openstack
/
openstack-helm-infra
Code Issues Proposed changes

[WIP] Refactor deployment scripts 

Change-Id: I3bad13cc332fd439b3b56cfa5fc596255bc466f2
This commit is contained in:
Vladimir Kozhukalov 2024-04-23 17:08:36 -05:00
parent 67fae419b8
commit 63ecd40e0e
152 changed files with 82 additions and 3103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/deployment/apparmor/000-install-packages.sh
View File

@ -1 +0,0 @@
../common/000-install-packages.sh

1
tools/deployment/apparmor/001-setup-apparmor-profiles.sh
View File

@ -1 +0,0 @@
../common/001-setup-apparmor-profiles.sh

1
tools/deployment/apparmor/005-deploy-k8s.sh
View File

@ -1 +0,0 @@
../../gate/deploy-k8s.sh

1
tools/deployment/apparmor/020-ceph.sh
View File

@ -1 +0,0 @@
../osh-infra-logging/020-ceph.sh

1
tools/deployment/apparmor/025-ceph-ns-activate.sh
View File

@ -1 +0,0 @@
../osh-infra-logging/025-ceph-ns-activate.sh

36
tools/deployment/apparmor/030-mariadb.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make mariadb
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
helm upgrade --install mariadb ./mariadb \
--namespace=osh-infra \
--set monitoring.prometheus.enabled=true \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=mariadb,release_group=mariadb,component=test --namespace=osh-infra --ignore-not-found
#NOTE: Validate the deployment
helm test mariadb --namespace osh-infra

79
tools/deployment/apparmor/040-memcached.sh
View File

@ -1,79 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
namespace="osh-infra"
: ${OSH_INFRA_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached)"}
# NOTE: Lint and package chart
make memcached
tee /tmp/memcached.yaml <<EOF
images:
tags:
apparmor_loader: google/apparmor-loader:latest
pod:
mandatory_access_control:
type: apparmor
memcached:
memcached: runtime/default
EOF
# NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
helm upgrade --install memcached ./memcached \
--namespace=$namespace \
--set pod.replicas.server=1 \
--values=/tmp/memcached.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_MEMCACHED}
# NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh $namespace
# Run a test. Note: the simple "cat /proc/1/attr/current" verification method
# will not work, as memcached has multiple processes running, so we have to
# find out which one is the memcached application process.
pod=$(kubectl -n $namespace get pod | grep memcached | awk '{print $1}')
unsorted_process_file="/tmp/unsorted_proc_list"
sorted_process_file="/tmp/proc_list"
expected_profile="docker-default (enforce)"
# Grab the processes (numbered directories) from the /proc directory,
# and then sort them. Highest proc number indicates most recent process.
kubectl -n $namespace exec $pod -- ls -1 /proc | grep -e "^[0-9]*$" > $unsorted_process_file
sort --numeric-sort $unsorted_process_file > $sorted_process_file
# The last/latest process in the list will actually be the "ls" command above,
# which isn't running any more, so remove it.
sed -i '$ d' $sorted_process_file
while IFS='' read -r process || [[ -n "$process" ]]; do
echo "Process ID: $process"
proc_name=`kubectl -n $namespace exec $pod -- cat /proc/$process/status | grep "Name:" | awk -F' ' '{print $2}'`
echo "Process Name: $proc_name"
profile=`kubectl -n $namespace exec $pod -- cat /proc/$process/attr/current`
echo "Profile running: $profile"
if test "$profile" != "$expected_profile"
then
if test "$proc_name" == "pause"
then
echo "Root process (pause) can run docker-default, it's ok."
else
echo "$profile is the WRONG PROFILE!!"
return 1
fi
fi
done < $sorted_process_file

