diff --git a/cinder/templates/bin/_db-init.sh.tpl b/cinder/templates/bin/_db-init.sh.tpl deleted file mode 100644 index 1762c2f7..00000000 --- a/cinder/templates/bin/_db-init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.cinder_database_name }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.cinder_user }}' \ - password='{{ .Values.database.cinder_password }}' \ - host='%' \ - priv='{{ .Values.database.cinder_database_name }}.*:ALL' \ - append_privs='yes'" diff --git a/cinder/templates/bin/_db-sync.sh.tpl b/cinder/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..51b2adae --- /dev/null +++ b/cinder/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +cinder-manage db sync diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml index 96d78bf2..92cdb136 100644 --- a/cinder/templates/configmap-bin.yaml +++ b/cinder/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: cinder-bin data: - db-init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 44d0de67..97410e00 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -40,7 +40,7 @@ os_region_name = {{ .Values.keystone.cinder_region_name }} host=cinder-volume-worker [database] -connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml index c9bff226..bbc079e3 100644 --- a/cinder/templates/job-db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -43,17 +43,37 @@ spec: cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: cinder-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/cinder/cinder.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/db-init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: dbinitsh - mountPath: /tmp/db-init.sh - subPath: db-init.sh + - name: cinder-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etccinder + mountPath: /etc/cinder + - name: cinderconf + mountPath: /etc/cinder/cinder.conf + subPath: cinder.conf readOnly: true volumes: - - name: dbinitsh + - name: etccinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index 47bfd85e..71d2a92a 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -43,22 +43,25 @@ spec: cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }} {{- end }} command: - - cinder-manage - args: - - --config-dir - - /etc/cinder/conf - - db - - sync + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-cinder + - name: cinder-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etccinder mountPath: /etc/cinder - - name: cinderconf - mountPath: /etc/cinder/conf/cinder.conf + - name: cinderapiconf + mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true volumes: - - name: pod-etc-cinder + - name: etccinder emptyDir: {} - - name: cinderconf + - name: cinderapiconf configMap: name: cinder-etc + - name: cinder-bin + configMap: + name: cinder-bin diff --git a/cinder/templates/secret-db-root.env.yaml b/cinder/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..7411f1c2 --- /dev/null +++ b/cinder/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/cinder/values.yaml b/cinder/values.yaml index c3c6878d..bb2b2346 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -27,15 +27,15 @@ labels: node_selector_value: enabled images: - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 + db_init: quay.io/stackanetes/stackanetes-cinder-api:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton - db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 pull_policy: "IfNotPresent" upgrades: @@ -69,15 +69,6 @@ network: enabled: false port: 30877 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - cinder_database_name: cinder - cinder_password: password - cinder_user: cinder - ceph: enabled: true monitors: [] @@ -203,6 +194,20 @@ endpoints: scheme: 'http' port: api: 8776 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: cinder + password: password + hosts: + default: mariadb + path: /cinder + scheme: mysql+pymysql + port: + mysql: 3306 resources: enabled: false diff --git a/glance/templates/bin/_db-sync.sh.tpl b/glance/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..512fc2d5 --- /dev/null +++ b/glance/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +glance-manage db_sync diff --git a/glance/templates/bin/_init.sh.tpl b/glance/templates/bin/_init.sh.tpl deleted file mode 100644 index 199cd48c..00000000 --- a/glance/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.glance_database_name }}'" - -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.glance_user }}' \ -password='{{ .Values.database.glance_password }}' \ -host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'" diff --git a/glance/templates/configmap-bin.yaml b/glance/templates/configmap-bin.yaml index 1cd58c1c..5bfbdcd8 100644 --- a/glance/templates/configmap-bin.yaml +++ b/glance/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: glance-bin data: - init.sh: |+ -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl index 8871648e..ff95c574 100644 --- a/glance/templates/etc/_glance-api.conf.tpl +++ b/glance/templates/etc/_glance-api.conf.tpl @@ -24,7 +24,7 @@ registry_host = glance-registry show_image_direct_url = True [database] -connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl index 6cf30f06..ae9943dc 100644 --- a/glance/templates/etc/_glance-registry.conf.tpl +++ b/glance/templates/etc/_glance-registry.conf.tpl @@ -21,7 +21,7 @@ bind_port = {{ .Values.network.registry.port }} workers = {{ .Values.misc.workers }} [database] -connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml index a8450ecb..2283d4df 100644 --- a/glance/templates/job-db-init.yaml +++ b/glance/templates/job-db-init.yaml @@ -43,16 +43,37 @@ spec: memory: {{ .Values.resources.jobs.init.requests.memory | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: glance-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/glance/glance-api.