Emulate external DNS for ingress
Ingress requires external DNS or host header forging. For a better gate test, run a external DNS resolver for Ingress entries. Change-Id: I6558230b7fa9f3145c472eb437177d90b7b52835
This commit is contained in:
parent
179a7cb64c
commit
b987b2b52f
|
@ -239,7 +239,7 @@ data:
|
||||||
type: git
|
type: git
|
||||||
location: https://git.openstack.org/openstack/openstack-helm-infra
|
location: https://git.openstack.org/openstack/openstack-helm-infra
|
||||||
subpath: helm-toolkit
|
subpath: helm-toolkit
|
||||||
reference: b6fc24b9960bc6de29aa70c7d5b7725319046160
|
reference: 9f6194ff770d3776ae3572bcbe841a9289357244
|
||||||
mariadb:
|
mariadb:
|
||||||
type: git
|
type: git
|
||||||
location: https://git.openstack.org/openstack/openstack-helm
|
location: https://git.openstack.org/openstack/openstack-helm
|
||||||
|
@ -507,7 +507,9 @@ data:
|
||||||
maas_region: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
maas_region: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
||||||
bootstrap: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
bootstrap: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
||||||
export_api_key: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
export_api_key: quay.io/airshipit/maas-region-controller:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
||||||
maas_cache: quay.io/attcomdev/sstream-cache@sha256:sha256:90d0dc73785534ef6a3035265275e197a66727beeb9c979f60d3bbf31a6a8864
|
maas_cache: quay.io/airshipit/sstream-cache:dfb92ce07f87648f3423be11e51425923bc9f8b1
|
||||||
|
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
|
||||||
|
error_pages: gcr.io/google_containers/defaultbackend:1.0
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
||||||
keystone:
|
keystone:
|
||||||
keystone_bootstrap: docker.io/openstackhelm/heat:ocata
|
keystone_bootstrap: docker.io/openstackhelm/heat:ocata
|
||||||
|
|
|
@ -24,4 +24,12 @@ data:
|
||||||
values:
|
values:
|
||||||
manifests:
|
manifests:
|
||||||
secret_ssh_key: true
|
secret_ssh_key: true
|
||||||
|
conf:
|
||||||
|
cache:
|
||||||
|
enabled: true
|
||||||
|
dns:
|
||||||
|
dns_servers: 172.24.1.9
|
||||||
|
network:
|
||||||
|
maas_ingress:
|
||||||
|
addr: 172.24.1.5/32
|
||||||
...
|
...
|
||||||
|
|
|
@ -13,8 +13,17 @@ metadata:
|
||||||
- method: merge
|
- method: merge
|
||||||
path: .
|
path: .
|
||||||
storagePolicy: cleartext
|
storagePolicy: cleartext
|
||||||
data: {}
|
|
||||||
# This document is merged with the globals, and is where you can override
|
# This document is merged with the globals, and is where you can override
|
||||||
# versions to match a patchset, for example. Anything specified in the global
|
# versions to match a patchset, for example. Anything specified in the global
|
||||||
# versions can be overridden, such as chart or image versions.
|
# versions can be overridden, such as chart or image versions.
|
||||||
|
data:
|
||||||
|
charts:
|
||||||
|
ucp:
|
||||||
|
maas:
|
||||||
|
location: https://git.openstack.org/openstack/airship-maas
|
||||||
|
reference: refs/changes/53/600253/1
|
||||||
|
images:
|
||||||
|
ucp:
|
||||||
|
maas:
|
||||||
|
maas_region: docker.io/sthussey/maas-region-controller:dev
|
||||||
...
|
...
