openstack
/
openstack-helm-addons
Code Issues Proposed changes

Retire openstack-helm-addons repository 

This change removes the context from the openstack-helm-addons
repository as part of the effort to retire the repo.

Change-Id: I25603f95f54d88293623206b4d56a109d3b3a5c3
This commit is contained in:
Gage Hugo 2022-07-25 08:49:04 -05:00
parent cc264e59f6
commit 5ad8824fca
79 changed files with 8 additions and 3491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
.gitignore vendored
View File

@ -1,70 +0,0 @@
*.py[cod]
# C extensions
*.so
# Packages
*.egg*
*.egg-info
dist
build
eggs
parts
var
sdist
develop-eggs
.installed.cfg
lib
lib64
# Installer logs
pip-log.txt
# Unit test / coverage reports
cover/
.coverage*
!.coveragerc
.tox
nosetests.xml
.testrepository
.venv
# Translations
*.mo
# Mr Developer
.mr.developer.cfg
.project
.pydevproject
# Complexity
output/*.html
output/*/index.html
# Sphinx
doc/build
# pbr generates these
AUTHORS
ChangeLog
# Editors
*~
.*.swp
.*sw?
# Files created by releasenotes build
releasenotes/build
# Dev tools
.idea/
dev/.vagrant
# Helm internals
*.lock
*/*.lock
*.tgz
**/*.tgz
**/_partials.tpl
**/_globals.tpl
dev/*.log

19
CONTRIBUTING.rst
View File

@ -1,19 +0,0 @@
The source repository for this project can be found at:
https://opendev.org/openstack/openstack-helm-addons
Pull requests submitted through GitHub are not monitored.
To start contributing to OpenStack, follow the steps in the contribution guide
to set up and use Gerrit:
https://docs.openstack.org/contributors/code-and-documentation/quick-start.html
Bugs should be filed on StoryBoard:
https://storyboard.openstack.org/#!/project/openstack/openstack-helm-addons
For more specific information about contributing to this repository, see the
openstack-helm contributor guide:
https://docs.openstack.org/openstack-helm/latest/contributor/contributing.html

201
LICENSE
View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

66
Makefile
View File

@ -1,66 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
HELM := helm
TASK := build
EXCLUDES := helm-toolkit doc tests tools logs tmp influxdb kafka \
keystone-init monasca-agent monasca-alarms monasca mysql-users-init storm \
zookeeper zuul.d releasenotes
CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@echo
@echo "===== Processing [$@] chart ====="
@make $(TASK)-$@
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: init-%
if [ -d $* ]; then $(HELM) lint $*; fi
build-%: lint-%
if [ -d $* ]; then $(HELM) package $*; fi
# This is used exclusively with helm3 building in the gate to publish
package-%: init-%
if [ -d $* ]; then $(HELM) package $*; fi
clean:
@echo "Removed .b64, _partials.tpl, and _globals.tpl files"
rm -f helm-toolkit/secrets/*.b64
rm -f */templates/_partials.tpl
rm -f */templates/_globals.tpl
rm -f *tgz */charts/*tgz
rm -f */requirements.lock
-rm -rf */charts */tmpcharts
pull-all-images:
@./tools/pull-images.sh
pull-images:
@./tools/pull-images.sh $(filter-out $@,$(MAKECMDGOALS))
dev-deploy:
@./tools/gate/devel/start.sh $(filter-out $@,$(MAKECMDGOALS))
%:
@:

34
README.rst
View File

@ -2,31 +2,13 @@
Openstack-Helm-Addons
=====================
Mission
-------
This project is no longer maintained.
The goal of OpenStack-Helm-Addons is to provide charts for services to enhance
or provide additional features for the charts in OpenStack-Helm.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For more information, please refer to the OpenStack-Helm repository_.
.. _repository: https://github.com/openstack/openstack-helm
Communication
-------------
* Join us on `IRC <irc://chat.oftc.net/openstack-helm>`_:
#openstack-helm on oftc
* Community `IRC Meetings
<http://eavesdrop.openstack.org/#OpenStack-Helm_Team_Meeting>`_:
[Every Tuesday @ 3PM UTC], #openstack-meeting-alt on oftc
* Meeting Agenda Items: `Agenda
<https://etherpad.openstack.org/p/openstack-helm-meeting-agenda>`_
* Join us on `Slack <https://kubernetes.slack.com/messages/C3WERB7DE/>`_
- #openstack-helm
Contributing
------------
We welcome contributions. Check out `this <CONTRIBUTING.rst>`_ document if
you would like to get involved.
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

22
artifactory/Chart.yaml
View File

@ -1,22 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: 5.11.1
description: OpenStack-Helm Artifactory
home: https://opendev.org/openstack/openstack-helm-addons
name: artifactory
version: 0.1.3
sources:
- https://opendev.org/openstack/openstack-helm-addons
maintainers:
- name: OpenStack-Helm Authors

16
artifactory/requirements.yaml
View File

@ -1,16 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: ">= 0.1.0"

27
artifactory/templates/configmap-bin.yaml
View File

@ -1,27 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: artifactory-bin
data:
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-drop.py: |
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
{{- end }}

25
artifactory/templates/configmap-etc.yaml
View File

@ -1,25 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: artifactory-extra-etc
data:
db.properties: |
{{ tuple "etc/_db.properties.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

17
artifactory/templates/etc/_db.properties.tpl
View File

@ -1,17 +0,0 @@
# this is minimalist db.properties file for running artifactory via
# helm talking to mysql
#
# it should be made available to the artifactory user and writable as
# it will be updated with an encrypted password
type=mysql
driver=com.mysql.jdbc.Driver
{{ if .Values.endpoints.oslo_db.namespace }}
# known namespace, using fqdn
url=jdbc:mysql://{{- .Values.endpoints.oslo_db.hosts.default -}}.{{- .Values.endpoints.oslo_db.namespace -}}.svc.cluster.local:{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}{{- .Values.endpoints.oslo_db.path -}}?characterEncoding=UTF-8&elideSetAutoCommits=true
{{ else }}
# namespace not given, do not not use fqdn
url=jdbc:mysql://{{- .Values.endpoints.oslo_db.hosts.default -}}:{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}{{- .Values.endpoints.oslo_db.path -}}?characterEncoding=UTF-8&elideSetAutoCommits=true
{{ end }}
username={{ .Values.endpoints.oslo_db.auth.artifactory.username }}
password={{ .Values.endpoints.oslo_db.auth.artifactory.password }}

