diff --git a/doc/source/install/etsi_getting_started.rst b/doc/source/install/etsi_getting_started.rst index 9e5e1be03..4e8ec8eef 100644 --- a/doc/source/install/etsi_getting_started.rst +++ b/doc/source/install/etsi_getting_started.rst @@ -88,29 +88,44 @@ error: Register VIM ------------ -#. Create the ``vim_config.yaml``: +#. Prepare VIM configuration file: - These parameters need to be changed as your environment. This is an - example named as ``vim_config.yaml`` for devstack installed OpenStack - VIM. + You can use a setup script for generating VIM configuration or edit it from + scratch as described in :doc:`here `. + This script finds parameters for the configuration, such as user + name or password, from your environment variables. + Here is an example of generating OpenStack VIM configuration as + ``vim_config.yaml``. In this document, ``TACKER_ROOT`` is the root of + tacker's repository on your server. .. code-block:: console - $ vi ./vim_config.yaml + $ bash TACKER_ROOT/tools/gen_vim_config.sh + Config for OpenStack VIM 'vim_config.yaml' generated. + + There are several options for configuring parameters from command + line supported. Refer help with ``-h`` for details. + + You can also use a sample configuration file `vim_config.yaml`_ instead of + using the script. + + .. code-block:: console + + $ cp TACKER_ROOT/samples/etsi_getting_started/tosca/vim/vim_config.yaml ./ + $ vi vim_config.yaml .. literalinclude:: ../../../samples/etsi_getting_started/tosca/vim/vim_config.yaml :language: yaml -#. Register the VIM as default VIM: +#. Register Default VIM: - The parameter ``--is-default`` should be added to register the VIM as - default. It helps you in the step of VNF instantiation. + Once you setup VIM configuration file, you register default VIM via + ``openstack`` command with ``--is-default`` option. .. code-block:: console - $ openstack vim register \ - --config-file ./vim_config.yaml \ - --is-default --fit-width openstack-admin-vim + $ openstack vim register --config-file ./vim_config.yaml \ + --is-default --fit-width openstack-admin-vim +----------------+-------------------------------------------------+ | Field | Value | @@ -148,7 +163,7 @@ Register VIM | | } | +----------------+-------------------------------------------------+ -#. Check the status of registered VIM: +#. Confirm that the status of registered VIM is ``REACHABLE`` as ready to use: .. code-block:: console @@ -163,8 +178,8 @@ Register VIM | 6b4168 | | 8c | | | | +------------+------------+------------+-----------+------------+-----------+ -Create & Upload VNF Package ---------------------------- +Create and Upload VNF Package +----------------------------- Prepare VNF Package ^^^^^^^^^^^^^^^^^^^ @@ -184,7 +199,7 @@ Prepare VNF Package $ mkdir -p ./sample_vnf_package_csar/BaseHOT/simple \ ./sample_vnf_package_csar/UserData -#. Create ``TOSCA.meata`` file: +#. Create a ``TOSCA.meta`` file: .. code-block:: console @@ -731,3 +746,4 @@ Trouble Shooting .. [#] https://forge.etsi.org/rep/nfv/SOL001 .. [#] https://docs.openstack.org/tacker/latest/user/vnfd-sol001.html .. [#] https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/network.html +.. _vim_config.yaml: https://opendev.org/openstack/tacker/src/branch/master/samples/etsi_getting_started/tosca/vim/vim_config.yaml diff --git a/doc/source/install/kubernetes_vim_installation.rst b/doc/source/install/kubernetes_vim_installation.rst index f10fe4637..6413ef5f5 100644 --- a/doc/source/install/kubernetes_vim_installation.rst +++ b/doc/source/install/kubernetes_vim_installation.rst @@ -19,29 +19,27 @@ Kubernetes VIM Installation =========================== -This