From 94a8d348a9863188dc4e214831b80af2c3ba52c4 Mon Sep 17 00:00:00 2001 From: sunile Date: Tue, 6 Sep 2022 20:08:52 +0000 Subject: [PATCH] Added horizon to install as default component Added horizon to the openstack umbrella chart to deploy but disabled by default. Change-Id: Ia835c0c142d0e0878623af9165d595a386b7c4c2 --- openstack/Chart.yaml | 6 +- openstack/charts/horizon | 1 + openstack/values.yaml | 5 + .../values_overrides/horizon/apparmor.yaml | 15 +++ .../values_overrides/horizon/netpol.yaml | 56 +++++++++ openstack/values_overrides/horizon/tls.yaml | 112 ++++++++++++++++++ .../horizon/train-ubuntu_bionic.yaml | 9 ++ .../horizon/ussuri-ubuntu_bionic.yaml | 9 ++ .../horizon/victoria-ubuntu_focal.yaml | 9 ++ .../horizon/wallaby-ubuntu_focal.yaml | 9 ++ .../horizon/xena-ubuntu_focal.yaml | 9 ++ .../horizon/yoga-ubuntu_focal.yaml | 9 ++ releasenotes/notes/openstack.yaml | 1 + .../deployment/component/common/openstack.sh | 12 ++ zuul.d/jobs-openstack-helm.yaml | 25 ++++ zuul.d/project.yaml | 1 + 16 files changed, 287 insertions(+), 1 deletion(-) create mode 120000 openstack/charts/horizon create mode 100644 openstack/values_overrides/horizon/apparmor.yaml create mode 100644 openstack/values_overrides/horizon/netpol.yaml create mode 100644 openstack/values_overrides/horizon/tls.yaml create mode 100644 openstack/values_overrides/horizon/train-ubuntu_bionic.yaml create mode 100644 openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml create mode 100644 openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml create mode 100644 openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml create mode 100644 openstack/values_overrides/horizon/xena-ubuntu_focal.yaml create mode 100644 openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml diff --git a/openstack/Chart.yaml b/openstack/Chart.yaml index ca70765eb3..ed6cba6a22 100644 --- a/openstack/Chart.yaml +++ b/openstack/Chart.yaml @@ -49,10 +49,14 @@ dependencies: repository: file://../neutron version: ">0.1.0" condition: neutron.enabled +- name: horizon + repository: file://../horizon + version: ">0.1.0" + condition: horizon.enabled description: A chart for openstack helm commmon deployment items name: openstack type: application -version: 0.1.5 +version: 0.1.6 maintainers: - name: OpenStack-Helm Authors diff --git a/openstack/charts/horizon b/openstack/charts/horizon new file mode 120000 index 0000000000..76edbbe54e --- /dev/null +++ b/openstack/charts/horizon @@ -0,0 +1 @@ +../../horizon \ No newline at end of file diff --git a/openstack/values.yaml b/openstack/values.yaml index b55689d784..31ab3044b9 100644 --- a/openstack/values.yaml +++ b/openstack/values.yaml @@ -72,6 +72,11 @@ placement: enabled: true helm3_hook: false +horizon: + release_group: horizon + enabled: false + helm3_hook: false + neutron: release_group: neutron enabled: true diff --git a/openstack/values_overrides/horizon/apparmor.yaml b/openstack/values_overrides/horizon/apparmor.yaml new file mode 100644 index 0000000000..e967403646 --- /dev/null +++ b/openstack/values_overrides/horizon/apparmor.yaml @@ -0,0 +1,15 @@ +--- +horizon: + pod: + mandatory_access_control: + type: apparmor + horizon: + horizon: runtime/default + init: runtime/default + horizon-db-sync: + horizon-db-sync: runtime/default + init: runtime/default + horizon-test: + init: runtime/default + horizon-test: runtime/default +... diff --git a/openstack/values_overrides/horizon/netpol.yaml b/openstack/values_overrides/horizon/netpol.yaml new file mode 100644 index 0000000000..d2be299d49 --- /dev/null +++ b/openstack/values_overrides/horizon/netpol.yaml @@ -0,0 +1,56 @@ +--- +horizon: + manifests: + network_policy: true + network_policy: + horizon: + ingress: + - from: + - podSelector: + matchLabels: + application: horizon + - from: + - podSelector: + matchLabels: + application: prometheus-openstack-exporter + - from: + - podSelector: + matchLabels: + application: ingress + ports: + - port: 80 + protocol: TCP + - port: 443 + protocol: TCP + egress: + - to: + - podSelector: + matchLabels: + application: neutron + - to: + - podSelector: + matchLabels: + application: nova + - to: + - podSelector: + matchLabels: + application: glance + - to: + - podSelector: + matchLabels: + application: cinder + - to: + - podSelector: + matchLabels: + application: keystone + - to: + - podSelector: + matchLabels: + application: heat + - to: + - ipBlock: + cidr: %%%REPLACE_API_ADDR%%%/32 + ports: + - protocol: TCP + port: %%%REPLACE_API_PORT%%% +... diff --git a/openstack/values_overrides/horizon/tls.yaml b/openstack/values_overrides/horizon/tls.yaml new file mode 100644 index 0000000000..a104067913 --- /dev/null +++ b/openstack/values_overrides/horizon/tls.yaml @@ -0,0 +1,112 @@ +--- +horizon: + network: + dashboard: + ingress: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "https" + conf: + software: + apache2: + a2enmod: + - headers + - rewrite + - ssl + horizon: + apache: | + + Listen 0.0.0.0:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + ServerName horizon-int.openstack.svc.cluster.local + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] + + + + ServerName horizon-int.openstack.svc.cluster.local + WSGIScriptReloading On + WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages + WSGIProcessGroup horizon-http + WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi + WSGIPassAuthorization On + + RewriteEngine On + RewriteCond %{REQUEST_METHOD} !^(POST|PUT|GET|DELETE|PATCH) + RewriteRule .* - [F] + + + Require all granted + + + Alias /static /var/www/html/horizon + + SetHandler static + + + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /dev/stdout + TransferLog /dev/stdout + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + ErrorLog /dev/stdout + SSLEngine on + SSLCertificateFile /etc/openstack-dashboard/certs/tls.crt + SSLCertificateKeyFile /etc/openstack-dashboard/certs/tls.key + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + SSLHonorCipherOrder on + + local_settings: + config: + use_ssl: "True" + csrf_cookie_secure: "True" + csrf_cookie_httponly: "True" + enforce_password_check: "True" + session_cookie_secure: "True" + session_cookie_httponly: "True" + endpoints: + identity: + auth: + admin: + cacert: /etc/ssl/certs/openstack-helm.crt + scheme: + default: https + port: + api: + default: 443 + dashboard: + host_fqdn_override: + default: + tls: + secretName: horizon-tls-web + issuerRef: + name: ca-issuer + kind: ClusterIssuer + scheme: + default: https + public: https + port: + web: + default: 443 + public: 443 + ingress: + port: + ingress: + default: 443 + manifests: + certificates: true +... diff --git a/openstack/values_overrides/horizon/train-ubuntu_bionic.yaml b/openstack/values_overrides/horizon/train-ubuntu_bionic.yaml new file mode 100644 index 0000000000..95d786018b --- /dev/null +++ b/openstack/values_overrides/horizon/train-ubuntu_bionic.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:train-ubuntu_bionic + db_drop: docker.io/openstackhelm/heat:train-ubuntu_bionic + horizon_db_sync: docker.io/openstackhelm/horizon:train-ubuntu_bionic + horizon: docker.io/openstackhelm/horizon:train-ubuntu_bionic +... diff --git a/openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml b/openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml new file mode 100644 index 0000000000..74b4ec0861 --- /dev/null +++ b/openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:ussuri-ubuntu_bionic + db_drop: docker.io/openstackhelm/heat:ussuri-ubuntu_bionic + horizon_db_sync: docker.io/openstackhelm/horizon:ussuri-ubuntu_bionic + horizon: docker.io/openstackhelm/horizon:ussuri-ubuntu_bionic +... diff --git a/openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml b/openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml new file mode 100644 index 0000000000..515e2c89f7 --- /dev/null +++ b/openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:victoria-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:victoria-ubuntu_focal + horizon_db_sync: docker.io/openstackhelm/horizon:victoria-ubuntu_focal + horizon: docker.io/openstackhelm/horizon:victoria-ubuntu_focal +... diff --git a/openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml b/openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml new file mode 100644 index 0000000000..01cceddf09 --- /dev/null +++ b/openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal + horizon_db_sync: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal + horizon: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal +... diff --git a/openstack/values_overrides/horizon/xena-ubuntu_focal.yaml b/openstack/values_overrides/horizon/xena-ubuntu_focal.yaml new file mode 100644 index 0000000000..fd1094e2e8 --- /dev/null +++ b/openstack/values_overrides/horizon/xena-ubuntu_focal.