airship
/
porthole
Code Issues Proposed changes

Chart/Dockerfile for Openstack Utility Container 

Added Support for rbac

Change-Id: I6644824776f7890c2475904ba3404e281e10e54e
Co-authored-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
This commit is contained in:
Dodda Prateek (pd2839) 2019-08-07 10:19:35 -05:00 committed by PRATEEK REDDY DODDA
parent 3427ee5ab5
commit 69d9e6db4c
18 changed files with 762 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Dockerfiles/openstack-utility/Dockerfile.ubuntu_xenial Executable file
View File

@ -0,0 +1,31 @@
ARG FROM=docker.io/ubuntu:xenial
FROM ${FROM}
MAINTAINER Prateek Reddy Dodda <pd2839@att.com>
RUN set -xe \
&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
## If there is no shebang at the beginning of the file, the OS will try to execute it as a “normal” binary.
&& echo 'exit 101' >> /usr/sbin/policy-rc.d \
&& chmod +x /usr/sbin/policy-rc.d \
## To prevent services from being started automatically when you install packages with dpkg, apt, etc.,
&& sed -i '/nobody/d' /etc/passwd \
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
## To Restrict User to nobody for User login.
&& dpkg-divert --local --rename --add /sbin/initctl \
&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \
&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \
## To use an updated version of some application instead of old version existing on your machine.
&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \
## Temporarily disable dpkg fsync to make building faster.
&& echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean \
&& echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean \
&& echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean \
&& echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages \
&& echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes \
&& echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests \
# Docker configurations for base Image
&& apt-get update && apt-get install -y bash moreutils vim sudo screen rsyslog x11-apps python-oslo.rootwrap python-openstackclient python-glanceclient python-novaclient python-neutronclient python-cinderclient python-heat python3-oslo.rootwrap python3-openstackclient python3-glanceclient python3-novaclient python3-neutronclient python3-cinderclient \
## Install bash utilities,rsyslog,openstack client which is required for Keystone and oslo rootwrap.
&& apt-get clean && rm -rf /var/lib/apt/lists/*
CMD ["/bin/bash"]

14
Dockerfiles/openstack-utility/build.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
SCRIPT=`realpath $0`
SCRIPT_DIR=`dirname ${SCRIPT}`
## Only build from main folder
cd ${SCRIPT_DIR}/..
IMAGE="openstack-utility"
VERSION=${VERSION:-latest}
DISTRO=${DISTRO:-ubuntu_xenial}
REGISTRY_URI=${REGISTRY_URI:-"openstackhelm/"}
EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""}
docker build -f ${IMAGE}/Dockerfile.${DISTRO} --network=host -t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} ${extra_build_args} ${IMAGE}
cd -

