Add VIM config generator
This update is to introduce a helper script and its docs for generating VIM configuration. It reduces the number of steps for setting up Tacker. It is also expected to reduce the lines of codes or some template files of VIM configuration. Signed-off-by: Yasufumi Ogawa <yasufum.o@gmail.com> Change-Id: I2f9c6255a5011c2788547a0b936a5c7c1eefbd77
This commit is contained in:
parent
c6b0ca5fe3
commit
15ea1511d7
@ -88,28 +88,43 @@ error:
|
|||||||
Register VIM
|
Register VIM
|
||||||
------------
|
------------
|
||||||
|
|
||||||
#. Create the ``vim_config.yaml``:
|
#. Prepare VIM configuration file:
|
||||||
|
|
||||||
These parameters need to be changed as your environment. This is an
|
You can use a setup script for generating VIM configuration or edit it from
|
||||||
example named as ``vim_config.yaml`` for devstack installed OpenStack
|
scratch as described in :doc:`here </reference/vim_config>`.
|
||||||
VIM.
|
This script finds parameters for the configuration, such as user
|
||||||
|
name or password, from your environment variables.
|
||||||
|
Here is an example of generating OpenStack VIM configuration as
|
||||||
|
``vim_config.yaml``. In this document, ``TACKER_ROOT`` is the root of
|
||||||
|
tacker's repository on your server.
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ vi ./vim_config.yaml
|
$ bash TACKER_ROOT/tools/gen_vim_config.sh
|
||||||
|
Config for OpenStack VIM 'vim_config.yaml' generated.
|
||||||
|
|
||||||
|
There are several options for configuring parameters from command
|
||||||
|
line supported. Refer help with ``-h`` for details.
|
||||||
|
|
||||||
|
You can also use a sample configuration file `vim_config.yaml`_ instead of
|
||||||
|
using the script.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ cp TACKER_ROOT/samples/etsi_getting_started/tosca/vim/vim_config.yaml ./
|
||||||
|
$ vi vim_config.yaml
|
||||||
|
|
||||||
.. literalinclude:: ../../../samples/etsi_getting_started/tosca/vim/vim_config.yaml
|
.. literalinclude:: ../../../samples/etsi_getting_started/tosca/vim/vim_config.yaml
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
|
||||||
#. Register the VIM as default VIM:
|
#. Register Default VIM:
|
||||||
|
|
||||||
The parameter ``--is-default`` should be added to register the VIM as
|
Once you setup VIM configuration file, you register default VIM via
|
||||||
default. It helps you in the step of VNF instantiation.
|
``openstack`` command with ``--is-default`` option.
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack vim register \
|
$ openstack vim register --config-file ./vim_config.yaml \
|
||||||
--config-file ./vim_config.yaml \
|
|
||||||
--is-default --fit-width openstack-admin-vim
|
--is-default --fit-width openstack-admin-vim
|
||||||
|
|
||||||
+----------------+-------------------------------------------------+
|
+----------------+-------------------------------------------------+
|
||||||
@ -148,7 +163,7 @@ Register VIM
|
|||||||
| | } |
|
| | } |
|
||||||
+----------------+-------------------------------------------------+
|
+----------------+-------------------------------------------------+
|
||||||
|
|
||||||
#. Check the status of registered VIM:
|
#. Confirm that the status of registered VIM is ``REACHABLE`` as ready to use:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
@ -163,8 +178,8 @@ Register VIM
|
|||||||
| 6b4168 | | 8c | | | |
|
| 6b4168 | | 8c | | | |
|
||||||
+------------+------------+------------+-----------+------------+-----------+
|
+------------+------------+------------+-----------+------------+-----------+
|
||||||
|
|
||||||
Create & Upload VNF Package
|
Create and Upload VNF Package
|
||||||
---------------------------
|
-----------------------------
|
||||||
|
|
||||||
Prepare VNF Package
|
Prepare VNF Package
|
||||||
^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^
|
||||||
@ -184,7 +199,7 @@ Prepare VNF Package
|
|||||||
$ mkdir -p ./sample_vnf_package_csar/BaseHOT/simple \
|
$ mkdir -p ./sample_vnf_package_csar/BaseHOT/simple \
|
||||||
./sample_vnf_package_csar/UserData
|
./sample_vnf_package_csar/UserData
|
||||||
|
|
||||||
#. Create ``TOSCA.meata`` file:
|
#. Create a ``TOSCA.meta`` file:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
@ -731,3 +746,4 @@ Trouble Shooting
|
|||||||
.. [#] https://forge.etsi.org/rep/nfv/SOL001
|
.. [#] https://forge.etsi.org/rep/nfv/SOL001
|
||||||
.. [#] https://docs.openstack.org/tacker/latest/user/vnfd-sol001.html
|
.. [#] https://docs.openstack.org/tacker/latest/user/vnfd-sol001.html
|
||||||
.. [#] https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/network.html
|
.. [#] https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/network.html
|
||||||
|
.. _vim_config.yaml: https://opendev.org/openstack/tacker/src/branch/master/samples/etsi_getting_started/tosca/vim/vim_config.yaml
|
||||||
|
@ -19,15 +19,13 @@
|
|||||||
Kubernetes VIM Installation
|
Kubernetes VIM Installation
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
This document describes the way to install Kubernetes VIM via Devstack and
|
Tacker uses kuryr-kubernetes for deploying Kubernetes cluster and sets up
|
||||||
how to register Kubernetes VIM in Tacker.
