Chart/Dockerfile for Openstack Utility Container
Added Support for rbac Change-Id: I6644824776f7890c2475904ba3404e281e10e54e Co-authored-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
This commit is contained in:
parent
3427ee5ab5
commit
69d9e6db4c
|
@ -0,0 +1,31 @@
|
||||||
|
ARG FROM=docker.io/ubuntu:xenial
|
||||||
|
FROM ${FROM}
|
||||||
|
MAINTAINER Prateek Reddy Dodda <pd2839@att.com>
|
||||||
|
|
||||||
|
RUN set -xe \
|
||||||
|
&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
|
||||||
|
## If there is no shebang at the beginning of the file, the OS will try to execute it as a “normal” binary.
|
||||||
|
&& echo 'exit 101' >> /usr/sbin/policy-rc.d \
|
||||||
|
&& chmod +x /usr/sbin/policy-rc.d \
|
||||||
|
## To prevent services from being started automatically when you install packages with dpkg, apt, etc.,
|
||||||
|
&& sed -i '/nobody/d' /etc/passwd \
|
||||||
|
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
|
||||||
|
## To Restrict User to nobody for User login.
|
||||||
|
&& dpkg-divert --local --rename --add /sbin/initctl \
|
||||||
|
&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \
|
||||||
|
&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \
|
||||||
|
## To use an updated version of some application instead of old version existing on your machine.
|
||||||
|
&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \
|
||||||
|
## Temporarily disable dpkg fsync to make building faster.
|
||||||
|
&& echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean \
|
||||||
|
&& echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean \
|
||||||
|
&& echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean \
|
||||||
|
&& echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages \
|
||||||
|
&& echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes \
|
||||||
|
&& echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests \
|
||||||
|
# Docker configurations for base Image
|
||||||
|
&& apt-get update && apt-get install -y bash moreutils vim sudo screen rsyslog x11-apps python-oslo.rootwrap python-openstackclient python-glanceclient python-novaclient python-neutronclient python-cinderclient python-heat python3-oslo.rootwrap python3-openstackclient python3-glanceclient python3-novaclient python3-neutronclient python3-cinderclient \
|
||||||
|
## Install bash utilities,rsyslog,openstack client which is required for Keystone and oslo rootwrap.
|
||||||
|
&& apt-get clean && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
CMD ["/bin/bash"]
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
SCRIPT=`realpath $0`
|
||||||
|
SCRIPT_DIR=`dirname ${SCRIPT}`
|
||||||
|
## Only build from main folder
|
||||||
|
cd ${SCRIPT_DIR}/..
|
||||||
|
|
||||||
|
IMAGE="openstack-utility"
|
||||||
|
VERSION=${VERSION:-latest}
|
||||||
|
DISTRO=${DISTRO:-ubuntu_xenial}
|
||||||
|
REGISTRY_URI=${REGISTRY_URI:-"openstackhelm/"}
|
||||||
|
EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""}
|
||||||
|
docker build -f ${IMAGE}/Dockerfile.${DISTRO} --network=host -t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} ${extra_build_args} ${IMAGE}
|
||||||
|
|
||||||
|
cd -
|
|
@ -0,0 +1,109 @@
|
||||||
|
Openstack Utility Container
|
||||||
|
-----------------
|
||||||
|
Prerequisites: Deploy OSH-AIO
|
||||||
|
|
||||||
|
|
||||||
|
Installation
|
||||||
|
------------
|
||||||
|
1. Add the below to /etc/sudoers
|
||||||
|
|
||||||
|
root ALL=(ALL) NOPASSWD: ALL
|
||||||
|
ubuntu ALL=(ALL) NOPASSWD: ALL
|
||||||
|
|
||||||
|
2. Install the latest versions of Git, CA Certs & Make if necessary
|
||||||
|
|
||||||
|
sudo apt-get update \
|
||||||
|
sudo apt-get dist-upgrade -y \
|
||||||
|
sudo apt-get install --no-install-recommends -y \
|
||||||
|
ca-certificates \
|
||||||
|
git \
|
||||||
|
make \
|
||||||
|
jq \
|
||||||
|
nmap \
|
||||||
|
curl \
|
||||||
|
uuid-runtime
|
||||||
|
|
||||||
|
3. Clone the OpenStack-Helm Repos
|
||||||
|
|
||||||
|
git clone https://git.openstack.org/openstack/openstack-helm-infra.git
|
||||||
|
git clone https://git.openstack.org/openstack/openstack-helm.git
|
||||||
|
|
||||||
|
|
||||||
|
4. Proxy Configuration
|
||||||
|
|
||||||
|
In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml.
