From e6bc3530f552484f4cd8e4be4ca2671c7a3d5155 Mon Sep 17 00:00:00 2001 From: okozachenko Date: Mon, 6 Jul 2020 23:32:04 +0300 Subject: [PATCH] Add glance to the operator Change-Id: Ia0bf531c09cf6c7e92a2d3e9ddcaadcb31e70a04 --- Makefile | 1 + chart/test-values.yaml | 3 + devstack/lib/glance | 60 +++++++++ devstack/lib/heat | 4 +- devstack/settings | 1 + images/glance/Dockerfile | 34 ++++++ images/glance/bindep.txt | 2 + openstack_operator/glance.py | 49 ++++++++ openstack_operator/operator.py | 3 + .../templates/glance/daemonset.yml.j2 | 114 ++++++++++++++++++ .../templates/glance/ingress.yml.j2 | 55 +++++++++ .../templates/glance/service.yml.j2 | 28 +++++ .../operator/uwsgidefaultconfig.yml.j2 | 4 +- zuul.d/functional-jobs.yaml | 11 +- zuul.d/glance-jobs.yaml | 36 ++++++ 15 files changed, 398 insertions(+), 7 deletions(-) create mode 100644 devstack/lib/glance create mode 100644 images/glance/Dockerfile create mode 100644 images/glance/bindep.txt create mode 100644 openstack_operator/glance.py create mode 100644 openstack_operator/templates/glance/daemonset.yml.j2 create mode 100644 openstack_operator/templates/glance/ingress.yml.j2 create mode 100644 openstack_operator/templates/glance/service.yml.j2 create mode 100644 zuul.d/glance-jobs.yaml diff --git a/Makefile b/Makefile index 9e7abb72..078b24b4 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,7 @@ images: docker build images/heat --target heat-api -t vexxhost/heat-api:latest docker build images/heat --target heat-api-cfn -t vexxhost/heat-api-cfn:latest docker build images/heat --target heat-engine -t vexxhost/heat-engine:latest + docker build images/glance --target glance-api -t vexxhost/glance-api:latest docker build images/chronyd -t vexxhost/chronyd:latest docker build images/magnum --target magnum-api -t vexxhost/magnum-api:latest docker build images/magnum --target magnum-conductor -t vexxhost/magnum-conductor:latest diff --git a/chart/test-values.yaml b/chart/test-values.yaml index 494adcb5..f69369b0 100644 --- a/chart/test-values.yaml +++ b/chart/test-values.yaml @@ -3,6 +3,9 @@ secretName: devstack configMap: ceilometer: dbUri: "sqlite:///:memory:" + glance: + configDir: /etc/glance + dataDir: /opt/stack/data/glance horizon: ingress: host: "horizon.vexxhost.com" diff --git a/devstack/lib/glance b/devstack/lib/glance new file mode 100644 index 00000000..d0a6b30e --- /dev/null +++ b/devstack/lib/glance @@ -0,0 +1,60 @@ +#!/bin/bash +# +# lib/glance +# Functions to control the configuration and operation of the **Glance** service + +# Dependencies: +# +# - ``functions`` file +# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined +# - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined +# - ``SERVICE_HOST`` +# - ``KEYSTONE_TOKEN_FORMAT`` must be defined + +# ``stack.sh`` calls the entry points in this order: +# +# - install_glance +# - configure_glance +# - init_glance +# - start_glance +# - stop_glance +# - cleanup_glance + +# init_glance() - Initialize databases, etc. +function init_glance { + # Delete existing images + rm -rf $GLANCE_IMAGE_DIR + mkdir -p $GLANCE_IMAGE_DIR + + # NOTE: Permissions here are bad but it's temporary so we don't care as much. + sudo chmod -Rv 777 $DATA_DIR/glance + + # (Re)create glance database + recreate_database glance +} +export -f init_glance + +# install_glance() - Collect source and prepare +function install_glance { + echo noop +} +export -f install_glance + +# start_glance() - Start running processes +function start_glance { + + kubernetes_rollout_restart daemonset/glance + kubernetes_rollout_status daemonset/glance + + run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf" + + echo "Waiting for g-api ($GLANCE_SERVICE_HOST) to start..." + + proxy_pass_to_kubernetes /image glance glance-wsgi-api +} +export -f start_glance + +# Tell