diff --git a/magnum/conductor/template_definition.py b/magnum/conductor/template_definition.py index 70d7cda990..d52ebd3f8c 100644 --- a/magnum/conductor/template_definition.py +++ b/magnum/conductor/template_definition.py @@ -64,8 +64,18 @@ template_def_opts = [ help=_('Enabled bay definition entry points.')), ] +docker_registry_opts = [ + cfg.StrOpt('swift_region', + help=_('Region name of Swift')), + cfg.StrOpt('swift_registry_container', + default='docker_registry', + help=_('Name of the container in Swift which docker registry ' + 'stores images in')) +] + CONF = cfg.CONF CONF.register_opts(template_def_opts, group='bay') +CONF.register_opts(docker_registry_opts, group='docker_registry') CONF.import_opt('trustee_domain_id', 'magnum.common.keystone', group='trust') @@ -447,6 +457,8 @@ class K8sTemplateDefinition(BaseTemplateDefinition): self.add_parameter('tls_disabled', baymodel_attr='tls_disabled', required=True) + self.add_parameter('registry_enabled', + baymodel_attr='registry_enabled') self.add_output('api_address', bay_attr='api_address', @@ -475,6 +487,11 @@ class K8sTemplateDefinition(BaseTemplateDefinition): for label in label_list: extra_params[label] = baymodel.labels.get(label) + if baymodel.registry_enabled: + extra_params['swift_region'] = CONF.docker_registry.swift_region + extra_params['registry_container'] = ( + CONF.docker_registry.swift_registry_container) + return super(K8sTemplateDefinition, self).get_params(context, baymodel, bay, extra_params=extra_params, diff --git a/magnum/opts.py b/magnum/opts.py index 94d1ef54ca..f29b10aa42 100644 --- a/magnum/opts.py +++ b/magnum/opts.py @@ -60,4 +60,6 @@ def list_opts(): )), ('baymodel', magnum.api.validation.baymodel_opts), ('keystone_auth', magnum.common.keystone.keystone_auth_opts), + ('docker_registry', + magnum.conductor.template_definition.docker_registry_opts) ] diff --git a/magnum/templates/kubernetes/fragments/configure-docker-registry.sh b/magnum/templates/kubernetes/fragments/configure-docker-registry.sh index 0364b7800b..f3cfcfa5b7 100644 --- a/magnum/templates/kubernetes/fragments/configure-docker-registry.sh +++ b/magnum/templates/kubernetes/fragments/configure-docker-registry.sh @@ -15,12 +15,12 @@ storage: cache: layerinfo: inmemory swift: - authurl: "$REGISTRY_AUTH_URL" - region: "$REGISTRY_REGION" - username: "$REGISTRY_USERNAME" - password: "$REGISTRY_PASSWORD" - domain: "$REGISTRY_DOMAIN" - trustid: "$REGISTRY_TRUST_ID" + authurl: "$AUTH_URL" + region: "$SWIFT_REGION" + username: "$TRUSTEE_USERNAME" + password: "$TRUSTEE_PASSWORD" + domainid: "$TRUSTEE_DOMAIN_ID" + trustid: "$TRUST_ID" container: "$REGISTRY_CONTAINER" insecureskipverify: $REGISTRY_INSECURE chunksize: $REGISTRY_CHUNKSIZE diff --git a/magnum/templates/kubernetes/fragments/write-heat-params.yaml b/magnum/templates/kubernetes/fragments/write-heat-params.yaml index 692ee1e78c..9980c97222 100644 --- a/magnum/templates/kubernetes/fragments/write-heat-params.yaml +++ b/magnum/templates/kubernetes/fragments/write-heat-params.yaml @@ -14,12 +14,7 @@ write_files: NETWORK_DRIVER="$NETWORK_DRIVER" REGISTRY_ENABLED="$REGISTRY_ENABLED" REGISTRY_PORT="$REGISTRY_PORT" - REGISTRY_AUTH_URL="$REGISTRY_AUTH_URL" - REGISTRY_REGION="$REGISTRY_REGION" - REGISTRY_USERNAME="$REGISTRY_USERNAME" - REGISTRY_PASSWORD="$REGISTRY_PASSWORD" - REGISTRY_DOMAIN="$REGISTRY_DOMAIN" - REGISTRY_TRUST_ID="$REGISTRY_TRUST_ID" + SWIFT_REGION="$SWIFT_REGION" REGISTRY_CONTAINER="$REGISTRY_CONTAINER" REGISTRY_INSECURE="$REGISTRY_INSECURE" REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE" @@ -38,6 +33,8 @@ write_files: WAIT_CURL="$WAIT_CURL" KUBE_VERSION="$KUBE_VERSION" TRUSTEE_USER_ID="$TRUSTEE_USER_ID" + TRUSTEE_USERNAME="$TRUSTEE_USERNAME" TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" + TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID" TRUST_ID="$TRUST_ID" AUTH_URL="$AUTH_URL" diff --git a/magnum/templates/kubernetes/kubecluster.yaml b/magnum/templates/kubernetes/kubecluster.yaml index 5c1e2abeaa..de7130bfe8 100644 --- a/magnum/templates/kubernetes/kubecluster.yaml +++ b/magnum/templates/kubernetes/kubecluster.yaml @@ -125,37 +125,10 @@ parameters: description: port of registry service default: 5000 - registry_username: - type: string - description: username used by docker registry - default: "username" - - registry_password: - type: string - description: password used by docker registry - default: "password" - hidden: true - - registry_domain: - type: string - description: domain used by docker registry - default: "domain" - - registry_trust_id: - type: string - description: trust_id