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
http: http://username:password@host:port
|
||||||
|
https: https://username:password@host:port
|
||||||
|
noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local
|
||||||
|
|
||||||
|
Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables.
|
||||||
|
|
||||||
|
export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
|
||||||
|
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local
|
||||||
|
|
||||||
|
5. Deploy Kubernetes & Helm
|
||||||
|
|
||||||
|
cd openstack-helm
|
||||||
|
./tools/deployment/developer/common/010-deploy-k8s.sh
|
||||||
|
|
||||||
|
Please remove DNS Nameservers (namespace 10.96.0.10) from /etc/resolv.conf, Since python set-up client would fail without it.
|
||||||
|
|
||||||
|
Setup Clients on the host and assemble the charts
|
||||||
|
./tools/deployment/developer/common/020-setup-client.sh
|
||||||
|
|
||||||
|
Re-add DNS nameservers back in (/etc/resolv.conf) so that keystone URL's DNS would resolve.
|
||||||
|
|
||||||
|
Deploy the ingress controller
|
||||||
|
./tools/deployment/developer/common/030-ingress.sh
|
||||||
|
|
||||||
|
6. Deploy Ceph
|
||||||
|
|
||||||
|
./tools/deployment/developer/ceph/040-ceph.sh
|
||||||
|
|
||||||
|
Activate the namespace to be able to use Ceph
|
||||||
|
./tools/deployment/developer/ceph/045-ceph-ns-activate.sh
|
||||||
|
|
||||||
|
7. Deploy Keystone
|
||||||
|
./tools/deployment/developer/ceph/080-keystone.sh
|
||||||
|
|
||||||
|
8. Deploy Heat
|
||||||
|
./tools/deployment/developer/ceph/090-heat.sh
|
||||||
|
|
||||||
|
9. Deploy Horizon
|
||||||
|
./tools/deployment/developer/ceph/100-horizon.sh
|
||||||
|
|
||||||
|
10.Deploy Glance
|
||||||
|
./tools/deployment/developer/ceph/120-glance.sh
|
||||||
|
|
||||||
|
11.Deploy Cinder
|
||||||
|
./tools/deployment/developer/ceph/130-cinder.sh
|
||||||
|
|
||||||
|
12.Deploy LibVirt
|
||||||
|
./tools/deployment/developer/ceph/150-libvirt.sh
|
||||||
|
|
||||||
|
13.Deploy Compute Kit (Nova and Neutron)
|
||||||
|
./tools/deployment/developer/ceph/160-compute-kit.sh
|
||||||
|
|
||||||
|
15.To run further commands from the CLI manually, execute the following to set up authentication credentials
|
||||||
|
export OS_CLOUD=openstack_helm
|
||||||
|
|
||||||
|
16.Clone the Porthole and openstack utility repo as well.
|
||||||
|
|
||||||
|
git clone https://review.opendev.org/openstack/airship-porthole
|
||||||
|
git pull ssh://pd2839@review.opendev.org:29418/airship/porthole refs/changes/70/674670/13
|
||||||
|
|
||||||
|
cd porthole
|
||||||
|
./install_openstack_utility.sh
|
||||||
|
|
||||||
|
Usage
|
||||||
|
-----
|
||||||
|
|
||||||
|
Get in to the utility pod using kubectl exec. To perform any operation use the below example. Please be ready with password for accessing below cli commands.