109
Openstack_Utility_Readme Normal file
View File

@ -0,0 +1,109 @@
Openstack Utility Container
-----------------
Prerequisites: Deploy OSH-AIO
Installation
------------
1. Add the below to /etc/sudoers
root ALL=(ALL) NOPASSWD: ALL
ubuntu ALL=(ALL) NOPASSWD: ALL
2. Install the latest versions of Git, CA Certs & Make if necessary
sudo apt-get update \
sudo apt-get dist-upgrade -y \
sudo apt-get install --no-install-recommends -y \
ca-certificates \
git \
make \
jq \
nmap \
curl \
uuid-runtime
3. Clone the OpenStack-Helm Repos
git clone https://git.openstack.org/openstack/openstack-helm-infra.git
git clone https://git.openstack.org/openstack/openstack-helm.git
4. Proxy Configuration
In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml.
proxy:
http: http://username:password@host:port
https: https://username:password@host:port
noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local
Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables.
export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local
5. Deploy Kubernetes & Helm
cd openstack-helm
./tools/deployment/developer/common/010-deploy-k8s.sh
Please remove DNS Nameservers (namespace 10.96.0.10) from /etc/resolv.conf, Since python set-up client would fail without it.
Setup Clients on the host and assemble the charts
./tools/deployment/developer/common/020-setup-client.sh
Re-add DNS nameservers back in (/etc/resolv.conf) so that keystone URL's DNS would resolve.
Deploy the ingress controller
./tools/deployment/developer/common/030-ingress.sh
6. Deploy Ceph
./tools/deployment/developer/ceph/040-ceph.sh
Activate the namespace to be able to use Ceph
./tools/deployment/developer/ceph/045-ceph-ns-activate.sh
7. Deploy Keystone
./tools/deployment/developer/ceph/080-keystone.sh
8. Deploy Heat
./tools/deployment/developer/ceph/090-heat.sh
9. Deploy Horizon
./tools/deployment/developer/ceph/100-horizon.sh
10.Deploy Glance
./tools/deployment/developer/ceph/120-glance.sh
11.Deploy Cinder
./tools/deployment/developer/ceph/130-cinder.sh
12.Deploy LibVirt
./tools/deployment/developer/ceph/150-libvirt.sh
13.Deploy Compute Kit (Nova and Neutron)
./tools/deployment/developer/ceph/160-compute-kit.sh
15.To run further commands from the CLI manually, execute the following to set up authentication credentials
export OS_CLOUD=openstack_helm
16.Clone the Porthole and openstack utility repo as well.
git clone https://review.opendev.org/openstack/airship-porthole
git pull ssh://pd2839@review.opendev.org:29418/airship/porthole refs/changes/70/674670/13
cd porthole
./install_openstack_utility.sh
Usage
-----
Get in to the utility pod using kubectl exec. To perform any operation use the below example. Please be ready with password for accessing below cli commands.
kubectl exec -it <POD_NAME> -n utility /bin/bash
example:
utilscli openstack server list --os-username <USER_NAME> --os-domain-name <DOMAIN_NAME> --os-project-name <PROJECT_NAME
utilscli openstack user list --os-username <USER_NAME> --os-domain-name <DOMAIN_NAME> --os-project-name <PROJECT_NAME

20
install_openstack_utility.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
set -xe
#NOTE: Lint and package chart
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
make openstack-utility
helm upgrade --install openstack-utility openstack-utility --namespace=utility
#NOTE: Wait for deploy
./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility
#NOTE: Validate Deployment info
kubectl get pods --all-namespaces | grep openstack-utility
helm status openstack-utility
export OS_CLOUD=openstack_helm
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack endpoint list
helm test openstack-utility --timeout 900

33
openstack-utility/Chart.yaml Normal file
View File

@ -0,0 +1,33 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack Client
name: openstack-utility
version: 0.1.0
---
apiVersion: v1
description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit
version: 0.1.0
home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources:
- https://git.openstack.org/cgit/openstack/openstack-helm-infra
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

18
openstack-utility/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

19
openstack-utility/templates/bin/_bootstrap.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sudo /tmp/start.sh
tail -f /var/log/syslog

19
openstack-utility/templates/bin/_start.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
/etc/init.d/rsyslog start

16
openstack-utility/templates/bin/_utilscli-sudo.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/openstack-utility-rootwrap /etc/openstack-utility/rootwrap.conf *

22
openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/python
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
# PBR Generated from u'console_scripts'
import sys
from oslo_rootwrap.cmd import main
if __name__ == "__main__":
sys.exit(main())

17
openstack-utility/templates/bin/utility/_utilscli.tpl Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/openstack-utility-rootwrap /etc/openstack-utility/rootwrap.conf $*"

49
openstack-utility/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,49 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_bin .Values.deployment.openstack }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
openstack-utility-rootwrap: |
{{ tuple "bin/utility/_openstack-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
data:
utilscli: |
{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if .Values.bootstrap.enabled }}
bootstrap.sh: |
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- end }}

30
openstack-utility/templates/configmap-etc-client.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_client .Values.deployment.openstack }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
data:
rootwrap.conf: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.openstackrootwrapconf | indent 4 }}
openstack-rootwrap-filter: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.openstackfilter | indent 4 }}
{{- end }}

