dcdbsync for containerized openstack services - helm
This update contains changes to deploy and config the dcdbsync instance for containerized openstack services, including: - Added helm charts to create dcdbsync identities in containerized keystone, including user, endpoint, project-role assignment etc. The overall procedure is, during stx-openstack app application, dcdbsync identities will be created in containerized keystone. After stx-openstack is successfully applied the dcdbsync runtime puppet is called to generate the configuration file for openstack dcdbsync instance with some information retrieved from helm (particularly keystone passwords). Finally sm runtime is called to bring up the dcdbsync service into running. When stx-openstack app is removed, openstack dcdbsync instance will be cleanup with configuration file removed and service deprovisioned and stopped. Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1 Story: 2004766 Task: 36104 Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
parent
1af002e22e
commit
7fa666f631
@ -63,6 +63,7 @@ make garbd
|
|||||||
make keystone-api-proxy
|
make keystone-api-proxy
|
||||||
make fm-rest-api
|
make fm-rest-api
|
||||||
make nginx-ports-control
|
make nginx-ports-control
|
||||||
|
make dcdbsync
|
||||||
cd -
|
cd -
|
||||||
|
|
||||||
# terminate helm server (the last backgrounded task)
|
# terminate helm server (the last backgrounded task)
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
appVersion: "1.0"
|
||||||
|
description: StarlingX-Helm dcdbsync
|
||||||
|
name: dcdbsync
|
||||||
|
version: 0.1.0
|
@ -0,0 +1,10 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- name: helm-toolkit
|
||||||
|
repository: http://localhost:8879/charts
|
||||||
|
version: 0.1.0
|
@ -0,0 +1,75 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Create user
|
||||||
|
USER_ID=$( openstack user list -f value \
|
||||||
|
--domain ${SERVICE_OS_USER_DOMAIN_NAME} \
|
||||||
|
| grep ${SERVICE_OS_USERNAME} | awk '{print $1}' )
|
||||||
|
|
||||||
|
if [ "x${USER_ID}" = "x" ]; then
|
||||||
|
USER_ID=$( openstack user create -f value -c id \
|
||||||
|
--domain ${SERVICE_OS_USER_DOMAIN_NAME} \
|
||||||
|
--password ${SERVICE_OS_PASSWORD} \
|
||||||
|
${SERVICE_OS_USERNAME} )
|
||||||
|
fi
|
||||||
|
|
||||||
|
openstack user show ${USER_ID}
|
||||||
|
|
||||||
|
# Create project role assignment
|
||||||
|
ROLE_ID=$( openstack role assignment list -f value --name \
|
||||||
|
--user ${SERVICE_OS_USERNAME} \
|
||||||
|
--user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
|
||||||
|
--project ${SERVICE_OS_PROJECT_NAME} \
|
||||||
|
--project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
|
||||||
|
| awk '{print $1}' )
|
||||||
|
|
||||||
|
if [ "${ROLE_ID}" != "admin" ]; then
|
||||||
|
openstack role add \
|
||||||
|
--project ${SERVICE_OS_PROJECT_NAME} \
|
||||||
|
--project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
|
||||||
|
--user ${SERVICE_OS_USERNAME} \
|
||||||
|
--user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
|
||||||
|
${SERVICE_OS_ROLE}
|
||||||
|
fi
|
||||||
|
|
||||||
|
openstack role assignment list --name
|
||||||
|
|
||||||
|
# Create service
|
||||||
|
SERVICE_ID=$( openstack service list -f value \
|
||||||
|
| grep ${OS_SERVICE_NAME} | awk '{print $1}' )
|
||||||
|
|
||||||
|
if [ "x${SERVICE_ID=}" = "x" ]; then
|
||||||
|
SERVICE_ID=$( openstack service create -f value -c id \
|
||||||
|
--name ${OS_SERVICE_NAME} \
|
||||||
|
--description "${OS_SERVICE_DESCRIPION}" \
|
||||||
|
${OS_SERVICE_TYPE} )
|
||||||
|
fi
|
||||||
|
|
||||||
|
openstack service show ${SERVICE_ID}
|
||||||
|
|
||||||
|
# Create endpoint (internal only)
|
||||||
|
ENDPOINT_ID=$( openstack endpoint list -f value \
|
||||||
|
--region ${SERVICE_OS_REGION_NAME} \
|
||||||
|
--interface ${INTERFACE_NAME} \
|
||||||
|
--service ${OS_SERVICE_NAME} \
|
||||||
|
| awk '{print $1}')
|
||||||
|
|
||||||
|
if [ "x${ENDPOINT_ID}" = "x" ]; then
|
||||||
|
ENDPOINT_ID=$( openstack endpoint create -f value -c id \
|
||||||
|
--region ${SERVICE_OS_REGION_NAME} \
|
||||||
|
${OS_SERVICE_NAME} \
|
||||||
|
${OS_SERVICE_ENDPOINT_INTERFACE} \
|
||||||
|
${OS_SERVICE_ENDPOINT_URL} )
|
||||||
|
fi
|
||||||
|
|
||||||
|
openstack endpoint show ${ENDPOINT_ID}
|
||||||
|
|
@ -0,0 +1,19 @@
|
|||||||
|
{{/*
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: dcdbsync-config-bin
|
||||||
|
data:
|
||||||
|
dc-dcdbsync-config.sh: |
|
||||||
|
{{ tuple "bin/_dc-dcdbsync-config.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,72 @@
|
|||||||
|
{{/*
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
#
|
||||||
|
*/}}
|
||||||
|
{{- if .Values.manifests.job_ks_dcdbsync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- $serviceName := "dcdbsync" }}
|
||||||
|
{{- $configMapBin := "dcdbsync-config-bin" }}
|
||||||
|
|
||||||
|
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-config" }}
|
||||||
|
{{ tuple $envAll "ks_endpoints" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
|
||||||
|
{{- $serviceUser := $serviceName }}
|
||||||
|
{{- $osServiceName := "dcdbsync" }}
|
||||||
|
{{- $osServiceType := "dcorch-dbsync" }}
|
||||||
|
{{- $osServiceDescription := "DCOrch DBsync service" }}
|
||||||
|
{{- $osServiceEndpointInterface := "internal" }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" $serviceName "ks-config" | quote }}
|
||||||
|
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll $serviceName "ks-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
containers:
|
||||||
|
- name: {{ printf "%s-%s" "dcdbsync" "ks-config" | quote }}
|
||||||
|
image: {{ $envAll.Values.images.tags.dcdbsync }}
|
||||||
|
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||||
|
command:
|
||||||
|
- "/tmp/dc-dcdbsync-config.sh"
|
||||||
|
volumeMounts:
|
||||||
|
- name: dc-dcdbsync-config-sh
|
||||||
|
mountPath: /tmp/dc-dcdbsync-config.sh
|
||||||
|
subPath: dc-dcdbsync-config.sh
|
||||||
|
readOnly: true
|
||||||
|
env:
|
||||||
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
|
||||||
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
- name: SERVICE_OS_ROLE
|
||||||
|
value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }}
|
||||||
|
- name: OS_SERVICE_NAME
|
||||||
|
value: {{ $osServiceName | quote }}
|
||||||
|
- name: OS_SERVICE_TYPE
|
||||||
|
value: {{ $osServiceType | quote }}
|
||||||
|
- name: OS_SERVICE_DESCRIPTION
|
||||||
|
value: {{ $osServiceDescription | quote }}
|
||||||
|
- name: OS_SERVICE_ENDPOINT_INTERFACE
|
||||||
|
value: {{ $osServiceEndpointInterface | quote }}
|
||||||
|
- name: OS_SERVICE_ENDPOINT_URL
|
||||||
|
value: {{ tuple $osServiceType $osServiceEndpointInterface "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
|
||||||
|
volumes:
|
||||||
|
- name: dc-dcdbsync-config-sh
|
||||||
|
configMap:
|
||||||
|
name: {{ $configMapBin | quote }}
|
||||||
|
defaultMode: 0555
|
||||||
|
{{- end }}
|
@ -0,0 +1,23 @@
|
|||||||
|
{{/*
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
#
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_keystone }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "dcdbsync" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,125 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
# Default values for dcdbsync.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
labels:
|
||||||
|
dcdbsync:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
job:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