19
artifactory/templates/job-db-drop.yaml
View File

@ -1,19 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.artifactory -}}
{{- $dbDropJob := dict "envAll" . "serviceName" "artifactory" "dbToDrop" $dbToDrop -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

19
artifactory/templates/job-db-init.yaml
View File

@ -1,19 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.artifactory -}}
{{- $dbInitJob := dict "envAll" . "serviceName" "artifactory" "dbToInit" $dbToInit -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

18
artifactory/templates/job-image-repo-sync.yaml
View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "artifactory" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

26
artifactory/templates/secret-db-creds.yaml
View File

@ -1,26 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db_creds }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: artifactory-db-creds
type: Opaque
data:
DB_USERNAME: {{ .Values.endpoints.oslo_db.auth.artifactory.username | b64enc }}
DB_PASSWORD: {{ .Values.endpoints.oslo_db.auth.artifactory.password | b64enc }}
{{- end }}

28
artifactory/templates/secret-db.yaml
View File

@ -1,28 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "artifactory" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
{{- end }}

54
artifactory/templates/service.yaml
View File

@ -1,54 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service }}
{{- $envAll := . }}
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "cicd" "default" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: artifactoryhttp
{{ if and .Values.network.node_ports.enabled .Values.network.http.port }}
nodePort: {{ .Values.network.http.node_port }}
{{ end }}
port: {{ .Values.network.http.port }}
protocol: TCP
targetPort: 8081
- name: artifactorydocker
{{ if and .Values.network.node_ports.enabled .Values.network.docker.port }}
nodePort: {{ .Values.network.docker.node_port }}
{{ end }}
port: {{ .Values.network.docker.port }}
protocol: TCP
targetPort: 5050
- name: artifactorysecure
{{ if and .Values.network.node_ports.enabled .Values.network.docker.port }}
nodePort: {{ .Values.network.secure.node_port }}
{{ end }}
port: {{ .Values.network.secure.port }}
protocol: TCP
targetPort: 5052
selector:
{{ tuple $envAll "artifactory" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
sessionAffinity: None
{{ if .Values.network.node_ports.enabled }}
type: NodePort
{{ else }}
type: ClusterIP
{{ end }}
{{ end }}

91
artifactory/templates/statefulset.yaml
View File

@ -1,91 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset }}
{{- $envAll := . }}
---
apiVersion: v1
kind: StatefulSet
metadata:
name: artifactory
spec:
serviceName: artifactory
replicas: 1
selector:
matchLabels:
{{ tuple $envAll "artifactory" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "artifactory" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
containers:
- name: artifactory
image: {{ .Values.images.tags.artifactory }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.artifactory | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: DB_TYPE
value: mysql
- name: DB_USER
valueFrom:
secretKeyRef:
name: artifactory-db-creds
key: DB_USERNAME
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: artifactory-db-creds
key: DB_PASSWORD
- name: DB_HOST
value: {{ .Values.endpoints.oslo_db.hosts.default }}
- name: EXTRA_JAVA_OPTIONS
value: {{ .Values.conf.artifactory.env.java_opts }}
{{ if .Values.bootstrap.master_key }}
- name: ARTIFACTORY_MASTER_KEY
value: {{ .Values.bootstrap.master_key }}
{{ end }}
ports:
- containerPort: 8081
protocol: TCP
volumeMounts:
- name: artifactory-extra-etc
mountPath: /artifactory_extra_conf/db.properties
subPath: db.properties
- name: artifactory-data
mountPath: /var/opt/jfrog/artifactory
volumes:
- name: artifactory-extra-etc
configMap:
name: artifactory-extra-etc
- name: artifactory-bin
configMap:
name: artifactory-bin
defaultMode: 0555
volumeClaimTemplates:
- metadata:
name: artifactory-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ .Values.storage.requests.storage }}
storageClassName: {{ .Values.storage.storage_class }}
{{- end }}

172
artifactory/values.yaml
View File

@ -1,172 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
images:
tags:
artifactory: quay.io/attcomdev/artifactory-pro-mysql:5.11.1
db_drop: docker.io/openstackhelm/heat:newton-ubuntu_xenial
db_init: docker.io/openstackhelm/heat:newton-ubuntu_xenial
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- artifactory-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
db_drop:
services:
- endpoint: internal
service: oslo_db
db_init:
services:
- endpoint: internal
service: oslo_db
server:
services:
- endpoint: internal
service: oslo_cache
- endpoint: internal
service: oslo_db
pod:
lifecycle:
upgrades:
deployments:
revision_history: 1
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 1
resources:
enabled: false
artifactory:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "2048Mi"
cpu: "2000m"
jobs:
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
oslo_db:
admin: artifactory-db-admin
artifactory: artifactory-db-user
# typically overridden by environmental values, but should include all
# endpoints required by this chart
endpoints:
cluster_domain_suffix: cluster.local
cicd:
name: artifactory
hosts:
default: artifactory
oslo_db:
namespace: null
auth:
admin:
username: root
password: password
artifactory:
username: artifactory
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /artifactory
scheme: mysql+pymysql
port:
mysql:
default: 3306
# bootstrap/seed artifactory configuration
bootstrap:
master_key: null
network:
docker:
node_port: 31777
port: 5050
http:
node_port: 31672
port: 8081
node_ports:
enabled: false
secure:
node_port: 31776
port: 5052
storage:
requests:
storage: 100Gi
storage_class: general
manifests:
configmap_bin: true
configmap_etc: true
job_db_drop: false
job_db_init: true
job_image_repo_sync: true
pvc_artifactory: true
secret_db: true
secret_db_creds: true
service: true
statefulset: true
conf:
artifactory:
env:
java_opts: "-Xms512m -Xmx2g"
...