|
||||||
|
|
||||||
|
kubectl exec -it <POD_NAME> -n utility /bin/bash
|
||||||
|
|
||||||
|
example:
|
||||||
|
utilscli openstack server list --os-username <USER_NAME> --os-domain-name <DOMAIN_NAME> --os-project-name <PROJECT_NAME
|
||||||
|
utilscli openstack user list --os-username <USER_NAME> --os-domain-name <DOMAIN_NAME> --os-project-name <PROJECT_NAME
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -xe
|
||||||
|
|
||||||
|
#NOTE: Lint and package chart
|
||||||
|
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
|
||||||
|
|
||||||
|
make openstack-utility
|
||||||
|
|
||||||
|
helm upgrade --install openstack-utility openstack-utility --namespace=utility
|
||||||
|
|
||||||
|
#NOTE: Wait for deploy
|
||||||
|
./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility
|
||||||
|
|
||||||
|
#NOTE: Validate Deployment info
|
||||||
|
kubectl get pods --all-namespaces | grep openstack-utility
|
||||||
|
helm status openstack-utility
|
||||||
|
export OS_CLOUD=openstack_helm
|
||||||
|
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
|
||||||
|
openstack endpoint list
|
||||||
|
helm test openstack-utility --timeout 900
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack Client
|
||||||
|
name: openstack-utility
|
||||||
|
version: 0.1.0
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm Helm-Toolkit
|
||||||
|
name: helm-toolkit
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://docs.openstack.org/openstack-helm
|
||||||
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
||||||
|
sources:
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm-infra
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- name: helm-toolkit
|
||||||
|
repository: http://localhost:8879/charts
|
||||||
|
version: 0.1.0
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
set -ex
|
||||||
|
sudo /tmp/start.sh
|
||||||
|
tail -f /var/log/syslog
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
set -ex
|
||||||
|
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
|
||||||
|
/etc/init.d/rsyslog start
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/openstack-utility-rootwrap /etc/openstack-utility/rootwrap.conf *
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
# PBR Generated from u'console_scripts'
|
||||||
|
import sys
|
||||||
|
from oslo_rootwrap.cmd import main
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
sys.exit(main())
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/openstack-utility-rootwrap /etc/openstack-utility/rootwrap.conf $*"
|
|
@ -0,0 +1,49 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.configmap_bin .Values.deployment.openstack }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
|
||||||
|
data:
|
||||||
|
{{- if .Values.images.local_registry.active }}
|
||||||
|
image-repo-sync.sh: |
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
start.sh: |
|
||||||
|
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
|
||||||
|
openstack-utility-rootwrap: |
|
||||||
|
{{ tuple "bin/utility/_openstack-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
|
||||||
|
data:
|
||||||
|
utilscli: |
|
||||||
|
{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
|
||||||
|
{{- if .Values.bootstrap.enabled }}
|
||||||
|
bootstrap.sh: |
|
||||||
|
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,30 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.configmap_etc_client .Values.deployment.openstack }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
|
||||||
|
data:
|
||||||
|
rootwrap.conf: |
|
||||||
|
{{ include "helm-toolkit.utils.to_ini" .Values.conf.openstackrootwrapconf | indent 4 }}
|
||||||
|
openstack-rootwrap-filter: |
|
||||||
|
{{ include "helm-toolkit.utils.to_ini" .Values.conf.openstackfilter | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.openstack }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
|
||||||
|
data:
|
||||||
|
utilscli-sudo: |
|
||||||
|
{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,135 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.openstack) }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
|
||||||
|