27
openstack-utility/templates/configmap-etc-sudoers.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.openstack }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
data:
utilscli-sudo: |
{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

135
openstack-utility/templates/deployment-utility.yaml Normal file
View File

@ -0,0 +1,135 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.openstack) }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups: [""]
resources:
- namespaces
- nodes
- pods
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
labels:
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.utility }}
selector:
matchLabels:
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
annotations:
{{ tuple . | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
runAsUser: 65534
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
containers:
- name: {{ printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "openstack_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.openstack_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: OS_AUTH_URL
value: {{ .Values.conf.keystone_auth.auth_url }}
- name: OS_IDENTITY_API_VERSION
value: "{{ .Values.conf.keystone_auth.auth_version }}"
command:
- /tmp/bootstrap.sh
volumeMounts:
- name: openstack-utility-bin-utilscli
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: openstack-utility-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
- name: openstack-utility-bin-utilscli
mountPath: /usr/local/bin/utilscli
subPath: utilscli
readOnly: true
- name: openstack-utility-bin
mountPath: /usr/local/bin/openstack-utility-rootwrap
subPath: openstack-utility-rootwrap
readOnly: true
- name: openstack-utility-sudoers
mountPath: /etc/sudoers.d/utilscli-sudo
subPath: utilscli-sudo
readOnly: true
- name: openstack-utility-etc
mountPath: /etc/openstack-utility/rootwrap.d/openstack-rootwrap-filter
subPath: openstack-rootwrap-filter
readOnly: true
- name: openstack-utility-etc
mountPath: /etc/openstack-utility/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
volumes:
- name: openstack-utility-sudoers
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
defaultMode: 0644
- name: openstack-utility-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
defaultMode: 0500
- name: openstack-utility-etc
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
defaultMode: 0400
- name: openstack-utility-bin-utilscli
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
defaultMode: 0755
{{- end }}

30
openstack-utility/templates/test-openstackutility-running.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-exists-test"
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: {{ .Release.Name }}-exists-test
image: {{ .Values.images.tags.openstack_utility}}
env:
- name: OS_AUTH_URL
value: {{ .Values.conf.keystone_auth.auth_url }}
- name: OS_IDENTITY_API_VERSION
value: "{{ .Values.conf.keystone_auth.auth_version }}"
command: ["/bin/bash", "-c", "openstack user list --os-username admin --os-domain-name default --os-project-name admin --os-password password"]
restartPolicy: Never

138
openstack-utility/values.yaml Normal file
View File

@ -0,0 +1,138 @@
# Default values for openstack-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value
deployment:
openstack: true
release_group: null
images:
pull_policy: IfNotPresent
tags:
openstack_utility: 'docker.io/diwakarthyagaraj/openstackutility:v0.0.2'
image_repo_sync: docker.io/docker:17.07.0
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
pod:
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
utility:
requests:
memory: "100Mi"
cpu: "250m"
limits:
memory: "250Mi"
cpu: "500m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
openstackfilter:
Filters:
# openstack-rootwrap command filters for openstack utility container
# This file should be owned by (and only-writeable by) the root user
openstack: CommandFilter, openstack, root
openstackrootwrapconf:
DEFAULT:
# Configuration for openstack-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/openstack-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
keystone_auth:
auth_url: http://keystone.openstack.svc.cluster.local/v3
auth_version: "3"
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- openstack-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_utility: true

35
zuul.d/openstack-utility.yaml Normal file
View File

@ -0,0 +1,35 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
check:
jobs:
- porthole-openstack-utility-lint-ws
gate:
jobs:
- porthole-openstack-utility-lint-ws
- nodeset:
name: porthole-openstack-utility-single-node
nodes:
- name: primary
label: ubuntu-xenial
- job:
name: porthole-openstack-utility-lint-ws
description: |
Lints all files by checking them for whitespace.
run: tools/gate/playbooks/zuul-linter.yaml
timeout: 300
nodeset: porthole-openstack-utility-single-node