dcdbsync for containerized openstack services - helm

This update contains changes to deploy and config the dcdbsync instance
for containerized openstack services, including:

- Added helm charts to create dcdbsync identities in containerized
  keystone, including user, endpoint, project-role assignment etc.

The overall procedure is, during stx-openstack app application,
dcdbsync identities will be created in containerized keystone. After
stx-openstack is successfully applied the dcdbsync runtime puppet is
called to generate the configuration file for openstack dcdbsync
instance with some information retrieved from helm (particularly
keystone passwords). Finally sm runtime is called to bring up the
dcdbsync service into running. When stx-openstack app is removed,
openstack dcdbsync instance will be cleanup with configuration file
removed and service deprovisioned and stopped.

Change-Id: If4bf60753593e286c3dbe2c2f97c40f6ccbbb5b1
Story: 2004766
Task: 36104
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
Andy Ning 2019-07-16 13:57:52 -04:00
parent 1af002e22e
commit 7fa666f631
9 changed files with 380 additions and 0 deletions

View File

@ -63,6 +63,7 @@ make garbd
make keystone-api-proxy make keystone-api-proxy
make fm-rest-api make fm-rest-api
make nginx-ports-control make nginx-ports-control
make dcdbsync
cd - cd -
# terminate helm server (the last backgrounded task) # terminate helm server (the last backgrounded task)

View File

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: StarlingX-Helm dcdbsync
name: dcdbsync
version: 0.1.0

View File

@ -0,0 +1,10 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,75 @@
#!/bin/bash
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
# Create user
USER_ID=$( openstack user list -f value \
--domain ${SERVICE_OS_USER_DOMAIN_NAME} \
| grep ${SERVICE_OS_USERNAME} | awk '{print $1}' )
if [ "x${USER_ID}" = "x" ]; then
USER_ID=$( openstack user create -f value -c id \
--domain ${SERVICE_OS_USER_DOMAIN_NAME} \
--password ${SERVICE_OS_PASSWORD} \
${SERVICE_OS_USERNAME} )
fi
openstack user show ${USER_ID}
# Create project role assignment
ROLE_ID=$( openstack role assignment list -f value --name \
--user ${SERVICE_OS_USERNAME} \
--user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
--project ${SERVICE_OS_PROJECT_NAME} \
--project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
| awk '{print $1}' )
if [ "${ROLE_ID}" != "admin" ]; then
openstack role add \
--project ${SERVICE_OS_PROJECT_NAME} \
--project-domain ${SERVICE_OS_PROJECT_DOMAIN_NAME} \
--user ${SERVICE_OS_USERNAME} \
--user-domain ${SERVICE_OS_USER_DOMAIN_NAME} \
${SERVICE_OS_ROLE}
fi
openstack role assignment list --name
# Create service
SERVICE_ID=$( openstack service list -f value \
| grep ${OS_SERVICE_NAME} | awk '{print $1}' )
if [ "x${SERVICE_ID=}" = "x" ]; then
SERVICE_ID=$( openstack service create -f value -c id \
--name ${OS_SERVICE_NAME} \
--description "${OS_SERVICE_DESCRIPION}" \
${OS_SERVICE_TYPE} )
fi
openstack service show ${SERVICE_ID}
# Create endpoint (internal only)
ENDPOINT_ID=$( openstack endpoint list -f value \
--region ${SERVICE_OS_REGION_NAME} \
--interface ${INTERFACE_NAME} \
--service ${OS_SERVICE_NAME} \
| awk '{print $1}')
if [ "x${ENDPOINT_ID}" = "x" ]; then
ENDPOINT_ID=$( openstack endpoint create -f value -c id \
--region ${SERVICE_OS_REGION_NAME} \
${OS_SERVICE_NAME} \
${OS_SERVICE_ENDPOINT_INTERFACE} \
${OS_SERVICE_ENDPOINT_URL} )
fi
openstack endpoint show ${ENDPOINT_ID}

