diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl deleted file mode 100644 index 51af65e071..0000000000 --- a/cinder/templates/_helpers.tpl +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This file is required because we use a slightly different endpoint layout in -# the values yaml, until we can make this change for all services. - - -# this function returns the endpoint uri for a service, it takes an tuple -# input in the form: service-type, endpoint-class, port-name. eg: -# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" } -# will return the appropriate URI. Once merged this should phase out the above. - -{{- define "helm-toolkit.endpoint_type_lookup_addr" -}} -{{- $type := index . 0 -}} -{{- $endpoint := index . 1 -}} -{{- $port := index . 2 -}} -{{- $context := index . 3 -}} -{{- $endpointMap := index $context.Values.endpoints $type }} -{{- $fqdn := $context.Release.Namespace -}} -{{- if $context.Values.endpoints.fqdn -}} -{{- $fqdn := $context.Values.endpoints.fqdn -}} -{{- end -}} -{{- with $endpointMap -}} -{{- $endpointScheme := .scheme }} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- $endpointPath := .path }} -{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} -{{- end -}} -{{- end -}} - - -#------------------------------- -# endpoint name lookup -#------------------------------- - -# this function is used in endpoint management templates -# it returns the service type for an openstack service eg: -# { tuple orchestration . | include "ks_endpoint_type" } -# will return "heat" - -{{- define "endpoint_name_lookup" -}} -{{- $type := index . 0 -}} -{{- $context := index . 1 -}} -{{- $endpointMap := index $context.Values.endpoints $type }} -{{- $endpointName := index $endpointMap "name" }} -{{- $endpointName | quote -}} -{{- end -}} diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index b9d09c57a3..52705f8ad5 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -59,10 +59,11 @@ spec: - --config-dir - /etc/cinder/conf ports: - - containerPort: {{ .Values.service.api.port }} + - name: c-api + containerPort: {{ .Values.network.port.api }} readinessProbe: tcpSocket: - port: {{ .Values.service.api.port }} + port: {{ .Values.network.port.api }} volumeMounts: - name: pod-etc-cinder mountPath: /etc/cinder diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index b03a594774..cb336d6485 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -22,11 +22,11 @@ volume_name_template = %s osapi_volume_workers = {{ .Values.api.workers }} osapi_volume_listen = 0.0.0.0 -osapi_volume_listen_port = {{ .Values.service.api.port }} +osapi_volume_listen_port = {{ .Values.network.port.api }} api_paste_config = /etc/cinder/api-paste.ini -glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_servers = {{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} glance_api_version = {{ .Values.glance.version }} enabled_backends = {{ include "helm-toolkit.joinListWithComma" .Values.backends.enabled }} @@ -44,11 +44,13 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password +region_name = {{ .Values.keystone.cinder_region_name }} project_domain_name = {{ .Values.keystone.cinder_project_domain }} -user_domain_name = {{ .Values.keystone.cinder_user_domain }} project_name = {{ .Values.keystone.cinder_project_name }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} username = {{ .Values.keystone.cinder_user }} password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/job-ks-endpoints.yaml b/cinder/templates/job-ks-endpoints.yaml index cafd4c8d54..b554fb1b7f 100644 --- a/cinder/templates/job-ks-endpoints.yaml +++ b/cinder/templates/job-ks-endpoints.yaml @@ -60,11 +60,11 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoint_type_lookup_addr" }} + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }} {{- end }} {{- end }} volumes: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index de1e852150..77c4257299 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -57,7 +57,7 @@ spec: {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} {{- end }} diff --git a/cinder/templates/secret-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml index 845b87d388..5badd3e38c 100644 --- a/cinder/templates/secret-keystone-admin.env.yaml +++ b/cinder/templates/secret-keystone-admin.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ .Values.keystone.auth_url | b64enc | indent 4 }} +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.admin_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/cinder/templates/secret-keystone-user.env.yaml b/cinder/templates/secret-keystone-user.env.yaml index 3fa0464ed2..610df50108 100644 --- a/cinder/templates/secret-keystone-user.env.