emacs to use shell-script-mode +## Local variables: +## mode: shell-script +## End: diff --git a/devstack/lib/heat b/devstack/lib/heat index 0858d389..9dc35171 100644 --- a/devstack/lib/heat +++ b/devstack/lib/heat @@ -138,14 +138,14 @@ function configure_heat { # the section for the client plugin associated with the trustee if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then iniset $HEAT_CONF trustee auth_type password - iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI + iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI_V3 iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN fi # clients_keystone - iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI + iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI_V3 if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE diff --git a/devstack/settings b/devstack/settings index 88ce7edf..19525c42 100644 --- a/devstack/settings +++ b/devstack/settings @@ -17,4 +17,5 @@ define_plugin openstack-operator source $DEST/openstack-operator/devstack/lib/common +source $DEST/openstack-operator/devstack/lib/glance source $DEST/openstack-operator/devstack/lib/keystone diff --git a/images/glance/Dockerfile b/images/glance/Dockerfile new file mode 100644 index 00000000..7ed5847a --- /dev/null +++ b/images/glance/Dockerfile @@ -0,0 +1,34 @@ +# Copyright (c) 2020 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM docker.io/opendevorg/python-builder as builder +COPY bindep.txt /tmp/src/bindep.txt +RUN apt update && apt -y install git +ADD https://releases.openstack.org/constraints/upper/ussuri /tmp/src/upper-constraints.txt +RUN assemble git+https://opendev.org/openstack/glance@stable/ussuri \ + boto3 \ + msgpack===0.6.1 \ + PyMySQL \ + python-memcached \ + python-swiftclient + +FROM docker.io/opendevorg/uwsgi-base as glance-api +COPY --from=builder /output/ /output +RUN apt update && apt -y install git && \ + /output/install-from-bindep && \ + apt -y purge git && apt clean all +EXPOSE 9292 +ENV UWSGI_HTTP_SOCKET=:9292 UWSGI_WSGI_FILE=/usr/local/bin/glance-wsgi-api +CMD ["/usr/local/bin/uwsgi","--ini","/etc/uwsgi/uwsgi.ini"] \ No newline at end of file diff --git a/images/glance/bindep.txt b/images/glance/bindep.txt new file mode 100644 index 00000000..64b038ba --- /dev/null +++ b/images/glance/bindep.txt @@ -0,0 +1,2 @@ +gcc [compile] +libc-dev [compile] diff --git a/openstack_operator/glance.py b/openstack_operator/glance.py new file mode 100644 index 00000000..2e4826e0 --- /dev/null +++ b/openstack_operator/glance.py @@ -0,0 +1,49 @@ +# Copyright 2020 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""glance Operator + +This module maintains the operator for Mcrouter, it takes care of creating +the appropriate deployments, Mcrouter, pod monitors and Prometheus rules. +""" + + +from openstack_operator import utils + + +def create_or_resume(name, spec, **_): + """Create and re-sync a glance instance + + This function is called when a new resource is created but also when we + start the service up for the first time. + """ + + utils.create_or_update('glance/daemonset.yml.j2', + name=name, spec=spec) + utils.create_or_update('glance/service.yml.j2', + name=name, spec=spec) + if "ingress" in spec: + utils.create_or_update('glance/ingress.yml.j2', + name=name, spec=spec) + + +def update(name, spec, **_): + """Update a glance + + This function updates the deployment for glance if there are any + changes that happen within it. + """ + if "ingress" in spec: + utils.create_or_update('glance/ingress.yml.j2', + name=name, spec=spec) diff --git a/openstack_operator/operator.py b/openstack_operator/operator.py index b3051ec3..d9be162b 100644 --- a/openstack_operator/operator.py +++ b/openstack_operator/operator.py @@ -24,6 +24,7 @@ import kopf from openstack_operator import ceilometer