diff --git a/Makefile b/Makefile index e3c08d22c4..9915074e28 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,13 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron cinder heat maas all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack +CHARTS := ceph mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron cinder heat maas openstack + common: build-common @@ -19,6 +20,8 @@ mariadb: build-mariadb keystone: build-keystone +cinder: build-cinder + horizon: build-horizon rabbitmq: build-rabbitmq diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml new file mode 100644 index 0000000000..890af01e45 --- /dev/null +++ b/cinder/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for cinder +name: cinder +version: 0.1.0 diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/cinder/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/cinder/templates/_helpers.tpl b/cinder/templates/_helpers.tpl new file mode 100644 index 0000000000..80039684b4 --- /dev/null +++ b/cinder/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{- define "joinListWithColon" -}} +{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }} +{{- end -}} + +{{- define "env_admin_openrc" }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-env-keystone-admin + key: OS_PASSWORD +{{- end }} + +{{- define "container_ks_service" }} +image: {{ .Values.images.ks_service }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-service.sh +volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} + +{{- define "container_ks_endpoint" }} +image: {{ .Values.images.ks_endpoints }} +imagePullPolicy: {{ .Values.images.pull_policy }} +command: + - bash + - /tmp/ks-endpoints.sh +volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true +env: +{{ include "env_admin_openrc" . | indent 2 }} +{{- end }} diff --git a/cinder/templates/config/cinder-api-paste.ini.yaml b/cinder/templates/config/cinder-api-paste.ini.yaml new file mode 100644 index 0000000000..a0d87145f7 --- /dev/null +++ b/cinder/templates/config/cinder-api-paste.ini.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ini-api-paste +data: + api-paste.ini: |+ +{{ tuple "contents/_cinder-api-paste.ini.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-api.conf.yaml b/cinder/templates/config/cinder-api.conf.yaml new file mode 100644 index 0000000000..ae0df4269b --- /dev/null +++ b/cinder/templates/config/cinder-api.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-api +data: + cinder-api.conf: |+ +{{ tuple "contents/_cinder-api.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backend-rbd1.conf.yaml b/cinder/templates/config/cinder-backend-rbd1.conf.yaml new file mode 100644 index 0000000000..1beb401635 --- /dev/null +++ b/cinder/templates/config/cinder-backend-rbd1.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backend-rbd1 +data: + cinder-backend-rbd1.conf: |+ +{{ tuple "contents/_cinder-backend-rbd1.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-backends.conf.yaml b/cinder/templates/config/cinder-backends.conf.yaml new file mode 100644 index 0000000000..b5f839c5e6 --- /dev/null +++ b/cinder/templates/config/cinder-backends.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-backends +data: + cinder-backends.conf: |+ +{{ tuple "contents/_cinder-backends.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-concurrency.conf.yaml b/cinder/templates/config/cinder-concurrency.conf.yaml new file mode 100644 index 0000000000..3385d54bc0 --- /dev/null +++ b/cinder/templates/config/cinder-concurrency.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-concurrency +data: + cinder-concurrency.conf: |+ +{{ tuple "contents/_cinder-concurrency.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-db.conf.yaml b/cinder/templates/config/cinder-db.conf.yaml new file mode 100644 index 0000000000..80a10531fe --- /dev/null +++ b/cinder/templates/config/cinder-db.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-db +type: Opaque +data: + cinder-db.conf: | +{{ tuple "contents/_cinder-db.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-glance.conf.yaml b/cinder/templates/config/cinder-glance.conf.yaml new file mode 100644 index 0000000000..a1c7e91a96 --- /dev/null +++ b/cinder/templates/config/cinder-glance.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-glance +data: + cinder-glance.conf: |+ +{{ tuple "contents/_cinder-glance.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone-admin.env.yaml b/cinder/templates/config/cinder-keystone-admin.env.yaml new file mode 100644 index 0000000000..885c58076b --- /dev/null +++ b/cinder/templates/config/cinder-keystone-admin.env.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-keystone.conf.yaml b/cinder/templates/config/cinder-keystone.conf.yaml new file mode 100644 index 0000000000..992a6d43bd --- /dev/null +++ b/cinder/templates/config/cinder-keystone.conf.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-keystone +type: Opaque +data: + cinder-keystone.conf: | +{{ tuple "contents/_cinder-keystone.conf.tpl" . | include "template" | b64enc | indent 4 }} + OS_AUTH_URL: | +{{ .Values.keystone.auth_url | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.cinder_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.cinder_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.cinder_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.cinder_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.cinder_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.cinder_password | b64enc | indent 4 }} diff --git a/cinder/templates/config/cinder-log.conf.yaml b/cinder/templates/config/cinder-log.conf.yaml new file mode 100644 index 0000000000..683a58930c --- /dev/null +++ b/cinder/templates/config/cinder-log.conf.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-conf-log +data: + cinder-log.conf: |+ +{{ tuple "contents/_cinder-log.conf.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/config/cinder-messaging.conf.yaml b/cinder/templates/config/cinder-messaging.conf.yaml new file mode 100644 index 0000000000..0645feed73 --- /dev/null +++ b/cinder/templates/config/cinder-messaging.conf.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cinder-conf-messaging +type: Opaque +data: + cinder-messaging.conf: | +{{ tuple "contents/_cinder-messaging.conf.tpl" . | include "template" | b64enc | indent 4 }} diff --git a/cinder/templates/config/contents/_cinder-api-paste.ini.tpl b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl new file mode 100644 index 0000000000..a761f53d07 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api-paste.ini.tpl @@ -0,0 +1,75 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/cinder/templates/config/contents/_cinder-api.conf.tpl b/cinder/templates/config/contents/_cinder-api.conf.tpl new file mode 100644 index 0000000000..b4ac662150 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-api.conf.tpl @@ -0,0 +1,12 @@ +[DEFAULT] +enable_v1_api = false +volume_name_template = %s + +osapi_volume_workers = {{ .Values.api.workers }} +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = {{ .Values.service.api.port }} + +api_paste_config = /etc/cinder/api-paste.ini + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl new file mode 100644 index 0000000000..abd6eeda39 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backend-rbd1.conf.tpl @@ -0,0 +1,11 @@ +[rbd1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +rbd_pool = {{ .Values.backends.rbd1.pool }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 +rbd_user = {{ .Values.backends.rbd1.user }} +rbd_secret_uuid = {{ .Values.backends.rbd1.secret }} +report_discard_supported = True diff --git a/cinder/templates/config/contents/_cinder-backends.conf.tpl b/cinder/templates/config/contents/_cinder-backends.conf.tpl new file mode 100644 index 0000000000..62a1dbcc41 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-backends.conf.tpl @@ -0,0 +1,2 @@ +[DEFAULT] +enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }} diff --git a/cinder/templates/config/contents/_cinder-concurrency.conf.tpl b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl new file mode 100644 index 0000000000..06be34ce23 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-concurrency.conf.tpl @@ -0,0 +1,2 @@ +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/cinder/templates/config/contents/_cinder-db.conf.tpl b/cinder/templates/config/contents/_cinder-db.conf.tpl new file mode 100644 index 0000000000..1b67679065 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-db.conf.tpl @@ -0,0 +1,3 @@ +[database] +connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.database.cinder_password }}@{{ .Values.database.address }}:{{ .Values.database.port }}/{{ .Values.database.cinder_database_name }} +max_retries = -1 diff --git a/cinder/templates/config/contents/_cinder-glance.conf.tpl b/cinder/templates/config/contents/_cinder-glance.conf.tpl new file mode 100644 index 0000000000..31807c7aa3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-glance.conf.tpl @@ -0,0 +1,3 @@ +[DEFAULT] +glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}" +glance_api_version = {{ .Values.glance.version }} diff --git a/cinder/templates/config/contents/_cinder-keystone.conf.tpl b/cinder/templates/config/contents/_cinder-keystone.conf.tpl new file mode 100644 index 0000000000..1311ed69db --- /dev/null +++ b/cinder/templates/config/contents/_cinder-keystone.conf.tpl @@ -0,0 +1,13 @@ +[DEFAULT] +auth_strategy = keystone +os_region_name = {{ .Values.keystone.cinder_region_name }} + +[keystone_authtoken] +auth_uri = {{ .Values.keystone.auth_uri }} +auth_url = {{ .Values.keystone.auth_url }} +auth_type = password +project_domain_name = {{ .Values.keystone.cinder_project_domain }} +user_domain_name = {{ .Values.keystone.cinder_user_domain }} +project_name = {{ .Values.keystone.cinder_project_name }} +username = {{ .Values.keystone.cinder_user }} +password = {{ .Values.keystone.cinder_password }} diff --git a/cinder/templates/config/contents/_cinder-log.conf.tpl b/cinder/templates/config/contents/_cinder-log.conf.tpl new file mode 100644 index 0000000000..a0ec3d1f2f --- /dev/null +++ b/cinder/templates/config/contents/_cinder-log.conf.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +debug = {{ .Values.misc.debug }} +use_syslog = False +use_stderr = True diff --git a/cinder/templates/config/contents/_cinder-messaging.conf.tpl b/cinder/templates/config/contents/_cinder-messaging.conf.tpl new file mode 100644 index 0000000000..819bd099f3 --- /dev/null +++ b/cinder/templates/config/contents/_cinder-messaging.conf.tpl @@ -0,0 +1,5 @@ +[oslo_messaging_rabbit] +rabbit_userid = {{ .Values.messaging.user }} +rabbit_password = {{ .Values.messaging.password }} +rabbit_ha_queues = true +rabbit_hosts = {{ .Values.messaging.hosts }} diff --git a/cinder/templates/deployments/api/api.sh.yaml b/cinder/templates/deployments/api/api.sh.yaml new file mode 100644 index 0000000000..bda7100b28 --- /dev/null +++ b/cinder/templates/deployments/api/api.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-api-sh +data: + start.sh: |+ +{{ tuple "bin/_api.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/deployments/api/api.yaml b/cinder/templates/deployments/api/api.yaml new file mode 100644 index 0000000000..63e40bd604 --- /dev/null +++ b/cinder/templates/deployments/api/api.yaml @@ -0,0 +1,138 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cinder-api +spec: + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: cinder-api + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: cinder-api + image: {{ .Values.images.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/start.sh + ports: + - containerPort: {{ .Values.service.api.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.api.port }} + volumeMounts: + - name: cinder-api-sh + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: pod-var-lib-cinder-tmp + mountPath: /var/lib/cinder/tmp + - name: cinder-ini-api-paste + mountPath: /etc/cinder/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cinder-conf-api + mountPath: /etc/cinder/conf/cinder-api.conf + subPath: cinder-api.conf + readOnly: true + - name: cinder-conf-backends + mountPath: /etc/cinder/conf/cinder-backends.conf + subPath: cinder-backends.conf + readOnly: true + - name: cinder-conf-backend-rbd1 + mountPath: /etc/cinder/conf/cinder-backend-rbd1.conf + subPath: cinder-backend-rbd1.conf + readOnly: true + - name: cinder-conf-concurrency + mountPath: /etc/cinder/conf/cinder-concurrency.conf + subPath: cinder-concurrency.conf + readOnly: true + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-glance + mountPath: /etc/cinder/conf/cinder-glance.conf + subPath: cinder-glance.conf + readOnly: true + - name: cinder-conf-keystone + mountPath: /etc/cinder/conf/cinder-keystone.conf + subPath: cinder-keystone.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + - name: cinder-conf-messaging + mountPath: /etc/cinder/conf/cinder-messaging.conf + subPath: cinder-messaging.conf + readOnly: true + volumes: + - name: cinder-api-sh + configMap: + name: cinder-api-sh + - name: pod-etc-cinder + emptyDir: {} + - name: pod-var-lib-cinder-tmp + emptyDir: {} + - name: cinder-ini-api-paste + configMap: + name: cinder-ini-api-paste + - name: cinder-conf-api + configMap: + name: cinder-conf-api + - name: cinder-conf-backends + configMap: + name: cinder-conf-backends + - name: cinder-conf-backend-rbd1 + configMap: + name: cinder-conf-backend-rbd1 + - name: cinder-conf-concurrency + configMap: + name: cinder-conf-concurrency + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-glance + configMap: + name: cinder-conf-glance + - name: cinder-conf-keystone + secret: + secretName: cinder-conf-keystone + - name: cinder-conf-log + configMap: + name: cinder-conf-log + - name: cinder-conf-messaging + secret: + secretName: cinder-conf-messaging diff --git a/cinder/templates/deployments/api/bin/_api.sh.tpl b/cinder/templates/deployments/api/bin/_api.sh.tpl new file mode 100644 index 0000000000..91e4f3a933 --- /dev/null +++ b/cinder/templates/deployments/api/bin/_api.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +exec cinder-api --config-dir /etc/cinder/conf diff --git a/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl new file mode 100644 index 0000000000..66e953e971 --- /dev/null +++ b/cinder/templates/jobs/db/init/bin/_db-init.sh.tpl @@ -0,0 +1,6 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_database_name }}'" +ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.cinder_user }}' password='{{ .Values.database.cinder_password }}' host='%' priv='{{ .Values.database.cinder_database_name }}.*:ALL' append_privs='yes'" diff --git a/cinder/templates/jobs/db/init/db-init.sh.yaml b/cinder/templates/jobs/db/init/db-init.sh.yaml new file mode 100644 index 0000000000..74875985bf --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-init-sh +data: + init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/init/db-init.yaml b/cinder/templates/jobs/db/init/db-init.yaml new file mode 100644 index 0000000000..4c27f8c888 --- /dev/null +++ b/cinder/templates/jobs/db/init/db-init.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-init +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} + env: + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + command: + - bash + - /tmp/init.sh + volumeMounts: + - name: db-init-sh + mountPath: /tmp/init.sh + subPath: init.sh + readOnly: true + volumes: + - name: db-init-sh + configMap: + name: cinder-db-init-sh diff --git a/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..a36edc6c92 --- /dev/null +++ b/cinder/templates/jobs/db/sync/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +cinder-manage --config-dir /etc/cinder/conf db sync diff --git a/cinder/templates/jobs/db/sync/db-sync.sh.yaml b/cinder/templates/jobs/db/sync/db-sync.sh.yaml new file mode 100644 index 0000000000..f395f01ecc --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-db-sync-sh +data: + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/db/sync/db-sync.yaml b/cinder/templates/jobs/db/sync/db-sync.yaml new file mode 100644 index 0000000000..ba4d31efb1 --- /dev/null +++ b/cinder/templates/jobs/db/sync/db-sync.yaml @@ -0,0 +1,69 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-db-sync +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: pod-etc-cinder + mountPath: /etc/cinder + - name: cinder-conf-db + mountPath: /etc/cinder/conf/cinder-db.conf + subPath: cinder-db.conf + readOnly: true + - name: cinder-conf-log + mountPath: /etc/cinder/conf/cinder-log.conf + subPath: cinder-log.conf + readOnly: true + volumes: + - name: db-sync-sh + configMap: + name: cinder-db-sync-sh + - name: pod-etc-cinder + emptyDir: {} + - name: cinder-conf-db + secret: + secretName: cinder-conf-db + - name: cinder-conf-log + configMap: + name: cinder-conf-log diff --git a/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl new file mode 100644 index 0000000000..264d1b1384 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/bin/_ks-endpoints.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SERVICE_INTERFACE}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SERVICE_INTERFACE} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml new file mode 100644 index 0000000000..b4841d89d4 --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-endpoints-sh +data: + ks-endpoints.sh: |+ +{{ tuple "bin/_ks-endpoints.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml new file mode 100644 index 0000000000..1c23325d6f --- /dev/null +++ b/cinder/templates/jobs/keystone/endpoints/ks-endpoints.yaml @@ -0,0 +1,130 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.service }}" + }, + { + "name": "DEPENDENCY_JOBS", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_endpoints.jobs }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-endpoints-v1-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v1-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volume + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v1/%(tenant_id)s + - name: cinder-ks-endpoints-v2-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v2-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev2 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v2/%(tenant_id)s + - name: cinder-ks-endpoints-v3-admin +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: admin + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-internal +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: internal + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + - name: cinder-ks-endpoints-v3-public +{{ include "container_ks_endpoint" . | indent 10 }} + - name: OS_SERVICE_INTERFACE + value: public + - name: OS_SERVICE_NAME + value: cinder + - name: OS_SERVICE_TYPE + value: volumev3 + - name: OS_SERVICE_ENDPOINT + value: {{ .Values.service.api.proto }}://{{ .Values.service.api.name }}:{{ .Values.service.api.port }}/v3/%(tenant_id)s + volumes: + - name: ks-endpoints-sh + configMap: + name: cinder-ks-endpoints-sh diff --git a/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl new file mode 100644 index 0000000000..4777d08c48 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/bin/_ks-service.sh.tpl @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi diff --git a/cinder/templates/jobs/keystone/service/ks-service.sh.yaml b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml new file mode 100644 index 0000000000..e4ea00a37f --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-service-sh +data: + ks-service.sh: |+ +{{ tuple "bin/_ks-service.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/service/ks-service.yaml b/cinder/templates/jobs/keystone/service/ks-service.yaml new file mode 100644 index 0000000000..3893433885 --- /dev/null +++ b/cinder/templates/jobs/keystone/service/ks-service.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-service-v1 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volume" + - name: cinder-ks-service-v2 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev2" + - name: cinder-ks-service-v3 +{{ include "container_ks_service" . | indent 10 }} + - name: OS_SERVICE_NAME + value: "cinder" + - name: OS_SERVICE_TYPE + value: "volumev3" + volumes: + - name: ks-service-sh + configMap: + name: cinder-ks-service-sh diff --git a/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl new file mode 100644 index 0000000000..fdc7358b32 --- /dev/null +++ b/cinder/templates/jobs/keystone/user/bin/_ks-user.sh.tpl @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage user project +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --description="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + --description="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Display user +openstack user show "${USER_ID}" + +# Manage user role +USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + +# Manage user role assignment +openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" diff --git a/cinder/templates/jobs/keystone/user/ks-user.sh.yaml b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml new file mode 100644 index 0000000000..52e6941d0c --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.sh.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cinder-ks-user-sh +data: + ks-user.sh: |+ +{{ tuple "bin/_ks-user.sh.tpl" . | include "template" | indent 4 }} diff --git a/cinder/templates/jobs/keystone/user/ks-user.yaml b/cinder/templates/jobs/keystone/user/ks-user.yaml new file mode 100644 index 0000000000..06c4e8637f --- /dev/null +++ b/cinder/templates/jobs/keystone/user/ks-user.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cinder-ks-user +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "init", + "image": {{ .Values.images.dep_check | quote }}, + "imagePullPolicy": {{ .Values.images.pull_policy | quote }}, + "env": [ + { + "name": "NAMESPACE", + "value": "{{ .Release.Namespace }}" + }, + { + "name": "DEPENDENCY_SERVICE", + "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}" + }, + { + "name": "COMMAND", + "value": "echo done" + } + ] + } + ]' + spec: + restartPolicy: OnFailure + containers: + - name: cinder-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - bash + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + env: +{{ include "env_admin_openrc" . | indent 12 }} + - name: SERVICE_OS_SERVICE_NAME + value: "cinder" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_REGION_NAME + - name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_DOMAIN_NAME + - name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PROJECT_NAME + - name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USER_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: cinder-conf-keystone + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.cinder_user_role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: cinder-ks-user-sh diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml new file mode 100644 index 0000000000..809211c92a --- /dev/null +++ b/cinder/templates/service-api.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.api.name }} +spec: + ports: + - port: {{ .Values.service.api.port }} + selector: + app: cinder-api diff --git a/cinder/values.yaml b/cinder/values.yaml new file mode 100644 index 0000000000..0fd2966596 --- /dev/null +++ b/cinder/values.yaml @@ -0,0 +1,110 @@ +# Default values for keystone. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: 1 + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + api: quay.io/stackanetes/stackanetes-cinder-api:newton + pull_policy: "IfNotPresent" + +keystone: + auth_uri: "http://keystone-api:5000" + auth_url: "http://keystone-api:35357" + admin_user: "admin" + admin_user_domain: "default" + admin_password: "password" + admin_project_name: "admin" + admin_project_domain: "default" + admin_region_name: "RegionOne" + + cinder_user: "cinder" + cinder_user_domain: "default" + cinder_user_role: "admin" + cinder_password: "password" + cinder_project_name: "service" + cinder_project_domain: "default" + cinder_region_name: "RegionOne" + +service: + api: + name: "cinder-api" + port: 8776 + proto: "http" + +database: + address: mariadb + port: 3306 + root_user: root + root_password: password + cinder_database_name: cinder + cinder_password: password + cinder_user: cinder + +backends: + enabled: + - rbd1 + rbd1: + secret: "" + user: "cinder" + pool: "volumes" + +glance: + proto: "http" + host: "glance-api" + port: 9292 + version: 2 + +messaging: + hosts: rabbitmq + user: rabbitmq + password: password + + +api: + workers: 8 + +misc: + debug: false + +dependencies: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: + jobs: + - cinder-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - cinder-ks-service + service: + - keystone-api + api: + jobs: + - cinder-db-sync + - cinder-ks-user + - cinder-ks-endpoints + service: + - mariadb + - keystone-api diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md index 4ee88495a8..1058a984ed 100644 --- a/docs/developer/minikube.md +++ b/docs/developer/minikube.md @@ -160,6 +160,7 @@ $ helm install --name=memcached local/memcached --namespace=openstack $ helm install --name=rabbitmq local/rabbitmq --namespace=openstack $ helm install --name=keystone local/keystone --namespace=openstack $ helm install --name=horizon local/horizon --namespace=openstack +$ helm install --name=cinder local/cinder --namespace=openstack $ helm install --name=glance local/glance --namespace=openstack $ helm install --name=nova local/nova --namespace=openstack $ helm install --name=neutron local/neutron --namespace=openstack