From f02e0eb78dcee498c6522dd1e21c2b98d66799dd Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:00:13 +0000 Subject: [PATCH 1/6] OpenStack Heat Initial Commit Initial commit of Heat Chart --- Makefile | 8 +- heat/Chart.yaml | 3 + heat/requirements.yaml | 4 + heat/templates/_heat_config_helpers.tpl | 90 ++++++++++ heat/templates/_helpers.tpl | 73 ++++++++ .../config/contents/_heat-api-paste.ini.tpl | 105 +++++++++++ .../config/contents/_heat-cache.conf.tpl | 4 + .../config/contents/_heat-db.conf.tpl | 3 + .../config/contents/_heat-endpoints.conf.tpl | 4 + .../config/contents/_heat-keystone.conf.tpl | 15 ++ .../config/contents/_heat-log.conf.tpl | 4 + .../config/contents/_heat-messaging.conf.tpl | 5 + .../config/contents/_heat-options.conf.tpl | 3 + .../config/contents/_heat-paste.conf.tpl | 2 + .../config/contents/_heat-policy.json.tpl | 96 ++++++++++ .../contents/_heat-stack-domain.conf.tpl | 4 + .../config/contents/_heat-trustee.conf.tpl | 22 +++ .../contents/components/_heat-api.conf.tpl | 4 + .../contents/components/_heat-cfn.conf.tpl | 4 + .../components/_heat-cloudwatch.conf.tpl | 4 + .../contents/components/_heat-engine.conf.tpl | 2 + heat/templates/config/heat-api-paste.ini.yaml | 7 + heat/templates/config/heat-api.conf.yaml | 7 + heat/templates/config/heat-cache.conf.yaml | 7 + heat/templates/config/heat-cfn.conf.yaml | 7 + .../config/heat-cloudwatch.conf.yaml | 7 + heat/templates/config/heat-db.conf.yaml | 8 + .../templates/config/heat-endpoints.conf.yaml | 7 + heat/templates/config/heat-engine.conf.yaml | 7 + .../config/heat-keystone-admin.env.yaml | 20 +++ heat/templates/config/heat-keystone.conf.yaml | 22 +++ heat/templates/config/heat-log.conf.yaml | 7 + .../templates/config/heat-messaging.conf.yaml | 8 + heat/templates/config/heat-options.conf.yaml | 7 + heat/templates/config/heat-paste.conf.yaml | 7 + heat/templates/config/heat-policy.json.yaml | 7 + .../config/heat-stack-domain.conf.yaml | 16 ++ heat/templates/config/heat-trustee.conf.yaml | 22 +++ heat/templates/deployment/api/api.sh.yaml | 7 + heat/templates/deployment/api/api.yaml | 76 ++++++++ heat/templates/deployment/api/bin/_api.sh.tpl | 4 + heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 + heat/templates/deployment/cfn/cfn.sh.yaml | 7 + heat/templates/deployment/cfn/cfn.yaml | 76 ++++++++ .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 + .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 + .../deployment/cloudwatch/cloudwatch.yaml | 76 ++++++++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + heat/templates/jobs/db/init/db-init.sh.yaml | 7 + heat/templates/jobs/db/init/db-init.yaml | 54 ++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 ++ heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 + heat/templates/jobs/db/sync/db-sync.yaml | 69 ++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 +++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 ++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 48 +++++ .../keystone/user/bin/_ks-domain-user.sh.tpl | 55 ++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ++++++ .../jobs/keystone/user/ks-user.sh.yaml | 9 + .../templates/jobs/keystone/user/ks-user.yaml | 167 ++++++++++++++++++ heat/templates/service-api.yaml | 9 + heat/templates/service-cfn.yaml | 9 + heat/templates/service-cloudwatch.yaml | 9 + .../statefulset/engine/bin/_engine.sh.tpl | 4 + .../statefulset/engine/engine.sh.yaml | 7 + heat/templates/statefulset/engine/engine.yaml | 65 +++++++ heat/values.yaml | 155 ++++++++++++++++ 70 files changed, 1853 insertions(+), 3 deletions(-) create mode 100644 heat/Chart.yaml create mode 100644 heat/requirements.yaml create mode 100644 heat/templates/_heat_config_helpers.tpl create mode 100644 heat/templates/_helpers.tpl create mode 100755 heat/templates/config/contents/_heat-api-paste.ini.tpl create mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl create mode 100644 heat/templates/config/contents/_heat-db.conf.tpl create mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl create mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl create mode 100644 heat/templates/config/contents/_heat-log.conf.tpl create mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl create mode 100644 heat/templates/config/contents/_heat-options.conf.tpl create mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl create mode 100644 heat/templates/config/contents/_heat-policy.json.tpl create mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl create mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl create mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl create mode 100755 heat/templates/config/heat-api-paste.ini.yaml create mode 100644 heat/templates/config/heat-api.conf.yaml create mode 100644 heat/templates/config/heat-cache.conf.yaml create mode 100644 heat/templates/config/heat-cfn.conf.yaml create mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml create mode 100644 heat/templates/config/heat-db.conf.yaml create mode 100644 heat/templates/config/heat-endpoints.conf.yaml create mode 100644 heat/templates/config/heat-engine.conf.yaml create mode 100644 heat/templates/config/heat-keystone-admin.env.yaml create mode 100644 heat/templates/config/heat-keystone.conf.yaml create mode 100644 heat/templates/config/heat-log.conf.yaml create mode 100644 heat/templates/config/heat-messaging.conf.yaml create mode 100644 heat/templates/config/heat-options.conf.yaml create mode 100644 heat/templates/config/heat-paste.conf.yaml create mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/config/heat-stack-domain.conf.yaml create mode 100644 heat/templates/config/heat-trustee.conf.yaml create mode 100755 heat/templates/deployment/api/api.sh.yaml create mode 100755 heat/templates/deployment/api/api.yaml create mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl create mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl create mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml create mode 100644 heat/templates/deployment/cfn/cfn.yaml create mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml create mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.yaml create mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml create mode 100644 heat/templates/jobs/db/init/db-init.yaml create mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 heat/templates/jobs/db/sync/db-sync.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 heat/templates/jobs/keystone/service/ks-service.yaml create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 heat/templates/jobs/keystone/user/ks-user.yaml create mode 100644 heat/templates/service-api.yaml create mode 100644 heat/templates/service-cfn.yaml create mode 100644 heat/templates/service-cloudwatch.yaml create mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl create mode 100644 heat/templates/statefulset/engine/engine.sh.yaml create mode 100644 heat/templates/statefulset/engine/engine.yaml create mode 100644 heat/values.yaml diff --git a/Makefile b/Makefile index 0021fb204f..d7345126e3 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack common: build-common @@ -19,6 +19,8 @@ mariadb: build-mariadb keystone: build-keystone +heat: build-heat + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/heat/Chart.yaml b/heat/Chart.yaml new file mode 100644 index 0000000000..65c0ea4b74 --- /dev/null +++ b/heat/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for heat +name: heat +version: 0.1.0 diff --git a/heat/requirements.yaml b/heat/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/heat/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl new file mode 100644 index 0000000000..eb0878881a --- /dev/null +++ b/heat/templates/_heat_config_helpers.tpl @@ -0,0 +1,90 @@ +{{- define "heat_config_volume_mounts" }} +- name: pod-etc-heat + mountPath: /etc/heat +- name: pod-var-cache-heat + mountPath: /var/cache/heat +- name: heat-json-policy + mountPath: /etc/heat/policy.json + subPath: policy.json + readOnly: true +- name: heat-conf-cache + mountPath: /etc/heat/conf/heat-cache.conf + subPath: heat-cache.conf + readOnly: true +- name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true +- name: heat-conf-endpoints + mountPath: /etc/heat/conf/heat-endpoints.conf + subPath: heat-endpoints.conf + readOnly: true +- name: heat-conf-keystone + mountPath: /etc/heat/conf/heat-keystone.conf + subPath: heat-keystone.conf + readOnly: true +- name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true +- name: heat-conf-messaging + mountPath: /etc/heat/conf/heat-messaging.conf + subPath: heat-messaging.conf + readOnly: true +- name: heat-conf-options + mountPath: /etc/heat/conf/heat-options.conf + subPath: heat-options.conf + readOnly: true +- name: heat-conf-paste + mountPath: /etc/heat/conf/heat-paste.conf + subPath: heat-paste.conf + readOnly: true +- name: heat-conf-stack-domain + mountPath: /etc/heat/conf/heat-stack-domain.conf + subPath: heat-stack-domain.conf + readOnly: true +- name: heat-conf-trustee + mountPath: /etc/heat/conf/heat-trustee.conf + subPath: heat-trustee.conf + readOnly: true +{{- end }} + +{{- define "heat_config_volumes" }} +- name: pod-etc-heat + emptyDir: {} +- name: pod-var-cache-heat + emptyDir: {} +- name: heat-json-policy + configMap: + name: heat-json-policy +- name: heat-conf-cache + configMap: + name: heat-conf-cache +- name: heat-conf-db + secret: + secretName: heat-conf-db +- name: heat-conf-endpoints + configMap: + name: heat-conf-endpoints +- name: heat-conf-keystone + secret: + secretName: heat-conf-keystone +- name: heat-conf-log + configMap: + name: heat-conf-log +- name: heat-conf-messaging + secret: + secretName: heat-conf-messaging +- name: heat-conf-options + configMap: + name: heat-conf-options +- name: heat-conf-paste + configMap: + name: heat-conf-paste +- name: heat-conf-stack-domain + secret: + secretName: heat-conf-stack-domain +- name: heat-conf-trustee + secret: + secretName: heat-conf-trustee +{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl new file mode 100644 index 0000000000..745e619571 --- /dev/null +++ b/heat/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/config/contents/_heat-api-paste.ini.tpl new file mode 100755 index 0000000000..5ea89b5aee --- /dev/null +++ b/heat/templates/config/contents/_heat-api-paste.ini.tpl @@ -0,0 +1,105 @@ + +# heat-api pipeline +[pipeline:heat-api] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app + +# heat-api pipeline for standalone heat +# ie. uses alternative auth backend that authenticates users against keystone +# using username and password instead of validating token (which requires +# an admin/service token). +# To enable, in heat.conf: +# [paste_deploy] +# flavor = standalone +# +[pipeline:heat-api-standalone] +pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app + +# heat-api pipeline for custom cloud backends +# i.e. in heat.conf: +# [paste_deploy] +# flavor = custombackend +# +[pipeline:heat-api-custombackend] +pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app + +# heat-api-cfn pipeline +[pipeline:heat-api-cfn] +pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app + +# heat-api-cfn pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cfn-standalone] +pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app + +# heat-api-cloudwatch pipeline +[pipeline:heat-api-cloudwatch] +pipeline = cors versionnegotiation osprofiler ec2authtoken authtoken context apicwapp + +# heat-api-cloudwatch pipeline for standalone heat +# relies exclusively on authenticating with ec2 signed requests +[pipeline:heat-api-cloudwatch-standalone] +pipeline = cors versionnegotiation ec2authtoken context apicwapp + +[app:apiv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.openstack.v1:API + +[app:apicfnv1app] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cfn.v1:API + +[app:apicwapp] +paste.app_factory = heat.common.wsgi:app_factory +heat.app_factory = heat.api.cloudwatch:API + +[filter:versionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:version_negotiation_filter + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = heat + +[filter:faultwrap] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.openstack:faultwrap_filter + +[filter:cfnversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cfn:version_negotiation_filter + +[filter:cwversionnegotiation] +paste.filter_factory = heat.common.wsgi:filter_factory +heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter + +[filter:context] +paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory + +[filter:ec2authtoken] +paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory + +# Middleware to set auth_url header appropriately +[filter:authurl] +paste.filter_factory = heat.common.auth_url:filter_factory + +# Auth middleware that validates token against keystone +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +# Auth middleware that validates username/password against keystone +[filter:authpassword] +paste.filter_factory = heat.common.auth_password:filter_factory + +# Auth middleware that validates against custom backend +[filter:custombackendauth] +paste.filter_factory = heat.common.custom_backend_auth:filter_factory + +# Middleware to set x-openstack-request-id in http response header +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl new file mode 100644 index 0000000000..a6fd1728e8 --- /dev/null +++ b/heat/templates/config/contents/_heat-cache.conf.tpl @@ -0,0 +1,4 @@ +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl new file mode 100644 index 0000000000..0213e750a0 --- /dev/null +++ b/heat/templates/config/contents/_heat-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl new file mode 100644 index 0000000000..f9fc3fd077 --- /dev/null +++ b/heat/templates/config/contents/_heat-endpoints.