|
||||||
|
|
|
@ -14,6 +14,7 @@ source "$LIB_DIR"/registry.sh
|
||||||
source "$LIB_DIR"/ssh.sh
|
source "$LIB_DIR"/ssh.sh
|
||||||
source "$LIB_DIR"/virsh.sh
|
source "$LIB_DIR"/virsh.sh
|
||||||
source "$LIB_DIR"/airship.sh
|
source "$LIB_DIR"/airship.sh
|
||||||
|
source "$LIB_DIR"/ingress.sh
|
||||||
|
|
||||||
if [[ -v GATE_DEBUG && ${GATE_DEBUG} = "1" ]]; then
|
if [[ -v GATE_DEBUG && ${GATE_DEBUG} = "1" ]]; then
|
||||||
set -x
|
set -x
|
||||||
|
|
|
@ -9,6 +9,7 @@ export BASE_IMAGE_URL=${BASE_IMAGE_URL:-https://cloud-images.ubuntu.com/releases
|
||||||
export IMAGE_PROMENADE_CLI=${IMAGE_PROMENADE_CLI:-quay.io/airshipit/promenade:master}
|
export IMAGE_PROMENADE_CLI=${IMAGE_PROMENADE_CLI:-quay.io/airshipit/promenade:master}
|
||||||
export IMAGE_PEGLEG_CLI=${IMAGE_PEGLEG_CLI:-quay.io/airshipit/pegleg:master}
|
export IMAGE_PEGLEG_CLI=${IMAGE_PEGLEG_CLI:-quay.io/airshipit/pegleg:master}
|
||||||
export IMAGE_SHIPYARD_CLI=${IMAGE_SHIPYARD_CLI:-quay.io/airshipit/shipyard:master}
|
export IMAGE_SHIPYARD_CLI=${IMAGE_SHIPYARD_CLI:-quay.io/airshipit/shipyard:master}
|
||||||
|
export IMAGE_COREDNS=${IMAGE_COREDNS:-docker.io/coredns/coredns:1.2.2}
|
||||||
export PROMENADE_DEBUG=${PROMENADE_DEBUG:-0}
|
export PROMENADE_DEBUG=${PROMENADE_DEBUG:-0}
|
||||||
export SHIPYARD_PASSWORD=${SHIPYARD_OS_PASSWORD:-password18}
|
export SHIPYARD_PASSWORD=${SHIPYARD_OS_PASSWORD:-password18}
|
||||||
export REGISTRY_DATA_DIR=${REGISTRY_DATA_DIR:-/mnt/registry}
|
export REGISTRY_DATA_DIR=${REGISTRY_DATA_DIR:-/mnt/registry}
|
||||||
|
@ -50,6 +51,28 @@ config_vm_bootstrap() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
config_vm_userdata() {
|
||||||
|
nodename=${1}
|
||||||
|
val=$(jq -cr ".vm.${nodename}.userdata" < "${GATE_MANIFEST}")
|
||||||
|
|
||||||
|
if [[ "${val}" != "null" ]]
|
||||||
|
then
|
||||||
|
echo "${val}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
config_ingress_domain() {
|
||||||
|
jq -cr '.ingress.domain' < "${GATE_MANIFEST}"
|
||||||
|
}
|
||||||
|
|
||||||
|
config_ingress_ips() {
|
||||||
|
jq -cr '.ingress | keys | map(select(. != "domain")) | join(" ")' < "${GATE_MANIFEST}"
|
||||||
|
}
|
||||||
|
|
||||||
|
config_ingress_entries() {
|
||||||
|
IP=$1
|
||||||
|
jq -cr ".ingress[\"${IP}\"] | join(\" \")" < "${GATE_MANIFEST}"
|
||||||
|
}
|
||||||
|
|
||||||
config_pegleg_primary_repo() {
|
config_pegleg_primary_repo() {
|
||||||
jq -cr ".configuration.primary_repo" < "${GATE_MANIFEST}"
|
jq -cr ".configuration.primary_repo" < "${GATE_MANIFEST}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
DNS_ZONE_FILE="${TEMP_DIR}/ingress.dns"
|
||||||
|
COREFILE="${TEMP_DIR}/ingress.corefile"
|
||||||
|
|
||||||
|
ingress_dns_config() {
|
||||||
|
ingress_domain=$(config_ingress_domain)
|
||||||
|
|
||||||
|
INGRESS_DOMAIN=${ingress_domain} envsubst '${INGRESS_DOMAIN}' < "${TEMPLATE_DIR}/ingress_header.sub" > "${DNS_ZONE_FILE}"
|
||||||
|
|
||||||
|
read -a ingress_ip_list <<< $(config_ingress_ips)
|
||||||
|
|
||||||
|
for ip in "${ingress_ip_list[@]}"