document describes the way to install Kubernetes VIM via Devstack and -how to register Kubernetes VIM in Tacker. +Tacker uses kuryr-kubernetes for deploying Kubernetes cluster and sets up +native Neutron-based network among Kubernetes and OpenStack VIMs. +It deploys VMs and Kubernetes resources on the same network. -To do that job, Tacker reuses the efforts from Kuryr-Kubernetes project in -creating Kubernetes cluster and setting up native Neutron-based networking -between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will -bring VMs and Pods (and other Kubernetes resources) on the same network. +#. Edit ``local.conf`` for Kubernetes -#. Edit local.conf file by adding the following content + Add following plugin configurations for kuryr-kubernetes. .. code-block:: console - # Enable kuryr-kubernetes, docker, octavia - KUBERNETES_VIM=True - enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master - enable_plugin octavia https://opendev.org/openstack/octavia master - enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master - KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24" + # Enable kuryr-kubernetes, docker, octavia + KUBERNETES_VIM=True + enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master + enable_plugin octavia https://opendev.org/openstack/octavia master + enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master + KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24" - The public network will be used to launch LoadBalancer for Services in - Kubernetes. The example for setting public subnet is described in [#first]_ + Public network is used to launch LoadBalancer for Services in Kubernetes. + Setting public subnet is described in [#first]_. - For more details, users also see the same examples in [#second]_ and [#third]_. + You can find whole of examples of ``local.conf`` in [#second]_ and [#third]_. #. In CentOS environment install Kubernetes packages and start ovn services before executing stack.sh. @@ -71,7 +69,7 @@ bring VMs and Pods (and other Kubernetes resources) on the same network. $ sudo systemctl start ovs-vswitchd.service $ sudo systemctl start ovsdb-server.service -#. Run stack.sh +#. Run devstack installation **Command:** @@ -79,9 +77,31 @@ bring VMs and Pods (and other Kubernetes resources) on the same network. $ ./stack.sh -#. Get Kubernetes VIM configuration +#. Setup Kubernetes VIM configuration - After successful installation, users can get authentication information. + Now you are ready to register Kubernetes VIM if you complete devstack + installation. + You can setup configuration file for Kubernetes VIM by using a dedicated + script for the job or editing it from scratch. + + The first way is to run ``gen_vim_config.sh`` with options for generating + the configuration file as described in :doc:`here `. + Go to ``TACKER_ROOT`` directory which is the root of tacker's repository. + You need to add ``-t k8s`` at least for Kubernetes, or it generates + configurations for OpenStack. You can skip steps below before the section + ``Register Kubernetes VIM``. + + .. code-block:: console + + $ cd TACKER_ROOT + $ bash tools/gen_vim_config.sh -t k8s + + This script tries to get all required parameters from your environment + although you can give any of parameters with specific options. + Refer the usages in help message, ``-h`` option, for the details. + + On the other hand, you're required to get required parameters with + ``kubectl`` command if you edit the configuration from scratch. * Get "Bearer Token" @@ -259,10 +279,10 @@ bring VMs and Pods (and other Kubernetes resources) on the same network. #. Register Kubernetes