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl new file mode 100644 index 0000000000..994981572b --- /dev/null +++ b/heat/templates/config/contents/_heat-keystone.conf.tpl @@ -0,0 +1,15 @@ +[keystone_authtoken] +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl new file mode 100644 index 0000000000..a0ec3d1f2f --- /dev/null +++ b/heat/templates/config/contents/_heat-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl new file mode 100644 index 0000000000..819bd099f3 --- /dev/null +++ b/heat/templates/config/contents/_heat-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl new file mode 100644 index 0000000000..1f764f7912 --- /dev/null +++ b/heat/templates/config/contents/_heat-options.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +enable_stack_adopt = "True" +enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl new file mode 100644 index 0000000000..5d6dcd6411 --- /dev/null +++ b/heat/templates/config/contents/_heat-paste.conf.tpl @@ -0,0 +1,2 @@ +[paste_deploy] +config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/config/contents/_heat-policy.json.tpl new file mode 100644 index 0000000000..c9aae5ff79 --- /dev/null +++ b/heat/templates/config/contents/_heat-policy.json.tpl @@ -0,0 +1,96 @@ +{ + "context_is_admin": "role:admin and is_admin_project:True", + "project_admin": "role:admin", + "deny_stack_user": "not role:heat_stack_user", + "deny_everybody": "!", + + "cloudformation:ListStacks": "rule:deny_stack_user", + "cloudformation:CreateStack": "rule:deny_stack_user", + "cloudformation:DescribeStacks": "rule:deny_stack_user", + "cloudformation:DeleteStack": "rule:deny_stack_user", + "cloudformation:UpdateStack": "rule:deny_stack_user", + "cloudformation:CancelUpdateStack": "rule:deny_stack_user", + "cloudformation:DescribeStackEvents": "rule:deny_stack_user", + "cloudformation:ValidateTemplate": "rule:deny_stack_user", + "cloudformation:GetTemplate": "rule:deny_stack_user", + "cloudformation:EstimateTemplateCost": "rule:deny_stack_user", + "cloudformation:DescribeStackResource": "", + "cloudformation:DescribeStackResources": "rule:deny_stack_user", + "cloudformation:ListStackResources": "rule:deny_stack_user", + + "cloudwatch:DeleteAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user", + "cloudwatch:DescribeAlarms": "rule:deny_stack_user", + "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user", + "cloudwatch:DisableAlarmActions": "rule:deny_stack_user", + "cloudwatch:EnableAlarmActions": "rule:deny_stack_user", + "cloudwatch:GetMetricStatistics": "rule:deny_stack_user", + "cloudwatch:ListMetrics": "rule:deny_stack_user", + "cloudwatch:PutMetricAlarm": "rule:deny_stack_user", + "cloudwatch:PutMetricData": "", + "cloudwatch:SetAlarmState": "rule:deny_stack_user", + + "actions:action": "rule:deny_stack_user", + "build_info:build_info": "rule:deny_stack_user", + "events:index": "rule:deny_stack_user", + "events:show": "rule:deny_stack_user", + "resource:index": "rule:deny_stack_user", + "resource:metadata": "", + "resource:signal": "", + "resource:mark_unhealthy": "rule:deny_stack_user", + "resource:show": "rule:deny_stack_user", + "stacks:abandon": "rule:deny_stack_user", + "stacks:create": "rule:deny_stack_user", + "stacks:delete": "rule:deny_stack_user", + "stacks:detail": "rule:deny_stack_user", + "stacks:export": "rule:deny_stack_user", + "stacks:generate_template": "rule:deny_stack_user", + "stacks:global_index": "rule:deny_everybody", + "stacks:index": "rule:deny_stack_user", + "stacks:list_resource_types": "rule:deny_stack_user", + "stacks:list_template_versions": "rule:deny_stack_user", + "stacks:list_template_functions": "rule:deny_stack_user", + "stacks:lookup": "", + "stacks:preview": "rule:deny_stack_user", + "stacks:resource_schema": "rule:deny_stack_user", + "stacks:show": "rule:deny_stack_user", + "stacks:template": "rule:deny_stack_user", + "stacks:environment": "rule:deny_stack_user", + "stacks:files": "rule:deny_stack_user", + "stacks:update": "rule:deny_stack_user", + "stacks:update_patch": "rule:deny_stack_user", + "stacks:preview_update": "rule:deny_stack_user", + "stacks:preview_update_patch": "rule:deny_stack_user", + "stacks:validate_template": "rule:deny_stack_user", + "stacks:snapshot": "rule:deny_stack_user", + "stacks:show_snapshot": "rule:deny_stack_user", + "stacks:delete_snapshot": "rule:deny_stack_user", + "stacks:list_snapshots": "rule:deny_stack_user", + "stacks:restore_snapshot": "rule:deny_stack_user", + "stacks:list_outputs": "rule:deny_stack_user", + "stacks:show_output": "rule:deny_stack_user", + + "software_configs:global_index": "rule:deny_everybody", + "software_configs:index": "rule:deny_stack_user", + "software_configs:create": "rule:deny_stack_user", + "software_configs:show": "rule:deny_stack_user", + "software_configs:delete": "rule:deny_stack_user", + "software_deployments:index": "rule:deny_stack_user", + "software_deployments:create": "rule:deny_stack_user", + "software_deployments:show": "rule:deny_stack_user", + "software_deployments:update": "rule:deny_stack_user", + "software_deployments:delete": "rule:deny_stack_user", + "software_deployments:metadata": "", + + "service:index": "rule:context_is_admin", + + "resource_types:OS::Nova::Flavor": "rule:project_admin", + "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin", + "resource_types:OS::Cinder::VolumeType": "rule:project_admin", + "resource_types:OS::Cinder::Quota": "rule:project_admin", + "resource_types:OS::Manila::ShareType": "rule:project_admin", + "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin", + "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin", + "resource_types:OS::Nova::HostAggregate": "rule:project_admin", + "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin" +} diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl new file mode 100644 index 0000000000..75afba0804 --- /dev/null +++ b/heat/templates/config/contents/_heat-stack-domain.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl new file mode 100644 index 0000000000..41776515af --- /dev/null +++ b/heat/templates/config/contents/_heat-trustee.conf.tpl @@ -0,0 +1,22 @@ +[DEFAULT] +trusts_delegated_roles = "Member" +deferred_auth_method = "trusts" + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] + +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} + +signing_dir = "/var/cache/heat" + +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl new file mode 100644 index 0000000000..6828788896 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-api.conf.tpl @@ -0,0 +1,4 @@ +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl new file mode 100644 index 0000000000..d6c42a1796 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cfn.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl new file mode 100644 index 0000000000..b99262222b --- /dev/null +++ b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl @@ -0,0 +1,4 @@ +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl new file mode 100644 index 0000000000..1a22c602c6 --- /dev/null +++ b/heat/templates/config/contents/components/_heat-engine.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml new file mode 100755 index 0000000000..22031118a2 --- /dev/null +++ b/heat/templates/config/heat-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml new file mode 100644 index 0000000000..cffa497ac0 --- /dev/null +++ b/heat/templates/config/heat-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-api +data: + heat-api.conf: |+ +{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml new file mode 100644 index 0000000000..b7b4eb9ed9 --- /dev/null +++ b/heat/templates/config/heat-cache.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cache +data: + heat-cache.conf: | +{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml new file mode 100644 index 0000000000..3d1c96511a --- /dev/null +++ b/heat/templates/config/heat-cfn.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cfn +data: + heat-cfn.conf: |+ +{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml new file mode 100644 index 0000000000..cf244f76a6 --- /dev/null +++ b/heat/templates/config/heat-cloudwatch.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-cloudwatch +data: + heat-cloudwatch.conf: |+ +{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml new file mode 100644 index 0000000000..a8e2cf20d2 --- /dev/null +++ b/heat/templates/config/heat-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-db +type: Opaque +data: + heat-db.conf: | +{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml new file mode 100644 index 0000000000..535e90cfff --- /dev/null +++ b/heat/templates/config/heat-endpoints.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-endpoints +data: + heat-endpoints.conf: | +{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml new file mode 100644 index 0000000000..cb5855786a --- /dev/null +++ b/heat/templates/config/heat-engine.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-engine +data: + heat-engine.conf: |+ +{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/config/heat-keystone-admin.env.yaml new file mode 100644 index 0000000000..275c1d2798 --- /dev/null +++ b/heat/templates/config/heat-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/config/heat-keystone.conf.yaml new file mode 100644 index 0000000000..514a577445 --- /dev/null +++ b/heat/templates/config/heat-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-keystone +type: Opaque +data: + heat-keystone.conf: | +{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml new file mode 100644 index 0000000000..86a5a19be3 --- /dev/null +++ b/heat/templates/config/heat-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-log +data: + heat-log.conf: |+ +{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml new file mode 100644 index 0000000000..2bb408a68b --- /dev/null +++ b/heat/templates/config/heat-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-messaging +type: Opaque +data: + heat-messaging.conf: | +{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml new file mode 100644 index 0000000000..8ac2ebf4ba --- /dev/null +++ b/heat/templates/config/heat-options.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-options +data: + heat-options.conf: | +{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml new file mode 100644 index 0000000000..29f96e71da --- /dev/null +++ b/heat/templates/config/heat-paste.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-conf-paste +data: + heat-paste.conf: | +{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml new file mode 100644 index 0000000000..1b96f2a57c --- /dev/null +++ b/heat/templates/config/heat-policy.json.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-json-policy +data: + api-paste.ini: |+ +{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/config/heat-stack-domain.conf.yaml new file mode 100644 index 0000000000..f870bf29ee --- /dev/null +++ b/heat/templates/config/heat-stack-domain.conf.