From adbe8f75408f0045c2ee9b35ed1f58f53839b582 Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 1 Jan 2017 03:05:49 +0000 Subject: [PATCH 1/9] OpenStack Cinder WIP Cinder WIP --- Makefile | 9 +- cinder/Chart.yaml | 3 + cinder/requirements.yaml | 4 + cinder/templates/_helpers.tpl | 73 +++++++++ .../config/cinder-api-paste.ini.yaml | 7 + cinder/templates/config/cinder-api.conf.yaml | 7 + .../config/cinder-backend-rbd1.conf.yaml | 7 + .../config/cinder-backends.conf.yaml | 7 + .../config/cinder-concurrency.conf.yaml | 7 + cinder/templates/config/cinder-db.conf.yaml | 8 + .../templates/config/cinder-glance.conf.yaml | 7 + .../config/cinder-keystone-admin.env.yaml | 20 +++ .../config/cinder-keystone.conf.yaml | 22 +++ cinder/templates/config/cinder-log.conf.yaml | 7 + .../config/cinder-messaging.conf.yaml | 8 + .../config/contents/_cinder-api-paste.ini.tpl | 75 ++++++++++ .../config/contents/_cinder-api.conf.tpl | 12 ++ .../contents/_cinder-backend-rbd1.conf.tpl | 11 ++ .../config/contents/_cinder-backends.conf.tpl | 2 + .../contents/_cinder-concurrency.conf.tpl | 2 + .../config/contents/_cinder-db.conf.tpl | 3 + .../config/contents/_cinder-glance.conf.tpl | 3 + .../config/contents/_cinder-keystone.conf.tpl | 13 ++ .../config/contents/_cinder-log.conf.tpl | 4 + .../contents/_cinder-messaging.conf.tpl | 5 + cinder/templates/deployments/api/api.sh.yaml | 7 + cinder/templates/deployments/api/api.yaml | 138 ++++++++++++++++++ .../templates/deployments/api/bin/_api.sh.tpl | 19 +++ .../jobs/db/init/bin/_db-init.sh.tpl | 6 + cinder/templates/jobs/db/init/db-init.sh.yaml | 7 + cinder/templates/jobs/db/init/db-init.yaml | 54 +++++++ .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 +++ cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 + cinder/templates/jobs/db/sync/db-sync.yaml | 69 +++++++++ .../endpoints/bin/_ks-endpoints.sh.tpl | 63 ++++++++ .../keystone/endpoints/ks-endpoints.sh.yaml | 7 + .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 +++++++++++++++++ .../keystone/service/bin/_ks-service.sh.tpl | 35 +++++ .../jobs/keystone/service/ks-service.sh.yaml | 7 + .../jobs/keystone/service/ks-service.yaml | 54 +++++++ .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 +++++++ .../jobs/keystone/user/ks-user.sh.yaml | 7 + .../templates/jobs/keystone/user/ks-user.yaml | 82 +++++++++++ cinder/templates/service-api.yaml | 9 ++ cinder/values.yaml | 110 ++++++++++++++ docs/developer/minikube.md | 1 + 46 files changed, 1210 insertions(+), 3 deletions(-) create mode 100644 cinder/Chart.yaml create mode 100644 cinder/requirements.yaml create mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml create mode 100644 cinder/templates/config/cinder-api.conf.yaml create mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml create mode 100644 cinder/templates/config/cinder-backends.conf.yaml create mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml create mode 100644 cinder/templates/config/cinder-db.conf.yaml create mode 100644 cinder/templates/config/cinder-glance.conf.yaml create mode 100644 cinder/templates/config/cinder-keystone-admin.env.yaml create mode 100644 cinder/templates/config/cinder-keystone.conf.yaml create mode 100644 cinder/templates/config/cinder-log.conf.yaml create mode 100644 cinder/templates/config/cinder-messaging.conf.yaml create mode 100644 cinder/templates/config/contents/_cinder-api-paste.ini.tpl create mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl create mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/deployments/api/api.sh.yaml create mode 100644 cinder/templates/deployments/api/api.yaml create mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl create mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl create mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml create mode 100644 cinder/templates/jobs/db/init/db-init.yaml create mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl create mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml create mode 100644 cinder/templates/jobs/db/sync/db-sync.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml create mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml create mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl create mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml create mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml create mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl create mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml create mode 100644 cinder/templates/jobs/keystone/user/ks-user.yaml create mode 100644 cinder/templates/service-api.yaml create mode 100644 cinder/values.yaml diff --git a/Makefile b/Makefile index e3c08d22c4..9915074e28 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,13 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron cinder heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack +CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack + common: build-common @@ -19,6 +20,8 @@ mariadb: build-mariadb keystone: build-keystone +cinder: build-cinder + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml new file mode 100644 index 0000000000..890af01e45 --- /dev/null +++ b/cinder/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for cinder +name: cinder +version: 0.1.0 diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/cinder/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 0000000000..80039684b4 --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml new file mode 100644 index 0000000000..a0d87145f7 --- /dev/null +++ b/cinder/templates/config/cinder-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml new file mode 100644 index 0000000000..ae0df4269b --- /dev/null +++ b/cinder/templates/config/cinder-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-api +data: + cinder-api.conf: |+ +{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml new file mode 100644 index 0000000000..1beb401635 --- /dev/null +++ b/cinder/templates/config/cinder-backend-rbd1.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backend-rbd1 +data: + cinder-backend-rbd1.conf: |+ +{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml new file mode 100644 index 0000000000..b5f839c5e6 --- /dev/null +++ b/cinder/templates/config/cinder-backends.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backends +data: + cinder-backends.conf: |+ +{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml new file mode 100644 index 0000000000..3385d54bc0 --- /dev/null +++ b/cinder/templates/config/cinder-concurrency.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-concurrency +data: + cinder-concurrency.conf: |+ +{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml new file mode 100644 index 0000000000..80a10531fe --- /dev/null +++ b/cinder/templates/config/cinder-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-db +type: Opaque +data: + cinder-db.conf: | +{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml new file mode 100644 index 0000000000..a1c7e91a96 --- /dev/null +++ b/cinder/templates/config/cinder-glance.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-glance +data: + cinder-glance.conf: |+ +{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/config/cinder-keystone-admin.env.yaml new file mode 100644 index 0000000000..885c58076b --- /dev/null +++ b/cinder/templates/config/cinder-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/config/cinder-keystone.conf.yaml new file mode 100644 index 0000000000..992a6d43bd --- /dev/null +++ b/cinder/templates/config/cinder-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-keystone +type: Opaque +data: + cinder-keystone.conf: | +{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.cinder_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.cinder_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.cinder_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.cinder_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.cinder_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml new file mode 100644 index 0000000000..683a58930c --- /dev/null +++ b/cinder/templates/config/cinder-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-log +data: + cinder-log.conf: |+ +{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml new file mode 100644 index 0000000000..0645feed73 --- /dev/null +++ b/cinder/templates/config/cinder-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-messaging +type: Opaque +data: + cinder-messaging.conf: | +{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl new file mode 100644 index 0000000000..a761f53d07 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl @@ -0,0 +1,75 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl new file mode 100644 index 0000000000..b4ac662150 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api.conf.tpl @@ -0,0 +1,12 @@ +[DEFAULT] +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl new file mode 100644 index 0000000000..abd6eeda39 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl @@ -0,0 +1,11 @@ +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl new file mode 100644 index 0000000000..62a1dbcc41 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backends.