From 38407e93780b703d087097946ed12f76f4f71490 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 14 Mar 2017 09:25:04 -0500 Subject: [PATCH 1/2] Update Nova Keystone Jobs --- nova/templates/bin/_post.sh.tpl | 71 ------------------ nova/templates/configmap-bin.yaml | 6 ++ nova/templates/job-db-init.yaml | 2 +- nova/templates/job-ks-endpoints.yaml | 73 +++++++++++++++++++ nova/templates/job-ks-service.yaml | 67 +++++++++++++++++ .../{job-post.yaml => job-ks-user.yaml} | 49 +++++++------ nova/templates/secret-keystone-admin.env.yaml | 34 +++++++++ nova/templates/secret-keystone-user.env.yaml | 34 +++++++++ nova/values.yaml | 35 ++++----- 9 files changed, 257 insertions(+), 114 deletions(-) delete mode 100644 nova/templates/bin/_post.sh.tpl create mode 100644 nova/templates/job-ks-endpoints.yaml create mode 100644 nova/templates/job-ks-service.yaml rename nova/templates/{job-post.yaml => job-ks-user.yaml} (51%) create mode 100644 nova/templates/secret-keystone-admin.env.yaml create mode 100644 nova/templates/secret-keystone-user.env.yaml diff --git a/nova/templates/bin/_post.sh.tpl b/nova/templates/bin/_post.sh.tpl deleted file mode 100644 index 0afd1ae545..0000000000 --- a/nova/templates/bin/_post.sh.tpl +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ -service_type=compute \ -description='Openstack Compute' \ -endpoint_region={{ .Values.keystone.nova_region_name }} \ -url='{{ tuple "compute" "admin" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=admin \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_nova_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ -service_type=compute \ -description='Openstack Compute' \ -endpoint_region={{ .Values.keystone.nova_region_name }} \ -url='{{ tuple "compute" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=internal \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_nova_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_service -a "service_name=nova \ -service_type=compute \ -description='Openstack Compute' \ -endpoint_region={{ .Values.keystone.nova_region_name }} \ -url='{{ tuple "compute" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ -interface=public \ -region_name={{ .Values.keystone.admin_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_nova_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -ansible localhost -vvv -m kolla_keystone_user -a "project=service \ -user={{ .Values.keystone.nova_user }} \ -password={{ .Values.keystone.nova_password }} \ -role=admin \ -region_name={{ .Values.keystone.nova_region_name }} \ -auth='{{ include "helm-toolkit.keystone_auth" .}}'" \ --e "{'openstack_nova_auth':{{ include "helm-toolkit.keystone_auth" .}}}" - -cat </tmp/openrc -export OS_USERNAME={{.Values.keystone.admin_user}} -export OS_PASSWORD={{.Values.keystone.admin_password}} -export OS_PROJECT_DOMAIN_NAME={{.Values.keystone.admin_user_domain}} -export OS_USER_DOMAIN_NAME={{.Values.keystone.admin_user_domain}} -export OS_PROJECT_NAME={{.Values.keystone.admin_project_name}} -export OS_AUTH_URL={{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} -export OS_AUTH_STRATEGY=keystone -export OS_REGION_NAME={{.Values.keystone.admin_region_name}} -export OS_INSECURE=1 -EOF - -. /tmp/openrc -openstack --debug role create --or-show _member_ diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index aa55edaeda..3c680644cf 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -19,6 +19,12 @@ metadata: data: db-sync.sh: | {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + ks-service.sh: |+ +{{- include "helm-toolkit.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.keystone_user" . | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} post.sh: | diff --git a/nova/templates/job-db-init.yaml b/nova/templates/job-db-init.yaml index 94009c4d25..7107b97566 100644 --- a/nova/templates/job-db-init.yaml +++ b/nova/templates/job-db-init.yaml @@ -13,7 +13,7 @@ # limitations under the License. {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.db_init }} apiVersion: batch/v1 kind: Job metadata: diff --git a/nova/templates/job-ks-endpoints.yaml b/nova/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..3852a0e9c5 --- /dev/null +++ b/nova/templates/job-ks-endpoints.yaml @@ -0,0 +1,73 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "compute" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.nova_ks_endpoints.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.nova_ks_endpoints.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.nova_ks_endpoints.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.nova_ks_endpoints.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: nova-bin diff --git a/nova/templates/job-ks-service.yaml b/nova/templates/job-ks-service.yaml new file mode 100644 index 0000000000..a30cdc162c --- /dev/null +++ b/nova/templates/job-ks-service.yaml @@ -0,0 +1,67 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_service }} +apiVersion: batch/v1 +kind: Job +metadata: + name: nova-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "compute" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.nova_ks_service.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.nova_ks_service.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.nova_ks_service.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.nova_ks_service.