|
native Neutron-based network among Kubernetes and OpenStack VIMs.
|
||||||
|
It deploys VMs and Kubernetes resources on the same network.
|
||||||
|
|
||||||
To do that job, Tacker reuses the efforts from Kuryr-Kubernetes project in
|
#. Edit ``local.conf`` for Kubernetes
|
||||||
creating Kubernetes cluster and setting up native Neutron-based networking
|
|
||||||
between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will
|
|
||||||
bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|
||||||
|
|
||||||
#. Edit local.conf file by adding the following content
|
Add following plugin configurations for kuryr-kubernetes.
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
@ -38,10 +36,10 @@ bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|||||||
enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master
|
enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master
|
||||||
KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24"
|
KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24"
|
||||||
|
|
||||||
The public network will be used to launch LoadBalancer for Services in
|
Public network is used to launch LoadBalancer for Services in Kubernetes.
|
||||||
Kubernetes. The example for setting public subnet is described in [#first]_
|
Setting public subnet is described in [#first]_.
|
||||||
|
|
||||||
For more details, users also see the same examples in [#second]_ and [#third]_.
|
You can find whole of examples of ``local.conf`` in [#second]_ and [#third]_.
|
||||||
|
|
||||||
#. In CentOS environment install Kubernetes packages and start ovn services
|
#. In CentOS environment install Kubernetes packages and start ovn services
|
||||||
before executing stack.sh.
|
before executing stack.sh.
|
||||||
@ -71,7 +69,7 @@ bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|||||||
$ sudo systemctl start ovs-vswitchd.service
|
$ sudo systemctl start ovs-vswitchd.service
|
||||||
$ sudo systemctl start ovsdb-server.service
|
$ sudo systemctl start ovsdb-server.service
|
||||||
|
|
||||||
#. Run stack.sh
|
#. Run devstack installation
|
||||||
|
|
||||||
**Command:**
|
**Command:**
|
||||||
|
|
||||||
@ -79,9 +77,31 @@ bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|||||||
|
|
||||||
$ ./stack.sh
|
$ ./stack.sh
|
||||||
|
|
||||||
#. Get Kubernetes VIM configuration
|
#. Setup Kubernetes VIM configuration
|
||||||
|
|
||||||
After successful installation, users can get authentication information.
|
Now you are ready to register Kubernetes VIM if you complete devstack
|
||||||
|
installation.
|
||||||
|
You can setup configuration file for Kubernetes VIM by using a dedicated
|
||||||
|
script for the job or editing it from scratch.
|
||||||
|
|
||||||
|
The first way is to run ``gen_vim_config.sh`` with options for generating
|
||||||
|
the configuration file as described in :doc:`here </reference/vim_config>`.
|
||||||
|
Go to ``TACKER_ROOT`` directory which is the root of tacker's repository.
|
||||||
|
You need to add ``-t k8s`` at least for Kubernetes, or it generates
|
||||||
|
configurations for OpenStack. You can skip steps below before the section
|
||||||
|
``Register Kubernetes VIM``.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ cd TACKER_ROOT
|
||||||
|
$ bash tools/gen_vim_config.sh -t k8s
|
||||||
|
|
||||||
|
This script tries to get all required parameters from your environment
|
||||||
|
although you can give any of parameters with specific options.
|
||||||
|
Refer the usages in help message, ``-h`` option, for the details.
|
||||||
|
|
||||||
|
On the other hand, you're required to get required parameters with
|
||||||
|
``kubectl`` command if you edit the configuration from scratch.
|
||||||
|
|
||||||
* Get "Bearer Token"
|
* Get "Bearer Token"
|
||||||
|
|
||||||
@ -259,10 +279,10 @@ bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|||||||
|
|
||||||
#. Register Kubernetes VIM
|
#. Register Kubernetes VIM
|
||||||
|
|
||||||
In vim_config.yaml, project_name is fixed as "default", that will use to
|
In ``vim_config.yaml``, project_name is fixed as "default", that will use
|
||||||
support multi tenant on Kubernetes in the future.
|
to support multi tenant on Kubernetes in the future.
|
||||||
|
|
||||||
Create vim_config.yaml file for Kubernetes VIM as the following examples:
|
Create ``vim_config.yaml`` file for Kubernetes VIM as following examples:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
@ -272,7 +292,7 @@ bring VMs and Pods (and other Kubernetes resources) on the same network.
