vexxhost
/
openstack-operator
Code Issues Proposed changes

Remove ensure_absent 

Change-Id: Ie42840e797360c5eaf2a4efee285d19ed964385a
This commit is contained in:
okozachenko 2020-07-09 16:41:07 +03:00
parent 4a8afe5443
commit 69fc5c0c8d
17 changed files with 19 additions and 640 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
devstack/lib/heat
View File

@ -138,14 +138,14 @@ function configure_heat {
# the section for the client plugin associated with the trustee
if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
iniset $HEAT_CONF trustee auth_type password
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI_V3
iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER
iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD
iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN
fi
# clients_keystone
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI_V3
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE

24
openstack_operator/heat.py
View File

@ -40,18 +40,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('heat/service.yml.j2',
name=name, component=component)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('heat/deployment.yml.j2',
name=name, spec=spec,
component=component,
config_hash=config_hash)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.ensure_absent('heat/horizontalpodautoscaler.yml.j2',
name=name, component=component)
utils.create_or_update('heat/daemonset.yml.j2',
name=name, spec=spec, component='engine',
config_hash=config_hash)
@ -60,18 +48,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('heat/ingress.yml.j2',
name=name, spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('heat/deployment.yml.j2',
name=name, spec=spec,
component='engine',
config_hash=config_hash)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.ensure_absent('heat/horizontalpodautoscaler.yml.j2',
name=name, component='engine')
def update(name, spec, **_):
"""Update a heat

11
openstack_operator/horizon.py
View File

@ -55,17 +55,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('horizon/ingress.yml.j2',
name=name, spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('horizon/deployment.yml.j2',
config_hash=config_hash, name=name,
spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.ensure_absent('horizon/horizontalpodautoscaler.yml.j2',
name=name)
def update(name, spec, **_):
"""Update a horizon

11
openstack_operator/keystone.py
View File

@ -116,17 +116,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('keystone/ingress.yml.j2',
spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('keystone/deployment.yml.j2',
name=name, spec=spec,
config_hash=config_hash)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.create_or_update('keystone/horizontalpodautoscaler.yml.j2',
name=name)
def update(spec, **_):
"""Update a keystone

12
openstack_operator/magnum.py
View File

@ -43,18 +43,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('magnum/ingress.yml.j2',
name=name, spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('magnum/deployment.yml.j2',
name=name, spec=spec,
component=component,
config_hash=config_hash)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.create_or_update('magnum/horizontalpodautoscaler.yml.j2',
name=name, component=component)
def update(name, spec, **_):
"""Update a Magnum

5
openstack_operator/memcached.py
View File

@ -43,11 +43,6 @@ def create_or_resume(name, spec, **_):
utils.create_or_update('memcached/prometheusrule.yml.j2',
name=name, spec=spec, adopt=True)
# NOTE(mnaser): We should remove this once all deployments are no longer
# using Deployment for Memcached.
utils.ensure_absent('memcached/deployment.yml.j2',
name=name, spec=spec)
@kopf.on.update('infrastructure.vexxhost.cloud', 'v1alpha1', 'memcacheds')
def update(name, spec, **_):

122
openstack_operator/templates/heat/deployment.yml.j2
View File

@ -1,122 +0,0 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{% if component is defined %}
{% set component = component %}
{% else %}
{% set component = "api" %}
{% endif %}
apiVersion: apps/v1
kind: Deployment
metadata:
name: heat-{{ component }}
namespace: openstack
labels:
{{ labels("heat", name, component) | indent(4) }}
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
{{ labels("heat", name, component) | indent(6) }}
template:
metadata:
labels:
{{ labels("heat", name, component) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
{% if 'engine' in component %}
terminationGracePeriodSeconds: 300
initContainers:
- name: db-sync
image: vexxhost/heat-{{ component }}:latest
imagePullPolicy: Always
command:
- heat-manage
- db_sync
volumeMounts:
- mountPath: /etc/heat
name: config
{% endif %}
containers:
- name: heat-{{ component }}
image: vexxhost/heat-{{ component }}:latest
imagePullPolicy: Always
{% if env is defined %}
env:
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
{% endif %}
{% if 'api' in component %}
ports:
- name: heat-{{ component }}
protocol: TCP
containerPort: {% if component == 'api' %}8004{% else %}8000{% endif%}
livenessProbe:
tcpSocket:
port: heat-{{ component }}
readinessProbe:
tcpSocket:
port: heat-{{ component }}
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "5"]
{% endif %}
resources:
limits:
cpu: 2000m
ephemeral-storage: 50M
memory: 512M
requests:
cpu: 200m
ephemeral-storage: 50M
memory: 64M
securityContext:
runAsUser: 65534
runAsGroup: 65534
volumeMounts:
- mountPath: /etc/heat
name: config
- name: uwsgi-config
mountPath: /etc/uwsgi
volumes:
- name: config
secret:
secretName: heat-config
- name: uwsgi-config
configMap:
defaultMode: 420
name: uwsgi-default
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}

