From 70d010d63ab2a781e55074675285c0605268a182 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 8 Sep 2017 01:17:49 -0500 Subject: [PATCH] Ironic: chart and initial gate scripts This PS adds a chart, and checks, for OpenStack Ironic. Change-Id: I9632885e5a0ca18e4e425c6b163f73d0d1e5649d --- .zuul.yaml | 12 + ironic/Chart.yaml | 25 + ironic/requirements.yaml | 18 + ironic/templates/bin/_bootstrap.sh.tpl | 20 + ironic/templates/bin/_db-sync.sh.tpl | 21 + ironic/templates/bin/_ironic-api.sh.tpl | 31 ++ .../bin/_ironic-conductor-http-init.sh.tpl | 39 ++ .../bin/_ironic-conductor-http.sh.tpl | 23 + .../bin/_ironic-conductor-init.sh.tpl | 57 +++ .../bin/_ironic-conductor-pxe-init.sh.tpl | 31 ++ .../bin/_ironic-conductor-pxe.sh.tpl | 39 ++ ironic/templates/bin/_ironic-conductor.sh.tpl | 26 + ironic/templates/configmap-bin.yaml | 53 ++ ironic/templates/configmap-etc.yaml | 212 ++++++++ ironic/templates/deployment-api.yaml | 93 ++++ ironic/templates/etc/_nginx.conf.tpl | 41 ++ ironic/templates/etc/_tftp-map-file.tpl | 4 + ironic/templates/ingress-api.yaml | 57 +++ ironic/templates/job-bootstrap.yaml | 66 +++ ironic/templates/job-db-init.yaml | 81 ++++ ironic/templates/job-db-sync.yaml | 69 +++ ironic/templates/job-ks-endpoints.yaml | 73 +++ ironic/templates/job-ks-service.yaml | 67 +++ ironic/templates/job-ks-user.yaml | 68 +++ ironic/templates/pdb-api.yaml | 29 ++ ironic/templates/secret-db.yaml | 30 ++ ironic/templates/secret-keystone.yaml | 30 ++ ironic/templates/service-api.yaml | 36 ++ ironic/templates/service-ingress-api.yaml | 30 ++ ironic/templates/statefulset-conductor.yaml | 203 ++++++++ ironic/values.yaml | 459 ++++++++++++++++++ nova/templates/bin/_nova-scheduler.sh.tpl | 3 +- .../baremetal/000-install-packages.sh | 1 + tools/deployment/baremetal/005-setup-nodes.sh | 117 +++++ .../deployment/baremetal/010-setup-client.sh | 38 ++ tools/deployment/baremetal/020-ingress.sh | 48 ++ tools/deployment/baremetal/030-ceph.sh | 91 ++++ .../baremetal/035-ceph-ns-activate.sh | 69 +++ tools/deployment/baremetal/040-mariadb.sh | 34 ++ tools/deployment/baremetal/050-rabbitmq.sh | 34 ++ tools/deployment/baremetal/060-memcached.sh | 33 ++ tools/deployment/baremetal/080-keystone.sh | 36 ++ tools/deployment/baremetal/090-glance.sh | 39 ++ tools/deployment/baremetal/100-heat.sh | 35 ++ tools/deployment/baremetal/110-compute-kit.sh | 204 ++++++++ .../800-create-baremetal-host-aggregate.sh | 30 ++ .../baremetal/810-register-baremetal-nodes.sh | 77 +++ .../baremetal/820-create-baremetal-flavor.sh | 32 ++ tools/deployment/baremetal/900-use-it.sh | 66 +++ .../developer/common/030-ingress.sh | 2 +- tools/gate/files/fake-baremetal-1.xml | 70 +++ .../gate/files/heat-basic-bm-deployment.yaml | 41 ++ tools/gate/playbooks/ironic-deploy.yaml | 118 +++++ tools/images/ceph-config-helper/README.rst | 2 +- tools/images/vbmc/Dockerfile | 36 ++ tools/images/vbmc/README.rst | 37 ++ 56 files changed, 3333 insertions(+), 3 deletions(-) create mode 100644 ironic/Chart.yaml create mode 100644 ironic/requirements.yaml create mode 100644 ironic/templates/bin/_bootstrap.sh.tpl create mode 100644 ironic/templates/bin/_db-sync.sh.tpl create mode 100644 ironic/templates/bin/_ironic-api.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor-http-init.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor-http.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor-init.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor-pxe.sh.tpl create mode 100644 ironic/templates/bin/_ironic-conductor.sh.tpl create mode 100644 ironic/templates/configmap-bin.yaml create mode 100644 ironic/templates/configmap-etc.yaml create mode 100644 ironic/templates/deployment-api.yaml create mode 100644 ironic/templates/etc/_nginx.conf.tpl create mode 100644 ironic/templates/etc/_tftp-map-file.tpl create mode 100644 ironic/templates/ingress-api.yaml create mode 100644 ironic/templates/job-bootstrap.yaml create mode 100644 ironic/templates/job-db-init.yaml create mode 100644 ironic/templates/job-db-sync.yaml create mode 100644 ironic/templates/job-ks-endpoints.yaml create mode 100644 ironic/templates/job-ks-service.yaml create mode 100644 ironic/templates/job-ks-user.yaml create mode 100644 ironic/templates/pdb-api.yaml create mode 100644 ironic/templates/secret-db.yaml create mode 100644 ironic/templates/secret-keystone.yaml create mode 100644 ironic/templates/service-api.yaml create mode 100644 ironic/templates/service-ingress-api.yaml create mode 100644 ironic/templates/statefulset-conductor.yaml create mode 100644 ironic/values.yaml create mode 120000 tools/deployment/baremetal/000-install-packages.sh create mode 100755 tools/deployment/baremetal/005-setup-nodes.sh create mode 100755 tools/deployment/baremetal/010-setup-client.sh create mode 100755 tools/deployment/baremetal/020-ingress.sh create mode 100755 tools/deployment/baremetal/030-ceph.sh create mode 100755 tools/deployment/baremetal/035-ceph-ns-activate.sh create mode 100755 tools/deployment/baremetal/040-mariadb.sh create mode 100755 tools/deployment/baremetal/050-rabbitmq.sh create mode 100755 tools/deployment/baremetal/060-memcached.sh create mode 100755 tools/deployment/baremetal/080-keystone.sh create mode 100755 tools/deployment/baremetal/090-glance.sh create mode 100755 tools/deployment/baremetal/100-heat.sh create mode 100755 tools/deployment/baremetal/110-compute-kit.sh create mode 100755 tools/deployment/baremetal/800-create-baremetal-host-aggregate.sh create mode 100755 tools/deployment/baremetal/810-register-baremetal-nodes.sh create mode 100755 tools/deployment/baremetal/820-create-baremetal-flavor.sh create mode 100755 tools/deployment/baremetal/900-use-it.sh create mode 100644 tools/gate/files/fake-baremetal-1.xml create mode 100644 tools/gate/files/heat-basic-bm-deployment.yaml create mode 100644 tools/gate/playbooks/ironic-deploy.yaml create mode 100644 tools/images/vbmc/Dockerfile create mode 100644 tools/images/vbmc/README.rst diff --git a/.zuul.yaml b/.zuul.yaml index b5ac8a519d..ce2dfd2a08 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -45,6 +45,12 @@ - ^.*\.rst$ - ^doc/.*$ - ^releasenotes/.*$ + - openstack-helm-ironic-ubuntu: + voting: false + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^releasenotes/.