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-stack-domain +type: Opaque +data: + heat-stack-domain.conf: | +{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} + OS_DOMAIN_NAME: | +{{ .Values.keystone.heat_stack_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_stack_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_stack_password | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/config/heat-trustee.conf.yaml new file mode 100644 index 0000000000..57906ad636 --- /dev/null +++ b/heat/templates/config/heat-trustee.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: heat-conf-trustee +type: Opaque +data: + heat-trustee.conf: | +{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.heat_trustee_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.heat_trustee_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.heat_trustee_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.heat_trustee_password | b64enc | indent 4 }} diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml new file mode 100755 index 0000000000..ff6918201c --- /dev/null +++ b/heat/templates/deployment/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment/api/api.yaml new file mode 100755 index 0000000000..451769051d --- /dev/null +++ b/heat/templates/deployment/api/api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: heat-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-api + mountPath: /etc/heat/conf/heat-api.conf + subPath: heat-api.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-api-sh + configMap: + name: heat-api-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-api + configMap: + name: heat-conf-api +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl new file mode 100755 index 0000000000..d4cc64865b --- /dev/null +++ b/heat/templates/deployment/api/bin/_api.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl new file mode 100644 index 0000000000..30dcfad519 --- /dev/null +++ b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml new file mode 100644 index 0000000000..71efedd864 --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cfn-sh +data: + start.sh: |+ +{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment/cfn/cfn.yaml new file mode 100644 index 0000000000..4063084ea8 --- /dev/null +++ b/heat/templates/deployment/cfn/cfn.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cfn +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cfn + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cfn + image: {{ .Values.images.cfn }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cfn.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cfn.port }} + volumeMounts: + - name: heat-cfn-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cfn + mountPath: /etc/heat/conf/heat-cfn.conf + subPath: heat-cfn.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cfn-sh + configMap: + name: heat-cfn-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cfn + configMap: + name: heat-conf-cfn +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl new file mode 100644 index 0000000000..4703d33e03 --- /dev/null +++ b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml new file mode 100644 index 0000000000..6127e95bf5 --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-cloudwatch-sh +data: + start.sh: |+ +{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.yaml new file mode 100644 index 0000000000..396633e19a --- /dev/null +++ b/heat/templates/deployment/cloudwatch/cloudwatch.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heat-cloudwatch +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-cloudwatch + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-cloudwatch + image: {{ .Values.images.cloudwatch }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.cloudwatch.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.cloudwatch.port }} + volumeMounts: + - name: heat-cloudwatch-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-ini-api-paste + mountPath: /etc/heat/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: heat-conf-cloudwatch + mountPath: /etc/heat/conf/heat-cloudwatch.conf + subPath: heat-cloudwatch.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-cloudwatch-sh + configMap: + name: heat-cloudwatch-sh + - name: heat-ini-api-paste + configMap: + name: heat-ini-api-paste + - name: heat-conf-cloudwatch + configMap: + name: heat-conf-cloudwatch +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..2c4cc09ee1 --- /dev/null +++ b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 0000000000..9f8b2262ee --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/jobs/db/init/db-init.yaml new file mode 100644 index 0000000000..a7d15d76c3 --- /dev/null +++ b/heat/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: heat-db-init-sh diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..4532bdfe0b --- /dev/null +++ b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 0000000000..59aaa8d24c --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 0000000000..b42da03273 --- /dev/null +++ b/heat/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-heat + mountPath: /etc/heat + - name: heat-conf-db + mountPath: /etc/heat/conf/heat-db.conf + subPath: heat-db.conf + readOnly: true + - name: heat-conf-log + mountPath: /etc/heat/conf/heat-log.conf + subPath: heat-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: heat-db-sync-sh + - name: pod-etc-heat + emptyDir: {} + - name: heat-conf-db + secret: + secretName: heat-conf-db + - name: heat-conf-log + configMap: + name: heat-conf-log diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100755 index 0000000000..3f802d2313 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SVC_ENDPOINT} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100755 index 0000000000..04ed895793 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100755 index 0000000000..84f6617189 --- /dev/null +++ b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-endpoints-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat + - name: OS_SERVICE_TYPE + value: orchestration + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s + - name: heat-ks-endpoints-cfn-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: admin + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: internal + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + - name: heat-ks-endpoints-cfn-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SVC_ENDPOINT + value: public + - name: OS_SERVICE_NAME + value: heat-cfn + - name: OS_SERVICE_TYPE + value: cloudformation + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 0000000000..4777d08c48 --- /dev/null +++ b/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 0000000000..4c30bee642 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 0000000000..8a03bf2696 --- /dev/null +++ b/heat/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-service-orchestration +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat" + - name: OS_SERVICE_TYPE + value: "orchestration" + - name: heat-ks-service-cloudformation +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "heat-cfn" + - name: OS_SERVICE_TYPE + value: "cloudformation" + volumes: + - name: ks-service-sh + configMap: + name: heat-ks-service-sh diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl new file mode 100644 index 0000000000..4b4f940245 --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl @@ -0,0 +1,55 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage domain +SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + "${SERVICE_OS_DOMAIN_NAME}") + +# Display domain +openstack domain show "${SERVICE_OS_DOMAIN_ID}" + +# Manage user +SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}") + +# Display user +openstack user show "${SERVICE_OS_USERID}" + +# Manage role +SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" || openstack role create -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE}" ) + +# Manage user role assignment +openstack role add \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE_ID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 0000000000..fdc7358b32 --- /dev/null +++ b/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 0000000000..d9e6730b12 --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 0000000000..f243474e94 --- /dev/null +++ b/heat/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,167 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: heat-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_user_role | quote }} + - name: heat-ks-trustee-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-trustee + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_trustee_user_role | quote }} + - name: heat-ks-domain-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-domain-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-domain-user.sh + subPath: ks-domain-user.sh + readOnly: true + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_REGION_NAME + - name: SERVICE_OS_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: heat-conf-stack-domain + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.heat_stack_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: heat-ks-user-sh diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml new file mode 100644 index 0000000000..482a116bfb --- /dev/null +++ b/heat/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: heat-api diff --git a/heat/templates/service-cfn.yaml b/heat/templates/service-cfn.yaml new file mode 100644 index 0000000000..799e57d133 --- /dev/null +++ b/heat/templates/service-cfn.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cfn.name }} +spec: + ports: + - port: {{ .Values.service.cfn.port }} + selector: + app: heat-cfn diff --git a/heat/templates/service-cloudwatch.yaml b/heat/templates/service-cloudwatch.yaml new file mode 100644 index 0000000000..071f2c928c --- /dev/null +++ b/heat/templates/service-cloudwatch.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.cloudwatch.name }} +spec: + ports: + - port: {{ .Values.service.cloudwatch.port }} + selector: + app: heat-cloudwatch diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl new file mode 100644 index 0000000000..dabae086c4 --- /dev/null +++ b/heat/templates/statefulset/engine/bin/_engine.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml new file mode 100644 index 0000000000..534d6ef8df --- /dev/null +++ b/heat/templates/statefulset/engine/engine.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-engine-sh +data: + start.sh: |+ +{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset/engine/engine.yaml new file mode 100644 index 0000000000..5e25152328 --- /dev/null +++ b/heat/templates/statefulset/engine/engine.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: heat-engine +spec: + serviceName: heat-engine + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: heat-engine + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: heat-engine + image: {{ .Values.images.engine }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + volumeMounts: + - name: heat-engine-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: heat-conf-engine + mountPath: /etc/heat/conf/heat-engine.conf + subPath: heat-engine.conf + readOnly: true +{{ include "heat_config_volume_mounts" . | indent 12 }} + volumes: + - name: heat-engine-sh + configMap: + name: heat-engine-sh + - name: heat-conf-engine + configMap: + name: heat-conf-engine +{{ include "heat_config_volumes" . | indent 8 }} diff --git a/heat/values.yaml b/heat/values.yaml new file mode 100644 index 0000000000..cba2b59e62 --- /dev/null +++ b/heat/values.yaml @@ -0,0 +1,155 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cfn: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + cloudwatch: docker.io/kolla/ubuntu-source-heat-api:3.0.1 + engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + heat_user: "heat" + heat_user_domain: "default" + heat_user_role: "admin" + heat_password: "password" + heat_project_name: "service" + heat_project_domain: "default" + heat_region_name: "RegionOne" + + heat_trustee_user: "heat-trust" + heat_trustee_user_domain: "default" + heat_trustee_user_role: "admin" + heat_trustee_password: "password" + heat_trustee_project_name: "service" + heat_trustee_project_domain: "default" + heat_trustee_region_name: "RegionOne" + + heat_stack_user: "heat-domain" + heat_stack_domain: "heat" + heat_stack_user_role: "admin" + heat_stack_password: "password" + heat_stack_region_name: "RegionOne" + +service: + api: + name: "heat-api" + port: 8004 + proto: "http" + cfn: + name: "heat-cfn" + port: 8000 + proto: "http" + cloudwatch: + name: "heat-cloudwatch" + port: 