Update zuul environment to support helm chart

This patch changes the following to support helm chart spec and
to test instantiate/terminate cnf with helm chart.
* Add `extra` field to vims db.
* Add `setup-helm` task to ansible-playbook roles.
  [On controller-k8s node]
  * Create and setup helm user for executing helm command.
  * Install helm.
  * Create folder for putting local helm chart.
  * Enable password authentication in sshd_config and restart sshd.

  [On controller node]
  * Update Vims DB of vim-kubernetes to modify extra field that include
    helm access information.

Implements: blueprint helmchart-k8s-vim
Change-Id: Iaf7c11c5bedb77e9cd21074be2b4f73528aa2ce7
This commit is contained in:
Ayumu Ueha 2021-07-20 07:17:56 +00:00
parent 5eced54d7f
commit d7a13ce18a
7 changed files with 150 additions and 1 deletions

View File

@ -472,6 +472,7 @@
controller_worker:
amp_active_retries: 9999
kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080"
helm_version: "3.5.4"
test_matrix_configs: [neutron]
zuul_work_dir: src/opendev.org/openstack/tacker
zuul_copy_output:

View File

@ -4,6 +4,7 @@
- orchestrate-devstack
- modify-heat-policy
- setup-default-vim
- setup-helm
- role: bindep
bindep_profile: test
bindep_dir: "{{ zuul_work_dir }}"

View File

@ -0,0 +1,4 @@
helm_user_home_dir: /home/helm
helm_user_password: helm_password
helm_chart_dir: /var/tacker/helm
vim_name: vim-kubernetes

View File

@ -0,0 +1 @@
helm ALL=(root) NOPASSWD:ALL

View File

@ -0,0 +1,106 @@
- block:
- name: Create helm group
group:
name: helm
become: yes
- name: Create the helm user home folder
file:
path: "{{ helm_user_home_dir }}"
state: directory
become: yes
- name: Create helm user
user:
name: helm
password: "{{ helm_user_password | password_hash('sha512') }}"
shell: /bin/bash
home: "{{ helm_user_home_dir }}"
group: helm
become: yes
- name: Set helm user home directory permissions and ownership
file:
path: '{{ helm_user_home_dir }}'
mode: 0755
owner: helm
group: helm
become: yes
- name: Copy 50_helm_sh file to /etc/sudoers.d
copy:
src: 50_helm_sh
dest: /etc/sudoers.d
mode: 0440
owner: root
group: root
become: yes
- name: Copy kube config to helm user home folder
copy:
src: "{{ devstack_base_dir }}/.kube"
dest: "{{ helm_user_home_dir }}"
mode: 0755
owner: helm
group: helm
remote_src: yes
become: yes
- name: Download Helm
get_url:
url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
dest: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
force: yes
- name: Unarchive Helm
unarchive:
src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
dest: "/tmp"
remote_src: yes
become: yes
- name: Move Helm binary
shell: mv /tmp/linux-amd64/helm /usr/local/bin/helm
become: yes
- name: Create folder to store helm charts
file:
path: "{{ helm_chart_dir }}"
state: directory
become: yes
- name: Enable PasswordAuthentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PasswordAuthentication"
insertafter: "^#PasswordAuthentication"
line: "PasswordAuthentication yes"
become: yes
- name: Restart sshd service
service:
name: sshd
state: restarted
become: yes
when:
- inventory_hostname == 'controller-k8s'
- helm_version is defined
- block:
- name: Update extra field of k8s vim
command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "update vims set extra='{\"helm_info\":\"{\'masternode_ip\':[\'{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}\'],\'masternode_username\':\'helm\',\'masternode_password\':\'{{ helm_user_password }}\'}\"}' where name='{{ vim_name }}'"
- name: Get extra field of k8s vim after updating
command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "select extra from vims where name='{{ vim_name }}'"
register: result
- name: Print result
debug:
var: result.stdout
when: result.rc == 0
when:
- inventory_hostname == 'controller'
- helm_version is defined

View File

@ -0,0 +1,36 @@
# Copyright 2021 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# flake8: noqa: E402
"""add extra field to vims db
Revision ID: 6dc60a5760e5
Revises: c31f65e0d099
Create Date: 2021-07-26 12:28:13.797458
"""
# revision identifiers, used by Alembic.
revision = '6dc60a5760e5'
down_revision = 'c31f65e0d099'
from alembic import op
import sqlalchemy as sa
def upgrade(active_plugins=None, options=None):
op.add_column('vims',
sa.Column('extra', sa.JSON(), nullable=True))

View File

@ -1 +1 @@
c31f65e0d099
6dc60a5760e5