|
|||||||
project_name: "default"
|
project_name: "default"
|
||||||
type: "kubernetes"
|
type: "kubernetes"
|
||||||
|
|
||||||
Or vim_config.yaml with ssl_ca_cert enabled:
|
Or ``vim_config.yaml`` with ``ssl_ca_cert`` enabled:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
|
@ -21,6 +21,7 @@ Reference
|
|||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 1
|
:maxdepth: 1
|
||||||
|
|
||||||
|
vim_config.rst
|
||||||
mistral_workflows_usage_guide.rst
|
mistral_workflows_usage_guide.rst
|
||||||
block_storage_usage_guide.rst
|
block_storage_usage_guide.rst
|
||||||
reservation_policy_usage_guide.rst
|
reservation_policy_usage_guide.rst
|
||||||
|
221
doc/source/reference/vim_config.rst
Normal file
221
doc/source/reference/vim_config.rst
Normal file
@ -0,0 +1,221 @@
|
|||||||
|
..
|
||||||
|
Copyright (C) 2021 Nippon Telegraph and Telephone Corporation
|
||||||
|
All Rights Reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
License for the specific language governing permissions and limitations
|
||||||
|
under the License.
|
||||||
|
|
||||||
|
======================================
|
||||||
|
Configuration File for Registering VIM
|
||||||
|
======================================
|
||||||
|
|
||||||
|
For registering a VIM (Virtualized Infrastructure Manager), it is required
|
||||||
|
to provide a configuration file via ``openstack`` command. Here is an example
|
||||||
|
of registering a default VIM named as ``my-default-vim``
|
||||||
|
with a configuration file.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ openstack vim register --is-default --config-file vim_config.yaml \
|
||||||
|
--description "Some message" my-default-vim
|
||||||
|
|
||||||
|
|
||||||
|
VIM Types
|
||||||
|
^^^^^^^^^
|
||||||
|
|
||||||
|
Tacker supports two types of VIM, OpenStack and Kubernetes, and understands
|
||||||
|
which type of VIM requested to register from the contents of configuration.
|
||||||
|
|
||||||
|
You can prepare the configuration file by using dedicated script. It generates
|
||||||
|
a given type of VIM configuration. The default VIM type is OpenStack.
|
||||||
|
In the example below, it generates a configuration for OpenStack with default
|
||||||
|
parameters. ``TACKER_ROOT`` is the root of tacker's repository on your server.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ bash TACKER_ROOT/tools/gen_vim_config.sh
|
||||||
|
Config for OpenStack VIM 'vim_config.yaml' generated.
|
||||||
|
|
||||||
|
This script is helpful to configure VIM, finds required parameters for
|
||||||
|
the configuration from your environment.
|
||||||
|
For OpenStack VIM, parameters are retrieved from environment variables of
|
||||||
|
OpenStack. On the other hand, for Kubernets VIM, parameters are retrieved
|
||||||
|
via ``kubectl`` command.
|
||||||
|
If you use Kubernetes VIM with default parameters, just add option
|
||||||
|
``-t k8s`` or ``-t kubernetes`` explicitly.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ bash TACKER_ROOT/tools/gen_vim_config.sh -t k8s
|
||||||
|
Config for Kubernetes VIM 'vim_config.yaml' generated.
|
||||||
|
|
||||||
|
Usage
|
||||||
|
^^^^^
|
||||||
|
|
||||||
|
You can configure all parameters with options as referred to help message.
|
||||||
|
There are three categories of options, ``Common``, ``OpenStack`` and
|
||||||
|
``Kubernetes``.
|
||||||
|
|
||||||
|
``Common`` options are applied to both of types as named.
|
||||||
|
``-o`` or ``--output`` is for the name of output file,
|
||||||
|
``-e`` or ``endpoint`` is for specifying a URL of endpoint,
|
||||||
|
and ``-p`` or ``--project`` is for the name of project.
|
||||||
|
Other options than ``Common`` for ``OpenStack`` and ``Kubernetes``
|
||||||
|
are explained in next sections.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ bash tools/gen_vim_config.sh -h
|
||||||
|
Generate config file for registering Kubernetes VIM
|
||||||
|
|
||||||
|
usage:
|
||||||
|
gen_vim_config.sh [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT]
|
||||||
|
[-p PROJCT_NAME] [-u USER_NAME] [--token TOKEN] [-c] [-h]
|
||||||
|
|
||||||
|
options:
|
||||||
|
All of options are optional.
|
||||||
|
|
||||||
|
1) Common options
|
||||||
|
-t|--type VIM_TYPE
|
||||||
|
type of VIM.
|
||||||
|
* 'openstack' or 'os' for OpenStack
|
||||||
|
* 'kubernetes' or 'k8s' for Kubernetes
|
||||||
|
-o|--output OUTPUT_FILE
|
||||||
|
name of output file, default is 'vim_config.yaml'.