View File

@ -0,0 +1,19 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dcdbsync-config-bin
data:
dc-dcdbsync-config.sh: |
{{ tuple "bin/_dc-dcdbsync-config.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

View File

@ -0,0 +1,72 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_dcdbsync }}
{{- $envAll := . }}
{{- $serviceName := "dcdbsync" }}
{{- $configMapBin := "dcdbsync-config-bin" }}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-config" }}
{{ tuple $envAll "ks_endpoints" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $serviceUser := $serviceName }}
{{- $osServiceName := "dcdbsync" }}
{{- $osServiceType := "dcorch-dbsync" }}
{{- $osServiceDescription := "DCOrch DBsync service" }}
{{- $osServiceEndpointInterface := "internal" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-config" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
containers:
- name: {{ printf "%s-%s" "dcdbsync" "ks-config" | quote }}
image: {{ $envAll.Values.images.tags.dcdbsync }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- "/tmp/dc-dcdbsync-config.sh"
volumeMounts:
- name: dc-dcdbsync-config-sh
mountPath: /tmp/dc-dcdbsync-config.sh
subPath: dc-dcdbsync-config.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }}
- name: OS_SERVICE_NAME
value: {{ $osServiceName | quote }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_DESCRIPTION
value: {{ $osServiceDescription | quote }}
- name: OS_SERVICE_ENDPOINT_INTERFACE
value: {{ $osServiceEndpointInterface | quote }}
- name: OS_SERVICE_ENDPOINT_URL
value: {{ tuple $osServiceType $osServiceEndpointInterface "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
volumes:
- name: dc-dcdbsync-config-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end }}

View File

@ -0,0 +1,23 @@
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "dcdbsync" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,125 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for dcdbsync.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
labels:
dcdbsync:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
ks_endpoints: docker.io/starlingx/stx-keystone:master-centos-stable-latest
dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
pullPolicy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ks_endpoints:
services:
- endpoint: internal
service: identity
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
dcdbsync:
role: admin
region_name: RegionOne
username: dcdbsync
password: password
project_name: service
user_domain_name: service
project_domain_name: service
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
dcorch_dbsync:
name: dcdbsync
hosts:
default: dcdbsync-api
public: dcdbsync
host_fqdn_override:
default: null
path:
default: /v1.0
scheme:
default: 'http'
port:
api:
default: 8220
public: 80
secrets:
identity:
admin: keystone-keystone-admin
dcdbsync: dcdbsync-keystone-user
manifests:
secret_keystone: true
configmap_bin: true
job_ks_dcdbsync: true
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}

View File

@ -3283,6 +3283,46 @@ data:
dependencies: dependencies:
- helm-toolkit - helm-toolkit
--- ---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-dcdbsync
data:
chart_name: dcdbsync
release: openstack-dcdbsync
namespace: openstack
wait:
timeout: 1800
labels:
release_group: osh-openstack-dcdbsync
test:
enabled: false
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: osh-openstack-dcdbsync
- type: pod
labels:
release_group: osh-openstack-dcdbsync
component: test
values:
images:
tags:
dcdbsync: docker.io/starlingx/stx-keystone:master-centos-stable-latest
ks_endpoints: docker.io/starlingx/stx-heat:master-centos-stable-latest
source:
type: tar
location: http://172.17.0.1/helm_charts/dcdbsync-0.1.0.tgz
subpath: dcdbsync
reference: master
dependencies:
- helm-toolkit
---
schema: armada/ChartGroup/v1 schema: armada/ChartGroup/v1
metadata: metadata:
schema: metadata/Document/v1 schema: metadata/Document/v1
@ -3452,6 +3492,16 @@ data:
- openstack-panko - openstack-panko
- openstack-ceilometer - openstack-ceilometer
--- ---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-dcdbsync
data:
description: "Deploy dcorch dbsync"
sequenced: true
chart_group:
- openstack-dcdbsync
---
schema: armada/Manifest/v1 schema: armada/Manifest/v1
metadata: metadata:
schema: metadata/Document/v1 schema: metadata/Document/v1