8003 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + heat_database_name: heat + heat_password: password + heat_user: heat + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + +memcached: + host: memcached + port: 11211 + +resources: + api: + workers: 8 + cfn: + workers: 8 + cloudwatch: + workers: 8 + engine: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - heat-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - heat-ks-service + service: + - keystone-api + api: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cfn: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + cloudwatch: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb + engine: + jobs: + - heat-db-sync + - heat-ks-user + - heat-ks-endpoints + service: + - keystone-api + - mariadb From b1e3de020bda125a4020b7d1256c10be682851ee Mon Sep 17 00:00:00 2001 From: harbor Date: Sat, 7 Jan 2017 02:41:30 +0000 Subject: [PATCH 2/6] Heat Initial Refactor --- common/templates/_endpoints.tpl | 136 +++++++++++++++++- common/templates/_funcs.tpl | 1 - .../templates/scripts}/_ks-endpoints.sh.tpl | 2 + .../templates/scripts}/_ks-service.sh.tpl | 2 + .../templates/scripts}/_ks-user.sh.tpl | 8 +- common/templates/snippets/_ks_env_openrc.tpl | 40 ++++++ .../snippets/_ks_env_user_create_openrc.tpl | 33 +++++ heat/templates/_heat_config_helpers.tpl | 90 ------------ heat/templates/_helpers.tpl | 73 ---------- heat/templates/bin/_db-init.sh.tpl | 21 +++ .../user => }/bin/_ks-domain-user.sh.tpl | 0 .../config/contents/_heat-cache.conf.tpl | 4 - .../config/contents/_heat-db.conf.tpl | 3 - .../config/contents/_heat-endpoints.conf.tpl | 4 - .../config/contents/_heat-keystone.conf.tpl | 15 -- .../config/contents/_heat-log.conf.tpl | 4 - .../config/contents/_heat-messaging.conf.tpl | 5 - .../config/contents/_heat-options.conf.tpl | 3 - .../config/contents/_heat-paste.conf.tpl | 2 - .../contents/_heat-stack-domain.conf.tpl | 4 - .../config/contents/_heat-trustee.conf.tpl | 22 --- .../contents/components/_heat-api.conf.tpl | 4 - .../contents/components/_heat-cfn.conf.tpl | 4 - .../components/_heat-cloudwatch.conf.tpl | 4 - .../contents/components/_heat-engine.conf.tpl | 2 - heat/templates/config/heat-api-paste.ini.yaml | 7 - heat/templates/config/heat-api.conf.yaml | 7 - heat/templates/config/heat-cache.conf.yaml | 7 - heat/templates/config/heat-cfn.conf.yaml | 7 - .../config/heat-cloudwatch.conf.yaml | 7 - heat/templates/config/heat-db.conf.yaml | 8 -- .../templates/config/heat-endpoints.conf.yaml | 7 - heat/templates/config/heat-engine.conf.yaml | 7 - heat/templates/config/heat-log.conf.yaml | 7 - .../templates/config/heat-messaging.conf.yaml | 8 -- heat/templates/config/heat-options.conf.yaml | 7 - heat/templates/config/heat-paste.conf.yaml | 7 - heat/templates/config/heat-policy.json.yaml | 7 - heat/templates/configmap-bin.yaml | 15 ++ heat/templates/configmap-etc.yaml | 11 ++ ...yaml => configmap-keystone-admin.env.yaml} | 0 ...=> configmap-keystone-stack-user.env.yaml} | 4 +- ...ml => configmap-keystone-trustee.env.yaml} | 4 +- ....yaml => configmap-keystone-user.env.yaml} | 4 +- .../api/api.yaml => deployment-api.yaml} | 41 +++--- .../cfn/cfn.yaml => deployment-cfn.yaml} | 41 +++--- ...dwatch.yaml => deployment-cloudwatch.yaml} | 41 +++--- heat/templates/deployment/api/api.sh.yaml | 7 - heat/templates/deployment/api/bin/_api.sh.tpl | 4 - heat/templates/deployment/cfn/bin/_cfn.sh.tpl | 4 - heat/templates/deployment/cfn/cfn.sh.yaml | 7 - .../cloudwatch/bin/_cloudwatch.sh.tpl | 4 - .../deployment/cloudwatch/cloudwatch.sh.yaml | 7 - .../contents => etc}/_heat-api-paste.ini.tpl | 1 - .../contents => etc}/_heat-policy.json.tpl | 0 heat/templates/etc/_heat.conf.tpl | 84 +++++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 31 ++-- heat/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ .../ks-service.yaml => job-ks-service.yaml} | 33 ++++- .../user/ks-user.yaml => job-ks-user.yaml} | 93 ++++-------- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - heat/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- heat/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 96 ------------- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/user/ks-user.sh.yaml | 9 -- .../engine.yaml => statefulset-engine.yaml} | 32 ++--- .../statefulset/engine/bin/_engine.sh.tpl | 4 - .../statefulset/engine/engine.sh.yaml | 7 - heat/values.yaml | 42 ++++++ 73 files changed, 616 insertions(+), 719 deletions(-) rename {heat/templates/jobs/keystone/endpoints/bin => common/templates/scripts}/_ks-endpoints.sh.tpl (97%) rename {heat/templates/jobs/keystone/service/bin => common/templates/scripts}/_ks-service.sh.tpl (96%) rename {heat/templates/jobs/keystone/user/bin => common/templates/scripts}/_ks-user.sh.tpl (83%) create mode 100644 common/templates/snippets/_ks_env_openrc.tpl create mode 100644 common/templates/snippets/_ks_env_user_create_openrc.tpl delete mode 100644 heat/templates/_heat_config_helpers.tpl delete mode 100644 heat/templates/_helpers.tpl create mode 100644 heat/templates/bin/_db-init.sh.tpl rename heat/templates/{jobs/keystone/user => }/bin/_ks-domain-user.sh.tpl (100%) delete mode 100644 heat/templates/config/contents/_heat-cache.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-db.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-endpoints.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-keystone.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-log.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-messaging.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-options.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-paste.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-stack-domain.conf.tpl delete mode 100644 heat/templates/config/contents/_heat-trustee.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-api.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cfn.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl delete mode 100644 heat/templates/config/contents/components/_heat-engine.conf.tpl delete mode 100755 heat/templates/config/heat-api-paste.ini.yaml delete mode 100644 heat/templates/config/heat-api.conf.yaml delete mode 100644 heat/templates/config/heat-cache.conf.yaml delete mode 100644 heat/templates/config/heat-cfn.conf.yaml delete mode 100644 heat/templates/config/heat-cloudwatch.conf.yaml delete mode 100644 heat/templates/config/heat-db.conf.yaml delete mode 100644 heat/templates/config/heat-endpoints.conf.yaml delete mode 100644 heat/templates/config/heat-engine.conf.yaml delete mode 100644 heat/templates/config/heat-log.conf.yaml delete mode 100644 heat/templates/config/heat-messaging.conf.yaml delete mode 100644 heat/templates/config/heat-options.conf.yaml delete mode 100644 heat/templates/config/heat-paste.conf.yaml delete mode 100644 heat/templates/config/heat-policy.json.yaml create mode 100644 heat/templates/configmap-bin.yaml create mode 100644 heat/templates/configmap-etc.yaml rename heat/templates/{config/heat-keystone-admin.env.yaml => configmap-keystone-admin.env.yaml} (100%) rename heat/templates/{config/heat-stack-domain.conf.yaml => configmap-keystone-stack-user.env.yaml} (71%) rename heat/templates/{config/heat-trustee.conf.yaml => configmap-keystone-trustee.env.yaml} (82%) rename heat/templates/{config/heat-keystone.conf.yaml => configmap-keystone-user.env.yaml} (81%) rename heat/templates/{deployment/api/api.yaml => deployment-api.yaml} (70%) rename heat/templates/{deployment/cfn/cfn.yaml => deployment-cfn.yaml} (70%) rename heat/templates/{deployment/cloudwatch/cloudwatch.yaml => deployment-cloudwatch.yaml} (70%) delete mode 100755 heat/templates/deployment/api/api.sh.yaml delete mode 100755 heat/templates/deployment/api/bin/_api.sh.tpl delete mode 100644 heat/templates/deployment/cfn/bin/_cfn.sh.tpl delete mode 100644 heat/templates/deployment/cfn/cfn.sh.yaml delete mode 100644 heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl delete mode 100644 heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml rename heat/templates/{config/contents => etc}/_heat-api-paste.ini.tpl (99%) mode change 100755 => 100644 rename heat/templates/{config/contents => etc}/_heat-policy.json.tpl (100%) create mode 100644 heat/templates/etc/_heat.conf.tpl rename heat/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename heat/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 heat/templates/job-ks-endpoints.yaml.yaml rename heat/templates/{jobs/keystone/service/ks-service.yaml => job-ks-service.yaml} (54%) rename heat/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (55%) delete mode 100644 heat/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 heat/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 heat/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100755 heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 heat/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 heat/templates/jobs/keystone/user/ks-user.sh.yaml rename heat/templates/{statefulset/engine/engine.yaml => statefulset-engine.yaml} (71%) delete mode 100644 heat/templates/statefulset/engine/bin/_engine.sh.tpl delete mode 100644 heat/templates/statefulset/engine/engine.sh.yaml diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 0170b4eb5c..5f1be74867 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -1,9 +1,139 @@ #----------------------------------------- # endpoints #----------------------------------------- -{{- define "endpoint_keystone_internal" -}} -{{- with .Values.endpoints.keystone -}} - {{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}} + +# this function returns the endpoint uri for a service, it takes an tuple +# input in ther form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointScheme := index $endpointMap "scheme" }} +{{- $endpointPath := index $endpointMap "path" }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} {{- end -}} {{- end -}} + +# this should be a generic function leveraging a tuple +# for input, e.g. { endpoint keystone internal . } +# however, constructing this appears to be a +# herculean effort in gotpl + +{{- define "endpoint_keystone_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_keystone_admin" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.keystone -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_metadata_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_nova_novncproxy_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.nova -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_glance_registry_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.glance -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}} +{{- end -}} +{{- end -}} + +{{- define "endpoint_neutron_api_internal" -}} +{{- $fqdn := .Release.Namespace -}} +{{- if .Values.endpoints.fqdn -}} +{{- $fqdn := .Values.endpoints.fqdn -}} +{{- end -}} +{{- with .Values.endpoints.neutron -}} + {{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint type lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple heat . | include "ks_endpoint_type" } +# will return "orchestration" + +{{- define "endpoint_type_lookup" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $endpointType := index $endpointMap "type" }} +{{- $endpointType | quote -}} +{{- end -}} + + +#------------------------------- +# kolla helpers +#------------------------------- +{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl index e83d171a97..fe6c9a675e 100644 --- a/common/templates/_funcs.tpl +++ b/common/templates/_funcs.tpl @@ -21,4 +21,3 @@ {{- $wtf := $context.Template.Name | replace $last $name -}} {{- include $wtf $context | sha256sum | quote -}} {{- end -}} - diff --git a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/common/templates/scripts/_ks-endpoints.sh.tpl similarity index 97% rename from heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl rename to common/templates/scripts/_ks-endpoints.sh.tpl index 3f802d2313..1c70a499a1 100755 --- a/heat/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ b/common/templates/scripts/_ks-endpoints.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_endpoints" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -61,3 +62,4 @@ fi # Display the Endpoint openstack endpoint show ${OS_ENDPOINT_ID} +{{- end }} diff --git a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/common/templates/scripts/_ks-service.sh.tpl similarity index 96% rename from heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl rename to common/templates/scripts/_ks-service.sh.tpl index 4777d08c48..7c6f2580f3 100644 --- a/heat/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ b/common/templates/scripts/_ks-service.