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl new file mode 100644 index 0000000000..06be34ce23 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl @@ -0,0 +1,2 @@ +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl new file mode 100644 index 0000000000..1b67679065 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl new file mode 100644 index 0000000000..31807c7aa3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-glance.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl new file mode 100644 index 0000000000..1311ed69db --- /dev/null +++ b/cinder/templates/config/contents/_cinder-keystone.conf.tpl @@ -0,0 +1,13 @@ +[DEFAULT] +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl new file mode 100644 index 0000000000..a0ec3d1f2f --- /dev/null +++ b/cinder/templates/config/contents/_cinder-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl new file mode 100644 index 0000000000..819bd099f3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml new file mode 100644 index 0000000000..bda7100b28 --- /dev/null +++ b/cinder/templates/deployments/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml new file mode 100644 index 0000000000..63e40bd604 --- /dev/null +++ b/cinder/templates/deployments/api/api.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: cinder-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-lib-cinder-tmp + mountPath: /var/lib/cinder/tmp + - name: cinder-ini-api-paste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinder-conf-api + mountPath: /etc/cinder/conf/cinder-api.conf + subPath: cinder-api.conf + readOnly: true + - name: cinder-conf-backends + mountPath: /etc/cinder/conf/cinder-backends.conf + subPath: cinder-backends.conf + readOnly: true + - name: cinder-conf-backend-rbd1 + mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf + subPath: cinder-backend-rbd1.conf + readOnly: true + - name: cinder-conf-concurrency + mountPath: /etc/cinder/conf/cinder-concurrency.conf + subPath: cinder-concurrency.conf + readOnly: true + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-glance + mountPath: /etc/cinder/conf/cinder-glance.conf + subPath: cinder-glance.conf + readOnly: true + - name: cinder-conf-keystone + mountPath: /etc/cinder/conf/cinder-keystone.conf + subPath: cinder-keystone.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + - name: cinder-conf-messaging + mountPath: /etc/cinder/conf/cinder-messaging.conf + subPath: cinder-messaging.conf + readOnly: true + volumes: + - name: cinder-api-sh + configMap: + name: cinder-api-sh + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-lib-cinder-tmp + emptyDir: {} + - name: cinder-ini-api-paste + configMap: + name: cinder-ini-api-paste + - name: cinder-conf-api + configMap: + name: cinder-conf-api + - name: cinder-conf-backends + configMap: + name: cinder-conf-backends + - name: cinder-conf-backend-rbd1 + configMap: + name: cinder-conf-backend-rbd1 + - name: cinder-conf-concurrency + configMap: + name: cinder-conf-concurrency + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-glance + configMap: + name: cinder-conf-glance + - name: cinder-conf-keystone + secret: + secretName: cinder-conf-keystone + - name: cinder-conf-log + configMap: + name: cinder-conf-log + - name: cinder-conf-messaging + secret: + secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl new file mode 100644 index 0000000000..91e4f3a933 --- /dev/null +++ b/cinder/templates/deployments/api/bin/_api.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..66e953e971 --- /dev/null +++ b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 0000000000..74875985bf --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/jobs/db/init/db-init.yaml new file mode 100644 index 0000000000..4c27f8c888 --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: cinder-db-init-sh diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..a36edc6c92 --- /dev/null +++ b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 0000000000..f395f01ecc --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 0000000000..ba4d31efb1 --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: cinder-db-sync-sh + - name: pod-etc-cinder + emptyDir: {} + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-log + configMap: + name: cinder-conf-log diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100644 index 0000000000..264d1b1384 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SERVICE_INTERFACE} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100644 index 0000000000..b4841d89d4 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100644 index 0000000000..1c23325d6f --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,130 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-endpoints-v1-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v2-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v3-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 0000000000..4777d08c48 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 0000000000..e4ea00a37f --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 0000000000..3893433885 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-service-v1 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volume" + - name: cinder-ks-service-v2 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev2" + - name: cinder-ks-service-v3 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev3" + volumes: + - name: ks-service-sh + configMap: + name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 0000000000..fdc7358b32 --- /dev/null +++ b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 0000000000..52e6941d0c --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 0000000000..06c4e8637f --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "cinder" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.cinder_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: cinder-ks-user-sh diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml new file mode 100644 index 0000000000..809211c92a --- /dev/null +++ b/cinder/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml new file mode 100644 index 0000000000..0fd2966596 --- /dev/null +++ b/cinder/values.yaml @@ -0,0 +1,110 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: quay.io/stackanetes/stackanetes-cinder-api:newton + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + cinder_user: "cinder" + cinder_user_domain: "default" + cinder_user_role: "admin" + cinder_password: "password" + cinder_project_name: "service" + cinder_project_domain: "default" + cinder_region_name: "RegionOne" + +service: + api: + name: "cinder-api" + port: 8776 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + cinder_database_name: cinder + cinder_password: password + cinder_user: cinder + +backends: + enabled: + - rbd1 + rbd1: + secret: "" + user: "cinder" + pool: "volumes" + +glance: + proto: "http" + host: "glance-api" + port: 9292 + version: 2 + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + + +api: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - cinder-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - cinder-ks-service + service: + - keystone-api + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + service: + - mariadb + - keystone-api diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 4ee88495a8..1058a984ed 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -160,6 +160,7 @@ $ helm install --name=memcached local/memcached --namespace=openstack $ helm install --name=rabbitmq local/rabbitmq --namespace=openstack $ helm install --name=keystone local/keystone --namespace=openstack $ helm install --name=horizon local/horizon --namespace=openstack +$ helm install --name=cinder local/cinder --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack From 4479a0d93fabd34d84bb6412635b34137f97885c Mon Sep 17 00:00:00 2001 From: portdirect Date: Mon, 9 Jan 2017 02:09:40 +0000 Subject: [PATCH 2/9] Cinder Refactor WIP This work is dependant on the Common Chart elements introduced with the Heat PR, and should not be