From 503ed6cdb8d3e062bf23bcb9b7b0919079606eb3 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 2 Mar 2017 00:38:09 +0000 Subject: [PATCH 1/7] Add Revised Keystone Endpoint Lookup Functions into Helm-Toolkit This commit adds the revised helm lookup functions from cinder to Helm-Toolkit. --- helm-toolkit/templates/_endpoints.tpl | 43 ++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/helm-toolkit/templates/_endpoints.tpl b/helm-toolkit/templates/_endpoints.tpl index 7c2134bd02..dcc4f2bdf9 100644 --- a/helm-toolkit/templates/_endpoints.tpl +++ b/helm-toolkit/templates/_endpoints.tpl @@ -126,6 +126,29 @@ {{- end -}} {{- end -}} +# this function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" } +# will return the appropriate URI. Once merged this should phase out the above. + +{{- define "helm-toolkit.endpoint_type_lookup_addr" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPort := index .port $port }} +{{- $endpointPath := .path | default "" }} +{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath -}} +{{- end -}} +{{- end -}} #------------------------------- # endpoint type lookup @@ -145,7 +168,25 @@ {{- $endpointType | quote -}} {{- end -}} + +#------------------------------- +# endpoint name lookup +#------------------------------- + +# this function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "ks_endpoint_type" } +# will return "heat" + +{{- define "helm-toolkit.endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} + #------------------------------- # kolla helpers #------------------------------- -{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ include "helm-toolkit.endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} +{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} From 754ab3ce05f39e0f400fed9fcae6818d13bbf743 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 2 Mar 2017 00:45:40 +0000 Subject: [PATCH 2/7] Update Cinder chart to use Keystone Endpoint functions from Helm-Toolkit --- cinder/templates/_helpers.tpl | 59 -------------------------- cinder/templates/job-ks-endpoints.yaml | 2 +- cinder/templates/job-ks-service.yaml | 2 +- 3 files changed, 2 insertions(+), 61 deletions(-) delete mode 100644 cinder/templates/_helpers.tpl diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl deleted file mode 100644 index 51af65e071..0000000000 --- a/cinder/templates/_helpers.tpl +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This file is required because we use a slightly different endpoint layout in -# the values yaml, until we can make this change for all services. - - -# this function returns the endpoint uri for a service, it takes an tuple -# input in the form: service-type, endpoint-class, port-name. eg: -# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" } -# will return the appropriate URI. Once merged this should phase out the above. - -{{- define "helm-toolkit.endpoint_type_lookup_addr" -}} -{{- $type := index . 0 -}} -{{- $endpoint := index . 1 -}} -{{- $port := index . 2 -}} -{{- $context := index . 3 -}} -{{- $endpointMap := index $context.Values.endpoints $type }} -{{- $fqdn := $context.Release.Namespace -}} -{{- if $context.Values.endpoints.fqdn -}} -{{- $fqdn := $context.Values.endpoints.fqdn -}} -{{- end -}} -{{- with $endpointMap -}} -{{- $endpointScheme := .scheme }} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- $endpointPath := .path }} -{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath | quote -}} -{{- end -}} -{{- end -}} - - -#------------------------------- -# endpoint name lookup -#------------------------------- - -# this function is used in endpoint management templates -# it returns the service type for an openstack service eg: -# { tuple orchestration . | include "ks_endpoint_type" } -# will return "heat" - -{{- define "endpoint_name_lookup" -}} -{{- $type := index . 0 -}} -{{- $context := index . 1 -}} -{{- $endpointMap := index $context.Values.endpoints $type }} -{{- $endpointName := index $endpointMap "name" }} -{{- $endpointName | quote -}} -{{- end -}} diff --git a/cinder/templates/job-ks-endpoints.yaml b/cinder/templates/job-ks-endpoints.yaml index cafd4c8d54..f8e21622b5 100644 --- a/cinder/templates/job-ks-endpoints.yaml +++ b/cinder/templates/job-ks-endpoints.yaml @@ -60,7 +60,7 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index de1e852150..1e17be59eb 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -57,7 +57,7 @@ spec: {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} {{- end }} From 01028991c3e1091746688b5cb5d2091b402b4e37 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 2 Mar 2017 00:51:18 +0000 Subject: [PATCH 3/7] Move Keystone to endpoint type lookups --- keystone/templates/bin/_db-sync.sh.tpl | 6 +++--- keystone/templates/deployment.yaml | 8 +++++--- keystone/templates/etc/_wsgi-keystone.conf.tpl | 4 ++-- keystone/templates/service.yaml | 2 +- keystone/values.yaml | 18 +++++------------- 5 files changed, 16 insertions(+), 22 deletions(-) diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl index 89a7901819..b084669166 100644 --- a/keystone/templates/bin/_db-sync.sh.tpl +++ b/keystone/templates/bin/_db-sync.sh.tpl @@ -22,7 +22,7 @@ keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \ --bootstrap-username {{ .Values.keystone.admin_user }} \ --bootstrap-password {{ .Values.keystone.admin_password }} \ --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \ - --bootstrap-admin-url {{ include "helm-toolkit.endpoint_keystone_admin" . }} \ - --bootstrap-public-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \ - --bootstrap-internal-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \ + --bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ + --bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ + --bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ --bootstrap-region-id {{ .Values.keystone.admin_region_name }} diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml index 514b3c2f44..c90e685186 100644 --- a/keystone/templates/deployment.yaml +++ b/keystone/templates/deployment.yaml @@ -58,8 +58,10 @@ spec: - bash - /tmp/start.sh ports: - - containerPort: {{ .Values.network.port.public }} - - containerPort: {{ .Values.network.port.admin }} + - name: api-public + containerPort: {{ .Values.network.port.api }} + - name: api-admin + containerPort: {{ .Values.network.port.admin }} lifecycle: preStop: exec: @@ -69,7 +71,7 @@ spec: - graceful-stop readinessProbe: tcpSocket: - port: {{ .Values.network.port.public }} + port: {{ .Values.network.port.api }} volumeMounts: - name: pod-etc-keystone mountPath: /etc/keystone diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index acf95af54c..d85cd8f9a1 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -12,8 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }} -Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }} +Listen 0.0.0.0:{{ .Values.network.port.api }} +Listen 0.0.0.0:{{ .Values.network.port.admin }} LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy diff --git a/keystone/templates/service.yaml b/keystone/templates/service.yaml index 6300d21cf0..89b439fbcb 100644 --- a/keystone/templates/service.yaml +++ b/keystone/templates/service.yaml @@ -19,7 +19,7 @@ metadata: spec: ports: - name: keystone-api-public - port: {{ .Values.network.port.public }} + port: {{ .Values.network.port.api }} - name: keystone-api-admin port: {{ .Values.network.port.admin }} selector: diff --git a/keystone/values.yaml b/keystone/values.yaml index ad4be87496..05bf4a52c7 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -54,15 +54,7 @@ api: network: port: admin: 35357 - public: 5000 - # alanmeadows(TODO): I seem unable to use {{ .IP }} here - # but it does work for wsrep.conf in mariadb, I have spent - # time trying to figure this out am completely stumped - # - # helm --debug --dry-run shows me that the config map - # contains {{ .IP }} but its simply translated by K8s - # to "" - ip_address: "0.0.0.0" + api: 5000 database: port: 3306 @@ -120,12 +112,12 @@ resources: # values, but should include all endpoints # required by this chart endpoints: - keystone: + identity: + name: keystone hosts: default: keystone-api path: /v3 - type: identity scheme: 'http' port: - admin: 35357 - public: 5000 + admin: 35357 + api: 5000 From ff0d8ca2679903c1e8b78d78764d6f9a05c24786 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 2 Mar 2017 01:55:48 +0000 Subject: [PATCH 4/7] Finalise Cinder endpoint type lookup implementation --- cinder/templates/deployment-api.yaml | 5 ++-- cinder/templates/etc/_cinder.conf.tpl | 10 ++++--- .../templates/secret-keystone-admin.env.yaml | 2 +- .../templates/secret-keystone-user.env.yaml | 2 +- cinder/templates/service-api.yaml | 4 +-- cinder/values.yaml | 27 ++++++++++--------- 6 files changed, 27 insertions(+), 23 deletions(-) diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index b9d09c57a3..52705f8ad5 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -59,10 +59,11 @@ spec: - --config-dir - /etc/cinder/conf ports: - - containerPort: {{ .Values.service.api.port }} + - name: c-api + containerPort: {{ .Values.network.port.api }} readinessProbe: tcpSocket: - port: {{ .Values.service.api.port }} + port: {{ .Values.network.port.api }} volumeMounts: - name: pod-etc-cinder mountPath: /etc/cinder diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index b03a594774..cc42466ec2 