|
||||||
|
do
|
||||||
|
read -a ip_entries <<< $(config_ingress_entries $ip)
|
||||||
|
for entry in "${ip_entries[@]}"
|
||||||
|
do
|
||||||
|
HOSTNAME=${entry} HOSTIP=${ip} envsubst < "${TEMPLATE_DIR}/ingress_entry.sub" >> "${DNS_ZONE_FILE}"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
DNS_DOMAIN=${ingress_domain} ZONE_FILE=$(basename $DNS_ZONE_FILE) envsubst < "${TEMPLATE_DIR}/ingress_corefile.sub" > "${COREFILE}"
|
||||||
|
}
|
||||||
|
|
||||||
|
ingress_dns_start() {
|
||||||
|
# nodename where DNS should run
|
||||||
|
nodename=$1
|
||||||
|
remote_work_dir="/var/tmp/coredns"
|
||||||
|
|
||||||
|
remote_zone_file="${remote_work_dir}/$(basename $DNS_ZONE_FILE)"
|
||||||
|
remote_corefile="${remote_work_dir}/$(basename $COREFILE)"
|
||||||
|
ssh_cmd "${nodename}" mkdir -p "${remote_work_dir}"
|
||||||
|
rsync_cmd "$DNS_ZONE_FILE" "${nodename}:${remote_zone_file}"
|
||||||
|
rsync_cmd "$COREFILE" "${nodename}:${remote_corefile}"
|
||||||
|
ssh_cmd "${nodename}" docker run -d -v /var/tmp/coredns:/data -w /data --network host -P $IMAGE_COREDNS -conf $(basename $remote_corefile)
|
||||||
|
}
|
|
@ -1,6 +0,0 @@
|
||||||
IdentityFile ${SSH_CONFIG_DIR}/id_rsa
|
|
||||||
LogLevel QUIET
|
|
||||||
StrictHostKeyChecking no
|
|
||||||
User root
|
|
||||||
UserKnownHostsFile /dev/null
|
|
||||||
|
|
|
@ -23,6 +23,7 @@ img_base_declare() {
|
||||||
|
|
||||||
iso_gen() {
|
iso_gen() {
|
||||||
NAME=${1}
|
NAME=${1}
|
||||||
|
ADDL_USERDATA="${2}"
|
||||||
|
|
||||||
if virsh vol-key --pool "${VIRSH_POOL}" --vol "cloud-init-${NAME}.iso" &> /dev/null; then
|
if virsh vol-key --pool "${VIRSH_POOL}" --vol "cloud-init-${NAME}.iso" &> /dev/null; then
|
||||||
log Removing existing cloud-init ISO for "${NAME}"
|
log Removing existing cloud-init ISO for "${NAME}"
|
||||||
|
@ -42,6 +43,13 @@ iso_gen() {
|
||||||
export NAME
|
export NAME
|
||||||
export SSH_PUBLIC_KEY
|
export SSH_PUBLIC_KEY
|
||||||
envsubst < "${TEMPLATE_DIR}/user-data.sub" > user-data
|
envsubst < "${TEMPLATE_DIR}/user-data.sub" > user-data
|
||||||
|
|
||||||
|
if [[ ! -z "${ADDL_USERDATA}" ]]
|
||||||
|
then
|
||||||
|
echo >> user-data
|
||||||
|
echo -e "${ADDL_USERDATA}" >> user-data
|
||||||
|
fi
|
||||||
|
|
||||||
envsubst < "${TEMPLATE_DIR}/meta-data.sub" > meta-data
|
envsubst < "${TEMPLATE_DIR}/meta-data.sub" > meta-data
|
||||||
envsubst < "${TEMPLATE_DIR}/network-config.sub" > network-config
|
envsubst < "${TEMPLATE_DIR}/network-config.sub" > network-config
|
||||||
|
|
||||||
|
@ -126,7 +134,7 @@ vm_create() {
|
||||||
wait
|
wait
|
||||||
|
|
||||||
if [[ "$(config_vm_bootstrap ${NAME})" == "true" ]]; then
|
if [[ "$(config_vm_bootstrap ${NAME})" == "true" ]]; then
|
||||||
iso_gen "${NAME}"
|
iso_gen "${NAME}" "$(config_vm_userdata ${NAME})"
|
||||||
wait
|
wait
|
||||||
|
|
||||||
log Creating VM "${NAME}" and bootstrapping the boot drive
|
log Creating VM "${NAME}" and bootstrapping the boot drive
|
||||||
|
@ -260,7 +268,7 @@ make_virtmgr_account() {
|
||||||
