From 7fa666f6312da7f9a955771307aa9be3c94416bc Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Tue, 16 Jul 2019 13:57:52 -0400 Subject: [PATCH] dcdbsync for containerized openstack services - helm This update contains changes to deploy and config the dcdbsync instance for containerized openstack services, including: - Added helm charts to create dcdbsync identities in containerized keystone, including user, endpoint, project-role assignment etc. The overall procedure is, during stx-openstack app application, dcdbsync identities will be created in containerized keystone. After stx-openstack is successfully applied the dcdbsync runtime puppet is called to generate the configuration file for openstack dcdbsync instance with some information retrieved from helm (particularly keystone passwords). Finally sm runtime is called to bring up the dcdbsync service into running. When stx-openstack app is removed, openstack dcdbsync instance will be cleanup with configuration file removed and service deprovisioned and stopped. Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1 Story: 2004766 Task: 36104 Signed-off-by: Andy Ning --- .../centos/stx-openstack-helm.spec | 1 + .../helm-charts/dcdbsync/Chart.yaml | 5 + .../helm-charts/dcdbsync/requirements.yaml | 10 ++ .../templates/bin/_dc-dcdbsync-config.sh.tpl | 75 +++++++++++ .../dcdbsync/templates/configmap-bin.yaml | 19 +++ .../templates/job-ks-dcdbsync-config.yaml | 72 ++++++++++ .../dcdbsync/templates/secret-keystone.yaml | 23 ++++ .../helm-charts/dcdbsync/values.yaml | 125 ++++++++++++++++++ .../manifests/manifest.yaml | 50 +++++++ 9 files changed, 380 insertions(+) create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml create mode 100755 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml create mode 100755 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml diff --git a/stx-openstack-helm/centos/stx-openstack-helm.spec b/stx-openstack-helm/centos/stx-openstack-helm.spec index 062917b4..6a3d7f35 100644 --- a/stx-openstack-helm/centos/stx-openstack-helm.spec +++ b/stx-openstack-helm/centos/stx-openstack-helm.spec @@ -63,6 +63,7 @@ make garbd make keystone-api-proxy make fm-rest-api make nginx-ports-control +make dcdbsync cd - # terminate helm server (the last backgrounded task) diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml new file mode 100644 index 00000000..88f510bd --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: StarlingX-Helm dcdbsync +name: dcdbsync +version: 0.1.0 diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml new file mode 100644 index 00000000..bab4972f --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml @@ -0,0 +1,10 @@ +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl new file mode 100755 index 00000000..6d335266 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/bin/_dc-dcdbsync-config.sh.tpl @@ -0,0 +1,75 @@ +#!/bin/bash + +{{/* +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +set -ex + +# Create user +USER_ID=$( openstack user list -f value \ + --domain ${SERVICE_OS_USER_DOMAIN_NAME} \ + | grep ${SERVICE_OS_USERNAME} | awk '{print $1}' ) + +if [ "x${USER_ID}" = "x" ]; then + USER_ID=$( openstack user create -f value -c id \ + --domain ${SERVICE_OS_USER_DOMAIN_NAME} \ + --password ${SERVICE_OS_PASSWORD} \ + ${SERVICE_OS_USERNAME} ) +fi + +openstack user show ${USER_ID} + +# Create project role assignment +ROLE_ID=$( openstack role assignment list -f value --name \ + --user ${SERVICE_OS_USERNAME} \ + --user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \ + --project ${SERVICE_OS_PROJECT_NAME} \ + --project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \ + | awk '{print $1}' ) + +if [ "${ROLE_ID}" != "admin" ]; then + openstack role add \ + --project ${SERVICE_OS_PROJECT_NAME} \ + --project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \ + --user ${SERVICE_OS_USERNAME} \ + --user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \ + ${SERVICE_OS_ROLE} +fi + +openstack role assignment list --name + +# Create service +SERVICE_ID=$( openstack service list -f value \ + | grep ${OS_SERVICE_NAME} | awk '{print $1}' ) + +if [ "x${SERVICE_ID=}" = "x" ]; then + SERVICE_ID=$( openstack service create -f value -c id \ + --name ${OS_SERVICE_NAME} \ + --description "${OS_SERVICE_DESCRIPION}" \ + ${OS_SERVICE_TYPE} ) +fi + +openstack service show ${SERVICE_ID} + +# Create endpoint (internal only) +ENDPOINT_ID=$( openstack endpoint list -f value \ + --region ${SERVICE_OS_REGION_NAME} \ + --interface ${INTERFACE_NAME} \ + --service ${OS_SERVICE_NAME} \ + | awk '{print $1}') + +if [ "x${ENDPOINT_ID}" = "x" ]; then + ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region ${SERVICE_OS_REGION_NAME} \ + ${OS_SERVICE_NAME} \ + ${OS_SERVICE_ENDPOINT_INTERFACE} \ + ${OS_SERVICE_ENDPOINT_URL} ) +fi + +openstack endpoint show ${ENDPOINT_ID} + diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml new file mode 100644 index 00000000..d8ad2734 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml @@ -0,0 +1,19 @@ +{{/* +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: dcdbsync-config-bin +data: + dc-dcdbsync-config.sh: | +{{ tuple "bin/_dc-dcdbsync-config.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml new file mode 100644 index 00000000..e8813dbe --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/job-ks-dcdbsync-config.yaml @@ -0,0 +1,72 @@ +{{/* +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +*/}} +{{- if .Values.manifests.job_ks_dcdbsync }} +{{- $envAll := . }} +{{- $serviceName := "dcdbsync" }} +{{- $configMapBin := "dcdbsync-config-bin" }} + +{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-config" }} +{{ tuple $envAll "ks_endpoints" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $serviceUser := $serviceName }} +{{- $osServiceName := "dcdbsync" }} +{{- $osServiceType := "dcorch-dbsync" }} +{{- $osServiceDescription := "DCOrch DBsync service" }} +{{- $osServiceEndpointInterface := "internal" }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceName "ks-config" | quote }} + +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + containers: + - name: {{ printf "%s-%s" "dcdbsync" "ks-config" | quote }} + image: {{ $envAll.Values.images.tags.dcdbsync }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - "/tmp/dc-dcdbsync-config.sh" + volumeMounts: + - name: dc-dcdbsync-config-sh + mountPath: /tmp/dc-dcdbsync-config.sh + subPath: dc-dcdbsync-config.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} +{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }} + - name: OS_SERVICE_NAME + value: {{ $osServiceName | quote }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType | quote }} + - name: OS_SERVICE_DESCRIPTION + value: {{ $osServiceDescription | quote }} + - name: OS_SERVICE_ENDPOINT_INTERFACE + value: {{ $osServiceEndpointInterface | quote }} + - name: OS_SERVICE_ENDPOINT_URL + value: {{ tuple $osServiceType $osServiceEndpointInterface "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }} + volumes: + - name: dc-dcdbsync-config-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml new file mode 100755 index 00000000..39930a43 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml @@ -0,0 +1,23 @@ +{{/* +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "dcdbsync" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml new file mode 100644 index 00000000..48cadd91 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/values.yaml @@ -0,0 +1,125 @@ +# +# Copyright (c) 2019 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for dcdbsync. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +labels: + dcdbsync: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + ks_endpoints: docker.io/starlingx/stx-keystone:master-centos-stable-latest + dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + pullPolicy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + ks_endpoints: + services: + - endpoint: internal + service: identity + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + dcdbsync: + role: admin + region_name: RegionOne + username: dcdbsync + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + dcorch_dbsync: + name: dcdbsync + hosts: + default: dcdbsync-api + public: dcdbsync + host_fqdn_override: + default: null + path: + default: /v1.0 + scheme: + default: 'http' + port: + api: + default: 8220 + public: 80 + +secrets: + identity: + admin: keystone-keystone-admin + dcdbsync: dcdbsync-keystone-user + +manifests: + secret_keystone: true + configmap_bin: true + job_ks_dcdbsync: true + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index 3b988b02..4156071b 100644 --- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -3283,6 +3283,46 @@ data: dependencies: - helm-toolkit --- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-dcdbsync +data: + chart_name: dcdbsync + release: openstack-dcdbsync + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-dcdbsync + test: + enabled: false + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + release_group: osh-openstack-dcdbsync + - type: pod + labels: + release_group: osh-openstack-dcdbsync + component: test + values: + images: + tags: + dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest + ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest + source: + type: tar + location: http://172.17.0.1/helm_charts/dcdbsync-0.1.0.tgz + subpath: dcdbsync + reference: master + dependencies: + - helm-toolkit +--- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 @@ -3452,6 +3492,16 @@ data: - openstack-panko - openstack-ceilometer --- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-dcdbsync +data: + description: "Deploy dcorch dbsync" + sequenced: true + chart_group: + - openstack-dcdbsync +--- schema: armada/Manifest/v1 metadata: schema: metadata/Document/v1