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -22,11 +22,11 @@ volume_name_template = %s osapi_volume_workers = {{ .Values.api.workers }} osapi_volume_listen = 0.0.0.0 -osapi_volume_listen_port = {{ .Values.service.api.port }} +osapi_volume_listen_port = {{ .Values.network.port.api }} api_paste_config = /etc/cinder/api-paste.ini -glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_servers = {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} glance_api_version = {{ .Values.glance.version }} enabled_backends = {{ include "helm-toolkit.joinListWithComma" .Values.backends.enabled }} @@ -44,11 +44,13 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab max_retries = -1 [keystone_authtoken] -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} auth_type = password +region_name = {{ .Values.keystone.cinder_region_name }} project_domain_name = {{ .Values.keystone.cinder_project_domain }} -user_domain_name = {{ .Values.keystone.cinder_user_domain }} project_name = {{ .Values.keystone.cinder_project_name }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} username = {{ .Values.keystone.cinder_user }} password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/secret-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml index 845b87d388..2bb76c347c 100644 --- a/cinder/templates/secret-keystone-admin.env.yaml +++ b/cinder/templates/secret-keystone-admin.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ .Values.keystone.auth_url | b64enc | indent 4 }} +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoint_type_lookup_addr" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.admin_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/cinder/templates/secret-keystone-user.env.yaml b/cinder/templates/secret-keystone-user.env.yaml index 3fa0464ed2..ffaeca04a9 100644 --- a/cinder/templates/secret-keystone-user.env.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ .Values.keystone.auth_url | b64enc | indent 4 }} +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml index e6ec8e6ac8..4347d8e95d 100644 --- a/cinder/templates/service-api.yaml +++ b/cinder/templates/service-api.yaml @@ -15,9 +15,9 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.service.api.name }} + name: cinder-api spec: ports: - - port: {{ .Values.service.api.port }} + - port: {{ .Values.network.port.api }} selector: app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml index a0d5e2b9a6..22e656036b 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -46,8 +46,6 @@ upgrades: max_surge: 3 keystone: - auth_uri: "http://keystone-api:5000" - auth_url: "http://keystone-api:35357" admin_user: "admin" admin_user_domain: "default" admin_password: "password" @@ -63,11 +61,9 @@ keystone: cinder_project_domain: "default" cinder_region_name: "RegionOne" -service: - api: - name: "cinder-api" - port: 8776 - proto: "http" +network: + port: + api: 8776 database: address: mariadb @@ -96,9 +92,6 @@ backends: pool: "volumes" glance: - proto: "http" - host: "glance-api" - port: 9292 version: 2 messaging: @@ -171,8 +164,17 @@ endpoints: path: /v3 scheme: 'http' port: - admin: 35357 - public: 5000 + admin: 35357 + api: 5000 + image: + name: glance + hosts: + default: glance-api + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 volume: name: cinder hosts: @@ -256,4 +258,3 @@ resources: limits: memory: "1024Mi" cpu: "2000m" - From fe7a1cf62da63ee6db511f3aef6fd71617363e9d Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 2 Mar 2017 02:11:59 +0000 Subject: [PATCH 5/7] Rename Keystone Endpoint type functions --- cinder/templates/etc/_cinder.conf.tpl | 4 ++-- cinder/templates/job-ks-endpoints.yaml | 4 ++-- cinder/templates/job-ks-service.yaml | 2 +- cinder/templates/secret-keystone-admin.env.yaml | 2 +- cinder/templates/secret-keystone-user.env.yaml | 2 +- helm-toolkit/templates/_endpoints.tpl | 8 ++++---- keystone/templates/bin/_db-sync.sh.tpl | 6 +++--- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl index cc42466ec2..cb336d6485 100644 --- a/cinder/templates/etc/_cinder.conf.tpl +++ b/cinder/templates/etc/_cinder.conf.tpl @@ -26,7 +26,7 @@ osapi_volume_listen_port = {{ .Values.network.port.api }} api_paste_config = /etc/cinder/api-paste.ini -glance_api_servers = {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} +glance_api_servers = {{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} glance_api_version = {{ .Values.glance.version }} enabled_backends = {{ include "helm-toolkit.joinListWithComma" .Values.backends.enabled }} @@ -45,7 +45,7 @@ max_retries = -1 [keystone_authtoken] auth_version = v3 -auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password region_name = {{ .Values.keystone.cinder_region_name }} project_domain_name = {{ .Values.keystone.cinder_project_domain }} diff --git a/cinder/templates/job-ks-endpoints.yaml b/cinder/templates/job-ks-endpoints.yaml index f8e21622b5..b554fb1b7f 100644 --- a/cinder/templates/job-ks-endpoints.yaml +++ b/cinder/templates/job-ks-endpoints.yaml @@ -60,11 +60,11 @@ spec: - name: OS_SVC_ENDPOINT value: {{ $osServiceEndPoint }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoint_type_lookup_addr" }} + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }} {{- end }} {{- end }} volumes: diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml index 1e17be59eb..77c4257299 100644 --- a/cinder/templates/job-ks-service.yaml +++ b/cinder/templates/job-ks-service.yaml @@ -57,7 +57,7 @@ spec: {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoint_name_lookup" }} + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} - name: OS_SERVICE_TYPE value: {{ $osServiceType }} {{- end }} diff --git a/cinder/templates/secret-keystone-admin.env.yaml b/cinder/templates/secret-keystone-admin.env.yaml index 2bb76c347c..5badd3e38c 100644 --- a/cinder/templates/secret-keystone-admin.env.yaml +++ b/cinder/templates/secret-keystone-admin.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoint_type_lookup_addr" | b64enc | indent 4 }} +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.admin_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/cinder/templates/secret-keystone-user.env.yaml b/cinder/templates/secret-keystone-user.env.yaml index ffaeca04a9..610df50108 100644 --- a/cinder/templates/secret-keystone-user.env.yaml +++ b/cinder/templates/secret-keystone-user.env.yaml @@ -19,7 +19,7 @@ metadata: type: Opaque data: OS_AUTH_URL: | -{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" | b64enc | indent 4 }} +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} OS_REGION_NAME: | {{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} OS_PROJECT_DOMAIN_NAME: | diff --git a/helm-toolkit/templates/_endpoints.tpl b/helm-toolkit/templates/_endpoints.tpl index dcc4f2bdf9..6e26c5c9c2 100644 --- a/helm-toolkit/templates/_endpoints.tpl +++ b/helm-toolkit/templates/_endpoints.tpl @@ -128,10 +128,10 @@ # this function returns the endpoint uri for a service, it takes an tuple # input in the form: service-type, endpoint-class, port-name. eg: -# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" } +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" } # will return the appropriate URI. Once merged this should phase out the above. -{{- define "helm-toolkit.endpoint_type_lookup_addr" -}} +{{- define "helm-toolkit.keystone_endpoint_uri_lookup" -}} {{- $type := index . 0 -}} {{- $endpoint := index . 1 -}} {{- $port := index . 2 -}} @@ -178,7 +178,7 @@ # { tuple orchestration . | include "ks_endpoint_type" } # will return "heat" -{{- define "helm-toolkit.endpoint_name_lookup" -}} +{{- define "helm-toolkit.keystone_endpoint_name_lookup" -}} {{- $type := index . 0 -}} {{- $context := index . 1 -}} {{- $endpointMap := index $context.Values.endpoints $type }} @@ -189,4 +189,4 @@ #------------------------------- # kolla helpers #------------------------------- -{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} +{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}} diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl index b084669166..40ccbd8116 100644 --- a/keystone/templates/bin/_db-sync.sh.tpl +++ b/keystone/templates/bin/_db-sync.sh.tpl @@ -22,7 +22,7 @@ keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \ --bootstrap-username {{ .Values.keystone.admin_user }} \ --bootstrap-password {{ .Values.keystone.admin_password }} \ --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \ - --bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ - --bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ - --bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }} \ + --bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ + --bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ + --bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \ --bootstrap-region-id {{ .Values.keystone.admin_region_name }} From 5e692febcca2da8116ab961f0b19c7de33b53fc9 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 3 Mar 2017 00:44:45 +0000 Subject: [PATCH 6/7] Keystone Apache.conf port fix --- keystone/templates/etc/_wsgi-keystone.conf.