aic-helm normalization
* As of helm 2.0.0, it no longer seems necessary to copy a "globals.tpl" into each child chart, defines in child charts now seem to be reliably rendered in the parent. This was not working correctly in 2.0.0rc2 and so after a lot of testing, the globals define insertion has been removed from the Makefiles. Also, includes piped to b64encode are working now, meaning we no longer have to do Makefile magic to base64 encode successfully. That has been removed. Once .Files.Get works properly in a child chart context we can remove all Make help. * The openstack-base chart has been renamed to common to better reflect that it is common to everything in aic-helm, even non-openstack projects like ceph. All charts now include it as a requirement. * A first pass at a "cleaner" template directory approach has been applied to rabbitmq as a test chart. This allows files such as _start_rabbit to live in their raw form and organizes files by config vs script in 'etc' or 'bin' directories. If accepted, will apply to all other charts for consistency.
This commit is contained in:
parent
d01ba4526c
commit
877e0cd46f
2
.gitignore
vendored
2
.gitignore
vendored
@ -2,4 +2,4 @@
|
||||
**/*.tgz
|
||||
.idea/
|
||||
**/_partials.tpl
|
||||
**/_common.tpl
|
||||
**/_globals.tpl
|
||||
|
30
Makefile
30
Makefile
@ -1,14 +1,14 @@
|
||||
.PHONY: ceph mariadb keystone memcached rabbitmq openstack-base openstack all clean base64
|
||||
.PHONY: ceph mariadb keystone memcached rabbitmq common openstack all clean
|
||||
|
||||
B64_DIRS := openstack-base/secrets
|
||||
B64_EXCLUDE := $(wildcard openstack-base/secrets/*.b64)
|
||||
B64_DIRS := common/secrets
|
||||
B64_EXCLUDE := $(wildcard common/secrets/*.b64)
|
||||
|
||||
CHARTS := ceph mariadb rabbitmq memcached keystone openstack
|
||||
COMMON_TPL := openstack-base/templates/_common.tpl
|
||||
COMMON_TPL := common/templates/_globals.tpl
|
||||
|
||||
all: openstack-base ceph mariadb rabbitmq memcached keystone openstack
|
||||
all: common ceph mariadb rabbitmq memcached keystone openstack
|
||||
|
||||
openstack-base: build-openstack-base
|
||||
common: build-common
|
||||
|
||||
ceph: build-ceph
|
||||
|
||||
@ -23,24 +23,12 @@ memcached: build-memcached
|
||||
openstack: build-openstack
|
||||
|
||||
clean:
|
||||
$(shell rm -rf openstack-base/secrets/*.b64)
|
||||
$(shell rm -rf common/secrets/*.b64)
|
||||
$(shell rm -rf */templates/_partials.tpl)
|
||||
$(shell rm -rf */templates/_common.tpl)
|
||||
echo "Removed all .b64, _partials.tpl, and _common.tpl files"
|
||||
|
||||
build-openstack-base:
|
||||
# rebuild all base64 values
|
||||
$(eval B64_OBJS = $(foreach dir,$(B64_DIRS),$(shell find $(dir)/* -type f $(foreach e,$(B64_EXCLUDE), -not -path "$(e)"))))
|
||||
$(foreach var,$(B64_OBJS),cat $(var) | base64 | perl -pe 'chomp if eof' > $(var).b64;)
|
||||
|
||||
if [ -f openstack-base/Makefile ]; then make -C openstack-base; fi
|
||||
if [ -f openstack-base/requirements.yaml ]; then helm dep up openstack-base; fi
|
||||
helm lint openstack-base
|
||||
helm package openstack-base
|
||||
$(foreach var,$(CHARTS),$(shell cp $(COMMON_TPL) $(var)/templates))
|
||||
$(shell rm -rf */templates/_globals.tpl)
|
||||
echo "Removed all .b64, _partials.tpl, and _globals.tpl files"
|
||||
|
||||
build-%:
|
||||
if [ ! -f $*/templates/_common.tpl ]; then echo; seq -s= 30|tr -d '[:digit:]'; echo "You need to run 'make openstack-base' first to generate _common.tpl"; seq -s= 30|tr -d '[:digit:]'; exit 1; fi;
|
||||
if [ -f $*/Makefile ]; then make -C $*; fi
|
||||
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
|
||||
helm lint $*
|
||||
|
@ -57,7 +57,7 @@ make
|
||||
# generate secrets (ceph, etc.)
|
||||
export osd_cluster_network=10.32.0.0/12
|
||||
export osd_public_network=10.32.0.0/12
|
||||
cd openstack-base/utils/secret-generator
|
||||
cd common/utils/secret-generator
|
||||
./generate_secrets.sh all `./generate_secrets.sh fsid`
|
||||
cd ../../..
