From 86b27b91aa950660e930a71768b3cb5e85ccee13 Mon Sep 17 00:00:00 2001 From: Alex Kozyrev Date: Mon, 11 Mar 2019 17:19:02 -0400 Subject: [PATCH] Provide helm chart for containerized Barbican service This commit introduces Barbican as an OpenStack Application. Adding the Armada manifest for Barbican and updating the helm plugin with correct values to bring up containerized Barbican. Also fixing the typo in memcache_secret_key for all the services in order to leverage authtoken cache encryption key feauture. Removing the non-existing value for Keystone. Change-Id: I41c85969fe0554399721abb6efa73148bdc84cd4 Story: 2003108 Task: 29969 Signed-off-by: Alex Kozyrev --- .../manifests/manifest.yaml | 61 +++++++++++++++++++ .../sysinv/sysinv/sysinv/common/constants.py | 1 + sysinv/sysinv/sysinv/sysinv/helm/aodh.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/barbican.py | 31 +++++++++- .../sysinv/sysinv/sysinv/helm/ceilometer.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/cinder.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/glance.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/gnocchi.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/keystone.py | 7 +-- sysinv/sysinv/sysinv/sysinv/helm/neutron.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/nova.py | 2 +- sysinv/sysinv/sysinv/sysinv/helm/panko.py | 2 +- 12 files changed, 99 insertions(+), 17 deletions(-) diff --git a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index 6cb5d8993b..64d16a8e86 100644 --- a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -392,6 +392,56 @@ data: - helm-toolkit --- schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-barbican +data: + chart_name: barbican + release: openstack-barbican + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-barbican + test: + enabled: false + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + release_group: osh-openstack-barbican + - type: pod + labels: + release_group: osh-openstack-barbican + component: test + values: + labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api: 2 + affinity: + anti: + type: + default: requiredDuringSchedulingIgnoredDuringExecution + source: + type: tar + location: http://172.17.0.1/helm_charts/barbican-0.1.0.tgz + subpath: barbican + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: openstack-glance @@ -2663,6 +2713,16 @@ data: - openstack-keystone --- schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-barbican +data: + description: "Deploy barbican" + sequenced: true + chart_group: + - openstack-barbican +--- +schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: openstack-glance @@ -2742,6 +2802,7 @@ data: - openstack-memcached - openstack-rabbitmq - openstack-keystone + - openstack-barbican - openstack-glance - openstack-compute-kit - openstack-heat diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py index 157600ebb0..0e9afd400a 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/constants.py +++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py @@ -1520,6 +1520,7 @@ SUPPORTED_HELM_APP_CHARTS = { HELM_CHART_PANKO, HELM_CHART_AODH, HELM_CHART_HELM_TOOLKIT, + HELM_CHART_BARBICAN, ] } diff --git a/sysinv/sysinv/sysinv/sysinv/helm/aodh.py b/sysinv/sysinv/sysinv/sysinv/helm/aodh.py index 9d8d370643..27233a924d 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/aodh.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/aodh.py @@ -87,7 +87,7 @@ class AodhHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/barbican.py b/sysinv/sysinv/sysinv/sysinv/helm/barbican.py index f43d683b1d..ca020c9f0e 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/barbican.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/barbican.py @@ -14,18 +14,19 @@ class BarbicanHelm(openstack.OpenstackBaseHelm): """Class to encapsulate helm operations for the barbican chart""" CHART = constants.HELM_CHART_BARBICAN - + AUTH_USERS = ['barbican'] SERVICE_NAME = constants.HELM_CHART_BARBICAN def get_overrides(self, namespace=None): overrides = { common.HELM_NS_OPENSTACK: { - 'images': self._get_images_overrides(), 'pod': { 'replicas': { 'api': self._num_controllers() } - } + }, + 'endpoints': self._get_endpoints_overrides(), + 'images': self._get_images_overrides() } } @@ -37,6 +38,30 @@ class BarbicanHelm(openstack.OpenstackBaseHelm): else: return overrides + def _get_endpoints_overrides(self): + return { + 'identity': { + 'auth': self._get_endpoints_identity_overrides( + self.SERVICE_NAME, self.AUTH_USERS), + 'host_fqdn_override': self._get_endpoints_host_fqdn_overrides( + self.SERVICE_NAME) + }, + 'oslo_db': { + 'auth': self._get_endpoints_oslo_db_overrides( + self.SERVICE_NAME, self.AUTH_USERS) + }, + 'oslo_cache': { + 'auth': { + 'memcache_secret_key': + self._get_common_password('auth_memcache_key') + } + }, + 'oslo_messaging': { + 'auth': self._get_endpoints_oslo_messaging_overrides( + self.SERVICE_NAME, self.AUTH_USERS) + }, + } + def _get_images_overrides(self): heat_image = self._operator.chart_operators[ constants.HELM_CHART_HEAT].docker_image diff --git a/sysinv/sysinv/sysinv/sysinv/helm/ceilometer.py b/sysinv/sysinv/sysinv/sysinv/helm/ceilometer.py index 829fe2d47c..69065c25ec 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/ceilometer.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/ceilometer.py @@ -138,7 +138,7 @@ class CeilometerHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/cinder.py b/sysinv/sysinv/sysinv/sysinv/helm/cinder.py index a18d19d397..102f7bae64 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/cinder.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/cinder.py @@ -170,7 +170,7 @@ class CinderHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/glance.py b/sysinv/sysinv/sysinv/sysinv/helm/glance.py index 301a9ddb06..523b048d94 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/glance.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/glance.py @@ -97,7 +97,7 @@ class GlanceHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/gnocchi.py b/sysinv/sysinv/sysinv/sysinv/helm/gnocchi.py index 9595b19faf..56246a6929 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/gnocchi.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/gnocchi.py @@ -71,7 +71,7 @@ class GnocchiHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/keystone.py b/sysinv/sysinv/sysinv/sysinv/helm/keystone.py index 9166f02ecd..88e6b08f55 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/keystone.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/keystone.py @@ -203,6 +203,7 @@ class KeystoneHelm(openstack.OpenstackBaseHelm): "'admin':%(target.role.name)s or 'heat_admin':%(target.user.name)s", "protected_services": [ ["'aodh':%(target.user.name)s"], + ["'barbican':%(target.user.name)s"], ["'ceilometer':%(target.user.name)s"], ["'cinder':%(target.user.name)s"], ["'glance':%(target.user.name)s"], @@ -248,12 +249,6 @@ class KeystoneHelm(openstack.OpenstackBaseHelm): self._get_endpoints_host_fqdn_overrides( self.SERVICE_NAME), }, - 'oslo_cache': { - 'auth': { - 'memcached_secret_key': - self._get_common_password('auth_memcache_key') - } - }, 'oslo_db': { 'auth': self._get_endpoints_oslo_db_overrides( self.SERVICE_NAME, [self.SERVICE_NAME]) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/neutron.py b/sysinv/sysinv/sysinv/sysinv/helm/neutron.py index 1f3973a59f..b017aa8a58 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/neutron.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/neutron.py @@ -391,7 +391,7 @@ class NeutronHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/nova.py b/sysinv/sysinv/sysinv/sysinv/helm/nova.py index 61f03e55a0..e2edb9f1d6 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/nova.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/nova.py @@ -160,7 +160,7 @@ class NovaHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } }, diff --git a/sysinv/sysinv/sysinv/sysinv/helm/panko.py b/sysinv/sysinv/sysinv/sysinv/helm/panko.py index dbbafa54ab..9a73132478 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/panko.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/panko.py @@ -76,7 +76,7 @@ class PankoHelm(openstack.OpenstackBaseHelm): }, 'oslo_cache': { 'auth': { - 'memcached_secret_key': + 'memcache_secret_key': self._get_common_password('auth_memcache_key') } },