Merge "Add support for docker registry"

6 years ago · ef399879b4
8 changed files with 108 additions and 82 deletions
--- a/magnum/conductor/template_definition.py
+++ b/magnum/conductor/template_definition.py
@ -64,8 +64,18 @@ template_def_opts = [
                help=_('Enabled bay definition entry points.')),
 ]

+docker_registry_opts = [
+    cfg.StrOpt('swift_region',
+               help=_('Region name of Swift')),
+    cfg.StrOpt('swift_registry_container',
+               default='docker_registry',
+               help=_('Name of the container in Swift which docker registry '
+                      'stores images in'))
+]
+
 CONF = cfg.CONF
 CONF.register_opts(template_def_opts, group='bay')
+CONF.register_opts(docker_registry_opts, group='docker_registry')
 CONF.import_opt('trustee_domain_id', 'magnum.common.keystone', group='trust')


@ -447,6 +457,8 @@ class K8sTemplateDefinition(BaseTemplateDefinition):
        self.add_parameter('tls_disabled',
                           baymodel_attr='tls_disabled',
                           required=True)
+        self.add_parameter('registry_enabled',
+                           baymodel_attr='registry_enabled')

        self.add_output('api_address',
                        bay_attr='api_address',
@ -475,6 +487,11 @@ class K8sTemplateDefinition(BaseTemplateDefinition):
        for label in label_list:
            extra_params[label] = baymodel.labels.get(label)

+        if baymodel.registry_enabled:
+            extra_params['swift_region'] = CONF.docker_registry.swift_region
+            extra_params['registry_container'] = (
+                CONF.docker_registry.swift_registry_container)
+
        return super(K8sTemplateDefinition,
                     self).get_params(context, baymodel, bay,
                                      extra_params=extra_params,
--- a/magnum/opts.py
+++ b/magnum/opts.py
@ -60,4 +60,6 @@ def list_opts():
                            )),
        ('baymodel', magnum.api.validation.baymodel_opts),
        ('keystone_auth', magnum.common.keystone.keystone_auth_opts),
+        ('docker_registry',
+         magnum.conductor.template_definition.docker_registry_opts)
    ]
--- a/magnum/templates/kubernetes/fragments/configure-docker-registry.sh
+++ b/magnum/templates/kubernetes/fragments/configure-docker-registry.sh
@ -15,12 +15,12 @@ storage:
  cache:
    layerinfo: inmemory
  swift:
-    authurl: "$REGISTRY_AUTH_URL"
-    region: "$REGISTRY_REGION"
-    username: "$REGISTRY_USERNAME"
-    password: "$REGISTRY_PASSWORD"
-    domain: "$REGISTRY_DOMAIN"
-    trustid: "$REGISTRY_TRUST_ID"
+    authurl: "$AUTH_URL"
+    region: "$SWIFT_REGION"
+    username: "$TRUSTEE_USERNAME"
+    password: "$TRUSTEE_PASSWORD"
+    domainid: "$TRUSTEE_DOMAIN_ID"
+    trustid: "$TRUST_ID"
    container: "$REGISTRY_CONTAINER"
    insecureskipverify: $REGISTRY_INSECURE
    chunksize: $REGISTRY_CHUNKSIZE
--- a/magnum/templates/kubernetes/fragments/write-heat-params.yaml
+++ b/magnum/templates/kubernetes/fragments/write-heat-params.yaml
@ -14,12 +14,7 @@ write_files:
      NETWORK_DRIVER="$NETWORK_DRIVER"
      REGISTRY_ENABLED="$REGISTRY_ENABLED"
      REGISTRY_PORT="$REGISTRY_PORT"
-      REGISTRY_AUTH_URL="$REGISTRY_AUTH_URL"
-      REGISTRY_REGION="$REGISTRY_REGION"
-      REGISTRY_USERNAME="$REGISTRY_USERNAME"
-      REGISTRY_PASSWORD="$REGISTRY_PASSWORD"
-      REGISTRY_DOMAIN="$REGISTRY_DOMAIN"
-      REGISTRY_TRUST_ID="$REGISTRY_TRUST_ID"
+      SWIFT_REGION="$SWIFT_REGION"
      REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
      REGISTRY_INSECURE="$REGISTRY_INSECURE"
      REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
@ -38,6 +33,8 @@ write_files:
      WAIT_CURL="$WAIT_CURL"
      KUBE_VERSION="$KUBE_VERSION"
      TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
+      TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
      TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
+      TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
      TRUST_ID="$TRUST_ID"
      AUTH_URL="$AUTH_URL"
--- a/magnum/templates/kubernetes/kubecluster.yaml
+++ b/magnum/templates/kubernetes/kubecluster.yaml
@ -125,37 +125,10 @@ parameters:
    description: port of registry service
    default: 5000