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ .Values.keystone.auth_url | b64enc | indent 4 }} +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml index e6ec8e6ac8..4347d8e95d 100644 --- a/cinder/templates/service-api.yaml +++ b/cinder/templates/service-api.yaml @@ -15,9 +15,9 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.service.api.name }} + name: cinder-api spec: ports: - - port: {{ .Values.service.api.port }} + - port: {{ .Values.network.port.api }} selector: app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml index a0d5e2b9a6..22e656036b 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -46,8 +46,6 @@ upgrades: max_surge: 3 keystone: - auth_uri: "http://keystone-api:5000" - auth_url: "http://keystone-api:35357" admin_user: "admin" admin_user_domain: "default" admin_password: "password" @@ -63,11 +61,9 @@ keystone: cinder_project_domain: "default" cinder_region_name: "RegionOne" -service: - api: - name: "cinder-api" - port: 8776 - proto: "http" +network: + port: + api: 8776 database: address: mariadb @@ -96,9 +92,6 @@ backends: pool: "volumes" glance: - proto: "http" - host: "glance-api" - port: 9292 version: 2 messaging: @@ -171,8 +164,17 @@ endpoints: path: /v3 scheme: 'http' port: - admin: 35357 - public: 5000 + admin: 35357 + api: 5000 + image: + name: glance + hosts: + default: glance-api + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 volume: name: cinder hosts: @@ -256,4 +258,3 @@ resources: limits: memory: "1024Mi" cpu: "2000m" - diff --git a/glance/templates/bin/_post.sh.tpl b/glance/templates/bin/_post.sh.tpl index 3ee65fd939..8aa44495fd 100644 --- a/glance/templates/bin/_post.sh.tpl +++ b/glance/templates/bin/_post.sh.tpl @@ -21,7 +21,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "admin" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=admin \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ @@ -31,7 +31,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=internal \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ @@ -41,7 +41,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=public \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl index f291b9884b..03648ab9e9 100644 --- a/glance/templates/etc/_glance-api.conf.tpl +++ b/glance/templates/etc/_glance-api.conf.tpl @@ -22,27 +22,28 @@ workers = {{ .Values.misc.workers }} registry_host = glance-registry # Enable Copy-on-Write show_image_direct_url = True - + [database] connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} max_retries = -1 - + [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service +region_name = {{ .Values.keystone.glance_region_name }} +project_domain_name = {{ .Values.keystone.glance_project_domain }} +project_name = {{ .Values.keystone.glance_project_name }} +user_domain_name = {{ .Values.keystone.glance_user_domain }} username = {{ .Values.keystone.glance_user }} password = {{ .Values.keystone.glance_password }} - + [paste_deploy] flavor = keystone - + [oslo_messaging_notifications] driver = noop - + [glance_store] filesystem_store_datadir = /var/lib/glance/images/ {{- if .Values.development.enabled }} diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl index e7c80adbbd..24f60dc62b 100644 --- a/glance/templates/etc/_glance-registry.conf.tpl +++ b/glance/templates/etc/_glance-registry.conf.tpl @@ -16,25 +16,27 @@ debug = {{ .Values.misc.debug }} use_syslog = False use_stderr = True + bind_port = {{ .Values.network.port.registry }} workers = {{ .Values.misc.workers }} - + [database] connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} max_retries = -1 - + [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service +region_name = {{ .Values.keystone.glance_region_name }} +project_domain_name = {{ .Values.keystone.glance_project_domain }} +project_name = {{ .Values.keystone.glance_project_name }} +user_domain_name = {{ .Values.keystone.glance_user_domain }} username = {{ .Values.keystone.glance_user }} password = {{ .Values.keystone.glance_password }} - + [paste_deploy] flavor = keystone - + [oslo_messaging_notifications] driver = noop diff --git a/glance/values.yaml b/glance/values.yaml index 51e4cd98bc..4d09b50c4d 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -46,22 +46,25 @@ upgrades: max_surge: 3 keystone: - auth_uri: "http://keystone-api:5000" - auth_url: "http://keystone-api:35357" admin_user: "admin" + admin_user_domain: "default" admin_password: "password" admin_project_name: "admin" + admin_project_domain: "default" admin_region_name: "RegionOne" glance_user: "glance" + glance_user_domain: "default" + glance_user_role: "admin" glance_password: "password" + glance_project_name: "service" + glance_project_domain: "default" glance_region_name: "RegionOne" network: port: api: 9292 registry: 9191 - ip_address: "0.0.0.0" database: address: mariadb @@ -173,21 +176,21 @@ dependencies: # values, but should include all endpoints # required by this chart