|
||||
|
||||
|
@ -84,7 +84,7 @@ kubectl label nodes node-type=storage --all
|
||||
You will need to generate ceph keys and configuration. There is a simple to use utility that can do this quickly. Please note the generator utility (per ceph-docker) requires the sigil template framework: (https://github.com/gliderlabs/sigil) to be installed and on the current path.
|
||||
|
||||
```
|
||||
cd openstack-base/utils/secret-generator
|
||||
cd common/utils/secret-generator
|
||||
./generate_secrets.sh all `./generate_secrets.sh fsid`
|
||||
cd ../../..
|
||||
```
|
||||
|
@ -1,3 +1,6 @@
|
||||
dependencies: []
|
||||
digest: sha256:81059fe6210ccee4e3349c0f34c12d180f995150128a913d63b65b7937c6b152
|
||||
generated: 2016-11-25T16:24:27.602432249-08:00
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
digest: sha256:c6a7e430c900036912fe3fdc14213e9280c5da0b6607ce4dcf6dc95535d114fc
|
||||
generated: 2016-11-29T12:54:37.241999965-08:00
|
||||
|
@ -1 +1,5 @@
|
||||
dependencies: []
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
|
||||
|
@ -1,24 +1,16 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "ceph-conf-combined-storageclass"
|
||||
type: kubernetes.io/rbd
|
||||
data:
|
||||
key: {{ include "secrets/ceph-client-key.b64" . | quote }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "ceph-conf-combined"
|
||||
type: Opaque
|
||||
data:
|
||||
ceph.conf: |
|
||||
{{ include "secrets/ceph.conf.b64" .| indent 4 }}
|
||||
{{ include "secrets/ceph.conf" . | b64enc | indent 4 }}
|
||||
ceph.client.admin.keyring: |
|
||||
{{ include "secrets/ceph.client.admin.keyring.b64" . | indent 4 }}
|
||||
{{ include "secrets/ceph.client.admin.keyring" . | b64enc | indent 4 }}
|
||||
ceph.mon.keyring: |
|
||||
{{ include "secrets/ceph.mon.keyring.b64" . | indent 4 }}
|
||||
{{ include "secrets/ceph.mon.keyring" . | b64enc | indent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@ -27,7 +19,7 @@ metadata:
|
||||
type: Opaque
|
||||
data:
|
||||
ceph.keyring: |
|
||||
{{ include "secrets/ceph.rgw.keyring.b64" . | indent 4 }}
|
||||
{{ include "secrets/ceph.rgw.keyring" . | b64enc | indent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@ -36,7 +28,7 @@ metadata:
|
||||
type: Opaque
|
||||
data:
|
||||
ceph.keyring: |
|
||||
{{ include "secrets/ceph.mds.keyring.b64" . | indent 4 }}
|
||||
{{ include "secrets/ceph.mds.keyring" . | b64enc | indent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@ -45,7 +37,7 @@ metadata:
|
||||
type: Opaque
|
||||
data:
|
||||
ceph.keyring: |
|
||||
{{ include "secrets/ceph.osd.keyring.b64" . | indent 4 }}
|
||||
{{ include "secrets/ceph.osd.keyring" . | b64enc | indent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
@ -53,4 +45,4 @@ metadata:
|
||||
name: "ceph-client-key"
|
||||
type: Opaque
|
||||
data:
|
||||
ceph-client-key: {{ include "secrets/ceph-client-key.b64" . | quote }}
|
||||
ceph-client-key: {{ include "secrets/ceph-client-key" . | b64enc | quote }}
|
||||
|
@ -1,3 +1,5 @@
|
||||
# note that these secrets are handled by the common chart, not the ceph
|
||||
# chart, as we likely want them "everywhere"
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1beta1
|
||||
kind: StorageClass
|
||||
@ -5,10 +7,10 @@ metadata:
|
||||
name: general
|
||||
provisioner: kubernetes.io/rbd
|
||||
parameters:
|
||||
monitors: ceph-mon.ceph:6789
|
||||
monitors: ceph-mon.{{.Release.Namespace}}:6789
|
||||
adminId: admin
|
||||
adminSecretName: ceph-conf-combined-storageclass
|
||||
adminSecretNamespace: ceph
|
||||
adminSecretName: pvc-ceph-conf-combined-storageclass
|
||||
adminSecretNamespace: {{.Release.Namespace}}
|
||||
pool: rbd
|
||||
userId: admin
|
||||