175
tools/deployment/apparmor/050-libvirt.sh
View File

@ -1,175 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make libvirt
tee /tmp/libvirt.yaml <<EOF
images:
tags:
apparmor_loader: google/apparmor-loader:latest
pod:
mandatory_access_control:
type: apparmor
configmap_apparmor: true
libvirt-libvirt-default:
libvirt-libvirt-default: localhost/my-apparmor-v1
apparmor-loader: unconfined
conf:
apparmor_profiles:
my-apparmor-v1.profile: |-
#include <tunables/global>
@{LIBVIRT}="libvirt"
profile my-apparmor-v1 flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
capability kill,
capability audit_write,
capability audit_control,
capability net_admin,
capability net_raw,
capability setgid,
capability sys_admin,
capability sys_module,
capability sys_ptrace,
capability sys_pacct,
capability sys_nice,
capability sys_chroot,
capability setuid,
capability dac_override,
capability dac_read_search,
capability fowner,
capability chown,
capability setpcap,
capability mknod,
capability fsetid,
capability audit_write,
capability ipc_lock,
# Needed for vfio
capability sys_resource,
mount options=(rw,rslave) -> /,
mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
mount options=(rw, move) /dev/ -> /{var/,}run/libvirt/qemu/*.dev/,
mount options=(rw, move) /dev/hugepages/ -> /{var/,}run/libvirt/qemu/*.hugepages/,
mount options=(rw, move) /dev/mqueue/ -> /{var/,}run/libvirt/qemu/*.mqueue/,
mount options=(rw, move) /dev/pts/ -> /{var/,}run/libvirt/qemu/*.pts/,
mount options=(rw, move) /dev/shm/ -> /{var/,}run/libvirt/qemu/*.shm/,
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.dev/ -> /dev/,
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.hugepages/ -> /dev/hugepages/,
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.mqueue/ -> /dev/mqueue/,
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.pts/ -> /dev/pts/,
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.shm/ -> /dev/shm/,
network inet stream,
network inet dgram,
network inet6 stream,
network inet6 dgram,
network netlink raw,
network packet dgram,
network packet raw,
# for --p2p migrations
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
ptrace (trace) peer=unconfined,
ptrace (trace) peer=/usr/sbin/libvirtd,
ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
signal (send) set=("kill", "term") peer=unconfined,
# For communication/control to qemu-bridge-helper
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd//qemu_bridge_helper),
signal (send) set=("term") peer=/usr/sbin/libvirtd//qemu_bridge_helper,
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
/ r,
/** rwmkl,
/bin/* PUx,
/sbin/* PUx,
/usr/bin/* PUx,
/usr/sbin/virtlogd pix,
/usr/sbin/* PUx,
/{usr/,}lib/udev/scsi_id PUx,
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
/usr/{lib,lib64}/xen/bin/* Ux,
/usr/lib/xen-*/bin/libxl-save-helper PUx,
# Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
# read and run an ebtables script.
/var/lib/libvirt/virtd* ixr,
# force the use of virt-aa-helper
audit deny /{usr/,}sbin/apparmor_parser rwxl,
audit deny /etc/apparmor.d/libvirt/** wxl,
audit deny /sys/kernel/security/apparmor/features rwxl,
audit deny /sys/kernel/security/apparmor/matching rwxl,
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/{lib,lib64}/libvirt/* PUxr,
/usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
/usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
# allow changing to our UUID-based named profiles
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process
profile qemu_bridge_helper {
#include <abstractions/base>
capability setuid,
capability setgid,
capability setpcap,
capability net_admin,
network inet stream,
# For communication/control from libvirtd
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
/dev/net/tun rw,
/etc/qemu/** r,
owner @{PROC}/*/status r,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
}
EOF
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
helm upgrade --install libvirt ./libvirt \
--namespace=openstack \
--values=/tmp/libvirt.yaml \
--set network.backend="null" \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_LIBVIRT}
#NOTE: Validate Deployment info
./tools/deployment/common/wait-for-pods.sh openstack

30
tools/deployment/apparmor/050-prometheus-alertmanager.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-alertmanager
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_ALERTMANAGER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-alertmanager)"}
#NOTE: Deploy command
helm upgrade --install prometheus-alertmanager ./prometheus-alertmanager \
--namespace=osh-infra \
--set pod.replicas.alertmanager=1 \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_ALERTMANAGER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

1
tools/deployment/apparmor/055-prometheus.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/050-prometheus.sh

1
tools/deployment/apparmor/060-prometheus-node-exporter.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/080-node-exporter.sh

30
tools/deployment/apparmor/065-prometheus-openstack-exporter.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-openstack-exporter
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
#NOTE: Deploy command
helm upgrade --install prometheus-openstack-exporter \
./prometheus-openstack-exporter \
--namespace=openstack \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

30
tools/deployment/apparmor/070-prometheus-blackbox-exporter.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-blackbox-exporter
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-blackbox-exporter)"}
#NOTE: Deploy command
helm upgrade --install prometheus-blackbox-exporter \
./prometheus-blackbox-exporter \
--namespace=openstack \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