used by docker registry - default: "trust_id" - hidden: true - - registry_auth_url: - type: string - description: auth_url for keystone - default: "auth_url" - - registry_region: + swift_region: type: string description: region of swift service - default: "region" + default: "" registry_container: type: string @@ -250,28 +223,23 @@ parameters: trustee_domain_id: type: string description: domain id of the trustee - default: "" trustee_user_id: type: string description: user id of the trustee - default: "" trustee_username: type: string description: username of the trustee - default: "" trustee_password: type: string description: password of the trustee - default: "" hidden: true trust_id: type: string description: id of the trust which is used by the trustee - default: "" hidden: true auth_url: @@ -496,12 +464,7 @@ resources: wait_condition_timeout: {get_param: wait_condition_timeout} registry_enabled: {get_param: registry_enabled} registry_port: {get_param: registry_port} - registry_username: {get_param: registry_username} - registry_password: {get_param: registry_password} - registry_domain: {get_param: registry_domain} - registry_trust_id: {get_param: registry_trust_id} - registry_auth_url: {get_param: registry_auth_url} - registry_region: {get_param: registry_region} + swift_region: {get_param: swift_region} registry_container: {get_param: registry_container} registry_insecure: {get_param: registry_insecure} registry_chunksize: {get_param: registry_chunksize} @@ -521,7 +484,9 @@ resources: no_proxy: {get_param: no_proxy} kube_version: {get_param: kube_version} trustee_user_id: {get_param: trustee_user_id} + trustee_username: {get_param: trustee_username} trustee_password: {get_param: trustee_password} + trustee_domain_id: {get_param: trustee_domain_id} trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} diff --git a/magnum/templates/kubernetes/kubeminion.yaml b/magnum/templates/kubernetes/kubeminion.yaml index 3fc865f0aa..0819f610e7 100644 --- a/magnum/templates/kubernetes/kubeminion.yaml +++ b/magnum/templates/kubernetes/kubeminion.yaml @@ -92,29 +92,7 @@ parameters: type: number description: port of registry service - registry_username: - type: string - description: username used by docker registry - - registry_password: - type: string - description: password used by docker registry - hidden: true - - registry_domain: - type: string - description: domain used by docker registry - - registry_trust_id: - type: string - description: trust_id used by docker registry - hidden: true - - registry_auth_url: - type: string - description: auth_url for keystone - - registry_region: + swift_region: type: string description: region of swift service @@ -183,10 +161,18 @@ parameters: type: string description: version of kubernetes used for kubernetes cluster + trustee_domain_id: + type: string + description: domain id of the trustee + trustee_user_id: type: string description: user id of the trustee + trustee_username: + type: string + description: username of the trustee + trustee_password: type: string description: password of the trustee @@ -236,12 +222,7 @@ resources: $NETWORK_DRIVER: {get_param: network_driver} $REGISTRY_ENABLED: {get_param: registry_enabled} $REGISTRY_PORT: {get_param: registry_port} - $REGISTRY_AUTH_URL: {get_param: registry_auth_url} - $REGISTRY_REGION: {get_param: registry_region} - $REGISTRY_USERNAME: {get_param: registry_username} - $REGISTRY_PASSWORD: {get_param: registry_password} - $REGISTRY_DOMAIN: {get_param: registry_domain} - $REGISTRY_TRUST_ID: {get_param: registry_trust_id} + $SWIFT_REGION: {get_param: swift_region} $REGISTRY_CONTAINER: {get_param: registry_container} $REGISTRY_INSECURE: {get_param: registry_insecure} $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize} @@ -259,7 +240,9 @@ resources: $NO_PROXY: {get_param: no_proxy} $KUBE_VERSION: {get_param: kube_version} $WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]} + $TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id} $TRUSTEE_USER_ID: {get_param: trustee_user_id} + $TRUSTEE_USERNAME: {get_param: trustee_username} $TRUSTEE_PASSWORD: {get_param: trustee_password} $TRUST_ID: {get_param: trust_id} $AUTH_URL: {get_param: auth_url} diff --git a/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py b/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py index 354a7c7add..421b6a0a1f 100644 --- a/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py +++ b/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py @@ -44,7 +44,8 @@ class TestBayConductorWithK8s(base.TestCase): 'flannel_network_subnetlen': '26', 'flannel_backend': 