From 637383495b691f6e120b9b265fcbae218874afcd Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 28 Sep 2017 12:23:56 -0500 Subject: [PATCH] Telemetry: add gnocchi chart This PS adds a gnocchi chart. Change-Id: I51634a3876a36dde1eb28cc62cef3189e345cd2c Co-Authored-By: Steve Wilkerson Co-Authored-By: Larry Rensing --- gnocchi/.helmignore | 21 + gnocchi/Chart.yaml | 24 + gnocchi/requirements.yaml | 18 + .../templates/bin/_ceph-admin-keyring.sh.tpl | 31 ++ gnocchi/templates/bin/_ceph-keyring.sh.tpl | 32 ++ gnocchi/templates/bin/_db-init.sh.tpl | 97 ++++ gnocchi/templates/bin/_db-sync.sh.tpl | 21 + gnocchi/templates/bin/_gnocchi-api.sh.tpl | 34 ++ gnocchi/templates/bin/_gnocchi-metricd.sh.tpl | 21 + gnocchi/templates/bin/_gnocchi-statsd.sh.tpl | 21 + gnocchi/templates/bin/_gnocchi-test.sh.tpl | 68 +++ gnocchi/templates/bin/_storage-init.sh.tpl | 56 +++ gnocchi/templates/configmap-bin.yaml | 53 ++ gnocchi/templates/configmap-etc.yaml | 93 ++++ gnocchi/templates/daemonset-metricd.yaml | 110 +++++ gnocchi/templates/daemonset-statsd.yaml | 116 +++++ gnocchi/templates/deployment-api.yaml | 135 ++++++ gnocchi/templates/etc/_wsgi-gnocchi.conf.tpl | 37 ++ gnocchi/templates/ingress-api.yaml | 59 +++ gnocchi/templates/job-db-init-indexer.yaml | 72 +++ gnocchi/templates/job-db-init-keystone.yaml | 77 +++ gnocchi/templates/job-db-sync.yaml | 93 ++++ gnocchi/templates/job-ks-endpoints.yaml | 71 +++ gnocchi/templates/job-ks-service.yaml | 63 +++ gnocchi/templates/job-ks-user.yaml | 64 +++ gnocchi/templates/job-storage-init.yaml | 103 ++++ gnocchi/templates/pdb-api.yaml | 29 ++ gnocchi/templates/pod-gnocchi-test.yaml | 102 ++++ gnocchi/templates/secret-db.yaml | 31 ++ gnocchi/templates/secret-keystone.yaml | 37 ++ gnocchi/templates/service-api.yaml | 36 ++ gnocchi/templates/service-ingress-api.yaml | 32 ++ gnocchi/templates/service-statsd.yaml | 35 ++ gnocchi/values.yaml | 455 ++++++++++++++++++ tools/gate/launch-osh/basic.sh | 5 + 35 files changed, 2352 insertions(+) create mode 100644 gnocchi/.helmignore create mode 100644 gnocchi/Chart.yaml create mode 100644 gnocchi/requirements.yaml create mode 100644 gnocchi/templates/bin/_ceph-admin-keyring.sh.tpl create mode 100644 gnocchi/templates/bin/_ceph-keyring.sh.tpl create mode 100644 gnocchi/templates/bin/_db-init.sh.tpl create mode 100644 gnocchi/templates/bin/_db-sync.sh.tpl create mode 100644 gnocchi/templates/bin/_gnocchi-api.sh.tpl create mode 100644 gnocchi/templates/bin/_gnocchi-metricd.sh.tpl create mode 100644 gnocchi/templates/bin/_gnocchi-statsd.sh.tpl create mode 100644 gnocchi/templates/bin/_gnocchi-test.sh.tpl create mode 100644 gnocchi/templates/bin/_storage-init.sh.tpl create mode 100644 gnocchi/templates/configmap-bin.yaml create mode 100644 gnocchi/templates/configmap-etc.yaml create mode 100644 gnocchi/templates/daemonset-metricd.yaml create mode 100644 gnocchi/templates/daemonset-statsd.yaml create mode 100644 gnocchi/templates/deployment-api.yaml create mode 100644 gnocchi/templates/etc/_wsgi-gnocchi.conf.tpl create mode 100644 gnocchi/templates/ingress-api.yaml create mode 100644 gnocchi/templates/job-db-init-indexer.yaml create mode 100644 gnocchi/templates/job-db-init-keystone.yaml create mode 100644 gnocchi/templates/job-db-sync.yaml create mode 100644 gnocchi/templates/job-ks-endpoints.yaml create mode 100644 gnocchi/templates/job-ks-service.yaml create mode 100644 gnocchi/templates/job-ks-user.yaml create mode 100644 gnocchi/templates/job-storage-init.yaml create mode 100644 gnocchi/templates/pdb-api.yaml create mode 100644 gnocchi/templates/pod-gnocchi-test.yaml create mode 100644 gnocchi/templates/secret-db.yaml create mode 100644 gnocchi/templates/secret-keystone.yaml create mode 100644 gnocchi/templates/service-api.yaml create mode 100644 gnocchi/templates/service-ingress-api.yaml create mode 100644 gnocchi/templates/service-statsd.yaml create mode 100644 gnocchi/values.yaml diff --git a/gnocchi/.helmignore b/gnocchi/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/gnocchi/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/gnocchi/Chart.yaml b/gnocchi/Chart.yaml new file mode 100644 index 