sudo useradd -m -s /bin/sh -g "${libvirt_group}" virtmgr
|
sudo useradd -m -s /bin/sh -g "${libvirt_group}" virtmgr
|
||||||
else
|
else
|
||||||
sudo usermod -g "${libvirt_group}" virtmgr
|
sudo usermod -g "${libvirt_group}" virtmgr
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,6 +31,20 @@
|
||||||
"publish": {
|
"publish": {
|
||||||
"$ref": "#/definitions/publish"
|
"$ref": "#/definitions/publish"
|
||||||
},
|
},
|
||||||
|
"ingress": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"domain": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"additionalProperties": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": ["domain"]
|
||||||
|
},
|
||||||
"stages": {
|
"stages": {
|
||||||
"type": "array",
|
"type": "array",
|
||||||
"items": {
|
"items": {
|
||||||
|
@ -104,8 +118,7 @@
|
||||||
"required": [
|
"required": [
|
||||||
"memory",
|
"memory",
|
||||||
"names",
|
"names",
|
||||||
"vcpus",
|
"vcpus"
|
||||||
"non_genesis"
|
|
||||||
],
|
],
|
||||||
"additionalProperties": false
|
"additionalProperties": false
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,13 @@
|
||||||
"primary_repo": "deployment_files",
|
"primary_repo": "deployment_files",
|
||||||
"aux_repos": []
|
"aux_repos": []
|
||||||
},
|
},
|
||||||
|
"ingress": {
|
||||||
|
"domain": "gate.local",
|
||||||
|
"172.24.1.5": [
|
||||||
|
"maas",
|
||||||
|
"drydock"
|
||||||
|
]
|
||||||
|
},
|
||||||
"stages": [
|
"stages": [
|
||||||
{
|
{
|
||||||
"name": "Gate Setup",
|
"name": "Gate Setup",
|
||||||
|
@ -29,6 +36,11 @@
|
||||||
"name": "Create VMs",
|
"name": "Create VMs",
|
||||||
"script": "create-vms.sh"
|
"script": "create-vms.sh"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "Register Ingress",
|
||||||
|
"script": "ingress-dns.sh",
|
||||||
|
"arguments": ["build"]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "Genesis",
|
"name": "Genesis",
|
||||||
"script": "genesis.sh",
|
"script": "genesis.sh",
|
||||||
|
@ -44,6 +56,14 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"vm": {
|
"vm": {
|
||||||
|
"build": {
|
||||||
|
"memory": 3072,
|
||||||
|
"vcpus": 2,
|
||||||
|
"mac": "52:54:00:00:be:31",
|
||||||
|
"ip": "172.24.1.9",
|
||||||
|
"bootstrap": true,
|
||||||
|
"userdata": "packages: [docker.io]"
|
||||||
|
},
|
||||||
"n0" : {
|
"n0" : {
|
||||||
"memory": 32768,
|
"memory": 32768,
|
||||||
"vcpus": 8,
|
"vcpus": 8,
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
source "${GATE_UTILS}"
|
||||||
|
|
||||||
|
DNS_SERVER=$1
|
||||||
|
|
||||||
|
ingress_dns_config
|
||||||
|
ingress_dns_start ${DNS_SERVER}
|
|
@ -0,0 +1,9 @@
|
||||||
|
${DNS_DOMAIN} {
|
||||||
|
file ${ZONE_FILE}
|
||||||
|
log
|
||||||
|
}
|
||||||
|
|
||||||
|
. {
|
||||||
|
forward . /etc/resolv.conf
|
||||||
|
log
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
${HOSTNAME} IN A ${HOSTIP}
|
|
@ -0,0 +1,4 @@
|
||||||
|
$ORIGIN ${INGRESS_DOMAIN}.
|
||||||
|
|
||||||
|
${INGRESS_DOMAIN}. IN SOA localhost. root.localhost. ( 2007120710 1d 2h 4w 1h )
|
||||||
|
|
Loading…
Reference in New Issue