*$ gate: jobs: - openstack-helm-linter: @@ -124,3 +130,9 @@ name: openstack-helm-multinode-fedora parent: openstack-helm-multinode nodeset: openstack-helm-five-node-fedora + +- job: + name: openstack-helm-ironic-ubuntu + parent: openstack-helm-multinode + nodeset: openstack-helm-ubuntu + run: tools/gate/playbooks/ironic-deploy.yaml diff --git a/ironic/Chart.yaml b/ironic/Chart.yaml new file mode 100644 index 0000000000..5bad36fea5 --- /dev/null +++ b/ironic/Chart.yaml @@ -0,0 +1,25 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Ironic +name: ironic +version: 0.1.0 +home: https://docs.openstack.org/developer/ironic +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png +sources: + - https://git.openstack.org/cgit/openstack/ironic + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/ironic/requirements.yaml b/ironic/requirements.yaml new file mode 100644 index 0000000000..53782e69b2 --- /dev/null +++ b/ironic/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/ironic/templates/bin/_bootstrap.sh.tpl b/ironic/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..533c0a5a3f --- /dev/null +++ b/ironic/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/ironic/templates/bin/_db-sync.sh.tpl b/ironic/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..9adc7e573a --- /dev/null +++ b/ironic/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +ironic-dbsync upgrade diff --git a/ironic/templates/bin/_ironic-api.sh.tpl b/ironic/templates/bin/_ironic-api.sh.tpl new file mode 100644 index 0000000000..eba0404c15 --- /dev/null +++ b/ironic/templates/bin/_ironic-api.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec ironic-api \ + --config-file /etc/ironic/ironic.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl new file mode 100644 index 0000000000..3aacee62e8 --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl @@ -0,0 +1,39 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then + echo "Provisioner interface is not set" + exit 1 +fi + +function net_pxe_addr { + ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }" +} +function net_pxe_ip { + echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }' +} +PXE_IP=$(net_pxe_ip) + +if [ "x" == "x${PXE_IP}" ]; then + echo "Could not find IP for pxe to bind to" + exit 1 +fi + +sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf diff --git a/ironic/templates/bin/_ironic-conductor-http.sh.tpl b/ironic/templates/bin/_ironic-conductor-http.sh.tpl new file mode 100644 index 0000000000..c346fbac98 --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor-http.sh.tpl @@ -0,0 +1,23 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +mkdir -p /var/lib/openstack-helm/httpboot +cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf +exec nginx -g 'daemon off;' diff --git a/ironic/templates/bin/_ironic-conductor-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-init.sh.tpl new file mode 100644 index 0000000000..2460925f5a --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor-init.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then + echo "Provisioner interface is not set" + exit 1 +fi + +function net_pxe_addr { + ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }" +} +function net_pxe_ip { + echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }' +} +PXE_IP=$(net_pxe_ip) + +if [ "x" == "x${PXE_IP}" ]; then + echo "Could not find IP for pxe to bind to" + exit 1 +fi + +cat </tmp/pod-shared/conductor-local-ip.conf +[DEFAULT] + +# IP address of this host. If unset, will determine the IP +# programmatically. If unable to do so, will use "127.0.0.1". +# (string value) +my_ip = ${PXE_IP} + +[pxe] +# IP address of ironic-conductor node's TFTP server. (string +# value) +tftp_server = ${PXE_IP} + +[deploy] +# ironic-conductor node's HTTP server URL. Example: +# http://192.1.2.3:8080 (string value) +# from .deploy.ironic.http_url +http_url = http://${PXE_IP}:{{ tuple "baremetal" "internal" "pxe_http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +EOF diff --git a/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl new file mode 100644 index 0000000000..2ae06d8a7b --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +apt-get update +apt-get install ipxe -y + +mkdir -p /var/lib/openstack-helm/tftpboot +mkdir -p /var/lib/openstack-helm/tftpboot/master_images + +for FILE in undionly.kpxe ipxe.efi; do + if [ -f /usr/lib/ipxe/$FILE ]; then + cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot + fi +done diff --git a/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl b/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl new file mode 100644 index 0000000000..3c642de6c3 --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl @@ -0,0 +1,39 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +function net_pxe_addr { + ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }" +} +function net_pxe_ip { + echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }' +} +PXE_IP=$(net_pxe_ip) + +if [ "x" == "x${PXE_IP}" ]; then + echo "Could not find IP for pxe to bind to" + exit 1 +fi + +ln -s /var/lib/openstack-helm/tftpboot /tftpboot +exec /usr/sbin/in.tftpd \ + --verbose \ + --foreground \ + --user root \ + --address ${PXE_IP}:69 \ + --map-file /tftp-map-file /tftpboot diff --git a/ironic/templates/bin/_ironic-conductor.sh.tpl b/ironic/templates/bin/_ironic-conductor.sh.tpl new file mode 100644 index 0000000000..7349b5bf05 --- /dev/null +++ b/ironic/templates/bin/_ironic-conductor.sh.tpl @@ -0,0 +1,26 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +mkdir -p /var/lib/openstack-helm/ironic/images +mkdir -p /var/lib/openstack-helm/ironic/master_images + +exec ironic-conductor \ + --config-file /etc/ironic/ironic.conf \ + --config-file /tmp/pod-shared/conductor-local-ip.conf diff --git a/ironic/templates/configmap-bin.yaml b/ironic/templates/configmap-bin.yaml new file mode 100644 index 0000000000..a5ecbcf4e1 --- /dev/null +++ b/ironic/templates/configmap-bin.yaml @@ -0,0 +1,53 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ironic-bin +data: +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: |+ +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: |+ +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + ironic-api.sh: | +{{ tuple "bin/_ironic-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor.sh: | +{{ tuple "bin/_ironic-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor-init.sh: | +{{ tuple "bin/_ironic-conductor-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor-pxe.sh: | +{{ tuple "bin/_ironic-conductor-pxe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor-pxe-init.sh: | +{{ tuple "bin/_ironic-conductor-pxe-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor-http.sh: | +{{ tuple "bin/_ironic-conductor-http.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ironic-conductor-http-init.sh: | +{{ tuple "bin/_ironic-conductor-http-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml new file mode 100644 index 0000000000..edba009799 --- /dev/null +++ b/ironic/templates/configmap-etc.yaml @@ -0,0 +1,212 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.ironic.keystone_authtoken.auth_uri -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.keystone_authtoken "auth_uri" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.region_name -}} +{{- set .Values.conf.ironic.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ironic.region_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.project_name -}} +{{- set .Values.conf.ironic.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.project_domain_name -}} +{{- set .Values.conf.ironic.