0000000000..be4c9436b1 --- /dev/null +++ b/gnocchi/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for Gnocchi +name: gnocchi +version: 0.1.0 +home: https://docs.openstack.org/developer/gnocchi +sources: + - https://git.openstack.org/cgit/openstack/gnocchi + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/gnocchi/requirements.yaml b/gnocchi/requirements.yaml new file mode 100644 index 0000000000..4a8b1c610f --- /dev/null +++ b/gnocchi/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 \ No newline at end of file diff --git a/gnocchi/templates/bin/_ceph-admin-keyring.sh.tpl b/gnocchi/templates/bin/_ceph-admin-keyring.sh.tpl new file mode 100644 index 0000000000..f3c0a521db --- /dev/null +++ b/gnocchi/templates/bin/_ceph-admin-keyring.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat < /etc/ceph/ceph.client.admin.keyring +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/gnocchi/templates/bin/_ceph-keyring.sh.tpl b/gnocchi/templates/bin/_ceph-keyring.sh.tpl new file mode 100644 index 0000000000..68ce85c2cf --- /dev/null +++ b/gnocchi/templates/bin/_ceph-keyring.sh.tpl @@ -0,0 +1,32 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat < /etc/ceph/ceph.client.{{ .Values.conf.gnocchi.storage.ceph_username }}.keyring + +[client.{{ .Values.conf.gnocchi.storage.ceph_username }}] +{{- if .Values.conf.gnocchi.storage.provided_keyring }} + key = {{ .Values.conf.gnocchi.storage.provided_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/gnocchi/templates/bin/_db-init.sh.tpl b/gnocchi/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..39736f02da --- /dev/null +++ b/gnocchi/templates/bin/_db-init.sh.tpl @@ -0,0 +1,97 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + if [[ ! -z $2 ]]; then + EXPORT PGDATABASE=$2 + fi + + psql \ + -h ${DB_FQDN} \ + -p ${DB_PORT} \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + + psql \ + -h ${DB_FQDN} \ + -p ${DB_PORT} \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +if [[ ! -v ROOT_DB_CONNECTION ]]; then + echo "environment variable ROOT_DB_CONNECTION not set" + exit 1 +else + echo "Got DB root connection" +fi + +if [[ -v OPENSTACK_CONFIG_FILE ]]; then + if [[ ! -v OPENSTACK_CONFIG_DB_SECTION ]]; then + echo "Environment variable OPENSTACK_CONFIG_DB_SECTION not set" + exit 1 + elif [[ ! -v OPENSTACK_CONFIG_DB_KEY ]]; then + echo "Environment variable OPENSTACK_CONFIG_DB_KEY not set" + exit 1 + fi + + echo "Using ${OPENSTACK_CONFIG_FILE} as db config source" + echo "Trying to load db config from ${OPENSTACK_CONFIG_DB_SECTION}:${OPENSTACK_CONFIG_DB_KEY}" + + DB_CONN=$(awk -v key=$OPENSTACK_CONFIG_DB_KEY "/^\[${OPENSTACK_CONFIG_DB_SECTION}\]/{f=1} f==1&&/^$OPENSTACK_CONFIG_DB_KEY/{print \$3;exit}" "${OPENSTACK_CONFIG_FILE}") + + echo "Found DB connection: $DB_CONN" +elif [[ -v DB_CONNECTION ]]; then + DB_CONN=${DB_CONNECTION} + echo "Got config from DB_CONNECTION env var" +else + echo "Could not get dbconfig" + exit 1 +fi + +ROOT_DB_PROTO="$(echo $ROOT_DB_CONNECTION | grep '//' | sed -e's,^\(.*://\).*,\1,g')" +ROOT_DB_URL="$(echo $ROOT_DB_CONNECTION | sed -e s,$ROOT_DB_PROTO,,g)" +ROOT_DB_USER="$(echo $ROOT_DB_URL | grep @ | cut -d@ -f1 | cut -d: -f1)" +ROOT_DB_PASS="$(echo $ROOT_DB_URL | grep @ | cut -d@ -f1 | cut -d: -f2)" + +DB_FQDN="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f1 | cut -d: -f1)" +DB_PORT="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f1 | cut -d: -f2)" +DB_NAME="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f2 | cut -d? -f1)" + +DB_PROTO="$(echo $DB_CONN | grep '//' | sed -e's,^\(.*://\).