22ee7aa..d7035eb8 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -32,8 +32,8 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} - - name: {{ $osServiceName }}-ks-service-registration +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} + - name: {{ $osServiceType }}-ks-service-registration image: {{ $envAll.Values.images.ks_service }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -49,9 +49,9 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} {{- end }} volumes: - name: ks-service-sh diff --git a/cinder/values.yaml b/cinder/values.yaml index e0d7e355..c1956baa 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -52,6 +52,16 @@ database: cinder_password: password cinder_user: cinder +ceph: + enabled: true + monitors: [] + cinder_user: "admin" + cinder_pool: "volumes" + # a null value for the keyring will + # attempt to use the key from + # common/secrets/ceph-client-key + cinder_keyring: null + backends: enabled: - rbd1 @@ -108,40 +118,45 @@ dependencies: service: - mariadb - keystone-api + volume: + service: + - keystone-api + - cinder-api +# We use a different layout of the endpoints here to account for versioning +# this swaps the service name and type, and should be rolled out to other +# services. endpoints: - keystone: + identity: + name: keystone hosts: default: keystone-api path: /v3 - type: identity scheme: 'http' port: admin: 35357 public: 5000 - cinder: + volume: + name: cinder hosts: default: cinder-api path: '/v1/%(tenant_id)s' - type: volume scheme: 'http' port: api: 8776 - cinderv2: + volumev2: name: cinder hosts: default: cinder-api path: '/v2/%(tenant_id)s' - type: volumev2 scheme: 'http' port: api: 8776 - cinderv3: + volumev3: name: cinder hosts: default: cinder-api path: '/v3/%(tenant_id)s' - type: volumev3 scheme: 'http' port: api: 8776 From f34441a373651b5db424a125eeeab775d8d9a4b7 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:52:29 +0000 Subject: [PATCH 23/54] Cinder Ceph RBD backend This commit adds support for a Ceph RBD backend --- cinder/templates/configmap-etc.yaml | 4 + cinder/templates/deployment-volume.yaml | 74 +++++++++++++++++++ cinder/templates/etc/_ceph-cinder.keyring.tpl | 6 ++ cinder/templates/etc/_ceph.conf.tpl | 16 ++++ cinder/values.yaml | 1 + 5 files changed, 101 insertions(+) create mode 100644 cinder/templates/deployment-volume.yaml create mode 100644 cinder/templates/etc/_ceph-cinder.keyring.tpl create mode 100644 cinder/templates/etc/_ceph.conf.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index d3c2bab3..9563ed87 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,3 +7,7 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + ceph.conf: |+ +{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} + ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ +{{ tuple "etc/_ceph-cinder.keyring.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml new file mode 100644 index 00000000..24d57636 --- /dev/null +++ b/cinder/templates/deployment-volume.yaml @@ -0,0 +1,74 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-volume +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-volume + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-volume + image: {{ .Values.images.volume }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-volume + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cephconf + configMap: + name: cinder-etc + - name: cephclientcinderkeyring + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_ceph-cinder.keyring.tpl b/cinder/templates/etc/_ceph-cinder.keyring.tpl new file mode 100644 index 00000000..fb65f1ff --- /dev/null +++ b/cinder/templates/etc/_ceph-cinder.keyring.tpl @@ -0,0 +1,6 @@ +[client.{{ .Values.ceph.cinder_user }}] +{{- if .Values.ceph.cinder_keyring }} + key = {{ .Values.ceph.cinder_keyring }} +{{- else }} + key = {{- include "secrets/ceph-client-key" . -}} +{{- end }} diff --git a/cinder/templates/etc/_ceph.conf.tpl b/cinder/templates/etc/_ceph.conf.tpl new file mode 100644 index 00000000..7d2576bf --- /dev/null +++ b/cinder/templates/etc/_ceph.conf.tpl @@ -0,0 +1,16 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.monitors }} +[mon] +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/cinder/values.yaml b/cinder/values.yaml index c1956baa..a08d3923 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -17,6 +17,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" keystone: From 3f491f5be71343f1657b23ae3ec4b15f011c0997 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:59:56 +0000 Subject: [PATCH 24/54] Cinder add policy.json --- cinder/templates/configmap-etc.yaml | 2 + cinder/templates/deployment-api.yaml | 7 ++ cinder/templates/etc/_policy.json.tpl | 138 ++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 cinder/templates/etc/_policy.json.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 9563ed87..bb3b8f8c 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,6 +7,8 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} ceph.conf: |+ {{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 4cd72f3a..037fdf91 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -63,6 +63,10 @@ spec: mountPath: /etc/cinder/api-paste.ini subPath: api-paste.ini readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true volumes: - name: pod-etc-cinder emptyDir: {} @@ -74,3 +78,6 @@ spec: - name: cinderpaste configMap: name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_policy.json.tpl b/cinder/templates/etc/_policy.json.tpl new file mode 100644 index 00000000..88183720 --- /dev/null +++ b/cinder/templates/etc/_policy.json.tpl @@ -0,0 +1,138 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True", + + "volume:create": "", + "volume:delete": "rule:admin_or_owner", + "volume:get": "rule:admin_or_owner", + "volume:get_all": "rule:admin_or_owner", + "volume:get_volume_metadata": "rule:admin_or_owner", + "volume:create_volume_metadata": "rule:admin_or_owner", + "volume:delete_volume_metadata": "rule:admin_or_owner", + "volume:update_volume_metadata": "rule:admin_or_owner", + "volume:get_volume_admin_metadata": "rule:admin_api", + "volume:update_volume_admin_metadata": "rule:admin_api", + "volume:get_snapshot": "rule:admin_or_owner", + "volume:get_all_snapshots": "rule:admin_or_owner", + "volume:create_snapshot": "rule:admin_or_owner", + "volume:delete_snapshot": "rule:admin_or_owner", + "volume:update_snapshot": "rule:admin_or_owner", + "volume:get_snapshot_metadata": "rule:admin_or_owner", + "volume:delete_snapshot_metadata": "rule:admin_or_owner", + "volume:update_snapshot_metadata": "rule:admin_or_owner", + "volume:extend": "rule:admin_or_owner", + "volume:update_readonly_flag": "rule:admin_or_owner", + "volume:retype": "rule:admin_or_owner", + "volume:update": "rule:admin_or_owner", + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:access_types_qos_specs_id": "rule:admin_api", + "volume_extension:access_types_extra_specs": "rule:admin_api", + "volume_extension:volume_type_access": "rule:admin_or_owner", + "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api", + "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api", + "volume_extension:volume_type_encryption": "rule:admin_api", + "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", + "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner", + "volume_extension:volume_image_metadata": "rule:admin_or_owner", + + "volume_extension:quotas:show": "", + "volume_extension:quotas:update": "rule:admin_api", + "volume_extension:quotas:delete": "rule:admin_api", + "volume_extension:quota_classes": "rule:admin_api", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api", + + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", + "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", + "volume_extension:backup_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", + + "volume_extension:volume_actions:upload_public": "rule:admin_api", + "volume_extension:volume_actions:upload_image": "rule:admin_or_owner", + + "volume_extension:volume_host_attribute": "rule:admin_api", + "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", + "volume_extension:volume_mig_status_attribute": "rule:admin_api", + "volume_extension:hosts": "rule:admin_api", + "volume_extension:services:index": "rule:admin_api", + "volume_extension:services:update" : "rule:admin_api", + + "volume_extension:volume_manage": "rule:admin_api", + "volume_extension:volume_unmanage": "rule:admin_api", + "volume_extension:list_manageable": "rule:admin_api", + + "volume_extension:capabilities": "rule:admin_api", + + "volume:create_transfer": "rule:admin_or_owner", + "volume:accept_transfer": "", + "volume:delete_transfer": "rule:admin_or_owner", + "volume:get_transfer": "rule:admin_or_owner", + "volume:get_all_transfers": "rule:admin_or_owner", + + "volume_extension:replication:promote": "rule:admin_api", + "volume_extension:replication:reenable": "rule:admin_api", + + "volume:failover_host": "rule:admin_api", + "volume:freeze_host": "rule:admin_api", + "volume:thaw_host": "rule:admin_api", + + "backup:create" : "", + "backup:delete": "rule:admin_or_owner", + "backup:get": "rule:admin_or_owner", + "backup:get_all": "rule:admin_or_owner", + "backup:restore": "rule:admin_or_owner", + "backup:backup-import": "rule:admin_api", + "backup:backup-export": "rule:admin_api", + "backup:update": "rule:admin_or_owner", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "", + "snapshot_extension:snapshot_manage": "rule:admin_api", + "snapshot_extension:snapshot_unmanage": "rule:admin_api", + "snapshot_extension:list_manageable": "rule:admin_api", + + "consistencygroup:create" : "group:nobody", + "consistencygroup:delete": "group:nobody", + "consistencygroup:update": "group:nobody", + "consistencygroup:get": "group:nobody", + "consistencygroup:get_all": "group:nobody", + + "consistencygroup:create_cgsnapshot" : "group:nobody", + "consistencygroup:delete_cgsnapshot": "group:nobody", + "consistencygroup:get_cgsnapshot": "group:nobody", + "consistencygroup:get_all_cgsnapshots": "group:nobody", + + "group:group_types_manage": "rule:admin_api", + "group:group_types_specs": "rule:admin_api", + "group:access_group_types_specs": "rule:admin_api", + "group:group_type_access": "rule:admin_or_owner", + + "group:create" : "", + "group:delete": "rule:admin_or_owner", + "group:update": "rule:admin_or_owner", + "group:get": "rule:admin_or_owner", + "group:get_all": "rule:admin_or_owner", + + "group:create_group_snapshot": "", + "group:delete_group_snapshot": "rule:admin_or_owner", + "group:update_group_snapshot": "rule:admin_or_owner", + "group:get_group_snapshot": "rule:admin_or_owner", + "group:get_all_group_snapshots": "rule:admin_or_owner", + + "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api", + "message:delete": "rule:admin_or_owner", + "message:get": "rule:admin_or_owner", + "message:get_all": "rule:admin_or_owner", + + "clusters:get": "rule:admin_api", + "clusters:get_all": "rule:admin_api", + "clusters:update": "rule:admin_api" +} From 3163f1e64cb5edb15692f5876e8d37f1848edb0d Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:06:56 +0000 Subject: [PATCH 25/54] Add configmap hashing and rolling update to cinder This brings Cinder in line with the following PRs: * https://github.com/att-comdev/openstack-helm/pull/98 * https://github.com/att-comdev/openstack-helm/pull/97 --- cinder/templates/deployment-api.yaml | 12 +++++++++++- cinder/templates/deployment-volume.yaml | 12 +++++++++++- cinder/values.yaml | 11 ++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 037fdf91..6abc136d 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 24d57636..81922f5a 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-volume spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.volume }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-volume annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/values.yaml b/cinder/values.yaml index a08d3923..2da493a3 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -3,7 +3,9 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 +replicas: + api: 1 + volume: 1 labels: node_selector_key: openstack-control-plane @@ -20,6 +22,13 @@ images: volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" From a5688da7f5e51da62a19679e266498c4fcf78195 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:17:18 +0000 Subject: [PATCH 26/54] Fix Cinder conf Keystone Endpoint --- cinder/templates/etc/_cinder.conf.tpl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 12536060..2934c28e 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,8 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 192bcd69cc372095b4f988536f618ff21dde0695 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 03:02:59 +0000 Subject: [PATCH 27/54] Cinder revert cinder.conf keystone endpoints Untill the endpoint values.yaml is brought into line with other services, we need to use the old method of setting the keystone URL in cinder.conf. --- cinder/templates/etc/_cinder.conf.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 2934c28e..9ffe7406 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,7 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_url = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ .Values.keystone.auth_url }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 831f63d486ccb08f92a71434b3541a622f1788b4 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 10 Jan 2017 19:03:57 +0000 Subject: [PATCH 28/54] Update Cinder PR to enable Ceph Backend --- cinder/templates/deployment-scheduler.yaml | 88 ++++++++++++++++++++++ cinder/templates/etc/_cinder.conf.tpl | 8 ++ cinder/values.yaml | 11 ++- 3 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 cinder/templates/deployment-scheduler.yaml diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml new file mode 100644 index 00000000..fabcf336 --- /dev/null +++ b/cinder/templates/deployment-scheduler.yaml @@ -0,0 +1,88 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-scheduler +spec: + replicas: {{ .Values.replicas.scheduler }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} + template: + metadata: + labels: + app: cinder-scheduler + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-scheduler + image: {{ .Values.images.scheduler }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-scheduler + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 9ffe7406..a576fe1f 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -20,6 +20,10 @@ enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} auth_strategy = keystone os_region_name = {{ .Values.keystone.cinder_region_name }} +# ensures that our volume worker service-list doesn't +# explode with dead agents from terminated containers +# by pinning the agent identifier +host=cinder-volume-worker [database] connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} @@ -51,6 +55,10 @@ rbd_flatten_volume_from_snapshot = false rbd_max_clone_depth = 5 rbd_store_chunk_size = 4 rados_connect_timeout = -1 +{{- if .Values.backends.rbd1.secret }} rbd_user = {{ .Values.backends.rbd1.user }} +{{- else }} +rbd_secret_uuid = {{- include "secrets/ceph-client-key" . -}} +{{- end }} rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} report_discard_supported = True diff --git a/cinder/values.yaml b/cinder/values.yaml index 2da493a3..5ea0cb62 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -6,6 +6,7 @@ replicas: api: 1 volume: 1 + scheduler: 1 labels: node_selector_key: openstack-control-plane @@ -19,6 +20,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" @@ -66,7 +68,6 @@ ceph: enabled: true monitors: [] cinder_user: "admin" - cinder_pool: "volumes" # a null value for the keyring will # attempt to use the key from # common/secrets/ceph-client-key @@ -76,8 +77,8 @@ backends: enabled: - rbd1 rbd1: - secret: "" - user: "cinder" + secret: null + user: "admin" pool: "volumes" glance: @@ -132,6 +133,10 @@ dependencies: service: - keystone-api - cinder-api + scheduler: + service: + - keystone-api + - cinder-api # We use a different layout of the endpoints here to account for versioning # this swaps the service name and type, and should be rolled out to other From d5d3a6fda55be913125382b7c11b6ba232b3490f Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 10 Jan 2017 15:22:50 -0800 Subject: [PATCH 29/54] Fix daemonset dependency name to match neutron rename --- nova/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/values.yaml b/nova/values.yaml index 179eae08..3444ef81 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -149,7 +149,7 @@ dependencies: - keystone-api - nova-api daemonset: - - nova-libvirt + - ovs-agent libvirt: jobs: - nova-init From 6f124d51072faa350da668708f9547070f833f19 Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Wed, 11 Jan 2017 15:01:58 +0100 Subject: [PATCH 30/54] Adding NodeSelector field to Jobs According to #101 Signed-off-by: DTadrzak --- cinder/templates/job-db-init.yaml | 2 ++ cinder/templates/job-db-sync.yaml | 2 ++ cinder/templates/job-ks-endpoints.yaml.yaml | 2 ++ cinder/templates/job-ks-service.yaml | 2 ++ cinder/templates/job-ks-user.yaml | 2 ++ glance/templates/db-sync.yaml | 2 ++ glance/templates/init.yaml | 2 ++ heat/templates/job-db-init.yaml | 2 ++ heat/templates/job-db-sync.yaml | 2 ++ heat/templates/job-ks-endpoints.yaml.yaml | 2 ++ heat/templates/job-ks-service.yaml | 2 ++ heat/templates/job-ks-user.yaml | 2 ++ keystone/templates/job-db-sync.yaml | 2 ++ keystone/templates/job-init.yaml | 2 ++ mariadb/templates/job-seed.yaml | 2 ++ neutron/templates/job-db-sync.yaml | 2 ++ neutron/templates/job-init.yaml | 2 ++ neutron/templates/job-post.yaml | 2 ++ nova/templates/job-db-sync.yaml | 2 ++ nova/templates/job-init.yaml | 2 ++ nova/templates/job-post.yaml | 2 ++ 21 files changed, 42 insertions(+) diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index 6d59153e..951c6d17 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-db-init image: {{ .Values.images.db_init | quote }} diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 6be19e70..b44d4799 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-db-sync image: {{ .Values.images.db_sync }} diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 999aed4e..936a866b 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index d7035eb8..6a6f32a4 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} - name: {{ $osServiceType }}-ks-service-registration diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index b8cdec3d..66908639 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: cinder-ks-user image: {{ .Values.images.ks_user }} diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml index 1b65da9e..fe0c1f56 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: glance-db-sync image: {{ .Values.images.db_sync }} diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml index 5d8baa0c..48b97a7c 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: glance-init image: {{ .Values.images.init }} diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index affd8569..de256fbd 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-db-init image: {{ .Values.images.db_init | quote }} diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 3c66c4c5..8a7f90f3 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-db-sync image: {{ .Values.images.db_sync }} diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index 4b3f3003..d82c4fd5 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index 3ce06a12..651422c3 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -31,6 +31,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: {{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} - name: {{ $osServiceName }}-ks-service-registration diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index 66981c9f..89c2d21f 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -34,6 +34,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-ks-user image: {{ .Values.images.ks_user }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index a1fe50e1..c1f49542 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: keystone-db-sync image: {{ .Values.images.db_sync }} diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index fa9f6808..1f395255 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: keystone-init image: {{ .Values.images.init }} diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml index 3b84b283..0495174a 100644 --- a/mariadb/templates/job-seed.yaml +++ b/mariadb/templates/job-seed.yaml @@ -10,6 +10,8 @@ spec: app: mariadb spec: restartPolicy: Never + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: mariadb-init image: {{ .Values.images.mariadb }} diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index 1514fe87..ff546f79 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-db-sync image: {{ .Values.images.db_sync }} diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml index c21cd693..ef29d574 100644 --- a/neutron/templates/job-init.yaml +++ b/neutron/templates/job-init.