merged prior to https://github.com/att-comdev/openstack-helm/pull/77 --- cinder/templates/_helpers.tpl | 73 --------- cinder/templates/bin/_db-init.sh.tpl | 21 +++ .../config/cinder-api-paste.ini.yaml | 7 - cinder/templates/config/cinder-api.conf.yaml | 7 - .../config/cinder-backend-rbd1.conf.yaml | 7 - .../config/cinder-backends.conf.yaml | 7 - .../config/cinder-concurrency.conf.yaml | 7 - cinder/templates/config/cinder-db.conf.yaml | 8 - .../templates/config/cinder-glance.conf.yaml | 7 - cinder/templates/config/cinder-log.conf.yaml | 7 - .../config/cinder-messaging.conf.yaml | 8 - .../config/contents/_cinder-api.conf.tpl | 12 -- .../contents/_cinder-backend-rbd1.conf.tpl | 11 -- .../config/contents/_cinder-backends.conf.tpl | 2 - .../contents/_cinder-concurrency.conf.tpl | 2 - .../config/contents/_cinder-db.conf.tpl | 3 - .../config/contents/_cinder-glance.conf.tpl | 3 - .../config/contents/_cinder-keystone.conf.tpl | 13 -- .../config/contents/_cinder-log.conf.tpl | 4 - .../contents/_cinder-messaging.conf.tpl | 5 - cinder/templates/configmap-bin.yaml | 13 ++ cinder/templates/configmap-etc.yaml | 9 ++ cinder/templates/deployment-api.yaml | 76 ++++++++++ cinder/templates/deployments/api/api.sh.yaml | 7 - cinder/templates/deployments/api/api.yaml | 138 ------------------ .../templates/deployments/api/bin/_api.sh.tpl | 19 --- .../_cinder-api-paste.ini.tpl | 0 cinder/templates/etc/_cinder.conf.tpl | 57 ++++++++ .../db/init/db-init.yaml => job-db-init.yaml} | 12 +- .../db/sync/db-sync.yaml => job-db-sync.yaml} | 32 ++-- cinder/templates/job-ks-endpoints.yaml.yaml | 65 +++++++++ cinder/templates/job-ks-service.yaml | 59 ++++++++ .../user/ks-user.yaml => job-ks-user.yaml} | 44 ++---- .../jobs/db/init/bin/_db-init.sh.tpl | 6 - cinder/templates/jobs/db/init/db-init.sh.yaml | 7 - .../jobs/db/sync/bin/_db-sync.sh.tpl | 19 --- cinder/templates/jobs/db/sync/db-sync.sh.yaml | 7 - .../endpoints/bin/_ks-endpoints.sh.tpl | 63 -------- .../keystone/endpoints/ks-endpoints.sh.yaml | 7 - .../jobs/keystone/endpoints/ks-endpoints.yaml | 130 ----------------- .../keystone/service/bin/_ks-service.sh.tpl | 35 ----- .../jobs/keystone/service/ks-service.sh.yaml | 7 - .../jobs/keystone/service/ks-service.yaml | 54 ------- .../jobs/keystone/user/bin/_ks-user.sh.tpl | 56 ------- .../jobs/keystone/user/ks-user.sh.yaml | 7 - ...nv.yaml => secret-keystone-admin.env.yaml} | 0 ...onf.yaml => secret-keystone-user.env.yaml} | 4 +- cinder/values.yaml | 37 +++++ 48 files changed, 366 insertions(+), 818 deletions(-) delete mode 100644 cinder/templates/_helpers.tpl create mode 100644 cinder/templates/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/config/cinder-api-paste.ini.yaml delete mode 100644 cinder/templates/config/cinder-api.conf.yaml delete mode 100644 cinder/templates/config/cinder-backend-rbd1.conf.yaml delete mode 100644 cinder/templates/config/cinder-backends.conf.yaml delete mode 100644 cinder/templates/config/cinder-concurrency.conf.yaml delete mode 100644 cinder/templates/config/cinder-db.conf.yaml delete mode 100644 cinder/templates/config/cinder-glance.conf.yaml delete mode 100644 cinder/templates/config/cinder-log.conf.yaml delete mode 100644 cinder/templates/config/cinder-messaging.conf.yaml delete mode 100644 cinder/templates/config/contents/_cinder-api.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-backends.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-concurrency.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-db.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-glance.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-keystone.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-log.conf.tpl delete mode 100644 cinder/templates/config/contents/_cinder-messaging.conf.tpl create mode 100644 cinder/templates/configmap-bin.yaml create mode 100644 cinder/templates/configmap-etc.yaml create mode 100644 cinder/templates/deployment-api.yaml delete mode 100644 cinder/templates/deployments/api/api.sh.yaml delete mode 100644 cinder/templates/deployments/api/api.yaml delete mode 100644 cinder/templates/deployments/api/bin/_api.sh.tpl rename cinder/templates/{config/contents => etc}/_cinder-api-paste.ini.tpl (100%) create mode 100644 cinder/templates/etc/_cinder.conf.tpl rename cinder/templates/{jobs/db/init/db-init.yaml => job-db-init.yaml} (88%) rename cinder/templates/{jobs/db/sync/db-sync.yaml => job-db-sync.yaml} (66%) create mode 100644 cinder/templates/job-ks-endpoints.yaml.yaml create mode 100644 cinder/templates/job-ks-service.yaml rename cinder/templates/{jobs/keystone/user/ks-user.yaml => job-ks-user.yaml} (51%) delete mode 100644 cinder/templates/jobs/db/init/bin/_db-init.sh.tpl delete mode 100644 cinder/templates/jobs/db/init/db-init.sh.yaml delete mode 100644 cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl delete mode 100644 cinder/templates/jobs/db/sync/db-sync.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml delete mode 100644 cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.sh.yaml delete mode 100644 cinder/templates/jobs/keystone/service/ks-service.yaml delete mode 100644 cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl delete mode 100644 cinder/templates/jobs/keystone/user/ks-user.sh.yaml rename cinder/templates/{config/cinder-keystone-admin.env.yaml => secret-keystone-admin.env.yaml} (100%) rename cinder/templates/{config/cinder-keystone.conf.yaml => secret-keystone-user.env.yaml} (80%) diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl deleted file mode 100644 index 80039684b4..0000000000 --- a/cinder/templates/_helpers.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "joinListWithColon" -}} -{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} -{{- end -}} - -{{- define "env_admin_openrc" }} -- name: OS_IDENTITY_API_VERSION - value: "3" -- name: OS_AUTH_URL - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_AUTH_URL -- name: OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_REGION_NAME -- name: OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_DOMAIN_NAME -- name: OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PROJECT_NAME -- name: OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USER_DOMAIN_NAME -- name: OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_USERNAME -- name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-env-keystone-admin - key: OS_PASSWORD -{{- end }} - -{{- define "container_ks_service" }} -image: {{ .Values.images.ks_service }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-service.sh -volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} - -{{- define "container_ks_endpoint" }} -image: {{ .Values.images.ks_endpoints }} -imagePullPolicy: {{ .Values.images.pull_policy }} -command: - - bash - - /tmp/ks-endpoints.sh -volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -env: -{{ include "env_admin_openrc" . | indent 2 }} -{{- end }} diff --git a/cinder/templates/bin/_db-init.sh.tpl b/cinder/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..93bd518bb1 --- /dev/null +++ b/cinder/templates/bin/_db-init.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv \ + -m mysql_db -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_database_name }}'" + +ansible localhost -vvv \ + -m mysql_user -a "login_host='{{ .Values.database.address }}' \ + login_port='{{ .Values.database.port }}' \ + login_user='{{ .Values.database.root_user }}' \ + login_password='{{ .Values.database.root_password }}' \ + name='{{ .Values.database.cinder_user }}' \ + password='{{ .Values.database.cinder_password }}' \ + host='%' \ + priv='{{ .Values.database.cinder_database_name }}.*:ALL' \ + append_privs='yes'" diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml deleted file mode 100644 index a0d87145f7..0000000000 --- a/cinder/templates/config/cinder-api-paste.ini.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ini-api-paste -data: - api-paste.ini: |+ -{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml deleted file mode 100644 index ae0df4269b..0000000000 --- a/cinder/templates/config/cinder-api.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-api -data: - cinder-api.conf: |+ -{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml deleted file mode 100644 index 1beb401635..0000000000 --- a/cinder/templates/config/cinder-backend-rbd1.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backend-rbd1 -data: - cinder-backend-rbd1.conf: |+ -{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml deleted file mode 100644 index b5f839c5e6..0000000000 --- a/cinder/templates/config/cinder-backends.