*,\1,g')" +DB_URL="$(echo $DB_CONN | sed -e s,$DB_PROTO,,g)" +DB_USER="$( echo $DB_URL | grep @ | cut -d@ -f1 | cut -d: -f1)" +DB_PASS="$( echo $DB_URL | grep @ | cut -d@ -f1 | cut -d: -f2)" + +#create db +pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME" + +#create db user +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS';" && pgsql_superuser_cmd "ALTER USER ${DB_USER} WITH SUPERUSER" + +#give permissions to user +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" diff --git a/gnocchi/templates/bin/_db-sync.sh.tpl b/gnocchi/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..a32db4ec4b --- /dev/null +++ b/gnocchi/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec gnocchi-upgrade --create-legacy-resource-types diff --git a/gnocchi/templates/bin/_gnocchi-api.sh.tpl b/gnocchi/templates/bin/_gnocchi-api.sh.tpl new file mode 100644 index 0000000000..4cbdcc8281 --- /dev/null +++ b/gnocchi/templates/bin/_gnocchi-api.sh.tpl @@ -0,0 +1,34 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + exec apache2 -DFOREGROUND +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/gnocchi/templates/bin/_gnocchi-metricd.sh.tpl b/gnocchi/templates/bin/_gnocchi-metricd.sh.tpl new file mode 100644 index 0000000000..0bf5150e96 --- /dev/null +++ b/gnocchi/templates/bin/_gnocchi-metricd.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x +exec gnocchi-metricd \ + --config-file /etc/gnocchi/gnocchi.conf diff --git a/gnocchi/templates/bin/_gnocchi-statsd.sh.tpl b/gnocchi/templates/bin/_gnocchi-statsd.sh.tpl new file mode 100644 index 0000000000..dff4ee627c --- /dev/null +++ b/gnocchi/templates/bin/_gnocchi-statsd.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x +exec gnocchi-statsd \ + --config-file /etc/gnocchi/gnocchi.conf diff --git a/gnocchi/templates/bin/_gnocchi-test.sh.tpl b/gnocchi/templates/bin/_gnocchi-test.sh.tpl new file mode 100644 index 0000000000..5f309ad7be --- /dev/null +++ b/gnocchi/templates/bin/_gnocchi-test.sh.tpl @@ -0,0 +1,68 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +echo "Test: list archive policies" +gnocchi archive-policy list + +echo "Test: create metric" +gnocchi metric create --archive-policy-name low +METRIC_UUID=$(gnocchi metric list -c id -f value | head -1) +sleep 5 + +echo "Test: show metric" +gnocchi metric show ${METRIC_UUID} + +sleep 5 + +echo "Test: add measures" +gnocchi measures add -m 2017-06-27T12:00:00@31 \ + -m 2017-06-27T12:03:27@20 \ + -m 2017-06-27T12:06:51@41 \ + ${METRIC_UUID} + +sleep 15 + +echo "Test: show measures" +gnocchi measures show ${METRIC_UUID} +gnocchi measures show --aggregation min ${METRIC_UUID} + +echo "Test: delete metric" +gnocchi metric delete ${METRIC_UUID} + +RESOURCE_UUID={{ uuidv4 }} + +echo "Test: create resouce type" +gnocchi resource-type create --attribute name:string --attribute host:string test + +echo "Test: list resource types" +gnocchi resource-type list + +echo "Test: create resource" +gnocchi resource create --attribute name:test --attribute host:testnode1 --create-metric cpu:medium --create-metric memory:low --type test ${RESOURCE_UUID} + +echo "Test: show resource history" +gnocchi resource history --format json --details ${RESOURCE_UUID} +echo "Test: delete resource" +gnocchi resource delete ${RESOURCE_UUID} +echo "Test: delete resource type" +gnocchi resource-type delete test + +exit 0 diff --git a/gnocchi/templates/bin/_storage-init.sh.tpl b/gnocchi/templates/bin/_storage-init.sh.tpl new file mode 100644 index 0000000000..3aca356bc3 --- /dev/null +++ b/gnocchi/templates/bin/_storage-init.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x +SECRET=$(mktemp --suffix .yaml) +KEYRING=$(mktemp --suffix .keyring) +function cleanup { + rm -f ${SECRET} ${KEYRING} +} +trap cleanup EXIT + +set -ex +ceph -s +function ensure_pool () { + ceph osd pool stats $1 || ceph osd pool create $1 $2 +} +ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} + +if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then + KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') + echo $KEYSTR > ${KEYRING} +else + #NOTE(Portdirect): Determine proper privs to assign keyring + ceph auth get-or-create client.${RBD_POOL_USER} \ + mon "allow *" \ + osd "allow *" \ + -o ${KEYRING} +fi + +ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0) +cat > ${SECRET} < + WSGIDaemonProcess gnocchi processes=1 threads=2 user=gnocchi group=gnocchi display-name=%{GROUP} + WSGIProcessGroup gnocchi + WSGIScriptAlias / "/var/lib/kolla/venv/lib/python2.7/site-packages/gnocchi/rest/app.wsgi" + WSGIApplicationGroup %{GLOBAL} + + ErrorLog /dev/stderr + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + Require all granted + + diff --git a/gnocchi/templates/ingress-api.yaml b/gnocchi/templates/ingress-api.yaml new file mode 100644 index 0000000000..14bbf7e961 --- /dev/null +++ b/gnocchi/templates/ingress-api.