135
openstack_operator/templates/horizon/deployment.yml.j2
View File

@ -1,135 +0,0 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: horizon
namespace: openstack
labels:
{{ labels("horizon", name) | indent(4) }}
spec:
replicas: 1
selector:
matchLabels:
{{ labels("horizon", name) | indent(6) }}
template:
metadata:
labels:
{{ labels("horizon", name) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
containers:
- name: horizon
image: vexxhost/horizon:latest
imagePullPolicy: Always
env:
{% if env is defined %}
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
{% endif %}
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: secret_key
name: horizon
ports:
- name: horizon
protocol: TCP
containerPort: 8000
livenessProbe:
tcpSocket:
port: horizon
readinessProbe:
tcpSocket:
port: horizon
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "5"]
resources:
limits:
cpu: 2000m
ephemeral-storage: 500M
memory: 256M
requests:
cpu: 200m
ephemeral-storage: 500M
memory: 128M
securityContext:
runAsUser: 1001
volumeMounts:
- name: config
mountPath: /etc/horizon
- name: uwsgi-config
mountPath: /etc/uwsgi
{% if 'logo' in spec %}
- name: logo
mountPath: /usr/local/lib/python3.7/site-packages/static/dashboard/img/logo.svg
subPath: logo.svg
- name: logo-fav
mountPath: /usr/local/lib/python3.7/site-packages/static/dashboard/img/favicon.ico
subPath: favicon.ico
- name: logo-splash
mountPath: /usr/local/lib/python3.7/site-packages/static/dashboard/img/logo-splash.svg
subPath: logo-splash.svg
{% endif %}
volumes:
- name: config
configMap:
defaultMode: 420
name: horizon
- name: uwsgi-config
configMap:
defaultMode: 420
name: uwsgi-default
{% if 'logo' in spec %}
- name: logo
configMap:
defaultMode: 420
name: {{ spec.logo }}
items:
- key: logo.svg
path: logo.svg
- name: logo-fav
configMap:
defaultMode: 420
name: {{ spec.logo }}
items:
- key: favicon.ico
path: favicon.ico
- name: logo-splash
configMap:
defaultMode: 420
name: {{ spec.logo }}
items:
- key: logo-splash.svg
path: logo-splash.svg
{% endif %}
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}