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-init image: {{ .Values.images.init }} diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml index 936d299f..847a1927 100644 --- a/neutron/templates/job-post.yaml +++ b/neutron/templates/job-post.yaml @@ -6,6 +6,8 @@ spec: template: spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: neutron-post image: {{ .Values.images.post }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 013ad075..da81fe0e 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 70c87364..2ca37335 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-init image: {{ .Values.image.init }} diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 2c6fd237..e22373e0 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -33,6 +33,8 @@ spec: ]' spec: restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-post image: {{ .Values.image.post }} From da00a3edf680af8d015b93c47a41e51b878e8256 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Thu, 12 Jan 2017 11:19:58 -0600 Subject: [PATCH 31/54] Removed the ``worker`` from keystone configuration The configuration of ``worker`` can be removed for two reasons: * In Mitaka (and onward), it is two separate parameters: ``public_workers`` and ``admin_workers`` under section [eventlet_server], as shown in [1]. In master (Ocata), these options were removed. * In the preferred keystone deployment of using u/wsgi, and not eventlet server, this setting does not really take effect - as Apache will manage this instead of keystone. These options can be removed. Also, removed extra EOL spaces. [1] https://github.com/openstack/keystone/blob/stable/mitaka/etc/keystone.conf.sample#L678-L696 --- keystone/templates/etc/_keystone.conf.tpl | 1 - keystone/values.yaml | 7 +++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl index 58603001..a503b4a0 100644 --- a/keystone/templates/etc/_keystone.conf.tpl +++ b/keystone/templates/etc/_keystone.conf.tpl @@ -2,7 +2,6 @@ debug = {{ .Values.misc.debug }} use_syslog = False use_stderr = True -workers = {{ .Values.misc.workers }} [database] connection = mysql+pymysql://{{ .Values.database.keystone_user }}:{{ .Values.database.keystone_password }}@{{ include "keystone_db_host" . }}/{{ .Values.database.keystone_database_name }} diff --git a/keystone/values.yaml b/keystone/values.yaml index a89452e1..e6ead52a 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -38,11 +38,11 @@ network: # alanmeadows(TODO): I seem unable to use {{ .IP }} here # but it does work for wsrep.conf in mariadb, I have spent # time trying to figure this out am completely stumped - # + # # helm --debug --dry-run shows me that the config map # contains {{ .IP }} but its simply translated by K8s # to "" - ip_address: "0.0.0.0" + ip_address: "0.0.0.0" database: port: 3306 @@ -53,12 +53,11 @@ database: keystone_user: keystone misc: - workers: 8 debug: false dependencies: api: - jobs: + jobs: - mariadb-seed - keystone-db-sync service: From d9a390e0c7ac00aaa47885feb245a266d634e672 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 12 Jan 2017 21:44:09 +0000 Subject: [PATCH 32/54] Use Upstream Memcached Image This commit changes the default Memcached Image to the Upstream: * https://hub.docker.com/_/memcached/ --- memcached/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memcached/values.yaml b/memcached/values.yaml index c00dcdcc..62ed983c 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -4,7 +4,7 @@ # name: value images: - memcached: quay.io/stackanetes/stackanetes-memcached:newton + memcached: docker.io/memcached:latest pull_policy: "IfNotPresent" upgrades: From db0db427eee9ab393c9f2834e15f3da293f2206e Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 12 Jan 2017 14:51:36 -0800 Subject: [PATCH 33/54] Critical fixes required for 0.1.0 tagging * Add imagePullPolicy to ceph with default * Add imagePullPolicy to mariadb with default * Add missing imagePullPolicies to nova with defaults * Remove malfunctioning daemonset dependency from nova * Add missing neutron endpoint definition to nova values * Force v4 networking in ceph. Repeated bootstrapping is unreliable without this. * Update cinder dependencies based on testing * Optonal Horizon NodePort * Revert iptables stub for nova-api-osapi because we lack permississions to overwrite /sbin/iptables. We will continue to run in a privileged security context until we have a working solution. --- ceph/templates/daemonset-osd.yaml | 2 +- ceph/templates/deployment-mds.yaml | 1 + ceph/templates/deployment-moncheck.yaml | 6 +++--- ceph/templates/deployment-rgw.yaml | 1 + ceph/templates/statefulset-mon.yaml | 4 ++-- ceph/values.yaml | 1 + cinder/templates/deployment-volume.yaml | 4 ++++ cinder/values.yaml | 12 +++++++++-- horizon/templates/service.yaml | 12 +++++++++++ horizon/values.yaml | 2 ++ mariadb/templates/deployment.yaml | 2 +- mariadb/templates/job-seed.yaml | 2 +- mariadb/values.yaml | 1 + nova/templates/bin/_start-osapi.sh.tpl | 23 --------------------- nova/templates/configmap-bin.yaml | 2 -- nova/templates/daemonset-compute.yaml | 6 +----- nova/templates/daemonset-libvirt.yaml | 2 +- nova/templates/deployment-api-metadata.yaml | 14 +++++++------ nova/templates/deployment-api-osapi.yaml | 23 ++++++++------------- nova/templates/deployment-conductor.yaml | 1 + nova/templates/deployment-consoleauth.yaml | 1 + nova/templates/deployment-scheduler.yaml | 1 + nova/values.yaml | 8 +++++++ 23 files changed, 70 insertions(+), 61 deletions(-) delete mode 100644 nova/templates/bin/_start-osapi.sh.tpl diff --git a/ceph/templates/daemonset-osd.yaml b/ceph/templates/daemonset-osd.yaml index 1ad4b24f..9f85d599 100644 --- a/ceph/templates/daemonset-osd.yaml +++ b/ceph/templates/daemonset-osd.yaml @@ -40,7 +40,7 @@ spec: containers: - name: osd-pod image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} volumeMounts: - name: devices mountPath: /dev diff --git a/ceph/templates/deployment-mds.yaml b/ceph/templates/deployment-mds.yaml index 9a4f5ead..0485c5e7 100644 --- a/ceph/templates/deployment-mds.yaml +++ b/ceph/templates/deployment-mds.yaml @@ -34,6 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6800 env: diff --git a/ceph/templates/deployment-moncheck.yaml b/ceph/templates/deployment-moncheck.yaml index aa829b09..459074f0 100644 --- a/ceph/templates/deployment-moncheck.yaml +++ b/ceph/templates/deployment-moncheck.yaml @@ -34,7 +34,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: 6789 env: @@ -42,8 +42,8 @@ spec: value: MON_HEALTH - name: KV_TYPE value: k8s - - name: MON_IP_AUTO_DETECT - value: "1" + - name: NETWORK_AUTO_DETECT + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/templates/deployment-rgw.yaml b/ceph/templates/deployment-rgw.yaml index a22c2ad3..57ba1c95 100644 --- a/ceph/templates/deployment-rgw.yaml +++ b/ceph/templates/deployment-rgw.yaml @@ -36,6 +36,7 @@ spec: containers: - name: ceph-rgw image: {{ .Values.images.daemon }} + imagePullPolicy: {{ .Values.images.pull_policy }} ports: - containerPort: {{ .Values.network.port.rgw_target }} env: diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml index 5ef33cd8..d7971a72 100644 --- a/ceph/templates/statefulset-mon.yaml +++ b/ceph/templates/statefulset-mon.yaml @@ -58,7 +58,7 @@ spec: containers: - name: ceph-mon image: {{ .Values.images.daemon }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} lifecycle: preStop: exec: @@ -73,7 +73,7 @@ spec: - name: KV_TYPE value: k8s - name: NETWORK_AUTO_DETECT - value: "1" + value: "4" - name: CLUSTER value: ceph volumeMounts: diff --git a/ceph/values.yaml b/ceph/values.yaml index 33c6da24..b88644a6 100644 --- a/ceph/values.yaml +++ b/ceph/values.yaml @@ -18,6 +18,7 @@ service: images: daemon: quay.io/attcomdev/ceph-daemon:latest + pull_policy: IfNotPresent labels: node_selector_key: ceph-storage diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 81922f5a..7f6cc18b 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -33,6 +33,10 @@ spec: "name": "DEPENDENCY_SERVICE", "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}" + }, { "name": "COMMAND", "value": "echo done" diff --git a/cinder/values.yaml b/cinder/values.yaml index 5ea0cb62..120d4d48 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -14,11 +14,11 @@ labels: images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton @@ -130,10 +130,18 @@ dependencies: - mariadb - keystone-api volume: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api scheduler: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints service: - keystone-api - cinder-api diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml index 1c2fe386..a8b59d76 100644 --- a/horizon/templates/service.yaml +++ b/horizon/templates/service.yaml @@ -4,6 +4,18 @@ metadata: name: horizon spec: ports: + {{ if .Values.network.enable_node_port }} + - nodePort: {{ .Values.network.node_port }} + port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ else }} - port: {{ .Values.network.port }} + protocol: TCP + targetPort: {{ .Values.network.port }} + {{ end }} selector: app: horizon + {{ if .Values.network.enable_node_port }} + type: NodePort + {{ end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index a7d97e61..f9a19fd4 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -23,6 +23,8 @@ labels: network: port: 80 + node_port: 30000 + enable_node_port: false local_settings: horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c diff --git a/mariadb/templates/deployment.yaml b/mariadb/templates/deployment.yaml index 3867213f..8a456ee3 100644 --- a/mariadb/templates/deployment.yaml +++ b/mariadb/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: containers: - name: {{ .Values.service_name }} image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml index 0495174a..c8930621 100644 --- a/mariadb/templates/job-seed.yaml +++ b/mariadb/templates/job-seed.yaml @@ -15,7 +15,7 @@ spec: containers: - name: mariadb-init image: {{ .Values.images.mariadb }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} env: - name: INTERFACE_NAME value: "eth0" diff --git a/mariadb/values.yaml b/mariadb/values.yaml index ce3656a6..0a13e965 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -26,6 +26,7 @@ service_name: mariadb images: mariadb: quay.io/stackanetes/stackanetes-mariadb:newton + pull_policy: IfNotPresent volume: class_path: volume.beta.kubernetes.io/storage-class diff --git a/nova/templates/bin/_start-osapi.sh.tpl b/nova/templates/bin/_start-osapi.sh.tpl deleted file mode 100644 index a2bf2a2f..00000000 --- a/nova/templates/bin/_start-osapi.sh.tpl +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -set -ex - -# -# start nova-api-osapi service -# -# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges -# by stubbing in a fake iptables scripts - -echo </tmp/iptables -#!/bin/sh -# nova-api-metadata trys to run some iptables commands -# This enables the api-only container to run without NET_ADMIN privileges -true -EOF - -# make it executable and copy it over whatever iptables may be underneath in this image -chmod +x /tmp/iptables -cp -p /tmp/iptables /sbin/iptables -cp -p /tmp/iptables /sbin/iptables-restore -cp -p /tmp/iptables /sbin/iptables-save - -exec nova-api --config-file /etc/nova/nova.conf \ No newline at end of file diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index f3d1fca6..78573783 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -7,8 +7,6 @@ data: {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} - start-osapi.sh: | -{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }} post.sh: | {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} libvirt.sh: | diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 26299ea0..f9fcafd9 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -32,10 +32,6 @@ spec: "name": "DEPENDENCY_JOBS", "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" }, - { - "name": "DEPENDENCY_DAEMONSET", - "value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}" - }, { "name": "COMMAND", "value": "echo done" @@ -54,7 +50,7 @@ spec: containers: - name: nova-compute image: {{ .Values.image.compute }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 6ffa346f..3511c0a2 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -49,7 +49,7 @@ spec: containers: - name: nova-libvirt image: {{ .Values.image.libvirt }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: privileged: true command: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 52e21cc1..2e1a6929 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-api + name: nova-api-metadata spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -15,7 +15,7 @@ spec: template: metadata: labels: - app: nova-api + app: nova-api-metadata annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} @@ -52,20 +52,22 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-api + - name: nova-api-metadata image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: capabilities: add: - NET_ADMIN command: - - nova-api-metadata --config-file=/etc/nova/nova.conf + - nova-api-metadata + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.metadata }} readinessProbe: tcpSocket: - port: {{ .Values.network.port.osapi }} + port: {{ .Values.network.port.metadata }} volumeMounts: - name: novaconf mountPath: /etc/nova/nova.conf @@ -76,4 +78,4 @@ spec: name: nova-etc items: - key: nova.conf - path: nova.conf \ No newline at end of file + path: nova.conf diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 5c294db2..b37fe438 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -1,7 +1,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: nova-osapi + name: nova-api-osapi spec: replicas: {{ .Values.control_replicas }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} @@ -52,11 +52,16 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-osapi + - name: nova-api-osapi image: {{ .Values.image.api }} + imagePullPolicy: {{ .Values.image.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN command: - - bash - - /tmp/start-osapi.sh + - nova-api + - --config-file=/etc/nova/nova.conf ports: - containerPort: {{ .Values.network.port.osapi }} readinessProbe: @@ -66,10 +71,6 @@ spec: - name: novaconf mountPath: /etc/nova/nova.conf subPath: nova.conf - volumeMounts: - - name: startsh - mountPath: /tmp/start-osapi.sh - subPath: start-osapi.sh volumes: - name: novaconf configMap: @@ -77,9 +78,3 @@ spec: items: - key: nova.conf path: nova.conf - - name: startsh - configMap: - name: nova-bin - items: - - key: start-osapi.sh - path: start-osapi.sh diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index e5977ef4..1d300e10 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-conductor image: {{ .Values.image.conductor }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-conductor - --config-file diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index d5688579..453647b4 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-consoleauth image: {{ .Values.image.consoleauth }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-consoleauth - --config-file diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 27cf414e..ebef279b 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -54,6 +54,7 @@ spec: containers: - name: nova-scheduler image: {{ .Values.image.scheduler }} + imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-scheduler - --config-file diff --git a/nova/values.yaml b/nova/values.yaml index 3444ef81..199e2e21 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -209,3 +209,11 @@ endpoints: port: admin: 35357 public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696 From d43b95a1526bf9a9626185c3141f683a0d372516 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 12 Jan 2017 15:23:09 -0800 Subject: [PATCH 34/54] Allow specifying the keystone token provider The new default for mitaka+ is fernet tokens which not all container images support. This allows the operator to specify the token provider, allowing uuid token usage in images which is required until the infrastructure to setup and distribute fernet keys is created. --- keystone/templates/etc/_keystone.conf.tpl | 5 ++++- keystone/values.yaml | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl index a503b4a0..573eba9e 100644 --- a/keystone/templates/etc/_keystone.conf.tpl +++ b/keystone/templates/etc/_keystone.conf.tpl @@ -1,5 +1,5 @@ [DEFAULT] -debug = {{ .Values.misc.debug }} +debug = {{ .Values.api.default.debug }} use_syslog = False use_stderr = True @@ -10,6 +10,9 @@ max_retries = -1 [memcache] servers = {{ include "memcached_host" . }}:11211 +[token] +provider = {{ .Values.api.token.provider }} + [cache] backend = dogpile.cache.memcached memcache_servers = {{ include "memcached_host" . }}:11211 diff --git a/keystone/values.yaml b/keystone/values.yaml index e6ead52a..a4a84a67 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -31,6 +31,12 @@ keystone: admin_password: password admin_project_name: admin +api: + default: + debug: false + token: + provider: uuid + network: port: admin: 35357 @@ -52,9 +58,6 @@ database: keystone_password: password keystone_user: keystone -misc: - debug: false - dependencies: api: jobs: From f1ef55de6ec8768a91bd3cda94cb5f74f22411bd Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 12 Jan 2017 23:50:26 +0000 Subject: [PATCH 35/54] Update Heat to mount Policy at engine statefulsets and set client endpoints --- heat/templates/etc/_heat.conf.tpl | 8 ++++++++ heat/templates/statefulset-engine.yaml | 7 +++++++ heat/values.yaml | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index e902fe71..b268a6ec 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -80,3 +80,11 @@ region_name = {{ .Values.keystone.heat_trustee_region_name }} user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} username = {{ .Values.keystone.heat_trustee_user }} password = {{ .Values.keystone.heat_trustee_password }} + + +[clients] +endpoint_type = internalURL + +[clients_keystone] +endpoint_type = internalURL +auth_uri = {{ include "endpoint_keystone_internal" . }} diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 0478e391..36aacba3 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -55,6 +55,10 @@ spec: mountPath: /etc/heat/conf/heat.conf subPath: heat.conf readOnly: true + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json + readOnly: true volumes: - name: pod-etc-heat emptyDir: {} @@ -63,3 +67,6 @@ spec: - name: heatconf configMap: name: heat-etc + - name: heatpolicy + configMap: + name: heat-etc diff --git a/heat/values.yaml b/heat/values.yaml index 6373aa22..ecd9c02c 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -108,7 +108,7 @@ resources: workers: 8 misc: - debug: false + debug: true secrets: keystone_admin: From fcc594aac86714f52204ab7f1d9c5d19af86f7bf Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Wed, 11 Jan 2017 14:29:04 +0100 Subject: [PATCH 36/54] Adding: templates for init-containers. Unfortunately I need to break it for two templates, because i don't how to pass two variables to template. PR also adjust layout of configuration files in Nova. Signed-off-by: DTadrzak --- cinder/templates/deployment-api.yaml | 27 ++------------- cinder/templates/deployment-scheduler.yaml | 27 ++------------- cinder/templates/deployment-volume.yaml | 27 ++------------- cinder/templates/job-db-init.yaml | 27 ++------------- cinder/templates/job-db-sync.yaml | 27 ++------------- cinder/templates/job-ks-endpoints.yaml.yaml | 23 ++----------- cinder/templates/job-ks-service.yaml | 23 ++----------- cinder/templates/job-ks-user.yaml | 23 ++----------- common/templates/_funcs.tpl | 35 +++++++++++++++++++ glance/templates/api.yaml | 28 ++-------------- glance/templates/db-sync.yaml | 27 ++------------- glance/templates/init.yaml | 27 ++------------- glance/templates/post.yaml | 27 ++------------- glance/templates/registry.yaml | 27 ++------------- glance/values.yaml | 1 + heat/templates/deployment-api.yaml | 27 ++------------- heat/templates/deployment-cfn.yaml | 27 ++------------- heat/templates/deployment-cloudwatch.yaml | 27 ++------------- heat/templates/job-db-init.yaml | 27 ++------------- heat/templates/job-db-sync.yaml | 27 ++------------- heat/templates/job-ks-endpoints.yaml.yaml | 23 ++----------- heat/templates/job-ks-service.yaml | 23 ++----------- heat/templates/job-ks-user.yaml | 23 ++----------- heat/templates/statefulset-engine.yaml | 27 ++------------- horizon/templates/deployment.yaml | 23 ++----------- horizon/values.yaml | 2 +- keystone/templates/deployment.yaml | 33 ++---------------- keystone/templates/job-db-sync.yaml | 27 ++------------- keystone/templates/job-init.yaml | 27 ++------------- keystone/values.yaml | 2 +- nova/templates/daemonset-compute.yaml | 35 +++---------------- nova/templates/daemonset-libvirt.yaml | 35 +++---------------- nova/templates/deployment-api-metadata.yaml | 37 +++------------------ nova/templates/deployment-api-osapi.yaml | 35 +++---------------- nova/templates/deployment-conductor.yaml | 33 ++---------------- nova/templates/deployment-consoleauth.yaml | 33 ++---------------- nova/templates/deployment-scheduler.yaml | 33 ++---------------- nova/templates/job-db-sync.yaml | 31 +++-------------- nova/templates/job-init.yaml | 31 +++-------------- nova/templates/job-post.yaml | 31 +++-------------- nova/values.yaml | 4 +-- 41 files changed, 131 insertions(+), 928 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 6abc136d..64a522d0 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -19,31 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index fabcf336..57a963a4 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -19,31 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.scheduler }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 7f6cc18b..5debc134 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -19,31 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.volume }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index 951c6d17..96d36e70 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_init }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index b44d4799..5b5c75be 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_sync }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 936a866b..77835939 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -8,27 +8,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_endpoints }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index 6a6f32a4..f6832e18 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -8,27 +8,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_service }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index 66908639..fc7d50d5 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -8,27 +8,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_user }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index fe6c9a67..f6031fed 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -21,3 +21,38 @@ {{- $wtf := $context.Template.Name | replace $last $name -}} {{- include $wtf $context | sha256sum | quote -}} {{- end -}} + +{{- define "init-containers-header"}} + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | default "IfNotPresent" | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, +{{- end -}} + +{{- define "init-containers-footer" }} + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' +{{- end -}} \ No newline at end of file diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index 53e9cc77..988e34ec 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -17,35 +17,11 @@ spec: labels: app: glance-api annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - containers: - name: glance-api image: {{ .Values.images.api }} diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml index fe0c1f56..209485be 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/db-sync.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_sync }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml index 48b97a7c..f92855b1 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/init.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.init }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml index 4fe1c195..a0fa89c6 100644 --- a/glance/templates/post.yaml +++ b/glance/templates/post.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.post }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/templates/registry.yaml b/glance/templates/registry.yaml index 998d64ad..51fb9ec6 100644 --- a/glance/templates/registry.yaml +++ b/glance/templates/registry.yaml @@ -9,31 +9,8 @@ spec: labels: app: glance-registry annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.registry.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.registry.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.registry }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/values.yaml b/glance/values.yaml index a3c6886a..e4585306 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -15,6 +15,7 @@ images: init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton registry: quay.io/stackanetes/stackanetes-glance-registry:newton post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" upgrades: diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 759571c4..d05e7fa3 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -9,31 +9,8 @@ spec: labels: app: heat-api annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 94d6d55e..ca1d998e 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -9,31 +9,8 @@ spec: labels: app: heat-cfn annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.cnf }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index d4753011..3c350f40 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -9,31 +9,8 @@ spec: labels: app: heat-cloudwatch annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.cloudwatch }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index de256fbd..bad7afa0 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_init }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 8a7f90f3..aa87773e 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_sync }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index d82c4fd5..a3dbc3a4 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -8,27 +8,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_endpoints }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index 651422c3..966671dc 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -8,27 +8,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_service }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index 89c2d21f..e6218b56 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -11,27 +11,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.ks_user }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 0478e391..483d8bdf 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -10,31 +10,8 @@ spec: labels: app: heat-engine annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.engine }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index f3a65f02..2e332b67 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -19,27 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.images.entrypoint }}", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.dashboard.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.dashboard }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/horizon/values.yaml b/horizon/values.yaml index f9a19fd4..84caa6d9 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -6,7 +6,7 @@ replicas: 1 images: - entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 horizon: quay.io/stackanetes/stackanetes-horizon:newton pull_policy: "IfNotPresent" diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 49917ada..5094759d 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -18,36 +18,9 @@ spec: app: keystone-api annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.images.entrypoint }}", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index c1f49542..d85320a4 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.images.entrypoint }}", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_sync }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index 1f395255..f2e64c48 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -6,31 +6,8 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.images.entrypoint }}", - "imagePullPolicy": "{{ .Values.images.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.init }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/keystone/values.yaml b/keystone/values.yaml index e6ead52a..ccd35460 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -13,7 +13,7 @@ images: db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton api: quay.io/stackanetes/stackanetes-keystone-api:newton init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" upgrades: diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index f9fcafd9..d4fe8520 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -10,35 +10,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.compute.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.compute }} spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} @@ -49,8 +22,8 @@ spec: dnsPolicy: ClusterFirst containers: - name: nova-compute - image: {{ .Values.image.compute }} - imagePullPolicy: {{ .Values.image.pull_policy }} + image: {{ .Values.images.compute }} + imagePullPolicy: Always securityContext: privileged: true command: diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 3511c0a2..13e673e4 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -10,35 +10,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.libvirt }} spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} @@ -48,8 +21,8 @@ spec: dnsPolicy: ClusterFirst containers: - name: nova-libvirt - image: {{ .Values.image.libvirt }} - imagePullPolicy: {{ .Values.image.pull_policy }} + image: {{ .Values.images.libvirt }} + imagePullPolicy: Always securityContext: privileged: true command: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 2e1a6929..fe3ce88d 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -19,42 +19,15 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-api-metadata - image: {{ .Values.image.api }} - imagePullPolicy: {{ .Values.image.pull_policy }} + - name: nova-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} # https://bugs.launchpad.net/kolla-mesos/+bug/1546007 securityContext: capabilities: diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index b37fe438..49e998fd 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -19,41 +19,14 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.api }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-api-osapi - image: {{ .Values.image.api }} + - name: nova-osapi + image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.image.pull_policy }} securityContext: capabilities: diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 1d300e10..514e384a 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -19,41 +19,14 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.conductor }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-conductor - image: {{ .Values.image.conductor }} + image: {{ .Values.images.conductor }} imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-conductor diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 453647b4..1ee8f4e2 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -19,41 +19,14 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.consoleauth }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-consoleauth - image: {{ .Values.image.consoleauth }} + image: {{ .Values.images.consoleauth }} imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-consoleauth diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index ebef279b..4d97c2a5 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -19,41 +19,14 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.scheduler }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-scheduler - image: {{ .Values.image.scheduler }} + image: {{ .Values.images.scheduler }} imagePullPolicy: {{ .Values.image.pull_policy }} command: - nova-scheduler diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index da81fe0e..881b1681 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -6,39 +6,16 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.db_sync }} spec: restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-db-sync - image: {{ .Values.image.db_sync }} - imagePullPolicy: {{ .Values.image.pull_policy }} + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/db-sync.sh diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 2ca37335..39ee62cf 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -6,39 +6,16 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.init }} spec: restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-init - image: {{ .Values.image.init }} - imagePullPolicy: {{ .Values.image.pull_policy }} + image: {{ .Values.images.init }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/init.sh diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index e22373e0..ccf50594 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -6,39 +6,16 @@ spec: template: metadata: annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": "{{ .Values.image.entrypoint }}", - "imagePullPolicy": "{{ .Values.image.pull_policy }}", - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' + {{ include "init-containers-header" . }} + {{ include "init-containers-footer" .Values.dependencies.post }} spec: restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: nova-post - image: {{ .Values.image.post }} - imagePullPolicy: {{ .Values.image.pull_policy }} + image: {{ .Values.images.post }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/post.sh diff --git a/nova/values.yaml b/nova/values.yaml index 199e2e21..1888add5 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -12,7 +12,7 @@ labels: control_replicas: 1 compute_replicas: 1 -image: +images: init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton db_sync: quay.io/stackanetes/stackanetes-nova-api:newton api: quay.io/stackanetes/stackanetes-nova-api:newton @@ -23,7 +23,7 @@ image: compute: quay.io/stackanetes/stackanetes-nova-compute:newton libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" upgrades: From d3d38876c86ae12835e7be6f4a8aaece27abfa26 Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Fri, 13 Jan 2017 13:27:13 +0100 Subject: [PATCH 37/54] A few changes according to Alan's review. Signed-off-by: DTadrzak --- cinder/templates/deployment-api.yaml | 4 ++-- cinder/templates/deployment-scheduler.yaml | 4 ++-- cinder/templates/deployment-volume.yaml | 4 ++-- cinder/templates/job-db-init.yaml | 4 ++-- cinder/templates/job-db-sync.yaml | 4 ++-- cinder/templates/job-ks-endpoints.yaml.yaml | 4 ++-- cinder/templates/job-ks-service.yaml | 4 ++-- cinder/templates/job-ks-user.yaml | 4 ++-- common/templates/_funcs.tpl | 22 ++++++++++----------- glance/templates/api.yaml | 4 ++-- glance/templates/db-sync.yaml | 4 ++-- glance/templates/init.yaml | 4 ++-- glance/templates/post.yaml | 4 ++-- glance/templates/registry.yaml | 4 ++-- heat/templates/deployment-api.yaml | 4 ++-- heat/templates/deployment-cfn.yaml | 4 ++-- heat/templates/deployment-cloudwatch.yaml | 4 ++-- heat/templates/job-db-init.yaml | 4 ++-- heat/templates/job-db-sync.yaml | 4 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 4 ++-- heat/templates/job-ks-service.yaml | 4 ++-- heat/templates/job-ks-user.yaml | 4 ++-- heat/templates/statefulset-engine.yaml | 4 ++-- horizon/templates/deployment.yaml | 4 ++-- keystone/templates/deployment.yaml | 4 ++-- keystone/templates/job-db-sync.yaml | 4 ++-- keystone/templates/job-init.yaml | 4 ++-- mariadb_restart.sh | 9 +++++++++ nova/templates/daemonset-compute.yaml | 4 ++-- nova/templates/daemonset-libvirt.yaml | 4 ++-- nova/templates/deployment-api-metadata.yaml | 4 ++-- nova/templates/deployment-api-osapi.yaml | 4 ++-- nova/templates/deployment-conductor.yaml | 4 ++-- nova/templates/deployment-consoleauth.yaml | 4 ++-- nova/templates/deployment-scheduler.yaml | 4 ++-- nova/templates/job-db-sync.yaml | 4 ++-- nova/templates/job-init.yaml | 4 ++-- nova/templates/job-post.yaml | 4 ++-- 38 files changed, 92 insertions(+), 83 deletions(-) create mode 100644 mariadb_restart.sh diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 64a522d0..58f14d61 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index 57a963a4..38f5e7c9 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.scheduler }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.scheduler | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 5debc134..1c3d5c29 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.volume }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.volume | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index 96d36e70..d7f9f7df 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_init }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_init | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 5b5c75be..5639264b 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_sync }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 77835939..0f805100 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -8,8 +8,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_endpoints }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_endpoints | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index f6832e18..ecc181bd 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -8,8 +8,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_service }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_service | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index fc7d50d5..b25cf2f3 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -8,8 +8,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_user }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_user | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index f6031fed..abe6e194 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -22,17 +22,17 @@ {{- include $wtf $context | sha256sum | quote -}} {{- end -}} -{{- define "init-containers-header"}} - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | default "IfNotPresent" | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, +{{- define "dep-check-init-cont-header"}} +pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | default "IfNotPresent" | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, {{- end -}} {{- define "init-containers-footer" }} diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index 988e34ec..ac67d19f 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -17,8 +17,8 @@ spec: labels: app: glance-api annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml index 209485be..bae3d212 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/db-sync.