1
tools/deployment/apparmor/075-prometheus-process-exporter.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/090-process-exporter.sh

1
tools/deployment/apparmor/080-grafana.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/110-grafana.sh

30
tools/deployment/apparmor/085-rabbitmq.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make rabbitmq
: ${OSH_INFRA_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq)"}
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
helm upgrade --install rabbitmq ./rabbitmq \
--namespace=osh-infra \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_RABBITMQ}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

79
tools/deployment/apparmor/090-elasticsearch.sh
View File

@ -1,79 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
dependencies:
static:
tests:
jobs: null
storage:
data:
enabled: false
master:
enabled: false
pod:
mandatory_access_control:
type: apparmor
elasticsearch-master:
elasticsearch-master: runtime/default
elasticsearch-data:
elasticsearch-data: runtime/default
elasticsearch-client:
elasticsearch-client: runtime/default
replicas:
client: 1
data: 1
master: 2
conf:
curator:
schedule: "0 */6 * * *"
action_file:
actions:
1:
action: delete_indices
description: >-
"Delete indices older than 365 days"
options:
timeout_override:
continue_if_exception: False
ignore_empty_list: True
disable_action: True
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 365
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=elasticsearch,release_group=elasticsearch,component=test --namespace=osh-infra --ignore-not-found
helm test elasticsearch --namespace osh-infra

1
tools/deployment/apparmor/095-nagios.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/120-nagios.sh

37
tools/deployment/apparmor/100-fluentbit.sh
View File

@ -1,37 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make fluentbit
tee /tmp/fluentbit.yaml <<EOF
pod:
mandatory_access_control:
type: apparmor
fluentbit:
fluentbit: runtime/default
EOF
#NOTE: Deploy command
helm upgrade --install fluentbit ./fluentbit \
--namespace=osh-infra \
--values=/tmp/fluentbit.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=fluentbit,release_group=fluentbit,component=test --namespace=osh-infra --ignore-not-found
helm test fluentbit --namespace osh-infra

172
tools/deployment/apparmor/110-fluentd-daemonset.sh
View File

@ -1,172 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make fluentd
tee /tmp/fluentd-daemonset.yaml <<EOF
deployment:
type: DaemonSet
pod:
security_context:
fluentd:
pod:
runAsUser: 0
mandatory_access_control:
type: apparmor
fluentd:
fluentd: runtime/default
conf:
fluentd:
template: |
<source>
bind 0.0.0.0
port 24220
@type monitor_agent
</source>
<source>
<parse>
time_format %Y-%m-%dT%H:%M:%S.%NZ
@type json
</parse>
path /var/log/containers/*.log
read_from_head true
tag kubernetes.*
@type tail
</source>
<filter kubernetes.**>
@type kubernetes_metadata
</filter>
<source>
bind 0.0.0.0
port "#{ENV['FLUENTD_PORT']}"
@type forward
</source>
<match fluent.**>
@type null
</match>
<match libvirt>
<buffer>
chunk_limit_size 500K
flush_interval 5s
flush_thread_count 8
queue_limit_length 16
retry_forever false
retry_max_interval 30
</buffer>
host "#{ENV['ELASTICSEARCH_HOST']}"
include_tag_key true
logstash_format true
logstash_prefix libvirt
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
port "#{ENV['ELASTICSEARCH_PORT']}"
@type elasticsearch
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
<match qemu>
<buffer>
chunk_limit_size 500K
flush_interval 5s
flush_thread_count 8
queue_limit_length 16
retry_forever false
retry_max_interval 30
</buffer>
host "#{ENV['ELASTICSEARCH_HOST']}"
include_tag_key true
logstash_format true
logstash_prefix qemu
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
port "#{ENV['ELASTICSEARCH_PORT']}"
@type elasticsearch
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
<match journal.**>
<buffer>
chunk_limit_size 500K
flush_interval 5s
flush_thread_count 8
queue_limit_length 16
retry_forever false
retry_max_interval 30
</buffer>
host "#{ENV['ELASTICSEARCH_HOST']}"
include_tag_key true
logstash_format true
logstash_prefix journal
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
port "#{ENV['ELASTICSEARCH_PORT']}"
@type elasticsearch
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
<match kernel>
<buffer>
chunk_limit_size 500K
flush_interval 5s
flush_thread_count 8
queue_limit_length 16
retry_forever false
retry_max_interval 30
</buffer>
host "#{ENV['ELASTICSEARCH_HOST']}"
include_tag_key true
logstash_format true
logstash_prefix kernel
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
port "#{ENV['ELASTICSEARCH_PORT']}"
@type elasticsearch
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
<match **>
<buffer>
chunk_limit_size 500K
flush_interval 5s
flush_thread_count 8
queue_limit_length 16
retry_forever false
retry_max_interval 30
</buffer>
flush_interval 15s
host "#{ENV['ELASTICSEARCH_HOST']}"
include_tag_key true
logstash_format true
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
port "#{ENV['ELASTICSEARCH_PORT']}"
@type elasticsearch
type_name fluent
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
EOF
#NOTE: Deploy command
helm upgrade --install fluentd-daemonset ./fluentd \
--namespace=osh-infra \
--values=/tmp/fluentd-daemonset.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=fluentd,release_group=fluentd-daemonset,component=test --namespace=osh-infra --ignore-not-found
helm test fluentd-daemonset --namespace osh-infra

1
tools/deployment/apparmor/115-node-problem-detector.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/075-node-problem-detector.sh

1
tools/deployment/apparmor/120-openvswitch.sh
View File

@ -1 +0,0 @@
../openstack-support/060-openvswitch.sh

65
tools/deployment/apparmor/140-ceph-radosgateway.sh
View File

@ -1,65 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_RGW:="$(./tools/deployment/common/get-values-overrides.sh ceph-rgw)"}
#NOTE: Lint and package chart
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
make -C ${OSH_INFRA_PATH} ceph-rgw
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
tee /tmp/radosgw-openstack.yaml <<EOF
endpoints:
identity:
namespace: openstack
object_store:
namespace: openstack
ceph_mon:
namespace: ceph
network:
public: 172.17.0.1/16
cluster: 172.17.0.1/16
deployment:
ceph: true
rgw_keystone_user_and_endpoints: true
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: true
pod:
replicas:
rgw: 1
EOF
helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
--namespace=openstack \
--values=/tmp/radosgw-openstack.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_RGW}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
export OS_CLOUD=openstack_helm
sleep 60 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack service list
openstack endpoint list
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph,release_group=radosgw-openstack,component=rgw-test --namespace=openstack --ignore-not-found
helm test radosgw-openstack --namespace openstack --timeout 900s

1
tools/deployment/apparmor/170-postgresql.sh
View File

@ -1 +0,0 @@
../common/postgresql.sh

7
tools/deployment/openstack-support-rook/025-ceph-ns-activate.sh → tools/deployment/ceph/ceph-ns-activate.sh
View File

@ -14,9 +14,6 @@
set -xe
#NOTE: Lint and package chart
make ceph-provisioners
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
tee /tmp/ceph-openstack-config.yaml <<EOF
@ -39,7 +36,7 @@ conf:
enabled: false
EOF
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(helm osh get-values-overrides -c ceph-provisioners ${FEATURES})"}
helm upgrade --install ceph-openstack-config ./ceph-provisioners \
--namespace=openstack \
@ -48,7 +45,7 @@ helm upgrade --install ceph-openstack-config ./ceph-provisioners \
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
helm test ceph-openstack-config --namespace openstack --timeout 600s

7
tools/deployment/common/040-ldap.sh
View File

@ -14,10 +14,7 @@
set -xe
: ${OSH_INFRA_EXTRA_HELM_ARGS_LDAP:="$(./tools/deployment/common/get-values-overrides.sh ldap)"}
#NOTE: Pull images and lint chart
make ldap
: ${OSH_INFRA_EXTRA_HELM_ARGS_LDAP:="$(helm osh get-values-overrides -c ldap ${FEATURES})"}
#NOTE: Deploy command
helm upgrade --install ldap ./ldap \
@ -26,4 +23,4 @@ helm upgrade --install ldap ./ldap \
${OSH_INFRA_EXTRA_HELM_ARGS_LDAP}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
helm osh wait-for-pods osh-infra

7
tools/deployment/common/070-kube-state-metrics.sh
View File

@ -14,15 +14,12 @@
set -xe
#NOTE: Lint and package chart
make prometheus-kube-state-metrics
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS:="$(./tools/deployment/common/get-values-overrides.sh prometheus-kube-state-metrics)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS:="$(helm osh get-values-overrides -c prometheus-kube-state-metrics ${FEATURES})"}
helm upgrade --install prometheus-kube-state-metrics \
./prometheus-kube-state-metrics --namespace=kube-system \
${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
helm osh wait-for-pods kube-system