endpoints: - glance: + identity: + name: keystone + hosts: + default: keystone-api + path: /v3 + scheme: 'http' + port: + admin: 35357 + api: 5000 + image: + name: glance hosts: default: glance-api - type: image path: null scheme: 'http' port: api: 9292 registry: 9191 - keystone: - hosts: - default: keystone-api - path: /v3 - type: identity - scheme: 'http' - port: - admin: 35357 - public: 5000 diff --git a/helm-toolkit/templates/_endpoints.tpl b/helm-toolkit/templates/_endpoints.tpl index 7c2134bd02..6e26c5c9c2 100644 --- a/helm-toolkit/templates/_endpoints.tpl +++ b/helm-toolkit/templates/_endpoints.tpl @@ -126,6 +126,29 @@ {{- end -}} {{- end -}} +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "helm-toolkit.keystone_endpoint_uri_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path | default "" }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath -}} +{{- end -}} +{{- end -}} #------------------------------- # endpoint type lookup @@ -145,7 +168,25 @@ {{- $endpointType | quote -}} {{- end -}} + +#------------------------------- +# endpoint name lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "ks_endpoint_type" } +# will return "heat" + +{{- define "helm-toolkit.keystone_endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} + #------------------------------- # kolla helpers #------------------------------- -{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ include "helm-toolkit.endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} +{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl index 89a7901819..40ccbd8116 100644 --- a/keystone/templates/bin/_db-sync.sh.tpl +++ b/keystone/templates/bin/_db-sync.sh.tpl @@ -22,7 +22,7 @@ keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \ --bootstrap-username {{ .Values.keystone.admin_user }} \ --bootstrap-password {{ .Values.keystone.admin_password }} \ --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \ - --bootstrap-admin-url {{ include "helm-toolkit.endpoint_keystone_admin" . }} \ - --bootstrap-public-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \ - --bootstrap-internal-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \ + --bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ + --bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ + --bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ --bootstrap-region-id {{ .Values.keystone.admin_region_name }} diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 514b3c2f44..c90e685186 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -58,8 +58,10 @@ spec: - bash - /tmp/start.sh ports: - - containerPort: {{ .Values.network.port.public }} - - containerPort: {{ .Values.network.port.admin }} + - name: api-public + containerPort: {{ .Values.network.port.api }} + - name: api-admin + containerPort: {{ .Values.network.port.admin }} lifecycle: preStop: exec: @@ -69,7 +71,7 @@ spec: - graceful-stop readinessProbe: tcpSocket: - port: {{ .Values.network.port.public }} + port: {{ .Values.network.port.api }} volumeMounts: - name: pod-etc-keystone mountPath: /etc/keystone diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index acf95af54c..61785240a5 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -12,13 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }} -Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }} +Listen 0.0.0.0:{{ .Values.network.port.api }} +Listen 0.0.0.0:{{ .Values.network.port.admin }} LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy - + WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main diff --git a/keystone/templates/service.yaml b/keystone/templates/service.yaml index 6300d21cf0..89b439fbcb 100644 --- a/keystone/templates/service.yaml +++ b/keystone/templates/service.yaml @@ -19,7 +19,7 @@ metadata: spec: ports: - name: keystone-api-public - port: {{ .Values.network.port.public }} + port: {{ .Values.network.port.api }} - name: keystone-api-admin port: {{ .Values.network.port.admin }} selector: diff --git a/keystone/values.yaml b/keystone/values.yaml index ad4be87496..05bf4a52c7 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -54,15 +54,7 @@ api: network: port: admin: 35357 - public: 5000 - # alanmeadows(TODO): I seem unable to use {{ .IP }} here - # but it does work for wsrep.conf in mariadb, I have spent - # time trying to figure this out am completely stumped - # - # helm --debug --dry-run shows me that the config map - # contains {{ .IP }} but its simply translated by K8s - # to "" - ip_address: "0.0.0.0" + api: 5000 database: port: 3306 @@ -120,12 +112,12 @@ resources: # values, but should include all endpoints # required by this chart endpoints: - keystone: + identity: + name: keystone hosts: default: keystone-api path: /v3 - type: identity scheme: 'http' port: - admin: 35357 - public: 5000 + admin: 35357 + api: 5000