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_sync }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml index f92855b1..c3d8c825 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/init.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.init }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml index a0fa89c6..e9f31743 100644 --- a/glance/templates/post.yaml +++ b/glance/templates/post.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.post }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.post | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/templates/registry.yaml b/glance/templates/registry.yaml index 51fb9ec6..59936aca 100644 --- a/glance/templates/registry.yaml +++ b/glance/templates/registry.yaml @@ -9,8 +9,8 @@ spec: labels: app: glance-registry annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.registry }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.registry | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index d05e7fa3..36c74619 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -9,8 +9,8 @@ spec: labels: app: heat-api annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index ca1d998e..b0b1e53a 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -9,8 +9,8 @@ spec: labels: app: heat-cfn annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.cnf }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.cnf | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3c350f40..3ae57ecd 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -9,8 +9,8 @@ spec: labels: app: heat-cloudwatch annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.cloudwatch }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.cloudwatch | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index bad7afa0..9e32324f 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_init }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_init | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index aa87773e..50dbc303 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_sync }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index a3dbc3a4..ffa08abd 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -8,8 +8,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_endpoints }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_endpoints | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index 966671dc..fdb25e86 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -8,8 +8,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_service }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_service | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index e6218b56..8df1fe03 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -11,8 +11,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.ks_user }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_user | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 483d8bdf..5c63da05 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -10,8 +10,8 @@ spec: labels: app: heat-engine annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.engine }} + {{ include "dep-check-init-cont-header" . }} + {{ include "dep-check-init-cont-footer" .Values.dependencies.engine }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 2e332b67..ebb98c45 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.dashboard }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.dashboard | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 5094759d..514dace9 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index d85320a4..f914435b 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_sync }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index f2e64c48..b0de33d1 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.init }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/mariadb_restart.sh b/mariadb_restart.sh new file mode 100644 index 00000000..4e99ec0f --- /dev/null +++ b/mariadb_restart.sh @@ -0,0 +1,9 @@ +helm delete mariadb --purge && rm mariadb-0.1.0.tgz && helm lint mariadb && helm package mariadb && helm install --replace --name mariadb mariadb-0.1.0.tgz +helm delete keystone --purge && rm keystone-0.1.0.tgz && helm lint keystone && helm package keystone && helm install --replace --name keystone keystone-0.1.0.tgz --dry-run +helm delete memcached --purge && rm memcached-0.1.0.tgz && helm lint memcached && helm package memcached && helm install --replace --name memcached memcached-0.1.0.tgz +helm delete common --purge && rm common-0.1.0.tgz && helm lint common && helm package common && helm install --replace --name common common-0.1.0.tgz +helm delete glance --purge && rm glance-0.1.0.tgz && helm lint glance && helm package glance && helm install --replace --name glance glance-0.1.0.tgz +helm delete nova --purge && rm nova-0.1.0.tgz && helm lint nova && helm package nova && helm install --replace --name nova nova-0.1.0.tgz +helm delete rabbitmq --purge && rm rabbitmq-0.1.0.tgz && helm lint rabbitmq && helm package rabbitmq && helm install --replace --name rabbitmq rabbitmq-0.1.0.tgz + + diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index d4fe8520..cba819b4 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -10,8 +10,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.compute }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.compute | indent 8 }} spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 13e673e4..4e3649fd 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -10,8 +10,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.libvirt }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.libvirt | indent 8 }} spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index fe3ce88d..10016e7c 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 49e998fd..75c2985e 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.api }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 514e384a..52eb790e 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.conductor }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.conductor | indent 8 }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 1ee8f4e2..1c85319c 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.consoleauth }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.consoleauth | indent 8 }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 4d97c2a5..abc86d68 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -19,8 +19,8 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.scheduler }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.scheduler | indent 8 }} spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 881b1681..dc3be342 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.db_sync }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 39ee62cf..6bd3cfd7 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.init }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index ccf50594..0aada421 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -6,8 +6,8 @@ spec: template: metadata: annotations: - {{ include "init-containers-header" . }} - {{ include "init-containers-footer" .Values.dependencies.post }} +{{ include "dep-check-init-cont-header" . | indent 8 }} +{{ include "dep-check-init-cont-footer" .Values.dependencies.post | indent 8 }} spec: restartPolicy: OnFailure nodeSelector: From f4283675d5be5e4944221e3b51d332c6b5bd07fe Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Fri, 13 Jan 2017 13:44:16 +0100 Subject: [PATCH 38/54] Adjust formatting Signed-off-by: DTadrzak --- common/templates/_funcs.tpl | 42 ++++++++++++++++++------------------- glance/templates/api.yaml | 4 ++-- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index abe6e194..dff059a9 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -22,7 +22,7 @@ {{- include $wtf $context | sha256sum | quote -}} {{- end -}} -{{- define "dep-check-init-cont-header"}} +{{- define "dep-check-init-cont-header" -}} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", @@ -35,24 +35,24 @@ pod.beta.kubernetes.io/init-containers: '[ }, {{- end -}} -{{- define "init-containers-footer" }} - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' +{{- define "dep-check-init-cont-footer" }} + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } +]' {{- end -}} \ No newline at end of file diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index ac67d19f..5690a942 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -17,8 +17,8 @@ spec: labels: app: glance-api annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} +{{- include "dep-check-init-cont-header" . | indent 8 }} +{{- include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} From f883f9742141b90a4478b81f4b19c92f1abc34c4 Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Fri, 13 Jan 2017 13:45:32 +0100 Subject: [PATCH 39/54] Update _funcs.tpl --- common/templates/_funcs.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index dff059a9..03dafc3f 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -55,4 +55,4 @@ pod.beta.kubernetes.io/init-containers: '[ ] } ]' -{{- end -}} \ No newline at end of file +{{- end -}} From 393ed4cf47177e43b94d0b98ad2bec1eebe158c1 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Fri, 13 Jan 2017 15:40:38 -0600 Subject: [PATCH 40/54] Culmination of glance changes Due to some messy rebases and a botched git history, implemented all changes into one PR --- glance/templates/bin/_init.sh.tpl | 17 ++++ glance/templates/bin/_post.sh.tpl | 42 +++++++++ .../templates/ceph.client.glance.keyring.yaml | 13 --- glance/templates/ceph.conf.yaml | 23 ----- glance/templates/configmap-bin.yaml | 9 ++ glance/templates/configmap-etc.yaml | 17 ++++ glance/templates/db-sync.sh.yaml | 10 --- .../{api.yaml => deployment-api.yaml} | 42 ++++++--- ...registry.yaml => deployment-registry.yaml} | 8 +- .../etc/_ceph.client.glance.keyring.yaml.tpl | 2 + glance/templates/etc/_ceph.conf.tpl | 16 ++++ .../templates/etc/_glance-api-paste.ini.tpl | 90 +++++++++++++++++++ glance/templates/etc/_glance-api.conf.tpl | 44 +++++++++ .../templates/etc/_glance-registry.conf.tpl | 26 ++++++ glance/templates/etc/_policy.json.tpl | 61 +++++++++++++ glance/templates/glance-api.conf.yaml | 48 ---------- glance/templates/glance-registry.conf.yaml | 34 ------- glance/templates/init.sh.yaml | 12 --- .../{db-sync.yaml => job-db-sync.yaml} | 12 +-- glance/templates/{init.yaml => job-init.yaml} | 2 +- glance/templates/{post.yaml => job-post.yaml} | 3 +- glance/templates/post.sh.yaml | 48 ---------- glance/templates/start.sh.yaml | 12 --- glance/values.yaml | 8 +- 24 files changed, 373 insertions(+), 226 deletions(-) create mode 100644 glance/templates/bin/_init.sh.tpl create mode 100644 glance/templates/bin/_post.sh.tpl delete mode 100644 glance/templates/ceph.client.glance.keyring.yaml delete mode 100644 glance/templates/ceph.conf.yaml create mode 100644 glance/templates/configmap-bin.yaml create mode 100644 glance/templates/configmap-etc.yaml delete mode 100644 glance/templates/db-sync.sh.yaml rename glance/templates/{api.yaml => deployment-api.yaml} (74%) rename glance/templates/{registry.yaml => deployment-registry.yaml} (92%) create mode 100644 glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl create mode 100644 glance/templates/etc/_ceph.conf.tpl create mode 100644 glance/templates/etc/_glance-api-paste.ini.tpl create mode 100644 glance/templates/etc/_glance-api.conf.tpl create mode 100644 glance/templates/etc/_glance-registry.conf.tpl create mode 100644 glance/templates/etc/_policy.json.tpl delete mode 100644 glance/templates/glance-api.conf.yaml delete mode 100644 glance/templates/glance-registry.conf.yaml delete mode 100644 glance/templates/init.sh.yaml rename glance/templates/{db-sync.yaml => job-db-sync.yaml} (84%) rename glance/templates/{init.yaml => job-init.yaml} (98%) rename glance/templates/{post.yaml => job-post.yaml} (97%) delete mode 100644 glance/templates/post.sh.yaml delete mode 100644 glance/templates/start.sh.yaml diff --git a/glance/templates/bin/_init.sh.tpl b/glance/templates/bin/_init.sh.tpl new file mode 100644 index 00000000..9c0daef9 --- /dev/null +++ b/glance/templates/bin/_init.sh.tpl @@ -0,0 +1,17 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.glance_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.glance_user }}' \ +password='{{ .Values.database.glance_password }}' \ +host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'" diff --git a/glance/templates/bin/_post.sh.tpl b/glance/templates/bin/_post.sh.tpl new file mode 100644 index 00000000..d46e9249 --- /dev/null +++ b/glance/templates/bin/_post.sh.tpl @@ -0,0 +1,42 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ +service_type=image \ +description='Openstack Image' \ +endpoint_region='{{ .Values.keystone.glance_region_name }}' \ +url='{{ include "endpoint_glance_api_internal" . }}' \ +interface=admin \ +region_name='{{ .Values.keystone.admin_region_name }}' \ +auth='{{ include "keystone_auth" . }}'" \ +-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ +service_type=image \ +description='Openstack Image' \ +endpoint_region='{{ .Values.keystone.glance_region_name }}' \ +url='{{ include "endpoint_glance_api_internal" . }}' \ +interface=internal \ +region_name='{{ .Values.keystone.admin_region_name }}' \ +auth='{{ include "keystone_auth" . }}'" \ +-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ +service_type=image \ +description='Openstack Image' \ +endpoint_region='{{ .Values.keystone.glance_region_name }}' \ +url='{{ include "endpoint_glance_api_internal" . }}' \ +interface=public \ +region_name='{{ .Values.keystone.admin_region_name }}' \ +auth='{{ include "keystone_auth" . }}'" \ +-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.glance_user }} \ +password={{ .Values.keystone.glance_password }} \ +role=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" . }}'" \ +-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" + diff --git a/glance/templates/ceph.client.glance.keyring.yaml b/glance/templates/ceph.client.glance.keyring.yaml deleted file mode 100644 index 91532480..00000000 --- a/glance/templates/ceph.client.glance.keyring.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-cephclientglancekeyring -data: - ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+ - [client.{{ .Values.ceph.glance_user }}] - {{- if .Values.ceph.glance_keyring }} - key = {{ .Values.ceph.glance_keyring }} - {{- else }} - key = {{- include "secrets/ceph-client-key" . -}} - {{- end }} - diff --git a/glance/templates/ceph.conf.yaml b/glance/templates/ceph.conf.yaml deleted file mode 100644 index 3c3aed30..00000000 --- a/glance/templates/ceph.conf.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-cephconf -data: - ceph.conf: |+ - [global] - rgw_thread_pool_size = 1024 - rgw_num_rados_handles = 100 - {{- if .Values.ceph.monitors }} - [mon] - {{ range .Values.ceph.monitors }} - [mon.{{ . }}] - host = {{ . }} - mon_addr = {{ . }} - {{ end }} - {{- else }} - mon_host = ceph-mon.ceph - {{- end }} - [client] - rbd_cache_enabled = true - rbd_cache_writethrough_until_flush = true - diff --git a/glance/templates/configmap-bin.yaml b/glance/templates/configmap-bin.yaml new file mode 100644 index 00000000..fe1e9d98 --- /dev/null +++ b/glance/templates/configmap-bin.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: glance-bin +data: + init.sh: |+ +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + post.sh: |+ +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml new file mode 100644 index 00000000..2ba83442 --- /dev/null +++ b/glance/templates/configmap-etc.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: glance-etc +data: + ceph.conf: |+ +{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} + ceph.client.glance.keyring: |+ +{{ tuple "etc/_ceph.client.glance.keyring.yaml.tpl" . | include "template" | indent 4 }} + glance-api.conf: |+ +{{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }} + glance-api-paste.ini: |+ +{{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }} + glance-registry.conf: |+ +{{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} diff --git a/glance/templates/db-sync.sh.yaml b/glance/templates/db-sync.sh.yaml deleted file mode 100644 index 78a95b4c..00000000 --- a/glance/templates/db-sync.sh.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-dbsyncsh -data: - db-sync.sh: |+ - #!