7
tools/deployment/common/080-node-exporter.sh
View File

@ -14,15 +14,12 @@
set -xe
#NOTE: Lint and package chart
make prometheus-node-exporter
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-node-exporter)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER:="$(helm osh get-values-overrides -c prometheus-node-exporter ${FEATURES})"}
helm upgrade --install prometheus-node-exporter \
./prometheus-node-exporter --namespace=kube-system \
${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
helm osh wait-for-pods kube-system

7
tools/deployment/common/090-process-exporter.sh
View File

@ -14,15 +14,12 @@
set -xe
#NOTE: Lint and package chart
make prometheus-process-exporter
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-process-exporter)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER:="$(helm osh get-values-overrides -c prometheus-process-exporter ${FEATURES})"}
helm upgrade --install prometheus-process-exporter \
./prometheus-process-exporter --namespace=kube-system \
${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
helm osh wait-for-pods kube-system

5
tools/deployment/common/blackbox-exporter.sh
View File

@ -14,12 +14,9 @@
set -xe
#NOTE: Lint and package chart
make prometheus-blackbox-exporter
#NOTE: Deploy command
helm upgrade --install prometheus-blackbox-exporter \
./prometheus-blackbox-exporter --namespace=osh-infra
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
helm osh wait-for-pods osh-infra

7
tools/deployment/common/daemonjob-controller.sh
View File

@ -14,10 +14,7 @@
set -xe
namespace="metacontroller"
: ${HELM_ARGS_DAEMONJOB_CONTROLLER:="$(./tools/deployment/common/get-values-overrides.sh daemonjob-controller)"}
#NOTE: Lint and package chart
make daemonjob-controller
: ${HELM_ARGS_DAEMONJOB_CONTROLLER:="$(helm osh get-values-overrides -c daemonjob-controller ${FEATURES})"}
#NOTE: Deploy command
helm upgrade --install daemonjob-controller ./daemonjob-controller \
@ -26,7 +23,7 @@ helm upgrade --install daemonjob-controller ./daemonjob-controller \
${HELM_ARGS_DAEMONJOB_CONTROLLER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh daemonjob-controller
helm osh wait-for-pods daemonjob-controller
#NOTE: CompositeController succesfully deployed
composite_controller_cr=$(kubectl get compositecontrollers | awk '{print $1}')

7
tools/deployment/common/010-deploy-docker-registry.sh → tools/deployment/common/deploy-docker-registry.sh
View File

@ -14,11 +14,6 @@
set -xe
#NOTE: Lint and package charts for deploying a local docker registry
make nfs-provisioner
make redis
make registry
for NAMESPACE in docker-nfs docker-registry; do
tee /tmp/${NAMESPACE}-ns.yaml << EOF
apiVersion: v1
@ -64,7 +59,7 @@ helm upgrade --install docker-registry ./registry \
--values=/tmp/docker-registry.yaml
#NOTE: Wait for deployments
./tools/deployment/common/wait-for-pods.sh docker-registry
helm osh wait-for-pods docker-registry
# Delete the test pod if it still exists
kubectl delete pods -l application=redis,release_group=docker-registry-redis,component=test --namespace=docker-registry --ignore-not-found

6
tools/deployment/common/fluentd.sh
View File

@ -14,9 +14,7 @@
set -xe
#NOTE: Lint and package chart
make fluentd
: ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD:="$(./tools/deployment/common/get-values-overrides.sh fluentd)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD:="$(helm osh get-values-overrides -c fluentd ${FEATURES})"}
tee /tmp/fluentd.yaml << EOF
pod:
@ -185,4 +183,4 @@ helm upgrade --install fluentd ./fluentd \
${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
helm osh wait-for-pods osh-infra

0
tools/deployment/openstack-support-rook/040-memcached.sh → tools/deployment/common/memcached.sh
View File