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: initsh - mountPath: /tmp/init.sh - subPath: init.sh + - name: glance-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcglance + mountPath: /etc/glance + - name: glanceapiconf + mountPath: /etc/glance/glance-api.conf + subPath: glance-api.conf + readOnly: true volumes: - - name: initsh + - name: etcglance + emptyDir: {} + - name: glanceapiconf + configMap: + name: glance-etc + - name: glance-bin configMap: name: glance-bin diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml index f3987ba0..c1545f28 100644 --- a/glance/templates/job-db-sync.yaml +++ b/glance/templates/job-db-sync.yaml @@ -43,13 +43,25 @@ spec: memory: {{ .Values.resources.jobs.db.requests.memory | quote }} {{- end }} command: - - glance-manage - - db_sync + - bash + - /tmp/db-sync.sh volumeMounts: + - name: glance-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcglance + mountPath: /etc/glance - name: glanceapiconf mountPath: /etc/glance/glance-api.conf subPath: glance-api.conf + readOnly: true volumes: + - name: etcglance + emptyDir: {} - name: glanceapiconf configMap: name: glance-etc + - name: glance-bin + configMap: + name: glance-bin diff --git a/glance/templates/secret-db-root.env.yaml b/glance/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..188e4d79 --- /dev/null +++ b/glance/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: glance-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/glance/values.yaml b/glance/values.yaml index 88182727..664bff13 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -30,7 +30,7 @@ labels: node_selector_value: enabled images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-glance-api:newton db_sync: quay.io/stackanetes/stackanetes-glance-api:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -77,15 +77,6 @@ network: enabled: false port: 30091 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - glance_database_name: glance - glance_password: password - glance_user: glance - ceph: enabled: true monitors: [] @@ -201,3 +192,17 @@ endpoints: port: api: 9292 registry: 9191 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: glance + password: password + hosts: + default: mariadb + path: /glance + scheme: mysql+pymysql + port: + mysql: 3306 diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl deleted file mode 100644 index a2a6a629..00000000 --- a/heat/templates/bin/_db-init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.heat_database_name }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.database.address }}' \ - login_port='{{ .Values.database.port }}' \ - login_user='{{ .Values.database.root_user }}' \ - login_password='{{ .Values.database.root_password }}' \ - name='{{ .Values.database.heat_user }}' \ - password='{{ .Values.database.heat_password }}' \ - host='%' \ - priv='{{ .Values.database.heat_database_name }}.*:ALL' \ - append_privs='yes'" diff --git a/heat/templates/bin/_db-sync.sh.tpl b/heat/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..214887b4 --- /dev/null +++ b/heat/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +heat-manage db_sync diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml index 518742c8..60fd2bde 100644 --- a/heat/templates/configmap-bin.yaml +++ b/heat/templates/configmap-bin.yaml @@ -17,8 +17,10 @@ kind: ConfigMap metadata: name: heat-bin data: - db-init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index c07ecd12..702d04ad 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -40,7 +40,7 @@ backend = oslo_cache.memcache_pool memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" [database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml index b7b56053..41edc905 100644 --- a/heat/templates/job-db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -43,17 +43,37 @@ spec: cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }} {{- end }} env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: heat-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/heat/heat.