Glance bootstrap to create service/project/role
This PS adds steps to Glance bootstrap process to: create glance-service-and-endpoint-admin create glance-service-and-endpoint-internal create glance-service-and-endpoint-public create glance-user-project-role It also uses per service secrets so no password gets exposed even on the rendering server. Change-Id: Ibfa747cdd86f1cd09a43e7d121704414a47efbcf Partially-Fixes: #1605693 PartiallyImplements: blueprint glance-kubernetes
This commit is contained in:
parent
5800b04729
commit
b3f7e9e6cd
|
@ -8,6 +8,9 @@
|
|||
# For now, set kolla_internal_vip_address in /etc/kolla/globals.yml to use as
|
||||
# the ip address for all the services.
|
||||
# kolla_internal_vip_address: "10.10.10.254"
|
||||
# This address is used in ALL public endpoints and it serves as an entry point
|
||||
# into kolla kubernetes cluster, needs to be changed by the operator.
|
||||
kolla_kubernetes_external_vip: "10.57.120.254"
|
||||
|
||||
########################
|
||||
# Kubernetes Cluster
|
||||
|
@ -87,3 +90,12 @@ storage_ceph:
|
|||
# Persistent volumes sizes in GB
|
||||
################################
|
||||
#glance_volume_size: ""
|
||||
keystone_auth_url: "http://keystone-admin:35357"
|
||||
|
||||
########################
|
||||
# Glance variables
|
||||
########################
|
||||
openstack_glance_auth: "{'auth_url':'{{ keystone_auth_url }}','username':'{{ openstack_auth.username }}','password':'$KEYSTONE_ADMIN_PASSWORD','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}"
|
||||
glance_admin_endpoint: "http://glance-api:{{ glance_api_port }}"
|
||||
glance_public_endpoint: "http://{{ kolla_kubernetes_external_vip }}:{{ glance_api_port }}"
|
||||
glance_internal_endpoint: "http://glance-api:{{ glance_api_port }}"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{%- set resourceName = kolla_kubernetes.cli.args.service_name %}
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
spec:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{%- set resourceName = kolla_kubernetes.cli.args.service_name %}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
|
@ -11,12 +12,14 @@ spec:
|
|||
containers:
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-database
|
||||
#TODO: Assign the IP to be mariadb's serivce ip exposed by Kubernetes
|
||||
command: ["usr/bin/ansible", "localhost", "-vvvv", "-m", "mysql_db",
|
||||
"-a", "login_host='mariadb'
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m mysql_db -a
|
||||
"login_host=mariadb
|
||||
login_port='{{ mariadb_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ glance_database_name }}'"]
|
||||
login_password='$DATABASE_PASSWORD'
|
||||
name='{{ glance_database_name }}'"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
|
@ -29,19 +32,25 @@ spec:
|
|||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
|
||||
- name: DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-password
|
||||
key: password
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-user-and-permissions
|
||||
#TODO: Assign the IP to be mariadb's serivce ip exposed by Kubernetes
|
||||
command: ["/usr/bin/ansible", "localhost", "-vvvv", "-m", "mysql_user",
|
||||
"-a", "login_host='mariadb'
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m mysql_user -a
|
||||
"login_host=mariadb
|
||||
login_port='{{ mariadb_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
login_password='$DATABASE_PASSWORD'
|
||||
name='{{ glance_database_name }}'
|
||||
password='{{ glance_database_password }}'
|
||||
password='$GLANCE_DATABASE_PASSWORD'
|
||||
host='%'
|
||||
priv='{{ glance_database_name }}.*:ALL'
|
||||
append_privs='yes'"]
|
||||
append_privs='yes'"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
|
@ -54,7 +63,16 @@ spec:
|
|||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
|
||||
- name: DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-password
|
||||
key: password
|
||||
- name: GLANCE_DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: glance-database-password
|
||||
key: password
|
||||
- image: "{{ glance_api_image_full }}"
|
||||
name: glance-api-config
|
||||
env:
|
||||
|
@ -66,15 +84,139 @@ spec:
|
|||
- mountPath: {{ container_config_directory }}
|
||||
name: glance-api-config
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/glance/
|
||||
name: glance-persistent-storage
|
||||
- mountPath: /var/log/kolla
|
||||
name: kolla-logs
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-service-and-endpoint-admin
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m kolla_keystone_service -a
|
||||
"service_name=glance
|
||||
service_type=image
|
||||
description='Openstack Image'
|
||||
endpoint_region={{ openstack_region_name }}
|
||||
url='{{ glance_admin_endpoint }}'
|
||||
interface=admin
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{' }} openstack_glance_auth {{ '}}' }}"
|
||||
"-e" "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
- mountPath: /run
|
||||
name: run
|
||||
- mountPath: /var/log/kolla
|
||||
name: kolla-logs
|
||||
env:
|
||||
- name: ANSIBLE_NOCOLOR
|
||||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
- name: KEYSTONE_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keystone-admin-password
|
||||
key: password
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-service-and-endpoint-internal
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m kolla_keystone_service -a
|
||||
"service_name=glance
|
||||
service_type=image
|
||||
description='Openstack Image'
|
||||
endpoint_region={{ openstack_region_name }}
|
||||
url='{{ glance_internal_endpoint }}'
|
||||
interface=internal
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{' }} openstack_glance_auth {{ '}}' }}"
|
||||
"-e" "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
- mountPath: /run
|
||||
name: run
|
||||
- mountPath: /var/log/kolla
|
||||
name: kolla-logs
|
||||
env:
|
||||
- name: ANSIBLE_NOCOLOR
|
||||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
- name: KEYSTONE_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keystone-admin-password
|
||||
key: password
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-service-and-endpoint-public
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m kolla_keystone_service -a
|
||||
"service_name=glance
|
||||
service_type=image
|
||||
description='Openstack Image'
|
||||
endpoint_region={{ openstack_region_name }}
|
||||
url='{{ glance_public_endpoint }}'
|
||||
interface=public
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{' }} openstack_glance_auth {{ '}}' }}"
|
||||
"-e" "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
- mountPath: /run
|
||||
name: run
|
||||
- mountPath: /var/log/kolla
|
||||
name: kolla-logs
|
||||
env:
|
||||
- name: ANSIBLE_NOCOLOR
|
||||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
- name: KEYSTONE_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keystone-admin-password
|
||||
key: password
|
||||
- image: "{{ kolla_toolbox_image_full }}"
|
||||
name: creating-glance-user-project-role
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- ansible localhost -m kolla_keystone_user -a
|
||||
"project=service
|
||||
user=glance
|
||||
password={{ glance_keystone_password }}
|
||||
role=admin
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{' }} openstack_glance_auth {{ '}}' }}"
|
||||
"-e" "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
|
||||
volumeMounts:
|
||||
- mountPath: /dev
|
||||
name: dev
|
||||
- mountPath: /run
|
||||
name: run
|
||||
- mountPath: /var/log/kolla
|
||||
name: kolla-logs
|
||||
env:
|
||||
- name: ANSIBLE_NOCOLOR
|
||||
value: "1"
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: "/usr/share/ansible"
|
||||
- name: KEYSTONE_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keystone-admin-password
|
||||
key: password
|
||||
volumes:
|
||||
- name: glance-api-config
|
||||
configMap:
|
||||
name: glance-api-configmap
|
||||
- name: glance-persistent-storage
|
||||
hostPath:
|
||||
path: /var/lib/glance
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ resourceName }}
|
||||
- name: dev
|
||||
hostPath:
|
||||
path: /dev
|
||||
|
|
Loading…
Reference in New Issue