openstack/openstack-helm-infra
Code Issues Proposed changes

Elasticsearch S3 repo

Browse Source 
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots

Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
This commit is contained in:
Steve Wilkerson 2018-03-03 18:04:20 -06:00
parent a3f444299e
commit a084769410
23 changed files with 469 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/source/install/developer/deploy-with-ceph.rst
View File

@ -171,6 +171,20 @@ Alternatively, this step can be performed by running the script directly:
./tools/deployment/developer/ceph/110-nagios.sh
Deploy Rados Gateway for OSH-Infra
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. literalinclude:: ../../../../tools/deployment/developer/ceph/115-radosgw-osh-infra.sh
:language: shell
:lines: 1,17-
Alternatively, this step can be performed by running the script directly:
.. code-block:: shell
./tools/deployment/developer/ceph/115-radosgw-osh-infra.sh
Deploy Elasticsearch
^^^^^^^^^^^^^^^^^^^^

13
doc/source/install/multinode.rst
View File

@ -184,6 +184,19 @@ Alternatively, this step can be performed by running the script directly:
./tools/deployment/multinode/110-nagios.sh
Deploy Rados Gateway for OSH-Infra
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. literalinclude:: ../../../tools/deployment/multinode/115-radosgw-osh-infra.sh
:language: shell
:lines: 1,17-
Alternatively, this step can be performed by running the script directly:
.. code-block:: shell
./tools/deployment/multinode/115-radosgw-osh-infra.sh
Deploy Elasticsearch
^^^^^^^^^^^^^^^^^^^^

31
elasticsearch/templates/bin/_ceph-admin-keyring.sh.tpl Normal file
View File

@ -0,0 +1,31 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
export HOME=/tmp
cat <<EOF > /etc/ceph/ceph.client.admin.keyring
[client.admin]
{{- if .Values.conf.ceph.admin_keyring }}
key = {{ .Values.conf.ceph.admin_keyring }}
{{- else }}
key = $(cat /tmp/client-keyring)
{{- end }}
EOF
exit 0

17
elasticsearch/templates/bin/_helm-tests.sh.tpl
View File

@ -77,6 +77,20 @@ function check_hits_on_test_data () {
fi
}
function check_snapshot_repositories () {
{{ range $repository := .Values.conf.elasticsearch.snapshots.repositories }}
repository={{$repository.name}}
repository_search_result=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
"${ELASTICSEARCH_ENDPOINT}/_cat/repositories" | awk '{print $1}' | grep "\<$repository\>")
if [ "$repository_search_result" == "$repository" ]; then
echo "PASS: The snapshot repository $repository exists!"
else
echo "FAIL: The snapshot repository $respository does not exist! Exiting now";
exit 1;
fi
{{ end }}
}
function remove_test_index () {
echo "Deleting index created for service testing"
curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
@ -86,4 +100,7 @@ function remove_test_index () {
create_test_index
insert_data_into_test_index
check_hits_on_test_data
{{ if .Values.conf.elasticsearch.snapshots.enabled }}
check_snapshot_repositories
{{ end }}
remove_test_index

17
elasticsearch/templates/bin/_register-repository.sh.tpl
View File

@ -15,15 +15,22 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{ $envAll := . }}
set -ex
exec curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
"${ELASTICSEARCH_ENDPOINT}/_snapshot/${REPO_NAME}" \
{{ range $repository := $envAll.Values.conf.elasticsearch.snapshots.repositories }}
curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
"${ELASTICSEARCH_HOST}/_snapshot/{{$repository.name}}" \
-H 'Content-Type: application/json' -d'
{
"type": "'"$REPO_TYPE"'",
"type": "s3",
"settings": {
"location": "'"$REPO_LOCATION"'",
"compress": true
"endpoint": "'"$RGW_HOST"'",
"protocol": "http",
"bucket": "'"$S3_BUCKET"'",
"access_key": "'"$S3_ACCESS_KEY"'",
"secret_key": "'"$S3_SECRET_KEY"'"
}
}'
{{ end }}

6
elasticsearch/templates/configmap-bin.yaml
View File

@ -28,6 +28,12 @@ data:
{{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
helm-tests.sh: |
{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ceph-admin-keyring.sh: |
{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
create-s3-bucket.py: |
{{- include "helm-toolkit.scripts.create_s3_bucket" . | indent 4 }}
create-s3-user.sh: |
{{- include "helm-toolkit.scripts.create_s3_user" . | indent 4 }}
register-repository.sh: |
{{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
curator.sh: |