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-backends -data: - cinder-backends.conf: |+ -{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml deleted file mode 100644 index 3385d54bc0..0000000000 --- a/cinder/templates/config/cinder-concurrency.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-concurrency -data: - cinder-concurrency.conf: |+ -{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml deleted file mode 100644 index 80a10531fe..0000000000 --- a/cinder/templates/config/cinder-db.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-db -type: Opaque -data: - cinder-db.conf: | -{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml deleted file mode 100644 index a1c7e91a96..0000000000 --- a/cinder/templates/config/cinder-glance.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-glance -data: - cinder-glance.conf: |+ -{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml deleted file mode 100644 index 683a58930c..0000000000 --- a/cinder/templates/config/cinder-log.conf.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-conf-log -data: - cinder-log.conf: |+ -{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml deleted file mode 100644 index 0645feed73..0000000000 --- a/cinder/templates/config/cinder-messaging.conf.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cinder-conf-messaging -type: Opaque -data: - cinder-messaging.conf: | -{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl deleted file mode 100644 index b4ac662150..0000000000 --- a/cinder/templates/config/contents/_cinder-api.conf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -[DEFAULT] -enable_v1_api = false -volume_name_template = %s - -osapi_volume_workers = {{ .Values.api.workers }} -osapi_volume_listen = 0.0.0.0 -osapi_volume_listen_port = {{ .Values.service.api.port }} - -api_paste_config = /etc/cinder/api-paste.ini - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl deleted file mode 100644 index abd6eeda39..0000000000 --- a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -[rbd1] -volume_driver = cinder.volume.drivers.rbd.RBDDriver -rbd_pool = {{ .Values.backends.rbd1.pool }} -rbd_ceph_conf = /etc/ceph/ceph.conf -rbd_flatten_volume_from_snapshot = false -rbd_max_clone_depth = 5 -rbd_store_chunk_size = 4 -rados_connect_timeout = -1 -rbd_user = {{ .Values.backends.rbd1.user }} -rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} -report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl deleted file mode 100644 index 62a1dbcc41..0000000000 --- a/cinder/templates/config/contents/_cinder-backends.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl deleted file mode 100644 index 06be34ce23..0000000000 --- a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl deleted file mode 100644 index 1b67679065..0000000000 --- a/cinder/templates/config/contents/_cinder-db.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[database] -connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} -max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl deleted file mode 100644 index 31807c7aa3..0000000000 --- a/cinder/templates/config/contents/_cinder-glance.conf.tpl +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" -glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl deleted file mode 100644 index 1311ed69db..0000000000 --- a/cinder/templates/config/contents/_cinder-keystone.conf.tpl +++ /dev/null @@ -1,13 +0,0 @@ -[DEFAULT] -auth_strategy = keystone -os_region_name = {{ .Values.keystone.cinder_region_name }} - -[keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} -auth_type = password -project_domain_name = {{ .Values.keystone.cinder_project_domain }} -user_domain_name = {{ .Values.keystone.cinder_user_domain }} -project_name = {{ .Values.keystone.cinder_project_name }} -username = {{ .Values.keystone.cinder_user }} -password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl deleted file mode 100644 index a0ec3d1f2f..0000000000 --- a/cinder/templates/config/contents/_cinder-log.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -debug = {{ .Values.misc.debug }} -use_syslog = False -use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl deleted file mode 100644 index 819bd099f3..0000000000 --- a/cinder/templates/config/contents/_cinder-messaging.conf.tpl +++ /dev/null @@ -1,5 +0,0 @@ -[oslo_messaging_rabbit] -rabbit_userid = {{ .Values.messaging.user }} -rabbit_password = {{ .Values.messaging.password }} -rabbit_ha_queues = true -rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml new file mode 100644 index 0000000000..b549121df9 --- /dev/null +++ b/cinder/templates/configmap-bin.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} + ks-service.sh: |+ +{{- include "common_keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "common_keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "common_keystone_user" . | indent 4 }} diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml new file mode 100644 index 0000000000..d3c2bab33d --- /dev/null +++ b/cinder/templates/configmap-etc.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-etc +data: + cinder.conf: |+ +{{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} + api-paste.ini: |+ +{{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml new file mode 100644 index 0000000000..4cd72f3acb --- /dev/null +++ b/cinder/templates/deployment-api.yaml @@ -0,0 +1,76 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-api + - --config-dir + - /etc/cinder/conf + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml deleted file mode 100644 index bda7100b28..0000000000 --- a/cinder/templates/deployments/api/api.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-api-sh -data: - start.sh: |+ -{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml deleted file mode 100644 index 63e40bd604..0000000000 --- a/cinder/templates/deployments/api/api.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: cinder-api -spec: - replicas: {{ .Values.replicas }} - template: - metadata: - labels: - app: cinder-api - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - containers: - - name: cinder-api - image: {{ .Values.images.api }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - bash - - /tmp/start.sh - ports: - - containerPort: {{ .Values.service.api.port }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.api.port }} - volumeMounts: - - name: cinder-api-sh - mountPath: /tmp/start.sh - subPath: start.sh - readOnly: true - - name: pod-etc-cinder - mountPath: /etc/cinder - - name: pod-var-lib-cinder-tmp - mountPath: /var/lib/cinder/tmp - - name: cinder-ini-api-paste - mountPath: /etc/cinder/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: cinder-conf-api - mountPath: /etc/cinder/conf/cinder-api.conf - subPath: cinder-api.conf - readOnly: true - - name: cinder-conf-backends - mountPath: /etc/cinder/conf/cinder-backends.conf - subPath: cinder-backends.conf - readOnly: true - - name: cinder-conf-backend-rbd1 - mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf - subPath: cinder-backend-rbd1.conf - readOnly: true - - name: cinder-conf-concurrency - mountPath: /etc/cinder/conf/cinder-concurrency.conf - subPath: cinder-concurrency.conf - readOnly: true - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-glance - mountPath: /etc/cinder/conf/cinder-glance.conf - subPath: cinder-glance.conf - readOnly: true - - name: cinder-conf-keystone - mountPath: /etc/cinder/conf/cinder-keystone.conf - subPath: cinder-keystone.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf - readOnly: true - - name: cinder-conf-messaging - mountPath: /etc/cinder/conf/cinder-messaging.conf - subPath: cinder-messaging.conf - readOnly: true - volumes: - - name: cinder-api-sh - configMap: - name: cinder-api-sh - - name: pod-etc-cinder - emptyDir: {} - - name: pod-var-lib-cinder-tmp - emptyDir: {} - - name: cinder-ini-api-paste - configMap: - name: cinder-ini-api-paste - - name: cinder-conf-api - configMap: - name: cinder-conf-api - - name: cinder-conf-backends - configMap: - name: cinder-conf-backends - - name: cinder-conf-backend-rbd1 - configMap: - name: cinder-conf-backend-rbd1 - - name: cinder-conf-concurrency - configMap: - name: cinder-conf-concurrency - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-glance - configMap: - name: cinder-conf-glance - - name: cinder-conf-keystone - secret: - secretName: cinder-conf-keystone - - name: cinder-conf-log - configMap: - name: cinder-conf-log - - name: cinder-conf-messaging - secret: - secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl deleted file mode 100644 index 91e4f3a933..0000000000 --- a/cinder/templates/deployments/api/bin/_api.