7
doc/requirements.txt
View File

@ -1,7 +0,0 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
sphinx>=2.0.0,!=2.1.0 # BSD
sphinxcontrib-blockdiag>=1.1.0
openstackdocstheme>=2.2.1 # Apache-2.0
reno>=3.1.0 # Apache-2.0

26
mini-mirror/Chart.yaml
View File

@ -1,26 +0,0 @@
# Copyright 2019, AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: v1.0.0
description: |
A Helm chart to deploy mini-mirror, a custom repository mirroring service.
home: https://git.openstack.org/openstack/openstack-helm-addons
name: mini-mirror
version: 0.1.1
sources:
- https://github.com/nginx/nginx
- https://git.openstack.org/openstack/openstack-helm-addons
maintainers:
- name: OpenStack-Helm Authors

18
mini-mirror/requirements.yaml
View File

@ -1,18 +0,0 @@
# Copyright 2019, AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: ">= 0.1.0"

31
mini-mirror/templates/bin/_helm_test.sh.tpl
View File

@ -1,31 +0,0 @@
#!/bin/bash
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . -}}
set -xe
rm /etc/apt/sources.list
tee /etc/apt/sources.list << EOF
{{- $components := include "helm-toolkit.utils.joinListWithSpace" .Values.conf.test.components -}}
{{ range .Values.conf.test.dists }}
deb [ allow-insecure=yes ] {{ tuple "api" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} {{ . }} {{ $components -}}
{{ end }}
EOF
apt-get update

27
mini-mirror/templates/configmap-bin.yaml
View File

@ -1,27 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mini-mirror-bin
data:
helm-test.sh: |
{{ tuple "bin/_helm_test.sh.tpl" $envAll | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

26
mini-mirror/templates/configmap-etc.yaml
View File

@ -1,26 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mini-mirror-etc
data:
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf") | indent 2 }}
{{- end }}

69
mini-mirror/templates/deployment-mini-mirror.yaml
View File

@ -1,69 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_mini_mirror }}
{{- $envAll := . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mini-mirror
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "mini-mirror" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.api }}
selector:
matchLabels:
{{ tuple $envAll "mini-mirror" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "mini-mirror" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "mini-mirror" "containerNames" (list "mini-mirror-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "mini_mirror" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
containers:
- name: mini-mirror-api
{{ tuple $envAll "mini-mirror" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "mini_mirror" "container" "mini_mirror_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
ports:
- name: api
containerPort: {{ tuple "api" "port" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
{{- if .Values.manifests.configmap_etc }}
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx-config
readOnly: true
{{ end }}
volumes:
{{- if .Values.manifests.configmap_etc }}
- name: nginx-config
configMap:
name: mini-mirror-etc
{{ end }}
{{ end }}

20
mini-mirror/templates/ingress-mini-mirror.yaml
View File

@ -1,20 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress .Values.network.api.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendServiceType" "api" "backendPort" "api" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

20
mini-mirror/templates/job-image-repo-sync.yaml
View File

@ -1,20 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "mini-mirror" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

53
mini-mirror/templates/pod-helm-test.yaml
View File

@ -1,53 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.helm_test }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Pod
metadata:
name: mini-mirror-test
labels:
{{ tuple $envAll "mini-mirror" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "mini-mirror-test" "containerNames" (list "mini-mirror-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
restartPolicy: Never
containers:
- name: mini-mirror-helm-test
{{ tuple $envAll "helm-test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/helm-test.sh
env:
- name: NO_PROXY
value: 127.0.0.1,.svc.cluster.local
volumeMounts:
- name: mini-mirror-bin
mountPath: /tmp/helm-test.sh
subPath: helm-test.sh
readOnly: true
volumes:
- name: mini-mirror-bin
configMap:
name: mini-mirror-bin
defaultMode: 0555
{{- end }}

20
mini-mirror/templates/secret-ingress-tls.yaml
View File

@ -1,20 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "api" ) }}
{{- end }}

20
mini-mirror/templates/service-ingress-mini-mirror.yaml
View File

@ -1,20 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "api" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

41
mini-mirror/templates/service-mini-mirror.yaml
View File

@ -1,41 +0,0 @@
{{/*
Copyright 2019, AT&T Intellectual Property
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_mini_mirror }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "api" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: api
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
port: {{ tuple "api" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: 80
selector:
{{ tuple $envAll "mini-mirror" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
sessionAffinity: None
{{ if .Values.network.api.node_port.enabled }}
type: NodePort
{{ else }}
type: ClusterIP
{{ end }}
{{ end }}

186
mini-mirror/values.yaml
View File

@ -1,186 +0,0 @@
# Copyright 2019, AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
images:
tags:
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
helm-test: docker.io/ubuntu:18.04
image_repo_sync: docker.io/docker:17.07.0
mini-mirror: docker.io/openstackhelm/mini-mirror:latest-ubuntu_xenial
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- mini-mirror-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
api: 2
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
security_context:
mini_mirror:
pod:
runAsUser: 1000
container:
mini_mirror_api:
readOnlyRootFilesystem: false
runAsUser: 0
resources:
enabled: false
api:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "100m"
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
api:
name: api
hosts:
default: mini-mirror-api
public: mini-mirror
host_fqdn_override:
default: null
# NOTE(drewwalters96): this chart supports TLS for fqdn over-ridden
# public endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: /
scheme:
default: http
port:
api:
default: 8888
public: 80
network:
api:
external_policy_local: false
node_port:
enabled: false
port: 8888
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
secrets:
tls:
api:
api:
public: mini-mirror-tls-public
manifests:
configmap_bin: true
configmap_etc: true
deployment_mini_mirror: true
helm_test: true
ingress: true
job_image_repo_sync: true
secret_ingress_tls: true
service_ingress: true
service_mini_mirror: true
conf:
nginx: |
server {
root /srv;
server_name nginx;
location / {
autoindex on;
}
}
test:
# NOTE(drewwalters96): Used by the mini-mirror Helm test; should be valid
# dists and components contained in the mini-mirror image.
dists:
- squeeze
components:
- main
...

9
mini-mirror/values_overrides/apparmor.yaml
View File

@ -1,9 +0,0 @@
---
pod:
mandatory_access_control:
type: apparmor
mini-mirror:
mini-mirror-api: runtime/default
mini-mirror-test:
mini-mirror-helm-test: runtime/default
...