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +{{- $backendServiceType := "metric" }} +{{- $backendPort := "gn-api" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: +{{ if ne $hostNameNamespaced $hostNameFull }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- else }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml new file mode 100644 index 0000000000..0e1c9ca324 --- /dev/null +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -0,0 +1,72 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init_indexer }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init_postgresql }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-db-init-indexer +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "db-init-indexer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: gnocchi-db-init-indexer + image: {{ .Values.images.db_init_indexer | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init_indexer | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION_INDEXER + - name: OPENSTACK_CONFIG_FILE + value: /etc/gnocchi/gnocchi.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: indexer + - name: OPENSTACK_CONFIG_DB_KEY + value: url + command: + - /tmp/db-init.sh + volumeMounts: + - name: gnocchi-etc + mountPath: /etc/gnocchi/gnocchi.conf + subPath: gnocchi.conf + - name: gnocchi-bin + mountPath: /tmp/db-init.sh + subPath: db-init.sh + readOnly: true + volumes: + - name: gnocchi-etc + configMap: + name: gnocchi-etc + defaultMode: 0444 + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 +{{- end }} diff --git a/gnocchi/templates/job-db-init-keystone.yaml b/gnocchi/templates/job-db-init-keystone.yaml new file mode 100644 index 0000000000..c960c0519f --- /dev/null +++ b/gnocchi/templates/job-db-init-keystone.yaml @@ -0,0 +1,77 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init_keystone }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init_keystone }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-db-init-keystone +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "db-init-keystone" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: keystone-db-init + image: {{ .Values.images.db_init_keystone | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION_API + - name: OPENSTACK_CONFIG_FILE + value: /etc/gnocchi/gnocchi.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection + command: + - /tmp/db-init.py + volumeMounts: + - name: gnocchi-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: pod-etc-gnocchi + mountPath: /etc/gnocchi + - name: gnocchi-etc + mountPath: /etc/gnocchi/gnocchi.conf + subPath: gnocchi.conf + readOnly: true + volumes: + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 + - name: pod-etc-gnocchi + emptyDir: {} + - name: gnocchi-etc + configMap: + name: gnocchi-etc + defaultMode: 0444 +{{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml new file mode 100644 index 0000000000..6424845ea5 --- /dev/null +++ b/gnocchi/templates/job-db-sync.yaml @@ -0,0 +1,93 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: ceph-keyring-placement + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /tmp/ceph-keyring.sh + volumeMounts: + - name: etcceph + mountPath: /etc/ceph + - name: gnocchi-bin + mountPath: /tmp/ceph-keyring.sh + subPath: ceph-keyring.sh + readOnly: true + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + containers: + - name: gnocchi-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: gnocchi-etc + mountPath: /etc/gnocchi/gnocchi.conf + subPath: gnocchi.conf + - name: gnocchi-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + - name: etcceph + mountPath: /etc/ceph + - name: ceph-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + volumes: + - name: gnocchi-etc + configMap: + name: gnocchi-etc + defaultMode: 0444 + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 + - name: etcceph + emptyDir: {} + - name: ceph-etc + configMap: + name: ceph-etc + - name: ceph-keyring + secret: + secretName: pvc-ceph-client-key +{{- end }} diff --git