19
elasticsearch/templates/configmap-etc.yaml
View File

@ -17,8 +17,23 @@ limitations under the License.
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
{{- if and (.Values.conf.elasticsearch.repository.enabled) (empty .Values.conf.elasticsearch.config.path.repo) -}}
{{- set .Values.conf.elasticsearch.config.path "repo" .Values.conf.elasticsearch.repository.location -}}
{{- if empty .Values.conf.elasticsearch.config.cloud.aws.access_key -}}
{{- set .Values.conf.elasticsearch.config.cloud.aws "access_key" .Values.endpoints.ceph_object_store.auth.elasticsearch.access_key -}}
{{- end -}}
{{- if empty .Values.conf.elasticsearch.config.cloud.aws.secret_key -}}
{{- set .Values.conf.elasticsearch.config.cloud.aws "secret_key" .Values.endpoints.ceph_object_store.auth.elasticsearch.secret_key -}}
{{- end -}}
{{- if empty .Values.endpoints.ceph_object_store.path.default -}}
{{- set .Values.endpoints.ceph_object_store.path "default" .Values.conf.elasticsearch.snapshots.bucket -}}
{{- end -}}
{{- if empty .Values.conf.elasticsearch.config.cloud.aws.s3.endpoint -}}
{{- $radosgw_host := tuple "ceph_object_store" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" -}}
{{- $bucket_path := tuple "ceph_object_store" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" -}}
{{- $s3_endpoint := printf "%s/%s" $radosgw_host $bucket_path -}}
{{- set .Values.conf.elasticsearch.config.cloud.aws.s3 "endpoint" $s3_endpoint -}}
{{- end -}}
---
apiVersion: v1

26
elasticsearch/templates/deployment-client.yaml
View File

@ -99,21 +99,6 @@ spec:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: elasticsearch-repository-perms
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
command:
- chown
- -R
- "elasticsearch:"
- {{ .Values.conf.elasticsearch.repository.location }}
volumeMounts:
- name: storage
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
containers:
- name: apache-proxy
{{ tuple $envAll "apache_proxy" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -200,6 +185,8 @@ spec:
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: ES_JAVA_OPTS
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
@ -219,10 +206,6 @@ spec:
readOnly: true
- name: storage
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-etc-apache
@ -241,10 +224,5 @@ spec:
defaultMode: 0444
- name: storage
emptyDir: {}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- end }}

26
elasticsearch/templates/deployment-master.yaml
View File

@ -97,21 +97,6 @@ spec:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: elasticsearch-repository-perms
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.master | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
command:
- chown
- -R
- "elasticsearch:"
- {{ .Values.conf.elasticsearch.repository.location }}
volumeMounts:
- name: storage
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
containers:
- name: elasticsearch-master
securityContext:
@ -158,6 +143,8 @@ spec:
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: ES_JAVA_OPTS
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
@ -177,10 +164,6 @@ spec:
readOnly: true
- name: storage
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: elasticsearch-logs
@ -197,10 +180,5 @@ spec:
defaultMode: 0444
- name: storage
emptyDir: {}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- end }}

27
elasticsearch/templates/job-register-snapshot-repository.yaml
View File

@ -14,11 +14,11 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_snapshot_repository }}
{{- if .Values.conf.elasticsearch.repository.enabled }}
{{- if and (.Values.manifests.job_snapshot_repository) (.Values.conf.elasticsearch.snapshots.enabled) }}
{{- $envAll := . }}
{{- $esUserSecret := .Values.secrets.elasticsearch.user }}
{{- $s3UserSecret := .Values.secrets.rgw.elasticsearch }}
{{- $serviceAccountName := "elasticsearch-register-snapshot-repository" }}
{{ tuple $envAll "snapshot_repository" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@ -56,14 +56,22 @@ spec:
secretKeyRef:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
- name: ELASTICSEARCH_ENDPOINT
- name: ELASTICSEARCH_HOST
value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
- name: REPO_NAME
value: {{ .Values.conf.elasticsearch.repository.name | quote }}
- name: REPO_TYPE
value: {{ .Values.conf.elasticsearch.repository.type | quote }}
- name: REPO_LOCATION
value: {{ .Values.conf.elasticsearch.repository.location | quote }}
- name: S3_BUCKET
value: {{ .Values.conf.elasticsearch.snapshots.bucket | quote }}
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ $s3UserSecret }}
key: S3_ACCESS_KEY
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ $s3UserSecret }}
key: S3_SECRET_KEY
- name: RGW_HOST
value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
command:
- /tmp/register-repository.sh
volumeMounts:
@ -77,4 +85,3 @@ spec:
name: elasticsearch-bin
defaultMode: 0555
{{- end }}
{{- end }}