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.user_domain_name -}} +{{- set .Values.conf.ironic.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.username -}} +{{- set .Values.conf.ironic.keystone_authtoken "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.password -}} +{{- set .Values.conf.ironic.keystone_authtoken "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.database.connection -}} +{{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.DEFAULT.transport_url -}} +{{- tuple "oslo_messaging" "internal" "ironic" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ironic.DEFAULT "transport_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.glance.glance_host -}} +{{- tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup"| set .Values.conf.ironic.glance "glance_host" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.glance_port -}} +{{- tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup"| set .Values.conf.ironic.glance "glance_port" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.glance.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.glance "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.project_name -}} +{{- set .Values.conf.ironic.glance "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.project_domain_name -}} +{{- set .Values.conf.ironic.glance "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.user_domain_name -}} +{{- set .Values.conf.ironic.glance "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.username -}} +{{- set .Values.conf.ironic.glance "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.glance.password -}} +{{- set .Values.conf.ironic.glance "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + + +{{- if empty .Values.conf.ironic.inspector.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.inspector "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.inspector.project_name -}} +{{- set .Values.conf.ironic.inspector "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.inspector.project_domain_name -}} +{{- set .Values.conf.ironic.inspector "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.inspector.user_domain_name -}} +{{- set .Values.conf.ironic.inspector "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.inspector.username -}} +{{- set .Values.conf.ironic.inspector "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.inspector.password -}} +{{- set .Values.conf.ironic.inspector "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + + +{{- if empty .Values.conf.ironic.neutron.url -}} +{{- tuple "network" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.neutron "url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.neutron "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.project_name -}} +{{- set .Values.conf.ironic.neutron "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.project_domain_name -}} +{{- set .Values.conf.ironic.neutron "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.user_domain_name -}} +{{- set .Values.conf.ironic.neutron "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.username -}} +{{- set .Values.conf.ironic.neutron "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.neutron.password -}} +{{- set .Values.conf.ironic.neutron "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.service_catalog.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.service_catalog "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.service_catalog.project_name -}} +{{- set .Values.conf.ironic.service_catalog "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.service_catalog.project_domain_name -}} +{{- set .Values.conf.ironic.service_catalog "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.service_catalog.user_domain_name -}} +{{- set .Values.conf.ironic.service_catalog "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.service_catalog.username -}} +{{- set .Values.conf.ironic.service_catalog "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.service_catalog.password -}} +{{- set .Values.conf.ironic.service_catalog "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.swift.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.swift "auth_url" | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.swift.project_name -}} +{{- set .Values.conf.ironic.swift "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.swift.project_domain_name -}} +{{- set .Values.conf.ironic.swift "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.swift.user_domain_name -}} +{{- set .Values.conf.ironic.swift "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.swift.username -}} +{{- set .Values.conf.ironic.swift "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.ironic.swift.password -}} +{{- set .Values.conf.ironic.swift "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.conductor.api_url -}} +{{- tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.conductor "api_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.api.public_endpoint -}} +{{- tuple "baremetal" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.api "public_endpoint" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.glance.swift_endpoint_url -}} +{{- tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| trimSuffix .Values.endpoints.ceph_object_store.path.default | set .Values.conf.ironic.glance "swift_endpoint_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.glance.swift_temp_url_key -}} +{{- set .Values.conf.ironic.glance "swift_temp_url_key" .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.ironic.api.port -}} +{{- set .Values.conf.ironic.api "port" (tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ironic-etc +data: + ironic.conf: |+ +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | indent 4 }} + policy.json: |+ +{{ toJson .Values.conf.policy | indent 4 }} + tftp-map-file: |+ +{{ if .Values.conf.tftp_map_file.override -}} +{{ .Values.conf.tftp_map_file.override | indent 4 }} +{{- else -}} +{{ tuple "etc/_tftp-map-file.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.tftp_map_file.append -}} +{{ .Values.conf.tftp_map_file.append | indent 4 }} +{{- end }} + nginx.conf: |+ +{{ if .Values.conf.nginx.override -}} +{{ .Values.conf.nginx.override | indent 4 }} +{{- else -}} +{{ tuple "etc/_nginx.