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/db-init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: dbinitsh - mountPath: /tmp/db-init.sh - subPath: db-init.sh + - name: heat-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcheat + mountPath: /etc/heat + - name: heatapiconf + mountPath: /etc/heat/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: dbinitsh + - name: etcheat + emptyDir: {} + - name: heatapiconf + configMap: + name: heat-etc + - name: heat-bin configMap: name: heat-bin diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 187f1c21..5f8d340b 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -43,21 +43,25 @@ spec: cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }} {{- end }} command: - - heat-manage - args: - - --config-dir - - /etc/heat/conf - - db_sync + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-heat + - name: heat-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcheat mountPath: /etc/heat - - name: heatconf - mountPath: /etc/heat/conf/heat.conf + - name: heatapiconf + mountPath: /etc/heat/heat.conf subPath: heat.conf readOnly: true volumes: - - name: pod-etc-heat + - name: etcheat emptyDir: {} - - name: heatconf + - name: heatapiconf configMap: name: heat-etc + - name: heat-bin + configMap: + name: heat-bin diff --git a/heat/templates/secret-db-root.env.yaml b/heat/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..f8346a2e --- /dev/null +++ b/heat/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/heat/values.yaml b/heat/values.yaml index 61ff920e..f591a396 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -30,7 +30,7 @@ labels: images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: docker.io/kolla/ubuntu-source-heat-api:3.0.1 db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1 ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -100,15 +100,6 @@ network: enabled: false port: 30003 -database: - address: mariadb - port: 3306 - root_user: root - root_password: password - heat_database_name: heat - heat_password: password - heat_user: heat - messaging: hosts: rabbitmq user: rabbitmq @@ -218,6 +209,20 @@ endpoints: scheme: 'http' port: api: 8003 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: heat + password: password + hosts: + default: mariadb + path: /heat + scheme: mysql+pymysql + port: + mysql: 3306 resources: enabled: false diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl new file mode 100644 index 00000000..ca17f8b9 --- /dev/null +++ b/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -0,0 +1,147 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- define "helm-toolkit.db_init" }} +#!/usr/bin/env python + +# Creates db and user for an OpenStack Service: +# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain +# SQLAlchemy strings for the root connection to the database and the one you +# wish the service to use. Alternatively, you can use an ini formatted config +# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string +# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by +# OPENSTACK_CONFIG_DB_SECTION. + +import os +import sys +import ConfigParser +import logging +from sqlalchemy import create_engine + +# Create logger, console handler and formatter +logger = logging.getLogger('OpenStack-Helm DB Init') +logger.setLevel(logging.DEBUG) +ch = logging.StreamHandler() +ch.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + +# Set the formatter and add the handler +ch.setFormatter(formatter) +logger.addHandler(ch) + + +# Get the connection string for the service db root user +if "ROOT_DB_CONNECTION" in os.environ: + db_connection = os.environ['ROOT_DB_CONNECTION'] + logger.info('Got DB root connection') +else: + logger.critical('environment variable ROOT_DB_CONNECTION not set') + sys.exit(1) + +# Get the connection string for the service db +if "OPENSTACK_CONFIG_FILE" in os.environ: + try: + os_conf = os.environ['OPENSTACK_CONFIG_FILE'] + if "OPENSTACK_CONFIG_DB_SECTION" in os.environ: + os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set') + sys.exit(1) + if "OPENSTACK_CONFIG_DB_KEY" in os.environ: + os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set') + sys.exit(1) + config = ConfigParser.RawConfigParser() + logger.info("Using {0} as db config source".format(os_conf)) + config.read(os_conf) + logger.info("Trying to load db config from {0}:{1}".format( + os_conf_section, os_conf_key)) + user_db_conn = config.get(os_conf_section, os_conf_key) + logger.info("Got config from {0}".format(os_conf)) + except: + logger.critical("Tried to load config from {0} but failed.".format(os_conf)) + sys.exit(1) +elif "DB_CONNECTION" in os.environ: + user_db_conn = os.environ['DB_CONNECTION'] + logger.info('Got config from DB_CONNECTION env var') +else: + logger.critical('Could not get db config, either from config file or env var') + sys.exit(1) + +# Root DB engine +try: + root_engine_full = create_engine(db_connection) + root_user = root_engine_full.url.username + root_password = root_engine_full.url.password + drivername = root_engine_full.url.drivername + host = root_engine_full.url.host + port = root_engine_full.url.port + root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)]) + root_engine = create_engine(root_engine_url) + connection = root_engine.connect() + connection.close() + logger.info("Tested connection to DB @ {0}:{1} as {2}".format( + host, port, root_user)) +except: + logger.critical('Could not connect to database as root