23
prometheus-bot/Chart.yaml
View File

@ -1,23 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: v1.0.0
description: A helm chart to deploy prometheus-bot that sends prometheus alerts to telegram.
home: https://github.com/inCaller/prometheus_bot
name: prometheus-bot
version: 0.1.1
sources:
- https://github.com/inCaller/prometheus_bot
- https://git.openstack.org/openstack/openstack-helm-addons
maintainers:
- name: Openstack-Helm Authors

16
prometheus-bot/requirements.yaml
View File

@ -1,16 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: ">= 0.1.0"

73
prometheus-bot/templates/deployment.yaml
View File

@ -1,73 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-bot
annotations:
labels:
{{ tuple $envAll "prometheus-bot" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.server }}
selector:
matchLabels:
{{ tuple $envAll "prometheus-bot" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "prometheus-bot" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
hostNetwork: true
affinity:
{{ tuple $envAll "prometheus-bot" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_bot.timeout | default "30" }}
containers:
- name: prometheus-bot
{{ tuple $envAll "prometheus_bot" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
command:
- /prometheus_bot
- -c
- config.yaml
ports:
- name: web
containerPort: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
tcpSocket:
port: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
tcpSocket:
port: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 180
periodSeconds: 60
timeoutSeconds: 5
volumeMounts:
- name: secret-telegram-token
mountPath: /config.yaml
subPath: config.yaml
readOnly: true
volumes:
- name: secret-telegram-token
secret:
secretName: telegram-token
defaultMode: 0444

22
prometheus-bot/templates/secret-telegram-token.yaml
View File

@ -1,22 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: v1
kind: Secret
metadata:
name: telegram-token
stringData:
config.yaml: |
telegram_token: {{ .Values.telegram_token }}
type: Opaque

42
prometheus-bot/templates/service.yaml
View File

@ -1,42 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "server" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
{{ if .Values.network.node_port.enabled }}
- name: web
protocol: TCP
nodePort: {{ .Values.network.node_port.port }}
port: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
targetPort: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ else }}
- name: web
protocol: TCP
port: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
targetPort: {{ tuple "server" "internal" "webhook" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ end }}
selector:
{{ tuple $envAll "prometheus-bot" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.node_port.enabled }}
type: NodePort
{{ if .Values.network.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}

90
prometheus-bot/values.yaml
View File

@ -1,90 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for horizon.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
images:
tags:
prometheus_bot: docker.io/sktdev/prometheus-bot:latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
external_policy_local: false
node_port:
enabled: false
port: 33000
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
replicas:
server: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
prometheus_bot:
min_available: 0
termination_grace_period:
prometheus_bot:
timeout: 30
resources:
enabled: false
server:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "2000m"
# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
server:
name: prometheus-bot
hosts:
default: prometheus-bot
port:
webhook:
default: 9087
telegram_token: ''
...

14
releasenotes/config.yaml
View File

@ -1,14 +0,0 @@
---
branch: master
collapse_pre_releases: false
stop_at_branch_base: true
sections:
- [artifactory, artifactory Chart]
- [mini-mirror, mini-mirror Chart]
- [prometheus-bot, prometheus-bot Chart]
- [features, New Features]
- [issues, Known Issues]
- [upgrade, Upgrade Notes]
- [api, API Changes]
- [security, Security Issues]
- [fixes, Bug Fixes]

6
releasenotes/notes/artifactory.yaml
View File

@ -1,6 +0,0 @@
---
artifactory:
- 0.1.0 Initial Chart
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
- 0.1.2 Fix helm3 linting issue
- 0.1.3 Fix problem of lack of matchlabels

4
releasenotes/notes/mini-mirror.yaml
View File

@ -1,4 +0,0 @@
---
mini-mirror:
- 0.1.0 Initial Chart
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"

4
releasenotes/notes/prometheus-bot.yaml
View File

@ -1,4 +0,0 @@
---
prometheus-bot:
- 0.1.0 Initial Chart
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"

33
releasenotes/source/conf.py
View File

@ -1,33 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'openstackdocstheme',
'reno.sphinxext',
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']

5
releasenotes/source/current.rst
View File

@ -1,5 +0,0 @@
==============================
Current Series Release Notes
==============================
.. release-notes::

8
releasenotes/source/index.rst
View File

@ -1,8 +0,0 @@
====================================
OpenStack-Helm-Addons Release Notes
====================================
.. toctree::
:maxdepth: 1
current

21
tools/deployment/common/deploy-k8s.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
CURRENT_DIR="$(pwd)"
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
cd ${OSH_INFRA_PATH}
./tools/deployment/common/005-deploy-k8s.sh
cd ${CURRENT_DIR}

16
tools/deployment/common/env-variables.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
export API_ADDR=$(kubectl get endpoints kubernetes -o json | jq -r '.subsets[0].addresses[0].ip')
export API_PORT=$(kubectl get endpoints kubernetes -o json | jq -r '.subsets[0].ports[0].port')

78
tools/deployment/common/get-values-overrides.sh
View File

@ -1,78 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This script will generate a matrix of values-override file args to apply to
# charts, in the gate and development environments. It will 1st produce a
# consistenly ordered list of all permuations of filenames to try, and then
# if a file matching this name exists in the `values_overrides` directory within
# each chart, apply it upon install/upgrade.
set -e
HELM_CHART="$1"
: "${HELM_CHART_ROOT_PATH:="../openstack-helm-addons"}"
: "${OPENSTACK_RELEASE:="train"}"
: "${CONTAINER_DISTRO_NAME:="ubuntu"}"
: "${CONTAINER_DISTRO_VERSION:="bionic"}"
: "${FEATURE_GATES:=""}"
OSH_FEATURE_MIX="${FEATURE_GATES},${OPENSTACK_RELEASE},${CONTAINER_DISTRO_NAME}_${CONTAINER_DISTRO_VERSION},${CONTAINER_DISTRO_NAME}"
function echoerr () {
echo "$@" 1>&2;
}
function generate_awk_exp_from_mask () {
local POSITION=1
for VALUE in $@; do
[ "${VALUE}" -eq 1 ] && echo -n "print \$${POSITION};"
POSITION=$((POSITION+1))
done
echo -e "\n"
}
function combination () {
POWER=$((2**$#))
BITS="$(awk "BEGIN { while (c++ < $#) printf \"0\" }")"
while [ "${POWER}" -gt 1 ];do
POWER=$((POWER-1))
BIN="$(bc <<< "obase=2; ${POWER}")"
MASK="$(echo "${BITS}" | sed -e "s/0\{${#BIN}\}$/$BIN/" | grep -o .)"
#NOTE: This line is odd, but written to support both BSD and GNU utils
awk -v ORS="-" "{$(generate_awk_exp_from_mask "$MASK")}" <<< "$@" | awk 1 | sed 's/-$//'
done
}
function replace_variables() {
for key in $(env); do
local arr=( $(echo $key | awk -F'=' '{ print $1, $2 }') )
sed -i "s#%%%REPLACE_${arr[0]}%%%#${arr[1]}#g" $@
done
}
function override_file_args () {
OVERRIDE_ARGS=""
echoerr "We will attempt to use values-override files with the following paths:"
for FILE in $(combination ${1//,/ } | uniq | tac); do
FILE_PATH="${HELM_CHART_ROOT_PATH}/${HELM_CHART}/values_overrides/${FILE}.yaml"
if [ -f "${FILE_PATH}" ]; then
replace_variables ${FILE_PATH}
OVERRIDE_ARGS+=" --values=${FILE_PATH} "
fi
echoerr "${FILE_PATH}"
done
echo "${OVERRIDE_ARGS}"
}
echoerr "We are going to deploy the service ${HELM_CHART} for the OpenStack ${OPENSTACK_RELEASE} release, using ${CONTAINER_DISTRO_NAME} (${CONTAINER_DISTRO_VERSION}) distribution containers."
source ${HELM_CHART_ROOT_PATH}/tools/deployment/common/env-variables.sh
override_file_args "${OSH_FEATURE_MIX}"