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_service" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -33,3 +34,4 @@ if [[ -z ${OS_SERVICE_ID} ]]; then --enable \ "${OS_SERVICE_TYPE}") fi +{{- end }} diff --git a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/common/templates/scripts/_ks-user.sh.tpl similarity index 83% rename from heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl rename to common/templates/scripts/_ks-user.sh.tpl index fdc7358b32..e815da3049 100644 --- a/heat/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ b/common/templates/scripts/_ks-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -17,20 +18,22 @@ set -ex # Manage user project +USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="${USER_PROJECT_DESC}" \ "${SERVICE_OS_PROJECT_NAME}"); # Display project openstack project show "${USER_PROJECT_ID}" # Manage user +USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" USER_ID=$(openstack user create --or-show --enable -f value -c id \ --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --description="${USER_DESC}" \ --password="${SERVICE_OS_PASSWORD}" \ "${SERVICE_OS_USERNAME}"); @@ -54,3 +57,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE}" \ --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ --user="${USER_ID}" +{{- end }} diff --git a/common/templates/snippets/_ks_env_openrc.tpl b/common/templates/snippets/_ks_env_openrc.tpl new file mode 100644 index 0000000000..140ce25c97 --- /dev/null +++ b/common/templates/snippets/_ks_env_openrc.tpl @@ -0,0 +1,40 @@ +{{- define "env_ks_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/common/templates/snippets/_ks_env_user_create_openrc.tpl b/common/templates/snippets/_ks_env_user_create_openrc.tpl new file mode 100644 index 0000000000..5ce6e58077 --- /dev/null +++ b/common/templates/snippets/_ks_env_user_create_openrc.tpl @@ -0,0 +1,33 @@ +{{- define "env_ks_user_create_openrc_tpl" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/heat/templates/_heat_config_helpers.tpl b/heat/templates/_heat_config_helpers.tpl deleted file mode 100644 index eb0878881a..0000000000 --- a/heat/templates/_heat_config_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ -{{- define "heat_config_volume_mounts" }} -- name: pod-etc-heat - mountPath: /etc/heat -- name: pod-var-cache-heat - mountPath: /var/cache/heat -- name: heat-json-policy - mountPath: /etc/heat/policy.json - subPath: policy.json - readOnly: true -- name: heat-conf-cache - mountPath: /etc/heat/conf/heat-cache.conf - subPath: heat-cache.conf - readOnly: true -- name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true -- name: heat-conf-endpoints - mountPath: /etc/heat/conf/heat-endpoints.conf - subPath: heat-endpoints.conf - readOnly: true -- name: heat-conf-keystone - mountPath: /etc/heat/conf/heat-keystone.conf - subPath: heat-keystone.conf - readOnly: true -- name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf - readOnly: true -- name: heat-conf-messaging - mountPath: /etc/heat/conf/heat-messaging.conf - subPath: heat-messaging.conf - readOnly: true -- name: heat-conf-options - mountPath: /etc/heat/conf/heat-options.conf - subPath: heat-options.conf - readOnly: true -- name: heat-conf-paste - mountPath: /etc/heat/conf/heat-paste.conf - subPath: heat-paste.conf - readOnly: true -- name: heat-conf-stack-domain - mountPath: /etc/heat/conf/heat-stack-domain.conf - subPath: heat-stack-domain.conf - readOnly: true -- name: heat-conf-trustee - mountPath: /etc/heat/conf/heat-trustee.conf - subPath: heat-trustee.conf - readOnly: true -{{- end }} - -{{- define "heat_config_volumes" }} -- name: pod-etc-heat - emptyDir: {} -- name: pod-var-cache-heat - emptyDir: {} -- name: heat-json-policy - configMap: - name: heat-json-policy -- name: heat-conf-cache - configMap: - name: heat-conf-cache -- name: heat-conf-db - secret: - secretName: heat-conf-db -- name: heat-conf-endpoints - configMap: - name: heat-conf-endpoints -- name: heat-conf-keystone - secret: - secretName: heat-conf-keystone -- name: heat-conf-log - configMap: - name: heat-conf-log -- name: heat-conf-messaging - secret: - secretName: heat-conf-messaging -- name: heat-conf-options - configMap: - name: heat-conf-options -- name: heat-conf-paste - configMap: - name: heat-conf-paste -- name: heat-conf-stack-domain - secret: - secretName: heat-conf-stack-domain -- name: heat-conf-trustee - secret: - secretName: heat-conf-trustee -{{- end }} diff --git a/heat/templates/_helpers.tpl b/heat/templates/_helpers.tpl deleted file mode 100644 index 745e619571..0000000000 --- a/heat/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/heat/templates/bin/_db-init.sh.tpl b/heat/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..ba1c302c03 --- /dev/null +++ b/heat/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.heat_user }}' \ + password='{{ .Values.database.heat_password }}' \ + host='%' \ + priv='{{ .Values.database.heat_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl b/heat/templates/bin/_ks-domain-user.sh.tpl similarity index 100% rename from heat/templates/jobs/keystone/user/bin/_ks-domain-user.sh.tpl rename to heat/templates/bin/_ks-domain-user.sh.tpl diff --git a/heat/templates/config/contents/_heat-cache.conf.tpl b/heat/templates/config/contents/_heat-cache.conf.tpl deleted file mode 100644 index a6fd1728e8..0000000000 --- a/heat/templates/config/contents/_heat-cache.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[cache] -enabled = "True" -backend = oslo_cache.memcache_pool -memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-db.conf.tpl b/heat/templates/config/contents/_heat-db.conf.tpl deleted file mode 100644 index 0213e750a0..0000000000 --- a/heat/templates/config/contents/_heat-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} -max_retries = -1 diff --git a/heat/templates/config/contents/_heat-endpoints.conf.tpl b/heat/templates/config/contents/_heat-endpoints.conf.tpl deleted file mode 100644 index f9fc3fd077..0000000000 --- a/heat/templates/config/contents/_heat-endpoints.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} -heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition -heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} diff --git a/heat/templates/config/contents/_heat-keystone.conf.tpl b/heat/templates/config/contents/_heat-keystone.conf.tpl deleted file mode 100644 index 994981572b..0000000000 --- a/heat/templates/config/contents/_heat-keystone.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -[keystone_authtoken] -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_region_name }} -project_domain_name = {{ .Values.keystone.heat_project_domain }} -project_name = {{ .Values.keystone.heat_project_name }} -user_domain_name = {{ .Values.keystone.heat_user_domain }} -username = {{ .Values.keystone.heat_user }} -password = {{ .Values.keystone.heat_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/_heat-log.conf.tpl b/heat/templates/config/contents/_heat-log.conf.tpl deleted file mode 100644 index a0ec3d1f2f..0000000000 --- a/heat/templates/config/contents/_heat-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/heat/templates/config/contents/_heat-messaging.conf.tpl b/heat/templates/config/contents/_heat-messaging.conf.tpl deleted file mode 100644 index 819bd099f3..0000000000 --- a/heat/templates/config/contents/_heat-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/heat/templates/config/contents/_heat-options.conf.tpl b/heat/templates/config/contents/_heat-options.conf.tpl deleted file mode 100644 index 1f764f7912..0000000000 --- a/heat/templates/config/contents/_heat-options.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -enable_stack_adopt = "True" -enable_stack_abandon = "True" diff --git a/heat/templates/config/contents/_heat-paste.conf.tpl b/heat/templates/config/contents/_heat-paste.conf.tpl deleted file mode 100644 index 5d6dcd6411..0000000000 --- a/heat/templates/config/contents/_heat-paste.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[paste_deploy] -config_file = /etc/heat/heat-api-paste.ini diff --git a/heat/templates/config/contents/_heat-stack-domain.conf.tpl b/heat/templates/config/contents/_heat-stack-domain.conf.tpl deleted file mode 100644 index 75afba0804..0000000000 --- a/heat/templates/config/contents/_heat-stack-domain.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} -stack_domain_admin = {{ .Values.keystone.heat_stack_user }} -stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} diff --git a/heat/templates/config/contents/_heat-trustee.conf.tpl b/heat/templates/config/contents/_heat-trustee.conf.tpl deleted file mode 100644 index 41776515af..0000000000 --- a/heat/templates/config/contents/_heat-trustee.conf.tpl +++ /dev/null @@ -1,22 +0,0 @@ -[DEFAULT] -trusts_delegated_roles = "Member" -deferred_auth_method = "trusts" - -[trustee] -auth_type = "password" -auth_section = "trustee_keystone" - -[trustee_keystone] - -auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -region_name = {{ .Values.keystone.heat_trustee_region_name }} -user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} -username = {{ .Values.keystone.heat_trustee_user }} -password = {{ .Values.keystone.heat_trustee_password }} - -signing_dir = "/var/cache/heat" - -memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" diff --git a/heat/templates/config/contents/components/_heat-api.conf.tpl b/heat/templates/config/contents/components/_heat-api.conf.tpl deleted file mode 100644 index 6828788896..0000000000 --- a/heat/templates/config/contents/components/_heat-api.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api] -bind_port = {{ .Values.service.api.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.api.workers }} diff --git a/heat/templates/config/contents/components/_heat-cfn.conf.tpl b/heat/templates/config/contents/components/_heat-cfn.conf.tpl deleted file mode 100644 index d6c42a1796..0000000000 --- a/heat/templates/config/contents/components/_heat-cfn.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cfn] -bind_port = {{ .Values.service.cfn.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cfn.workers }} diff --git a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl b/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl deleted file mode 100644 index b99262222b..0000000000 --- a/heat/templates/config/contents/components/_heat-cloudwatch.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[heat_api_cloudwatch] -bind_port = {{ .Values.service.cloudwatch.port }} -bind_host = 0.0.0.0 -workers = {{ .Values.resources.cloudwatch.workers }} diff --git a/heat/templates/config/contents/components/_heat-engine.conf.tpl b/heat/templates/config/contents/components/_heat-engine.conf.tpl deleted file mode 100644 index 1a22c602c6..0000000000 --- a/heat/templates/config/contents/components/_heat-engine.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -num_engine_workers = {{ .Values.resources.engine.workers }} diff --git a/heat/templates/config/heat-api-paste.ini.yaml b/heat/templates/config/heat-api-paste.ini.yaml deleted file mode 100755 index 22031118a2..0000000000 --- a/heat/templates/config/heat-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-api.conf.yaml b/heat/templates/config/heat-api.conf.yaml deleted file mode 100644 index cffa497ac0..0000000000 --- a/heat/templates/config/heat-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-api -data: - heat-api.conf: |+ -{{ tuple "contents/components/_heat-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cache.conf.yaml b/heat/templates/config/heat-cache.conf.yaml deleted file mode 100644 index b7b4eb9ed9..0000000000 --- a/heat/templates/config/heat-cache.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cache -data: - heat-cache.conf: | -{{ tuple "contents/_heat-cache.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cfn.conf.yaml b/heat/templates/config/heat-cfn.conf.yaml deleted file mode 100644 index 3d1c96511a..0000000000 --- a/heat/templates/config/heat-cfn.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cfn -data: - heat-cfn.conf: |+ -{{ tuple "contents/components/_heat-cfn.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-cloudwatch.conf.yaml b/heat/templates/config/heat-cloudwatch.conf.yaml deleted file mode 100644 index cf244f76a6..0000000000 --- a/heat/templates/config/heat-cloudwatch.