-  registry_username:
-    type: string
-    description: username used by docker registry
-    default: "username"
-
-  registry_password:
-    type: string
-    description: password used by docker registry
-    default: "password"
-    hidden: true
-
-  registry_domain:
-    type: string
-    description: domain used by docker registry
-    default: "domain"
-
-  registry_trust_id:
-    type: string
-    description: trust_id used by docker registry
-    default: "trust_id"
-    hidden: true
-
-  registry_auth_url:
-    type: string
-    description: auth_url for keystone
-    default: "auth_url"
-
-  registry_region:
+  swift_region:
    type: string
    description: region of swift service
-    default: "region"
+    default: ""

  registry_container:
    type: string
@ -250,28 +223,23 @@ parameters:
  trustee_domain_id:
    type: string
    description: domain id of the trustee
-    default: ""

  trustee_user_id:
    type: string
    description: user id of the trustee
-    default: ""

  trustee_username:
    type: string
    description: username of the trustee
-    default: ""

  trustee_password:
    type: string
    description: password of the trustee
-    default: ""
    hidden: true

  trust_id:
    type: string
    description: id of the trust which is used by the trustee
-    default: ""
    hidden: true

  auth_url:
@ -496,12 +464,7 @@ resources:
          wait_condition_timeout: {get_param: wait_condition_timeout}
          registry_enabled: {get_param: registry_enabled}
          registry_port: {get_param: registry_port}
-          registry_username: {get_param: registry_username}
-          registry_password: {get_param: registry_password}
-          registry_domain: {get_param: registry_domain}
-          registry_trust_id: {get_param: registry_trust_id}
-          registry_auth_url: {get_param: registry_auth_url}
-          registry_region: {get_param: registry_region}
+          swift_region: {get_param: swift_region}
          registry_container: {get_param: registry_container}
          registry_insecure: {get_param: registry_insecure}
          registry_chunksize: {get_param: registry_chunksize}
@ -521,7 +484,9 @@ resources:
          no_proxy: {get_param: no_proxy}
          kube_version: {get_param: kube_version}
          trustee_user_id: {get_param: trustee_user_id}
+          trustee_username: {get_param: trustee_username}
          trustee_password: {get_param: trustee_password}
+          trustee_domain_id: {get_param: trustee_domain_id}
          trust_id: {get_param: trust_id}
          auth_url: {get_param: auth_url}

--- a/magnum/templates/kubernetes/kubeminion.yaml
+++ b/magnum/templates/kubernetes/kubeminion.yaml
@ -92,29 +92,7 @@ parameters:
    type: number
    description: port of registry service

-  registry_username:
-    type: string
-    description: username used by docker registry
-
-  registry_password:
-    type: string
-    description: password used by docker registry
-    hidden: true
-
-  registry_domain:
-    type: string
-    description: domain used by docker registry
-
-  registry_trust_id:
-    type: string
-    description: trust_id used by docker registry
-    hidden: true
-
-  registry_auth_url:
-    type: string
-    description: auth_url for keystone
-
-  registry_region:
+  swift_region:
    type: string
    description: region of swift service

@ -183,10 +161,18 @@ parameters:
    type: string
    description: version of kubernetes used for kubernetes cluster

+  trustee_domain_id:
+    type: string
+    description: domain id of the trustee
+
  trustee_user_id:
    type: string
    description: user id of the trustee

+  trustee_username:
+    type: string
+    description: username of the trustee
+
  trustee_password:
    type: string
    description: password of the trustee
@ -236,12 +222,7 @@ resources:
            $NETWORK_DRIVER: {get_param: network_driver}
            $REGISTRY_ENABLED: {get_param: registry_enabled}
            $REGISTRY_PORT: {get_param: registry_port}
-            $REGISTRY_AUTH_URL: {get_param: registry_auth_url}
-            $REGISTRY_REGION: {get_param: registry_region}
-            $REGISTRY_USERNAME: {get_param: registry_username}
-            $REGISTRY_PASSWORD: {get_param: registry_password}
-            $REGISTRY_DOMAIN: {get_param: registry_domain}
-            $REGISTRY_TRUST_ID: {get_param: registry_trust_id}
+            $SWIFT_REGION: {get_param: swift_region}
            $REGISTRY_CONTAINER: {get_param: registry_container}
            $REGISTRY_INSECURE: {get_param: registry_insecure}
            $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
@ -259,7 +240,9 @@ resources:
            $NO_PROXY: {get_param: no_proxy}
            $KUBE_VERSION: {get_param: kube_version}
            $WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
+            $TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id}
            $TRUSTEE_USER_ID: {get_param: trustee_user_id}
+            $TRUSTEE_USERNAME: {get_param: trustee_username}
            $TRUSTEE_PASSWORD: {get_param: trustee_password}
            $TRUST_ID: {get_param: trust_id}
            $AUTH_URL: {get_param: auth_url}
--- a/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py
+++ b/magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py
@ -44,7 +44,8 @@ class TestBayConductorWithK8s(base.TestCase):
                       'flannel_network_subnetlen': '26',
                       'flannel_backend': 'vxlan'},
            'tls_disabled': False,
-            'server_type': 'vm'
+            'server_type': 'vm',
+            'registry_enabled': False
        }
        self.bay_dict = {
            'uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
@ -148,6 +149,7 @@ class TestBayConductorWithK8s(base.TestCase):
            'magnum_url': self.mock_osc.magnum_url.return_value,
            'region_name': self.mock_osc.cinder_region_name.return_value,
            'tls_disabled': False,
+            'registry_enabled': False,
            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
            'trustee_username': 'fake_trustee',
            'trustee_password': 'fake_trustee_password',
@ -160,6 +162,61 @@ class TestBayConductorWithK8s(base.TestCase):