23
tools/deployment/common/install-packages.sh
View File

@ -1,23 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
sudo apt-get update
sudo apt-get install --no-install-recommends -y \
ca-certificates \
git \
make \
jq \
nmap \
curl \
uuid-runtime \
bc \
python3-pip

59
tools/deployment/common/setup-client.sh
View File

@ -1,59 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# NOTE: Needs this version at least to fix a dependency on rust
sudo -H -E pip3 install --upgrade pip==21.0.1
sudo -H -E pip3 install \
-c${UPPER_CONSTRAINTS_FILE:=https://releases.openstack.org/constraints/upper/master} \
cmd2 python-openstackclient python-heatclient --ignore-installed
sudo -H mkdir -p /etc/openstack
sudo -H chown -R $(id -un): /etc/openstack
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
tee /etc/openstack/clouds.yaml << EOF
clouds:
openstack_helm:
region_name: RegionOne
identity_api_version: 3
cacert: /etc/openstack-helm/certs/ca/ca.pem
auth:
username: 'admin'
password: 'password'
project_name: 'admin'
project_domain_name: 'default'
user_domain_name: 'default'
auth_url: 'https://keystone.openstack.svc.cluster.local/v3'
EOF
else
tee /etc/openstack/clouds.yaml << EOF
clouds:
openstack_helm:
region_name: RegionOne
identity_api_version: 3
auth:
username: 'admin'
password: 'password'
project_name: 'admin'
project_domain_name: 'default'
user_domain_name: 'default'
auth_url: 'http://keystone.openstack.svc.cluster.local/v3'
EOF
fi
#NOTE: Build charts
make all

49
tools/deployment/common/wait-for-pods.sh
View File

@ -1,49 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -e
# From Kolla-Kubernetes, orginal authors Kevin Fox & Serguei Bezverkhi
# Default wait timeout is 900 seconds
end=$(date +%s)
timeout=${2:-900}
end=$((end + timeout))
while true; do
kubectl get pods --namespace=$1 -o json | jq -r \
'.items[].status.phase' | grep Pending > /dev/null && \
PENDING="True" || PENDING="False"
query='.items[]|select(.status.phase=="Running")'
query="$query|.status.containerStatuses[].ready"
kubectl get pods --namespace=$1 -o json | jq -r "$query" | \
grep false > /dev/null && READY="False" || READY="True"
kubectl get jobs --namespace=$1 -o json | jq -r \
'.items[] | .spec.completions == .status.succeeded' | \
grep false > /dev/null && JOBR="False" || JOBR="True"
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
break || true
sleep 5
now=$(date +%s)
if [ $now -gt $end ] ; then
echo "Containers failed to start after $timeout seconds"
echo
kubectl get pods --namespace $1 -o wide
echo
if [ $PENDING == "True" ] ; then
echo "Some pods are in pending state:"
kubectl get pods --field-selector=status.phase=Pending -n $1 -o wide
fi
[ $READY == "False" ] && echo "Some pods are not ready"
[ $JOBR == "False" ] && echo "Some jobs have not succeeded"
exit -1
fi
done

61
tools/deployment/component/ceph/ceph-ns-activate.sh
View File

@ -1,61 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} ceph-provisioners
#NOTE: Deploy command
tee /tmp/ceph-openstack-config.yaml <<EOF
endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph
ceph_mon:
namespace: ceph
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: true
EOF
helm upgrade --install ceph-openstack-config ${HELM_CHART_ROOT_PATH}/ceph-provisioners \
--namespace=openstack \
--values=/tmp/ceph-openstack-config.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
kubectl get -n openstack jobs
kubectl get -n openstack secrets
kubectl get -n openstack configmaps

205
tools/deployment/component/ceph/ceph.sh
View File

@ -1,205 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# Create loop back devices for ceph osds.
sudo df -lh
sudo lsblk
sudo mkdir -p /var/lib/openstack-helm/ceph
sudo truncate -s 10G /var/lib/openstack-helm/ceph/ceph-osd-data-loopbackfile.img
sudo truncate -s 8G /var/lib/openstack-helm/ceph/ceph-osd-db-wal-loopbackfile.img
sudo losetup /dev/loop0 /var/lib/openstack-helm/ceph/ceph-osd-data-loopbackfile.img
sudo losetup /dev/loop1 /var/lib/openstack-helm/ceph/ceph-osd-db-wal-loopbackfile.img
# lets check the devices
sudo df -lh
sudo lsblk
#NOTE: Lint and package chart
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
make -C ${HELM_CHART_ROOT_PATH} "${CHART}"
done
#NOTE: Deploy command
[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this
# should be set to 'hammer'
. /etc/os-release
if [ "x${ID}" == "xubuntu" ] && [ "$(uname -r | awk -F "." '{ print $2 }')" -lt "5" ]; then
CRUSH_TUNABLES=hammer
else
CRUSH_TUNABLES=null
fi
tee /tmp/ceph.yaml <<EOF
endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph
ceph_mon:
namespace: ceph
port:
mon:
default: 6789
ceph_mgr:
namespace: ceph
port:
mgr:
default: 7000
metrics:
default: 9283
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
cephfs_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: true
conf:
rgw_ks:
enabled: true
ceph:
global:
fsid: ${CEPH_FS_ID}
mon_addr: :6789
osd_pool_default_size: 1
osd:
osd_crush_chooseleaf_type: 0
pool:
crush:
tunables: ${CRUSH_TUNABLES}
target:
osd: 1
pg_per_osd: 100
default:
crush_rule: same_host
spec:
# RBD pool
- name: rbd
application: rbd
replication: 1
percent_total_data: 40
# CephFS pools
- name: cephfs_metadata
application: cephfs
replication: 1
percent_total_data: 5
- name: cephfs_data
application: cephfs
replication: 1
percent_total_data: 10
# RadosGW pools
- name: .rgw.root
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.control
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.data.root
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.gc
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.log
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.intent-log
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.meta
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.usage
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.keys
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.email
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.swift
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.uid
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.buckets.extra
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.buckets.index
application: rgw
replication: 1
percent_total_data: 3
- name: default.rgw.buckets.data
application: rgw
replication: 1
percent_total_data: 34.8
storage:
osd:
- data:
type: bluestore
location: /dev/loop0
block_db:
location: /dev/loop1
size: "5GB"
block_wal:
location: /dev/loop1
size: "2GB"
pod:
replicas:
mds: 1
mgr: 1
rgw: 1
EOF
for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
helm upgrade --install ${CHART} ${HELM_CHART_ROOT_PATH}/${CHART} \
--namespace=ceph \
--values=/tmp/ceph.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_CEPH:-$(./tools/deployment/common/get-values-overrides.sh ${CHART})}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph
#NOTE: Validate deploy
MON_POD=$(kubectl get pods \
--namespace=ceph \
--selector="application=ceph" \
--selector="component=mon" \
--no-headers | awk '{ print $1; exit }')
kubectl exec -n ceph ${MON_POD} -- ceph -s
done