VIM - In vim_config.yaml, project_name is fixed as "default", that will use to - support multi tenant on Kubernetes in the future. + In ``vim_config.yaml``, project_name is fixed as "default", that will use + to support multi tenant on Kubernetes in the future. - Create vim_config.yaml file for Kubernetes VIM as the following examples: + Create ``vim_config.yaml`` file for Kubernetes VIM as following examples: .. code-block:: console @@ -272,7 +292,7 @@ bring VMs and Pods (and other Kubernetes resources) on the same network. project_name: "default" type: "kubernetes" - Or vim_config.yaml with ssl_ca_cert enabled: + Or ``vim_config.yaml`` with ``ssl_ca_cert`` enabled: .. code-block:: console diff --git a/doc/source/reference/index.rst b/doc/source/reference/index.rst index fe78a3d49..4e6dba7c6 100644 --- a/doc/source/reference/index.rst +++ b/doc/source/reference/index.rst @@ -21,6 +21,7 @@ Reference .. toctree:: :maxdepth: 1 + vim_config.rst mistral_workflows_usage_guide.rst block_storage_usage_guide.rst reservation_policy_usage_guide.rst diff --git a/doc/source/reference/vim_config.rst b/doc/source/reference/vim_config.rst new file mode 100644 index 000000000..c8e0c4e29 --- /dev/null +++ b/doc/source/reference/vim_config.rst @@ -0,0 +1,221 @@ +.. + Copyright (C) 2021 Nippon Telegraph and Telephone Corporation + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +====================================== +Configuration File for Registering VIM +====================================== + +For registering a VIM (Virtualized Infrastructure Manager), it is required +to provide a configuration file via ``openstack`` command. Here is an example +of registering a default VIM named as ``my-default-vim`` +with a configuration file. + +.. code-block:: console + + $ openstack vim register --is-default --config-file vim_config.yaml \ + --description "Some message" my-default-vim + + +VIM Types +^^^^^^^^^ + +Tacker supports two types of VIM, OpenStack and Kubernetes, and understands +which type of VIM requested to register from the contents of configuration. + +You can prepare the configuration file by using dedicated script. It generates +a given type of VIM configuration. The default VIM type is OpenStack. +In the example below, it generates a configuration for OpenStack with default +parameters. ``TACKER_ROOT`` is the root of tacker's repository on your server. + +.. code-block:: console + + $ bash TACKER_ROOT/tools/gen_vim_config.sh + Config for OpenStack VIM 'vim_config.yaml' generated. + +This script is helpful to configure VIM, finds required parameters for +the configuration from your environment. +For OpenStack VIM, parameters are retrieved from environment variables of +OpenStack. On the other hand, for Kubernets VIM, parameters are retrieved +via ``kubectl`` command. +If you use Kubernetes VIM with default parameters, just add option +``-t k8s`` or ``-t kubernetes`` explicitly. + +.. code-block:: console + + $ bash TACKER_ROOT/tools/gen_vim_config.sh -t k8s + Config for Kubernetes VIM 'vim_config.yaml' generated. + +Usage +^^^^^ + +You can configure all parameters with options as referred to help message. +There are three categories of options, ``Common``, ``OpenStack`` and +``Kubernetes``. + +``Common`` options are applied to both of types as named. +``-o`` or ``--output`` is for the name of output file, +``-e`` or ``endpoint`` is for specifying a URL of endpoint, +and ``-p`` or ``--project`` is for the name of project. +Other options than ``Common`` for ``OpenStack`` and ``Kubernetes`` +are explained in next sections. + +.. code-block:: console + + $ bash tools/gen_vim_config.sh -h + Generate config file for registering Kubernetes VIM + + usage: + gen_vim_config.sh [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT] + [-p PROJCT_NAME] [-u USER_NAME] [--token TOKEN] [-c] [-h] + + options: + All of options are optional. + + 1) Common options + -t|--type VIM_TYPE + type of VIM. + * 'openstack' or 'os' for OpenStack + * 'kubernetes' or 'k8s' for Kubernetes + -o|--output OUTPUT_FILE + name of output file, default is 'vim_config.yaml'. + -e|--endpoint ENDPOINT + endpoint consists of url and port, such as 'https://127.0.0.1:6443'. + -p|--project PROJECT_NAME + name of project in which VIM is registered, default value is + 'admin'. + -h|--help + show this message. + + 2) Options for OpenStack VIM + --os-user USER_NAME + name of OpenStack user, value of 'OS_USERNAME' is used by default. + --os-password PASSWORD + password of OpenStack user, value of 'OS_PASSWORD' is used by default. + --os-project-domain PROJ_DOMAIN + name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by + default. + --os-user-domain USER_DOMAIN + name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default. + --os-disable-cert-verify + use this option only if you set 'cert_verify' to False to disable + verifying against system certificates for keystone. + + 3) Options for Kubernetes VIM + --k8s-token TOKEN + bearer token. + --k8s-use-cert + use SSL CA cert. + + +OpenStack +--------- + +This is an example of configuration for OpenStack VIM below +in which all required parameters are included. +It depends on your account information you have already created before +preparing the configuration file. + +.. literalinclude:: ../../../samples/vim/vim_config.yaml + :language: yaml + +Auth URL +~~~~~~~~ + +Endpoint URL of OpenStack. + +User Name +~~~~~~~~~ + +Name of a user for OpenStack VIM. It is usually set as ``OS_USERNAME``. + +Password +~~~~~~~~ + +Password of OpenStack VIM. It is usually set as ``OS_PASSWORD``. + +Project Domain +~~~~~~~~~~~~~~ + +name of project domain, value of ``OS_PROJECT_DOMAIN_ID`` is used by default. + +User Domain +~~~~~~~~~~~ + +use this option only if you set ``cert_verify`` to False to disable verifying +against system certificates for keystone. + +Cert Verify +~~~~~~~~~~~ + +``True`` or ``False`` for activating CERT verification. + + +Kubernetes +---------- + +You configure Kubernetes VIM with parameters retrieved from ``kubectl`` command +as described in +:doc:`/install/kubernetes_vim_installation`. +Here is an example of Kubernetes VIM configuration. + +.. code-block:: yaml + + auth_url: "https://192.168.33.100:6443" + project_name: "default" + bearer_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6IlBRVDgxQkV5VDNVR1M1WGEwUFYxSXFkZFhJWDYzNklvMEp2WklLMnNFdk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi12cnpoaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImNhY2VmMzEzLTMzYjYtNDQ5MS1iMWUyLTg0NmQ2N2E0OTdkNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.R76VIWVZnQxa9NG02HIqux1xTJG4i7dkXsp52T4UU8bvNfsfi18kW_p3ZvaNTxw0yABBcmkYZoOBe4MNP5cTP6TtR_ERZoA5QCViasW_u36rSTBT0-MHRPbkXjJYetzYaFYUO-DlJd3194yOtVHtrxUd8D31qw0f1FlP8BHxblDjZkYlgYSjHCxcwEdwlnYaa0SiH2kl6_oCBRFg8cUfXDeTOmH9XEfdrJ6ubJ4OyqG6YjfiKDDiEHgIehy7s7vZGVwVIPy6EhT1YSOIhY5aF-G9nQSg-GK1V9LIq7petFoW_MIEt0yfNQVXy2D1tBhdJEa1bgtVsLmdlrNVf-m3uA" + ssl_ca_cert: "-----BEGIN CERTIFICATE----- + MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl + LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH + a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd + pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2 + Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo + +aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ + 0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy + TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p + YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB + Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz + InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU + BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln + YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K + rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB + 2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY= + -----END CERTIFICATE-----" + type: "kubernetes" + +Auth URL +~~~~~~~~ + +Endpoint URL of Kubernetes. + +Project Name +~~~~~~~~~~~~ + +The name of project. + +Bearer Token +~~~~~~~~~~~~ + +Bearer token required for accessing Kubernetes APIs. + +Use SSL CA Cert +~~~~~~~~~~~~~~~ + +The value of SSL CA Cert for X.509 client authentication. It can be ``None``. + +Type +~~~~ + +Type of VIM to specify it explicitly as ``kubernetes``. diff --git a/tools/gen_vim_config.sh b/tools/gen_vim_config.sh new file mode 100755 index 000000000..fa4ade5eb --- /dev/null +++ b/tools/gen_vim_config.sh @@ -0,0 +1,387 @@ +#!/bin/bash + +# Copyright (C) 2021 Nippon Telegraph and Telephone Corporation +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# Uncomment for debugging. +#set -x + +# Default values for optional inputs. +VIMC_DEFAULT_PROJ=admin +VIMC_DEFAULT_OS_DOMAIN=Default +VIMC_DEFAULT_TYPE=openstack +VIMC_DEFAULT_OUTPUT=vim_config.yaml + +####################################### +# Find token from first entry of secrets. +# Returns: +# Secret token retrieved from kubectl. +####################################### +function k8s_token() { + local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}") + echo $(kubectl get secret ${_secret} -o jsonpath="{.data.token}" | + base64 --decode) +} + +####################################### +# Get endpoint of n-th from endpoints. +# Arguments: +# Index of endpoints, usually 0. +# Returns: +# URL of endpoint retrieved from kubectl. +####################################### +function k8s_endpoints() { + local _k8s_ep0_ip=$(kubectl get endpoints -o \ + jsonpath="{.items[$1].subsets[0].addresses[0].ip}") + local _k8s_ep0_port=$(kubectl get endpoints -o \ + jsonpath="{.items[$1].subsets[0].ports[0].port}") + echo "https://${_k8s_ep0_ip}:${_k8s_ep0_port}" +} + +####################################### +# Get cert from first entry of secrets. +# Returns: +# Contents of CA sert retrieved from kubectl. +####################################### +function k8s_ssl_ca_cert() { + local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}") + echo $(kubectl get secrets $_secret -o jsonpath="{.data.ca\.crt}" | + base64 --decode) +} + +####################################### +# Setup contents of config from given params and output to a file. +# Globals: +# VIMC_OS_CERT_VERIFY +# VIMC_OUTPUT +# VIMC_ENDPOINT +# VIMC_OS_USER +# VIMC_OS_PASSWORD +# VIMC_PROJ +# VIMC_OS_PROJ_DOMAIN +# VIMC_OS_USER_DOMAIN +# Outputs: +# Writes contents of config for OpenStack VIM to a file, ${VIMC_OUTPUT}. +####################################### +function setup_os_config() { + local _cert_verify= + if "${VIMC_OS_CERT_VERIFY}"; then + _cert_verify=True + else + _cert_verify=False + fi + + cat << EOF > ${VIMC_OUTPUT} +auth_url: "${VIMC_ENDPOINT}" +username: "${VIMC_OS_USER}" +password: "${VIMC_OS_PASSWORD}" +project_name: "${VIMC_PROJ}" +project_domain_name: "${VIMC_OS_PROJ_DOMAIN}" +user_domain_name: "${VIMC_OS_USER_DOMAIN}" +cert_verify: "${_cert_verify}" +EOF +} + +####################################### +# Setup contents of config from given params