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/etc/_cinder-api-paste.ini.tpl similarity index 100% rename from cinder/templates/config/contents/_cinder-api-paste.ini.tpl rename to cinder/templates/etc/_cinder-api-paste.ini.tpl diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl new file mode 100644 index 0000000000..1253606039 --- /dev/null +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -0,0 +1,57 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True + +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} + +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} + +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + + +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp + +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} + +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/job-db-init.yaml similarity index 88% rename from cinder/templates/jobs/db/init/db-init.yaml rename to cinder/templates/job-db-init.yaml index 4c27f8c888..6d59153ede 100644 --- a/cinder/templates/jobs/db/init/db-init.yaml +++ b/cinder/templates/job-db-init.yaml @@ -42,13 +42,13 @@ spec: value: /usr/share/ansible/ command: - bash - - /tmp/init.sh + - /tmp/db-init.sh volumeMounts: - - name: db-init-sh - mountPath: /tmp/init.sh - subPath: init.sh + - name: dbinitsh + mountPath: /tmp/db-init.sh + subPath: db-init.sh readOnly: true volumes: - - name: db-init-sh + - name: dbinitsh configMap: - name: cinder-db-init-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/job-db-sync.yaml similarity index 66% rename from cinder/templates/jobs/db/sync/db-sync.yaml rename to cinder/templates/job-db-sync.yaml index ba4d31efb1..6be19e7084 100644 --- a/cinder/templates/jobs/db/sync/db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -38,32 +38,22 @@ spec: image: {{ .Values.images.db_sync }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - - bash - - /tmp/db-sync.sh + - cinder-manage + args: + - --config-dir + - /etc/cinder/conf + - db + - sync volumeMounts: - - name: db-sync-sh - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - name: pod-etc-cinder mountPath: /etc/cinder - - name: cinder-conf-db - mountPath: /etc/cinder/conf/cinder-db.conf - subPath: cinder-db.conf - readOnly: true - - name: cinder-conf-log - mountPath: /etc/cinder/conf/cinder-log.conf - subPath: cinder-log.conf + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf readOnly: true volumes: - - name: db-sync-sh - configMap: - name: cinder-db-sync-sh - name: pod-etc-cinder emptyDir: {} - - name: cinder-conf-db - secret: - secretName: cinder-conf-db - - name: cinder-conf-log + - name: cinderconf configMap: - name: cinder-conf-log + name: cinder-etc diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml new file mode 100644 index 0000000000..e2e082bd64 --- /dev/null +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -0,0 +1,65 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml new file mode 100644 index 0000000000..b22ee7aa3c --- /dev/null +++ b/cinder/templates/job-ks-service.yaml @@ -0,0 +1,59 @@ +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: +{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} + - name: {{ $osServiceName }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName }} + - name: OS_SERVICE_TYPE + value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: cinder-bin diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/job-ks-user.yaml similarity index 51% rename from cinder/templates/jobs/keystone/user/ks-user.yaml rename to cinder/templates/job-ks-user.yaml index 06c4e8637f..b8cdec3dd4 100644 --- a/cinder/templates/jobs/keystone/user/ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -1,3 +1,5 @@ +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }} apiVersion: batch/v1 kind: Job metadata: @@ -18,7 +20,7 @@ spec: }, { "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" }, { "name": "COMMAND", @@ -40,43 +42,19 @@ spec: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh + readOnly: true env: -{{ include "env_admin_openrc" . | indent 12 }} +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "env_ks_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_SERVICE_NAME value: "cinder" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_REGION_NAME - - name: SERVICE_OS_PROJECT_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_DOMAIN_NAME - - name: SERVICE_OS_PROJECT_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PROJECT_NAME - - name: SERVICE_OS_USER_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USER_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: cinder-conf-keystone - key: OS_PASSWORD +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} +{{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.cinder_user_role | quote }} volumes: - name: ks-user-sh configMap: - name: cinder-ks-user-sh + name: cinder-bin diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl deleted file mode 100644 index 66e953e971..0000000000 --- a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -ex -export HOME=/tmp - -ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" -ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml deleted file mode 100644 index 74875985bf..0000000000 --- a/cinder/templates/jobs/db/init/db-init.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-init-sh -data: - init.sh: |+ -{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl deleted file mode 100644 index a36edc6c92..0000000000 --- a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml deleted file mode 100644 index f395f01ecc..0000000000 --- a/cinder/templates/jobs/db/sync/db-sync.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-db-sync-sh -data: - db-sync.sh: |+ -{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl deleted file mode 100644 index 264d1b1384..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Get Service ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# Get Endpoint ID if it exists -OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ - grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ - awk -F ',' '{ print $1 }' ) - -# Making sure only a single endpoint exists for a service within a region -if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then - echo "More than one endpoint found, cleaning up" - for ENDPOINT_ID in $OS_ENDPOINT_ID; do - openstack endpoint delete ${ENDPOINT_ID} - done - unset OS_ENDPOINT_ID -fi - -# Determine if Endpoint needs updated -if [[ ${OS_ENDPOINT_ID} ]]; then - OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) - if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then - echo "Endpoints Match: no action required" - OS_ENDPOINT_UPDATE="False" - else - echo "Endpoints Dont Match: removing existing entries" - openstack endpoint delete ${OS_ENDPOINT_ID} - OS_ENDPOINT_UPDATE="True" - fi -else - OS_ENDPOINT_UPDATE="True" -fi - -# Update Endpoint if required -if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then - OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ - --region="${OS_REGION_NAME}" \ - "${OS_SERVICE_ID}" \ - ${OS_SERVICE_INTERFACE} \ - "${OS_SERVICE_ENDPOINT}" ) -fi - -# Display the Endpoint -openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml deleted file mode 100644 index b4841d89d4..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-endpoints-sh -data: - ks-endpoints.sh: |+ -{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml deleted file mode 100644 index 1c23325d6f..0000000000 --- a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-endpoints -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" - }, - { - "name": "DEPENDENCY_JOBS", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-endpoints-v1-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v1-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volume - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s - - name: cinder-ks-endpoints-v2-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v2-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev2 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s - - name: cinder-ks-endpoints-v3-admin -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: admin - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-internal -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: internal - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - - name: cinder-ks-endpoints-v3-public -{{ include "container_ks_endpoint" . | indent 10 }} - - name: OS_SERVICE_INTERFACE - value: public - - name: OS_SERVICE_NAME - value: cinder - - name: OS_SERVICE_TYPE - value: volumev3 - - name: OS_SERVICE_ENDPOINT - value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s - volumes: - - name: ks-endpoints-sh - configMap: - name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl deleted file mode 100644 index 4777d08c48..0000000000 --- a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Service boilerplate description -OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" - -# Get Service ID if it exists -unset OS_SERVICE_ID -OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ - grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ - sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) - -# If a Service ID was not found, then create the service -if [[ -z ${OS_SERVICE_ID} ]]; then - OS_SERVICE_ID=$(openstack service create -f value -c id \ - --name="${OS_SERVICE_NAME}" \ - --description "${OS_SERVICE_DESC}" \ - --enable \ - "${OS_SERVICE_TYPE}") -fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml deleted file mode 100644 index e4ea00a37f..0000000000 --- a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-service-sh -data: - ks-service.sh: |+ -{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml deleted file mode 100644 index 3893433885..0000000000 --- a/cinder/templates/jobs/keystone/service/ks-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-service -spec: - template: - metadata: - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "init", - "image": {{ .Values.images.dep_check | quote }}, - "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, - "env": [ - { - "name": "NAMESPACE", - "value": "{{ .Release.Namespace }}" - }, - { - "name": "DEPENDENCY_SERVICE", - "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" - }, - { - "name": "COMMAND", - "value": "echo done" - } - ] - } - ]' - spec: - restartPolicy: OnFailure - containers: - - name: cinder-ks-service-v1 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volume" - - name: cinder-ks-service-v2 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev2" - - name: cinder-ks-service-v3 -{{ include "container_ks_service" . | indent 10 }} - - name: OS_SERVICE_NAME - value: "cinder" - - name: OS_SERVICE_TYPE - value: "volumev3" - volumes: - - name: ks-service-sh - configMap: - name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl deleted file mode 100644 index fdc7358b32..0000000000 --- a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Copyright 2017 Pete Birley -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -# Manage user project -USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - "${SERVICE_OS_PROJECT_NAME}"); - -# Display project -openstack project show "${USER_PROJECT_ID}" - -# Manage user -USER_ID=$(openstack user create --or-show --enable -f value -c id \ - --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ - --password="${SERVICE_OS_PASSWORD}" \ - "${SERVICE_OS_USERNAME}"); - -# Display user -openstack user show "${USER_ID}" - -# Manage user role -USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ - "${SERVICE_OS_ROLE}"); - -# Manage user role assignment -openstack role add \ - --user="${USER_ID}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - "${USER_ROLE_ID}" - -# Display user role assignment -openstack role assignment list \ - --role="${SERVICE_OS_ROLE}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml deleted file mode 100644 index 52e6941d0c..0000000000 --- a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cinder-ks-user-sh -data: - ks-user.sh: |+ -{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml similarity index 100% rename from cinder/templates/config/cinder-keystone-admin.env.yaml rename to cinder/templates/secret-keystone-admin.env.yaml diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/secret-keystone-user.env.yaml similarity index 80% rename from cinder/templates/config/cinder-keystone.conf.yaml rename to cinder/templates/secret-keystone-user.env.yaml index 992a6d43bd..e0f5ad63af 100644 --- a/cinder/templates/config/cinder-keystone.conf.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: cinder-conf-keystone + name: cinder-env-keystone-user type: Opaque data: - cinder-keystone.conf: | -{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} OS_AUTH_URL: | {{ .Values.keystone.auth_url | b64enc | indent 4 }} OS_REGION_NAME: | diff --git a/cinder/values.yaml b/cinder/values.yaml index 0fd2966596..e0d7e35522 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -108,3 +108,40 @@ dependencies: service: - mariadb - keystone-api + +endpoints: + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + cinder: + hosts: + default: cinder-api + path: '/v1/%(tenant_id)s' + type: volume + scheme: 'http' + port: + api: 8776 + cinderv2: + name: cinder + hosts: + default: cinder-api + path: '/v2/%(tenant_id)s' + type: volumev2 + scheme: 'http' + port: + api: 8776 + cinderv3: + name: cinder + hosts: + default: cinder-api + path: '/v3/%(tenant_id)s' + type: volumev3 + scheme: 'http' + port: + api: 8776 From 1e94b125bf7fe0bbf006a8cfeb7fadabf10c6670 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:28:42 +0000 Subject: [PATCH 3/9] WIP Update cinder Endpoint and service creation to support multiple versions This commmit addresses issues with the endpoint layout in the values.yaml As a result it does for now not use the common functions for some tasks. --- cinder/templates/_helpers.tpl | 45 +++++++++++++++++++++ cinder/templates/job-ks-endpoints.yaml.yaml | 10 ++--- cinder/templates/job-ks-service.yaml | 8 ++-- cinder/values.yaml | 31 ++++++++++---- 4 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 cinder/templates/_helpers.tpl diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 0000000000..97ab3325eb --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,45 @@ +# This file is required because we use a slightly different endpoint layout in +# the values yaml, until we can make this change for all services. + + +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "endpoint_type_lookup_addr" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "endpoint_type_lookup_addr" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} +{{- end -}} +{{- end -}} + + +#------------------------------- +# endpoint name lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "ks_endpoint_type" } +# will return "heat" + +{{- define "endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml index e2e082bd64..999aed4e8d 100644 --- a/cinder/templates/job-ks-endpoints.yaml.yaml +++ b/cinder/templates/job-ks-endpoints.yaml.yaml @@ -32,9 +32,9 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} image: {{ $envAll.Values.images.ks_endpoints }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -52,11 +52,11 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceName $osServiceEndPoint "api" $envAll | include "endpoint_addr_lookup" }} + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "endpoint_type_lookup_addr" }} {{- end }} {{- end }} volumes: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index b22ee7aa3c..d7035eb834 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -32,8 +32,8 @@ spec: spec: restartPolicy: OnFailure containers: -{{- range $key1, $osServiceName := tuple "cinder" "cinderv2" "cinderv3" }} - - name: {{ $osServiceName }}-ks-service-registration +{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }} + - name: {{ $osServiceType }}-ks-service-registration image: {{ $envAll.Values.images.ks_service }} imagePullPolicy: {{ $envAll.Values.images.pull_policy }} command: @@ -49,9 +49,9 @@ spec: {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ $osServiceName }} + value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} - name: OS_SERVICE_TYPE - value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }} + value: {{ $osServiceType }} {{- end }} volumes: - name: ks-service-sh diff --git a/cinder/values.yaml b/cinder/values.yaml index e0d7e35522..c1956baa26 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -52,6 +52,16 @@ database: cinder_password: password cinder_user: cinder +ceph: + enabled: true + monitors: [] + cinder_user: "admin" + cinder_pool: "volumes" + # a null value for the keyring will + # attempt to use the key from + # common/secrets/ceph-client-key + cinder_keyring: null + backends: enabled: - rbd1 @@ -108,40 +118,45 @@ dependencies: service: - mariadb - keystone-api + volume: + service: + - keystone-api + - cinder-api +# We use a different layout of the endpoints here to account for versioning +# this swaps the service name and type, and should be rolled out to other +# services. endpoints: - keystone: + identity: + name: keystone hosts: default: keystone-api path: /v3 - type: identity scheme: 'http' port: admin: 35357 public: 5000 - cinder: + volume: + name: cinder hosts: default: cinder-api path: '/v1/%(tenant_id)s' - type: volume scheme: 'http' port: api: 8776 - cinderv2: + volumev2: name: cinder hosts: default: cinder-api path: '/v2/%(tenant_id)s' - type: volumev2 scheme: 'http' port: api: 8776 - cinderv3: + volumev3: name: cinder hosts: default: cinder-api path: '/v3/%(tenant_id)s' - type: volumev3 scheme: 'http' port: api: 8776 From f34441a373651b5db424a125eeeab775d8d9a4b7 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:52:29 +0000 Subject: [PATCH 4/9] Cinder Ceph RBD backend This commit adds support for a Ceph RBD backend --- cinder/templates/configmap-etc.yaml | 4 + cinder/templates/deployment-volume.yaml | 74 +++++++++++++++++++ cinder/templates/etc/_ceph-cinder.keyring.tpl | 6 ++ cinder/templates/etc/_ceph.conf.tpl | 16 ++++ cinder/values.yaml | 1 + 5 files changed, 101 insertions(+) create mode 100644 cinder/templates/deployment-volume.yaml create mode 100644 cinder/templates/etc/_ceph-cinder.keyring.tpl create mode 100644 cinder/templates/etc/_ceph.conf.