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
|
||||||
|
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ $serviceAccountName }}
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
- nodes
|
||||||
|
- pods
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- persistentvolumes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ $serviceAccountName }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ $serviceAccountName }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ $serviceAccountName }}
|
||||||
|
namespace: {{ $envAll.Release.Namespace }}
|
||||||
|
---
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s" $envAll.Release.Name }}
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.pod.replicas.utility }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s" $envAll.Release.Name }}
|
||||||
|
annotations:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 65534
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
affinity:
|
||||||
|
{{ tuple $envAll "openstack" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
|
||||||
|
containers:
|
||||||
|
- name: {{ printf "%s" $envAll.Release.Name }}
|
||||||
|
{{ tuple $envAll "openstack_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.openstack_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: OS_AUTH_URL
|
||||||
|
value: {{ .Values.conf.keystone_auth.auth_url }}
|
||||||
|
- name: OS_IDENTITY_API_VERSION
|
||||||
|
value: "{{ .Values.conf.keystone_auth.auth_version }}"
|
||||||
|
command:
|
||||||
|
- /tmp/bootstrap.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: openstack-utility-bin-utilscli
|
||||||
|
mountPath: /tmp/bootstrap.sh
|
||||||
|
subPath: bootstrap.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-bin
|
||||||
|
mountPath: /tmp/start.sh
|
||||||
|
subPath: start.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-bin-utilscli
|
||||||
|
mountPath: /usr/local/bin/utilscli
|
||||||
|
subPath: utilscli
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-bin
|
||||||
|
mountPath: /usr/local/bin/openstack-utility-rootwrap
|
||||||
|
subPath: openstack-utility-rootwrap
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-sudoers
|
||||||
|
mountPath: /etc/sudoers.d/utilscli-sudo
|
||||||
|
subPath: utilscli-sudo
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-etc
|
||||||
|
mountPath: /etc/openstack-utility/rootwrap.d/openstack-rootwrap-filter
|
||||||
|
subPath: openstack-rootwrap-filter
|
||||||
|
readOnly: true
|
||||||
|
- name: openstack-utility-etc
|
||||||
|
mountPath: /etc/openstack-utility/rootwrap.conf
|
||||||
|
subPath: rootwrap.conf
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: openstack-utility-sudoers
|
||||||
|
configMap:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
|
||||||
|
defaultMode: 0644
|
||||||
|
- name: openstack-utility-bin
|
||||||
|
configMap:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
|
||||||
|
defaultMode: 0500
|
||||||
|
- name: openstack-utility-etc
|
||||||
|
configMap:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
|
||||||
|
defaultMode: 0400
|
||||||
|
- name: openstack-utility-bin-utilscli
|
||||||
|
configMap:
|
||||||
|
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
|
||||||
|
defaultMode: 0755
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,30 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-exists-test"
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": test-success
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: {{ .Release.Name }}-exists-test
|
||||||
|
image: {{ .Values.images.tags.openstack_utility}}
|
||||||
|
env:
|
||||||
|
- name: OS_AUTH_URL
|
||||||
|
value: {{ .Values.conf.keystone_auth.auth_url }}
|
||||||
|
- name: OS_IDENTITY_API_VERSION
|
||||||
|
value: "{{ .Values.conf.keystone_auth.auth_version }}"
|
||||||
|
command: ["/bin/bash", "-c", "openstack user list --os-username admin --os-domain-name default --os-project-name admin --os-password password"]
|
||||||
|
restartPolicy: Never
|
|
@ -0,0 +1,138 @@
|
||||||
|
# Default values for openstack-utility.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
# name: value
|
||||||
|
|
||||||
