diff --git a/doc/source/install/developer/deploy-with-ceph.rst b/doc/source/install/developer/deploy-with-ceph.rst index a06388d9cf..1a5625a447 100644 --- a/doc/source/install/developer/deploy-with-ceph.rst +++ b/doc/source/install/developer/deploy-with-ceph.rst @@ -171,6 +171,20 @@ Alternatively, this step can be performed by running the script directly: ./tools/deployment/developer/ceph/110-nagios.sh +Deploy Rados Gateway for OSH-Infra +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. literalinclude:: ../../../../tools/deployment/developer/ceph/115-radosgw-osh-infra.sh + :language: shell + :lines: 1,17- + +Alternatively, this step can be performed by running the script directly: + +.. code-block:: shell + + ./tools/deployment/developer/ceph/115-radosgw-osh-infra.sh + + Deploy Elasticsearch ^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/source/install/multinode.rst b/doc/source/install/multinode.rst index 427d8523b6..eb2f5db92c 100644 --- a/doc/source/install/multinode.rst +++ b/doc/source/install/multinode.rst @@ -184,6 +184,19 @@ Alternatively, this step can be performed by running the script directly: ./tools/deployment/multinode/110-nagios.sh +Deploy Rados Gateway for OSH-Infra +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. literalinclude:: ../../../tools/deployment/multinode/115-radosgw-osh-infra.sh + :language: shell + :lines: 1,17- + +Alternatively, this step can be performed by running the script directly: + +.. code-block:: shell + + ./tools/deployment/multinode/115-radosgw-osh-infra.sh + Deploy Elasticsearch ^^^^^^^^^^^^^^^^^^^^ diff --git a/elasticsearch/templates/bin/_ceph-admin-keyring.sh.tpl b/elasticsearch/templates/bin/_ceph-admin-keyring.sh.tpl new file mode 100644 index 0000000000..f3c0a521db --- /dev/null +++ b/elasticsearch/templates/bin/_ceph-admin-keyring.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat < /etc/ceph/ceph.client.admin.keyring +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/elasticsearch/templates/bin/_helm-tests.sh.tpl b/elasticsearch/templates/bin/_helm-tests.sh.tpl index 817689d0ff..7036df8e6a 100644 --- a/elasticsearch/templates/bin/_helm-tests.sh.tpl +++ b/elasticsearch/templates/bin/_helm-tests.sh.tpl @@ -77,6 +77,20 @@ function check_hits_on_test_data () { fi } +function check_snapshot_repositories () { + {{ range $repository := .Values.conf.elasticsearch.snapshots.repositories }} + repository={{$repository.name}} + repository_search_result=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ + "${ELASTICSEARCH_ENDPOINT}/_cat/repositories" | awk '{print $1}' | grep "\<$repository\>") + if [ "$repository_search_result" == "$repository" ]; then + echo "PASS: The snapshot repository $repository exists!" + else + echo "FAIL: The snapshot repository $respository does not exist! Exiting now"; + exit 1; + fi +{{ end }} +} + function remove_test_index () { echo "Deleting index created for service testing" curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ @@ -86,4 +100,7 @@ function remove_test_index () { create_test_index insert_data_into_test_index check_hits_on_test_data +{{ if .Values.conf.elasticsearch.snapshots.enabled }} +check_snapshot_repositories +{{ end }} remove_test_index diff --git a/elasticsearch/templates/bin/_register-repository.sh.tpl b/elasticsearch/templates/bin/_register-repository.sh.tpl index 76154ca6b3..7d31119f2e 100644 --- a/elasticsearch/templates/bin/_register-repository.sh.tpl +++ b/elasticsearch/templates/bin/_register-repository.sh.tpl @@ -15,15 +15,22 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{ $envAll := . }} + set -ex -exec curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ - "${ELASTICSEARCH_ENDPOINT}/_snapshot/${REPO_NAME}" \ +{{ range $repository := $envAll.Values.conf.elasticsearch.snapshots.repositories }} +curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ + "${ELASTICSEARCH_HOST}/_snapshot/{{$repository.name}}" \ -H 'Content-Type: application/json' -d' { - "type": "'"$REPO_TYPE"'", + "type": "s3", "settings": { - "location": "'"$REPO_LOCATION"'", - "compress": true + "endpoint": "'"$RGW_HOST"'", + "protocol": "http", + "bucket": "'"$S3_BUCKET"'", + "access_key": "'"$S3_ACCESS_KEY"'", + "secret_key": "'"$S3_SECRET_KEY"'" } }' +{{ end }} diff --git a/elasticsearch/templates/configmap-bin.yaml b/elasticsearch/templates/configmap-bin.yaml index 585227498f..742bb17455 100644 --- a/elasticsearch/templates/configmap-bin.yaml +++ b/elasticsearch/templates/configmap-bin.yaml @@ -28,6 +28,12 @@ data: {{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} helm-tests.sh: | {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ceph-admin-keyring.sh: | +{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + create-s3-bucket.py: | +{{- include "helm-toolkit.scripts.create_s3_bucket" . | indent 4 }} + create-s3-user.sh: | +{{- include "helm-toolkit.scripts.create_s3_user" . | indent 4 }} register-repository.sh: | {{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} curator.sh: | diff --git a/elasticsearch/templates/configmap-etc.yaml b/elasticsearch/templates/configmap-etc.yaml index d81bf78a61..0cf390f8d9 100644 --- a/elasticsearch/templates/configmap-etc.yaml +++ b/elasticsearch/templates/configmap-etc.yaml @@ -17,8 +17,23 @@ limitations under the License. {{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} -{{- if and (.Values.conf.elasticsearch.repository.enabled) (empty .Values.conf.elasticsearch.config.path.repo) -}} -{{- set .Values.conf.elasticsearch.config.path "repo" .Values.conf.elasticsearch.repository.location -}} +{{- if empty .Values.conf.elasticsearch.config.cloud.aws.access_key -}} +{{- set .Values.conf.elasticsearch.config.cloud.aws "access_key" .Values.endpoints.ceph_object_store.auth.elasticsearch.access_key -}} +{{- end -}} + +{{- if empty .Values.conf.elasticsearch.config.cloud.aws.secret_key -}} +{{- set .Values.conf.elasticsearch.config.cloud.aws "secret_key" .Values.endpoints.ceph_object_store.auth.elasticsearch.secret_key -}} +{{- end -}} + +{{- if empty .Values.endpoints.ceph_object_store.path.default -}} +{{- set .Values.endpoints.ceph_object_store.path "default" .Values.conf.elasticsearch.snapshots.bucket -}} +{{- end -}} + +{{- if empty .Values.conf.elasticsearch.config.cloud.aws.s3.endpoint -}} +{{- $radosgw_host := tuple "ceph_object_store" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" -}} +{{- $bucket_path := tuple "ceph_object_store" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" -}} +{{- $s3_endpoint := printf "%s/%s" $radosgw_host $bucket_path -}} +{{- set .Values.conf.elasticsearch.config.cloud.aws.s3 "endpoint" $s3_endpoint -}} {{- end -}} --- apiVersion: v1 diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index d455ceb3f8..b13a62f349 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -99,21 +99,6 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} -{{ if .Values.storage.filesystem_repository.enabled }} - - name: elasticsearch-repository-perms -{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: 0 - command: - - chown - - -R - - "elasticsearch:" - - {{ .Values.conf.elasticsearch.repository.location }} - volumeMounts: - - name: storage - mountPath: {{ .Values.conf.elasticsearch.repository.location }} -{{ end }} containers: - name: apache-proxy {{ tuple $envAll "apache_proxy" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -200,6 +185,8 @@ spec: value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - name: ES_JAVA_OPTS value: "{{ .Values.conf.elasticsearch.env.java_opts }}" + - name: ES_PLUGINS_INSTALL + value: "elasticsearch-s3" volumeMounts: - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} @@ -219,10 +206,6 @@ spec: readOnly: true - name: storage mountPath: {{ .Values.conf.elasticsearch.config.path.data }} - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - mountPath: {{ .Values.conf.elasticsearch.repository.location }} - {{ end }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} volumes: - name: pod-etc-apache @@ -241,10 +224,5 @@ spec: defaultMode: 0444 - name: storage emptyDir: {} - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - persistentVolumeClaim: - claimName: {{ .Values.storage.filesystem_repository.pvc.name }} - {{ end }} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 7cd0dd10c0..c4eaf1af0f 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -97,21 +97,6 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} -{{ if .Values.storage.filesystem_repository.enabled }} - - name: elasticsearch-repository-perms -{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.master | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: 0 - command: - - chown - - -R - - "elasticsearch:" - - {{ .Values.conf.elasticsearch.repository.location }} - volumeMounts: - - name: storage - mountPath: {{ .Values.conf.elasticsearch.repository.location }} -{{ end }} containers: - name: elasticsearch-master securityContext: @@ -158,6 +143,8 @@ spec: value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - name: ES_JAVA_OPTS value: "{{ .Values.conf.elasticsearch.env.java_opts }}" + - name: ES_PLUGINS_INSTALL + value: "elasticsearch-s3" volumeMounts: - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} @@ -177,10 +164,6 @@ spec: readOnly: true - name: storage mountPath: {{ .Values.conf.elasticsearch.config.path.data }} - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - mountPath: {{ .Values.conf.elasticsearch.repository.location }} - {{ end }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} volumes: - name: elasticsearch-logs @@ -197,10 +180,5 @@ spec: defaultMode: 0444 - name: storage emptyDir: {} - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - persistentVolumeClaim: - claimName: {{ .Values.storage.filesystem_repository.pvc.name }} - {{ end }} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 7e8d806838..c30de45e63 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -14,11 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.job_snapshot_repository }} -{{- if .Values.conf.elasticsearch.repository.enabled }} +{{- if and (.Values.manifests.job_snapshot_repository) (.Values.conf.elasticsearch.snapshots.enabled) }} {{- $envAll := . }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} +{{- $s3UserSecret := .Values.secrets.rgw.elasticsearch }} {{- $serviceAccountName := "elasticsearch-register-snapshot-repository" }} {{ tuple $envAll "snapshot_repository" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -56,14 +56,22 @@ spec: secretKeyRef: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD - - name: ELASTICSEARCH_ENDPOINT + - name: ELASTICSEARCH_HOST value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} - - name: REPO_NAME - value: {{ .Values.conf.elasticsearch.repository.name | quote }} - - name: REPO_TYPE - value: {{ .Values.conf.elasticsearch.repository.type | quote }} - - name: REPO_LOCATION - value: {{ .Values.conf.elasticsearch.repository.location | quote }} + - name: S3_BUCKET + value: {{ .Values.conf.elasticsearch.snapshots.bucket | quote }} + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ $s3UserSecret }} + key: S3_ACCESS_KEY + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ $s3UserSecret }} + key: S3_SECRET_KEY + - name: RGW_HOST + value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} command: - /tmp/register-repository.sh volumeMounts: @@ -77,4 +85,3 @@ spec: name: elasticsearch-bin defaultMode: 0555 {{- end }} -{{- end }} diff --git a/elasticsearch/templates/job-s3-bucket.yaml b/elasticsearch/templates/job-s3-bucket.yaml