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-cloudwatch -data: - heat-cloudwatch.conf: |+ -{{ tuple "contents/components/_heat-cloudwatch.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-db.conf.yaml b/heat/templates/config/heat-db.conf.yaml deleted file mode 100644 index a8e2cf20d2..0000000000 --- a/heat/templates/config/heat-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-db -type: Opaque -data: - heat-db.conf: | -{{ tuple "contents/_heat-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-endpoints.conf.yaml b/heat/templates/config/heat-endpoints.conf.yaml deleted file mode 100644 index 535e90cfff..0000000000 --- a/heat/templates/config/heat-endpoints.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-endpoints -data: - heat-endpoints.conf: | -{{ tuple "contents/_heat-endpoints.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-engine.conf.yaml b/heat/templates/config/heat-engine.conf.yaml deleted file mode 100644 index cb5855786a..0000000000 --- a/heat/templates/config/heat-engine.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-engine -data: - heat-engine.conf: |+ -{{ tuple "contents/components/_heat-engine.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-log.conf.yaml b/heat/templates/config/heat-log.conf.yaml deleted file mode 100644 index 86a5a19be3..0000000000 --- a/heat/templates/config/heat-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-log -data: - heat-log.conf: |+ -{{ tuple "contents/_heat-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-messaging.conf.yaml b/heat/templates/config/heat-messaging.conf.yaml deleted file mode 100644 index 2bb408a68b..0000000000 --- a/heat/templates/config/heat-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: heat-conf-messaging -type: Opaque -data: - heat-messaging.conf: | -{{ tuple "contents/_heat-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/heat/templates/config/heat-options.conf.yaml b/heat/templates/config/heat-options.conf.yaml deleted file mode 100644 index 8ac2ebf4ba..0000000000 --- a/heat/templates/config/heat-options.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-options -data: - heat-options.conf: | -{{ tuple "contents/_heat-options.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-paste.conf.yaml b/heat/templates/config/heat-paste.conf.yaml deleted file mode 100644 index 29f96e71da..0000000000 --- a/heat/templates/config/heat-paste.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-conf-paste -data: - heat-paste.conf: | -{{ tuple "contents/_heat-paste.conf.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-policy.json.yaml b/heat/templates/config/heat-policy.json.yaml deleted file mode 100644 index 1b96f2a57c..0000000000 --- a/heat/templates/config/heat-policy.json.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-json-policy -data: - api-paste.ini: |+ -{{ tuple "contents/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml new file mode 100644 index 0000000000..41e3ce81fe --- /dev/null +++ b/heat/templates/configmap-bin.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} + ks-domain-user.sh: |+ +{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml new file mode 100644 index 0000000000..c3039714c8 --- /dev/null +++ b/heat/templates/configmap-etc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: heat-etc +data: + heat.conf: |+ +{{ tuple "etc/_heat.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_heat-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_heat-policy.json.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/heat-keystone-admin.env.yaml b/heat/templates/configmap-keystone-admin.env.yaml similarity index 100% rename from heat/templates/config/heat-keystone-admin.env.yaml rename to heat/templates/configmap-keystone-admin.env.yaml diff --git a/heat/templates/config/heat-stack-domain.conf.yaml b/heat/templates/configmap-keystone-stack-user.env.yaml similarity index 71% rename from heat/templates/config/heat-stack-domain.conf.yaml rename to heat/templates/configmap-keystone-stack-user.env.yaml index f870bf29ee..e95e5f3f8a 100644 --- a/heat/templates/config/heat-stack-domain.conf.yaml +++ b/heat/templates/configmap-keystone-stack-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-stack-domain + name: heat-env-keystone-stack-user type: Opaque data: - heat-stack-domain.conf: | -{{ tuple "contents/_heat-stack-domain.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }} OS_DOMAIN_NAME: | diff --git a/heat/templates/config/heat-trustee.conf.yaml b/heat/templates/configmap-keystone-trustee.env.yaml similarity index 82% rename from heat/templates/config/heat-trustee.conf.yaml rename to heat/templates/configmap-keystone-trustee.env.yaml index 57906ad636..72a74bdf14 100644 --- a/heat/templates/config/heat-trustee.conf.yaml +++ b/heat/templates/configmap-keystone-trustee.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-trustee + name: heat-env-keystone-trustee type: Opaque data: - heat-trustee.conf: | -{{ tuple "contents/_heat-trustee.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/config/heat-keystone.conf.yaml b/heat/templates/configmap-keystone-user.env.yaml similarity index 81% rename from heat/templates/config/heat-keystone.conf.yaml rename to heat/templates/configmap-keystone-user.env.yaml index 514a577445..c3730107e8 100644 --- a/heat/templates/config/heat-keystone.conf.yaml +++ b/heat/templates/configmap-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: heat-conf-keystone + name: heat-env-keystone-user type: Opaque data: - heat-keystone.conf: | -{{ tuple "contents/_heat-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/heat/templates/deployment/api/api.yaml b/heat/templates/deployment-api.yaml similarity index 70% rename from heat/templates/deployment/api/api.yaml rename to heat/templates/deployment-api.yaml index 451769051d..781aa72a46 100755 --- a/heat/templates/deployment/api/api.yaml +++ b/heat/templates/deployment-api.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.api }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.api.port }} readinessProbe: tcpSocket: port: {{ .Values.service.api.port }} volumeMounts: - - name: heat-api-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-api - mountPath: /etc/heat/conf/heat-api.conf - subPath: heat-api.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-api-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-api-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-api + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-api -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cfn/cfn.yaml b/heat/templates/deployment-cfn.yaml similarity index 70% rename from heat/templates/deployment/cfn/cfn.yaml rename to heat/templates/deployment-cfn.yaml index 4063084ea8..7d10b9ec54 100644 --- a/heat/templates/deployment/cfn/cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cfn }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cfn + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cfn.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cfn.port }} volumeMounts: - - name: heat-cfn-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cfn - mountPath: /etc/heat/conf/heat-cfn.conf - subPath: heat-cfn.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cfn-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cfn-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cfn + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cfn -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml similarity index 70% rename from heat/templates/deployment/cloudwatch/cloudwatch.yaml rename to heat/templates/deployment-cloudwatch.yaml index 396633e19a..3bd5c8d037 100644 --- a/heat/templates/deployment/cloudwatch/cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -42,35 +42,42 @@ spec: image: {{ .Values.images.cloudwatch }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-api-cloudwatch + - --config-dir + - /etc/heat/conf ports: - containerPort: {{ .Values.service.cloudwatch.port }} readinessProbe: tcpSocket: port: {{ .Values.service.cloudwatch.port }} volumeMounts: - - name: heat-cloudwatch-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-ini-api-paste + - name: heatpaste mountPath: /etc/heat/api-paste.ini subPath: api-paste.ini readOnly: true - - name: heat-conf-cloudwatch - mountPath: /etc/heat/conf/heat-cloudwatch.conf - subPath: heat-cloudwatch.conf + - name: heatpolicy + mountPath: /etc/heat/policy.json + subPath: policy.json readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-cloudwatch-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-cloudwatch-sh - - name: heat-ini-api-paste + name: heat-etc + - name: heatpaste configMap: - name: heat-ini-api-paste - - name: heat-conf-cloudwatch + name: heat-etc + - name: heatpolicy configMap: - name: heat-conf-cloudwatch -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/deployment/api/api.sh.yaml b/heat/templates/deployment/api/api.sh.yaml deleted file mode 100755 index ff6918201c..0000000000 --- a/heat/templates/deployment/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/api/bin/_api.sh.tpl b/heat/templates/deployment/api/bin/_api.sh.tpl deleted file mode 100755 index d4cc64865b..0000000000 --- a/heat/templates/deployment/api/bin/_api.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl b/heat/templates/deployment/cfn/bin/_cfn.sh.tpl deleted file mode 100644 index 30dcfad519..0000000000 --- a/heat/templates/deployment/cfn/bin/_cfn.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cfn --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cfn/cfn.sh.yaml b/heat/templates/deployment/cfn/cfn.sh.yaml deleted file mode 100644 index 71efedd864..0000000000 --- a/heat/templates/deployment/cfn/cfn.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cfn-sh -data: - start.sh: |+ -{{ tuple "bin/_cfn.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl b/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl deleted file mode 100644 index 4703d33e03..0000000000 --- a/heat/templates/deployment/cloudwatch/bin/_cloudwatch.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-api-cloudwatch --config-dir /etc/heat/conf diff --git a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml b/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml deleted file mode 100644 index 6127e95bf5..0000000000 --- a/heat/templates/deployment/cloudwatch/cloudwatch.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-cloudwatch-sh -data: - start.sh: |+ -{{ tuple "bin/_cloudwatch.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/config/contents/_heat-api-paste.ini.tpl b/heat/templates/etc/_heat-api-paste.ini.tpl old mode 100755 new mode 100644 similarity index 99% rename from heat/templates/config/contents/_heat-api-paste.ini.tpl rename to heat/templates/etc/_heat-api-paste.ini.tpl index 5ea89b5aee..ad6501e662 --- a/heat/templates/config/contents/_heat-api-paste.ini.tpl +++ b/heat/templates/etc/_heat-api-paste.ini.tpl @@ -1,4 +1,3 @@ - # heat-api pipeline [pipeline:heat-api] pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app diff --git a/heat/templates/config/contents/_heat-policy.json.tpl b/heat/templates/etc/_heat-policy.json.tpl similarity index 100% rename from heat/templates/config/contents/_heat-policy.json.tpl rename to heat/templates/etc/_heat-policy.json.tpl diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl new file mode 100644 index 0000000000..d4faf13038 --- /dev/null +++ b/heat/templates/etc/_heat.conf.tpl @@ -0,0 +1,84 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +deferred_auth_method = "trusts" + +enable_stack_adopt = "True" +enable_stack_abandon = "True" + +heat_metadata_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }} +heat_waitcondition_server_url = {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1/waitcondition +heat_watch_server_url = {{ .Values.service.cloudwatch.proto }}://{{ .Values.service.cloudwatch.name }}:{{ .Values.service.cloudwatch.port }} + +num_engine_workers = {{ .Values.resources.engine.workers }} + +stack_user_domain_name = {{ .Values.keystone.heat_stack_user_domain }} +stack_domain_admin = {{ .Values.keystone.heat_stack_user }} +stack_domain_admin_password = {{ .Values.keystone.heat_stack_password }} + +trusts_delegated_roles = "Member" + +[cache] +enabled = "True" +backend = oslo_cache.memcache_pool +memcache_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" + +[database] +connection = mysql+pymysql://{{ .Values.database.heat_user }}:{{ .Values.database.heat_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.heat_database_name }} +max_retries = -1 + +[keystone_authtoken] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_region_name }} +project_domain_name = {{ .Values.keystone.heat_project_domain }} +project_name = {{ .Values.keystone.heat_project_name }} +user_domain_name = {{ .Values.keystone.heat_user_domain }} +username = {{ .Values.keystone.heat_user }} +password = {{ .Values.keystone.heat_password }} + +[heat_api] +bind_port = {{ .Values.service.api.