user') + raise + sys.exit(1) + +# User DB engine +try: + user_engine = create_engine(user_db_conn) + # Get our user data out of the user_engine + database = user_engine.url.database + user = user_engine.url.username + password = user_engine.url.password + logger.info('Got user db config') +except: + logger.critical('Could not get user database config') + raise + sys.exit(1) + +# Create DB +try: + root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database)) + logger.info("Created database {0}".format(database)) +except: + logger.critical("Could not create database {0}".format(database)) + raise + sys.exit(1) + +# Create DB User +try: + root_engine.execute( + "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format( + database, user, password)) + logger.info("Created user {0} for {1}".format(user, database)) +except: + logger.critical("Could not create user {0} for {1}".format(user, database)) + raise + sys.exit(1) + +# Test connection +try: + connection = user_engine.connect() + connection.close() + logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format( + host, port, database, user)) +except: + logger.critical('Could not connect to database as user') + raise + sys.exit(1) + +logger.info('Finished DB Management') +{{- end }} diff --git a/keystone/templates/bin/_init.sh.tpl b/keystone/templates/bin/_init.sh.tpl deleted file mode 100644 index 020e245b..00000000 --- a/keystone/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \ - password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \ - host='%' \ - priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \ - append_privs='yes'" diff --git a/keystone/templates/configmap-bin.yaml b/keystone/templates/configmap-bin.yaml index 75c90284..f91c2953 100644 --- a/keystone/templates/configmap-bin.yaml +++ b/keystone/templates/configmap-bin.yaml @@ -19,9 +19,9 @@ kind: ConfigMap metadata: name: keystone-bin data: + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} db-sync.sh: | {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - init.sh: | -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} start.sh: | {{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml index 574899d6..93593af8 100644 --- a/keystone/templates/job-db-init.yaml +++ b/keystone/templates/job-db-init.yaml @@ -36,7 +36,7 @@ spec: - name: keystone-db-init image: {{ .Values.images.db_init }} imagePullPolicy: {{ .Values.images.pull_policy }} - {{- if .Values.resources.enabled }} + {{- if .Values.resources.enabled }} resources: limits: cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }} @@ -45,11 +45,22 @@ spec: cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }} memory: {{ .Values.resources.jobs.init.requests.memory | quote }} {{- end }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: keystone-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/keystone/keystone.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh - volumeMounts: + - python + - /tmp/db-init.py + volumeMounts: {{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }} volumes: {{ toYaml $mounts_keystone_db_init.volumes | indent 8 }} - diff --git a/keystone/templates/secret-db-root.env.yaml b/keystone/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..62da0ff3 --- /dev/null +++ b/keystone/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keystone-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/keystone/values.yaml b/keystone/values.yaml index d315ce5d..6c036961 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -24,7 +24,7 @@ labels: node_selector_value: enabled images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-keystone-api:newton db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton api: quay.io/stackanetes/stackanetes-keystone-api:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 @@ -106,15 +106,27 @@ resources: mounts: keystone_db_init: init_container: null - keystone_db_init: + keystone_db_init: volumes: + - name: empty + emptyDir: {} + - name: keystone-etc + configMap: + name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: + - name: empty + mountPath: /etc/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true - name: keystone-bin - mountPath: /tmp/init.sh - subPath: init.sh + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true keystone_db_sync: init_container: null keystone_db_sync: @@ -126,7 +138,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -137,7 +149,7 @@ mounts: - name: keystone-bin mountPath: /tmp/db-sync.sh subPath: db-sync.sh - readOnly: true + readOnly: true keystone_api: init_container: null keystone_api: @@ -149,7 +161,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -180,7 +192,7 @@ mounts: - name: keystone-bin mountPath: /tmp/start.sh subPath: start.sh - readOnly: true + readOnly: true conf: paste: @@ -192,7 +204,7 @@ conf: keystone: override: append: - token: + token: keystone: provider: uuid database: @@ -240,7 +252,7 @@ endpoints: path: /openstack scheme: rabbit port: - amqp: 5672 + amqp: 5672 oslo_cache: hosts: default: memcache diff --git a/neutron/templates/bin/_db-sync.sh.tpl