from openstack_operator import chronyd +from openstack_operator import glance from openstack_operator import heat from openstack_operator import horizon from openstack_operator import keystone @@ -62,6 +63,8 @@ def deploy(name, namespace, new, **_): horizon.create_or_resume("horizon", config["horizon"]) if "heat" in config: heat.create_or_resume("heat", config["heat"]) + if "glance" in config: + glance.create_or_resume("glance", config["glance"]) if "magnum" in config: magnum.create_or_resume("magnum", config["magnum"]) if "chronyd" in config: diff --git a/openstack_operator/templates/glance/daemonset.yml.j2 b/openstack_operator/templates/glance/daemonset.yml.j2 new file mode 100644 index 00000000..6074e61b --- /dev/null +++ b/openstack_operator/templates/glance/daemonset.yml.j2 @@ -0,0 +1,114 @@ +--- +# Copyright 2020 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: glance + namespace: openstack + labels: + {{ labels("glance", name) | indent(4) }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + {{ labels("glance", name) | indent(6) }} + template: + metadata: + labels: + {{ labels("glance", name) | indent(8) }} + annotations: + checksum/config: "{{ config_hash }}" + spec: + initContainers: + - name: db-sync + image: vexxhost/glance-api:latest + imagePullPolicy: Always + command: + - glance-manage + - db_sync + volumeMounts: + - mountPath: /etc/glance + name: config + - name: load-metadefs + image: vexxhost/glance-api:latest + imagePullPolicy: Always + command: + - glance-manage + - db_load_metadefs + volumeMounts: + - mountPath: /etc/glance + name: config + containers: + - name: glance + image: vexxhost/glance-api:latest + imagePullPolicy: Always + env: + {% for v in env %} + - name: "{{ v.name }}" + value: "{{ v.value }}" + {% endfor %} + ports: + - name: glance + protocol: TCP + containerPort: 9292 + livenessProbe: + tcpSocket: + port: glance + readinessProbe: + tcpSocket: + port: glance + resources: + requests: + cpu: 200m + ephemeral-storage: 500M + memory: 128M + securityContext: + runAsUser: 1001 + volumeMounts: + - name: config + mountPath: /etc/glance + - name: data + mountPath: {{ spec['dataDir'] }} + - name: uwsgi-config + mountPath: /etc/uwsgi + volumes: + - name: config + hostPath: + path: {{ spec['configDir'] }} + type: Directory + - name: data + hostPath: + path: {{ spec['dataDir'] }} + type: Directory + - name: uwsgi-config + configMap: + defaultMode: 420 + name: uwsgi-default +{% if 'nodeSelector' in spec %} + nodeSelector: + {{ spec.nodeSelector | to_yaml | indent(8) }} +{% endif %} +{% if 'tolerations' in spec %} + tolerations: + {{ spec.tolerations | to_yaml | indent(8) }} +{% endif %} +{% if 'hostAliases' in spec %} + hostAliases: + {{ spec.hostAliases | to_yaml | indent(8) }} +{% endif %} diff --git a/openstack_operator/templates/glance/ingress.yml.j2 b/openstack_operator/templates/glance/ingress.yml.j2 new file mode 100644 index 00000000..ca5d4ff9 --- /dev/null +++ b/openstack_operator/templates/glance/ingress.yml.j2 @@ -0,0 +1,55 @@ +--- +# Copyright 2020 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: glance + namespace: openstack + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + certmanager.k8s.io/cluster-issuer: "letsencrypt-prod" +spec: +{% if spec.ingress.host is defined %} + rules: + - host: {{ spec.ingress.host }} + http: + paths: + - path: / + backend: + serviceName: glance + servicePort: 80 + tls: + - hosts: + - {{ spec.ingress.host }} + secretName: glance-tls +{% else %} + rules: + {% for v in spec.ingress %} + - host: {{ v.host }} + http: + paths: + - path: / + backend: + serviceName: glance + servicePort: 80 + {% endfor %} + tls: + - hosts: + {% for v in spec.ingress %} + - {{ v.host }} + {% endfor %} + secretName: glance-tls +{% endif %} \ No newline at end of file diff --git