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.api.workers }} + +[heat_api_cloudwatch] +bind_port = {{ .Values.service.cloudwatch.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cloudwatch.workers }} + +[heat_api_cfn] +bind_port = {{ .Values.service.cfn.port }} +bind_host = 0.0.0.0 +workers = {{ .Values.resources.cfn.workers }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[paste_deploy] +config_file = /etc/heat/api-paste.ini + +[trustee] +auth_type = "password" +auth_section = "trustee_keystone" + +[trustee_keystone] +signing_dir = "/var/cache/heat" +memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" +auth_version = v3 +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +region_name = {{ .Values.keystone.heat_trustee_region_name }} +user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} +username = {{ .Values.keystone.heat_trustee_user }} +password = {{ .Values.keystone.heat_trustee_password }} diff --git a/heat/templates/jobs/db/init/db-init.yaml b/heat/templates/job-db-init.yaml similarity index 88% rename from heat/templates/jobs/db/init/db-init.yaml rename to heat/templates/job-db-init.yaml index a7d15d76c3..affd85693c 100644 --- a/heat/templates/jobs/db/init/db-init.yaml +++ b/heat/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: heat-db-init-sh + name: heat-bin diff --git a/heat/templates/jobs/db/sync/db-sync.yaml b/heat/templates/job-db-sync.yaml similarity index 66% rename from heat/templates/jobs/db/sync/db-sync.yaml rename to heat/templates/job-db-sync.yaml index b42da03273..3c66c4c5af 100644 --- a/heat/templates/jobs/db/sync/db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -38,32 +38,21 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - heat-manage + args: + - --config-dir + - /etc/heat/conf + - db_sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-heat mountPath: /etc/heat - - name: heat-conf-db - mountPath: /etc/heat/conf/heat-db.conf - subPath: heat-db.conf - readOnly: true - - name: heat-conf-log - mountPath: /etc/heat/conf/heat-log.conf - subPath: heat-log.conf + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: heat-db-sync-sh - name: pod-etc-heat emptyDir: {} - - name: heat-conf-db - secret: - secretName: heat-conf-db - - name: heat-conf-log + - name: heatconf configMap: - name: heat-conf-log + name: heat-etc diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 0000000000..ec01159e9f --- /dev/null +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: heat-bin diff --git a/heat/templates/jobs/keystone/service/ks-service.yaml b/heat/templates/job-ks-service.yaml similarity index 54% rename from heat/templates/jobs/keystone/service/ks-service.yaml rename to heat/templates/job-ks-service.yaml index 8a03bf2696..a66d7c8034 100644 --- a/heat/templates/jobs/keystone/service/ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job metadata: @@ -31,13 +32,39 @@ spec: restartPolicy: OnFailure containers: - name: heat-ks-service-orchestration -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat" - name: OS_SERVICE_TYPE value: "orchestration" - name: heat-ks-service-cloudformation -{{ include "container_ks_service" . | indent 10 }} + image: {{ .Values.images.ks_service }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: OS_SERVICE_NAME value: "heat-cfn" - name: OS_SERVICE_TYPE @@ -45,4 +72,4 @@ spec: volumes: - name: ks-service-sh configMap: - name: heat-ks-service-sh + name: heat-bin diff --git a/heat/templates/jobs/keystone/user/ks-user.yaml b/heat/templates/job-ks-user.yaml similarity index 55% rename from heat/templates/jobs/keystone/user/ks-user.yaml rename to heat/templates/job-ks-user.yaml index f243474e94..ae19b217a9 100644 --- a/heat/templates/jobs/keystone/user/ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,3 +1,8 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user +{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} +{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -42,39 +47,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user @@ -89,39 +69,14 @@ spec: subPath: ks-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: heat-conf-trustee - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_user_role | quote }} - name: heat-ks-domain-user @@ -136,32 +91,34 @@ spec: subPath: ks-domain-user.sh readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: - name: heat-conf-stack-domain + name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: heat-ks-user-sh + name: heat-bin diff --git a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl b/heat/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 2c4cc09ee1..0000000000 --- a/heat/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.heat_user }}' password='{{ .Values.database.heat_password }}' host='%' priv='{{ .Values.database.heat_database_name }}.*:ALL' append_privs='yes'" diff --git a/heat/templates/jobs/db/init/db-init.sh.yaml b/heat/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 9f8b2262ee..0000000000 --- a/heat/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index 4532bdfe0b..0000000000 --- a/heat/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -heat-manage --config-dir /etc/heat/conf db_sync diff --git a/heat/templates/jobs/db/sync/db-sync.sh.yaml b/heat/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index 59aaa8d24c..0000000000 --- a/heat/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100755 index 04ed895793..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100755 index 84f6617189..0000000000 --- a/heat/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: heat-ks-endpoints-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat - - name: OS_SERVICE_TYPE - value: orchestration - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/\$(project_id)s - - name: heat-ks-endpoints-cfn-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: admin - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: internal - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - - name: heat-ks-endpoints-cfn-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SVC_ENDPOINT - value: public - - name: OS_SERVICE_NAME - value: heat-cfn - - name: OS_SERVICE_TYPE - value: cloudformation - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.cfn.proto }}://{{ .Values.service.cfn.name }}:{{ .Values.service.cfn.port }}/v1 - volumes: - - name: ks-endpoints-sh - configMap: - name: heat-ks-endpoints-sh diff --git a/heat/templates/jobs/keystone/service/ks-service.sh.yaml b/heat/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index 4c30bee642..0000000000 --- a/heat/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/jobs/keystone/user/ks-user.sh.yaml b/heat/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index d9e6730b12..0000000000 --- a/heat/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} - ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/templates/statefulset/engine/engine.yaml b/heat/templates/statefulset-engine.yaml similarity index 71% rename from heat/templates/statefulset/engine/engine.yaml rename to heat/templates/statefulset-engine.yaml index 5e25152328..8b79d9f4a4 100644 --- a/heat/templates/statefulset/engine/engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -43,23 +43,23 @@ spec: image: {{ .Values.images.engine }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/start.sh + - heat-engine + - --config-dir + - /etc/heat/conf volumeMounts: - - name: heat-engine-sh - mountPath: /tmp/start.sh - subPath: start.sh + - name: pod-etc-heat + mountPath: /etc/heat + - name: pod-var-cache-heat + mountPath: /var/cache/heat + - name: heatconf + mountPath: /etc/heat/conf/heat.conf + subPath: heat.conf readOnly: true - - name: heat-conf-engine - mountPath: /etc/heat/conf/heat-engine.conf - subPath: heat-engine.conf - readOnly: true -{{ include "heat_config_volume_mounts" . | indent 12 }} volumes: - - name: heat-engine-sh + - name: pod-etc-heat + emptyDir: {} + - name: pod-var-cache-heat + emptyDir: {} + - name: heatconf configMap: - name: heat-engine-sh - - name: heat-conf-engine - configMap: - name: heat-conf-engine -{{ include "heat_config_volumes" . | indent 8 }} + name: heat-etc diff --git a/heat/templates/statefulset/engine/bin/_engine.sh.tpl b/heat/templates/statefulset/engine/bin/_engine.sh.tpl deleted file mode 100644 index dabae086c4..0000000000 --- a/heat/templates/statefulset/engine/bin/_engine.sh.tpl +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -ex - -exec heat-engine --config-dir /etc/heat/conf diff --git a/heat/templates/statefulset/engine/engine.sh.yaml b/heat/templates/statefulset/engine/engine.sh.yaml deleted file mode 100644 index 534d6ef8df..0000000000 --- a/heat/templates/statefulset/engine/engine.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: heat-engine-sh -data: - start.sh: |+ -{{ tuple "bin/_engine.sh.tpl" . | include "template" | indent 4 }} diff --git a/heat/values.yaml b/heat/values.yaml index cba2b59e62..dca675b541 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -99,6 +99,9 @@ resources: misc: debug: false +secrets: + keystone_admin: + dependencies: db_init: jobs: @@ -153,3 +156,42 @@ dependencies: service: - keystone-api - mariadb + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + heat: + hosts: + default: heat-api + path: '/v1/%(project_id)s' + type: orchestration + scheme: 'http' + port: + api: 8004 + heat_cfn: + hosts: + default: heat-cfn + path: /v1 + type: cloudformation + scheme: 'http' + port: + api: 8000 +# Cloudwatch does not get an entry in the keystone service catalog + heat_cloudwatch: + hosts: + default: heat-cloudwatch + path: null + type: null + scheme: 'http' + port: + api: 8003 From 75d3cb659f9fadb29b759eb28ea79ebb6451e47b Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:26:48 +0000 Subject: [PATCH 3/6] Heat rebase against current master --- Makefile | 21 ++++---- common/templates/_endpoints.tpl | 52 +++++++++---------- ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...ml => secret-keystone-stack-user.env.yaml} | 0 ....yaml => secret-keystone-trustee.env.yaml} | 0 ...env.yaml => secret-keystone-user.env.yaml} | 0 6 files changed, 34 insertions(+), 39 deletions(-) rename heat/templates/{configmap-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename heat/templates/{configmap-keystone-stack-user.env.yaml => secret-keystone-stack-user.env.yaml} (100%) rename heat/templates/{configmap-keystone-trustee.env.yaml => secret-keystone-trustee.env.yaml} (100%) rename heat/templates/{configmap-keystone-user.env.yaml => secret-keystone-user.env.yaml} (100%) diff --git a/Makefile b/Makefile index d7345126e3..e3c08d22c4 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone heat memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon heat openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon heat openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack common: build-common @@ -19,14 +19,18 @@ mariadb: build-mariadb keystone: build-keystone -heat: build-heat - horizon: build-horizon rabbitmq: build-rabbitmq glance: build-glance +neutron: build-neutron + +heat: build-heat + +maas: build-maas + memcached: build-memcached openstack: build-openstack @@ -42,10 +46,3 @@ build-%: if [ -f $*/requirements.yaml ]; then helm dep up $*; fi helm lint $* helm package $* - -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl index 5f1be74867..fe0a7d1888 100644 --- a/common/templates/_endpoints.tpl +++ b/common/templates/_endpoints.tpl @@ -2,32 +2,6 @@ # endpoints #----------------------------------------- -# this function returns the endpoint uri for a service, it takes an tuple -# input in ther form: service-name, endpoint-class, port-name. eg: -# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } -# will return the appropriate URI - -{{- define "endpoint_addr_lookup" -}} -{{- $name := index . 0 -}} -{{- $endpoint := index . 1 -}} -{{- $port := index . 2 -}} -{{- $context := index . 