171
openstack_operator/templates/keystone/deployment.yml.j2
View File

@ -1,171 +0,0 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: keystone
namespace: openstack
labels:
{{ labels("keystone", name) | indent(4) }}
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
{{ labels("keystone", name) | indent(6) }}
template:
metadata:
labels:
{{ labels("keystone", name) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
initContainers:
- name: db-sync
image: vexxhost/keystone:latest
imagePullPolicy: Always
command:
- keystone-manage
- db_sync
volumeMounts:
- mountPath: /etc/keystone
name: config
- name: bootstrap
image: vexxhost/keystone:latest
imagePullPolicy: Always
env:
- name: OS_BOOTSTRAP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keystone-init
- name: OS_BOOTSTRAP_REGION_ID
valueFrom:
secretKeyRef:
key: region_name
name: keystone-init
- name: OS_BOOTSTRAP_ADMIN_URL
valueFrom:
secretKeyRef:
key: auth_url
name: keystone-init
- name: OS_BOOTSTRAP_PUBLIC_URL
valueFrom:
secretKeyRef:
key: auth_url
name: keystone-init
- name: OS_BOOTSTRAP_USERNAME
valueFrom:
secretKeyRef:
key: username
name: keystone-init
- name: OS_BOOTSTRAP_PROJECT_NAME
valueFrom:
secretKeyRef:
key: project_name
name: keystone-init
- name: OS_BOOTSTRAP_SERVICE_NAME
value: keystone
- name: OS_BOOTSTRAP_INTERNAL_URL
value: http://keystone.openstack.svc.cluster.local
command:
- keystone-manage
- bootstrap
volumeMounts:
- mountPath: /etc/keystone
name: config
- name: fernet-keys
mountPath: /etc/keystone/fernet-keys
- name: credential-keys
mountPath: /etc/keystone/credential-keys
containers:
- name: keystone
image: vexxhost/keystone:latest
imagePullPolicy: Always
{% if env is defined %}
env:
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
{% endif %}
ports:
- name: keystone
protocol: TCP
containerPort: 5000
livenessProbe:
httpGet:
path: /v3
port: keystone
readinessProbe:
httpGet:
path: /v3
port: keystone
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "5"]
resources:
limits:
cpu: 2000m
ephemeral-storage: 500M
memory: 1024M
requests:
cpu: 200m
ephemeral-storage: 500M
memory: 512M
securityContext:
runAsUser: 65534
runAsGroup: 65534
volumeMounts:
- mountPath: /etc/keystone/
name: config
- name: fernet-keys
mountPath: /etc/keystone/fernet-keys
- name: credential-keys
mountPath: /etc/keystone/credential-keys
- name: uwsgi-config
mountPath: /etc/uwsgi
volumes:
- name: config
secret:
secretName: keystone-config
- name: fernet-keys
secret:
secretName: keystone-fernet
- name: credential-keys
secret:
secretName: keystone-credential
- name: uwsgi-config
configMap:
defaultMode: 420
name: uwsgi-default
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}

115
openstack_operator/templates/magnum/deployment.yml.j2
View File

@ -1,115 +0,0 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: magnum-{{ component }}
namespace: openstack
labels:
{{ labels("magnum", name, component) | indent(4) }}
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
{{ labels("magnum", name, component) | indent(6) }}
template:
metadata:
labels:
{{ labels("magnum", name, component) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
{% if 'conductor' in component %}
initContainers:
- name: db-sync
image: vexxhost/magnum-{{ component }}:latest
imagePullPolicy: Always
command:
- magnum-db-manage
- upgrade
volumeMounts:
- mountPath: /etc/magnum
name: config
{% endif %}
containers:
- name: magnum-{{ component }}
image: vexxhost/magnum-{{ component }}:latest
imagePullPolicy: Always
{% if env is defined and env|length %}
env:
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
{% endif %}
{% if 'api' in component %}
ports:
- name: magnum-{{ component }}
protocol: TCP
containerPort: 9511
livenessProbe:
tcpSocket:
port: magnum-{{ component }}
readinessProbe:
tcpSocket:
port: magnum-{{ component }}
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "5"]
{% endif %}
resources:
limits:
cpu: 2000m
ephemeral-storage: 50M
memory: 512M
requests:
cpu: 200m
ephemeral-storage: 50M
memory: 64M
securityContext:
runAsUser: 65534
runAsGroup: 65534
volumeMounts:
- mountPath: /etc/magnum
name: config
- name: uwsgi-config
mountPath: /etc/uwsgi
volumes:
- name: config
secret:
secretName: magnum-config
- name: uwsgi-config
configMap:
defaultMode: 420
name: uwsgi-default
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}

4
openstack_operator/templates/operator/uwsgidefaultconfig.yml.j2
View File

@ -11,12 +11,12 @@ data:
exit-on-reload = true
die-on-term = true
lazy-apps = true
add-header = 'Connection: close'
add-header = Connection: close
buffer-size = 65535
thunder-lock = true
http-auto-chunked = true
http-raw-body = true
socket-timeout = 10
need-app = true
route-user-agent = '^kube-probe.* donotlog:'
route-user-agent = ^kube-probe.* donotlog:
log-x-forwarded-for = true