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal + horizon_db_sync: docker.io/openstackhelm/horizon:xena-ubuntu_focal + horizon: docker.io/openstackhelm/horizon:xena-ubuntu_focal +... diff --git a/openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml b/openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml new file mode 100644 index 0000000000..3371ea86a3 --- /dev/null +++ b/openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml @@ -0,0 +1,9 @@ +--- +horizon: + images: + tags: + db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal + horizon_db_sync: docker.io/openstackhelm/horizon:yoga-ubuntu_focal + horizon: docker.io/openstackhelm/horizon:yoga-ubuntu_focal +... diff --git a/releasenotes/notes/openstack.yaml b/releasenotes/notes/openstack.yaml index 77235c8151..1c177cc55b 100644 --- a/releasenotes/notes/openstack.yaml +++ b/releasenotes/notes/openstack.yaml @@ -6,4 +6,5 @@ openstack: - 0.1.3 Add neutron_netns_cleanup_cron release image override, so that the respective release image is used - 0.1.4 Remove links in openstack/charts - 0.1.5 Revert Remove links in openstack/charts + - 0.1.6 Added horizon to install as default component. ... diff --git a/tools/deployment/component/common/openstack.sh b/tools/deployment/component/common/openstack.sh index 7c4519dc8c..9e26a474b0 100755 --- a/tools/deployment/component/common/openstack.sh +++ b/tools/deployment/component/common/openstack.sh @@ -70,6 +70,7 @@ export HELM_CHART_ROOT_PATH="../openstack-helm/openstack" : ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova subchart)"} : ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement subchart)"} : ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron subchart)"} +: ${OSH_EXTRA_HELM_ARGS_HORIZON:="$(./tools/deployment/common/get-values-overrides.sh horizon subchart)"} #NOTE: Lint and package chart make -C ${HELM_CHART_ROOT_PATH} . @@ -95,6 +96,7 @@ helm upgrade --install $release openstack/ \ ${OSH_EXTRA_HELM_ARGS_MEMCACHED} \ ${OSH_EXTRA_HELM_ARGS_KEYSTONE} \ ${OSH_EXTRA_HELM_ARGS_HEAT} \ + ${OSH_EXTRA_HELM_ARGS_HORIZON} \ ${OSH_EXTRA_HELM_ARGS_GLANCE} \ ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} \ ${OSH_EXTRA_HELM_ARGS_LIBVIRT} \ @@ -120,6 +122,16 @@ fi #NOTE: Wait for deploy ./tools/deployment/common/wait-for-pods.sh $namespace 1800 +# list pods and services +echo "------------------ List kube-system pods and servics ------------" +kubectl -n kube-system get pods +kubectl -n kube-system get services + +echo +echo "----------------- List openstack pods and services ---------------" +kubectl -n openstack get pods +kubectl -n openstack get services + #NOTE: Validate Deployment info openstack service list sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml index 107c0fafff..2160e324c0 100644 --- a/zuul.d/jobs-openstack-helm.yaml +++ b/zuul.d/jobs-openstack-helm.yaml @@ -172,6 +172,7 @@ files: - ^glance/.*$ - ^heat/.*$ + - ^horizon/.*$ - ^keystone/.*$ - ^neutron/.*$ - ^nova/.*$ @@ -257,6 +258,30 @@ container_distro_name: ubuntu container_distro_version: focal +- job: + name: openstack-helm-horizon-victoria-ubuntu_focal + parent: openstack-helm-chart-deploy + files: + - ^horizon/.*$ + - ^zuul\.d/.*$ + - ^tools/deployment/component/horizon/.*$ + vars: + osh_params: + openstack_release: victoria + container_distro_name: ubuntu + container_distro_version: focal + gate_scripts_relative_path: ../openstack-helm + gate_scripts: + - ./tools/deployment/common/install-packages.sh + - ./tools/gate/deploy-k8s.sh + - ./tools/deployment/common/setup-client.sh + - ./tools/deployment/component/common/ingress.sh + - ./tools/deployment/component/common/mariadb.sh + - ./tools/deployment/component/common/memcached.sh + - ./tools/deployment/component/common/rabbitmq.sh + - ./tools/deployment/component/keystone/keystone.sh + - ./tools/deployment/component/horizon/horizon.sh + - job: name: openstack-helm-horizon-wallaby-ubuntu_focal parent: openstack-helm-chart-deploy diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 9f9b285b55..fd0058ca6a 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -35,6 +35,7 @@ # TODO(gagehugo): Fix and enable these job # - openstack-helm-compute-kit-xena-ubuntu_focal # - openstack-helm-compute-kit-yoga-ubuntu_focal + - openstack-helm-horizon-victoria-ubuntu_focal - openstack-helm-horizon-wallaby-ubuntu_focal - openstack-helm-keystone-ldap gate: