diff --git a/.zuul.yaml b/.zuul.yaml index ac9fcdb40..ac414c15a 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -472,6 +472,7 @@ controller_worker: amp_active_retries: 9999 kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080" + helm_version: "3.5.4" test_matrix_configs: [neutron] zuul_work_dir: src/opendev.org/openstack/tacker zuul_copy_output: diff --git a/playbooks/devstack/pre.yaml b/playbooks/devstack/pre.yaml index f71664ae4..c9df0e033 100644 --- a/playbooks/devstack/pre.yaml +++ b/playbooks/devstack/pre.yaml @@ -4,6 +4,7 @@ - orchestrate-devstack - modify-heat-policy - setup-default-vim + - setup-helm - role: bindep bindep_profile: test bindep_dir: "{{ zuul_work_dir }}" diff --git a/roles/setup-helm/defaults/main.yaml b/roles/setup-helm/defaults/main.yaml new file mode 100644 index 000000000..a958a7695 --- /dev/null +++ b/roles/setup-helm/defaults/main.yaml @@ -0,0 +1,4 @@ +helm_user_home_dir: /home/helm +helm_user_password: helm_password +helm_chart_dir: /var/tacker/helm +vim_name: vim-kubernetes diff --git a/roles/setup-helm/files/50_helm_sh b/roles/setup-helm/files/50_helm_sh new file mode 100644 index 000000000..a28d468c0 --- /dev/null +++ b/roles/setup-helm/files/50_helm_sh @@ -0,0 +1 @@ +helm ALL=(root) NOPASSWD:ALL diff --git a/roles/setup-helm/tasks/main.yaml b/roles/setup-helm/tasks/main.yaml new file mode 100644 index 000000000..eb12bfbf7 --- /dev/null +++ b/roles/setup-helm/tasks/main.yaml @@ -0,0 +1,106 @@ +- block: + - name: Create helm group + group: + name: helm + become: yes + + - name: Create the helm user home folder + file: + path: "{{ helm_user_home_dir }}" + state: directory + become: yes + + - name: Create helm user + user: + name: helm + password: "{{ helm_user_password | password_hash('sha512') }}" + shell: /bin/bash + home: "{{ helm_user_home_dir }}" + group: helm + become: yes + + - name: Set helm user home directory permissions and ownership + file: + path: '{{ helm_user_home_dir }}' + mode: 0755 + owner: helm + group: helm + become: yes + + - name: Copy 50_helm_sh file to /etc/sudoers.d + copy: + src: 50_helm_sh + dest: /etc/sudoers.d + mode: 0440 + owner: root + group: root + become: yes + + - name: Copy kube config to helm user home folder + copy: + src: "{{ devstack_base_dir }}/.kube" + dest: "{{ helm_user_home_dir }}" + mode: 0755 + owner: helm + group: helm + remote_src: yes + become: yes + + - name: Download Helm + get_url: + url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz" + dest: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz" + force: yes + + - name: Unarchive Helm + unarchive: + src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz" + dest: "/tmp" + remote_src: yes + become: yes + + - name: Move Helm binary + shell: mv /tmp/linux-amd64/helm /usr/local/bin/helm + become: yes + + - name: Create folder to store helm charts + file: + path: "{{ helm_chart_dir }}" + state: directory + become: yes + + - name: Enable PasswordAuthentication + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PasswordAuthentication" + insertafter: "^#PasswordAuthentication" + line: "PasswordAuthentication yes" + become: yes + + - name: Restart sshd service + service: + name: sshd + state: restarted + become: yes + + when: + - inventory_hostname == 'controller-k8s' + - helm_version is defined + +- block: + - name: Update extra field of k8s vim + command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "update vims set extra='{\"helm_info\":\"{\'masternode_ip\':[\'{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}\'],\'masternode_username\':\'helm\',\'masternode_password\':\'{{ helm_user_password }}\'}\"}' where name='{{ vim_name }}'" + + - name: Get extra field of k8s vim after updating + command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "select extra from vims where name='{{ vim_name }}'" + register: result + + - name: Print result + debug: + var: result.stdout + when: result.rc == 0 + + when: + - inventory_hostname == 'controller' + - helm_version is defined + diff --git a/tacker/db/migration/alembic_migrations/versions/6dc60a5760e5_add_extra_field_to_vims_db.py b/tacker/db/migration/alembic_migrations/versions/6dc60a5760e5_add_extra_field_to_vims_db.py new file mode 100644 index 000000000..598599bd7 --- /dev/null +++ b/tacker/db/migration/alembic_migrations/versions/6dc60a5760e5_add_extra_field_to_vims_db.py @@ -0,0 +1,36 @@ +# Copyright 2021 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +# flake8: noqa: E402 + +"""add extra field to vims db + +Revision ID: 6dc60a5760e5 +Revises: c31f65e0d099 +Create Date: 2021-07-26 12:28:13.797458 + +""" + +# revision identifiers, used by Alembic. +revision = '6dc60a5760e5' +down_revision = 'c31f65e0d099' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(active_plugins=None, options=None): + op.add_column('vims', + sa.Column('extra', sa.JSON(), nullable=True)) diff --git a/tacker/db/migration/alembic_migrations/versions/HEAD b/tacker/db/migration/alembic_migrations/versions/HEAD index cb89ab5ca..265b94c48 100644 --- a/tacker/db/migration/alembic_migrations/versions/HEAD +++ b/tacker/db/migration/alembic_migrations/versions/HEAD @@ -1 +1 @@ -c31f65e0d099 +6dc60a5760e5