dcdbsync for containerized openstack services - config

This update contains changes to sysinv to deploy and config the
dcdbsync instance for containerized openstack services, including:

- Updated sysinv dcdbsync puppet plugin to retrieve information from
  helm for the dcdbsync runtime puppet to generate configuration file.
- Update sysinv conductor to provision/deprovision the openstack
  dcdbsync service.

The overall procedure is, during stx-openstack app application,
dcdbsync identities will be created in containerized keystone. After
stx-openstack is successfully applied the dcdbsync runtime puppet is
called to generate the configuration file for openstack dcdbsync
instance with some information retrieved from helm (particularly
keystone passwords). Finally sm runtime is called to bring up the
dcdbsync service into running. When stx-openstack app is removed,
openstack dcdbsync instance will be cleanup with configuration file
removed and service deprovisioned and stopped.

Change-Id: I367576eefdd3eb5e4482a95aba8ca34dd968487a
Story: 2004766
Task: 36104
Depends-On: https://review.opendev.org/#/c/682154/
Depends-On: https://review.opendev.org/#/c/682155/
Signed-off-by: Andy Ning <andy.ning@windriver.com>

sysinv/sysinv/sysinv/setup.cfg

@@ -113,6 +113,7 @@ systemconfig.helm_plugins.stx_openstack =
     026_nginx-ports-control = sysinv.helm.nginx_ports_control:NginxPortsControlHelm
     027_version_check = sysinv.helm.openstack_version_check:StxOpenstackVersionCheckHelm
     028_fm-rest-api = sysinv.helm.fm_rest_api:FmRestApiHelm
+    029_dcdbsync = sysinv.helm.dcdbsync:DcdbsyncHelm
 
 systemconfig.armada.manifest_ops =
     generic = sysinv.helm.manifest_generic:GenericArmadaManifestOperator

sysinv/sysinv/sysinv/sysinv/conductor/manager.py

@@ -6432,7 +6432,8 @@ class ConductorManager(service.PeriodicService):
 
         config_dict = {
             "personalities": personalities,
-            "classes": ['platform::sm::stx_openstack::runtime']
+            "classes": ['platform::sm::stx_openstack::runtime',
+                        'platform::dcdbsync::stx_openstack::runtime']
         }
 
         self._config_apply_runtime_manifest(context,
@@ -6450,6 +6451,7 @@ class ConductorManager(service.PeriodicService):
         config_dict = {
             "personalities": personalities,
             "classes": ['platform::nfv::runtime',
+                        'platform::dcdbsync::stx_openstack::runtime',
                         'platform::sm::stx_openstack::runtime']
         }
 

sysinv/sysinv/sysinv/sysinv/helm/common.py

@@ -57,6 +57,7 @@ HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
 HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
 HELM_CHART_SWIFT = 'ceph-rgw'
 HELM_CHART_NGINX_PORTS_CONTROL = "nginx-ports-control"
+HELM_CHART_DCDBSYNC = 'dcdbsync'
 
 HELM_CHART_ELASTICSEARCH = 'elasticsearch'
 HELM_CHART_KIBANA = 'kibana'

sysinv/sysinv/sysinv/sysinv/helm/dcdbsync.py

@@ -0,0 +1,61 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import constants
+from sysinv.common import exception
+from sysinv.helm import common
+from sysinv.helm import openstack
+
+
+class DcdbsyncHelm(openstack.OpenstackBaseHelm):
+    """Class to encapsulate helm operations for the dcdbsync chart"""
+
+    CHART = common.HELM_CHART_DCDBSYNC
+    AUTH_USERS = ['dcdbsync']
+    SERVICE_NAME = common.HELM_CHART_DCDBSYNC
+
+    def _is_enabled(self, app_name, chart_name, namespace):
+        # First, see if this chart is enabled by the user then adjust based on
+        # system conditions
+        enabled = super(DcdbsyncHelm, self)._is_enabled(
+            app_name, chart_name, namespace)
+        if enabled \
+                and (self._distributed_cloud_role() !=
+                         constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER) \
+                and (self._distributed_cloud_role() !=
+                         constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD):
+            enabled = False
+        return enabled
+
+    def execute_manifest_updates(self, operator):
+        if self._is_enabled(operator.APP,
+                            self.CHART, common.HELM_NS_OPENSTACK):
+            operator.manifest_chart_groups_insert(
+                operator.ARMADA_MANIFEST,
+                operator.CHART_GROUPS_LUT[self.CHART])
+
+    def get_overrides(self, namespace=None):
+        overrides = {
+            common.HELM_NS_OPENSTACK: {
+                'endpoints': self._get_endpoints_overrides(),
+            }
+        }
+
+        if namespace in self.SUPPORTED_NAMESPACES:
+            return overrides[namespace]
+        elif namespace:
+            raise exception.InvalidHelmNamespace(chart=self.CHART,
+                                                 namespace=namespace)
+        else:
+            return overrides
+
+    def _get_endpoints_overrides(self):
+        return {
+            'identity': {
+                'auth': self._get_endpoints_identity_overrides(
+                    self.SERVICE_NAME, self.AUTH_USERS),
+            },
+        }

sysinv/sysinv/sysinv/sysinv/helm/helm.py

@@ -735,9 +735,40 @@ class HelmOperatorData(HelmOperator):
                 keystone_operator.get_admin_user_domain(),
             'admin_project_domain':
                 keystone_operator.get_admin_project_domain(),
+            'admin_password':
+                keystone_operator.get_admin_password(),
         }
         return auth_data
 
+    @helm_context
+    def get_keystone_endpoint_data(self):
+        keystone_operator = self.chart_operators[common.HELM_CHART_KEYSTONE]
+        endpoint_data = {
+            'endpoint_override':
+                'http://keystone.openstack.svc.cluster.local:80',
+            'region_name':
+                keystone_operator.get_region_name(),
+        }
+        return endpoint_data
+
+    @helm_context
+    def get_keystone_oslo_db_data(self):
+        keystone_operator = self.chart_operators[common.HELM_CHART_KEYSTONE]
+        endpoints_overrides = keystone_operator.\
+            _get_endpoints_oslo_db_overrides(common.HELM_CHART_KEYSTONE,
+                                             ['keystone'])
+
+        password = endpoints_overrides['keystone']['password']
+        connection = "mysql+pymysql://keystone:%s@" \
+                     "mariadb.openstack.svc.cluster.local:3306/keystone"\
+                     % (password)
+
+        endpoint_data = {
+            'connection':
+                connection,
+        }
+        return endpoint_data
+
     @helm_context
     def get_nova_endpoint_data(self):
         nova_operator = self.chart_operators[common.HELM_CHART_NOVA]
@@ -822,3 +853,14 @@ class HelmOperatorData(HelmOperator):
                 ceilometer_operator.get_region_name(),
         }
         return endpoint_data
+
+    @helm_context
+    def get_dcdbsync_endpoint_data(self):
+        dcdbsync_operator = self.chart_operators[common.HELM_CHART_DCDBSYNC]
+        endpoints_overrides = dcdbsync_operator._get_endpoints_overrides()
+        endpoint_data = {
+            'keystone_password':
+                endpoints_overrides['identity']['auth']['dcdbsync']
+                ['password'],
+        }
+        return endpoint_data

sysinv/sysinv/sysinv/sysinv/helm/keystone.py

@@ -268,3 +268,12 @@ class KeystoneHelm(openstack.OpenstackBaseHelm):
             if service_config is not None:
                 return service_config.capabilities.get('admin_project_domain')
         return self.DEFAULT_DOMAIN_NAME
+
+    def get_admin_password(self):
+        o_user = self.get_admin_user_name()
+        o_service = common.SERVICE_ADMIN
+
+        return self._get_identity_password(o_service, o_user)
+
+    def get_region_name(self):
+        return self._get_service_region_name(self.SERVICE_NAME)

sysinv/sysinv/sysinv/sysinv/helm/manifest_openstack.py

@@ -16,6 +16,7 @@ from sysinv.helm.aodh import AodhHelm
 from sysinv.helm.barbican import BarbicanHelm
 from sysinv.helm.ceilometer import CeilometerHelm
 from sysinv.helm.cinder import CinderHelm
+from sysinv.helm.dcdbsync import DcdbsyncHelm
 from sysinv.helm.fm_rest_api import FmRestApiHelm
 from sysinv.helm.garbd import GarbdHelm
 from sysinv.helm.glance import GlanceHelm
@@ -67,6 +68,7 @@ class OpenstackArmadaManifestOperator(base.ArmadaManifestOperator):
     CHART_GROUP_HEAT = 'openstack-heat'
     CHART_GROUP_HORIZON = 'openstack-horizon'
     CHART_GROUP_TELEMETRY = 'openstack-telemetry'
+    CHART_GROUP_DCDBSYNC = 'openstack-dcdbsync'
 
     CHART_GROUPS_LUT = {
         AodhHelm.CHART: CHART_GROUP_TELEMETRY,
@@ -96,6 +98,7 @@ class OpenstackArmadaManifestOperator(base.ArmadaManifestOperator):
         PlacementHelm.CHART: CHART_GROUP_COMPUTE_KIT,
         RabbitmqHelm.CHART: CHART_GROUP_RABBITMQ,
         SwiftHelm.CHART: CHART_GROUP_SWIFT,
+        DcdbsyncHelm.CHART: CHART_GROUP_DCDBSYNC,
     }
 
     CHARTS_LUT = {
@@ -126,6 +129,7 @@ class OpenstackArmadaManifestOperator(base.ArmadaManifestOperator):
         PlacementHelm.CHART: 'openstack-placement',
         RabbitmqHelm.CHART: 'openstack-rabbitmq',
         SwiftHelm.CHART: 'openstack-ceph-rgw',
+        DcdbsyncHelm.CHART: 'openstack-dcdbsync',
     }
 
     def platform_mode_manifest_updates(self, dbapi, mode):

sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py

@@ -5,6 +5,8 @@
 #
 
 from sysinv.common import constants
+from sysinv.common import utils
+from sysinv.helm import helm
 from sysinv.puppet import openstack
 
 
@@ -43,7 +45,7 @@ class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
     def get_system_config(self):
         ksuser = self._get_service_user_name(self.SERVICE_NAME)
 
-        return {
+        config = {
             # The region in which the identity server can be found
             'dcdbsync::region_name': self._keystone_region_name(),
 
@@ -71,11 +73,29 @@ class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
                 self._to_create_services(),
         }
 
+        if utils.is_openstack_applied(self.dbapi):
+            helm_data = helm.HelmOperatorData(self.dbapi)
+
+            # The dcdbsync instance for openstack is authenticated with
+            # pod based keystone.
+            endpoints_data = helm_data.get_keystone_endpoint_data()
+            service_config = {
+                'dcdbsync::openstack_init::region_name':
+                    endpoints_data['region_name'],
+                'dcdbsync::openstack_api::keystone_auth_uri':
+                    endpoints_data['endpoint_override'],
+                'dcdbsync::openstack_api::keystone_identity_uri':
+                    endpoints_data['endpoint_override'],
+            }
+            config.update(service_config)
+
+        return config
+
     def get_secure_system_config(self):
         dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
         kspass = self._get_service_password(self.SERVICE_NAME)
 
-        return {
+        config = {
             'dcdbsync::database_connection':
                 self._format_database_connection(
                     self.IDENTITY_SERVICE_NAME,
@@ -85,6 +105,24 @@ class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
             'dcdbsync::api::keystone_password': kspass,
         }
 
+        if utils.is_openstack_applied(self.dbapi):
+            helm_data = helm.HelmOperatorData(self.dbapi)
+
+            # The dcdbsync instance for openstack is authenticated with
+            # pod based keystone.
+            endpoints_data = helm_data.get_dcdbsync_endpoint_data()
+            db_data = helm_data.get_keystone_oslo_db_data()
+
+            service_auth_config = {
+                'dcdbsync::openstack_api::keystone_password':
+                    endpoints_data['keystone_password'],
+                'dcdbsync::openstack_init::database_connection':
+                    db_data['connection'],
+            }
+            config.update(service_auth_config)
+
+        return config
+
     def get_public_url(self):
         return self._format_public_endpoint(self.SERVICE_PORT,
                                             path=self.SERVICE_PATH)