62
tools/deployment/component/ceph/radosgateway.sh
View File

@ -1,62 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
make -C ${OSH_INFRA_PATH} ceph-rgw
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
tee /tmp/radosgw-openstack.yaml <<EOF
endpoints:
identity:
namespace: openstack
object_store:
namespace: openstack
ceph_mon:
namespace: ceph
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
ceph: true
rgw_keystone_user_and_endpoints: true
storage_secrets: false
rbd_provisioner: false
client_secrets: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: true
pod:
replicas:
rgw: 1
EOF
helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
--namespace=openstack \
--values=/tmp/radosgw-openstack.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_CEPH_RGW}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status radosgw-openstack
sleep 30
export OS_CLOUD=openstack_helm
openstack service list

89
tools/deployment/component/common/ingress.sh
View File

@ -1,89 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_INGRESS:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} ingress
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
tee /tmp/ingress-kube-system.yaml << EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
touch /tmp/ingress-component.yaml
if [ -n "${OSH_DEPLOY_MULTINODE}" ]; then
tee --append /tmp/ingress-kube-system.yaml << EOF
pod:
replicas:
error_page: 2
EOF
tee /tmp/ingress-component.yaml << EOF
pod:
replicas:
ingress: 2
error_page: 2
EOF
fi
helm upgrade --install ingress-kube-system ${HELM_CHART_ROOT_PATH}/ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Display info
helm status ingress-kube-system
#NOTE: Deploy namespace ingress
helm upgrade --install ingress-openstack ${HELM_CHART_ROOT_PATH}/ingress \
--namespace=openstack \
--values=/tmp/ingress-component.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress-openstack
helm upgrade --install ingress-ceph ${HELM_CHART_ROOT_PATH}/ingress \
--namespace=ceph \
--values=/tmp/ingress-component.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_CEPH}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph
#NOTE: Display info
helm status ingress-ceph

37
tools/deployment/component/common/mariadb.sh
View File

@ -1,37 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} mariadb
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install mariadb ${HELM_CHART_ROOT_PATH}/mariadb \
--namespace=openstack \
--set volume.use_local_path_for_single_pod_cluster.enabled=true \
--set volume.enabled=false \
--set pod.replicas.server=1 \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_MARIADB}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status mariadb

34
tools/deployment/component/common/memcached.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} memcached
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install memcached ${HELM_CHART_ROOT_PATH}/memcached \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_MEMCACHED}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status memcached

34
tools/deployment/component/common/rabbitmq.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} rabbitmq
#NOTE: Deploy command
helm upgrade --install rabbitmq ${HELM_CHART_ROOT_PATH}/rabbitmq \
--namespace=openstack \
--set volume.enabled=false \
--set pod.replicas.server=1 \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_RABBITMQ}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status rabbitmq

45
tools/deployment/component/heat/heat.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# NOTE: Get the overrides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_PATH:="../openstack-helm"}"}"
: ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} heat
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install heat ${HELM_CHART_ROOT_PATH}/heat \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_HEAT}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status heat
export OS_CLOUD=openstack_helm
openstack service list
openstack endpoint list
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack --os-interface internal orchestration service list
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
curl --cacert /etc/openstack-helm/certs/ca/ca.pem -L https://heat.openstack.svc.cluster.local
curl --cacert /etc/openstack-helm/certs/ca/ca.pem -L https://heat-api.openstack.svc.cluster.local:8004
fi

43
tools/deployment/component/keystone/keystone.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_PATH:="../openstack-helm"}"}"
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} keystone
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install keystone ${HELM_CHART_ROOT_PATH}/keystone \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_KEYSTONE}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status keystone
export OS_CLOUD=openstack_helm
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack endpoint list
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
curl --cacert /etc/openstack-helm/certs/ca/ca.pem -L https://keystone.openstack.svc.cluster.local
curl --cacert /etc/openstack-helm/certs/ca/ca.pem -L https://keystone-api.openstack.svc.cluster.local:5000
fi

29
tools/deployment/component/mini-mirror/mini-mirror.sh
View File

@ -1,29 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make mini-mirror
#NOTE: Get the over-rides to use
: ${OSH_EXTRA_HELM_ARGS_MINI_MIRROR:="$(./tools/deployment/common/get-values-overrides.sh mini-mirror)"}
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install mini-mirror ./mini-mirror \
--namespace=osh-addons \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_MINI_MIRROR}

40
tools/gate/playbooks/helm3-linter.yaml
View File

@ -1,40 +0,0 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO(gagehugo): Put this in osh-infra and run it from there
- hosts: all
tasks:
- name: install helm3
become_user: root
shell: |
TMP_DIR=$(mktemp -d)
curl -sSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
sudo mv ${TMP_DIR}/helm /usr/bin/helm
rm -rf ${TMP_DIR}
environment:
HELM_VERSION: "v3.3.4"
args:
executable: /bin/bash
- name: updates the requirements due to the lack of helm serve in helm 3
shell: |
find "{{ zuul.project.src_dir }}" -type f -name "requirements.yaml" -exec sed -i "s#http://localhost:8879/charts#https://tarballs.opendev.org/openstack/openstack-helm-infra#g" {} \;
args:
executable: /bin/bash
- name: make all
make:
chdir: "{{ zuul.project.src_dir }}"
target: all
...