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.nginx.append -}} +{{ .Values.conf.nginx.append | indent 4 }} +{{- end }} +{{- end }} diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml new file mode 100644 index 0000000000..f3cb4d8e07 --- /dev/null +++ b/ironic/templates/deployment-api.yaml @@ -0,0 +1,93 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.api }} + +{{- $mounts_ironic_api := .Values.pod.mounts.ironic_api.ironic_api }} +{{- $mounts_ironic_api_init := .Values.pod.mounts.ironic_api.init_container }} + +{{- $serviceAccountName := "ironic-api" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: ironic-api +spec: + replicas: {{ .Values.pod.replicas.api }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_ironic_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ironic-api + image: {{ .Values.images.tags.ironic_api }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ironic-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ironic-api.sh + - stop + ports: + - containerPort: {{ tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-api.sh + subPath: ironic-api.sh + readOnly: true + - name: ironic-etc + mountPath: /etc/ironic/ironic.conf + subPath: ironic.conf + readOnly: true + - name: ironic-etc + mountPath: /etc/ironic/policy.json + subPath: policy.json + readOnly: true +{{- if $mounts_ironic_api.volumeMounts }}{{ toYaml $mounts_ironic_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: ironic-bin + configMap: + name: ironic-bin + defaultMode: 0555 + - name: ironic-etc + configMap: + name: ironic-etc + defaultMode: 0444 +{{- if $mounts_ironic_api.volumes }}{{ toYaml $mounts_ironic_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/ironic/templates/etc/_nginx.conf.tpl b/ironic/templates/etc/_nginx.conf.tpl new file mode 100644 index 0000000000..e070746b3c --- /dev/null +++ b/ironic/templates/etc/_nginx.conf.tpl @@ -0,0 +1,41 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + server { + listen OSH_PXE_IP:{{ tuple "baremetal" "internal" "pxe_http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /var/lib/openstack-helm/httpboot; + } + } +} diff --git a/ironic/templates/etc/_tftp-map-file.tpl b/ironic/templates/etc/_tftp-map-file.tpl new file mode 100644 index 0000000000..812abe0c5c --- /dev/null +++ b/ironic/templates/etc/_tftp-map-file.tpl @@ -0,0 +1,4 @@ +re ^(/tftpboot/) /tftpboot/\2 +re ^/tftpboot/ /tftpboot/ +re ^(^/) /tftpboot/\1 +re ^([^/]) /tftpboot/\1 diff --git a/ironic/templates/ingress-api.yaml b/ironic/templates/ingress-api.yaml new file mode 100644 index 0000000000..111b182716 --- /dev/null +++ b/ironic/templates/ingress-api.yaml @@ -0,0 +1,57 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $envAll := . }} +{{- $backendServiceType := "baremetal" }} +{{- $backendPort := "m-api" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: +{{ if ne $hostNameNamespaced $hostNameFull }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- else }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} diff --git a/ironic/templates/job-bootstrap.yaml b/ironic/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..1a670a3aef --- /dev/null +++ b/ironic/templates/job-bootstrap.yaml @@ -0,0 +1,66 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.bootstrap }} + +{{- $mounts_ironic_bootstrap := .Values.pod.mounts.ironic_bootstrap.ironic_bootstrap }} +{{- $mounts_ironic_bootstrap_init := .Values.pod.mounts.ironic_bootstrap.init_container }} + +{{- $serviceAccountName := "ironic-bootstrap" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-bootstrap +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies $mounts_ironic_bootstrap_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ironic-bootstrap + image: {{ .Values.images.tags.bootstrap }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.ironic }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + command: + - /tmp/bootstrap.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true +{{- if $mounts_ironic_bootstrap.volumeMounts }}{{ toYaml $mounts_ironic_bootstrap.volumeMounts | indent 10 }}{{ end }} + volumes: + - name: ironic-bin + configMap: + name: ironic-bin + defaultMode: 0555 +{{- if $mounts_ironic_bootstrap.volumes }}{{ toYaml $mounts_ironic_bootstrap.volumes | indent 6 }}{{ end }} +{{- end }} diff --git a/ironic/templates/job-db-init.yaml b/ironic/templates/job-db-init.yaml new file mode 100644 index 0000000000..d98ef79c13 --- /dev/null +++ b/ironic/templates/job-db-init.yaml @@ -0,0 +1,81 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init }} + +{{- $serviceAccountName := "ironic-db-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ironic-db-init + image: {{ .Values.images.tags.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/ironic/ironic.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection + command: + - /tmp/db-init.py + volumeMounts: + - name: ironic-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etcironic + mountPath: /etc/ironic + - name: ironic-etc + mountPath: /etc/ironic/ironic.conf + subPath: ironic.conf + readOnly: true + volumes: + - name: etcironic + emptyDir: {} + - name: ironic-etc + configMap: + name: ironic-etc + defaultMode: 0444 + - name: ironic-bin + configMap: + name: ironic-bin + defaultMode: 0555 +{{- end }} diff --git a/ironic/templates/job-db-sync.yaml b/ironic/templates/job-db-sync.yaml new file mode 100644 index 0000000000..b509dfb03e --- /dev/null +++ b/ironic/templates/job-db-sync.yaml @@ -0,0 +1,69 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_sync }} + +{{- $serviceAccountName := "ironic-db-sync" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ironic-db-sync + image: {{ .Values.images.tags.ironic_db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etcironic + mountPath: /etc/ironic + - name: ironic-etc + mountPath: /etc/ironic/ironic.conf + subPath: ironic.conf + readOnly: true + volumes: + - name: etcironic + emptyDir: {} + - name: ironic-etc + configMap: + name: ironic-etc + defaultMode: 0444 + - name: ironic-bin + configMap: + name: ironic-bin + defaultMode: 0555 +{{- end }} diff --git a/ironic/templates/job-ks-endpoints.yaml b/ironic/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..ff7c314635 --- /dev/null +++ b/ironic/templates/job-ks-endpoints.yaml @@ -0,0 +1,73 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} + +{{- $serviceAccountName := "ironic-ks-endpoints" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "baremetal" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.tags.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: ironic-bin + defaultMode: 0555 +{{- end }} diff --git a/ironic/templates/job-ks-service.yaml b/ironic/templates/job-ks-service.yaml new file mode 100644 index 0000000000..91974b21ef --- /dev/null +++ b/ironic/templates/job-ks-service.yaml @@ -0,0 +1,67 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_service }} + +{{- $serviceAccountName := "ironic-ks-service" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "baremetal" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.tags.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: ironic-bin + defaultMode: 0555 +{{- end }} diff --git a/ironic/templates/job-ks-user.yaml b/ironic/templates/job-ks-user.yaml new file mode 100644 index 0000000000..168249998b --- /dev/null +++ b/ironic/templates/job-ks-user.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} + +{{- $serviceAccountName := "ironic-ks-user" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ironic-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "ironic" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ironic-ks-user + image: {{ .Values.images.tags.