and output to a file. +# Globals: +# VIMC_K8S_USE_CERT +# VIMC_OUTPUT +# VIMC_ENDPOINT +# VIMC_K8S_TOKEN +# VIMC_PROJ +# Outputs: +# Write contents of config for OpenStack Kubernetes to a file, ${VIMC_OUTPUT}. +####################################### +function setup_k8s_config() { + # In the contents of cert, blanks are replaced with `\n` without + # in header and footer. So, remove before the procedure at once, then + # add after that again. + local _cert_header="-----BEGIN CERTIFICATE-----" + local _cert_footer="-----END CERTIFICATE-----" + + # Delimiter used temporarily for replacing blanks. + local _delim=":" + + if "${VIMC_K8S_USE_CERT}"; then + local _k8s_cert=`k8s_ssl_ca_cert` + _k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_header}//"` + _k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_footer}//"` + _k8s_cert=`echo ${_k8s_cert} | sed -e "s/ /${_delim}/g"` + _k8s_cert=`echo \ + "${_cert_header}${_delim}${_k8s_cert}${_delim}${_cert_footer}"` + _k8s_cert=`echo ${_k8s_cert} | sed -e "s/${_delim}/\\n/g"` + else + _k8s_cert="None" + fi + + cat << EOF > ${VIMC_OUTPUT} +auth_url: "${VIMC_ENDPOINT}" +bearer_token: "${VIMC_K8S_TOKEN}" +ssl_ca_cert: "${_k8s_cert}" +project_name: "${VIMC_PROJ}" +type: "kubernetes" +EOF +} + +####################################### +# Show help message. +# Outputs: +# Writes help message to stdout. +####################################### +function show_help() { + cat << EOS +Generate config file for registering Kubernetes VIM + +usage: + $(basename $0) [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT] + [-p PROJCT_NAME] [-u USER_NAME] [--token TOKEN] [-c] [-h] + +options: + All of options are optional. + + 1) Common options + -t|--type VIM_TYPE + type of VIM. + * 'openstack' or 'os' for OpenStack + * 'kubernetes' or 'k8s' for Kubernetes + -o|--output OUTPUT_FILE + name of output file, default is '${VIMC_DEFAULT_OUTPUT}'. + -e|--endpoint ENDPOINT + endpoint consists of url and port, such as 'https://127.0.0.1:6443'. + -p|--project PROJECT_NAME + name of project in which VIM is registered, default value is + '${VIMC_DEFAULT_PROJ}'. + -h|--help + show this message. + + 2) Options for OpenStack VIM + --os-user USER_NAME + name of OpenStack user, value of 'OS_USERNAME' is used by default. + --os-password PASSWORD + password of OpenStack user, value of 'OS_PASSWORD' is used by default. + --os-project-domain PROJ_DOMAIN + name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by + default. + --os-user-domain USER_DOMAIN + name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default. + --os-disable-cert-verify + use this option only if you set 'cert_verify' to False to disable + verifying against system certificates for keystone. + + 3) Options for Kubernetes VIM + --k8s-token TOKEN + bearer token. + --k8s-use-cert + use SSL CA cert. +EOS +} + +####################################### +# Main function for OpenStack VIM config. +# Globals: +# VIMC_ENDPOINT +# VIMC_OS_USER +# VIMC_OS_PASSWORD +# VIMC_OS_PROJ_DOMAIN +# VIMC_OS_USER_DOMAIN +####################################### +function os_main() { + VIMC_ENDPOINT=${VIMC_ENDPOINT:-${OS_AUTH_URL}} + if [ ! ${VIMC_ENDPOINT} ]; then + clean_exit 1 \ + "Error: Set 'OS_AUTH_URL' or use '--endpoint'." + fi + + VIMC_OS_USER=${VIMC_OS_USER:-${OS_USERNAME}} + if [ ! ${VIMC_OS_USER} ]; then + clean_exit 1 \ + "Error: No username found. Set 'OS_USERNAME' or use '--os-user'." + fi + + VIMC_OS_PASSWORD=${VIMC_OS_PASSWORD:-${OS_PASSWORD}} + if [ ! ${VIMC_OS_PASSWORD} ]; then + clean_exit 1 \ + "Error: No password found. Set 'OS_PASSWORD' or use '--os-password'." + fi + + VIMC_OS_PROJ_DOMAIN=${VIMC_OS_PROJ_DOMAIN:-${OS_PROJECT_DOMAIN_ID}} + if [ ! ${VIMC_OS_PROJ_DOMAIN} ]; then + VIMC_OS_PROJ_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN} + fi + + VIMC_OS_USER_DOMAIN=${VIMC_OS_USER_DOMAIN:-${OS_USER_DOMAIN_ID}} + if [ ! ${VIMC_OS_USER_DOMAIN} ]; then + VIMC_OS_USER_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN} + fi + + setup_os_config +} + +####################################### +# Main function for Kubernetes VIM config. +# Globals: +# VIMC_K8S_TOKEN +# VIMC_ENDPOINT +####################################### +function k8s_main() { + kubectl create clusterrolebinding cluster-admin-binding \ + --clusterrole cluster-admin --serviceaccount=default:default \ + &>/dev/null + + VIMC_K8S_TOKEN=${VIMC_K8S_TOKEN:-`k8s_token`} + VIMC_ENDPOINT=${VIMC_ENDPOINT:-`k8s_endpoints 0`} + + setup_k8s_config +} + +####################################### +# Re-wind OPTIND and clean all other variables as finalization. +# Globals: +# OPTIND +# PREV_OPTIND +# VIMC_DEFAULT_TYPE +# VIMC_DEFAULT_OUTPUT +# VIMC_DEFAULT_PROJ +# VIMC_TYPE +# VIMC_OUTPUT +# VIMC_ENDPOINT +# VIMC_PROJ +# VIMC_OS_USER +# VIMC_OS_PASSWORD +# VIMC_OS_PROJ_DOMAIN +# VIMC_OS_USER_DOMAIN +# VIMC_OS_CERT_VERIFY +# VIMC_K8S_TOKEN +# VIMC_K8S_USE_CERT +####################################### +function cleanup() { + OPTIND=${PREV_OPTIND} + VIMC_DEFAULT_TYPE= + VIMC_DEFAULT_OUTPUT= + VIMC_DEFAULT_PROJ= + VIMC_TYPE= + VIMC_OUTPUT= + VIMC_ENDPOINT= + VIMC_PROJ= + VIMC_OS_USER= + VIMC_OS_PASSWORD= + VIMC_OS_PROJ_DOMAIN= + VIMC_OS_USER_DOMAIN= + VIMC_OS_CERT_VERIFY= + VIMC_K8S_TOKEN= + VIMC_K8S_USE_CERT= +} + +####################################### +# Ensure cleanup before exit. +# Arguments: +# Exit code (optional). +# Error message to be output to stderr (optional). +####################################### +function clean_exit() { + cleanup + if [[ $2 != "" ]]; then + echo $2 >&2 + fi + exit $1 +} + +####################################### +# Main procedure is started from here. +####################################### +PREV_OPTIND=${OPTIND} +OPTIND=1 + +while getopts t:o:e:p:ch-: opt; do + + optarg=${OPTARG} + if [[ "${opt}" = - ]]; then + opt="-${OPTARG%%=*}" + optarg="${OPTARG/${OPTARG%%=*}/}" + optarg="${optarg#=}" + + if [[ -z "$optarg" ]] && [[ ! "${!OPTIND}" = -* ]]; then + optarg="${!OPTIND}" + shift + fi + fi + + case "-${opt}" in + -t|--type) + VIMC_TYPE=${optarg}; + ;; + -o|--output) + VIMC_OUTPUT=${optarg}; + ;; + -e|--endpoint) + VIMC_ENDPOINT=${optarg}; + ;; + -p|--project) + VIMC_PROJ=${optarg}; + ;; + + --os-user) + VIMC_OS_USER=${optarg}; + ;; + --os-password) + VIMC_OS_PASSWORD=${optarg}; + ;; + --os-project-domain) + VIMC_OS_PROJ_DOMAIN=${optarg}; + ;; + --os-user-domain) + VIMC_OS_USER_DOMAIN=${optarg}; + ;; + --os-disable-cert-verify) + VIMC_OS_CERT_VERIFY=false; + ;; + + --k8s-token) + VIMC_K8S_TOKEN=${optarg}; + ;; + --k8s-use-cert) + VIMC_K8S_USE_CERT=true; + ;; + + -h|--help) + show_help; + clean_exit; + ;; + --*) + clean_exit 1 "Error: Illegal option '${opt##-}'."; + ;; + esac +done + +VIMC_TYPE=${VIMC_TYPE:-${VIMC_DEFAULT_TYPE}} +VIMC_OUTPUT=${VIMC_OUTPUT:-${VIMC_DEFAULT_OUTPUT}} +VIMC_PROJ=${VIMC_PROJ:-${VIMC_DEFAULT_PROJ}} + +VIMC_OS_CERT_VERIFY=${VIMC_OS_CERT_VERIFY:-true} +VIMC_K8S_USE_CERT=${VIMC_K8S_USE_CERT:-false} + +if [[ ${VIMC_TYPE} == "openstack" || ${VIMC_TYPE} == "os" ]]; then + os_main + echo "Config for OpenStack VIM '${VIMC_OUTPUT}' generated." +elif [[ ${VIMC_TYPE} == "kubernetes" || ${VIMC_TYPE} == "k8s" ]]; then + k8s_main + echo "Config for Kubernetes VIM '${VIMC_OUTPUT}' generated." +else + echo "Error: No type matched with '${VIMC_TYPE}'." >&2 +fi + +cleanup +set +x