3 -}} -{{- $nameNorm := $name | replace "-" "_" }} -{{- $endpointMap := index $context.Values.endpoints $nameNorm }} -{{- $endpointScheme := index $endpointMap "scheme" }} -{{- $endpointPath := index $endpointMap "path" }} -{{- $fqdn := $context.Release.Namespace -}} -{{- if $context.Values.endpoints.fqdn -}} -{{- $fqdn := $context.Values.endpoints.fqdn -}} -{{- end -}} -{{- with $endpointMap -}} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} -{{- end -}} -{{- end -}} - - # this should be a generic function leveraging a tuple # for input, e.g. { endpoint keystone internal . } # however, constructing this appears to be a @@ -113,6 +87,31 @@ {{- end -}} {{- end -}} +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-name, endpoint-class, port-name. eg: +# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_addr_lookup" -}} +{{- $name := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $nameNorm := $name | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $nameNorm }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + #------------------------------- # endpoint type lookup @@ -132,7 +131,6 @@ {{- $endpointType | quote -}} {{- end -}} - #------------------------------- # kolla helpers #------------------------------- diff --git a/heat/templates/configmap-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-admin.env.yaml rename to heat/templates/secret-keystone-admin.env.yaml diff --git a/heat/templates/configmap-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-stack-user.env.yaml rename to heat/templates/secret-keystone-stack-user.env.yaml diff --git a/heat/templates/configmap-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-trustee.env.yaml rename to heat/templates/secret-keystone-trustee.env.yaml diff --git a/heat/templates/configmap-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml similarity index 100% rename from heat/templates/configmap-keystone-user.env.yaml rename to heat/templates/secret-keystone-user.env.yaml From 4e6f72476141fd0f31f2d3aef4ad42e496d445ba Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:56:15 +0000 Subject: [PATCH 4/6] Update Heat Service Creation Job --- heat/templates/job-ks-service.yaml | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index a66d7c8034..ad5d75f138 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,3 +1,4 @@ +{{- $envAll := . }} {{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} apiVersion: batch/v1 kind: Job @@ -31,9 +32,10 @@ spec: spec: restartPolicy: OnFailure containers: - - name: heat-ks-service-orchestration - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} +{{- range $key1, $osServiceName := tuple "heat" "heat-cfn" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: - bash - /tmp/ks-service.sh @@ -47,28 +49,10 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: "heat" + value: {{ $osServiceName }} - name: OS_SERVICE_TYPE - value: "orchestration" - - name: heat-ks-service-cloudformation - image: {{ .Values.images.ks_service }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "env_ks_openrc_tpl" $env | indent 12 }} + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} {{- end }} - - name: OS_SERVICE_NAME - value: "heat-cfn" - - name: OS_SERVICE_TYPE - value: "cloudformation" volumes: - name: ks-service-sh configMap: From 4403ed40c7afd377504f1f366ae2759613499e1f Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 00:58:27 +0000 Subject: [PATCH 5/6] Add Heat to developer documentation --- docs/developer/minikube.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index b005c3ff9f..4ee88495a8 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -163,6 +163,7 @@ $ helm install --name=horizon local/horizon --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack +$ helm install --name=heat local/heat --namespace=openstack ``` # Horizon Management @@ -173,7 +174,7 @@ After each chart is deployed, you may wish to change the typical service endpoin $ sudo kubectl edit svc horizon -n openstack ``` -With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). +With the deployed manifest in edit mode, you can enable `nodePort` by replicating some of the fields below (specifically, the `nodePort` lines). ``` apiVersion: v1 @@ -224,7 +225,7 @@ $ kubectl exec mariadb-0 -it -n openstack -- mysql -uroot -ppassword -e 'show da | mysql | | performance_schema | +--------------------+ -$ +$ ``` **Helm Server/Repository**
@@ -251,7 +252,7 @@ $ helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com/ local http://localhost:8879/charts -$ +$ $ helm repo remove local ``` From d8a07ee1cbee0154ecead3aed9882092c84822b5 Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 19:50:33 +0000 Subject: [PATCH 6/6] Update Heat PR to relect changes reqested in review This commit addresses the concerns raised in: https://github.com/att-comdev/openstack-helm/pull/77#pullrequestreview-15758654 --- .../templates/scripts}/_ks-domain-user.sh.tpl | 2 ++ heat/templates/configmap-bin.yaml | 2 +- heat/templates/deployment-api.yaml | 2 +- heat/templates/deployment-cfn.yaml | 2 +- heat/templates/deployment-cloudwatch.yaml | 2 +- heat/templates/etc/_heat.conf.tpl | 6 ++---- heat/templates/job-ks-endpoints.yaml.yaml | 2 +- heat/templates/job-ks-service.yaml | 2 +- heat/templates/job-ks-user.yaml | 10 +++++----- heat/templates/secret-keystone-admin.env.yaml | 2 +- .../templates/secret-keystone-stack-user.env.yaml | 2 +- heat/templates/secret-keystone-trustee.env.yaml | 2 +- heat/templates/secret-keystone-user.env.yaml | 2 +- heat/templates/statefulset-engine.yaml | 2 +- heat/values.yaml | 15 +++++++++++++-- 15 files changed, 33 insertions(+), 22 deletions(-) rename {heat/templates/bin => common/templates/scripts}/_ks-domain-user.sh.tpl (97%) diff --git a/heat/templates/bin/_ks-domain-user.sh.tpl b/common/templates/scripts/_ks-domain-user.sh.tpl similarity index 97% rename from heat/templates/bin/_ks-domain-user.sh.tpl rename to common/templates/scripts/_ks-domain-user.sh.tpl index 4b4f940245..44bfd27684 100644 --- a/heat/templates/bin/_ks-domain-user.sh.tpl +++ b/common/templates/scripts/_ks-domain-user.sh.tpl @@ -1,3 +1,4 @@ +{{- define "common_keystone_domain_user" }} #!/bin/bash # Copyright 2017 Pete Birley @@ -53,3 +54,4 @@ openstack role assignment list \ --role="${SERVICE_OS_ROLE_ID}" \ --user-domain="${SERVICE_OS_DOMAIN_ID}" \ --user="${SERVICE_OS_USERID}" +{{- end }} diff --git a/heat/templates/configmap-bin.yaml b/heat/templates/configmap-bin.yaml index 41e3ce81fe..27da8c6947 100644 --- a/heat/templates/configmap-bin.yaml +++ b/heat/templates/configmap-bin.yaml @@ -12,4 +12,4 @@ data: ks-user.sh: |+ {{- include "common_keystone_user" . | indent 4 }} ks-domain-user.sh: |+ -{{ tuple "bin/_ks-domain-user.sh.tpl" . | include "template" | indent 4 }} +{{- include "common_keystone_domain_user" . | indent 4 }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 781aa72a46..759571c4e3 100755 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} template: metadata: labels: diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 7d10b9ec54..94d6d55e35 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cfn spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cfn }} template: metadata: labels: diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 3bd5c8d037..d4753011c6 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: heat-cloudwatch spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.cloudwatch }} template: metadata: labels: diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl index d4faf13038..e902fe7114 100644 --- a/heat/templates/etc/_heat.conf.tpl +++ b/heat/templates/etc/_heat.conf.tpl @@ -33,8 +33,7 @@ max_retries = -1 signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_region_name }} project_domain_name = {{ .Values.keystone.heat_project_domain }} @@ -75,8 +74,7 @@ auth_section = "trustee_keystone" signing_dir = "/var/cache/heat" memcached_servers = "{{ .Values.memcached.host }}:{{ .Values.memcached.port }}" auth_version = v3 -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password region_name = {{ .Values.keystone.heat_trustee_region_name }} user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }} diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml index ec01159e9f..4b3f30036a 100644 --- a/heat/templates/job-ks-endpoints.yaml.yaml +++ b/heat/templates/job-ks-endpoints.yaml.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml index ad5d75f138..3ce06a12a1 100644 --- a/heat/templates/job-ks-service.yaml +++ b/heat/templates/job-ks-service.yaml @@ -1,5 +1,5 @@ {{- $envAll := . }} -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} apiVersion: batch/v1 kind: Job metadata: diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index ae19b217a9..66981c9f0d 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -1,8 +1,8 @@ -{{- $ksAdminSecret := .Values.keystone.admin_secret | default "heat-env-keystone-admin" }} -{{- $ksUserSecret := .Values.keystone.user_secret | default "heat-env-keystone-user" }} +{{- $ksAdminSecret := .Values.keystone_secrets.admin }} +{{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user -{{- $ksTrusteeUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-trustee" }} -{{- $ksStackUserSecret := .Values.keystone.trustee_user_secret | default "heat-env-keystone-stack-user" }} +{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }} +{{- $ksStackUserSecret := .Values.keystone_secrets.stack }} apiVersion: batch/v1 kind: Job metadata: @@ -78,7 +78,7 @@ spec: {{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE - value: {{ .Values.keystone.heat_trustee_user_role | quote }} + value: {{ .Values.keystone.heat_trustee_role | quote }} - name: heat-ks-domain-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} diff --git a/heat/templates/secret-keystone-admin.env.yaml b/heat/templates/secret-keystone-admin.env.yaml index 275c1d2798..ddbc7cece2 100644 --- a/heat/templates/secret-keystone-admin.env.yaml +++ b/heat/templates/secret-keystone-admin.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-admin + name: {{ .Values.keystone_secrets.admin }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-stack-user.env.yaml b/heat/templates/secret-keystone-stack-user.env.yaml index e95e5f3f8a..703bd37097 100644 --- a/heat/templates/secret-keystone-stack-user.env.yaml +++ b/heat/templates/secret-keystone-stack-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-stack-user + name: {{ .Values.keystone_secrets.stack }} type: Opaque data: OS_REGION_NAME: | diff --git a/heat/templates/secret-keystone-trustee.env.yaml b/heat/templates/secret-keystone-trustee.env.yaml index 72a74bdf14..63db347e87 100644 --- a/heat/templates/secret-keystone-trustee.env.yaml +++ b/heat/templates/secret-keystone-trustee.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-trustee + name: {{ .Values.keystone_secrets.trustee }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/secret-keystone-user.env.yaml b/heat/templates/secret-keystone-user.env.yaml index c3730107e8..f54a264f1b 100644 --- a/heat/templates/secret-keystone-user.env.yaml +++ b/heat/templates/secret-keystone-user.env.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: heat-env-keystone-user + name: {{ .Values.keystone_secrets.user }} type: Opaque data: OS_AUTH_URL: | diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml index 8b79d9f4a4..0478e39173 100644 --- a/heat/templates/statefulset-engine.yaml +++ b/heat/templates/statefulset-engine.yaml @@ -4,7 +4,7 @@ metadata: name: heat-engine spec: serviceName: heat-engine - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.engine }} template: metadata: labels: diff --git a/heat/values.yaml b/heat/values.yaml index dca675b541..6373aa22de 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -3,7 +3,12 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 + +replicas: + api: 1 + cfn: 1 + cloudwatch: 1 + engine: 1 labels: node_selector_key: openstack-control-plane @@ -22,6 +27,12 @@ images: engine: docker.io/kolla/ubuntu-source-heat-engine:3.0.1 pull_policy: "IfNotPresent" +keystone_secrets: + admin: "heat-env-keystone-admin" + user: "heat-env-keystone-user" + trustee: "heat-env-keystone-trustee" + stack: "heat-env-keystone-stack-user" + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" @@ -42,7 +53,7 @@ keystone: heat_trustee_user: "heat-trust" heat_trustee_user_domain: "default" - heat_trustee_user_role: "admin" + heat_trustee_role: "admin" heat_trustee_password: "password" heat_trustee_project_name: "service" heat_trustee_project_domain: "default"