|
|
||||||
|
deployment:
|
||||||
|
openstack: true
|
||||||
|
|
||||||
|
release_group: null
|
||||||
|
|
||||||
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
tags:
|
||||||
|
openstack_utility: 'docker.io/diwakarthyagaraj/openstackutility:v0.0.2'
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
|
local_registry:
|
||||||
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
|
labels:
|
||||||
|
utility:
|
||||||
|
node_selector_key: openstack-helm-node-class
|
||||||
|
node_selector_value: primary
|
||||||
|
|
||||||
|
pod:
|
||||||
|
dns_policy: "ClusterFirstWithHostNet"
|
||||||
|
replicas:
|
||||||
|
utility: 1
|
||||||
|
affinity:
|
||||||
|
anti:
|
||||||
|
type:
|
||||||
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||||
|
topologyKey:
|
||||||
|
default: kubernetes.io/hostname
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
utility:
|
||||||
|
requests:
|
||||||
|
memory: "100Mi"
|
||||||
|
cpu: "250m"
|
||||||
|
limits:
|
||||||
|
memory: "250Mi"
|
||||||
|
cpu: "500m"
|
||||||
|
jobs:
|
||||||
|
bootstrap:
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "500m"
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
|
|
||||||
|
conf:
|
||||||
|
openstackfilter:
|
||||||
|
Filters:
|
||||||
|
# openstack-rootwrap command filters for openstack utility container
|
||||||
|
# This file should be owned by (and only-writeable by) the root user
|
||||||
|
openstack: CommandFilter, openstack, root
|
||||||
|
openstackrootwrapconf:
|
||||||
|
DEFAULT:
|
||||||
|
# Configuration for openstack-rootwrap
|
||||||
|
# This file should be owned by (and only-writeable by) the root user
|
||||||
|
# List of directories to load filter definitions from (separated by ',').
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
filters_path: /etc/openstack-utility/rootwrap.d
|
||||||
|
# List of directories to search executables in, in case filters do not
|
||||||
|
# explicitely specify a full path (separated by ',')
|
||||||
|
# If not specified, defaults to system PATH environment variable.
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
|
||||||
|
# Enable logging to syslog
|
||||||
|
# Default value is False
|
||||||
|
use_syslog: True
|
||||||
|
# Which syslog facility to use.
|
||||||
|
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||||
|
# Default value is 'syslog'
|
||||||
|
syslog_log_facility: syslog
|
||||||
|
# Which messages to log.
|
||||||
|
# INFO means log all usage
|
||||||
|
# ERROR means only log unsuccessful attempts
|
||||||
|
syslog_log_level: INFO
|
||||||
|
keystone_auth:
|
||||||
|
auth_url: http://keystone.openstack.svc.cluster.local/v3
|
||||||
|
auth_version: "3"
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
common:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- openstack-utility-image-repo-sync
|
||||||
|
services:
|
||||||
|
- endpoint: node
|
||||||
|
service: local_image_registry
|
||||||
|
static:
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- endpoint: internal
|
||||||
|
service: local_image_registry
|
||||||
|
|
||||||
|
bootstrap:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
|
||||||
|
monitoring:
|
||||||
|
prometheus:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
configmap_bin: true
|
||||||
|
configmap_etc_client: true
|
||||||
|
configmap_etc_sudoers: true
|
||||||
|
deployment_utility: true
|
|
@ -0,0 +1,35 @@
|
||||||
|
# Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- project:
|
||||||
|
check:
|
||||||
|
jobs:
|
||||||
|
- porthole-openstack-utility-lint-ws
|
||||||
|
gate:
|
||||||
|
jobs:
|
||||||
|
- porthole-openstack-utility-lint-ws
|
||||||
|
|
||||||
|
- nodeset:
|
||||||
|
name: porthole-openstack-utility-single-node
|
||||||
|
nodes:
|
||||||
|
- name: primary
|
||||||
|
label: ubuntu-xenial
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: porthole-openstack-utility-lint-ws
|
||||||
|
description: |
|
||||||
|
Lints all files by checking them for whitespace.
|
||||||
|
run: tools/gate/playbooks/zuul-linter.yaml
|
||||||
|
timeout: 300
|
||||||
|
nodeset: porthole-openstack-utility-single-node
|
Loading…
Reference in New Issue