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "ironic" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.ironic }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.ironic.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: ironic-bin + defaultMode: 0555 +{{- end }} diff --git a/ironic/templates/pdb-api.yaml b/ironic/templates/pdb-api.yaml new file mode 100644 index 0000000000..c4402e4bbf --- /dev/null +++ b/ironic/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ironic-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/ironic/templates/secret-db.yaml b/ironic/templates/secret-db.yaml new file mode 100644 index 0000000000..eb988907d0 --- /dev/null +++ b/ironic/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "ironic" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/ironic/templates/secret-keystone.yaml b/ironic/templates/secret-keystone.yaml new file mode 100644 index 0000000000..0d76607df0 --- /dev/null +++ b/ironic/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "ironic" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/ironic/templates/service-api.yaml b/ironic/templates/service-api.yaml new file mode 100644 index 0000000000..f1921f74f3 --- /dev/null +++ b/ironic/templates/service-api.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "baremetal" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: m-api + port: {{ tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/ironic/templates/service-ingress-api.yaml b/ironic/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..8b74b8cf1b --- /dev/null +++ b/ironic/templates/service-ingress-api.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "baremetal" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml new file mode 100644 index 0000000000..0faa7fc4b7 --- /dev/null +++ b/ironic/templates/statefulset-conductor.yaml @@ -0,0 +1,203 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset_conductor }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.conductor }} + +{{- $mounts_ironic_conductor := .Values.pod.mounts.ironic_conductor.ironic_conductor }} +{{- $mounts_ironic_conductor_init := .Values.pod.mounts.ironic_conductor.init_container }} + +{{- $serviceAccountName := "ironic-conductor" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: ironic-conductor +spec: + serviceName: ironic-conductor + replicas: {{ .Values.pod.replicas.conductor }} + template: + metadata: + labels: +{{ tuple $envAll "ironic" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "ironic" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + securityContext: + runAsUser: 0 + hostNetwork: True + hostIPC: True + dnsPolicy: ClusterFirstWithHostNet + initContainers: +{{ tuple $envAll $dependencies $mounts_ironic_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: ironic-conductor-pxe-init + image: {{ .Values.images.tags.ironic_pxe_init }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ironic-conductor-pxe-init.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor-pxe-init.sh + subPath: ironic-conductor-pxe-init.sh + readOnly: true + - name: pod-data + mountPath: /var/lib/openstack-helm + - name: ironic-conductor-init + image: {{ .Values.images.tags.ironic_conductor }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: PROVISIONER_INTERFACE + value: {{ .Values.network.interface.provisioner }} + command: + - /tmp/ironic-conductor-init.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor-init.sh + subPath: ironic-conductor-init.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: ironic-conductor-http-init + image: {{ .Values.images.tags.ironic_conductor }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: PROVISIONER_INTERFACE + value: {{ .Values.network.interface.provisioner }} + command: + - /tmp/ironic-conductor-http-init.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor-http-init.sh + subPath: ironic-conductor-http-init.sh + readOnly: true + - name: ironic-etc + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + containers: + - name: ironic-conductor + image: {{ .Values.images.tags.ironic_conductor }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true + command: + - /tmp/ironic-conductor.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor.sh + subPath: ironic-conductor.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: pod-var-cache-ironic + mountPath: /var/cache/ironic + - name: ironic-etc + mountPath: /etc/ironic/ironic.conf + subPath: ironic.conf + readOnly: true + - name: ironic-etc + mountPath: /etc/ironic/policy.json + subPath: policy.json + readOnly: true + - name: host-var-lib-ironic + mountPath: /var/lib/ironic + - name: host-run + mountPath: /var/run + - name: host-dev + mountPath: /dev + - name: host-sys + mountPath: /sys + - name: pod-data + mountPath: /var/lib/openstack-helm + - name: ironic-conductor-pxe + image: {{ .Values.images.tags.ironic_pxe }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true + env: + - name: PROVISIONER_INTERFACE + value: {{ .Values.network.interface.provisioner }} + command: + - /tmp/ironic-conductor-pxe.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor-pxe.sh + subPath: ironic-conductor-pxe.sh + readOnly: true + - name: ironic-etc + mountPath: /tftp-map-file + subPath: tftp-map-file + readOnly: true + - name: pod-data + mountPath: /var/lib/openstack-helm + - name: ironic-conductor-http + image: {{ .Values.images.tags.ironic_pxe_http }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ironic-conductor-http.sh + volumeMounts: + - name: ironic-bin + mountPath: /tmp/ironic-conductor-http.sh + subPath: ironic-conductor-http.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + readOnly: true + - name: pod-data + mountPath: /var/lib/openstack-helm +{{- if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-shared + emptyDir: {} + - name: pod-var-cache-ironic + emptyDir: {} + - name: ironic-bin + configMap: + name: ironic-bin + defaultMode: 0555 + - name: ironic-etc + configMap: + name: ironic-etc + defaultMode: 0444 + - name: host-var-lib-ironic + hostPath: + path: /var/lib/ironic + - name: host-run + hostPath: + path: /var/run + - name: host-dev + hostPath: + path: /dev + - name: host-sys + hostPath: + path: /sys + - name: pod-data + emptyDir: {} +{{- if $mounts_ironic_conductor.volumes }}{{ toYaml $mounts_ironic_conductor.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/ironic/values.yaml b/ironic/values.yaml new file mode 100644 index 0000000000..809a5516a3 --- /dev/null +++ b/ironic/values.yaml @@ -0,0 +1,459 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ironic_db_sync: docker.io/kolla/ubuntu-source-ironic-api:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ironic_api: docker.io/kolla/ubuntu-source-ironic-api:3.0.3 + ironic_conductor: docker.io/kolla/ubuntu-source-ironic-conductor:3.0.3 + ironic_pxe: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3 + ironic_pxe_init: docker.io/kolla/ubuntu-source-ironic-pxe:3.0.3 + ironic_pxe_http: docker.io/nginx:1.13.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + pull_policy: "IfNotPresent" + +conf: + paste: + override: + append: + policy: {} + tftp_map_file: + override: + append: + nginx: + override: + append: + ironic: + DEFAULT: + enabled_drivers: agent_ipmitool + api: + port: null + conductor: + api_url: null + database: + connection: null + deploy: + http_root: /var/lib/openstack-helm/httpboot + glance: + auth_type: password + swift_temp_url_duration: 86400 + temp_url_endpoint_type: radosgw + inspector: + auth_type: password + keystone_authtoken: + auth_type: password + auth_version: v3 + neutron: + auth_type: password + cleaning_network_uuid: null + pxe: + pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1" + images_path: /var/lib/openstack-helm/ironic/images + instance_master_path: /var/lib/openstack-helm/ironic/master_images + pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template + uefi_pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template + tftp_root: /var/lib/openstack-helm/tftpboot + tftp_master_path: /var/lib/openstack-helm/tftpboot/master_images + pxe_bootfile_name: undionly.kpxe + uefi_pxe_bootfile_name: ipxe.efi + ipxe_enabled: true + service_catalog: + auth_type: password + swift: + auth_url: null + +network: + interface: + provisioner: null + api: + ingress: + public: true + node_port: + enabled: false + port: 30511 + +bootstrap: + enabled: true + script: | + RELEASE="newton" + IMAGE_URL_BASE="http://tarballs.openstack.org/ironic-python-agent/tinyipa/files" + IMAGE_INITRAMFS="ironic-agent.initramfs" + IMAGE_INITRAMFS_URL="${IMAGE_URL_BASE}/tinyipa-stable-${RELEASE}.gz" + IMAGE_KERNEL="ironic-agent.kernel" + IMAGE_KERNEL_URL="${IMAGE_URL_BASE}/tinyipa-stable-${RELEASE}.vmlinuz" + openstack image show ${IMAGE_INITRAMFS} || ( + IMAGE_LOC=$(mktemp) + curl -L ${IMAGE_INITRAMFS_URL} -o ${IMAGE_LOC} + openstack image create \ + --file ${IMAGE_LOC} \ + --disk-format ari \ + --container-format ari \ + --public \ + ${IMAGE_INITRAMFS} + rm -f ${IMAGE_LOC} + ) + openstack image show ${IMAGE_KERNEL} || ( + IMAGE_LOC=$(mktemp) + curl -L ${IMAGE_KERNEL_URL} -o ${IMAGE_LOC} + openstack image create \ + --file ${IMAGE_LOC} \ + --disk-format aki \ + --container-format aki \ + --public \ + ${IMAGE_KERNEL} + rm -f ${IMAGE_LOC} + ) + +dependencies: + db_init: + services: + - service: oslo_db + endpoint: internal + db_sync: + jobs: + - ironic-db-init + services: + - service: oslo_db + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - ironic-ks-service + services: + - service: identity + endpoint: internal + bootstrap: + jobs: + - ironic-db-sync + - ironic-ks-user + - ironic-ks-endpoints + services: + - service: identity + endpoint: internal + - service: image + endpoint: internal + - service: baremetal + endpoint: internal + api: + jobs: + - ironic-db-sync + - ironic-ks-user + - ironic-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + conductor: + jobs: + - ironic-db-sync + - ironic-ks-user + - ironic-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + - service: baremetal + endpoint: internal + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: ironic-keystone-admin + ironic: ironic-keystone-user + oslo_db: + admin: ironic-db-admin + ironic: ironic-db-user + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + ironic: + role: admin + region_name: RegionOne + username: ironic + password: password + project_name: service + user_domain_name: default + project_domain_name: default + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + baremetal: + name: ironic + hosts: + default: ironic-api + public: ironic + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 6385 + public: 80 + pxe_http: + default: 8080 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 9292 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + auth: + glance: + tmpurlkey: supersecret + hosts: + default: ceph-rgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: http + port: + api: + default: 8088 + oslo_db: + auth: + admin: + username: root + password: password + ironic: + username: ironic + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /ironic + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + oslo_messaging: + auth: + ironic: + username: rabbitmq + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + amqp: + default: 5672 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 9696 + public: 80 + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + ironic_api: + init_container: null + ironic_api: + ironic_conductor: + init_container: null + ironic_conductor: + ironic_bootstrap: + init_container: null + ironic_bootstrap: + replicas: + api: 1 + conductor: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + conductor: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + ingress_api: true + job_bootstrap: true + job_db_init: true + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + pdb_api: true + secret_db: true + secret_keystone: true + service_api: true + service_ingress_api: true + statefulset_conductor: true diff --git a/nova/templates/bin/_nova-scheduler.sh.tpl b/nova/templates/bin/_nova-scheduler.sh.tpl index 985357275b..ac5a7fbd0d 100644 --- a/nova/templates/bin/_nova-scheduler.sh.tpl +++ b/nova/templates/bin/_nova-scheduler.sh.tpl @@ -16,6 +16,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -set -x +set -xe + exec nova-scheduler \ --config-file /etc/nova/nova.conf diff --git a/tools/deployment/baremetal/000-install-packages.sh b/tools/deployment/baremetal/000-install-packages.sh new file mode 120000 index 0000000000..7574db6375 --- /dev/null +++ b/tools/deployment/baremetal/000-install-packages.sh @@ -0,0 +1 @@ +../developer/common/000-install-packages.sh \ No newline at end of file diff --git a/tools/deployment/baremetal/005-setup-nodes.sh b/tools/deployment/baremetal/005-setup-nodes.sh new file mode 100755 index 0000000000..9d0458c951 --- /dev/null +++ b/tools/deployment/baremetal/005-setup-nodes.