userSecretName: ceph-client-key
|
||||
userSecretName: pvc-ceph-client-key
|
2
common/.gitignore
vendored
Normal file
2
common/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
secrets/*
|
||||
templates/_secrets.tpl
|
@ -1,4 +1,4 @@
|
||||
apiVersion: v1
|
||||
description: A base chart for all openstack charts
|
||||
name: openstack-base
|
||||
name: common
|
||||
version: 0.1.0
|
7
common/Makefile
Normal file
7
common/Makefile
Normal file
@ -0,0 +1,7 @@
|
||||
EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/* common/Chart.yaml
|
||||
SECRETS := $(shell find secrets -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") )
|
||||
|
||||
templates/_secrets.tpl: Makefile $(SECRETS)
|
||||
echo Generating $(CURDIR)/$@
|
||||
rm -f $@
|
||||
for i in $(SECRETS); do printf '{{ define "'$$i'" }}' >> $@; cat $$i >> $@; printf "{{ end }}\n" >> $@; done
|
9
common/templates/_funcs.tpl
Normal file
9
common/templates/_funcs.tpl
Normal file
@ -0,0 +1,9 @@
|
||||
{{- define "template" -}}
|
||||
{{- $name := index . 0 -}}
|
||||
{{- $context := index . 1 -}}
|
||||
{{- $v:= $context.Template.Name | split "/" -}}
|
||||
{{- $n := len $v -}}
|
||||
{{- $last := sub $n 1 | printf "_%d" | index $v -}}
|
||||
{{- $wtf := $context.Template.Name | replace $last $name -}}
|
||||
{{ include $wtf $context }}
|
||||
{{- end -}}
|
16
common/templates/secrets.yaml
Normal file
16
common/templates/secrets.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "pvc-ceph-conf-combined-storageclass"
|
||||
type: kubernetes.io/rbd
|
||||
data:
|
||||
key: {{ include "secrets/ceph-client-key" . | quote }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "pvc-ceph-client-key"
|
||||
type: kubernetes.io/rbd
|
||||
data:
|
||||
key: {{ include "secrets/ceph-client-key" . | quote }}
|
@ -1,5 +1,5 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
dependencies:
|
||||
|
@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
|
||||
generated: 2016-11-25T16:24:28.454876345-08:00
|
||||
digest: sha256:c6a7e430c900036912fe3fdc14213e9280c5da0b6607ce4dcf6dc95535d114fc
|
||||
generated: 2016-11-29T11:31:25.670403608-08:00
|
||||
|
@ -1,4 +1,4 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
|
@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
|
||||
generated: 2016-11-25T16:24:49.79575501-08:00
|
||||
digest: sha256:c6a7e430c900036912fe3fdc14213e9280c5da0b6607ce4dcf6dc95535d114fc
|
||||
generated: 2016-11-29T11:31:27.05384225-08:00
|
||||
|
@ -1,4 +1,4 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
|
1
openstack-base/.gitignore
vendored
1
openstack-base/.gitignore
vendored
@ -1 +0,0 @@
|
||||
secrets/*
|
@ -1,7 +0,0 @@
|
||||
EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/* openstack-base/Chart.yaml
|
||||
FILES := $(shell find * -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") )
|
||||
|
||||
templates/_common.tpl: Makefile $(FILES)
|
||||
echo Generating $(CURDIR)/$@
|
||||
rm -f $@
|
||||
for i in $(FILES); do printf '{{ define "'$$i'" }}' >> $@; cat $$i >> $@; printf "{{ end }}\n" >> $@; done
|
@ -1,7 +0,0 @@
|
||||
EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile openstack-base/Chart.yaml
|
||||
FILES := $(shell find * -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") )
|
||||
|
||||
templates/_partials.tpl: Makefile $(FILES)
|
||||
echo Generating $(CURDIR)/$@
|
||||
rm -f $@
|
||||
for i in $(FILES); do printf '{{ define "'$$i'" }}' >> $@; cat $$i >> $@; printf "{{ end }}\n" >> $@; done
|
@ -1,5 +1,5 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
- name: memcached
|
||||
@ -14,5 +14,5 @@ dependencies:
|
||||
- name: keystone
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
