starlingx/config
Code Issues Proposed changes

Merge "Add keystone-api-proxy helm charts and overrides"

Browse Source
This commit is contained in:
Zuul
2019-04-30 16:36:22 +00:00
committed by Gerrit Code Review
parent 760e15090a 97228934e1
commit d6f638cf5c
24 changed files with 851 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kubernetes/applications/stx-openstack/stx-openstack-helm/centos/stx-openstack-helm.spec
View File

@@ -60,6 +60,7 @@ make nova-api-proxy
make rbd-provisioner
make garbd
make ceph-pools-audit
make keystone-api-proxy
# terminate helm server (the last backgrounded task)
kill %1

5
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/Chart.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: StarlingX-Helm keystone-api-proxy
name: keystone-api-proxy
version: 0.1.0

10
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/requirements.yaml Normal file
View File

@@ -0,0 +1,10 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

35
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/bin/_endpoint-update.sh.tpl Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
# Get service id
OS_SERVICE_ID=$( openstack service list -c Type -c ID -f value | \
grep ${OS_SERVICE_TYPE} | cut -f1 -d" " )
# Check if endpoint exists
OS_ENDPOINT_ID=$( openstack endpoint list --service ${OS_SERVICE_TYPE} \
--region ${OS_SERVICE_REGION} \
--interface ${OS_SVC_ENDPOINT} -c ID -f value )
# Delete the old endpoint
if [[ -v $OS_ENDPOINT_ID ]]; then
openstack endpoint delete ${OS_ENDPOINT_ID}
fi
# Create the new endpoint
OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \
--region=${OS_SERVICE_REGION} \
"${OS_SERVICE_ID}" \
${OS_SVC_ENDPOINT} \
"${OS_SERVICE_ENDPOINT}" )
# Display the Endpoint
openstack endpoint show ${OS_ENDPOINT_ID}

13
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/bin/_keystone-api-proxy.sh.tpl Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type identity

21
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/configmap-bin.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: keystone-api-proxy-bin
data:
keystone-api-proxy.sh: |
{{ tuple "bin/_keystone-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
endpoint-update.sh: |
{{ tuple "bin/_endpoint-update.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

28
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/configmap-etc.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "keystone_proxy.configmap.etc" }}
{{- $envAll := index . 1 }}
{{- with $envAll }}
apiVersion: v1
kind: ConfigMap
metadata:
name: keystone-api-proxy-etc
data:
dcorch.conf: |
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.keystone_api_proxy | indent 4 }}
api-paste.ini : |
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | indent 4 }}
logging.conf: |
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
{{- list "keystone-proxy-etc" . | include "keystone_proxy.configmap.etc" }}
{{- end }}

88
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,88 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_api_proxy }}
{{- $envAll := . }}
{{- $mounts_keystone_api_proxy := .Values.pod.mounts.keystone_api_proxy.keystone_api_proxy }}
{{- $mounts_keystone_api_proxy_init := .Values.pod.mounts.keystone_api_proxy.init_container }}
{{- $serviceAccountName := "keystone-api-proxy" }}
{{ tuple $envAll "keystone-api-proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keystone-api-proxy
labels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.proxy }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.keystone_api_proxy.node_selector_key }}: {{ .Values.labels.keystone_api_proxy.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.keystone_api_proxy.timeout | default "30" }}
initContainers:
{{ tuple $envAll "api" $mounts_keystone_api_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: keystone-api-proxy
{{ tuple $envAll "keystone_api_proxy" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.keystone_api_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.keystone_api_proxy.uid }}
command:
- /tmp/keystone-api-proxy.sh
ports:
- name: ks-proxy
containerPort: {{ tuple "keystone_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
tcpSocket:
port: {{ tuple "keystone_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
- name: keystone-api-proxy-bin
mountPath: /tmp/keystone-api-proxy.sh
subPath: keystone-api-proxy.sh
readOnly: true
- name: keystone-api-proxy-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: keystone-api-proxy-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
- name: keystone-api-proxy-etc
mountPath: /etc/dcorch/api-paste.ini
subPath: api-paste.ini
readOnly: true
{{ if $mounts_keystone_api_proxy.volumeMounts }}{{ toYaml $mounts_keystone_api_proxy.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: keystone-api-proxy-bin
configMap:
name: keystone-api-proxy-bin
defaultMode: 0777
- name: keystone-api-proxy-etc
configMap:
name: keystone-api-proxy-etc
defaultMode: 0777
{{ if $mounts_keystone_api_proxy.volumes}}{{ toYaml $mounts_keystone_api_proxy.volumes | indent 8 }}{{ end }}
{{- end }}

13
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/image_repo_sync.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "keystone-api-proxy" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

12
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if and .Values.manifests.ingress_api .Values.network.keystone_api_proxy.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "keystone_api_proxy" "backendServiceType" "keystone_api_proxy" "backendPort" "ks-api-proxy" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

75
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/job-ks-endpoints.yaml Normal file
View File

@@ -0,0 +1,75 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $serviceName := "keystone-api-proxy" }}
{{- $serviceRegion := $envAll.Values.endpoints.keystone_api_proxy.region_name }}
{{- $nodeSelector := dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value -}}
{{- $configMapBin := printf "%s-%s" $serviceName "bin" }}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-endpoints" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:
{{ tuple $envAll "ks_endpoints" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "identity" }}
{{- range $key2, $osRealServiceType := tuple "keystone_api_proxy" }}
{{- range $key3, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" "keystone-proxy" "ks-endpoints" $osServiceEndPoint | quote }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{- $osServiceRegion := $serviceRegion }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/endpoint-update.sh
volumeMounts:
- name: endpoint-update-sh
mountPath: /tmp/endpoint-update.sh
subPath: endpoint-update.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint | quote }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osRealServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: OS_SERVICE_REGION
value: {{ $osServiceRegion | quote }}
{{- end }}
{{- end }}
volumes:
- name: endpoint-update-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end }}
{{- end }}

11
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/secret-ingress-tls.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{/*
#
#Copyright (c) 2019 Wind River Systems, Inc.
#
#SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{ include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "keystone_api_proxy" ) }}
{{- end }}

22
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

12
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/service-ingress.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if and .Values.manifests.service_ingress_api .Values.network.keystone_api_proxy.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "keystone_api_proxy" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

31
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/templates/service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.service_api }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "keystone-api-proxy" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: ks-api-proxy
port: {{ tuple "keystone-api-proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.keystone_api_proxy.node_port.enabled }}
nodePort: {{ .Values.network.keystone_api_proxy.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.keystone_api_proxy.node_port.enabled }}
type: NodePort
{{ if .Values.network.keystone_api_proxy.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}

274
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/keystone-api-proxy/values.yaml Normal file
View File

@@ -0,0 +1,274 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for keystone-api-proxy.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
labels:
keystone_api_proxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
ks_endpoints: docker.io/openstackhelm/heat:pike
keystone_api_proxy: docker.io/starlingx/stx-keystone-api-proxy:master-centos-stable-latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
pullPolicy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
network:
keystone_api_proxy:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 25000
conf:
keystone_api_proxy:
DEFAULT:
log_config_append: /etc/dcorch/logging.conf
api_paste_config: api-paste.ini
debug: False
use_syslog: False
transport_url: rabbit://guest:guess@127.0.0.1:5672
database:
connection: postgresql+psycopg2://admin-dcorch:admin-dcorch@127.0.0.1/dcorch
identity:
bind_host: 0.0.0.0
bind_port: 25000
remote_host: keystone-api.openstack.svc.cluster.local
remote_port: 5000
paste:
pipeline:dcorch-api-proxy:
pipeline: filter acceptor proxyapp
filter:filter:
paste.filter_factory: dcorch.api.proxy.apps.filter:ApiFiller.factory
filter:acceptor:
paste.filter_factory: dcorch.api.proxy.apps.acceptor:Acceptor.factory
app:proxyapp:
paste.app_factory: dcorch.api.proxy.apps.proxy:Proxy.factory
logging:
loggers:
keys:
- root
- dcorch
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: null
logger_dcorch:
level: INFO
handlers:
- stdout
qualname: dcorch
logger_amqp:
level: INFO
handlers: stdout
qualname: amqp
logger_amqplib:
level: INFO
handlers: stdout
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ks_endpoints:
services:
- endpoint: internal
service: identity
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
keystone_api_proxy:
name: keystone-proxy
region_name: SystemController
hosts:
default: keystone-api-proxy
public: keystone-proxy
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: 'http'
port:
api:
default: 25000
public: 80
pod:
user:
keystone_api_proxy:
uid: 0
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
keystone_api_proxy:
init_container: null
keystone_api_proxy:
replicas:
proxy: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
keystone_api_proxy:
min_available: 0
termination_grace_period:
keystone_api_proxy:
timeout: 60
resources:
enabled: false
keystone_api_proxy:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
identity:
admin: dcorch-keystone-admin
tls:
keystone_api_proxy:
keystone_api_proxy:
public: keystone-api-proxy-tls-public
manifests:
configmap_bin: true
configmap_etc: true
deployment_api_proxy: true
ingress_api: true
secret_keystone: true
service_api: true
service_ingress_api: true
job_ks_endpoints: true
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}

50
kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
View File

@@ -426,6 +426,46 @@ data:
- helm-toolkit
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-keystone-api-proxy
data:
chart_name: keystone-api-proxy
release: openstack-keystone-api-proxy
namespace: openstack
wait:
timeout: 1800
labels:
release_group: osh-openstack-keystone-api-proxy
test:
enabled: false
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: osh-openstack-keystone-api-proxy
- type: pod
labels:
release_group: osh-openstack-keystone-api-proxy
component: test
values:
images:
tags:
keystone_api_proxy: docker.io/starlingx/stx-keystone-api-proxy:master-centos-stable-latest
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
source:
type: tar
location: http://172.17.0.1/helm_charts/keystone-api-proxy-0.1.0.tgz
subpath: keystone-api-proxy
reference: master
dependencies:
- helm-toolkit
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-barbican
@@ -3007,6 +3047,16 @@ data:
- openstack-keystone
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-keystone-api-proxy
data:
description: "Deploy keystone api proxy"
sequenced: true
chart_group:
- openstack-keystone-api-proxy
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-barbican

1
sysinv/sysinv/sysinv/setup.cfg
View File

@@ -100,6 +100,7 @@ systemconfig.helm_plugins.stx_openstack =
021_aodh = sysinv.helm.aodh:AodhHelm
022_helm-toolkit = sysinv.helm.helm_toolkit:HelmToolkitHelm
023_barbican = sysinv.helm.barbican:BarbicanHelm
024_keystone-api-proxy = sysinv.helm.keystone_api_proxy:KeystoneApiProxyHelm
sysinv.agent.lldp.drivers =
lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver

2
sysinv/sysinv/sysinv/sysinv/common/constants.py
View File

@@ -1460,7 +1460,7 @@ HELM_CHART_RABBITMQ = 'rabbitmq'
HELM_CHART_RBD_PROVISIONER = 'rbd-provisioner'
HELM_CHART_CEPH_POOLS_AUDIT = 'ceph-pools-audit'
HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
# Helm: Supported application (aka chart bundles)
HELM_APP_OPENSTACK = 'stx-openstack'

3
sysinv/sysinv/sysinv/sysinv/helm/base.py
View File

@@ -28,6 +28,9 @@ class BaseHelm(object):
DEFAULT_REGION_NAME = 'RegionOne'
CEPH_MON_SERVICE_PORT = 6789
SUPPORTED_NAMESPACES = []
SYSTEM_CONTROLLER_SERVICES = [
constants.HELM_CHART_KEYSTONE_API_PROXY,
]
def __init__(self, operator):
self._operator = operator

5
sysinv/sysinv/sysinv/sysinv/helm/garbd.py
View File

@@ -30,8 +30,11 @@ class GarbdHelm(base.BaseHelm):
def _meta_overrides():
if (self._num_controllers() < 2 or
utils.is_aio_duplex_system(self.dbapi)):
utils.is_aio_duplex_system(self.dbapi) or
(self._distributed_cloud_role() ==
constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER)):
# If there are fewer than 2 controllers or we're on AIO-DX
# or we are on distributed cloud system controller
# we'll use a single mariadb server and so we don't want to
# run garbd. This will remove "openstack-garbd" from the
# charts in the openstack-mariadb chartgroup.

135
sysinv/sysinv/sysinv/sysinv/helm/keystone_api_proxy.py Normal file
View File

@@ -0,0 +1,135 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import constants
from sysinv.common import exception
from sysinv.openstack.common import log as logging
from sysinv.helm import common
from sysinv.helm import openstack
LOG = logging.getLogger(__name__)
class KeystoneApiProxyHelm(openstack.OpenstackBaseHelm):
"""Class to encapsulate helm operations for the keystone api proxy chart"""
CHART = constants.HELM_CHART_KEYSTONE_API_PROXY
SERVICE_NAME = constants.HELM_CHART_KEYSTONE_API_PROXY
DCORCH_SERVICE_NAME = 'dcorch'
def get_meta_overrides(self, namespace):
def _meta_overrides():
if (self._distributed_cloud_role() ==
constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER):
# If we are on distributed cloud system controller,
# it will only include the required chart groups
# in the armada manifest
return {
'schema': 'armada/Manifest/v1',
'metadata': {
'schema': 'metadata/Document/v1',
'name': 'armada-manifest'
},
'data': {
'release_prefix': 'osh',
'chart_groups': [
'kube-system-ingress',
'openstack-ingress',
'provisioner',
'openstack-mariadb',
'openstack-memcached',
'openstack-rabbitmq',
'openstack-keystone',
'openstack-barbican',
'openstack-glance',
'openstack-horizon',
'openstack-cinder',
'openstack-keystone-api-proxy',
]
}
}
else:
return {}
overrides = {
common.HELM_NS_OPENSTACK: _meta_overrides()
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides
def get_overrides(self, namespace=None):
overrides = {
common.HELM_NS_OPENSTACK: {
'pod': {
'user': {
'keystone_api_proxy': {
'uid': 0
}
}
},
'conf': {
'keystone_api_proxy': {
'DEFAULT': {
'transport_url': self._get_transport_url()
},
'database': {
'connection': self._get_database_connection()
},
'identity': {
'remote_host': self._get_keystone_endpoint(),
}
}
},
'endpoints': self._get_endpoints_overrides(),
}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides
def _get_endpoints_overrides(self):
return {
'identity': {
'auth': self._get_endpoints_identity_overrides(
self.SERVICE_NAME, [])
},
'keystone_api_proxy': {
'host_fqdn_override':
self._get_endpoints_host_fqdn_overrides(
constants.HELM_CHART_KEYSTONE_API_PROXY),
'port': self._get_endpoints_port_api_public_overrides(),
'scheme': self._get_endpoints_scheme_public_overrides(),
}
}
def _get_transport_url(self):
host_url = self._get_management_address()
auth_password = self._get_keyring_password('amqp', 'rabbit')
transport_url = "rabbit://guest:%s@%s:5672" % (auth_password, host_url)
return transport_url
def _get_database_connection(self):
host_url = self._get_management_address()
auth_password = self._get_keyring_password(
self.DCORCH_SERVICE_NAME, 'database')
connection = "postgresql+psycopg2://admin-dcorch:%s@%s/dcorch" %\
(auth_password, host_url)
return connection
def _get_keystone_endpoint(self):
return 'keystone-api.openstack.svc.cluster.local'

4
sysinv/sysinv/sysinv/sysinv/puppet/base.py
View File

@@ -29,10 +29,6 @@ class BasePuppet(object):
SYSTEM_CONTROLLER_SERVICES = [
'keystone',
'glance',
'nova',
'neutron',
'cinder',
'dcorch'
]

9
sysinv/sysinv/sysinv/sysinv/puppet/platform.py
View File

@@ -1,9 +1,11 @@
#
# Copyright (c) 2017 Wind River Systems, Inc.
# Copyright (c) 2017-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import keyring
from sysinv.common import constants
from sysinv.common import exception
from sysinv.common import utils
@@ -74,9 +76,10 @@ class PlatformPuppet(base.BasePuppet):
}
def _get_secure_amqp_config(self):
password = self._generate_random_password()
keyring.set_password('amqp', 'rabbit', password)
return {
'platform::amqp::params::auth_password':
self._generate_random_password(),
'platform::amqp::params::auth_password': password,
}
def _get_system_config(self):