b/neutron/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..e5f5931a --- /dev/null +++ b/neutron/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2-conf.ini \ + upgrade head diff --git a/neutron/templates/bin/_init.sh.tpl b/neutron/templates/bin/_init.sh.tpl deleted file mode 100644 index f8f942a4..00000000 --- a/neutron/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.neutron_database_name }}'" - -ansible localhost -vvv -m mysql_user -a "login_host='{{ include "helm-toolkit.mariadb_host" . }}' \ -login_port='{{ .Values.database.port }}' \ -login_user='{{ .Values.database.root_user }}' \ -login_password='{{ .Values.database.root_password }}' \ -name='{{ .Values.database.neutron_user }}' \ -password='{{ .Values.database.neutron_password }}' \ -host='%' \ -priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 5db74eb6..1d39df34 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -17,14 +17,16 @@ kind: ConfigMap metadata: name: neutron-bin data: + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} ks-service.sh: |+ {{- include "helm-toolkit.keystone_service" . | indent 4 }} ks-endpoints.sh: |+ {{- include "helm-toolkit.keystone_endpoints" . | indent 4 }} ks-user.sh: |+ {{- include "helm-toolkit.keystone_user" . | indent 4 }} - init.sh: | -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} neutron-openvswitch-agent.sh: | {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} openvswitch-db-server.sh: | diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl index b06ef255..693e8b2b 100644 --- a/neutron/templates/etc/_neutron.conf.tpl +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -70,7 +70,7 @@ l2_population = true arp_responder = true [database] -connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "helm-toolkit.mariadb_host" . }}/{{ .Values.database.neutron_database_name }} +connection = {{ tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" }} max_retries = -1 [keystone_authtoken] diff --git a/neutron/templates/job-db-init.yaml b/neutron/templates/job-db-init.yaml index b2ee4e26..13456fc4 100644 --- a/neutron/templates/job-db-init.yaml +++ b/neutron/templates/job-db-init.yaml @@ -33,14 +33,38 @@ spec: - name: neutron-db-init image: {{ .Values.images.db_init }} imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: neutron-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/neutron/neutron.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh + - python + - /tmp/db-init.py volumeMounts: - - name: initsh - mountPath: /tmp/init.sh - subPath: init.sh + - name: neutron-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcneutron + mountPath: /etc/neutron + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true volumes: - - name: initsh + - name: etcneutron + emptyDir: {} + - name: neutronconf + configMap: + name: neutron-etc + - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index 99b702c3..2fde7056 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -33,14 +33,6 @@ spec: - name: neutron-db-sync image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - neutron-db-manage - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/plugins/ml2/ml2-conf.ini - - upgrade - - head {{- if .Values.resources.enabled }} resources: limits: @@ -50,21 +42,30 @@ spec: cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }} memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }} {{- end }} + command: + - bash + - /tmp/db-sync.sh volumeMounts: - - name: pod-etc-neutron + - name: neutron-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcneutron mountPath: /etc/neutron - name: neutronconf mountPath: /etc/neutron/neutron.conf subPath: neutron.conf - - name: ml2confini + readOnly: true + - name: neutronconf mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini subPath: ml2-conf.ini + readOnly: true volumes: - - name: pod-etc-neutron + - name: etcneutron emptyDir: {} - name: neutronconf configMap: name: neutron-etc - - name: ml2confini + - name: neutron-bin configMap: - name: neutron-etc + name: neutron-bin diff --git a/neutron/templates/secret-db-root.env.yaml b/neutron/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..5d81dd0b --- /dev/null +++ b/neutron/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: neutron-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 1eaf1d24..757c31e5 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -21,7 +21,7 @@ replicas: server: 1 images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-neutron-server:newton db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton @@ -122,14 +122,6 @@ keystone: nova_project_domain: "default" nova_region_name: "RegionOne" -database: - port: 3306 - root_user: root - root_password: password - neutron_database_name: neutron - neutron_password: password - neutron_user: neutron - metadata_agent: default: debug: 'True' @@ -336,3 +328,17 @@ endpoints: scheme: 'http' port: api: 9696 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: neutron + password: password + hosts: + default: mariadb + path: /neutron + scheme: mysql+pymysql + port: + mysql: 3306