'vxlan'}, 'tls_disabled': False, - 'server_type': 'vm' + 'server_type': 'vm', + 'registry_enabled': False } self.bay_dict = { 'uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52', @@ -148,6 +149,7 @@ class TestBayConductorWithK8s(base.TestCase): 'magnum_url': self.mock_osc.magnum_url.return_value, 'region_name': self.mock_osc.cinder_region_name.return_value, 'tls_disabled': False, + 'registry_enabled': False, 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', 'trustee_username': 'fake_trustee', 'trustee_password': 'fake_trustee_password', @@ -160,6 +162,61 @@ class TestBayConductorWithK8s(base.TestCase): self.assertEqual(expected, definition) + @patch('magnum.objects.BayModel.get_by_uuid') + def test_extract_template_definition_with_registry( + self, + mock_objects_baymodel_get_by_uuid): + self.baymodel_dict['registry_enabled'] = True + baymodel = objects.BayModel(self.context, **self.baymodel_dict) + mock_objects_baymodel_get_by_uuid.return_value = baymodel + bay = objects.Bay(self.context, **self.bay_dict) + + cfg.CONF.set_override('swift_region', + 'RegionOne', + group='docker_registry') + + (template_path, + definition) = bay_conductor._extract_template_definition(self.context, + bay) + + expected = { + 'auth_url': 'http://192.168.10.10:5000/v3', + 'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52', + 'discovery_url': 'https://discovery.etcd.io/test', + 'dns_nameserver': 'dns_nameserver', + 'docker_volume_size': 20, + 'external_network': 'external_network_id', + 'flannel_backend': 'vxlan', + 'flannel_network_cidr': '10.101.0.0/16', + 'flannel_network_subnetlen': '26', + 'http_proxy': 'http_proxy', + 'https_proxy': 'https_proxy', + 'magnum_url': 'http://127.0.0.1:9511/v1', + 'master_flavor': 'master_flavor_id', + 'minion_flavor': 'flavor_id', + 'network_driver': 'network_driver', + 'no_proxy': 'no_proxy', + 'number_of_masters': 1, + 'number_of_minions': 1, + 'region_name': 'RegionOne', + 'registry_container': 'docker_registry', + 'registry_enabled': True, + 'server_image': 'image_id', + 'ssh_key_name': 'keypair_id', + 'swift_region': 'RegionOne', + 'tenant_name': 'fake_tenant', + 'tls_disabled': False, + 'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de', + 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', + 'trustee_password': 'fake_trustee_password', + 'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656', + 'trustee_username': 'fake_trustee', + 'username': 'fake_user', + 'volume_driver': 'volume_driver' + } + + self.assertEqual(expected, definition) + @patch('magnum.objects.BayModel.get_by_uuid') def test_extract_template_definition_coreos_with_disovery( self, @@ -192,6 +249,7 @@ class TestBayConductorWithK8s(base.TestCase): 'flannel_network_subnetlen': '26', 'flannel_backend': 'vxlan', 'tls_disabled': False, + 'registry_enabled': False, 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', 'trustee_username': 'fake_trustee', 'trustee_password': 'fake_trustee_password', @@ -238,6 +296,7 @@ class TestBayConductorWithK8s(base.TestCase): 'flannel_network_subnetlen': '26', 'flannel_backend': 'vxlan', 'tls_disabled': False, + 'registry_enabled': False, 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', 'trustee_username': 'fake_trustee', 'trustee_password': 'fake_trustee_password', @@ -358,6 +417,7 @@ class TestBayConductorWithK8s(base.TestCase): 'magnum_url': self.mock_osc.magnum_url.return_value, 'region_name': self.mock_osc.cinder_region_name.return_value, 'tls_disabled': False, + 'registry_enabled': False, 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', 'trustee_username': 'fake_trustee', 'trustee_password': 'fake_trustee_password', diff --git a/magnum/tests/unit/conductor/test_template_definition.py b/magnum/tests/unit/conductor/test_template_definition.py index 3287b227e1..d744f985fd 100644 --- a/magnum/tests/unit/conductor/test_template_definition.py +++ b/magnum/tests/unit/conductor/test_template_definition.py @@ -175,6 +175,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase): mock_context.auth_token = 'AUTH_TOKEN' mock_baymodel = mock.MagicMock() mock_baymodel.tls_disabled = False + mock_baymodel.registry_enabled = False mock_bay = mock.MagicMock() mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52' del mock_bay.stack_id @@ -227,6 +228,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase): mock_context.auth_token = 'AUTH_TOKEN' mock_baymodel = mock.MagicMock() mock_baymodel.tls_disabled = True + mock_baymodel.registry_enabled = False mock_bay = mock.MagicMock() mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52' del mock_bay.stack_id