Update zuul environment to support helm chart
This patch changes the following to support helm chart spec and to test instantiate/terminate cnf with helm chart. * Add `extra` field to vims db. * Add `setup-helm` task to ansible-playbook roles. [On controller-k8s node] * Create and setup helm user for executing helm command. * Install helm. * Create folder for putting local helm chart. * Enable password authentication in sshd_config and restart sshd. [On controller node] * Update Vims DB of vim-kubernetes to modify extra field that include helm access information. Implements: blueprint helmchart-k8s-vim Change-Id: Iaf7c11c5bedb77e9cd21074be2b4f73528aa2ce7
This commit is contained in:
parent
5eced54d7f
commit
d7a13ce18a
@ -472,6 +472,7 @@
|
|||||||
controller_worker:
|
controller_worker:
|
||||||
amp_active_retries: 9999
|
amp_active_retries: 9999
|
||||||
kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080"
|
kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080"
|
||||||
|
helm_version: "3.5.4"
|
||||||
test_matrix_configs: [neutron]
|
test_matrix_configs: [neutron]
|
||||||
zuul_work_dir: src/opendev.org/openstack/tacker
|
zuul_work_dir: src/opendev.org/openstack/tacker
|
||||||
zuul_copy_output:
|
zuul_copy_output:
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
- orchestrate-devstack
|
- orchestrate-devstack
|
||||||
- modify-heat-policy
|
- modify-heat-policy
|
||||||
- setup-default-vim
|
- setup-default-vim
|
||||||
|
- setup-helm
|
||||||
- role: bindep
|
- role: bindep
|
||||||
bindep_profile: test
|
bindep_profile: test
|
||||||
bindep_dir: "{{ zuul_work_dir }}"
|
bindep_dir: "{{ zuul_work_dir }}"
|
||||||
|
4
roles/setup-helm/defaults/main.yaml
Normal file
4
roles/setup-helm/defaults/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
helm_user_home_dir: /home/helm
|
||||||
|
helm_user_password: helm_password
|
||||||
|
helm_chart_dir: /var/tacker/helm
|
||||||
|
vim_name: vim-kubernetes
|
1
roles/setup-helm/files/50_helm_sh
Normal file
1
roles/setup-helm/files/50_helm_sh
Normal file
@ -0,0 +1 @@
|
|||||||
|
helm ALL=(root) NOPASSWD:ALL
|
106
roles/setup-helm/tasks/main.yaml
Normal file
106
roles/setup-helm/tasks/main.yaml
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
- block:
|
||||||
|
- name: Create helm group
|
||||||
|
group:
|
||||||
|
name: helm
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Create the helm user home folder
|
||||||
|
file:
|
||||||
|
path: "{{ helm_user_home_dir }}"
|
||||||
|
state: directory
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Create helm user
|
||||||
|
user:
|
||||||
|
name: helm
|
||||||
|
password: "{{ helm_user_password | password_hash('sha512') }}"
|
||||||
|
shell: /bin/bash
|
||||||
|
home: "{{ helm_user_home_dir }}"
|
||||||
|
group: helm
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Set helm user home directory permissions and ownership
|
||||||
|
file:
|
||||||
|
path: '{{ helm_user_home_dir }}'
|
||||||
|
mode: 0755
|
||||||
|
owner: helm
|
||||||
|
group: helm
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Copy 50_helm_sh file to /etc/sudoers.d
|
||||||
|
copy:
|
||||||
|
src: 50_helm_sh
|
||||||
|
dest: /etc/sudoers.d
|
||||||
|
mode: 0440
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Copy kube config to helm user home folder
|
||||||
|
copy:
|
||||||
|
src: "{{ devstack_base_dir }}/.kube"
|
||||||
|
dest: "{{ helm_user_home_dir }}"
|
||||||
|
mode: 0755
|
||||||
|
owner: helm
|
||||||
|
group: helm
|
||||||
|
remote_src: yes
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Download Helm
|
||||||
|
get_url:
|
||||||
|
url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
|
||||||
|
dest: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: Unarchive Helm
|
||||||
|
unarchive:
|
||||||
|
src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
|
||||||
|
dest: "/tmp"
|
||||||
|
remote_src: yes
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Move Helm binary
|
||||||
|
shell: mv /tmp/linux-amd64/helm /usr/local/bin/helm
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Create folder to store helm charts
|
||||||
|
file:
|
||||||
|
path: "{{ helm_chart_dir }}"
|
||||||
|
state: directory
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Enable PasswordAuthentication
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
regexp: "^PasswordAuthentication"
|
||||||
|
insertafter: "^#PasswordAuthentication"
|
||||||
|
line: "PasswordAuthentication yes"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Restart sshd service
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
when:
|
||||||
|
- inventory_hostname == 'controller-k8s'
|
||||||
|
- helm_version is defined
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Update extra field of k8s vim
|
||||||
|
command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "update vims set extra='{\"helm_info\":\"{\'masternode_ip\':[\'{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}\'],\'masternode_username\':\'helm\',\'masternode_password\':\'{{ helm_user_password }}\'}\"}' where name='{{ vim_name }}'"
|
||||||
|
|
||||||
|
- name: Get extra field of k8s vim after updating
|
||||||
|
command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "select extra from vims where name='{{ vim_name }}'"
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Print result
|
||||||
|
debug:
|
||||||
|
var: result.stdout
|
||||||
|
when: result.rc == 0
|
||||||
|
|
||||||
|
when:
|
||||||
|
- inventory_hostname == 'controller'
|
||||||
|
- helm_version is defined
|
||||||
|
|
@ -0,0 +1,36 @@
|
|||||||
|
# Copyright 2021 OpenStack Foundation
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
# flake8: noqa: E402
|
||||||
|
|
||||||
|
"""add extra field to vims db
|
||||||
|
|
||||||
|
Revision ID: 6dc60a5760e5
|
||||||
|
Revises: c31f65e0d099
|
||||||
|
Create Date: 2021-07-26 12:28:13.797458
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '6dc60a5760e5'
|
||||||
|
down_revision = 'c31f65e0d099'
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade(active_plugins=None, options=None):
|
||||||
|
op.add_column('vims',
|
||||||
|
sa.Column('extra', sa.JSON(), nullable=True))
|
@ -1 +1 @@
|
|||||||
c31f65e0d099
|
6dc60a5760e5
|
||||||
|
Loading…
Reference in New Issue
Block a user