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index d85cd8f9a1..61785240a5 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -18,7 +18,7 @@ Listen 0.0.0.0:{{ .Values.network.port.admin }} LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy - + WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main From acc243a768d79336d825c36ddbdb093986367159 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 3 Mar 2017 01:08:59 +0000 Subject: [PATCH 7/7] Move Glance to endpoint type lookups --- glance/templates/bin/_post.sh.tpl | 6 ++-- glance/templates/etc/_glance-api.conf.tpl | 21 +++++++------ .../templates/etc/_glance-registry.conf.tpl | 20 ++++++------ glance/values.yaml | 31 ++++++++++--------- 4 files changed, 42 insertions(+), 36 deletions(-) diff --git a/glance/templates/bin/_post.sh.tpl b/glance/templates/bin/_post.sh.tpl index 3ee65fd939..8aa44495fd 100644 --- a/glance/templates/bin/_post.sh.tpl +++ b/glance/templates/bin/_post.sh.tpl @@ -21,7 +21,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "admin" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=admin \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ @@ -31,7 +31,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=internal \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ @@ -41,7 +41,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \ service_type=image \ description='Openstack Image' \ endpoint_region='{{ .Values.keystone.glance_region_name }}' \ -url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \ +url='{{ tuple "image" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \ interface=public \ region_name='{{ .Values.keystone.admin_region_name }}' \ auth='{{ include "helm-toolkit.keystone_auth" . }}'" \ diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl index f291b9884b..03648ab9e9 100644 --- a/glance/templates/etc/_glance-api.conf.tpl +++ b/glance/templates/etc/_glance-api.conf.tpl @@ -22,27 +22,28 @@ workers = {{ .Values.misc.workers }} registry_host = glance-registry # Enable Copy-on-Write show_image_direct_url = True - + [database] connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} max_retries = -1 - + [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service +region_name = {{ .Values.keystone.glance_region_name }} +project_domain_name = {{ .Values.keystone.glance_project_domain }} +project_name = {{ .Values.keystone.glance_project_name }} +user_domain_name = {{ .Values.keystone.glance_user_domain }} username = {{ .Values.keystone.glance_user }} password = {{ .Values.keystone.glance_password }} - + [paste_deploy] flavor = keystone - + [oslo_messaging_notifications] driver = noop - + [glance_store] filesystem_store_datadir = /var/lib/glance/images/ {{- if .Values.development.enabled }} diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl index e7c80adbbd..24f60dc62b 100644 --- a/glance/templates/etc/_glance-registry.conf.tpl +++ b/glance/templates/etc/_glance-registry.conf.tpl @@ -16,25 +16,27 @@ debug = {{ .Values.misc.debug }} use_syslog = False use_stderr = True + bind_port = {{ .Values.network.port.registry }} workers = {{ .Values.misc.workers }} - + [database] connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }} max_retries = -1 - + [keystone_authtoken] -auth_uri = {{ .Values.keystone.auth_uri }} -auth_url = {{ .Values.keystone.auth_url }} +auth_version = v3 +auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service +region_name = {{ .Values.keystone.glance_region_name }} +project_domain_name = {{ .Values.keystone.glance_project_domain }} +project_name = {{ .Values.keystone.glance_project_name }} +user_domain_name = {{ .Values.keystone.glance_user_domain }} username = {{ .Values.keystone.glance_user }} password = {{ .Values.keystone.glance_password }} - + [paste_deploy] flavor = keystone - + [oslo_messaging_notifications] driver = noop diff --git a/glance/values.yaml b/glance/values.yaml index 51e4cd98bc..4d09b50c4d 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -46,22 +46,25 @@ upgrades: max_surge: 3 keystone: - auth_uri: "http://keystone-api:5000" - auth_url: "http://keystone-api:35357" admin_user: "admin" + admin_user_domain: "default" admin_password: "password" admin_project_name: "admin" + admin_project_domain: "default" admin_region_name: "RegionOne" glance_user: "glance" + glance_user_domain: "default" + glance_user_role: "admin" glance_password: "password" + glance_project_name: "service" + glance_project_domain: "default" glance_region_name: "RegionOne" network: port: api: 9292 registry: 9191 - ip_address: "0.0.0.0" database: address: mariadb @@ -173,21 +176,21 @@ dependencies: # values, but should include all endpoints # required by this chart endpoints: - glance: + identity: + name: keystone + hosts: + default: keystone-api + path: /v3 + scheme: 'http' + port: + admin: 35357 + api: 5000 + image: + name: glance hosts: default: glance-api - type: image path: null scheme: 'http' port: api: 9292 registry: 9191 - keystone: - hosts: - default: keystone-api - path: /v3 - type: identity - scheme: 'http' - port: - admin: 35357 - public: 5000