a/openstack_operator/templates/glance/service.yml.j2 b/openstack_operator/templates/glance/service.yml.j2 new file mode 100644 index 00000000..fe2bedb1 --- /dev/null +++ b/openstack_operator/templates/glance/service.yml.j2 @@ -0,0 +1,28 @@ +--- +# Copyright 2020 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: glance + namespace: openstack +spec: + ports: + - name: glance + port: 80 + protocol: TCP + targetPort: glance + selector: + {{ labels("glance", name) | indent(4) }} diff --git a/openstack_operator/templates/operator/uwsgidefaultconfig.yml.j2 b/openstack_operator/templates/operator/uwsgidefaultconfig.yml.j2 index 4e5a3c4b..9d5f65ae 100644 --- a/openstack_operator/templates/operator/uwsgidefaultconfig.yml.j2 +++ b/openstack_operator/templates/operator/uwsgidefaultconfig.yml.j2 @@ -11,12 +11,12 @@ data: exit-on-reload = true die-on-term = true lazy-apps = true - add-header = 'Connection: close' + add-header = Connection: close buffer-size = 65535 thunder-lock = true http-auto-chunked = true http-raw-body = true socket-timeout = 10 need-app = true - route-user-agent = '^kube-probe.* donotlog:' + route-user-agent = ^kube-probe.* donotlog: log-x-forwarded-for = true diff --git a/zuul.d/functional-jobs.yaml b/zuul.d/functional-jobs.yaml index 3a871782..474a38cf 100644 --- a/zuul.d/functional-jobs.yaml +++ b/zuul.d/functional-jobs.yaml @@ -25,14 +25,15 @@ - src/opendev.org/openstack - src/opendev.org/vexxhost tox_envlist: all - tempest_test_regex: '(\[.*\bsmoke\b.*\]|(^heat_tempest_plugin.tests.api)|(^tempest_horizon.tests.scenario))' - tempest_black_regex: '^tempest.scenario.test_network_basic_ops' + tempest_test_regex: (\[.*\bsmoke\b.*\]|(^heat_tempest_plugin.tests.api)|(^tempest_horizon.tests.scenario)) + tempest_black_regex: ^tempest.scenario.test_network_basic_ops tempest_plugins: - heat-tempest-plugin - magnum-tempest-plugin - tempest-horizon devstack_localrc: - TEMPEST_PLUGINS: '/opt/stack/heat-tempest-plugin /opt/stack/magnum-tempest-plugin /opt/stack/tempest-horizon' + TEMPEST_PLUGINS: /opt/stack/heat-tempest-plugin /opt/stack/magnum-tempest-plugin + /opt/stack/tempest-horizon docker_use_buildset_registry: true minikube_dns_resolvers: [1.1.1.1, 8.8.8.8] @@ -49,6 +50,8 @@ soft: true - name: openstack-operator:images:build:magnum soft: true + - name: openstack-operator:images:build:glance + soft: true - name: openstack-operator:images:build:rabbitmq soft: true - name: openstack-operator:images:build:ceilometer @@ -76,6 +79,8 @@ soft: true - name: openstack-operator:images:upload:magnum soft: true + - name: openstack-operator:images:upload:glance + soft: true - name: openstack-operator:images:upload:rabbitmq soft: true - name: openstack-operator:images:upload:ceilometer diff --git a/zuul.d/glance-jobs.yaml b/zuul.d/glance-jobs.yaml new file mode 100644 index 00000000..90b72f78 --- /dev/null +++ b/zuul.d/glance-jobs.yaml @@ -0,0 +1,36 @@ +- job: + name: openstack-operator:images:build:glance + parent: vexxhost-build-docker-image + provides: openstack-operator:image:glance + vars: &id001 + docker_images: + - context: images/glance + repository: vexxhost/glance-api + target: glance-api + dependencies: + - openstack-operator:images:build:openstack-operator + files: &id002 + - ^images/glance/.* +- job: + name: openstack-operator:images:upload:glance + parent: vexxhost-upload-docker-image + provides: openstack-operator:image:glance + vars: *id001 + dependencies: + - openstack-operator:images:upload:openstack-operator + files: *id002 +- job: + name: openstack-operator:images:promote:glance + parent: vexxhost-promote-docker-image + vars: *id001 + files: *id002 +- project: + check: + jobs: + - openstack-operator:images:build:glance + gate: + jobs: + - openstack-operator:images:upload:glance + promote: + jobs: + - openstack-operator:images:promote:glance