21
elasticsearch/templates/job-s3-bucket.yaml Normal file
View File

@ -0,0 +1,21 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (.Values.manifests.job_s3_bucket) (.Values.conf.elasticsearch.snapshots.enabled) }}
{{- $esBucket := .Values.conf.elasticsearch.snapshots.bucket }}
{{- $s3BucketJob := dict "envAll" . "serviceName" "elasticsearch" "s3Bucket" $esBucket -}}
{{ $s3BucketJob | include "helm-toolkit.manifests.job_s3_bucket" }}
{{- end }}

20
elasticsearch/templates/job-s3-user.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (.Values.manifests.job_s3_user) (.Values.conf.elasticsearch.snapshots.enabled) }}
{{- $s3UserJob := dict "envAll" . "serviceName" "elasticsearch" -}}
{{ $s3UserJob | include "helm-toolkit.manifests.job_s3_user" }}
{{- end }}

19
elasticsearch/templates/pvc-snapshots.yaml → elasticsearch/templates/secret-s3-user.yaml
View File

@ -14,20 +14,15 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pvc_snapshots }}
{{- if .Values.storage.filesystem_repository.enabled }}
{{- if .Values.manifests.secret_s3 }}
{{- $envAll := . }}
{{- $secretName := index $envAll.Values.secrets.rgw.elasticsearch }}
---
kind: PersistentVolumeClaim
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.storage.filesystem_repository.pvc.name }}
spec:
accessModes:
- {{ .Values.storage.filesystem_repository.pvc.access_mode }}
resources:
requests:
storage: {{ .Values.storage.filesystem_repository.requests.storage }}
storageClassName: {{ .Values.storage.filesystem_repository.storage_class }}
{{- end }}
name: {{ $secretName }}
type: Opaque
data:
{{- tuple "elasticsearch" $envAll | include "helm-toolkit.snippets.rgw_s3_secret_creds" | indent 2 -}}
{{- end }}

34
elasticsearch/templates/statefulset-data.yaml
View File

@ -94,21 +94,6 @@ spec:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: elasticsearch-repository-perms
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
command:
- chown
- -R
- "elasticsearch:"
- {{ .Values.conf.elasticsearch.repository.location }}
volumeMounts:
- name: storage
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
containers:
- name: elasticsearch-data
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -155,6 +140,8 @@ spec:
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
- name: DISCOVERY_SERVICE
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
@ -172,10 +159,6 @@ spec:
mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties
readOnly: true
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.repository.location }}
{{ end }}
- name: storage
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
@ -192,13 +175,8 @@ spec:
secret:
secretName: elasticsearch-etc
defaultMode: 0444
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- if not .Values.storage.elasticsearch.enabled }}
{{- if not .Values.storage.enabled }}
- name: storage
emptyDir: {}
{{- else }}
@ -206,10 +184,10 @@ spec:
- metadata:
name: storage
spec:
accessModes: {{ .Values.storage.elasticsearch.pvc.access_mode }}
accessModes: {{ .Values.storage.pvc.access_mode }}
resources:
requests:
storage: {{ .Values.storage.elasticsearch.requests.storage }}
storageClassName: {{ .Values.storage.elasticsearch.storage_class }}
storage: {{ .Values.storage.requests.storage }}
storageClassName: {{ .Values.storage.storage_class }}
{{- end }}
{{- end }}