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index d3c2bab33d..9563ed8707 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,3 +7,7 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + ceph.conf: |+ +{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} + ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ +{{ tuple "etc/_ceph-cinder.keyring.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml new file mode 100644 index 0000000000..24d5763679 --- /dev/null +++ b/cinder/templates/deployment-volume.yaml @@ -0,0 +1,74 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-volume +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-volume + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-volume + image: {{ .Values.images.volume }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-volume + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cephconf + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: cephclientcinderkeyring + mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring + subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cephconf + configMap: + name: cinder-etc + - name: cephclientcinderkeyring + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_ceph-cinder.keyring.tpl b/cinder/templates/etc/_ceph-cinder.keyring.tpl new file mode 100644 index 0000000000..fb65f1ff57 --- /dev/null +++ b/cinder/templates/etc/_ceph-cinder.keyring.tpl @@ -0,0 +1,6 @@ +[client.{{ .Values.ceph.cinder_user }}] +{{- if .Values.ceph.cinder_keyring }} + key = {{ .Values.ceph.cinder_keyring }} +{{- else }} + key = {{- include "secrets/ceph-client-key" . -}} +{{- end }} diff --git a/cinder/templates/etc/_ceph.conf.tpl b/cinder/templates/etc/_ceph.conf.tpl new file mode 100644 index 0000000000..7d2576bf65 --- /dev/null +++ b/cinder/templates/etc/_ceph.conf.tpl @@ -0,0 +1,16 @@ +[global] +rgw_thread_pool_size = 1024 +rgw_num_rados_handles = 100 +{{- if .Values.ceph.monitors }} +[mon] +{{ range .Values.ceph.monitors }} + [mon.{{ . }}] + host = {{ . }} + mon_addr = {{ . }} +{{ end }} +{{- else }} +mon_host = ceph-mon.ceph +{{- end }} +[client] + rbd_cache_enabled = true + rbd_cache_writethrough_until_flush = true diff --git a/cinder/values.yaml b/cinder/values.yaml index c1956baa26..a08d392372 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -17,6 +17,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" keystone: From 3f491f5be71343f1657b23ae3ec4b15f011c0997 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 01:59:56 +0000 Subject: [PATCH 5/9] Cinder add policy.json --- cinder/templates/configmap-etc.yaml | 2 + cinder/templates/deployment-api.yaml | 7 ++ cinder/templates/etc/_policy.json.tpl | 138 ++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 cinder/templates/etc/_policy.json.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 9563ed8707..bb3b8f8c04 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -7,6 +7,8 @@ data: {{ tuple "etc/_cinder.conf.tpl" . | include "template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} + policy.json: |+ +{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }} ceph.conf: |+ {{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }} ceph.client.{{ .Values.ceph.cinder_user }}.keyring: |+ diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 4cd72f3acb..037fdf91c2 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -63,6 +63,10 @@ spec: mountPath: /etc/cinder/api-paste.ini subPath: api-paste.ini readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true volumes: - name: pod-etc-cinder emptyDir: {} @@ -74,3 +78,6 @@ spec: - name: cinderpaste configMap: name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_policy.json.tpl b/cinder/templates/etc/_policy.json.tpl new file mode 100644 index 0000000000..8818372051 --- /dev/null +++ b/cinder/templates/etc/_policy.json.tpl @@ -0,0 +1,138 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True", + + "volume:create": "", + "volume:delete": "rule:admin_or_owner", + "volume:get": "rule:admin_or_owner", + "volume:get_all": "rule:admin_or_owner", + "volume:get_volume_metadata": "rule:admin_or_owner", + "volume:create_volume_metadata": "rule:admin_or_owner", + "volume:delete_volume_metadata": "rule:admin_or_owner", + "volume:update_volume_metadata": "rule:admin_or_owner", + "volume:get_volume_admin_metadata": "rule:admin_api", + "volume:update_volume_admin_metadata": "rule:admin_api", + "volume:get_snapshot": "rule:admin_or_owner", + "volume:get_all_snapshots": "rule:admin_or_owner", + "volume:create_snapshot": "rule:admin_or_owner", + "volume:delete_snapshot": "rule:admin_or_owner", + "volume:update_snapshot": "rule:admin_or_owner", + "volume:get_snapshot_metadata": "rule:admin_or_owner", + "volume:delete_snapshot_metadata": "rule:admin_or_owner", + "volume:update_snapshot_metadata": "rule:admin_or_owner", + "volume:extend": "rule:admin_or_owner", + "volume:update_readonly_flag": "rule:admin_or_owner", + "volume:retype": "rule:admin_or_owner", + "volume:update": "rule:admin_or_owner", + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:access_types_qos_specs_id": "rule:admin_api", + "volume_extension:access_types_extra_specs": "rule:admin_api", + "volume_extension:volume_type_access": "rule:admin_or_owner", + "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api", + "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api", + "volume_extension:volume_type_encryption": "rule:admin_api", + "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", + "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner", + "volume_extension:volume_image_metadata": "rule:admin_or_owner", + + "volume_extension:quotas:show": "", + "volume_extension:quotas:update": "rule:admin_api", + "volume_extension:quotas:delete": "rule:admin_api", + "volume_extension:quota_classes": "rule:admin_api", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api", + + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", + "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", + "volume_extension:backup_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", + + "volume_extension:volume_actions:upload_public": "rule:admin_api", + "volume_extension:volume_actions:upload_image": "rule:admin_or_owner", + + "volume_extension:volume_host_attribute": "rule:admin_api", + "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", + "volume_extension:volume_mig_status_attribute": "rule:admin_api", + "volume_extension:hosts": "rule:admin_api", + "volume_extension:services:index": "rule:admin_api", + "volume_extension:services:update" : "rule:admin_api", + + "volume_extension:volume_manage": "rule:admin_api", + "volume_extension:volume_unmanage": "rule:admin_api", + "volume_extension:list_manageable": "rule:admin_api", + + "volume_extension:capabilities": "rule:admin_api", + + "volume:create_transfer": "rule:admin_or_owner", + "volume:accept_transfer": "", + "volume:delete_transfer": "rule:admin_or_owner", + "volume:get_transfer": "rule:admin_or_owner", + "volume:get_all_transfers": "rule:admin_or_owner", + + "volume_extension:replication:promote": "rule:admin_api", + "volume_extension:replication:reenable": "rule:admin_api", + + "volume:failover_host": "rule:admin_api", + "volume:freeze_host": "rule:admin_api", + "volume:thaw_host": "rule:admin_api", + + "backup:create" : "", + "backup:delete": "rule:admin_or_owner", + "backup:get": "rule:admin_or_owner", + "backup:get_all": "rule:admin_or_owner", + "backup:restore": "rule:admin_or_owner", + "backup:backup-import": "rule:admin_api", + "backup:backup-export": "rule:admin_api", + "backup:update": "rule:admin_or_owner", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "", + "snapshot_extension:snapshot_manage": "rule:admin_api", + "snapshot_extension:snapshot_unmanage": "rule:admin_api", + "snapshot_extension:list_manageable": "rule:admin_api", + + "consistencygroup:create" : "group:nobody", + "consistencygroup:delete": "group:nobody", + "consistencygroup:update": "group:nobody", + "consistencygroup:get": "group:nobody", + "consistencygroup:get_all": "group:nobody", + + "consistencygroup:create_cgsnapshot" : "group:nobody", + "consistencygroup:delete_cgsnapshot": "group:nobody", + "consistencygroup:get_cgsnapshot": "group:nobody", + "consistencygroup:get_all_cgsnapshots": "group:nobody", + + "group:group_types_manage": "rule:admin_api", + "group:group_types_specs": "rule:admin_api", + "group:access_group_types_specs": "rule:admin_api", + "group:group_type_access": "rule:admin_or_owner", + + "group:create" : "", + "group:delete": "rule:admin_or_owner", + "group:update": "rule:admin_or_owner", + "group:get": "rule:admin_or_owner", + "group:get_all": "rule:admin_or_owner", + + "group:create_group_snapshot": "", + "group:delete_group_snapshot": "rule:admin_or_owner", + "group:update_group_snapshot": "rule:admin_or_owner", + "group:get_group_snapshot": "rule:admin_or_owner", + "group:get_all_group_snapshots": "rule:admin_or_owner", + + "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api", + "message:delete": "rule:admin_or_owner", + "message:get": "rule:admin_or_owner", + "message:get_all": "rule:admin_or_owner", + + "clusters:get": "rule:admin_api", + "clusters:get_all": "rule:admin_api", + "clusters:update": "rule:admin_api" +} From 3163f1e64cb5edb15692f5876e8d37f1848edb0d Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:06:56 +0000 Subject: [PATCH 6/9] Add configmap hashing and rolling update to cinder This brings Cinder in line with the following PRs: * https://github.com/att-comdev/openstack-helm/pull/98 * https://github.com/att-comdev/openstack-helm/pull/97 --- cinder/templates/deployment-api.yaml | 12 +++++++++++- cinder/templates/deployment-volume.yaml | 12 +++++++++++- cinder/values.yaml | 11 ++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 037fdf91c2..6abc136d1a 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-api spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.api }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-api annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 24d5763679..81922f5a5c 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -3,12 +3,22 @@ kind: Deployment metadata: name: cinder-volume spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.replicas.volume }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} template: metadata: labels: app: cinder-volume annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} pod.beta.kubernetes.io/init-containers: '[ { "name": "init", diff --git a/cinder/values.yaml b/cinder/values.yaml index a08d392372..2da493a3db 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -3,7 +3,9 @@ # Declare name/value pairs to be passed into your templates. # name: value -replicas: 1 +replicas: + api: 1 + volume: 1 labels: node_selector_key: openstack-control-plane @@ -20,6 +22,13 @@ images: volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" +upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + keystone: auth_uri: "http://keystone-api:5000" auth_url: "http://keystone-api:35357" From a5688da7f5e51da62a19679e266498c4fcf78195 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 02:17:18 +0000 Subject: [PATCH 7/9] Fix Cinder conf Keystone Endpoint --- cinder/templates/etc/_cinder.conf.tpl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 1253606039..2934c28e49 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,8 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_url = {{ include "endpoint_keystone_internal" . }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 192bcd69cc372095b4f988536f618ff21dde0695 Mon Sep 17 00:00:00 2001 From: portdirect Date: Tue, 10 Jan 2017 03:02:59 +0000 Subject: [PATCH 8/9] Cinder revert cinder.conf keystone endpoints Untill the endpoint values.yaml is brought into line with other services, we need to use the old method of setting the keystone URL in cinder.conf. --- cinder/templates/etc/_cinder.conf.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 2934c28e49..9ffe740629 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,7 +26,7 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_url = {{ include "endpoint_keystone_internal" . }} +auth_url = {{ .Values.keystone.auth_url }} auth_type = password project_domain_name = {{ .Values.keystone.cinder_project_domain }} user_domain_name = {{ .Values.keystone.cinder_user_domain }} From 831f63d486ccb08f92a71434b3541a622f1788b4 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 10 Jan 2017 19:03:57 +0000 Subject: [PATCH 9/9] Update Cinder PR to enable Ceph Backend --- cinder/templates/deployment-scheduler.yaml | 88 ++++++++++++++++++++++ cinder/templates/etc/_cinder.conf.tpl | 8 ++ cinder/values.yaml | 11 ++- 3 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 cinder/templates/deployment-scheduler.yaml diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml new file mode 100644 index 0000000000..fabcf3361a --- /dev/null +++ b/cinder/templates/deployment-scheduler.yaml @@ -0,0 +1,88 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-scheduler +spec: + replicas: {{ .Values.replicas.scheduler }} + revisionHistoryLimit: {{ .Values.upgrades.revision_history }} + strategy: + type: {{ .Values.upgrades.pod_replacement_strategy }} + {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }} + maxSurge: {{ .Values.upgrades.rolling_update.max_surge }} + {{ end }} + template: + metadata: + labels: + app: cinder-scheduler + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-scheduler + image: {{ .Values.images.scheduler }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - cinder-scheduler + - --config-dir + - /etc/cinder/conf + volumeMounts: + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-cache-cinder + mountPath: /var/cache/cinder + - name: cinderconf + mountPath: /etc/cinder/conf/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinderpaste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinderpolicy + mountPath: /etc/cinder/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-cache-cinder + emptyDir: {} + - name: cinderconf + configMap: + name: cinder-etc + - name: cinderpaste + configMap: + name: cinder-etc + - name: cinderpolicy + configMap: + name: cinder-etc diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index 9ffe740629..a576fe1fa0 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -20,6 +20,10 @@ enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} auth_strategy = keystone os_region_name = {{ .Values.keystone.cinder_region_name }} +# ensures that our volume worker service-list doesn't +# explode with dead agents from terminated containers +# by pinning the agent identifier +host=cinder-volume-worker [database] connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} @@ -51,6 +55,10 @@ rbd_flatten_volume_from_snapshot = false rbd_max_clone_depth = 5 rbd_store_chunk_size = 4 rados_connect_timeout = -1 +{{- if .Values.backends.rbd1.secret }} rbd_user = {{ .Values.backends.rbd1.user }} +{{- else }} +rbd_secret_uuid = {{- include "secrets/ceph-client-key" . -}} +{{- end }} rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} report_discard_supported = True diff --git a/cinder/values.yaml b/cinder/values.yaml index 2da493a3db..5ea0cb62a9 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -6,6 +6,7 @@ replicas: api: 1 volume: 1 + scheduler: 1 labels: node_selector_key: openstack-control-plane @@ -19,6 +20,7 @@ images: ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton + scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton pull_policy: "IfNotPresent" @@ -66,7 +68,6 @@ ceph: enabled: true monitors: [] cinder_user: "admin" - cinder_pool: "volumes" # a null value for the keyring will # attempt to use the key from # common/secrets/ceph-client-key @@ -76,8 +77,8 @@ backends: enabled: - rbd1 rbd1: - secret: "" - user: "cinder" + secret: null + user: "admin" pool: "volumes" glance: @@ -132,6 +133,10 @@ dependencies: service: - keystone-api - cinder-api + scheduler: + service: + - keystone-api + - cinder-api # We use a different layout of the endpoints here to account for versioning # this swaps the service name and type, and should be rolled out to other