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Build charts +make all + +#NOTE: Deploy libvirt with vbmc then define domains to use as baremetal nodes +helm install ./libvirt \ + --namespace=libvirt \ + --name=libvirt \ + --set ceph.enabled=false \ + --set images.tags.libvirt=docker.io/openstackhelm/vbmc:centos + +#NOTE: Wait for deploy +sleep 5 #NOTE(portdirect): work around k8s not immedately assigning pods to nodes +./tools/deployment/common/wait-for-pods.sh libvirt + +#NOTE: Validate Deployment info +helm status libvirt + +#NOTE: Create domains and start vbmc for ironic to manage as baremetal nodes +LIBVIRT_PODS=$(kubectl get --namespace libvirt pods \ + -l application=libvirt,component=libvirt \ + --no-headers -o name | awk -F '/' '{ print $NF }') +rm -f /tmp/bm-hosts.txt || true +for LIBVIRT_POD in ${LIBVIRT_PODS}; do + TEMPLATE_MAC_ADDR="00:01:DE:AD:BE:EF" + MAC_ADDR=$(printf '00:01:DE:%02X:%02X:%02X\n' $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]) + LIBVIRT_POD_NODE=$(kubectl get -n libvirt pod ${LIBVIRT_POD} -o json | jq -r '.spec.nodeName') + LIBVIRT_NODE_IP=$(kubectl get node ${LIBVIRT_POD_NODE} -o json | jq -r '.status.addresses[] | select(.type=="InternalIP").address') + kubectl exec -n libvirt ${LIBVIRT_POD} -- mkdir -p /var/lib/libvirt/images + kubectl exec -n libvirt ${LIBVIRT_POD} -- rm -f /var/lib/libvirt/images/vm-1.qcow2 || true + kubectl exec -n libvirt ${LIBVIRT_POD} -- qemu-img create -f qcow2 /var/lib/libvirt/images/vm-1.qcow2 5G + kubectl exec -n libvirt ${LIBVIRT_POD} -- chown -R qemu: /var/lib/libvirt/images/vm-1.qcow2 + VM_DEF="$(sed "s|${TEMPLATE_MAC_ADDR}|${MAC_ADDR}|g" ./tools/gate/files/fake-baremetal-1.xml | base64 -w0)" + kubectl exec -n libvirt ${LIBVIRT_POD} -- sh -c "echo "${VM_DEF}" | base64 -d > /tmp/fake-baremetal-1.xml" + kubectl exec -n libvirt ${LIBVIRT_POD} -- sh -c "virsh undefine fake-baremetal-1 || true" + kubectl exec -n libvirt ${LIBVIRT_POD} -- virsh define /tmp/fake-baremetal-1.xml + kubectl exec -n libvirt ${LIBVIRT_POD} -- sh -c "vbmc delete fake-baremetal-1 || true" + kubectl exec -n libvirt ${LIBVIRT_POD} -- vbmc add fake-baremetal-1 + kubectl exec -n libvirt ${LIBVIRT_POD} -- sh -c "nohup vbmc start fake-baremetal-1 &>/dev/null &" + kubectl exec -n libvirt ${LIBVIRT_POD} -- virsh list --all + kubectl exec -n libvirt ${LIBVIRT_POD} -- vbmc show fake-baremetal-1 + echo "${LIBVIRT_NODE_IP} ${MAC_ADDR}" >> /tmp/bm-hosts.txt +done + +#NOTE: Deploy OvS to connect nodes to the deployment host +helm install ./openvswitch \ + --namespace=openstack \ + --name=openvswitch + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Validate Deployment info +helm status openvswitch + +#NOTE: Setup GRE tunnels between deployment node and libvirt hosts +OSH_IRONIC_PXE_DEV="${OSH_IRONIC_PXE_DEV:="ironic-pxe"}" +OSH_IRONIC_PXE_ADDR="${OSH_IRONIC_PXE_ADDR:="172.24.6.1/24"}" +MASTER_IP=$(kubectl get node $(hostname -f) -o json | jq -r '.status.addresses[] | select(.type=="InternalIP").address') +NODE_IPS=$(kubectl get nodes -o json | jq -r '.items[].status.addresses[] | select(.type=="InternalIP").address' | sort -V) +OVS_VSWITCHD_PODS=$(kubectl get --namespace openstack pods \ + -l application=openvswitch,component=openvswitch-vswitchd \ + --no-headers -o name | awk -F '/' '{ print $NF }') +for OVS_VSWITCHD_POD in ${OVS_VSWITCHD_PODS}; do + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ovs-vsctl add-br "${OSH_IRONIC_PXE_DEV}" + if [ "x$(kubectl --namespace openstack get pod ${OVS_VSWITCHD_POD} -o wide --no-headers | awk '{ print $NF }')" == "x$(hostname -f)" ] ; then + COUNTER=0 + for NODE_IP in ${NODE_IPS}; do + if ! [ "x${MASTER_IP}" == "x${NODE_IP}" ]; then + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ovs-vsctl add-port ${OSH_IRONIC_PXE_DEV} gre${COUNTER} \ + -- set interface gre${COUNTER} type=gre options:remote_ip=${NODE_IP} + let COUNTER=COUNTER+1 + fi + done + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ip addr add "${OSH_IRONIC_PXE_ADDR}" dev "${OSH_IRONIC_PXE_DEV}" + #NOTE(portdirect): for simplity assume we are using the default dev + # for tunnels, and a MTU overhead of 50 + MASTER_NODE_DEV="$(kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ip -4 route list 0/0 | awk '{ print $5; exit }')" + MASTER_NODE_MTU="$(kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- cat /sys/class/net/${MASTER_NODE_DEV}/mtu)" + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ip link set dev ${OSH_IRONIC_PXE_DEV} mtu $((${MASTER_NODE_MTU} - 50)) + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ip link set "${OSH_IRONIC_PXE_DEV}" up + else + kubectl exec --namespace openstack "${OVS_VSWITCHD_POD}" \ + -- ovs-vsctl add-port ${OSH_IRONIC_PXE_DEV} gre0 \ + -- set interface gre0 type=gre options:remote_ip=${MASTER_IP} + fi +done + +#NOTE: Set up the ${OSH_IRONIC_PXE_DEV} to forward traffic +DEFAULT_ROUTE_DEV="$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')" +sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_ROUTE_DEV} -j MASQUERADE +sudo iptables -A FORWARD -i ${DEFAULT_ROUTE_DEV} -o ${OSH_IRONIC_PXE_DEV} -m state --state RELATED,ESTABLISHED -j ACCEPT +sudo iptables -A FORWARD -i ${OSH_IRONIC_PXE_DEV} -o ${DEFAULT_ROUTE_DEV} -j ACCEPT diff --git a/tools/deployment/baremetal/010-setup-client.sh b/tools/deployment/baremetal/010-setup-client.sh new file mode 100755 index 0000000000..76bfb90ca8 --- /dev/null +++ b/tools/deployment/baremetal/010-setup-client.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +sudo -H -E pip install python-openstackclient python-heatclient python-ironicclient + +sudo -H mkdir -p /etc/openstack +cat << EOF | sudo -H tee -a /etc/openstack/clouds.yaml +clouds: + openstack_helm: + region_name: RegionOne + identity_api_version: 3 + auth: + username: 'admin' + password: 'password' + project_name: 'admin' + project_domain_name: 'default' + user_domain_name: 'default' + auth_url: 'http://keystone.openstack.svc.cluster.local/v3' +EOF +sudo -H chown -R $(id -un): /etc/openstack + +#NOTE: Build charts +make all diff --git a/tools/deployment/baremetal/020-ingress.sh b/tools/deployment/baremetal/020-ingress.sh new file mode 100755 index 0000000000..68c756dbc5 --- /dev/null +++ b/tools/deployment/baremetal/020-ingress.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ingress + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set labels.node_selector_key=openstack-helm-node-class \ + --set labels.node_selector_value=primary \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set network.vip.manage=false \ + --set network.vip.addr=172.18.0.1/32 \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack \ + --set labels.node_selector_key=openstack-helm-node-class \ + --set labels.node_selector_value=primary + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack diff --git a/tools/deployment/baremetal/030-ceph.sh b/tools/deployment/baremetal/030-ceph.sh new file mode 100755 index 0000000000..9fded555ea --- /dev/null +++ b/tools/deployment/baremetal/030-ceph.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ceph + +#NOTE: Deploy command +uuidgen > /tmp/ceph-fs-uuid.txt +tee /tmp/ceph.yaml <> ~/.ssh/known_hosts +BM_GATEWAY="$(ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ip -4 route list 0/0 | awk '{ print $3; exit }')" +ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${BM_GATEWAY} + +# Check the VM can reach the metadata server +ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254 diff --git a/tools/deployment/developer/common/030-ingress.sh b/tools/deployment/developer/common/030-ingress.sh index 34f17f7a1c..984f8b9a3f 100755 --- a/tools/deployment/developer/common/030-ingress.sh +++ b/tools/deployment/developer/common/030-ingress.sh @@ -26,7 +26,7 @@ helm install ./ingress \ --set deployment.mode=cluster \ --set deployment.type=DaemonSet \ --set network.host_namespace=true \ - --set network.vip.manage=true \ + --set network.vip.manage=false \ --set network.vip.addr=172.18.0.1/32 \ --set conf.services.udp.53='kube-system/kube-dns:53' diff --git a/tools/gate/files/fake-baremetal-1.xml b/tools/gate/files/fake-baremetal-1.xml new file mode 100644 index 0000000000..bc5a5c3cbd --- /dev/null +++ b/tools/gate/files/fake-baremetal-1.xml @@ -0,0 +1,70 @@ + + fake-baremetal-1 + 4096 + 4 + + /machine + + + hvm + + + + + + + + + + + + + + destroy + restart + restart + + /usr/libexec/qemu-kvm + + + + + +