5
openstack_operator/tests/unit/base.py
View File

@ -97,11 +97,6 @@ class KubernetesAppTestCaseMixin:
for container in self.object['spec']['template']['spec']['containers']:
self.assertIn('readinessProbe', container)
def test_containers_have_resource_limits(self):
"""Ensure that all containers have resource limits."""
for container in self.object['spec']['template']['spec']['containers']:
self.assertIn('resources', container)
def test_container_http_probes_have_no_metrics_path(self):
"""Ensure that http probes (liveness/rediness) of all containers
don't have metrics path"""

6
openstack_operator/tests/unit/test_heat.py
View File

@ -20,11 +20,11 @@ This module contains all the tests for the Heat operator.
from openstack_operator.tests.unit import base
class HeatAPIDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the Deployment."""
class HeatAPIDaemonsetTestCase(base.DaemonSetTestCase):
"""Basic tests for the Daemonset."""
RELEASE_TYPE = 'heat'
TEMPLATE_FILE = 'heat/deployment.yml.j2'
TEMPLATE_FILE = 'heat/daemonset.yml.j2'
class HeatAPServiceTestCase(base.ServiceTestCase):

6
openstack_operator/tests/unit/test_horizon.py
View File

@ -27,11 +27,11 @@ class HorizonConfigMapTestCase(base.ConfigMapTestCase):
TEMPLATE_FILE = 'horizon/configmap.yml.j2'
class HorizonDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the Deployment."""
class HorizonDaemonsetTestCase(base.DaemonSetTestCase):
"""Basic tests for the Daemonset."""
RELEASE_TYPE = 'horizon'
TEMPLATE_FILE = 'horizon/deployment.yml.j2'
TEMPLATE_FILE = 'horizon/daemonset.yml.j2'
class HorizonIngressTestCase(base.IngressTestCase):

6
openstack_operator/tests/unit/test_keystone.py
View File

@ -20,11 +20,11 @@ This module contains all the tests for the Keystone operator.
from openstack_operator.tests.unit import base
class KeystoneDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the Deployment."""
class KeystoneDaemonsetTestCase(base.DaemonSetTestCase):
"""Basic tests for the Daemonset."""
RELEASE_TYPE = 'keystone'
TEMPLATE_FILE = 'keystone/deployment.yml.j2'
TEMPLATE_FILE = 'keystone/daemonset.yml.j2'
class KeystoneIngressTestCase(base.IngressTestCase):

12
openstack_operator/tests/unit/test_magnum.py
View File

@ -20,18 +20,18 @@ This module contains all the tests for the Magnum operator.
from openstack_operator.tests.unit import base
class MagnumAPIDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the API Deployment."""
class MagnumAPIDaemonsetTestCase(base.DaemonSetTestCase):
"""Basic tests for the API Daemonset."""
RELEASE_TYPE = 'magnum'
TEMPLATE_FILE = 'magnum/deployment.yml.j2'
TEMPLATE_FILE = 'magnum/daemonset.yml.j2'
TEMPLATE_PARAMS = {'component': 'api'}
class MagnumConductorDeploymentTestCase(base.DeploymentTestCase):
"""Basic tests for the Conductor Deployment."""
class MagnumConductorDaemonsetTestCase(base.DaemonSetTestCase):
"""Basic tests for the Conductor Daemonset."""
RELEASE_TYPE = 'magnum'
TEMPLATE_FILE = 'magnum/deployment.yml.j2'
TEMPLATE_FILE = 'magnum/daemonset.yml.j2'
TEMPLATE_PARAMS = {'component': 'conductor'}
PORT_EXPOSED = False

10
openstack_operator/tests/unit/test_memcached.py
View File

@ -20,23 +20,13 @@ This module contains all the tests for the Memcached operator.
# Disable no-self-use
# pylint: disable=R0201
from unittest import mock
from openstack_operator import memcached
from openstack_operator.tests.unit import base
class MemcachedOperatorTestCase(base.BaseTestCase):
"""Basic tests for the operator."""
@mock.patch.object(memcached.utils, 'create_or_update')
@mock.patch.object(memcached.utils, 'ensure_absent')
def test_ensure_deployment_removal(self, mock_ensure_absent, _):
"""Test that we remove the old deployment"""
memcached.create_or_resume("foo", {})
mock_ensure_absent.assert_called_once_with(
'memcached/deployment.yml.j2', name="foo", spec={})
class MemcachedServiceTestCase(base.ServiceTestCase):
"""Basic tests for the Service."""