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: nova-bin diff --git a/nova/templates/job-post.yaml b/nova/templates/job-ks-user.yaml similarity index 51% rename from nova/templates/job-post.yaml rename to nova/templates/job-ks-user.yaml index ab160ca704..43c62851d4 100644 --- a/nova/templates/job-post.yaml +++ b/nova/templates/job-ks-user.yaml @@ -12,12 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "nova-env-keystone-user" }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.post }} +{{- $dependencies := .Values.dependencies.ks_user }} apiVersion: batch/v1 kind: Job metadata: - name: nova-post + name: nova-ks-user spec: template: metadata: @@ -30,35 +32,38 @@ spec: nodeSelector: {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} containers: - - name: nova-post - image: {{ .Values.images.post }} + - name: nova-ks-user + image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} {{- if .Values.resources.enabled }} resources: requests: - memory: {{ .Values.resources.nova_post.requests.memory | quote }} - cpu: {{ .Values.resources.nova_post.requests.cpu | quote }} + memory: {{ .Values.resources.nova_ks_user.requests.memory | quote }} + cpu: {{ .Values.resources.nova_ks_user.requests.cpu | quote }} limits: - memory: {{ .Values.resources.nova_post.limits.memory | quote }} - cpu: {{ .Values.resources.nova_post.limits.cpu | quote }} + memory: {{ .Values.resources.nova_ks_user.limits.memory | quote }} + cpu: {{ .Values.resources.nova_ks_user.limits.cpu | quote }} {{- end }} command: - bash - - /tmp/post.sh - env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ + - /tmp/ks-user.sh volumeMounts: - - name: novaconf - mountPath: /etc/nova/nova.conf - subPath: nova.conf - - name: nova-bin - mountPath: /tmp/post.sh - subPath: post.sh + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "nova" +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "helm-toolkit.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.nova_user_role | quote }} volumes: - - name: novaconf - configMap: - name: nova-etc - - name: nova-bin + - name: ks-user-sh configMap: name: nova-bin diff --git a/nova/templates/secret-keystone-admin.env.yaml b/nova/templates/secret-keystone-admin.env.yaml new file mode 100644 index 0000000000..fc978bc7a0 --- /dev/null +++ b/nova/templates/secret-keystone-admin.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: nova-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/nova/templates/secret-keystone-user.env.yaml b/nova/templates/secret-keystone-user.env.yaml new file mode 100644 index 0000000000..6bb58661e0 --- /dev/null +++ b/nova/templates/secret-keystone-user.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: nova-env-keystone-user +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.nova_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.nova_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.nova_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.nova_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.nova_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.nova_password | b64enc | indent 4 }} diff --git a/nova/values.yaml b/nova/values.yaml index 4a605862c3..ca77d72368 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -29,6 +29,9 @@ compute_replicas: 1 images: db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton db_sync: quay.io/stackanetes/stackanetes-nova-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-nova-api:newton conductor: quay.io/stackanetes/stackanetes-nova-conductor:newton scheduler: quay.io/stackanetes/stackanetes-nova-scheduler:newton @@ -36,7 +39,6 @@ images: consoleauth: quay.io/stackanetes/stackanetes-nova-consoleauth:newton compute: quay.io/stackanetes/stackanetes-nova-compute:newton libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton - post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -132,33 +134,31 @@ memcached: dependencies: api: jobs: - - keystone-db-sync - - nova-db-init - nova-db-sync + - nova-ks-user + - nova-ks-endpoints service: - mariadb - db_sync: + db_init: jobs: - - nova-db-init - - keystone-db-init - mariadb-seed service: - mariadb db_sync: jobs: - nova-db-init - - keystone-db-init - - mariadb-seed - - keystone-db-sync service: - mariadb - post: + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: jobs: - - nova-db-init - - keystone-db-init - - mariadb-seed + - nova-ks-service service: - - mariadb - keystone-api init: jobs: @@ -167,7 +167,7 @@ dependencies: - mariadb compute: jobs: - - nova-post + - nova-db-sync service: - keystone-api - nova-api @@ -175,17 +175,12 @@ dependencies: - ovs-agent libvirt: jobs: - - nova-db-init - - nova-post - nova-db-sync service: - keystone-api - nova-api consoleauth: jobs: - - mariadb-seed - - keystone-db-sync - - nova-db-init - nova-db-sync service: - mariadb From 661de5be9edda537f30b4568186cdfd14c2887d1 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Wed, 15 Mar 2017 09:51:01 -0500 Subject: [PATCH 2/2] Remove extraneous items from configmaps --- nova/templates/configmap-bin.yaml | 2 -- nova/values.yaml | 5 ----- 2 files changed, 7 deletions(-) diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml index 3c680644cf..8235102a19 100644 --- a/nova/templates/configmap-bin.yaml +++ b/nova/templates/configmap-bin.yaml @@ -27,7 +27,5 @@ data: {{- include "helm-toolkit.keystone_user" . | indent 4 }} init.sh: | {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - post.sh: | -{{ tuple "bin/_post.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} libvirt.sh: | {{ tuple "bin/_libvirt.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} diff --git a/nova/values.yaml b/nova/values.yaml index ca77d72368..b91f2f0e6e 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -160,11 +160,6 @@ dependencies: - nova-ks-service service: - keystone-api - init: - jobs: - - mariadb-seed - service: - - mariadb compute: jobs: - nova-db-sync