new file mode 100644 index 0000000000..d252ff1746 --- /dev/null +++ b/elasticsearch/templates/job-s3-bucket.yaml @@ -0,0 +1,21 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (.Values.manifests.job_s3_bucket) (.Values.conf.elasticsearch.snapshots.enabled) }} +{{- $esBucket := .Values.conf.elasticsearch.snapshots.bucket }} +{{- $s3BucketJob := dict "envAll" . "serviceName" "elasticsearch" "s3Bucket" $esBucket -}} +{{ $s3BucketJob | include "helm-toolkit.manifests.job_s3_bucket" }} +{{- end }} diff --git a/elasticsearch/templates/job-s3-user.yaml b/elasticsearch/templates/job-s3-user.yaml new file mode 100644 index 0000000000..0a3f4d951b --- /dev/null +++ b/elasticsearch/templates/job-s3-user.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (.Values.manifests.job_s3_user) (.Values.conf.elasticsearch.snapshots.enabled) }} +{{- $s3UserJob := dict "envAll" . "serviceName" "elasticsearch" -}} +{{ $s3UserJob | include "helm-toolkit.manifests.job_s3_user" }} +{{- end }} diff --git a/elasticsearch/templates/pvc-snapshots.yaml b/elasticsearch/templates/secret-s3-user.yaml similarity index 57% rename from elasticsearch/templates/pvc-snapshots.yaml rename to elasticsearch/templates/secret-s3-user.yaml index 4dd5028cc5..9be8e9c730 100644 --- a/elasticsearch/templates/pvc-snapshots.yaml +++ b/elasticsearch/templates/secret-s3-user.yaml @@ -14,20 +14,15 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.pvc_snapshots }} -{{- if .Values.storage.filesystem_repository.enabled }} +{{- if .Values.manifests.secret_s3 }} {{- $envAll := . }} +{{- $secretName := index $envAll.Values.secrets.rgw.elasticsearch }} --- -kind: PersistentVolumeClaim apiVersion: v1 +kind: Secret metadata: - name: {{ .Values.storage.filesystem_repository.pvc.name }} -spec: - accessModes: - - {{ .Values.storage.filesystem_repository.pvc.access_mode }} - resources: - requests: - storage: {{ .Values.storage.filesystem_repository.requests.storage }} - storageClassName: {{ .Values.storage.filesystem_repository.storage_class }} -{{- end }} + name: {{ $secretName }} +type: Opaque +data: +{{- tuple "elasticsearch" $envAll | include "helm-toolkit.snippets.rgw_s3_secret_creds" | indent 2 -}} {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 4c3c2a31c6..73862ca085 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -94,21 +94,6 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} -{{ if .Values.storage.filesystem_repository.enabled }} - - name: elasticsearch-repository-perms -{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: 0 - command: - - chown - - -R - - "elasticsearch:" - - {{ .Values.conf.elasticsearch.repository.location }} - volumeMounts: - - name: storage - mountPath: {{ .Values.conf.elasticsearch.repository.location }} -{{ end }} containers: - name: elasticsearch-data {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -155,6 +140,8 @@ spec: value: "{{ .Values.conf.elasticsearch.env.java_opts }}" - name: DISCOVERY_SERVICE value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: ES_PLUGINS_INSTALL + value: "elasticsearch-s3" volumeMounts: - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} @@ -172,10 +159,6 @@ spec: mountPath: /usr/share/elasticsearch/config/log4j2.properties subPath: log4j2.properties readOnly: true - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - mountPath: {{ .Values.conf.elasticsearch.repository.location }} - {{ end }} - name: storage mountPath: {{ .Values.conf.elasticsearch.config.path.data }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} @@ -192,13 +175,8 @@ spec: secret: secretName: elasticsearch-etc defaultMode: 0444 - {{ if .Values.storage.filesystem_repository.enabled }} - - name: snapshots - persistentVolumeClaim: - claimName: {{ .Values.storage.filesystem_repository.pvc.name }} - {{ end }} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} -{{- if not .Values.storage.elasticsearch.enabled }} +{{- if not .Values.storage.enabled }} - name: storage emptyDir: {} {{- else }} @@ -206,10 +184,10 @@ spec: - metadata: name: storage spec: - accessModes: {{ .Values.storage.elasticsearch.pvc.access_mode }} + accessModes: {{ .Values.storage.pvc.access_mode }} resources: requests: - storage: {{ .Values.storage.elasticsearch.requests.storage }} - storageClassName: {{ .Values.storage.elasticsearch.storage_class }} + storage: {{ .Values.storage.requests.storage }} + storageClassName: {{ .Values.storage.storage_class }} {{- end }} {{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 78ee47f1dd..49a12ece2a 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -21,7 +21,10 @@ images: apache_proxy: docker.io/httpd:2.4 memory_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 curator: docker.io/bobrik/curator:5.2.0 - elasticsearch: docker.io/elasticsearch:5.6.4 + elasticsearch: docker.io/srwilkers/elasticsearch-s3:v0.1.0 + ceph_key_placement: docker.io/port/ceph-config-helper:v1.10.3 + s3_bucket: docker.io/port/ceph-config-helper:v1.10.3 + s3_user: docker.io/port/ceph-config-helper:v1.10.3 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 @@ -53,13 +56,18 @@ dependencies: service: local_image_registry static: curator: - services: null + services: + - endpoint: internal + service: elasticsearch elasticsearch_client: services: null + jobs: null elasticsearch_data: services: null + jobs: null elasticsearch_master: services: null + jobs: null image_repo_sync: services: - endpoint: internal @@ -72,6 +80,15 @@ dependencies: services: - endpoint: internal service: elasticsearch + jobs: + - elasticsearch-s3-bucket + s3_user: + services: + - endpoint: internal + service: ceph_object_store + s3_bucket: + jobs: + - elasticsearch-s3-user pod: affinity: @@ -163,6 +180,27 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + storage_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + s3_bucket: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + s3_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" tests: requests: memory: "128Mi" @@ -172,8 +210,11 @@ pod: cpu: "2000m" secrets: + rgw: + admin: radosgw-s3-admin-creds + elasticsearch: elasticsearch-s3-user-creds elasticsearch: - user: elasticsearch-admin-creds + user: elasticsearch-user-secrets tls: elasticsearch: elasticsearch: @@ -297,6 +338,8 @@ conf: rootLogger.appenderRef.rolling.ref=rolling init: max_map_count: 262144 + ceph: + admin_keyring: null curator: #run every 6th hour schedule: "0 */6 * * *" @@ -353,7 +396,7 @@ conf: description: >- "Snapshot indices older than one day" options: - repository: default_repo + repository: logstash_snapshots # Leaving this blank results in the default name format name: wait_for_completion: True @@ -375,7 +418,7 @@ conf: description: >- "Delete snapshots older than 30 days" options: - repository: default_repo + repository: logstash_snapshots disable_action: True timeout_override: 600 ignore_empty_list: True @@ -417,6 +460,13 @@ conf: compression: true network: host: 0.0.0.0 + cloud: + aws: + protocol: http + s3: + # NOTE(srwilkers): This gets configured dynamically via endpoint + # lookups + endpoint: null node: master: ${NODE_MASTER} data: ${NODE_DATA} @@ -425,11 +475,15 @@ conf: path: data: /usr/share/elasticsearch/data logs: /usr/share/elasticsearch/logs - repository: + snapshots: enabled: false - name: default_repo - location: /var/lib/openstack-helm/elasticsearch - type: fs + # NOTE(srwilkers): The path for the radosgw s3 endpoint gets populated + # dynamically with this value to ensure the bucket name and s3 compatible + # radosgw endpoint/path match + bucket: elasticsearch_bucket + repositories: + logstash: + name: logstash_snapshots env: java_opts: "-Xms256m -Xmx256m" prometheus_elasticsearch_exporter: @@ -512,6 +566,31 @@ endpoints: port: ldap: default: 389 + ceph_object_store: + name: radosgw + namespace: null + auth: + elasticsearch: + username: elasticsearch + access_key: "elastic_access_key" + secret_key: "elastic_secret_key" + admin: + username: s3_admin + access_key: "admin_access_key" + secret_key: "admin_secret_key" + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 8088 + public: 80 monitoring: prometheus: @@ -533,22 +612,13 @@ network: port: 30920 storage: - elasticsearch: - enabled: true - pvc: - name: pvc-elastic - access_mode: [ "ReadWriteOnce" ] - requests: - storage: 5Gi - storage_class: general - filesystem_repository: - enabled: false - pvc: - name: pvc-snapshots - access_mode: ReadWriteMany - requests: - storage: 5Gi - storage_class: general + enabled: true + pvc: + name: pvc-elastic + access_mode: [ "ReadWriteOnce" ] + requests: + storage: 5Gi + storage_class: general manifests: @@ -559,16 +629,17 @@ manifests: deployment_master: true ingress: true job_image_repo_sync: true - job_snapshot_repository: false + job_snapshot_repository: true + job_s3_user: true + job_s3_bucket: true helm_tests: true - pvc_snapshots: false secret_elasticsearch: true + secret_s3: true monitoring: prometheus: configmap_bin_exporter: true deployment_exporter: true service_exporter: true - pvc_snapshots: true service_data: true service_discovery: true service_ingress: true diff --git a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl index d1e0ea4488..9f4582e85a 100644 --- a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl @@ -19,22 +19,6 @@ limitations under the License. set -ex -function create_admin_user () { - radosgw-admin user create \ - --uid=${S3_ADMIN_USERNAME} \ - --display-name=${S3_ADMIN_USERNAME} - - radosgw-admin caps add \ - --uid=${S3_ADMIN_USERNAME} \ - --caps={{ .Values.conf.ceph.radosgw.s3_admin_caps | quote }} - - radosgw-admin key create \ - --uid=${S3_ADMIN_USERNAME} \ - --key-type=s3 \ - --access-key ${S3_ADMIN_ACCESS_KEY} \ - --secret-key ${S3_ADMIN_SECRET_KEY} -} - function create_s3_user () { radosgw-admin user create \ --uid=${S3_USERNAME} \ @@ -47,9 +31,6 @@ function create_s3_user () { --secret-key ${S3_SECRET_KEY} } -radosgw-admin user stats --uid=${S3_ADMIN_USERNAME} || \ - create_admin_user - radosgw-admin user stats --uid=${S3_USERNAME} || \ create_s3_user {{- end }} diff --git a/playbooks/osh-infra-dev-deploy-ceph.yaml b/playbooks/osh-infra-dev-deploy-ceph.yaml index 44c152d3e8..409ebb7add 100644 --- a/playbooks/osh-infra-dev-deploy-ceph.yaml +++ b/playbooks/osh-infra-dev-deploy-ceph.yaml @@ -108,6 +108,12 @@ ./tools/deployment/developer/ceph/110-nagios.sh args: chdir: "{{ zuul.project.src_dir }}" + - name: Deploy RadosGW for OSH-Infra Namespace + shell: | + set -xe; + ./tools/deployment/developer/ceph/115-radosgw-osh-infra.sh + args: + chdir: "{{ zuul.project.src_dir }}" - name: Deploy Elasticsearch shell: | set -xe; diff --git a/playbooks/osh-infra-multinode-deploy.yaml b/playbooks/osh-infra-multinode-deploy.yaml index 8c45ff8c38..fb570dbef7 100644 --- a/playbooks/osh-infra-multinode-deploy.yaml +++ b/playbooks/osh-infra-multinode-deploy.yaml @@ -98,6 +98,12 @@ ./tools/deployment/multinode/110-nagios.sh args: chdir: "{{ zuul.project.src_dir }}" + - name: Deploy RadosGW for OSH-Infra Namespace + shell: | + set -xe; + ./tools/deployment/multinode/115-radosgw-osh-infra.sh + args: + chdir: "{{ zuul.project.src_dir }}" - name: Deploy Elasticsearch shell: | set -xe; diff --git a/tools/deployment/developer/ceph/115-radosgw-osh-infra.sh b/tools/deployment/developer/ceph/115-radosgw-osh-infra.sh new file mode 100755 index 0000000000..f3af904f3f --- /dev/null +++ b/tools/deployment/developer/ceph/115-radosgw-osh-infra.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make ceph-rgw + +#NOTE: Deploy command +tee /tmp/radosgw-osh-infra.yaml <