127
elasticsearch/values.yaml
View File

@ -21,7 +21,10 @@ images:
apache_proxy: docker.io/httpd:2.4
memory_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
curator: docker.io/bobrik/curator:5.2.0
elasticsearch: docker.io/elasticsearch:5.6.4
elasticsearch: docker.io/srwilkers/elasticsearch-s3:v0.1.0
ceph_key_placement: docker.io/port/ceph-config-helper:v1.10.3
s3_bucket: docker.io/port/ceph-config-helper:v1.10.3
s3_user: docker.io/port/ceph-config-helper:v1.10.3
helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
@ -53,13 +56,18 @@ dependencies:
service: local_image_registry
static:
curator:
services: null
services:
- endpoint: internal
service: elasticsearch
elasticsearch_client:
services: null
jobs: null
elasticsearch_data:
services: null
jobs: null
elasticsearch_master:
services: null
jobs: null
image_repo_sync:
services:
- endpoint: internal
@ -72,6 +80,15 @@ dependencies:
services:
- endpoint: internal
service: elasticsearch
jobs:
- elasticsearch-s3-bucket
s3_user:
services:
- endpoint: internal
service: ceph_object_store
s3_bucket:
jobs:
- elasticsearch-s3-user
pod:
affinity:
@ -163,6 +180,27 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
storage_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
s3_bucket:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
s3_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
@ -172,8 +210,11 @@ pod:
cpu: "2000m"
secrets:
rgw:
admin: radosgw-s3-admin-creds
elasticsearch: elasticsearch-s3-user-creds
elasticsearch:
user: elasticsearch-admin-creds
user: elasticsearch-user-secrets
tls:
elasticsearch:
elasticsearch:
@ -297,6 +338,8 @@ conf:
rootLogger.appenderRef.rolling.ref=rolling
init:
max_map_count: 262144
ceph:
admin_keyring: null
curator:
#run every 6th hour
schedule: "0 */6 * * *"
@ -353,7 +396,7 @@ conf:
description: >-
"Snapshot indices older than one day"
options:
repository: default_repo
repository: logstash_snapshots
# Leaving this blank results in the default name format
name:
wait_for_completion: True
@ -375,7 +418,7 @@ conf:
description: >-
"Delete snapshots older than 30 days"
options:
repository: default_repo
repository: logstash_snapshots
disable_action: True
timeout_override: 600
ignore_empty_list: True
@ -417,6 +460,13 @@ conf:
compression: true
network:
host: 0.0.0.0
cloud:
aws:
protocol: http
s3:
# NOTE(srwilkers): This gets configured dynamically via endpoint
# lookups
endpoint: null
node:
master: ${NODE_MASTER}
data: ${NODE_DATA}
@ -425,11 +475,15 @@ conf:
path:
data: /usr/share/elasticsearch/data
logs: /usr/share/elasticsearch/logs
repository:
snapshots:
enabled: false
name: default_repo
location: /var/lib/openstack-helm/elasticsearch
type: fs
# NOTE(srwilkers): The path for the radosgw s3 endpoint gets populated
# dynamically with this value to ensure the bucket name and s3 compatible
# radosgw endpoint/path match
bucket: elasticsearch_bucket
repositories:
logstash:
name: logstash_snapshots
env:
java_opts: "-Xms256m -Xmx256m"
prometheus_elasticsearch_exporter:
@ -512,6 +566,31 @@ endpoints:
port:
ldap:
default: 389
ceph_object_store:
name: radosgw
namespace: null
auth:
elasticsearch:
username: elasticsearch
access_key: "elastic_access_key"
secret_key: "elastic_secret_key"
admin:
username: s3_admin
access_key: "admin_access_key"
secret_key: "admin_secret_key"
hosts:
default: ceph-rgw
public: radosgw
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 8088
public: 80
monitoring:
prometheus:
@ -533,22 +612,13 @@ network:
port: 30920
storage:
elasticsearch:
enabled: true
pvc:
name: pvc-elastic
access_mode: [ "ReadWriteOnce" ]
requests:
storage: 5Gi
storage_class: general
filesystem_repository:
enabled: false
pvc:
name: pvc-snapshots
access_mode: ReadWriteMany
requests:
storage: 5Gi
storage_class: general
enabled: true
pvc:
name: pvc-elastic
access_mode: [ "ReadWriteOnce" ]
requests:
storage: 5Gi
storage_class: general
manifests:
@ -559,16 +629,17 @@ manifests:
deployment_master: true
ingress: true
job_image_repo_sync: true
job_snapshot_repository: false
job_snapshot_repository: true
job_s3_user: true
job_s3_bucket: true
helm_tests: true
pvc_snapshots: false
secret_elasticsearch: true
secret_s3: true
monitoring:
prometheus:
configmap_bin_exporter: true
deployment_exporter: true
service_exporter: true
pvc_snapshots: true
service_data: true
service_discovery: true
service_ingress: true