|
||||||
|
-e|--endpoint ENDPOINT
|
||||||
|
endpoint consists of url and port, such as 'https://127.0.0.1:6443'.
|
||||||
|
-p|--project PROJECT_NAME
|
||||||
|
name of project in which VIM is registered, default value is
|
||||||
|
'admin'.
|
||||||
|
-h|--help
|
||||||
|
show this message.
|
||||||
|
|
||||||
|
2) Options for OpenStack VIM
|
||||||
|
--os-user USER_NAME
|
||||||
|
name of OpenStack user, value of 'OS_USERNAME' is used by default.
|
||||||
|
--os-password PASSWORD
|
||||||
|
password of OpenStack user, value of 'OS_PASSWORD' is used by default.
|
||||||
|
--os-project-domain PROJ_DOMAIN
|
||||||
|
name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by
|
||||||
|
default.
|
||||||
|
--os-user-domain USER_DOMAIN
|
||||||
|
name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default.
|
||||||
|
--os-disable-cert-verify
|
||||||
|
use this option only if you set 'cert_verify' to False to disable
|
||||||
|
verifying against system certificates for keystone.
|
||||||
|
|
||||||
|
3) Options for Kubernetes VIM
|
||||||
|
--k8s-token TOKEN
|
||||||
|
bearer token.
|
||||||
|
--k8s-use-cert
|
||||||
|
use SSL CA cert.
|
||||||
|
|
||||||
|
|
||||||
|
OpenStack
|
||||||
|
---------
|
||||||
|
|
||||||
|
This is an example of configuration for OpenStack VIM below
|
||||||
|
in which all required parameters are included.
|
||||||
|
It depends on your account information you have already created before
|
||||||
|
preparing the configuration file.
|
||||||
|
|
||||||
|
.. literalinclude:: ../../../samples/vim/vim_config.yaml
|
||||||
|
:language: yaml
|
||||||
|
|
||||||
|
Auth URL
|
||||||
|
~~~~~~~~
|
||||||
|
|
||||||
|
Endpoint URL of OpenStack.
|
||||||
|
|
||||||
|
User Name
|
||||||
|
~~~~~~~~~
|
||||||
|
|
||||||
|
Name of a user for OpenStack VIM. It is usually set as ``OS_USERNAME``.
|
||||||
|
|
||||||
|
Password
|
||||||
|
~~~~~~~~
|
||||||
|
|
||||||
|
Password of OpenStack VIM. It is usually set as ``OS_PASSWORD``.
|
||||||
|
|
||||||
|
Project Domain
|
||||||
|
~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
name of project domain, value of ``OS_PROJECT_DOMAIN_ID`` is used by default.
|
||||||
|
|
||||||
|
User Domain
|
||||||
|
~~~~~~~~~~~
|
||||||
|
|
||||||
|
use this option only if you set ``cert_verify`` to False to disable verifying
|
||||||
|
against system certificates for keystone.
|
||||||
|
|
||||||
|
Cert Verify
|
||||||
|
~~~~~~~~~~~
|
||||||
|
|
||||||
|
``True`` or ``False`` for activating CERT verification.
|
||||||
|
|
||||||
|
|
||||||
|
Kubernetes
|
||||||
|
----------
|
||||||
|
|
||||||
|
You configure Kubernetes VIM with parameters retrieved from ``kubectl`` command
|
||||||
|
as described in
|
||||||
|
:doc:`/install/kubernetes_vim_installation`.
|
||||||
|
Here is an example of Kubernetes VIM configuration.
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
auth_url: "https://192.168.33.100:6443"
|
||||||
|
project_name: "default"
|
||||||
|
bearer_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6IlBRVDgxQkV5VDNVR1M1WGEwUFYxSXFkZFhJWDYzNklvMEp2WklLMnNFdk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi12cnpoaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImNhY2VmMzEzLTMzYjYtNDQ5MS1iMWUyLTg0NmQ2N2E0OTdkNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.R76VIWVZnQxa9NG02HIqux1xTJG4i7dkXsp52T4UU8bvNfsfi18kW_p3ZvaNTxw0yABBcmkYZoOBe4MNP5cTP6TtR_ERZoA5QCViasW_u36rSTBT0-MHRPbkXjJYetzYaFYUO-DlJd3194yOtVHtrxUd8D31qw0f1FlP8BHxblDjZkYlgYSjHCxcwEdwlnYaa0SiH2kl6_oCBRFg8cUfXDeTOmH9XEfdrJ6ubJ4OyqG6YjfiKDDiEHgIehy7s7vZGVwVIPy6EhT1YSOIhY5aF-G9nQSg-GK1V9LIq7petFoW_MIEt0yfNQVXy2D1tBhdJEa1bgtVsLmdlrNVf-m3uA"
|
||||||
|
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
|
||||||
|
MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl
|
||||||
|
LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH
|
||||||
|
a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd
|
||||||
|
pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2
|
||||||
|
Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo
|
||||||
|
+aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ
|
||||||
|
0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy
|
||||||
|
TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p
|
||||||
|
YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB
|
||||||
|
Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz
|
||||||
|
InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU
|
||||||
|
BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln
|
||||||
|
YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K
|
||||||
|
rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB
|
||||||
|
2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY=
|
||||||
|
-----END CERTIFICATE-----"
|
||||||
|
type: "kubernetes"
|
||||||
|
|
||||||
|
Auth URL
|
||||||
|
~~~~~~~~
|
||||||
|
|
||||||
|
Endpoint URL of Kubernetes.
|
||||||
|
|
||||||
|
Project Name
|
||||||
|
~~~~~~~~~~~~
|
||||||
|
|
||||||
|
The name of project.
|
||||||
|
|
||||||
|
Bearer Token
|
||||||
|
~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Bearer token required for accessing Kubernetes APIs.
|
||||||
|
|
||||||
|
Use SSL CA Cert
|
||||||
|
~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
The value of SSL CA Cert for X.509 client authentication. It can be ``None``.
|
||||||
|
|
||||||
|
Type
|
||||||
|
~~~~
|
||||||
|
|
||||||
|
Type of VIM to specify it explicitly as ``kubernetes``.
|
387
tools/gen_vim_config.sh
Executable file
387
tools/gen_vim_config.sh
Executable file
@ -0,0 +1,387 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright (C) 2021 Nippon Telegraph and Telephone Corporation
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# Uncomment for debugging.
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Default values for optional inputs.
|
||||||
|
VIMC_DEFAULT_PROJ=admin
|
||||||
|
VIMC_DEFAULT_OS_DOMAIN=Default
|
||||||
|
VIMC_DEFAULT_TYPE=openstack
|
||||||
|
VIMC_DEFAULT_OUTPUT=vim_config.yaml
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Find token from first entry of secrets.
|
||||||
|
# Returns:
|
||||||
|
# Secret token retrieved from kubectl.
|
||||||
|
#######################################
|
||||||
|
function k8s_token() {
|
||||||
|
local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
echo $(kubectl get secret ${_secret} -o jsonpath="{.data.token}" |
|
||||||
|
base64 --decode)
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Get endpoint of n-th from endpoints.
|
||||||
|
# Arguments:
|
||||||
|
# Index of endpoints, usually 0.
|
||||||
|
# Returns:
|
||||||
|
# URL of endpoint retrieved from kubectl.
|
||||||
|
#######################################
|
||||||
|
function k8s_endpoints() {
|
||||||
|
local _k8s_ep0_ip=$(kubectl get endpoints -o \
|
||||||
|
jsonpath="{.items[$1].subsets[0].addresses[0].ip}")
|
||||||
|
local _k8s_ep0_port=$(kubectl get endpoints -o \
|
||||||
|
jsonpath="{.items[$1].subsets[0].ports[0].port}")
|
||||||
|
echo "https://${_k8s_ep0_ip}:${_k8s_ep0_port}"
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Get cert from first entry of secrets.
|
||||||
|
# Returns:
|
||||||
|
# Contents of CA sert retrieved from kubectl.
|
||||||
|
#######################################
|
||||||
|
function k8s_ssl_ca_cert() {
|
||||||
|
local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
echo $(kubectl get secrets $_secret -o jsonpath="{.data.ca\.crt}" |
|
||||||
|
base64 --decode)
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Setup contents of config from given params and output to a file.
|
||||||
|
# Globals:
|
||||||
|
# VIMC_OS_CERT_VERIFY
|
||||||
|
# VIMC_OUTPUT
|
||||||
|
# VIMC_ENDPOINT
|
||||||
|
# VIMC_OS_USER
|
||||||
|
# VIMC_OS_PASSWORD
|
||||||
|
# VIMC_PROJ
|
||||||
|
# VIMC_OS_PROJ_DOMAIN
|
||||||
|
# VIMC_OS_USER_DOMAIN
|
||||||
|
# Outputs:
|
||||||
|
# Writes contents of config for OpenStack VIM to a file, ${VIMC_OUTPUT}.
|
||||||
|
#######################################
|
||||||
|
function setup_os_config() {
|
||||||
|
local _cert_verify=
|
||||||
|
if "${VIMC_OS_CERT_VERIFY}"; then
|
||||||
|
_cert_verify=True
|
||||||
|
else
|
||||||
|
_cert_verify=False
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF > ${VIMC_OUTPUT}
|
||||||
|
auth_url: "${VIMC_ENDPOINT}"
|
||||||
|
username: "${VIMC_OS_USER}"
|
||||||
|
password: "${VIMC_OS_PASSWORD}"
|
||||||
|
project_name: "${VIMC_PROJ}"
|
||||||
|
project_domain_name: "${VIMC_OS_PROJ_DOMAIN}"
|
||||||
|
user_domain_name: "${VIMC_OS_USER_DOMAIN}"
|
||||||
|
cert_verify: "${_cert_verify}"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Setup contents of config from given params and output to a file.
|
||||||
|
# Globals:
|
||||||
|
# VIMC_K8S_USE_CERT
|
||||||
|
# VIMC_OUTPUT
|
||||||
|
# VIMC_ENDPOINT
|
||||||
|
# VIMC_K8S_TOKEN
|
||||||
|
# VIMC_PROJ
|
||||||
|
# Outputs:
|
||||||
|
# Write contents of config for OpenStack Kubernetes to a file, ${VIMC_OUTPUT}.
|
||||||
|
#######################################
|
||||||
|
function setup_k8s_config() {
|
||||||
|
# In the contents of cert, blanks are replaced with `\n` without
|
||||||
|
# in header and footer. So, remove before the procedure at once, then
|
||||||
|
# add after that again.
|
||||||
|
local _cert_header="-----BEGIN CERTIFICATE-----"
|
||||||
|
local _cert_footer="-----END CERTIFICATE-----"
|
||||||
|
|
||||||
|
# Delimiter used temporarily for replacing blanks.
|
||||||
|
local _delim=":"
|
||||||
|
|
||||||
|
if "${VIMC_K8S_USE_CERT}"; then
|
||||||
|
local _k8s_cert=`k8s_ssl_ca_cert`
|
||||||
|
_k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_header}//"`
|
||||||
|
_k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_footer}//"`
|
||||||
|
_k8s_cert=`echo ${_k8s_cert} | sed -e "s/ /${_delim}/g"`
|
||||||
|
_k8s_cert=`echo \
|
||||||
|
"${_cert_header}${_delim}${_k8s_cert}${_delim}${_cert_footer}"`
|
||||||
|
_k8s_cert=`echo ${_k8s_cert} | sed -e "s/${_delim}/\\n/g"`
|
||||||
|
else
|
||||||
|
_k8s_cert="None"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF > ${VIMC_OUTPUT}
|
||||||
|
auth_url: "${VIMC_ENDPOINT}"
|
||||||
|
bearer_token: "${VIMC_K8S_TOKEN}"
|
||||||
|
ssl_ca_cert: "${_k8s_cert}"
|
||||||
|
project_name: "${VIMC_PROJ}"
|
||||||
|
type: "kubernetes"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Show help message.
|
||||||
|
# Outputs:
|
||||||
|
# Writes help message to stdout.
|
||||||
|
#######################################
|
||||||
|
function show_help() {
|
||||||
|
cat << EOS
|
||||||
|
Generate config file for registering Kubernetes VIM
|
||||||
|
|
||||||
|
usage:
|
||||||
|
$(basename $0) [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT]
|
||||||
|
[-p PROJCT_NAME] [-u USER_NAME] [--token TOKEN] [-c] [-h]
|
||||||
|
|
||||||
|
options:
|
||||||
|
All of options are optional.
|
||||||
|
|
||||||
|
1) Common options
|
||||||
|
-t|--type VIM_TYPE
|
||||||
|
type of VIM.
|
||||||
|
* 'openstack' or 'os' for OpenStack
|
||||||
|
* 'kubernetes' or 'k8s' for Kubernetes
|
||||||
|
-o|--output OUTPUT_FILE
|
||||||
|
name of output file, default is '${VIMC_DEFAULT_OUTPUT}'.
|
||||||
|
-e|--endpoint ENDPOINT
|
||||||
|
endpoint consists of url and port, such as 'https://127.0.0.1:6443'.
|
||||||
|
-p|--project PROJECT_NAME
|
||||||
|
name of project in which VIM is registered, default value is
|
||||||
|
'${VIMC_DEFAULT_PROJ}'.
|
||||||
|
-h|--help
|
||||||
|
show this message.
|
||||||
|
|
||||||
|
2) Options for OpenStack VIM
|
||||||
|
--os-user USER_NAME
|
||||||
|
name of OpenStack user, value of 'OS_USERNAME' is used by default.
|
||||||
|
--os-password PASSWORD
|
||||||
|
password of OpenStack user, value of 'OS_PASSWORD' is used by default.
|
||||||
|
--os-project-domain PROJ_DOMAIN
|
||||||
|
name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by
|
||||||
|
default.
|
||||||
|
--os-user-domain USER_DOMAIN
|
||||||
|
name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default.
|
||||||
|
--os-disable-cert-verify
|
||||||
|
use this option only if you set 'cert_verify' to False to disable
|
||||||
|
verifying against system certificates for keystone.
|
||||||
|
|
||||||
|
3) Options for Kubernetes VIM
|
||||||
|
--k8s-token TOKEN
|
||||||
|
bearer token.
|
||||||
|
--k8s-use-cert
|
||||||
|
use SSL CA cert.
|
||||||
|
EOS
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Main function for OpenStack VIM config.
|
||||||
|
# Globals:
|
||||||
|
# VIMC_ENDPOINT
|
||||||
|
# VIMC_OS_USER
|
||||||
|
# VIMC_OS_PASSWORD
|
||||||
|
# VIMC_OS_PROJ_DOMAIN
|
||||||
|
# VIMC_OS_USER_DOMAIN
|
||||||
|
#######################################
|
||||||
|
function os_main() {
|
||||||
|
VIMC_ENDPOINT=${VIMC_ENDPOINT:-${OS_AUTH_URL}}
|
||||||
|
if [ ! ${VIMC_ENDPOINT} ]; then
|
||||||
|
clean_exit 1 \
|
||||||
|
"Error: Set 'OS_AUTH_URL' or use '--endpoint'."
|
||||||
|
fi
|
||||||
|
|
||||||
|
VIMC_OS_USER=${VIMC_OS_USER:-${OS_USERNAME}}
|
||||||
|
if [ ! ${VIMC_OS_USER} ]; then
|
||||||
|
clean_exit 1 \
|
||||||
|
"Error: No username found. Set 'OS_USERNAME' or use '--os-user'."
|
||||||
|
fi
|
||||||
|
|
||||||
|
VIMC_OS_PASSWORD=${VIMC_OS_PASSWORD:-${OS_PASSWORD}}
|
||||||
|
if [ ! ${VIMC_OS_PASSWORD} ]; then
|
||||||
|
clean_exit 1 \
|
||||||
|
"Error: No password found. Set 'OS_PASSWORD' or use '--os-password'."
|
||||||
|
fi
|
||||||
|
|
||||||
|
VIMC_OS_PROJ_DOMAIN=${VIMC_OS_PROJ_DOMAIN:-${OS_PROJECT_DOMAIN_ID}}
|
||||||
|
if [ ! ${VIMC_OS_PROJ_DOMAIN} ]; then
|
||||||
|
VIMC_OS_PROJ_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN}
|
||||||
|
fi
|
||||||
|
|
||||||
|
VIMC_OS_USER_DOMAIN=${VIMC_OS_USER_DOMAIN:-${OS_USER_DOMAIN_ID}}
|
||||||
|
if [ ! ${VIMC_OS_USER_DOMAIN} ]; then
|
||||||
|
VIMC_OS_USER_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN}
|
||||||
|
fi
|
||||||
|
|
||||||
|
setup_os_config
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Main function for Kubernetes VIM config.
|
||||||
|
# Globals:
|
||||||
|
# VIMC_K8S_TOKEN
|
||||||
|
# VIMC_ENDPOINT
|
||||||
|
#######################################
|
||||||
|
function k8s_main() {
|
||||||
|
kubectl create clusterrolebinding cluster-admin-binding \
|
||||||
|
--clusterrole cluster-admin --serviceaccount=default:default \
|
||||||
|
&>/dev/null
|
||||||
|
|
||||||
|
VIMC_K8S_TOKEN=${VIMC_K8S_TOKEN:-`k8s_token`}
|
||||||
|
VIMC_ENDPOINT=${VIMC_ENDPOINT:-`k8s_endpoints 0`}
|
||||||
|
|
||||||
|
setup_k8s_config
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Re-wind OPTIND and clean all other variables as finalization.
|
||||||
|
# Globals:
|
||||||
|
# OPTIND
|
||||||
|
# PREV_OPTIND
|
||||||
|
# VIMC_DEFAULT_TYPE
|
||||||
|
# VIMC_DEFAULT_OUTPUT
|
||||||
|
# VIMC_DEFAULT_PROJ
|
||||||
|
# VIMC_TYPE
|
||||||
|
# VIMC_OUTPUT
|
||||||
|
# VIMC_ENDPOINT
|
||||||
|
# VIMC_PROJ
|
||||||
|
# VIMC_OS_USER
|
||||||
|
# VIMC_OS_PASSWORD
|
||||||
|
# VIMC_OS_PROJ_DOMAIN
|
||||||
|
# VIMC_OS_USER_DOMAIN
|
||||||
|
# VIMC_OS_CERT_VERIFY
|
||||||
|
# VIMC_K8S_TOKEN
|
||||||
|
# VIMC_K8S_USE_CERT
|
||||||
|
#######################################
|
||||||
|
function cleanup() {
|
||||||
|
OPTIND=${PREV_OPTIND}
|
||||||
|
VIMC_DEFAULT_TYPE=
|
||||||
|
VIMC_DEFAULT_OUTPUT=
|
||||||
|
VIMC_DEFAULT_PROJ=
|
||||||
|
VIMC_TYPE=
|
||||||
|
VIMC_OUTPUT=
|
||||||
|
VIMC_ENDPOINT=
|
||||||
|
VIMC_PROJ=
|
||||||
|
VIMC_OS_USER=
|
||||||
|
VIMC_OS_PASSWORD=
|
||||||
|
VIMC_OS_PROJ_DOMAIN=
|
||||||
|
VIMC_OS_USER_DOMAIN=
|
||||||
|
VIMC_OS_CERT_VERIFY=
|
||||||
|
VIMC_K8S_TOKEN=
|
||||||
|
VIMC_K8S_USE_CERT=
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Ensure cleanup before exit.