60
tools/gate/playbooks/osh-addons-check.yaml
View File

@ -1,60 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Build Charts
shell: |
set -xe;
./tools/gate/scripts/010-setup-client.sh
args:
chdir: "{{ zuul_osh_addons_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy MariaDB
environment:
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
shell: |
set -xe;
./tools/gate/scripts/020-deploy-mariadb.sh
args:
chdir: "{{ zuul_osh_addons_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy RabbitMQ
environment:
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
shell: |
set -xe;
./tools/gate/scripts/030-deploy-rabbitmq.sh
args:
chdir: "{{ zuul_osh_addons_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy Memcached
environment:
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
shell: |
set -xe;
./tools/gate/scripts/040-deploy-memcached.sh
args:
chdir: "{{ zuul_osh_addons_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy Keystone
environment:
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_PATH: "{{ zuul_osh_relative_path | default('') }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
shell: |
set -xe;
./tools/gate/scripts/050-deploy-keystone.sh
args:
chdir: "{{ zuul_osh_addons_relative_path | default(zuul.project.src_dir) }}"

23
tools/gate/playbooks/osh-gate-runner.yaml
View File

@ -1,23 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Ensure pip
include_role:
name: ensure-pip
- name: Run gate scripts
include_role:
name: osh-run-script
vars:
gate_script_path: "{{ item }}"
with_items: "{{ gate_scripts }}"

34
tools/gate/playbooks/osh-infra-build.yaml
View File

@ -1,34 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: True
roles:
- build-helm-packages
tags:
- build-helm-packages
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: False
become: yes
roles:
- build-images
tags:
- build-images

56
tools/gate/playbooks/osh-infra-collect-logs.yaml
View File

@ -1,56 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- gather-host-logs
tags:
- gather-host-logs
- hosts: primary
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- helm-release-status
tags:
- helm-release-status
- hosts: primary
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- describe-kubernetes-objects
tags:
- describe-kubernetes-objects
- hosts: primary
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- gather-pod-logs
tags:
- gather-pod-logs
- hosts: primary
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- gather-prom-metrics
tags:
- gather-prom-metrics

41
tools/gate/playbooks/osh-infra-deploy-docker.yaml
View File

@ -1,41 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: False
become: yes
roles:
- deploy-python
tags:
- deploy-python
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: True
become: yes
roles:
- setup-firewall
- deploy-python-pip
- deploy-docker
- deploy-jq
tags:
- setup-firewall
- deploy-python-pip
- deploy-docker
- deploy-jq

34
tools/gate/playbooks/osh-infra-deploy-k8s.yaml
View File

@ -1,34 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: True
roles:
- build-helm-packages
- deploy-kubeadm-aio-master
tags:
- build-helm-packages
- deploy-kubeadm-aio-master
- hosts: nodes
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
roles:
- deploy-kubeadm-aio-node
tags:
- deploy-kubeadm-aio-node

23
tools/gate/playbooks/osh-infra-setup-firewall.yaml
View File

@ -1,23 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: True
become: yes
roles:
- setup-firewall
tags:
- setup-firewall

51
tools/gate/playbooks/osh-infra-upgrade-host.yaml
View File

@ -1,51 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: False
become: yes
roles:
- deploy-python
tags:
- deploy-python
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: True
become: yes
roles:
- upgrade-host
- start-zuul-console
- disable-local-nameserver
tags:
- upgrade-host
- start-zuul-console
- disable-local-nameserver
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
gather_facts: False
become: yes
roles:
- deploy-apparmor
tags:
- deploy-apparmor

15
tools/gate/playbooks/vars.yaml
View File

@ -1,15 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(portdirect): for use in the dev-deploy scripts, a valid vars.yaml is
# required, so provide some nonsense, yet harmless input.
dummy_value: "Lorem Ipsum"

18
tools/gate/playbooks/zuul-linter.yaml
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute a Whitespace Linter check
command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \;
register: result
failed_when: result.stdout != ""