digest: sha256:cbe0cda88c1f8f7daf37f58e8d38c913478630687b22f8e622950c08cb2fdc6d
|
||||
generated: 2016-11-25T15:34:47.932395616-08:00
|
||||
digest: sha256:e92d6b6811d65492a95e4db258d516bfd7dd540108bb3d0e92e7dabc13ae2bbf
|
||||
generated: 2016-11-29T11:31:33.541933538-08:00
|
||||
|
@ -1,5 +1,5 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
version: 0.1.0
|
||||
repository: http://localhost:8879/charts
|
||||
- name: memcached
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
namespace: {{.Release.Namespace}}
|
||||
name: "ceph-client-key"
|
||||
type: kubernetes.io/rbd
|
||||
data:
|
||||
key: {{ include "secrets/ceph-client-key.b64" . | quote }}
|
@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
digest: sha256:178ec6c44cf73c5d3c6d47eccee30b1b7f7e373c57af4e37fe7ea85f3549660e
|
||||
generated: 2016-11-25T16:24:29.266938266-08:00
|
||||
digest: sha256:c6a7e430c900036912fe3fdc14213e9280c5da0b6607ce4dcf6dc95535d114fc
|
||||
generated: 2016-11-29T11:31:26.360492977-08:00
|
||||
|
@ -1,4 +1,4 @@
|
||||
dependencies:
|
||||
- name: openstack-base
|
||||
- name: common
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
||||
|
11
rabbitmq/templates/bin-configmap.yaml
Normal file
11
rabbitmq/templates/bin-configmap.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: rabbitmq-bin
|
||||
labels:
|
||||
system: openstack
|
||||
type: configuration
|
||||
component: messaging
|
||||
data:
|
||||
start_rabbitmq.sh: |
|
||||
{{ tuple "bin/_start_rabbit.tpl" . | include "template" | indent 4 }}
|
18
rabbitmq/templates/bin/_start_rabbit.tpl
Normal file
18
rabbitmq/templates/bin/_start_rabbit.tpl
Normal file
@ -0,0 +1,18 @@
|
||||
chown -R rabbitmq:rabbitmq /var/lib/rabbitmq
|
||||
|
||||
/etc/init.d/rabbitmq-server start
|
||||
|
||||
rabbitmq-plugins enable rabbitmq_tracing
|
||||
rabbitmqctl trace_on
|
||||
|
||||
rabbitmqctl add_user {{ .Values.auth.default_user }} {{ .Values.auth.default_pass }} || true
|
||||
rabbitmqctl set_permissions {{ .Values.auth.default_user }} ".*" ".*" ".*" || true
|
||||
|
||||
rabbitmqctl add_user {{ .Values.auth.admin_user }} {{ .Values.auth.admin_pass }}|| true
|
||||
rabbitmqctl set_permissions {{ .Values.auth.admin_user }} ".*" ".*" ".*" || true
|
||||
rabbitmqctl set_user_tags {{ .Values.auth.admin_user }} administrator || true
|
||||
|
||||
rabbitmqctl change_password guest {{ .Values.auth.default_pass }} || true
|
||||
rabbitmqctl set_user_tags guest monitoring || true
|
||||
/etc/init.d/rabbitmq-server stop
|
||||
exec rabbitmq-server
|
@ -1,31 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: start-rabbitmq
|
||||
labels:
|
||||
system: openstack
|
||||
type: configuration
|
||||
component: messaging
|
||||
|
||||
data:
|
||||
start_rabbitmq.sh: |
|
||||
|
||||
chown -R rabbitmq:rabbitmq /var/lib/rabbitmq
|
||||
|
||||
/etc/init.d/rabbitmq-server start
|
||||
|
||||
rabbitmq-plugins enable rabbitmq_tracing
|
||||
rabbitmqctl trace_on
|
||||
|
||||
rabbitmqctl add_user {{ .Values.auth.default_user }} {{ .Values.auth.default_pass }} || true
|
||||
rabbitmqctl set_permissions {{ .Values.auth.default_user }} ".*" ".*" ".*" || true
|
||||
|
||||
rabbitmqctl add_user {{ .Values.auth.admin_user }} {{ .Values.auth.admin_pass }}|| true
|
||||
rabbitmqctl set_permissions {{ .Values.auth.admin_user }} ".*" ".*" ".*" || true
|
||||
rabbitmqctl set_user_tags {{ .Values.auth.admin_user }} administrator || true
|
||||
|
||||
rabbitmqctl change_password guest {{ .Values.auth.default_pass }} || true
|
||||
rabbitmqctl set_user_tags guest monitoring || true
|
||||
/etc/init.d/rabbitmq-server stop
|
||||
exec rabbitmq-server
|
||||
|
Loading…
Reference in New Issue
Block a user