/bin/bash - set -ex - - glance-manage db_sync diff --git a/glance/templates/api.yaml b/glance/templates/deployment-api.yaml similarity index 74% rename from glance/templates/api.yaml rename to glance/templates/deployment-api.yaml index 53e9cc77..27141cce 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/deployment-api.yaml @@ -3,7 +3,11 @@ kind: Deployment metadata: name: glance-api spec: - replicas: {{ .Values.replicas }} +{{- if .Values.development.enabled }} + replicas: 1 +{{- else }} + replicas: {{ .Values.replicas.api }} +{{- end }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }} strategy: type: {{ .Values.upgrades.pod_replacement_strategy }} @@ -51,8 +55,7 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - glance-api ports: - containerPort: {{ .Values.network.port.api }} readinessProbe: @@ -62,29 +65,46 @@ spec: - name: glanceapiconf mountPath: /etc/glance/glance-api.conf subPath: glance-api.conf - - name: startsh - mountPath: /tmp/start.sh - subPath: start.sh + - name: glanceapipaste + mountPath: /etc/glance/glance-api-paste.ini + subPath: glance-api-paste.ini - name: etcglance mountPath: /etc/glance + - name: glancepolicy + mountPath: /etc/glance/policy.json + subPath: policy.json +{{- if .Values.development.enabled }} + - name: glance-data + mountPath: /var/lib/glance/images +{{- else }} - name: cephconf mountPath: /etc/ceph/ceph.conf subPath: ceph.conf - name: cephclientglancekeyring mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring +{{- end }} volumes: - name: glanceapiconf configMap: - name: glance-glanceapiconf - - name: startsh + name: glance-etc + - name: glanceapipaste configMap: - name: glance-startsh + name: glance-etc +{{- if .Values.development.enabled }} + - name: glance-data + hostPath: + path: {{ .Values.development.storage_path }} +{{- else }} - name: cephconf configMap: - name: glance-cephconf + name: glance-etc - name: cephclientglancekeyring configMap: - name: glance-cephclientglancekeyring + name: glance-etc +{{- end }} - name: etcglance emptyDir: {} + - name: glancepolicy + configMap: + name: glance-etc diff --git a/glance/templates/registry.yaml b/glance/templates/deployment-registry.yaml similarity index 92% rename from glance/templates/registry.yaml rename to glance/templates/deployment-registry.yaml index 998d64ad..2a892429 100644 --- a/glance/templates/registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -3,7 +3,11 @@ kind: Deployment metadata: name: glance-registry spec: - replicas: {{ .Values.replicas }} +{{- if .Values.development.enabled }} + replicas: 1 +{{- else }} + replicas: {{ .Values.replicas.registry }} +{{- end }} template: metadata: labels: @@ -55,4 +59,4 @@ spec: volumes: - name: glanceregistryconf configMap: - name: glance-glanceregistryconf + name: glance-etc diff --git a/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl b/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl new file mode 100644 index 00000000..f780dada --- /dev/null +++ b/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl @@ -0,0 +1,2 @@ +[client.{{ .Values.ceph.glance_user }}] + key = {{ .Values.ceph.glance_keyring }} diff --git a/glance/templates/etc/_ceph.conf.tpl b/glance/templates/etc/_ceph.conf.tpl new file mode 100644 index 00000000..7d2576bf --- /dev/null +++ b/glance/templates/etc/_ceph.conf.tpl @@ -0,0 +1,16 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.monitors }} +[mon] +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/glance/templates/etc/_glance-api-paste.ini.tpl b/glance/templates/etc/_glance-api-paste.ini.tpl new file mode 100644 index 00000000..68790274 --- /dev/null +++ b/glance/templates/etc/_glance-api-paste.ini.tpl @@ -0,0 +1,90 @@ +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-api-trusted-auth] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user and uses cache management +[pipeline:glance-api-trusted-auth+cachemanagement] +pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:healthcheck] +paste.filter_factory = oslo_middleware:Healthcheck.factory +backends = disable_by_file +disable_by_file_path = /etc/glance/healthcheck_disable + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +delay_auth_decision = true + +[filter:gzip] +paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY #DEPRECATED +enabled = yes #DEPRECATED + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = glance +oslo_config_program = glance-api + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl new file mode 100644 index 00000000..84134e65 --- /dev/null +++ b/glance/templates/etc/_glance-api.conf.tpl @@ -0,0 +1,44 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +bind_port = {{ .Values.network.port.api }} +workers = {{ .Values.misc.workers }} +registry_host = glance-registry +# Enable Copy-on-Write +show_image_direct_url = True + +[database] +connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.glance_user }} +password = {{ .Values.keystone.glance_password }} + +[paste_deploy] +flavor = keystone + +[oslo_messaging_notifications] +driver = noop + +[glance_store] +filesystem_store_datadir = /var/lib/glance/images/ +{{- if .Values.development.enabled }} +stores = file, http +default_store = file +{{- else }} +stores = file, http, rbd +default_store = rbd +rbd_store_pool = {{ .Values.ceph.glance_pool }} +rbd_store_user = {{ .Values.ceph.glance_user }} +rbd_store_ceph_conf = /etc/ceph/ceph.conf +rbd_store_chunk_size = 8 +{{- end }} diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl new file mode 100644 index 00000000..9e4df8d9 --- /dev/null +++ b/glance/templates/etc/_glance-registry.conf.tpl @@ -0,0 +1,26 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True +bind_port = {{ .Values.network.port.registry }} +workers = {{ .Values.misc.workers }} + +[database] +connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.glance_user }} +password = {{ .Values.keystone.glance_password }} + +[paste_deploy] +flavor = keystone + +[oslo_messaging_notifications] +driver = noop diff --git a/glance/templates/etc/_policy.json.tpl b/glance/templates/etc/_policy.json.tpl new file mode 100644 index 00000000..0a058c1c --- /dev/null +++ b/glance/templates/etc/_policy.json.tpl @@ -0,0 +1,61 @@ +{ + "context_is_admin": "role:admin", + "default": "role:admin", + + "add_image": "", + "delete_image": "", + "get_image": "", + "get_images": "", + "modify_image": "", + "publicize_image": "role:admin", + "copy_from": "", + + "download_image": "", + "upload_image": "", + + "delete_image_location": "", + "get_image_location": "", + "set_image_location": "", + + "add_member": "", + "delete_member": "", + "get_member": "", + "get_members": "", + "modify_member": "", + + "manage_image_cache": "role:admin", + + "get_task": "role:admin", + "get_tasks": "role:admin", + "add_task": "role:admin", + "modify_task": "role:admin", + + "deactivate": "", + "reactivate": "", + + "get_metadef_namespace": "", + "get_metadef_namespaces":"", + "modify_metadef_namespace":"", + "add_metadef_namespace":"", + + "get_metadef_object":"", + "get_metadef_objects":"", + "modify_metadef_object":"", + "add_metadef_object":"", + + "list_metadef_resource_types":"", + "get_metadef_resource_type":"", + "add_metadef_resource_type_association":"", + + "get_metadef_property":"", + "get_metadef_properties":"", + "modify_metadef_property":"", + "add_metadef_property":"", + + "get_metadef_tag":"", + "get_metadef_tags":"", + "modify_metadef_tag":"", + "add_metadef_tag":"", + "add_metadef_tags":"" + +} diff --git a/glance/templates/glance-api.conf.yaml b/glance/templates/glance-api.conf.yaml deleted file mode 100644 index ee61d333..00000000 --- a/glance/templates/glance-api.conf.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-glanceapiconf -data: - glance-api.conf: |+ - [DEFAULT] - debug = {{ .Values.misc.debug }} - use_syslog = False - use_stderr = True - - bind_port = {{ .Values.network.port.api }} - - workers = {{ .Values.misc.workers }} - registry_host = {{ include "glance_registry_host" . }} - - # Enable Copy-on-Write - show_image_direct_url = True - - [database] - connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} - max_retries = -1 - - [keystone_authtoken] - auth_uri = {{ .Values.keystone.auth_uri }} - auth_url = {{ .Values.keystone.auth_url }} - auth_type = password - project_domain_id = default - user_domain_id = default - project_name = service - username = {{ .Values.keystone.glance_user }} - password = {{ .Values.keystone.glance_password }} - - [paste_deploy] - flavor = keystone - - [oslo_messaging_notifications] - driver = noop - - [glance_store] - filesystem_store_datadir = /var/lib/glance/images/ - stores = file, http, rbd - default_store = rbd - rbd_store_pool = {{ .Values.ceph.glance_pool }} - rbd_store_user = {{ .Values.ceph.glance_user }} - rbd_store_ceph_conf = /etc/ceph/ceph.conf - rbd_store_chunk_size = 8 - diff --git a/glance/templates/glance-registry.conf.yaml b/glance/templates/glance-registry.conf.yaml deleted file mode 100644 index 81629caa..00000000 --- a/glance/templates/glance-registry.conf.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-glanceregistryconf -data: - glance-registry.conf: |+ - [DEFAULT] - debug = {{ .Values.misc.debug }} - use_syslog = False - use_stderr = True - - bind_port = {{ .Values.network.port.registry }} - - workers = {{ .Values.misc.workers }} - - [database] - connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} - max_retries = -1 - - [keystone_authtoken] - auth_uri = {{ .Values.keystone.auth_uri }} - auth_url = {{ .Values.keystone.auth_url }} - auth_type = password - project_domain_id = default - user_domain_id = default - project_name = service - username = {{ .Values.keystone.glance_user }} - password = {{ .Values.keystone.glance_password }} - - [paste_deploy] - flavor = keystone - - [oslo_messaging_notifications] - driver = noop diff --git a/glance/templates/init.sh.yaml b/glance/templates/init.sh.yaml deleted file mode 100644 index 8605f7c5..00000000 --- a/glance/templates/init.sh.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-initsh -data: - init.sh: |+ - #!/bin/bash - set -ex - export HOME=/tmp - - ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_database_name }}'" - ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_user }}' password='{{ .Values.database.glance_password }}' host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'" diff --git a/glance/templates/db-sync.yaml b/glance/templates/job-db-sync.yaml similarity index 84% rename from glance/templates/db-sync.yaml rename to glance/templates/job-db-sync.yaml index fe0c1f56..660e1833 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/job-db-sync.yaml @@ -40,19 +40,13 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - glance-manage + - db_sync volumeMounts: - name: glanceapiconf mountPath: /etc/glance/glance-api.conf subPath: glance-api.conf - - name: dbsyncsh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh volumes: - name: glanceapiconf configMap: - name: glance-glanceapiconf - - name: dbsyncsh - configMap: - name: glance-dbsyncsh + name: glance-etc diff --git a/glance/templates/init.yaml b/glance/templates/job-init.yaml similarity index 98% rename from glance/templates/init.yaml rename to glance/templates/job-init.yaml index 48b97a7c..49a9d812 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/job-init.yaml @@ -52,4 +52,4 @@ spec: volumes: - name: initsh configMap: - name: glance-initsh + name: glance-bin diff --git a/glance/templates/post.yaml b/glance/templates/job-post.yaml similarity index 97% rename from glance/templates/post.yaml rename to glance/templates/job-post.yaml index 4fe1c195..15257720 100644 --- a/glance/templates/post.yaml +++ b/glance/templates/job-post.yaml @@ -52,5 +52,4 @@ spec: volumes: - name: postsh configMap: - name: glance-postsh - + name: glance-bin diff --git a/glance/templates/post.sh.yaml b/glance/templates/post.sh.yaml deleted file mode 100644 index 156b60d6..00000000 --- a/glance/templates/post.sh.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-postsh -data: - post.sh: |+ - #!/bin/bash - set -ex - export HOME=/tmp - - ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ - service_type=image \ - description='Openstack Image' \ - endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='{{ include "endpoint_glance_api_internal" . }}' \ - interface=admin \ - region_name='{{ .Values.keystone.admin_region_name }}' \ - auth='{{ include "keystone_auth" . }}'" \ - -e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}" - - ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ - service_type=image \ - description='Openstack Image' \ - endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='{{ include "endpoint_glance_api_internal" . }}' \ - interface=internal \ - region_name='{{ .Values.keystone.admin_region_name }}' \ - auth='{{ include "keystone_auth" . }}'" \ - -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" - - ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ - service_type=image \ - description='Openstack Image' \ - endpoint_region='{{ .Values.keystone.glance_region_name }}' \ - url='{{ include "endpoint_glance_api_internal" . }}' \ - interface=public \ - region_name='{{ .Values.keystone.admin_region_name }}' \ - auth='{{ include "keystone_auth" . }}'" \ - -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" - - ansible localhost -vvv -m kolla_keystone_user -a "project=service \ - user={{ .Values.keystone.glance_user }} \ - password={{ .Values.keystone.glance_password }} \ - role=admin \ - region_name={{ .Values.keystone.admin_region_name }} \ - auth='{{ include "keystone_auth" . }}'" \ - -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }" - diff --git a/glance/templates/start.sh.yaml b/glance/templates/start.sh.yaml deleted file mode 100644 index e9b3d40e..00000000 --- a/glance/templates/start.sh.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: glance-startsh -data: - start.sh: |+ - #!/bin/bash - set -ex - - cp `find / -not -path "/etc/*" -name glance-api-paste.ini` /etc/glance/ - - glance-api diff --git a/glance/values.yaml b/glance/values.yaml index a3c6886a..cacd0909 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -3,7 +3,13 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 +replicas: + api: 1 + registry: 1 + +development: + enabled: false + storage_path: /data/openstack-helm/glance/images labels: node_selector_key: openstack-control-plane From 16066adf111b7dfe29d52fc26768dfd317f3c139 Mon Sep 17 00:00:00 2001 From: mattmceuen Date: Sun, 15 Jan 2017 15:25:40 -0600 Subject: [PATCH 41/54] Trued up nodeselector values for nova and neutron The Nova and Neutron charts use more granular node labels; this trues up the their jobs' nodeselectors to use them. Fix for https://github.com/att-comdev/openstack-helm/issues/119 --- neutron/templates/job-db-sync.yaml | 4 ++-- neutron/templates/job-init.yaml | 4 ++-- neutron/templates/job-post.yaml | 4 ++-- nova/templates/job-db-sync.yaml | 2 +- nova/templates/job-init.yaml | 2 +- nova/templates/job-post.yaml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index ff546f79..e34f36dc 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -7,7 +7,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} containers: - name: neutron-db-sync image: {{ .Values.images.db_sync }} @@ -42,4 +42,4 @@ spec: name: neutron-etc - name: ml2confini configMap: - name: neutron-etc \ No newline at end of file + name: neutron-etc diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml index ef29d574..d7d34017 100644 --- a/neutron/templates/job-init.yaml +++ b/neutron/templates/job-init.yaml @@ -7,7 +7,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} containers: - name: neutron-init image: {{ .Values.images.init }} @@ -36,4 +36,4 @@ spec: volumes: - name: initsh configMap: - name: neutron-bin \ No newline at end of file + name: neutron-bin diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml index 847a1927..6c3a05d2 100644 --- a/neutron/templates/job-post.yaml +++ b/neutron/templates/job-post.yaml @@ -7,7 +7,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} containers: - name: neutron-post image: {{ .Values.images.post }} @@ -38,4 +38,4 @@ spec: volumes: - name: postsh configMap: - name: neutron-bin \ No newline at end of file + name: neutron-bin diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index da81fe0e..7a1404f4 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -34,7 +34,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-db-sync image: {{ .Values.image.db_sync }} diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 2ca37335..7081a1e4 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -34,7 +34,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-init image: {{ .Values.image.init }} diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index e22373e0..e75cf0f5 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -34,7 +34,7 @@ spec: spec: restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - name: nova-post image: {{ .Values.image.post }} From b4d873e1a1ae8f105db582a4853b79e75a1e6e2c Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Sun, 15 Jan 2017 16:40:52 -0600 Subject: [PATCH 42/54] Fix file name in configmap-etc.yaml Overlooked a file extension in one of the data entries in the etc configmap. --- glance/templates/configmap-etc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 2ba83442..9b622b17 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -5,7 +5,7 @@ metadata: data: ceph.conf: |+ {{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} - ceph.client.glance.keyring: |+ + ceph.client.glance.keyring.yaml: |+ {{ tuple "etc/_ceph.client.glance.keyring.yaml.tpl" . | include "template" | indent 4 }} glance-api.conf: |+ {{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }} From afa0ecd1dfedb87fef916597d52f5dca60c3a865 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 13 Jan 2017 00:22:00 +0000 Subject: [PATCH 43/54] Keystone Load Complete Configs This PS loads all the required keystone configuration files into a container for an apache based deployment. It allows OpenStack-Helm to be image agnosic, meaning operators can use any Apache based Keystone image they want. --- keystone/templates/bin/_db-sync.sh.tpl | 27 +-- keystone/templates/bin/_init.sh.tpl | 19 +- keystone/templates/bin/_start.sh.tpl | 16 +- keystone/templates/configmap-etc.yaml | 8 +- keystone/templates/deployment.yaml | 43 +++- .../templates/etc/_keystone-paste.ini.tpl | 97 +++++++++ keystone/templates/etc/_policy.json.tpl | 199 ++++++++++++++++++ .../etc/_sso_callback_template.html.tpl | 22 ++ .../templates/etc/_wsgi-keystone.conf.tpl | 17 +- keystone/templates/job-db-sync.yaml | 8 +- keystone/values.yaml | 1 - 11 files changed, 419 insertions(+), 38 deletions(-) create mode 100644 keystone/templates/etc/_keystone-paste.ini.tpl create mode 100644 keystone/templates/etc/_policy.json.tpl create mode 100644 keystone/templates/etc/_sso_callback_template.html.tpl diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl index 89c4c5de..e4f69c72 100644 --- a/keystone/templates/bin/_db-sync.sh.tpl +++ b/keystone/templates/bin/_db-sync.sh.tpl @@ -1,22 +1,13 @@ #!/bin/bash set -ex -# order of kolla_keystone_bootstrap urls -# for those of looking for a little expanation -# to a mysterious blackbox -# -# these will feed into the keystone endpoints -# so it is important they are correct -# -# keystone_admin_url -# keystone_internal_url -# keystone_public_url - -keystone-manage db_sync -kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \ - {{ .Values.keystone.admin_project_name }} admin \ - {{ include "endpoint_keystone_admin" . }} \ - {{ include "endpoint_keystone_internal" . }} \ - {{ include "endpoint_keystone_internal" . }} \ - {{ .Values.keystone.admin_region_name }} +keystone-manage --config-file=/etc/keystone/keystone.conf db_sync +keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \ + --bootstrap-username {{ .Values.keystone.admin_user }} \ + --bootstrap-password {{ .Values.keystone.admin_password }} \ + --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \ + --bootstrap-admin-url {{ include "endpoint_keystone_admin" . }} \ + --bootstrap-public-url {{ include "endpoint_keystone_internal" . }} \ + --bootstrap-internal-url {{ include "endpoint_keystone_internal" . }} \ + --bootstrap-region-id {{ .Values.keystone.admin_region_name }} diff --git a/keystone/templates/bin/_init.sh.tpl b/keystone/templates/bin/_init.sh.tpl index 0d47c4ba..f48157a2 100644 --- a/keystone/templates/bin/_init.sh.tpl +++ b/keystone/templates/bin/_init.sh.tpl @@ -2,5 +2,20 @@ set -ex export HOME=/tmp -ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_user }}' password='{{ .Values.database.keystone_password }}' host='%' priv='{{ .Values.database.keystone_database_name }}.