|
||||||
|
# Arguments:
|
||||||
|
# Exit code (optional).
|
||||||
|
# Error message to be output to stderr (optional).
|
||||||
|
#######################################
|
||||||
|
function clean_exit() {
|
||||||
|
cleanup
|
||||||
|
if [[ $2 != "" ]]; then
|
||||||
|
echo $2 >&2
|
||||||
|
fi
|
||||||
|
exit $1
|
||||||
|
}
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Main procedure is started from here.
|
||||||
|
#######################################
|
||||||
|
PREV_OPTIND=${OPTIND}
|
||||||
|
OPTIND=1
|
||||||
|
|
||||||
|
while getopts t:o:e:p:ch-: opt; do
|
||||||
|
|
||||||
|
optarg=${OPTARG}
|
||||||
|
if [[ "${opt}" = - ]]; then
|
||||||
|
opt="-${OPTARG%%=*}"
|
||||||
|
optarg="${OPTARG/${OPTARG%%=*}/}"
|
||||||
|
optarg="${optarg#=}"
|
||||||
|
|
||||||
|
if [[ -z "$optarg" ]] && [[ ! "${!OPTIND}" = -* ]]; then
|
||||||
|
optarg="${!OPTIND}"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "-${opt}" in
|
||||||
|
-t|--type)
|
||||||
|
VIMC_TYPE=${optarg};
|
||||||
|
;;
|
||||||
|
-o|--output)
|
||||||
|
VIMC_OUTPUT=${optarg};
|
||||||
|
;;
|
||||||
|
-e|--endpoint)
|
||||||
|
VIMC_ENDPOINT=${optarg};
|
||||||
|
;;
|
||||||
|
-p|--project)
|
||||||
|
VIMC_PROJ=${optarg};
|
||||||
|
;;
|
||||||
|
|
||||||
|
--os-user)
|
||||||
|
VIMC_OS_USER=${optarg};
|
||||||
|
;;
|
||||||
|
--os-password)
|
||||||
|
VIMC_OS_PASSWORD=${optarg};
|
||||||
|
;;
|
||||||
|
--os-project-domain)
|
||||||
|
VIMC_OS_PROJ_DOMAIN=${optarg};
|
||||||
|
;;
|
||||||
|
--os-user-domain)
|
||||||
|
VIMC_OS_USER_DOMAIN=${optarg};
|
||||||
|
;;
|
||||||
|
--os-disable-cert-verify)
|
||||||
|
VIMC_OS_CERT_VERIFY=false;
|
||||||
|
;;
|
||||||
|
|
||||||
|
--k8s-token)
|
||||||
|
VIMC_K8S_TOKEN=${optarg};
|
||||||
|
;;
|
||||||
|
--k8s-use-cert)
|
||||||
|
VIMC_K8S_USE_CERT=true;
|
||||||
|
;;
|
||||||
|
|
||||||
|
-h|--help)
|
||||||
|
show_help;
|
||||||
|
clean_exit;
|
||||||
|
;;
|
||||||
|
--*)
|
||||||
|
clean_exit 1 "Error: Illegal option '${opt##-}'.";
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
VIMC_TYPE=${VIMC_TYPE:-${VIMC_DEFAULT_TYPE}}
|
||||||
|
VIMC_OUTPUT=${VIMC_OUTPUT:-${VIMC_DEFAULT_OUTPUT}}
|
||||||
|
VIMC_PROJ=${VIMC_PROJ:-${VIMC_DEFAULT_PROJ}}
|
||||||
|
|
||||||
|
VIMC_OS_CERT_VERIFY=${VIMC_OS_CERT_VERIFY:-true}
|
||||||
|
VIMC_K8S_USE_CERT=${VIMC_K8S_USE_CERT:-false}
|
||||||
|
|
||||||
|
if [[ ${VIMC_TYPE} == "openstack" || ${VIMC_TYPE} == "os" ]]; then
|
||||||
|
os_main
|
||||||
|
echo "Config for OpenStack VIM '${VIMC_OUTPUT}' generated."
|
||||||
|
elif [[ ${VIMC_TYPE} == "kubernetes" || ${VIMC_TYPE} == "k8s" ]]; then
|
||||||
|
k8s_main
|
||||||
|
echo "Config for Kubernetes VIM '${VIMC_OUTPUT}' generated."
|
||||||
|
else
|
||||||
|
echo "Error: No type matched with '${VIMC_TYPE}'." >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
cleanup
|
||||||
|
set +x
|
Loading…
Reference in New Issue
Block a user