        self.assertEqual(expected, definition)

+    @patch('magnum.objects.BayModel.get_by_uuid')
+    def test_extract_template_definition_with_registry(
+            self,
+            mock_objects_baymodel_get_by_uuid):
+        self.baymodel_dict['registry_enabled'] = True
+        baymodel = objects.BayModel(self.context, **self.baymodel_dict)
+        mock_objects_baymodel_get_by_uuid.return_value = baymodel
+        bay = objects.Bay(self.context, **self.bay_dict)
+
+        cfg.CONF.set_override('swift_region',
+                              'RegionOne',
+                              group='docker_registry')
+
+        (template_path,
+         definition) = bay_conductor._extract_template_definition(self.context,
+                                                                  bay)
+
+        expected = {
+            'auth_url': 'http://192.168.10.10:5000/v3',
+            'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
+            'discovery_url': 'https://discovery.etcd.io/test',
+            'dns_nameserver': 'dns_nameserver',
+            'docker_volume_size': 20,
+            'external_network': 'external_network_id',
+            'flannel_backend': 'vxlan',
+            'flannel_network_cidr': '10.101.0.0/16',
+            'flannel_network_subnetlen': '26',
+            'http_proxy': 'http_proxy',
+            'https_proxy': 'https_proxy',
+            'magnum_url': 'http://127.0.0.1:9511/v1',
+            'master_flavor': 'master_flavor_id',
+            'minion_flavor': 'flavor_id',
+            'network_driver': 'network_driver',
+            'no_proxy': 'no_proxy',
+            'number_of_masters': 1,
+            'number_of_minions': 1,
+            'region_name': 'RegionOne',
+            'registry_container': 'docker_registry',
+            'registry_enabled': True,
+            'server_image': 'image_id',
+            'ssh_key_name': 'keypair_id',
+            'swift_region': 'RegionOne',
+            'tenant_name': 'fake_tenant',
+            'tls_disabled': False,
+            'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
+            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
+            'trustee_password': 'fake_trustee_password',
+            'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
+            'trustee_username': 'fake_trustee',
+            'username': 'fake_user',
+            'volume_driver': 'volume_driver'
+        }
+
+        self.assertEqual(expected, definition)
+
    @patch('magnum.objects.BayModel.get_by_uuid')
    def test_extract_template_definition_coreos_with_disovery(
            self,
@ -192,6 +249,7 @@ class TestBayConductorWithK8s(base.TestCase):
            'flannel_network_subnetlen': '26',
            'flannel_backend': 'vxlan',
            'tls_disabled': False,
+            'registry_enabled': False,
            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
            'trustee_username': 'fake_trustee',
            'trustee_password': 'fake_trustee_password',
@ -238,6 +296,7 @@ class TestBayConductorWithK8s(base.TestCase):
            'flannel_network_subnetlen': '26',
            'flannel_backend': 'vxlan',
            'tls_disabled': False,
+            'registry_enabled': False,
            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
            'trustee_username': 'fake_trustee',
            'trustee_password': 'fake_trustee_password',
@ -358,6 +417,7 @@ class TestBayConductorWithK8s(base.TestCase):
            'magnum_url': self.mock_osc.magnum_url.return_value,
            'region_name': self.mock_osc.cinder_region_name.return_value,
            'tls_disabled': False,
+            'registry_enabled': False,
            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
            'trustee_username': 'fake_trustee',
            'trustee_password': 'fake_trustee_password',
--- a/magnum/tests/unit/conductor/test_template_definition.py
+++ b/magnum/tests/unit/conductor/test_template_definition.py
@ -175,6 +175,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase):
        mock_context.auth_token = 'AUTH_TOKEN'
        mock_baymodel = mock.MagicMock()
        mock_baymodel.tls_disabled = False
+        mock_baymodel.registry_enabled = False
        mock_bay = mock.MagicMock()
        mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
        del mock_bay.stack_id
@ -227,6 +228,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase):
        mock_context.auth_token = 'AUTH_TOKEN'
        mock_baymodel = mock.MagicMock()
        mock_baymodel.tls_disabled = True
+        mock_baymodel.registry_enabled = False
        mock_bay = mock.MagicMock()
        mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
        del mock_bay.stack_id