+ + +
+ + +
+ + + + + + + + +
+ + + + + + + + + + + + + +
+ + + + +
+ + + diff --git a/tools/gate/files/heat-basic-bm-deployment.yaml b/tools/gate/files/heat-basic-bm-deployment.yaml new file mode 100644 index 0000000000..237a5befea --- /dev/null +++ b/tools/gate/files/heat-basic-bm-deployment.yaml @@ -0,0 +1,41 @@ +heat_template_version: 2016-10-14 + +parameters: + baremetal_net: + type: string + default: baremetal + baremetal_subnet: + type: string + default: baremetal + image: + type: string + default: Cirros 0.3.5 64-bit + flavor: + type: string + default: baremetal + ssh_key: + type: string + default: heat-vm-key + +resources: + server: + type: OS::Nova::Server + properties: + image: {get_param: image} + flavor: {get_param: flavor} + key_name: {get_param: ssh_key} + networks: + - port: { get_resource: server_port } + user_data_format: RAW + + server_port: + type: OS::Neutron::Port + properties: + network: {get_param: baremetal_net} + fixed_ips: + - subnet: { get_param: baremetal_subnet } + port_security_enabled: false + +outputs: + ip: + value: {get_attr: [server_port, fixed_ips, 0, ip_address]} diff --git a/tools/gate/playbooks/ironic-deploy.yaml b/tools/gate/playbooks/ironic-deploy.yaml new file mode 100644 index 0000000000..ec1ccbb19f --- /dev/null +++ b/tools/gate/playbooks/ironic-deploy.yaml @@ -0,0 +1,118 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Deploy Packages + shell: | + set -xe; + ./tools/deployment/baremetal/000-install-packages.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Setup Nodes + shell: | + set -xe; + ./tools/deployment/baremetal/005-setup-nodes.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy clients + shell: | + set -xe; + ./tools/deployment/baremetal/010-setup-client.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy ingress + shell: | + set -xe; + ./tools/deployment/baremetal/020-ingress.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Ceph + shell: | + set -xe; + ./tools/deployment/baremetal/030-ceph.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Setup openstack namespace for ceph + shell: | + set -xe; + ./tools/deployment/baremetal/035-ceph-ns-activate.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy MariaDB + shell: | + set -xe; + ./tools/deployment/baremetal/040-mariadb.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy RabbitMQ + shell: | + set -xe; + ./tools/deployment/baremetal/050-rabbitmq.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Memcached + shell: | + set -xe; + ./tools/deployment/baremetal/060-memcached.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Keystone + shell: | + set -xe; + ./tools/deployment/baremetal/080-keystone.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Glance + shell: | + set -xe; + ./tools/deployment/baremetal/090-glance.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Hea + shell: | + set -xe; + ./tools/deployment/baremetal/100-heat.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Compute Kit + shell: | + set -xe; + ./tools/deployment/baremetal/110-compute-kit.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Create baremetal host aggregate + shell: | + set -xe; + ./tools/deployment/baremetal/800-create-baremetal-host-aggregate.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Register baremetal nodes + shell: | + set -xe; + ./tools/deployment/baremetal/810-register-baremetal-nodes.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Create baremetal flavor + shell: | + set -xe; + ./tools/deployment/baremetal/820-create-baremetal-flavor.sh + args: + chdir: "{{ zuul.project.src_dir }}" + - name: Deploy Node + shell: | + set -xe; + ./tools/deployment/baremetal/900-use-it.sh + args: + chdir: "{{ zuul.project.src_dir }}" diff --git a/tools/images/ceph-config-helper/README.rst b/tools/images/ceph-config-helper/README.rst index 2445199c54..41e7897a2a 100644 --- a/tools/images/ceph-config-helper/README.rst +++ b/tools/images/ceph-config-helper/README.rst @@ -1,5 +1,5 @@ Ceph Config Helper Container -===================== +============================ This container builds a small image with kubectl and some other utilites for use in the ceph-config chart. diff --git a/tools/images/vbmc/Dockerfile b/tools/images/vbmc/Dockerfile new file mode 100644 index 0000000000..797548f93e --- /dev/null +++ b/tools/images/vbmc/Dockerfile @@ -0,0 +1,36 @@ +FROM centos:7 +MAINTAINER pete.birley@att.com + +RUN set -ex ;\ + yum -y upgrade ;\ + yum -y install \ + epel-release \ + centos-release-openstack-newton \ + centos-release-qemu-ev ;\ + yum -y install \ + ceph-common \ + git \ + libguestfs \ + libvirt \ + libvirt-daemon \ + libvirt-daemon-config-nwfilter \ + libvirt-daemon-driver-lxc \ + libvirt-daemon-driver-nwfilter \ + libvirt-devel \ + openvswitch \ + python-devel \ + qemu-kvm ;\ + yum -y group install \ + "Development Tools" ;\ + yum clean all ;\ + rm -rf /var/cache/yum ;\ + curl https://bootstrap.pypa.io/get-pip.py -o /tmpget-pip.py ;\ + python /tmpget-pip.py ;\ + rm -f /tmp/get-pip.py ;\ + TMP_DIR=$(mktemp -d) ;\ + git clone https://github.com/openstack/virtualbmc ${TMP_DIR} ;\ + pip install -U ${TMP_DIR} ;\ + rm -rf ${TMP_DIR} ;\ + useradd --user-group --create-home --home-dir /var/lib/nova nova ;\ + chmod 755 /var/lib/nova ;\ + usermod -a -G qemu nova diff --git a/tools/images/vbmc/README.rst b/tools/images/vbmc/README.rst new file mode 100644 index 0000000000..cc22254fa6 --- /dev/null +++ b/tools/images/vbmc/README.rst @@ -0,0 +1,37 @@ +VBMC Container +============== + +This container builds a small image with kubectl and some other utilities for +use in both the ironic checks and development. + +Instructions +------------ + +OS Specific Host setup: +~~~~~~~~~~~~~~~~~~~~~~~ + +Ubuntu: +^^^^^^^ + +From a freshly provisioned Ubuntu 16.04 LTS host run: + +.. code:: bash + + sudo apt-get update -y + sudo apt-get install -y \ + docker.io \ + git + +Build the VBMC Image environment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A known good image is published to dockerhub on a fairly regular basis, but if +you wish to build your own image, from the root directory of the OpenStack-Helm +repo run: + +.. code:: bash + + sudo docker build \ + -t docker.io/openstackhelm/vbmc:centos \ + tools/images/vbmc + sudo docker push docker.io/openstackhelm/vbmc:centos