ks_endpoints: docker.io/starlingx/stx-keystone:master-centos-stable-latest
|
||||||
|
dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
|
||||||
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
local_registry:
|
||||||
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
common:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- image-repo-sync
|
||||||
|
services:
|
||||||
|
- endpoint: node
|
||||||
|
service: local_image_registry
|
||||||
|
static:
|
||||||
|
ks_endpoints:
|
||||||
|
services:
|
||||||
|
- endpoint: internal
|
||||||
|
service: identity
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
identity:
|
||||||
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
dcdbsync:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: dcdbsync
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: service
|
||||||
|
project_domain_name: service
|
||||||
|
hosts:
|
||||||
|
default: keystone
|
||||||
|
internal: keystone-api
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v3
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 80
|
||||||
|
internal: 5000
|
||||||
|
dcorch_dbsync:
|
||||||
|
name: dcdbsync
|
||||||
|
hosts:
|
||||||
|
default: dcdbsync-api
|
||||||
|
public: dcdbsync
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1.0
|
||||||
|
scheme:
|
||||||
|
default: 'http'
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 8220
|
||||||
|
public: 80
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: keystone-keystone-admin
|
||||||
|
dcdbsync: dcdbsync-keystone-user
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
secret_keystone: true
|
||||||
|
configmap_bin: true
|
||||||
|
job_ks_dcdbsync: true
|
||||||
|
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
affinity: {}
|
@ -3283,6 +3283,46 @@ data:
|
|||||||
dependencies:
|
dependencies:
|
||||||
- helm-toolkit
|
- helm-toolkit
|
||||||
---
|
---
|
||||||
|
schema: armada/Chart/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: openstack-dcdbsync
|
||||||
|
data:
|
||||||
|
chart_name: dcdbsync
|
||||||
|
release: openstack-dcdbsync
|
||||||
|
namespace: openstack
|
||||||
|
wait:
|
||||||
|
timeout: 1800
|
||||||
|
labels:
|
||||||
|
release_group: osh-openstack-dcdbsync
|
||||||
|
test:
|
||||||
|
enabled: false
|
||||||
|
install:
|
||||||
|
no_hooks: false
|
||||||
|
upgrade:
|
||||||
|
no_hooks: false
|
||||||
|
pre:
|
||||||
|
delete:
|
||||||
|
- type: job
|
||||||
|
labels:
|
||||||
|
release_group: osh-openstack-dcdbsync
|
||||||
|
- type: pod
|
||||||
|
labels:
|
||||||
|
release_group: osh-openstack-dcdbsync
|
||||||
|
component: test
|
||||||
|
values:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
|
||||||
|
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
|
||||||
|
source:
|
||||||
|
type: tar
|
||||||
|
location: http://172.17.0.1/helm_charts/dcdbsync-0.1.0.tgz
|
||||||
|
subpath: dcdbsync
|
||||||
|
reference: master
|
||||||
|
dependencies:
|
||||||
|
- helm-toolkit
|
||||||
|
---
|
||||||
schema: armada/ChartGroup/v1
|
schema: armada/ChartGroup/v1
|
||||||
metadata:
|
metadata:
|
||||||
schema: metadata/Document/v1
|
schema: metadata/Document/v1
|
||||||
@ -3452,6 +3492,16 @@ data:
|
|||||||
- openstack-panko
|
- openstack-panko
|
||||||
- openstack-ceilometer
|
- openstack-ceilometer
|
||||||
---
|
---
|
||||||
|
schema: armada/ChartGroup/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: openstack-dcdbsync
|
||||||
|
data:
|
||||||
|
description: "Deploy dcorch dbsync"
|
||||||
|
sequenced: true
|
||||||
|
chart_group:
|
||||||
|
- openstack-dcdbsync
|
||||||
|
---
|
||||||
schema: armada/Manifest/v1
|
schema: armada/Manifest/v1
|
||||||
metadata:
|
metadata:
|
||||||
schema: metadata/Document/v1
|
schema: metadata/Document/v1
|
||||||
|
Loading…
Reference in New Issue
Block a user