a/gnocchi/templates/job-ks-endpoints.yaml b/gnocchi/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..e00e679fb7 --- /dev/null +++ b/gnocchi/templates/job-ks-endpoints.yaml @@ -0,0 +1,71 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + metadata: + annotations: + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "metric" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: gnocchi-bin + defaultMode: 0555 +{{- end }} diff --git a/gnocchi/templates/job-ks-service.yaml b/gnocchi/templates/job-ks-service.yaml new file mode 100644 index 0000000000..671f2d8938 --- /dev/null +++ b/gnocchi/templates/job-ks-service.yaml @@ -0,0 +1,63 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_service }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "metric" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: gnocchi-bin + defaultMode: 0555 +{{- end }} diff --git a/gnocchi/templates/job-ks-user.yaml b/gnocchi/templates/job-ks-user.yaml new file mode 100644 index 0000000000..988e7082a6 --- /dev/null +++ b/gnocchi/templates/job-ks-user.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: gnocchi-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "gnocchi" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: gnocchi-bin + defaultMode: 0555 +{{- end }} diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml new file mode 100644 index 0000000000..96af867a00 --- /dev/null +++ b/gnocchi/templates/job-storage-init.yaml @@ -0,0 +1,103 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_storage_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.storage_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gnocchi-storage-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "gnocchi" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: ceph-keyring-placement + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + runAsUser: {{ .Values.pod.user.gnocchi.uid }} + command: + - /tmp/ceph-admin-keyring.sh + volumeMounts: + - name: etcceph + mountPath: /etc/ceph + - name: gnocchi-bin + mountPath: /tmp/ceph-admin-keyring.sh + subPath: ceph-admin-keyring.sh + readOnly: true + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + containers: + - name: gnocchi-storage-init + image: {{ .Values.images.storage_init }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RBD_POOL_NAME + value: {{ .Values.conf.gnocchi.storage.ceph_pool | quote }} + - name: RBD_POOL_USER + value: {{ .Values.conf.gnocchi.storage.ceph_username | quote }} + - name: RBD_POOL_CHUNK_SIZE + value: "8" + - name: RBD_POOL_SECRET + value: {{ .Values.secrets.rbd | quote }} + command: + - /tmp/storage-init.sh + volumeMounts: + - name: gnocchi-bin + mountPath: /tmp/storage-init.sh + subPath: storage-init.sh + readOnly: true + - name: etcceph + mountPath: /etc/ceph + - name: ceph-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + volumes: + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 + - name: etcceph + emptyDir: {} + - name: ceph-etc + configMap: + name: ceph-etc + defaultMode: 0444 + - name: ceph-keyring + secret: + secretName: pvc-ceph-client-key +{{- end }} diff --git a/gnocchi/templates/pdb-api.yaml b/gnocchi/templates/pdb-api.yaml new file mode 100644 index 0000000000..5665857972 --- /dev/null +++ b/gnocchi/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: gnocchi-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml new file mode 100644 index 0000000000..261322d82b --- /dev/null +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -0,0 +1,102 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_gnocchi_test }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.tests }} +{{- $mounts_gnocchi_tests := .Values.pod.mounts.gnocchi_tests.gnocchi_tests }} +{{- $mounts_gnocchi_tests_init := .Values.pod.mounts.gnocchi_tests.init_container }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-rally-test" + annotations: + "helm.sh/hook": test-success +spec: + restartPolicy: Never + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + - name: ceph-keyring-placement + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /tmp/ceph-keyring.sh + volumeMounts: + - name: etcceph + mountPath: /etc/ceph + - name: gnocchi-bin + mountPath: /tmp/ceph-keyring.sh + subPath: ceph-keyring.sh + readOnly: true + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + containers: + - name: {{.Release.Name}}-helm-tests + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} + - name: OS_AUTH_TYPE + valueFrom: + secretKeyRef: + name: {{ $.Values.secrets.identity.admin }} + key: OS_AUTH_TYPE + - name: OS_TENANT_NAME + valueFrom: + secretKeyRef: + name: {{ $.Values.secrets.identity.admin }} + key: OS_TENANT_NAME +{{- end }} + command: + - /tmp/gnocchi-test.sh + volumeMounts: + - name: gnocchi-etc + mountPath: /etc/gnocchi/gnocchi.conf + subPath: gnocchi.conf + readOnly: true + - name: ceph-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf + readOnly: true + - name: gnocchi-bin + mountPath: /tmp/gnocchi-test.sh + subPath: gnocchi-test.sh + readOnly: true +{{ if $mounts_gnocchi_tests.volumeMounts }}{{ toYaml $mounts_gnocchi_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: gnocchi-etc + configMap: + name: gnocchi-etc + defaultMode: 0444 + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 + - name: ceph-etc + configMap: + name: ceph-etc + - name: ceph-keyring + secret: + secretName: pvc-ceph-client-key + - name: etcceph + emptyDir: {} +{{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/gnocchi/templates/secret-db.yaml b/gnocchi/templates/secret-db.yaml new file mode 100644 index 0000000000..8a1c933b5d --- /dev/null +++ b/gnocchi/templates/secret-db.yaml @@ -0,0 +1,31 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION_INDEXER: {{ tuple "oslo_db_postgresql" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} + DB_CONNECTION_API: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/gnocchi/templates/secret-keystone.yaml b/gnocchi/templates/secret-keystone.yaml new file mode 100644 index 0000000000..c7cf21ee39 --- /dev/null +++ b/gnocchi/templates/secret-keystone.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }} +{{ $osAuthType := $auth.os_auth_type }} +{{ $osTenantName := $auth.os_tenant_name }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }} + OS_AUTH_TYPE: | +{{ $osAuthType | b64enc | indent 4 }} + OS_TENANT_NAME: | +{{ $osTenantName | b64enc | indent 4 }} +{{ end }} +{{- end }} diff --git a/gnocchi/templates/service-api.yaml b/gnocchi/templates/service-api.yaml new file mode 100644 index 0000000000..d637e3a1d4 --- /dev/null +++ b/gnocchi/templates/service-api.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "metric" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: gn-api + port: {{ .Values.conf.gnocchi.api.port }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/gnocchi/templates/service-ingress-api.yaml b/gnocchi/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..690ef97811 --- /dev/null +++ b/gnocchi/templates/service-ingress-api.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "metric" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/gnocchi/templates/service-statsd.yaml b/gnocchi/templates/service-statsd.yaml new file mode 100644 index 0000000000..bbba851cc7 --- /dev/null +++ b/gnocchi/templates/service-statsd.yaml @@ -0,0 +1,35 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_statsd }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: gnocchi-statsd +spec: + ports: + - port: {{ .Values.conf.gnocchi.statsd.port }} + {{ if .Values.network.statsd.node_port.enabled }} + nodePort: {{ .Values.network.statsd.node_port.port }} + {{ end }} + selector: + app: gnocchi-statsd + {{ if .Values.network.statsd.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml new file mode 100644 index 0000000000..cdea978be6 --- /dev/null +++ b/gnocchi/values.yaml @@ -0,0 +1,455 @@ +# Default values for gnocchi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 + storage_init: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 + db_init_indexer: docker.io/postgres:9.5 + # using non-kolla images until kolla supports postgres as + # an indexer + db_init_keystone: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3 + db_sync: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + api: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3 + statsd: quay.io/attcomdev/ubuntu-source-gnocchi-statsd:3.0.3 + metricd: quay.io/attcomdev/ubuntu-source-gnocchi-metricd:3.0.3 + pull_policy: "IfNotPresent" + +network: + api: + ingress: + public: true + node_port: + enabled: false + port: 8041 + statsd: + node_port: + enabled: false + port: 8125 + +dependencies: + storage_init: + services: + db_init_keystone: + services: + - service: oslo_db + endpoint: internal + db_init_postgresql: + jobs: + services: + - service: oslo_db_postgresql + endpoint: internal + db_sync: + jobs: + - gnocchi-db-init-keystone + - gnocchi-db-init-indexer + services: + - service: oslo_db_postgresql + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - gnocchi-ks-service + services: + - service: identity + endpoint: internal + api: + jobs: + - gnocchi-storage-init + - gnocchi-db-sync + - gnocchi-ks-endpoints + - gnocchi-ks-service + - gnocchi-ks-user + services: + - service: identity + endpoint: internal + - service: oslo_db + endpoint: internal + statsd: + jobs: + - gnocchi-storage-init + - gnocchi-db-sync + - gnocchi-ks-user + - gnocchi-ks-service + - gnocchi-ks-endpoints + services: + - service: oslo_db_postgresql + endpoint: internal + - service: metric + endpoint: internal + metricd: + jobs: + - gnocchi-storage-init + - gnocchi-db-sync + - gnocchi-ks-user + - gnocchi-ks-service + - gnocchi-ks-endpoints + services: + - service: oslo_db_postgresql + endpoint: internal + - service: metric + endpoint: internal + tests: + jobs: + - gnocchi-storage-init + - gnocchi-db-sync + services: + - service: identity + endpoint: internal + - service: oslo_db_postgresql + endpoint: internal + - service: metric + endpoint: internal + +pod: + user: + gnocchi: + uid: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + gnocchi_api: + init_container: null + gnocchi_api: + gnocchi_statsd: + init_container: null + gnocchi_statsd: + gnocchi_metricd: + init_container: null + gnocchi_metricd: + gnocchi_tests: + init_container: null + gnocchi_tests: + replicas: + api: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + daemonsets: + pod_replacement_strategy: RollingUpdate + metricd: + enabled: false + min_ready_seconds: 0 + max_unavailable: 1 + statsd: + enabled: false + min_ready_seconds: 0 + max_unavailable: 1 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + statsd: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + metricd: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + db_init: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "124Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +conf: + ceph: + monitors: [] + admin_keyring: null + override: + append: + paste: + pipeline:main: + pipeline: gnocchi+auth + composite:gnocchi+noauth: + use: egg:Paste#urlmap + /: gnocchiversions + /v1: gnocchiv1+noauth + composite:gnocchi+auth: + use: egg:Paste#urlmap + /: gnocchiversions + /v1: gnocchiv1+auth + pipeline:gnocchiv1+noauth: + pipeline: gnocchiv1 + pipeline:gnocchiv1+auth: + pipeline: keystone_authtoken gnocchiv1 + app:gnocchiversions: + paste.app_factory: gnocchi.rest.app:app_factory + root: gnocchi.rest.VersionsController + app:gnocchiv1: + paste.app_factory: gnocchi.rest.app:app_factory + root: gnocchi.rest.V1Controller + filter:keystone_authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + oslo_config_project: gnocchi + policy: + admin_or_creator: 'role:admin or project_id:%(created_by_project_id)s' + resource_owner: 'project_id:%(project_id)s' + metric_owner: 'project_id:%(resource.project_id)s' + get status: 'role:admin' + create resource: '' + get resource: 'rule:admin_or_creator or rule:resource_owner' + update resource: 'rule:admin_or_creator' + delete resource: 'rule:admin_or_creator' + delete resources: 'rule:admin_or_creator' + list resource: 'rule:admin_or_creator or rule:resource_owner' + search resource: 'rule:admin_or_creator or rule:resource_owner' + create resource type: 'role:admin' + delete resource type: 'role:admin' + update resource type: 'role:admin' + list resource type: '' + get resource type: '' + get archive policy: '' + list archive policy: '' + create archive policy: 'role:admin' + update archive policy: 'role:admin' + delete