173
tools/scripts/tls/cert-manager.sh
View File

@ -1,173 +0,0 @@
#!/bin/bash
set -eux
: ${CERT_MANAGER_VERSION:="v0.15.0"}
cert_path="/etc/openstack-helm"
ca_cert_root="$cert_path/certs/ca"
function check_cert {
# $1: the certificate file, e.g. ca.pem
# $2: the key file, e.g. ca-key.pem
local cert="$(openssl x509 -noout -modulus -in $1)"
local key="$(openssl rsa -noout -modulus -in $2)"
if ! [ "$cert" = "$key" ]; then
echo "Failure: tls private key does not match cert"
exit 1
else
echo "Pass: $cert is valid with $key"
fi
}
# Download cfssl and cfssljson if they are not available on the system
if type cfssl && type cfssljson; then
echo "cfssl and cfssljson found - skipping installation"
else
echo "installing cfssl and cfssljson"
temp_bin=$(mktemp --directory)
cd $temp_bin
CFSSLURL=https://pkg.cfssl.org/R1.2
curl -sSL -o cfssl $CFSSLURL/cfssl_linux-amd64
curl -sSL -o cfssljson $CFSSLURL/cfssljson_linux-amd64
chmod +x {cfssl,cfssljson}
export PATH=$PATH:$temp_bin
fi
# Sets up a directory for the certs
sudo rm -rf $cert_path
sudo mkdir -p $ca_cert_root
sudo chmod -R go+w $cert_path
cd $ca_cert_root
cat > ca-csr.json <<EOF
{
"CN": "ACME Company",
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "US",
"L": "SomeState",
"ST": "SomeCity",
"O": "SomeOrg",
"OU": "SomeUnit"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
check_cert ca.pem ca-key.pem
cat > cfssl.json <<EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"intermediate_ca": {
"expiry": "8760h",
"usages": [
"signing",
"digital signature",
"cert sign",
"crl sign",
"key encipherment",
"server auth",
"client auth"
],
"ca_constraint": {
"is_ca": true
}
}
}
}
}
EOF
cat > intermediate-ca.json <<EOF
{
"CN": "OpenStack Helm CA",
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "GB",
"L": "Space",
"ST": "Earth",
"O": "OSH",
"OU": "OSH"
}
],
"ca": {
"expiry": "8760h"
}
}
EOF
cfssl gencert -initca intermediate-ca.json | cfssljson -bare intermediate-ca -
cfssl sign -ca ca.pem -ca-key ca-key.pem -config cfssl.json -profile intermediate_ca \
intermediate-ca.csr | cfssljson -bare intermediate-ca
check_cert intermediate-ca.pem intermediate-ca-key.pem
kubectl create ns cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
# helm 2 command
helm install --name cert-manager --namespace cert-manager \
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
--set installCRDs=true \
--set featureGates=ExperimentalCertificateControllers=true \
--set extraArgs[0]="--enable-certificate-owner-ref=true"
# helm 3 command
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
# --version ${CERT_MANAGER_VERSION} \
# --set installCRDs=true \
#. --set featureGates=ExperimentalCertificateControllers=true \
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
helm repo remove jetstack
key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")
crt=$(cat /etc/openstack-helm/certs/ca/ca.pem | base64 | tr -d "\n")
cat > /tmp/ca-issuers.yaml <<EOF
---
apiVersion: v1
kind: Secret
metadata:
name: ca-key-pair
namespace: openstack
data:
tls.crt: $crt
tls.key: $key
---
apiVersion: cert-manager.io/v1alpha3
kind: Issuer
metadata:
name: ca-issuer
namespace: openstack
spec:
ca:
secretName: ca-key-pair
EOF
kubectl wait --for=condition=Ready pods --all -n cert-manager --timeout=180s
# Per [0], put a sleep here to guard against the error - failed calling webhook "webhook.cert-manager.io"
# [0] https://github.com/jetstack/cert-manager/issues/2602
sleep 45
kubectl create ns openstack
kubectl apply -f /tmp/ca-issuers.yaml

31
tox.ini
View File

@ -1,31 +0,0 @@
[tox]
minversion = 3.1
envlist = docs
skipsdist = True
ignore_basepython_conflict = True
[testenv]
basepython = python3
setenv = VIRTUAL_ENV={envdir}
deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
passenv = *_proxy *_PROXY
[testenv:venv]
commands = {posargs}
[testenv:lint]
deps =
yq
yamllint
commands =
rm -rf .yamllint
bash -c 'if [ ! -d ../openstack-helm-infra ]; then\
git clone https://opendev.org/openstack/openstack-helm-infra ../openstack-helm-infra;\
fi'
bash ../openstack-helm-infra/tools/gate/lint.sh
whitelist_externals =
rm
bash
[testenv:releasenotes]
commands = sphinx-build -a -W -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html

32
yamllint-templates.conf
View File

@ -1,32 +0,0 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
braces: enable
brackets: enable
colons: enable
commas: enable
comments: enable
comments-indentation: disable
document-end: disable
document-start: disable
empty-lines: disable
empty-values: disable
hyphens: enable
indentation:
spaces: 2
indent-sequences: whatever
key-duplicates: enable
key-ordering: disable
line-length: disable
new-line-at-end-of-file: disable
new-lines: disable
octal-values: disable
quoted-strings: disable
trailing-spaces: disable
truthy: disable
...

32
yamllint.conf
View File

@ -1,32 +0,0 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
braces: enable
brackets: enable
colons: enable
commas: enable
comments: enable
comments-indentation: enable
document-end: disable
document-start: disable
empty-lines: enable
empty-values: disable
hyphens: enable
indentation:
spaces: 2
indent-sequences: whatever
key-duplicates: enable
key-ordering: disable
line-length: disable
new-line-at-end-of-file: enable
new-lines: enable
octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy: disable
...

82
zuul.d/jobs.yaml
View File

@ -1,82 +0,0 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- job:
name: osh-addons-parent
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^releasenotes/.*$
- job:
name: osh-addons-base
parent: osh-addons-parent
roles:
- zuul: openstack/openstack-helm-infra
timeout: 7200
vars:
zuul_osh_infra_relative_path: ../openstack-helm-infra/
zuul_osh_relative_path: ../openstack-helm/
pre-run:
- ./tools/gate/playbooks/osh-infra-upgrade-host.yaml
- ./tools/gate/playbooks/osh-infra-setup-firewall.yaml
post-run: ./tools/gate/playbooks/osh-infra-collect-logs.yaml
required-projects:
- openstack/openstack-helm-infra
- openstack/openstack-helm
nodeset: openstack-helm-single-node
- job:
name: osh-helm3-linter
nodeset: ubuntu-focal
run: tools/gate/playbooks/helm3-linter.yaml
required-projects:
- openstack/openstack-helm-infra
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- job:
name: osh-addons-mini-mirror
parent: osh-addons-base
run: tools/gate/playbooks/osh-gate-runner.yaml
timeout: 7200
nodeset: openstack-helm-single-node
vars:
osh_params:
container_distro_name: ubuntu
container_distro_version: bionic
gate_scripts_relative_path: ../openstack-helm-addons
gate_scripts:
- ./tools/deployment/common/install-packages.sh
- ./tools/deployment/common/deploy-k8s.sh
- ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/mini-mirror/mini-mirror.sh
- job:
name: osh-addons-mini-mirror-apparmor
parent: osh-addons-base
run: tools/gate/playbooks/osh-gate-runner.yaml
timeout: 7200
nodeset: openstack-helm-single-node
vars:
osh_params:
container_distro_name: ubuntu
container_distro_version: bionic
feature_gates: apparmor
gate_scripts_relative_path: ../openstack-helm-addons
gate_scripts:
- ./tools/deployment/common/install-packages.sh
- ./tools/deployment/common/deploy-k8s.sh
- ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/mini-mirror/mini-mirror.sh

32
zuul.d/project.yaml
View File

@ -1,32 +0,0 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
templates:
- release-notes-jobs-python3
check:
jobs:
- openstack-helm-lint
- osh-helm3-linter:
voting: false
- osh-addons-mini-mirror
gate:
jobs:
- openstack-helm-lint
- osh-addons-mini-mirror
promote:
jobs:
- publish-openstack-helm-charts
experimental:
jobs:
- osh-addons-mini-mirror-apparmor