*:ALL' append_privs='yes'" +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.keystone_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.keystone_user }}' \ + password='{{ .Values.database.keystone_password }}' \ + host='%' \ + priv='{{ .Values.database.keystone_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/keystone/templates/bin/_start.sh.tpl b/keystone/templates/bin/_start.sh.tpl index 4bafe63e..72529c2f 100644 --- a/keystone/templates/bin/_start.sh.tpl +++ b/keystone/templates/bin/_start.sh.tpl @@ -1,8 +1,10 @@ -#!/bin/bash -set -ex - -# Loading Apache2 ENV variables -source /etc/apache2/envvars +#!/bin/bash +set -ex -# start apache with any container arguments -apache2 -DFOREGROUND $* +if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars +fi + +# Start Apache2 +exec apache2 -DFOREGROUND diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml index b59534ee..3ad7dc82 100644 --- a/keystone/templates/configmap-etc.yaml +++ b/keystone/templates/configmap-etc.yaml @@ -6,6 +6,12 @@ data: keystone.conf: |+ {{ tuple "etc/_keystone.conf.tpl" . | include "template" | indent 4 }} mpm_event.conf: |+ -{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }} +{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }} wsgi-keystone.conf: |+ {{ tuple "etc/_wsgi-keystone.conf.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} + keystone-paste.ini: |+ +{{ tuple "etc/_keystone-paste.ini.tpl" . | include "template" | indent 4 }} + sso_callback_template.html: |+ +{{ tuple "etc/_sso_callback_template.html.tpl" . | include "template" | indent 4 }} diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 49917ada..49b84d00 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -11,14 +11,14 @@ spec: rollingUpdate: maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} - {{ end }} + {{ end }} template: metadata: labels: app: keystone-api annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", @@ -44,7 +44,7 @@ spec: { "name": "COMMAND", "value": "echo done" - } + } ] } ]' @@ -61,26 +61,62 @@ spec: ports: - containerPort: {{ .Values.network.port.public }} - containerPort: {{ .Values.network.port.admin }} + lifecycle: + preStop: + exec: + command: + - apachectl + - -k + - graceful-stop readinessProbe: tcpSocket: port: {{ .Values.network.port.public }} volumeMounts: + - name: pod-etc-keystone + mountPath: /etc/keystone - name: keystoneconf mountPath: /etc/keystone/keystone.conf subPath: keystone.conf + readOnly: true + - name: keystonepaste + mountPath: /etc/keystone/keystone-paste.ini + subPath: keystone-paste.ini + readOnly: true + - name: keystonepolicy + mountPath: /etc/keystone/policy.json + subPath: policy.json + readOnly: true + - name: keystonessotemplate + mountPath: /etc/keystone/sso_callback_template.html + subPath: sso_callback_template.html + readOnly: true - name: wsgikeystone mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf subPath: wsgi-keystone.conf + readOnly: true - name: mpmeventconf mountPath: /etc/apache2/mods-available/mpm_event.conf subPath: mpm_event.conf + readOnly: true - name: startsh mountPath: /tmp/start.sh subPath: start.sh + readOnly: true volumes: + - name: pod-etc-keystone + emptyDir: {} - name: keystoneconf configMap: name: keystone-etc + - name: keystonepaste + configMap: + name: keystone-etc + - name: keystonepolicy + configMap: + name: keystone-etc + - name: keystonessotemplate + configMap: + name: keystone-etc - name: wsgikeystone configMap: name: keystone-etc @@ -90,4 +126,3 @@ spec: - name: startsh configMap: name: keystone-bin - diff --git a/keystone/templates/etc/_keystone-paste.ini.tpl b/keystone/templates/etc/_keystone-paste.ini.tpl new file mode 100644 index 00000000..0d058ac0 --- /dev/null +++ b/keystone/templates/etc/_keystone-paste.ini.tpl @@ -0,0 +1,97 @@ +# Keystone PasteDeploy configuration file. + +[filter:debug] +use = egg:oslo.middleware#debug + +[filter:request_id] +use = egg:oslo.middleware#request_id + +[filter:build_auth_context] +use = egg:keystone#build_auth_context + +[filter:token_auth] +use = egg:keystone#token_auth + +[filter:admin_token_auth] +# This is deprecated in the M release and will be removed in the O release. +# Use `keystone-manage bootstrap` and remove this from the pipelines below. +use = egg:keystone#admin_token_auth + +[filter:json_body] +use = egg:keystone#json_body + +[filter:cors] +use = egg:oslo.middleware#cors +oslo_config_project = keystone + +[filter:http_proxy_to_wsgi] +use = egg:oslo.middleware#http_proxy_to_wsgi + +[filter:healthcheck] +use = egg:oslo.middleware#healthcheck + +[filter:ec2_extension] +use = egg:keystone#ec2_extension + +[filter:ec2_extension_v3] +use = egg:keystone#ec2_extension_v3 + +[filter:s3_extension] +use = egg:keystone#s3_extension + +[filter:url_normalize] +use = egg:keystone#url_normalize + +[filter:sizelimit] +use = egg:oslo.middleware#sizelimit + +[filter:osprofiler] +use = egg:osprofiler#osprofiler + +[app:public_service] +use = egg:keystone#public_service + +[app:service_v3] +use = egg:keystone#service_v3 + +[app:admin_service] +use = egg:keystone#admin_service + +[pipeline:public_api] +# The last item in this pipeline must be public_service or an equivalent +# application. It cannot be a filter. +pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service + +[pipeline:admin_api] +# The last item in this pipeline must be admin_service or an equivalent +# application. It cannot be a filter. +pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service + +[pipeline:api_v3] +# The last item in this pipeline must be service_v3 or an equivalent +# application. It cannot be a filter. +pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3 + +[app:public_version_service] +use = egg:keystone#public_version_service + +[app:admin_version_service] +use = egg:keystone#admin_version_service + +[pipeline:public_version_api] +pipeline = healthcheck cors sizelimit osprofiler url_normalize public_version_service + +[pipeline:admin_version_api] +pipeline = healthcheck cors sizelimit osprofiler url_normalize admin_version_service + +[composite:main] +use = egg:Paste#urlmap +/v2.0 = public_api +/v3 = api_v3 +/ = public_version_api + +[composite:admin] +use = egg:Paste#urlmap +/v2.0 = admin_api +/v3 = api_v3 +/ = admin_version_api diff --git a/keystone/templates/etc/_policy.json.tpl b/keystone/templates/etc/_policy.json.tpl new file mode 100644 index 00000000..ddf23962 --- /dev/null +++ b/keystone/templates/etc/_policy.json.tpl @@ -0,0 +1,199 @@ +{ + "admin_required": "role:admin or is_admin:1", + "service_role": "role:service", + "service_or_admin": "rule:admin_required or rule:service_role", + "owner" : "user_id:%(user_id)s", + "admin_or_owner": "rule:admin_required or rule:owner", + "token_subject": "user_id:%(target.token.user_id)s", + "admin_or_token_subject": "rule:admin_required or rule:token_subject", + "service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject", + + "default": "rule:admin_required", + + "identity:get_region": "", + "identity:list_regions": "", + "identity:create_region": "rule:admin_required", + "identity:update_region": "rule:admin_required", + "identity:delete_region": "rule:admin_required", + + "identity:get_service": "rule:admin_required", + "identity:list_services": "rule:admin_required", + "identity:create_service": "rule:admin_required", + "identity:update_service": "rule:admin_required", + "identity:delete_service": "rule:admin_required", + + "identity:get_endpoint": "rule:admin_required", + "identity:list_endpoints": "rule:admin_required", + "identity:create_endpoint": "rule:admin_required", + "identity:update_endpoint": "rule:admin_required", + "identity:delete_endpoint": "rule:admin_required", + + "identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s", + "identity:list_domains": "rule:admin_required", + "identity:create_domain": "rule:admin_required", + "identity:update_domain": "rule:admin_required", + "identity:delete_domain": "rule:admin_required", + + "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s", + "identity:list_projects": "rule:admin_required", + "identity:list_user_projects": "rule:admin_or_owner", + "identity:create_project": "rule:admin_required", + "identity:update_project": "rule:admin_required", + "identity:delete_project": "rule:admin_required", + + "identity:get_user": "rule:admin_or_owner", + "identity:list_users": "rule:admin_required", + "identity:create_user": "rule:admin_required", + "identity:update_user": "rule:admin_required", + "identity:delete_user": "rule:admin_required", + "identity:change_password": "rule:admin_or_owner", + + "identity:get_group": "rule:admin_required", + "identity:list_groups": "rule:admin_required", + "identity:list_groups_for_user": "rule:admin_or_owner", + "identity:create_group": "rule:admin_required", + "identity:update_group": "rule:admin_required", + "identity:delete_group": "rule:admin_required", + "identity:list_users_in_group": "rule:admin_required", + "identity:remove_user_from_group": "rule:admin_required", + "identity:check_user_in_group": "rule:admin_required", + "identity:add_user_to_group": "rule:admin_required", + + "identity:get_credential": "rule:admin_required", + "identity:list_credentials": "rule:admin_required", + "identity:create_credential": "rule:admin_required", + "identity:update_credential": "rule:admin_required", + "identity:delete_credential": "rule:admin_required", + + "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", + "identity:ec2_list_credentials": "rule:admin_or_owner", + "identity:ec2_create_credential": "rule:admin_or_owner", + "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", + + "identity:get_role": "rule:admin_required", + "identity:list_roles": "rule:admin_required", + "identity:create_role": "rule:admin_required", + "identity:update_role": "rule:admin_required", + "identity:delete_role": "rule:admin_required", + "identity:get_domain_role": "rule:admin_required", + "identity:list_domain_roles": "rule:admin_required", + "identity:create_domain_role": "rule:admin_required", + "identity:update_domain_role": "rule:admin_required", + "identity:delete_domain_role": "rule:admin_required", + + "identity:get_implied_role": "rule:admin_required ", + "identity:list_implied_roles": "rule:admin_required", + "identity:create_implied_role": "rule:admin_required", + "identity:delete_implied_role": "rule:admin_required", + "identity:list_role_inference_rules": "rule:admin_required", + "identity:check_implied_role": "rule:admin_required", + + "identity:check_grant": "rule:admin_required", + "identity:list_grants": "rule:admin_required", + "identity:create_grant": "rule:admin_required", + "identity:revoke_grant": "rule:admin_required", + + "identity:list_role_assignments": "rule:admin_required", + "identity:list_role_assignments_for_tree": "rule:admin_required", + + "identity:get_policy": "rule:admin_required", + "identity:list_policies": "rule:admin_required", + "identity:create_policy": "rule:admin_required", + "identity:update_policy": "rule:admin_required", + "identity:delete_policy": "rule:admin_required", + + "identity:check_token": "rule:admin_or_token_subject", + "identity:validate_token": "rule:service_admin_or_token_subject", + "identity:validate_token_head": "rule:service_or_admin", + "identity:revocation_list": "rule:service_or_admin", + "identity:revoke_token": "rule:admin_or_token_subject", + + "identity:create_trust": "user_id:%(trust.trustor_user_id)s", + "identity:list_trusts": "", + "identity:list_roles_for_trust": "", + "identity:get_role_for_trust": "", + "identity:delete_trust": "", + + "identity:create_consumer": "rule:admin_required", + "identity:get_consumer": "rule:admin_required", + "identity:list_consumers": "rule:admin_required", + "identity:delete_consumer": "rule:admin_required", + "identity:update_consumer": "rule:admin_required", + + "identity:authorize_request_token": "rule:admin_required", + "identity:list_access_token_roles": "rule:admin_required", + "identity:get_access_token_role": "rule:admin_required", + "identity:list_access_tokens": "rule:admin_required", + "identity:get_access_token": "rule:admin_required", + "identity:delete_access_token": "rule:admin_required", + + "identity:list_projects_for_endpoint": "rule:admin_required", + "identity:add_endpoint_to_project": "rule:admin_required", + "identity:check_endpoint_in_project": "rule:admin_required", + "identity:list_endpoints_for_project": "rule:admin_required", + "identity:remove_endpoint_from_project": "rule:admin_required", + + "identity:create_endpoint_group": "rule:admin_required", + "identity:list_endpoint_groups": "rule:admin_required", + "identity:get_endpoint_group": "rule:admin_required", + "identity:update_endpoint_group": "rule:admin_required", + "identity:delete_endpoint_group": "rule:admin_required", + "identity:list_projects_associated_with_endpoint_group": "rule:admin_required", + "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required", + "identity:get_endpoint_group_in_project": "rule:admin_required", + "identity:list_endpoint_groups_for_project": "rule:admin_required", + "identity:add_endpoint_group_to_project": "rule:admin_required", + "identity:remove_endpoint_group_from_project": "rule:admin_required", + + "identity:create_identity_provider": "rule:admin_required", + "identity:list_identity_providers": "rule:admin_required", + "identity:get_identity_providers": "rule:admin_required", + "identity:update_identity_provider": "rule:admin_required", + "identity:delete_identity_provider": "rule:admin_required", + + "identity:create_protocol": "rule:admin_required", + "identity:update_protocol": "rule:admin_required", + "identity:get_protocol": "rule:admin_required", + "identity:list_protocols": "rule:admin_required", + "identity:delete_protocol": "rule:admin_required", + + "identity:create_mapping": "rule:admin_required", + "identity:get_mapping": "rule:admin_required", + "identity:list_mappings": "rule:admin_required", + "identity:delete_mapping": "rule:admin_required", + "identity:update_mapping": "rule:admin_required", + + "identity:create_service_provider": "rule:admin_required", + "identity:list_service_providers": "rule:admin_required", + "identity:get_service_provider": "rule:admin_required", + "identity:update_service_provider": "rule:admin_required", + "identity:delete_service_provider": "rule:admin_required", + + "identity:get_auth_catalog": "", + "identity:get_auth_projects": "", + "identity:get_auth_domains": "", + + "identity:list_projects_for_user": "", + "identity:list_domains_for_user": "", + + "identity:list_revoke_events": "rule:service_or_admin", + + "identity:create_policy_association_for_endpoint": "rule:admin_required", + "identity:check_policy_association_for_endpoint": "rule:admin_required", + "identity:delete_policy_association_for_endpoint": "rule:admin_required", + "identity:create_policy_association_for_service": "rule:admin_required", + "identity:check_policy_association_for_service": "rule:admin_required", + "identity:delete_policy_association_for_service": "rule:admin_required", + "identity:create_policy_association_for_region_and_service": "rule:admin_required", + "identity:check_policy_association_for_region_and_service": "rule:admin_required", + "identity:delete_policy_association_for_region_and_service": "rule:admin_required", + "identity:get_policy_for_endpoint": "rule:admin_required", + "identity:list_endpoints_for_policy": "rule:admin_required", + + "identity:create_domain_config": "rule:admin_required", + "identity:get_domain_config": "rule:admin_required", + "identity:get_security_compliance_domain_config": "", + "identity:update_domain_config": "rule:admin_required", + "identity:delete_domain_config": "rule:admin_required", + "identity:get_domain_config_default": "rule:admin_required" +} diff --git a/keystone/templates/etc/_sso_callback_template.html.tpl b/keystone/templates/etc/_sso_callback_template.html.tpl new file mode 100644 index 00000000..3364d69e --- /dev/null +++ b/keystone/templates/etc/_sso_callback_template.html.tpl @@ -0,0 +1,22 @@ + + + + Keystone WebSSO redirect + + +
+ Please wait... +
+ + +
+ + + diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index e6535eae..f04bc7e1 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -1,6 +1,9 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }} Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }} +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public @@ -10,8 +13,11 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }} = 2.4> ErrorLogFormat "%{cu}t %M" - ErrorLog "|$/bin/cat 1>&2" - CustomLog "|/bin/cat" combined + ErrorLog /dev/stderr + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded @@ -23,6 +29,9 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }} = 2.4> ErrorLogFormat "%{cu}t %M" - ErrorLog "|$/bin/cat 1>&2" - CustomLog "|/bin/cat" combined + ErrorLog /dev/stderr + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index c1f49542..403f1d60 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -15,7 +15,7 @@ spec: { "name": "NAMESPACE", "value": "{{ .Release.Namespace }}" - }, + }, { "name": "DEPENDENCY_SERVICE", "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" @@ -43,13 +43,19 @@ spec: - bash - /tmp/db-sync.sh volumeMounts: + - name: pod-etc-keystone + mountPath: /etc/keystone - name: keystoneconf mountPath: /etc/keystone/keystone.conf subPath: keystone.conf + readOnly: true - name: keystone-bin mountPath: /tmp/db-sync.sh subPath: db-sync.sh + readOnly: true volumes: + - name: pod-etc-keystone + emptyDir: {} - name: keystoneconf configMap: name: keystone-etc diff --git a/keystone/values.yaml b/keystone/values.yaml index a4a84a67..1088d2d0 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -90,4 +90,3 @@ endpoints: port: admin: 35357 public: 5000 - From 71427ce9059c46a0b529543a5df1d8c29d7c8e73 Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Mon, 16 Jan 2017 10:47:43 +0100 Subject: [PATCH 44/54] A few changes according to intlabs's review. Signed-off-by: DTadrzak --- cinder/templates/deployment-api.yaml | 7 ++- cinder/templates/deployment-scheduler.yaml | 7 ++- cinder/templates/deployment-volume.yaml | 7 ++- cinder/templates/job-db-init.yaml | 7 ++- cinder/templates/job-db-sync.yaml | 7 ++- cinder/templates/job-ks-endpoints.yaml.yaml | 6 +- cinder/templates/job-ks-service.yaml | 6 +- cinder/templates/job-ks-user.yaml | 7 ++- common/templates/_funcs.tpl | 63 ++++++++++----------- glance/templates/api.yaml | 7 ++- glance/templates/db-sync.yaml | 7 ++- glance/templates/init.yaml | 7 ++- glance/templates/post.yaml | 7 ++- glance/templates/registry.yaml | 7 ++- heat/templates/deployment-api.yaml | 7 ++- heat/templates/deployment-cfn.yaml | 7 ++- heat/templates/deployment-cloudwatch.yaml | 7 ++- heat/templates/job-db-init.yaml | 7 ++- heat/templates/job-db-sync.yaml | 7 ++- heat/templates/job-ks-endpoints.yaml.yaml | 6 +- heat/templates/job-ks-service.yaml | 6 +- heat/templates/job-ks-user.yaml | 7 ++- heat/templates/statefulset-engine.yaml | 7 ++- horizon/templates/deployment.yaml | 7 ++- keystone/templates/deployment.yaml | 7 ++- keystone/templates/job-db-sync.yaml | 7 ++- keystone/templates/job-init.yaml | 7 ++- mariadb_restart.sh | 9 --- nova/templates/daemonset-compute.yaml | 7 ++- nova/templates/daemonset-libvirt.yaml | 7 ++- nova/templates/deployment-api-metadata.yaml | 7 ++- nova/templates/deployment-api-osapi.yaml | 7 ++- nova/templates/deployment-conductor.yaml | 7 ++- nova/templates/deployment-consoleauth.yaml | 7 ++- nova/templates/deployment-scheduler.yaml | 7 ++- nova/templates/job-db-sync.yaml | 7 ++- nova/templates/job-init.yaml | 7 ++- nova/templates/job-post.yaml | 7 ++- 38 files changed, 206 insertions(+), 114 deletions(-) delete mode 100644 mariadb_restart.sh diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 58f14d61..6fe33a6b 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index 38f5e7c9..77d38b2b 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.scheduler }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.scheduler | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 1c3d5c29..73333b2c 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.volume }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.volume | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index d7f9f7df..1ea09eeb 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_init }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_init | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 5639264b..b963b4d4 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 0f805100..14655c23 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -1,5 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +{{- $dependecies := .Values.dependencies.ks_endpoints }} apiVersion: batch/v1 kind: Job metadata: @@ -8,8 +9,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_endpoints | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index ecc181bd..fab12aa8 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -1,5 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +{{- $dependecies := .Values.dependencies.ks_service }} apiVersion: batch/v1 kind: Job metadata: @@ -8,8 +9,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_service | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index b25cf2f3..94737e42 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -1,5 +1,7 @@ {{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} {{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }} +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.ks_user }} apiVersion: batch/v1 kind: Job metadata: @@ -8,8 +10,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_user | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index dff059a9..3f00c606 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -22,37 +22,34 @@ {{- include $wtf $context | sha256sum | quote -}} {{- end -}} -{{- define "dep-check-init-cont-header" -}} -pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | default "IfNotPresent" | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, -{{- end -}} - -{{- define "dep-check-init-cont-footer" }} - { - "name": "INTERFACE_NAME", - "value": "eth0" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } -]' +{{- define "dep-check-init-cont" -}} +{{- $envALL := index . 0 -}} +{{- $deps := index . 1 -}} +{ + "name": "init", + "image": {{ $envALL.Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, + "imagePullPolicy": {{ $envALL.Values.images.pull_policy | default "IfNotPresent" | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ $envALL.Release.Namespace }}" + }, + { + "name": "INTERFACE_NAME", + "value": "eth0" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" $deps.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" $deps.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] +} {{- end -}} \ No newline at end of file diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml index 5690a942..126e91df 100644 --- a/glance/templates/api.yaml +++ b/glance/templates/api.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -17,8 +19,9 @@ spec: labels: app: glance-api annotations: -{{- include "dep-check-init-cont-header" . | indent 8 }} -{{- include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml index bae3d212..f482af88 100644 --- a/glance/templates/db-sync.yaml +++ b/glance/templates/db-sync.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml index c3d8c825..35a7ad1d 100644 --- a/glance/templates/init.yaml +++ b/glance/templates/init.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml index e9f31743..ce8eb2de 100644 --- a/glance/templates/post.yaml +++ b/glance/templates/post.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.post }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.post | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/glance/templates/registry.yaml b/glance/templates/registry.yaml index 59936aca..1c3cb6cd 100644 --- a/glance/templates/registry.yaml +++ b/glance/templates/registry.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.registry }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -9,8 +11,9 @@ spec: labels: app: glance-registry annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.registry | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 36c74619..78ba69a4 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -9,8 +11,9 @@ spec: labels: app: heat-api annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index b0b1e53a..6f5acf23 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.cnf }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -9,8 +11,9 @@ spec: labels: app: heat-cfn annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.cnf | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3ae57ecd..3d785f5d 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.cloudwatch }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -9,8 +11,9 @@ spec: labels: app: heat-cloudwatch annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.cloudwatch | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index 9e32324f..de80e912 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_init | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 50dbc303..a74e4ad1 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index ffa08abd..c9a7224e 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -1,5 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} +{{- $dependecies := .Values.dependencies.ks_endpoints }} apiVersion: batch/v1 kind: Job metadata: @@ -8,8 +9,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_endpoints | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index fdb25e86..838e5774 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,5 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} +{{- $dependecies := .Values.dependencies.ks_service }} apiVersion: batch/v1 kind: Job metadata: @@ -8,8 +9,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_service | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index 8df1fe03..2372683d 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.ks_user }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} {{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user @@ -11,8 +13,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.ks_user | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 5c63da05..c349acfc 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.engine }} apiVersion: apps/v1beta1 kind: StatefulSet metadata: @@ -10,8 +12,9 @@ spec: labels: app: heat-engine annotations: - {{ include "dep-check-init-cont-header" . }} - {{ include "dep-check-init-cont-footer" .Values.dependencies.engine }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index ebb98c45..a21f53dc 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.dashboard }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.dashboard | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 514dace9..2d64e9e6 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index f914435b..29e2621a 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index b0de33d1..865b060a 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/mariadb_restart.sh b/mariadb_restart.sh deleted file mode 100644 index 4e99ec0f..00000000 --- a/mariadb_restart.sh +++ /dev/null @@ -1,9 +0,0 @@ -helm delete mariadb --purge && rm mariadb-0.1.0.tgz && helm lint mariadb && helm package mariadb && helm install --replace --name mariadb mariadb-0.1.0.tgz -helm delete keystone --purge && rm keystone-0.1.0.tgz && helm lint keystone && helm package keystone && helm install --replace --name keystone keystone-0.1.0.tgz --dry-run -helm delete memcached --purge && rm memcached-0.1.0.tgz && helm lint memcached && helm package memcached && helm install --replace --name memcached memcached-0.1.0.tgz -helm delete common --purge && rm common-0.1.0.tgz && helm lint common && helm package common && helm install --replace --name common common-0.1.0.tgz -helm delete glance --purge && rm glance-0.1.0.tgz && helm lint glance && helm package glance && helm install --replace --name glance glance-0.1.0.tgz -helm delete nova --purge && rm nova-0.1.0.tgz && helm lint nova && helm package nova && helm install --replace --name nova nova-0.1.0.tgz -helm delete rabbitmq --purge && rm rabbitmq-0.1.0.tgz && helm lint rabbitmq && helm package rabbitmq && helm install --replace --name rabbitmq rabbitmq-0.1.0.tgz - - diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index cba819b4..0bbeed0f 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.compute }} apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -10,8 +12,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.compute | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 4e3649fd..01fad238 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.libvirt }} apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -10,8 +12,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.libvirt | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.compute_node_selector_key }}: {{ .Values.labels.compute_node_selector_value }} diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 10016e7c..6d6e5c26 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 75c2985e..21b4de6e 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.api | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 52eb790e..92976ce4 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.conductor }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.conductor | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 1c85319c..93db54fb 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.consoleauth }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.consoleauth | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index abc86d68..634e8522 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.scheduler }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -19,8 +21,9 @@ spec: annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.scheduler | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index dc3be342..a67f3d00 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.db_sync | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index 6bd3cfd7..bdea656f 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.init | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 0aada421..e551a6ea 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -1,3 +1,5 @@ +{{- $envAll := . }} +{{- $dependecies := .Values.dependencies.post }} apiVersion: batch/v1 kind: Job metadata: @@ -6,8 +8,9 @@ spec: template: metadata: annotations: -{{ include "dep-check-init-cont-header" . | indent 8 }} -{{ include "dep-check-init-cont-footer" .Values.dependencies.post | indent 8 }} + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} + ]' spec: restartPolicy: OnFailure nodeSelector: From 81d9c7fe7e9b468aba6703ca908529e0864e083b Mon Sep 17 00:00:00 2001 From: DTadrzak Date: Mon, 16 Jan 2017 12:16:45 +0100 Subject: [PATCH 45/54] Removing default values from template. Fixing typo. Signed-off-by: DTadrzak --- common/templates/_funcs.tpl | 8 ++++---- heat/templates/deployment-cfn.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index 170b6b2b..115892b1 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -23,16 +23,16 @@ {{- end -}} {{- define "dep-check-init-cont" -}} -{{- $envALL := index . 0 -}} +{{- $envAll := index . 0 -}} {{- $deps := index . 1 -}} { "name": "init", - "image": {{ $envALL.Values.images.dep_check | default "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0" | quote }}, - "imagePullPolicy": {{ $envALL.Values.images.pull_policy | default "IfNotPresent" | quote }}, + "image": {{ $envAll.Values.images.dep_check | quote }}, + "imagePullPolicy": {{ $envAll.Values.images.pull_policy | quote }}, "env": [ { "name": "NAMESPACE", - "value": "{{ $envALL.Release.Namespace }}" + "value": "{{ $envAll.Release.Namespace }}" }, { "name": "INTERFACE_NAME", diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 6f5acf23..0706a405 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.cnf }} +{{- $dependecies := .Values.dependencies.cfn }} apiVersion: extensions/v1beta1 kind: Deployment metadata: From e9ae4bb3cac480540ac4d983532d38372d282cdf Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 19 Jan 2017 23:15:52 +0000 Subject: [PATCH 46/54] pull-policy-fix --- nova/templates/daemonset-compute.yaml | 10 +++++----- nova/templates/daemonset-libvirt.yaml | 8 ++++---- nova/templates/deployment-api-osapi.yaml | 6 +++--- nova/templates/deployment-conductor.yaml | 6 +++--- nova/templates/deployment-consoleauth.yaml | 6 +++--- nova/templates/deployment-scheduler.yaml | 6 +++--- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 0bbeed0f..2c264576 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -11,7 +11,7 @@ spec: app: nova-compute annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -26,7 +26,7 @@ spec: containers: - name: nova-compute image: {{ .Values.images.compute }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} securityContext: privileged: true command: @@ -87,7 +87,7 @@ spec: - name: cgroup hostPath: path: /sys/fs/cgroup - {{- if .Values.ceph.enabled }} + {{- if .Values.ceph.enabled }} - name: cephconf configMap: name: nova-etc @@ -99,5 +99,5 @@ spec: name: nova-etc items: - key: ceph.client.cinder.keyring.yaml - path: ceph.client.cinder.keyring.yaml - {{- end }} + path: ceph.client.cinder.keyring.yaml + {{- end }} diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index 01fad238..dd36e59d 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -11,7 +11,7 @@ spec: app: nova-libvirt annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -25,7 +25,7 @@ spec: containers: - name: nova-libvirt image: {{ .Values.images.libvirt }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.images.pull_policy }} securityContext: privileged: true command: @@ -58,7 +58,7 @@ spec: subPath: ceph.conf - name: cephclientcinderkeyring mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring - subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring {{- end }} volumes: - name: libvirtdconf @@ -107,4 +107,4 @@ spec: items: - key: ceph.client.cinder.keyring.yaml path: ceph.client.cinder.keyring.yaml - {{- end }} + {{- end }} diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 21b4de6e..1394b646 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -13,14 +13,14 @@ spec: rollingUpdate: maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} - {{ end }} + {{ end }} template: metadata: labels: app: nova-osapi annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -30,7 +30,7 @@ spec: containers: - name: nova-osapi image: {{ .Values.images.api }} - imagePullPolicy: {{ .Values.image.pull_policy }} + imagePullPolicy: {{ .Values.images.pull_policy }} securityContext: capabilities: add: diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 92976ce4..b38b9de8 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -13,14 +13,14 @@ spec: rollingUpdate: maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} - {{ end }} + {{ end }} template: metadata: labels: app: nova-conductor annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -30,7 +30,7 @@ spec: containers: - name: nova-conductor image: {{ .Values.images.conductor }} - imagePullPolicy: {{ .Values.image.pull_policy }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - nova-conductor - --config-file diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 93db54fb..0b497842 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -13,14 +13,14 @@ spec: rollingUpdate: maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} - {{ end }} + {{ end }} template: metadata: labels: app: nova-consoleauth annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -30,7 +30,7 @@ spec: containers: - name: nova-consoleauth image: {{ .Values.images.consoleauth }} - imagePullPolicy: {{ .Values.image.pull_policy }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - nova-consoleauth - --config-file diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 634e8522..20e75428 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -13,14 +13,14 @@ spec: rollingUpdate: maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} - {{ end }} + {{ end }} template: metadata: labels: app: nova-scheduler annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} ]' @@ -30,7 +30,7 @@ spec: containers: - name: nova-scheduler image: {{ .Values.images.scheduler }} - imagePullPolicy: {{ .Values.image.pull_policy }} + imagePullPolicy: {{ .Values.images.pull_policy }} command: - nova-scheduler - --config-file From 61a9562bce39f5b193d3a555060faa06fc8107f3 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 19 Jan 2017 23:20:23 +0000 Subject: [PATCH 47/54] Pin Memcached to 1.4 --- memcached/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memcached/values.yaml b/memcached/values.yaml index 62ed983c..8b993d9c 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -4,7 +4,7 @@ # name: value images: - memcached: docker.io/memcached:latest + memcached: docker.io/memcached:1.4 pull_policy: "IfNotPresent" upgrades: From 182a27ea7f6910a98500a325ba4bcc9c1cefb56b Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Thu, 19 Jan 2017 17:32:58 -0600 Subject: [PATCH 48/54] Add glance config-dir Added --config-dir flag to the glance-api command --- glance/templates/deployment-api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index a9a575f1..6ca2c497 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -34,7 +34,7 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - glance-api + - glance-api --config-dir /etc/glance ports: - containerPort: {{ .Values.network.port.api }} readinessProbe: From f498fcb6dd6684a29525960e19d44db0dccde7d4 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 19 Jan 2017 23:49:22 +0000 Subject: [PATCH 49/54] fix typos in init-container merge --- cinder/templates/deployment-api.yaml | 4 ++-- cinder/templates/deployment-scheduler.yaml | 4 ++-- cinder/templates/deployment-volume.yaml | 4 ++-- cinder/templates/job-db-init.yaml | 4 ++-- cinder/templates/job-db-sync.yaml | 4 ++-- cinder/templates/job-ks-endpoints.yaml.yaml | 4 ++-- cinder/templates/job-ks-service.yaml | 4 ++-- cinder/templates/job-ks-user.yaml | 4 ++-- glance/templates/deployment-api.yaml | 4 ++-- glance/templates/deployment-registry.yaml | 4 ++-- glance/templates/job-db-sync.yaml | 4 ++-- glance/templates/job-init.yaml | 4 ++-- glance/templates/job-post.yaml | 4 ++-- heat/templates/deployment-api.yaml | 4 ++-- heat/templates/deployment-cfn.yaml | 4 ++-- heat/templates/deployment-cloudwatch.yaml | 4 ++-- heat/templates/job-db-init.yaml | 4 ++-- heat/templates/job-db-sync.yaml | 4 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 4 ++-- heat/templates/job-ks-service.yaml | 4 ++-- heat/templates/job-ks-user.yaml | 4 ++-- heat/templates/statefulset-engine.yaml | 4 ++-- horizon/templates/deployment.yaml | 4 ++-- keystone/templates/job-init.yaml | 4 ++-- nova/templates/daemonset-compute.yaml | 4 ++-- nova/templates/daemonset-libvirt.yaml | 4 ++-- nova/templates/deployment-api-metadata.yaml | 4 ++-- nova/templates/deployment-api-osapi.yaml | 4 ++-- nova/templates/deployment-conductor.yaml | 4 ++-- nova/templates/deployment-consoleauth.yaml | 4 ++-- nova/templates/deployment-scheduler.yaml | 4 ++-- nova/templates/job-db-sync.yaml | 4 ++-- nova/templates/job-init.yaml | 4 ++-- nova/templates/job-post.yaml | 4 ++-- 34 files changed, 68 insertions(+), 68 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 6fe33a6b..b5a05f8f 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.api }} +{{- $dependencies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index 77d38b2b..e18425e2 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.scheduler }} +{{- $dependencies := .Values.dependencies.scheduler }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 73333b2c..1545b372 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.volume }} +{{- $dependencies := .Values.dependencies.volume }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index 1ea09eeb..f731d4fc 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.db_init }} +{{- $dependencies := .Values.dependencies.db_init }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index b963b4d4..f38c18cf 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.db_sync }} +{{- $dependencies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index 14655c23..0d91fccf 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -1,6 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} -{{- $dependecies := .Values.dependencies.ks_endpoints }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} apiVersion: batch/v1 kind: Job metadata: @@ -10,7 +10,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index fab12aa8..52585cf0 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -1,6 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} -{{- $dependecies := .Values.dependencies.ks_service }} +{{- $dependencies := .Values.dependencies.ks_service }} apiVersion: batch/v1 kind: Job metadata: @@ -10,7 +10,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index 94737e42..9937ca26 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -1,7 +1,7 @@ {{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} {{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }} {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.ks_user }} +{{- $dependencies := .Values.dependencies.ks_user }} apiVersion: batch/v1 kind: Job metadata: @@ -11,7 +11,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 6ca2c497..e150aa5a 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.api }} +{{- $dependencies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -24,7 +24,7 @@ spec: app: glance-api annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index 7807873c..f8f6c632 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.registry }} +{{- $dependencies := .Values.dependencies.registry }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -16,7 +16,7 @@ spec: app: glance-registry annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml index a1f21e6c..6cd0dd9b 100644 --- a/glance/templates/job-db-sync.yaml +++ b/glance/templates/job-db-sync.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.db_sync }} +{{- $dependencies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/glance/templates/job-init.yaml b/glance/templates/job-init.yaml index ba8ea329..2fd28805 100644 --- a/glance/templates/job-init.yaml +++ b/glance/templates/job-init.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/glance/templates/job-post.yaml b/glance/templates/job-post.yaml index 6fef5e29..da362afe 100644 --- a/glance/templates/job-post.yaml +++ b/glance/templates/job-post.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.post }} +{{- $dependencies := .Values.dependencies.post }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 78ba69a4..2b2d4d5b 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.api }} +{{- $dependencies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -12,7 +12,7 @@ spec: app: heat-api annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 0706a405..d9035551 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.cfn }} +{{- $dependencies := .Values.dependencies.cfn }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -12,7 +12,7 @@ spec: app: heat-cfn annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3d785f5d..ccb66479 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.cloudwatch }} +{{- $dependencies := .Values.dependencies.cloudwatch }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -12,7 +12,7 @@ spec: app: heat-cloudwatch annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index de80e912..6a7e343c 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index a74e4ad1..4a9b004d 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.db_sync }} +{{- $dependencies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index c9a7224e..e0a90d6a 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -1,6 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} -{{- $dependecies := .Values.dependencies.ks_endpoints }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} apiVersion: batch/v1 kind: Job metadata: @@ -10,7 +10,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index 838e5774..06738e16 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,6 +1,6 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} -{{- $dependecies := .Values.dependencies.ks_service }} +{{- $dependencies := .Values.dependencies.ks_service }} apiVersion: batch/v1 kind: Job metadata: @@ -10,7 +10,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index 2372683d..27015404 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.ks_user }} +{{- $dependencies := .Values.dependencies.ks_user }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} {{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user @@ -14,7 +14,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 3f46413c..e494378c 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.engine }} +{{- $dependencies := .Values.dependencies.engine }} apiVersion: apps/v1beta1 kind: StatefulSet metadata: @@ -13,7 +13,7 @@ spec: app: heat-engine annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index a21f53dc..12fe7991 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.dashboard }} +{{- $dependencies := .Values.dependencies.dashboard }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml index 865b060a..be64047d 100644 --- a/keystone/templates/job-init.yaml +++ b/keystone/templates/job-init.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 2c264576..c40c3c5a 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.compute }} +{{- $dependencies := .Values.dependencies.compute }} apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -13,7 +13,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml index dd36e59d..692728fa 100644 --- a/nova/templates/daemonset-libvirt.yaml +++ b/nova/templates/daemonset-libvirt.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.libvirt }} +{{- $dependencies := .Values.dependencies.libvirt }} apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -13,7 +13,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 6d6e5c26..8543f469 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.api }} +{{- $dependencies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 1394b646..a60c4d69 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.api }} +{{- $dependencies := .Values.dependencies.api }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index b38b9de8..b52408ce 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.conductor }} +{{- $dependencies := .Values.dependencies.conductor }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 0b497842..6234e536 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.consoleauth }} +{{- $dependencies := .Values.dependencies.consoleauth }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index 20e75428..4db74f77 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.scheduler }} +{{- $dependencies := .Values.dependencies.scheduler }} apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -22,7 +22,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: nodeSelector: diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 04010c12..b8df59b6 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.db_sync }} +{{- $dependencies := .Values.dependencies.db_sync }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml index cbc38fbd..addc34d2 100644 --- a/nova/templates/job-init.yaml +++ b/nova/templates/job-init.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.init }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml index 76944f77..4df83ae8 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-post.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $dependecies := .Values.dependencies.post }} +{{- $dependencies := .Values.dependencies.post }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +9,7 @@ spec: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ -{{ tuple $envAll $dependecies | include "dep-check-init-cont" | indent 10 }} +{{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' spec: restartPolicy: OnFailure From b31a365aea34440c371a3e3446f0b698b9804113 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 20 Jan 2017 01:03:19 +0000 Subject: [PATCH 50/54] Fix glance containers entrypoints Also improves glance containers volume specification yaml. --- glance/templates/deployment-api.yaml | 13 ++++++++++--- glance/templates/deployment-registry.yaml | 7 +++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index e150aa5a..34a510ea 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -34,24 +34,29 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - glance-api --config-dir /etc/glance + - glance-api + - --config-file + - /etc/glance/glance-registry.conf ports: - containerPort: {{ .Values.network.port.api }} readinessProbe: tcpSocket: port: {{ .Values.network.port.api }} volumeMounts: + - name: etcglance + mountPath: /etc/glance - name: glanceapiconf mountPath: /etc/glance/glance-api.conf subPath: glance-api.conf + readOnly: true - name: glanceapipaste mountPath: /etc/glance/glance-api-paste.ini subPath: glance-api-paste.ini - - name: etcglance - mountPath: /etc/glance + readOnly: true - name: glancepolicy mountPath: /etc/glance/policy.json subPath: policy.json + readOnly: true {{- if .Values.development.enabled }} - name: glance-data mountPath: /var/lib/glance/images @@ -59,9 +64,11 @@ spec: - name: cephconf mountPath: /etc/ceph/ceph.conf subPath: ceph.conf + readOnly: true - name: cephclientglancekeyring mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring + readOnly: true {{- end }} volumes: - name: glanceapiconf diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index f8f6c632..05615548 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -27,16 +27,23 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy }} command: - glance-registry + - --config-file + - /etc/glance/glance-registry.conf ports: - containerPort: {{ .Values.network.port.registry }} readinessProbe: tcpSocket: port: {{ .Values.network.port.registry }} volumeMounts: + - name: etcglance + mountPath: /etc/glance - name: glanceregistryconf mountPath: /etc/glance/glance-registry.conf subPath: glance-registry.conf + readOnly: true volumes: + - name: etcglance + emptyDir: {} - name: glanceregistryconf configMap: name: glance-etc From b1ce9b093b9875a15d5da4978002048671a3711b Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 20 Jan 2017 01:19:37 +0000 Subject: [PATCH 51/54] Add glance registry config --- glance/templates/configmap-etc.yaml | 2 ++ glance/templates/deployment-api.yaml | 2 +- glance/templates/deployment-registry.yaml | 8 +++++ .../etc/_glance-registry-paste.ini.tpl | 35 +++++++++++++++++++ 4 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 glance/templates/etc/_glance-registry-paste.ini.tpl diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 9b622b17..ba8b86c4 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -13,5 +13,7 @@ data: {{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }} glance-registry.conf: |+ {{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }} + glance-registry-paste.ini: |+ +{{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "template" | indent 4 }} policy.json: |+ {{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 34a510ea..46086de6 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -36,7 +36,7 @@ spec: command: - glance-api - --config-file - - /etc/glance/glance-registry.conf + - /etc/glance/glance-api.conf ports: - containerPort: {{ .Values.network.port.api }} readinessProbe: diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index 05615548..51aa3269 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -41,6 +41,14 @@ spec: mountPath: /etc/glance/glance-registry.conf subPath: glance-registry.conf readOnly: true + - name: glanceregistrypaste + mountPath: /etc/glance/glance-registry-paste.ini + subPath: glance-registry-paste.ini + readOnly: true + - name: glancepolicy + mountPath: /etc/glance/policy.json + subPath: policy.json + readOnly: true volumes: - name: etcglance emptyDir: {} diff --git a/glance/templates/etc/_glance-registry-paste.ini.tpl b/glance/templates/etc/_glance-registry-paste.ini.tpl new file mode 100644 index 00000000..492dbc6f --- /dev/null +++ b/glance/templates/etc/_glance-registry-paste.ini.tpl @@ -0,0 +1,35 @@ +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = healthcheck osprofiler unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = healthcheck osprofiler authtoken context registryapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-registry-trusted-auth] +pipeline = healthcheck osprofiler context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api:API.factory + +[filter:healthcheck] +paste.filter_factory = oslo_middleware:Healthcheck.factory +backends = disable_by_file +disable_by_file_path = /etc/glance/healthcheck_disable + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY #DEPRECATED +enabled = yes #DEPRECATED From 09efab76ca0028494bcbadc77b3f39beaf23d743 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 20 Jan 2017 01:21:48 +0000 Subject: [PATCH 52/54] Add glance registry config mounts --- glance/templates/deployment-registry.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index 51aa3269..e6ab5cd7 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -55,3 +55,9 @@ spec: - name: glanceregistryconf configMap: name: glance-etc + - name: glanceregistrypaste + configMap: + name: glance-etc + - name: glancepolicy + configMap: + name: glance-etc From 2edf1bcc99666e99656a0a84e2af0e2c88c106ef Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Fri, 20 Jan 2017 09:30:08 -0600 Subject: [PATCH 53/54] Bugfixes for functional release tagging * Allow glance to support using default secrets if none are provided * Resolve configmap mounting issue with glance ceph secrets * Ensure keystone wsgi workers/threads are set to reasonable numbers for a container implementation --- glance/templates/configmap-etc.yaml | 4 ++-- glance/templates/deployment-api.yaml | 2 ++ glance/templates/deployment-registry.yaml | 2 ++ glance/templates/etc/_ceph.client.glance.keyring.tpl | 6 ++++++ glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl | 2 -- keystone/templates/etc/_wsgi-keystone.conf.tpl | 4 ++-- 6 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 glance/templates/etc/_ceph.client.glance.keyring.tpl delete mode 100644 glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index ba8b86c4..ae34308b 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -5,8 +5,8 @@ metadata: data: ceph.conf: |+ {{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} - ceph.client.glance.keyring.yaml: |+ -{{ tuple "etc/_ceph.client.glance.keyring.yaml.tpl" . | include "template" | indent 4 }} + ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+ +{{ tuple "etc/_ceph.client.glance.keyring.tpl" . | include "template" | indent 4 }} glance-api.conf: |+ {{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }} glance-api-paste.ini: |+ diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 46086de6..e4431c04 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -23,6 +23,8 @@ spec: labels: app: glance-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index e6ab5cd7..3df9090a 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -15,6 +15,8 @@ spec: labels: app: glance-registry annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependencies | include "dep-check-init-cont" | indent 10 }} ]' diff --git a/glance/templates/etc/_ceph.client.glance.keyring.tpl b/glance/templates/etc/_ceph.client.glance.keyring.tpl new file mode 100644 index 00000000..4f625b2b --- /dev/null +++ b/glance/templates/etc/_ceph.client.glance.keyring.tpl @@ -0,0 +1,6 @@ +[client.{{ .Values.ceph.glance_user }}] +{{- if .Values.ceph.glance_keyring }} + key = {{ .Values.ceph.glance_keyring }} +{{- else }} + key = {{- include "secrets/ceph-client-key" . -}} +{{- end }} diff --git a/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl b/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl deleted file mode 100644 index f780dada..00000000 --- a/glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[client.{{ .Values.ceph.glance_user }}] - key = {{ .Values.ceph.glance_keyring }} diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index f04bc7e1..54e393a2 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -5,7 +5,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combine LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy - WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP} + WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} @@ -21,7 +21,7 @@ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-A - WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP} + WSGIDaemonProcess keystone-admin processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} From 0325a7f26fc81b88e1213430c2881156196b40e5 Mon Sep 17 00:00:00 2001 From: "Brandon B. Jozsa" Date: Sun, 22 Jan 2017 15:52:59 -0500 Subject: [PATCH 54/54] adding freenode channel to readme.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a84bc05f..8c8bcae0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Openstack-Helm +Join us on [freenode](https://freenode.net/): `#openstack-helm` + Openstack-Helm is a fully self-contained Helm-based OpenStack deployment on Kubernetes. It will provide baremetal provisioning, persistent storage, full-stack resiliency, full-stack scalability, performance monitoring and tracing, and an optional development pipeline (using Jenkins). This project, along with the tools used within are community-based and open sourced. # Mission