19
helm-toolkit/templates/scripts/_create-s3-user.sh.tpl
View File

@ -19,22 +19,6 @@ limitations under the License.
set -ex
function create_admin_user () {
radosgw-admin user create \
--uid=${S3_ADMIN_USERNAME} \
--display-name=${S3_ADMIN_USERNAME}
radosgw-admin caps add \
--uid=${S3_ADMIN_USERNAME} \
--caps={{ .Values.conf.ceph.radosgw.s3_admin_caps | quote }}
radosgw-admin key create \
--uid=${S3_ADMIN_USERNAME} \
--key-type=s3 \
--access-key ${S3_ADMIN_ACCESS_KEY} \
--secret-key ${S3_ADMIN_SECRET_KEY}
}
function create_s3_user () {
radosgw-admin user create \
--uid=${S3_USERNAME} \
@ -47,9 +31,6 @@ function create_s3_user () {
--secret-key ${S3_SECRET_KEY}
}
radosgw-admin user stats --uid=${S3_ADMIN_USERNAME} || \
create_admin_user
radosgw-admin user stats --uid=${S3_USERNAME} || \
create_s3_user
{{- end }}

6
playbooks/osh-infra-dev-deploy-ceph.yaml
View File

@ -108,6 +108,12 @@
./tools/deployment/developer/ceph/110-nagios.sh
args:
chdir: "{{ zuul.project.src_dir }}"
- name: Deploy RadosGW for OSH-Infra Namespace
shell: |
set -xe;
./tools/deployment/developer/ceph/115-radosgw-osh-infra.sh
args:
chdir: "{{ zuul.project.src_dir }}"
- name: Deploy Elasticsearch
shell: |
set -xe;

6
playbooks/osh-infra-multinode-deploy.yaml
View File

@ -98,6 +98,12 @@
./tools/deployment/multinode/110-nagios.sh
args:
chdir: "{{ zuul.project.src_dir }}"
- name: Deploy RadosGW for OSH-Infra Namespace
shell: |
set -xe;
./tools/deployment/multinode/115-radosgw-osh-infra.sh
args:
chdir: "{{ zuul.project.src_dir }}"
- name: Deploy Elasticsearch
shell: |
set -xe;

58
tools/deployment/developer/ceph/115-radosgw-osh-infra.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ceph-rgw
#NOTE: Deploy command
tee /tmp/radosgw-osh-infra.yaml <<EOF
endpoints:
ceph_object_store:
namespace: osh-infra
ceph_mon:
namespace: ceph
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: false
rgw_s3:
enabled: true
pod:
replicas:
rgw: 1
EOF
helm upgrade --install radosgw-osh-infra ./ceph-rgw \
--namespace=osh-infra \
--values=/tmp/radosgw-osh-infra.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status radosgw-osh-infra

1
tools/deployment/developer/ceph/120-elasticsearch.sh
View File

@ -1 +0,0 @@
../common/120-elasticsearch.sh

44
tools/deployment/developer/ceph/120-elasticsearch.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
monitoring:
prometheus:
enabled: true
pod:
replicas:
data: 1
conf:
elasticsearch:
snapshots:
enabled: true
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status elasticsearch

1
tools/deployment/developer/nfs/120-elasticsearch.sh
View File

@ -1 +0,0 @@
../common/120-elasticsearch.sh

39
tools/deployment/developer/nfs/120-elasticsearch.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
monitoring:
prometheus:
enabled: true
pod:
replicas:
data: 1
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status elasticsearch

34
tools/deployment/developer/common/120-elasticsearch.sh → tools/deployment/multinode/115-radosgw-osh-infra.sh
View File

@ -17,15 +17,39 @@
set -xe
#NOTE: Lint and package chart
make elasticsearch
make ceph-rgw
#NOTE: Deploy command
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--set pod.replicas.data=1
tee /tmp/radosgw-osh-infra.yaml <<EOF
endpoints:
ceph_object_store:
namespace: osh-infra
ceph_mon:
namespace: ceph
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: false
rgw_s3:
enabled: true
EOF
helm upgrade --install radosgw-osh-infra ./ceph-rgw \
--namespace=osh-infra \
--values=/tmp/radosgw-osh-infra.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status elasticsearch
helm status radosgw-osh-infra

3
tools/deployment/multinode/120-elasticsearch.sh
View File

@ -25,9 +25,12 @@ conf:
elasticsearch:
env:
java_opts: "-Xms512m -Xmx512m"
snapshots:
enabled: true
monitoring:
prometheus:
enabled: true
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \