dcdbsync for containerized openstack services - helm

This update contains changes to deploy and config the dcdbsync instance for containerized openstack services, including: - Added helm charts to create dcdbsync identities in containerized keystone, including user, endpoint, project-role assignment etc. The overall procedure is, during stx-openstack app application, dcdbsync identities will be created in containerized keystone. After stx-openstack is successfully applied the dcdbsync runtime puppet is called to generate the configuration file for openstack dcdbsync instance with some information retrieved from helm (particularly keystone passwords). Finally sm runtime is called to bring up the dcdbsync service into running. When stx-openstack app is removed, openstack dcdbsync instance will be cleanup with configuration file removed and service deprovisioned and stopped. Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1 Story: 2004766 Task: 36104 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2019-07-16 13:57:52 -04:00 · 2019-07-16 13:57:52 -04:00 · 7fa666f631
parent 1af002e22e
commit 7fa666f631
9 changed files with 380 additions and 0 deletions
--- a/stx-openstack-helm/centos/stx-openstack-helm.spec
+++ b/stx-openstack-helm/centos/stx-openstack-helm.spec
@ -63,6 +63,7 @@ make garbd
 make keystone-api-proxy
 make fm-rest-api
 make nginx-ports-control
+make dcdbsync
 cd -

 # terminate helm server (the last backgrounded task)
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: StarlingX-Helm dcdbsync
+name: dcdbsync
+version: 0.1.0
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml
@ -0,0 +1,10 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl
@ -0,0 +1,75 @@
+#!/bin/bash
+
+{{/*
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+set -ex
+
+# Create user
+USER_ID=$( openstack user list -f value \
+    --domain ${SERVICE_OS_USER_DOMAIN_NAME} \
+    | grep ${SERVICE_OS_USERNAME} | awk '{print $1}' )
+
+if [ "x${USER_ID}" = "x" ]; then
+    USER_ID=$( openstack user create -f value -c id \
+        --domain ${SERVICE_OS_USER_DOMAIN_NAME} \
+        --password ${SERVICE_OS_PASSWORD} \
+        ${SERVICE_OS_USERNAME} )
+fi
+
+openstack user show ${USER_ID}
+
+# Create project role assignment
+ROLE_ID=$( openstack role assignment list -f value --name \
+    --user ${SERVICE_OS_USERNAME} \
+    --user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
+    --project ${SERVICE_OS_PROJECT_NAME} \
+    --project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
+    | awk '{print $1}' )
+
+if [ "${ROLE_ID}" != "admin" ]; then
+    openstack role add \
+        --project ${SERVICE_OS_PROJECT_NAME} \
+        --project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
+        --user ${SERVICE_OS_USERNAME} \
+        --user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
+        ${SERVICE_OS_ROLE}
+fi
+
+openstack role assignment list --name
+
+# Create service
+SERVICE_ID=$( openstack service list -f value \
+    | grep ${OS_SERVICE_NAME} | awk '{print $1}' )
+
+if [ "x${SERVICE_ID=}" = "x" ]; then
+    SERVICE_ID=$( openstack service create -f value -c id \
+        --name ${OS_SERVICE_NAME} \
+        --description "${OS_SERVICE_DESCRIPION}" \
+        ${OS_SERVICE_TYPE} )
+fi
+
+openstack service show ${SERVICE_ID}
+
+# Create endpoint (internal only)
+ENDPOINT_ID=$( openstack endpoint list -f value \
+    --region ${SERVICE_OS_REGION_NAME} \
+    --interface ${INTERFACE_NAME} \
+    --service ${OS_SERVICE_NAME} \
+    | awk '{print $1}')
+
+if [ "x${ENDPOINT_ID}" = "x" ]; then
+    ENDPOINT_ID=$( openstack endpoint create -f value -c id \
+        --region ${SERVICE_OS_REGION_NAME} \
+        ${OS_SERVICE_NAME} \
+        ${OS_SERVICE_ENDPOINT_INTERFACE} \
+        ${OS_SERVICE_ENDPOINT_URL} )
+fi
+
+openstack endpoint show ${ENDPOINT_ID}
+
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml
@ -0,0 +1,19 @@
+{{/*
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dcdbsync-config-bin
+data:
+  dc-dcdbsync-config.sh: |
+{{ tuple "bin/_dc-dcdbsync-config.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml
@ -0,0 +1,72 @@
+{{/*
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+*/}}
+{{- if .Values.manifests.job_ks_dcdbsync }}
+{{- $envAll := . }}
+{{- $serviceName := "dcdbsync" }}
+{{- $configMapBin := "dcdbsync-config-bin" }}
+
+{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-config" }}
+{{ tuple $envAll "ks_endpoints" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+
+{{- $serviceUser := $serviceName }}
+{{- $osServiceName := "dcdbsync" }}
+{{- $osServiceType := "dcorch-dbsync" }}
+{{- $osServiceDescription := "DCOrch DBsync service" }}
+{{- $osServiceEndpointInterface := "internal" }}
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ printf "%s-%s" $serviceName "ks-config" | quote }}
+
+spec:
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll $serviceName "ks-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+    spec:
+      serviceAccountName: {{ $serviceAccountName }}
+      restartPolicy: OnFailure
+      containers:
+        - name: {{ printf "%s-%s" "dcdbsync" "ks-config" | quote }}
+          image: {{ $envAll.Values.images.tags.dcdbsync }}
+          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+          command:
+            - "/tmp/dc-dcdbsync-config.sh"
+          volumeMounts:
+            - name: dc-dcdbsync-config-sh
+              mountPath: /tmp/dc-dcdbsync-config.sh
+              subPath: dc-dcdbsync-config.sh
+              readOnly: true
+          env:
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
+{{- end }}
+{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
+{{- end }}
+            - name: SERVICE_OS_ROLE
+              value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }}
+            - name: OS_SERVICE_NAME
+              value: {{ $osServiceName | quote }}
+            - name: OS_SERVICE_TYPE
+              value: {{ $osServiceType | quote }}
+            - name: OS_SERVICE_DESCRIPTION
+              value: {{ $osServiceDescription | quote }}
+            - name: OS_SERVICE_ENDPOINT_INTERFACE
+              value: {{ $osServiceEndpointInterface | quote }}
+            - name: OS_SERVICE_ENDPOINT_URL
+              value: {{ tuple $osServiceType $osServiceEndpointInterface "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
+      volumes:
+        - name: dc-dcdbsync-config-sh
+          configMap:
+            name: {{ $configMapBin | quote }}
+            defaultMode: 0555
+{{- end }}
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml
@ -0,0 +1,23 @@
+{{/*
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+*/}}
+
+{{- if .Values.manifests.secret_keystone }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "dcdbsync" }}
+{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- end }}
+{{- end }}
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml
@ -0,0 +1,125 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for dcdbsync.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+labels:
+  dcdbsync:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+  job:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+
+images:
+  tags:
+    ks_endpoints: docker.io/starlingx/stx-keystone:master-centos-stable-latest
+    dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
+    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+  pullPolicy: IfNotPresent
+  local_registry:
+    active: false
+    exclude:
+      - dep_check
+      - image_repo_sync
+
+dependencies:
+  dynamic:
+    common:
+      local_image_registry:
+        jobs:
+          - image-repo-sync
+        services:
+          - endpoint: node
+            service: local_image_registry
+  static:
+    ks_endpoints:
+      services:
+        - endpoint: internal
+          service: identity
+
+endpoints:
+  cluster_domain_suffix: cluster.local
+  local_image_registry:
+    name: docker-registry
+    namespace: docker-registry
+    hosts:
+      default: localhost
+      internal: docker-registry
+      node: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        node: 5000
+  identity:
+    name: keystone
+    auth:
+      admin:
+        region_name: RegionOne
+        username: admin
+        password: password
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      dcdbsync:
+        role: admin
+        region_name: RegionOne
+        username: dcdbsync
+        password: password
+        project_name: service
+        user_domain_name: service
+        project_domain_name: service
+    hosts:
+      default: keystone
+      internal: keystone-api
+    host_fqdn_override:
+      default: null
+    path:
+      default: /v3
+    scheme:
+      default: http
+    port:
+      api:
+        default: 80
+        internal: 5000
+  dcorch_dbsync:
+    name: dcdbsync
+    hosts:
+      default: dcdbsync-api
+      public: dcdbsync
+    host_fqdn_override:
+      default: null
+    path:
+      default: /v1.0
+    scheme:
+      default: 'http'
+    port:
+      api:
+        default: 8220
+        public: 80
+
+secrets:
+  identity:
+    admin: keystone-keystone-admin
+    dcdbsync: dcdbsync-keystone-user
+
+manifests:
+  secret_keystone: true
+  configmap_bin: true
+  job_ks_dcdbsync: true
+
+resources: {}
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
@ -3283,6 +3283,46 @@ data:
  dependencies:
    - helm-toolkit
 ---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: openstack-dcdbsync
+data:
+  chart_name: dcdbsync
+  release: openstack-dcdbsync
+  namespace: openstack
+  wait:
+    timeout: 1800
+    labels:
+      release_group: osh-openstack-dcdbsync
+  test:
+    enabled: false
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: job
+          labels:
+            release_group: osh-openstack-dcdbsync
+        - type: pod
+          labels:
+            release_group: osh-openstack-dcdbsync
+            component: test
+  values:
+    images:
+      tags:
+        dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
+        ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
+  source:
+    type: tar
+    location: http://172.17.0.1/helm_charts/dcdbsync-0.1.0.tgz
+    subpath: dcdbsync
+    reference: master
+  dependencies:
+    - helm-toolkit
+---
 schema: armada/ChartGroup/v1
 metadata:
  schema: metadata/Document/v1
@ -3452,6 +3492,16 @@ data:
    - openstack-panko
    - openstack-ceilometer
 ---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: openstack-dcdbsync
+data:
+  description: "Deploy dcorch dbsync"
+  sequenced: true
+  chart_group:
+    - openstack-dcdbsync
+---
 schema: armada/Manifest/v1
 metadata:
  schema: metadata/Document/v1