archive policy: 'role:admin' + create archive policy rule: 'role:admin' + get archive policy rule: '' + list archive policy rule: '' + delete archive policy rule: 'role:admin' + create metric: '' + delete metric: 'rule:admin_or_creator' + get metric: 'rule:admin_or_creator or rule:metric_owner' + search metric: 'rule:admin_or_creator or rule:metric_owner' + list metric: '' + list all metric: 'role:admin' + get measures: 'rule:admin_or_creator or rule:metric_owner' + post measures: 'rule:admin_or_creator' + gnocchi: + DEFAULT: + debug: false + token: + provider: uuid + api: + auth_mode: keystone + port: 8041 + statsd: + port: 8125 + metricd: + workers: 1 + database: + max_retries: -1 + storage: + driver: ceph + ceph_pool: metrics + ceph_username: admin + ceph_keyring: /etc/ceph/ceph.client.admin.keyring + ceph_conffile: /etc/ceph/ceph.conf + file_basepath: /var/lib/gnocchi + provided_keyring: null + indexer: + driver: postgresql + keystone_authtoken: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + +secrets: + identity: + admin: gnocchi-keystone-admin + user: gnocchi-keystone-user + oslo_db: + admin: gnocchi-db-admin + user: gnocchi-db-user + rbd: gnocchi-rbd-keyring + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + admin: + username: "admin" + user_domain_name: "default" + password: "password" + project_name: "admin" + project_domain_name: "default" + region_name: "RegionOne" + os_auth_type: "password" + os_tenant_name: "admin" + user: + username: "gnocchi" + user_domain_name: "default" + role: "admin" + password: "password" + project_name: "service" + project_domain_name: "default" + region_name: "RegionOne" + os_auth_type: "password" + os_tenant_name: "service" + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: 'http' + port: + admin: + default: 35357 + api: + default: 80 + metric: + name: gnocchi + hosts: + default: gnocchi-api + public: gnocchi + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 8041 + public: 80 + oslo_db_postgresql: + auth: + admin: + username: postgres + password: password + user: + username: gnocchi + password: password + hosts: + default: postgresql + host_fqdn_override: + default: null + path: /gnocchi + scheme: postgresql + port: + postgresql: + default: 5432 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: gnocchi + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /gnocchi + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + hosts: + default: memcache + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + +manifests: + configmap_bin: true + configmap_etc: true + daemonset_metricd: true + daemonset_statsd: true + deployment_api: true + ingress_api: true + job_db_init_indexer: true + job_db_init_keystone: true + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_storage_init: true + pdb_api: true + pod_gnocchi_test: true + secret_db: true + secret_keystone: true + service_api: true + service_ingress_api: true + service_statsd: true diff --git a/tools/gate/launch-osh/basic.sh b/tools/gate/launch-osh/basic.sh index ffc3c43d73..cdc3048b82 100755 --- a/tools/gate/launch-osh/basic.sh +++ b/tools/gate/launch-osh/basic.sh @@ -128,7 +128,11 @@ if [ "x$INTEGRATION" == "xmulti" ]; then #NOTE(portdirect): Deploy Telemetry componets here to enable ingestion # of data from other services as the come online. helm install --namespace=openstack ${WORK_DIR}/postgresql --name=postgresql + helm install --namespace=openstack ${WORK_DIR}/gnocchi --name=gnocchi + helm install --namespace=openstack ${WORK_DIR}/mongodb --name=mongodb + helm install --namespace=openstack ${WORK_DIR}/ceilometer --name=ceilometer fi + kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK} fi if [[ "x${PVC_BACKEND}" != "xceph" ]] && [[ "x${GLANCE}" != "xpvc" ]] ; then @@ -201,6 +205,7 @@ if [ "x$INTEGRATION" == "xmulti" ]; then kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK} helm_test_deployment keystone ${SERVICE_TEST_TIMEOUT} + helm_test_deployment gnocchi ${SERVICE_TEST_TIMEOUT} helm_test_deployment glance ${SERVICE_TEST_TIMEOUT} helm_test_deployment cinder ${SERVICE_TEST_TIMEOUT} helm_test_deployment neutron ${SERVICE_TEST_TIMEOUT}