7
tools/deployment/common/metacontroller.sh
View File

@ -14,10 +14,7 @@
set -xe
namespace="metacontroller"
: ${HELM_ARGS_METACONTROLLER:="$(./tools/deployment/common/get-values-overrides.sh metacontroller)"}
#NOTE: Lint and package chart
make metacontroller
: ${HELM_ARGS_METACONTROLLER:="$(helm osh get-values-overrides -c metacontroller ${FEATURES})"}
#NOTE: Check no crd exists of APIGroup metacontroller.k8s.io
crds=$(kubectl get crd | awk '/metacontroller.k8s.io/{print $1}')
@ -45,7 +42,7 @@ helm upgrade --install metacontroller ./metacontroller \
${HELM_ARGS_METACONTROLLER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh metacontroller
helm osh wait-for-pods metacontroller
#NOTE: Check crds of APIGroup metacontroller.k8s.io successfully created
crds=$(kubectl get crd | awk '/metacontroller.k8s.io/{print $1}')

3
tools/deployment/openstack-support/007-namespace-config.sh → tools/deployment/common/namespace-config.sh
View File

@ -14,9 +14,6 @@
set -xe
#NOTE: Lint and package chart
make namespace-config
#NOTE: Deploy namespace configs
for NAMESPACE in kube-system ceph openstack; do
helm upgrade --install ${NAMESPACE}-namespace-config ./namespace-config \

5
tools/deployment/common/node-problem-detector.sh
View File

@ -13,9 +13,6 @@
set -xe
#NOTE: Lint and package chart
make kubernetes-node-problem-detector
#NOTE: Deploy command
tee /tmp/kubernetes-node-problem-detector.yaml << EOF
monitoring:
@ -32,4 +29,4 @@ helm upgrade --install kubernetes-node-problem-detector \
--values=/tmp/kubernetes-node-problem-detector.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
helm osh wait-for-pods kube-system

7
tools/deployment/common/openstack-exporter.sh
View File

@ -14,11 +14,8 @@
set -xe
#NOTE: Lint and package chart
make prometheus-openstack-exporter
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(helm osh get-values-overrides -c prometheus-openstack-exporter ${FEATURES})"}
tee /tmp/prometheus-openstack-exporter.yaml << EOF
manifests:
@ -37,4 +34,4 @@ helm upgrade --install prometheus-openstack-exporter \
${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack

7
tools/deployment/common/postgresql.sh
View File

@ -14,12 +14,9 @@
set -xe
#NOTE: Lint and package chart
make postgresql
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
: ${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL:="$(./tools/deployment/common/get-values-overrides.sh postgresql)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL:="$(helm osh get-values-overrides -c postgresql ${FEATURES})"}
helm upgrade --install postgresql ./postgresql \
--namespace=osh-infra \
@ -31,4 +28,4 @@ helm upgrade --install postgresql ./postgresql \
${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
helm osh wait-for-pods osh-infra

17
tools/deployment/common/prepare-charts.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Build all OSH charts
make all

2
tools/deployment/common/prepare-k8s.sh
View File

@ -44,5 +44,3 @@ EOF
kubectl apply -f /tmp/${NAMESPACE}-ns.yaml
done
make all

0
tools/deployment/openstack-support-rook/030-rabbitmq.sh → tools/deployment/common/rabbitmq.sh
View File

1
tools/deployment/elastic-beats/005-deploy-k8s.sh
View File

@ -1 +0,0 @@
../../gate/deploy-k8s.sh

1
tools/deployment/elastic-beats/030-ceph.sh
View File

@ -1 +0,0 @@
../multinode/030-ceph.sh

1
tools/deployment/elastic-beats/035-ceph-ns-activate.sh
View File

@ -1 +0,0 @@
../multinode/035-ceph-ns-activate.sh

1
tools/deployment/elastic-beats/040-ldap.sh
View File

@ -1 +0,0 @@
../common/040-ldap.sh

62
tools/deployment/elastic-beats/050-elasticsearch.sh
View File

@ -1,62 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
manifests:
cron_curator: false
configmap_bin_curator: false
configmap_etc_curator: false
images:
tags:
elasticsearch: docker.io/openstackhelm/elasticsearch-s3:7_1_0-20191115
storage:
data:
requests:
storage: 20Gi
master:
requests:
storage: 5Gi
jobs:
verify_repositories:
cron: "*/10 * * * *"
monitoring:
prometheus:
enabled: false
pod:
replicas:
client: 1
data: 1
master: 2
conf:
elasticsearch:
config:
xpack:
security:
enabled: false
ilm:
enabled: false
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

55
tools/deployment/elastic-beats/060-kibana.sh
View File

@ -1,55 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make kibana
: ${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA:="$(./tools/deployment/common/get-values-overrides.sh kibana)"}
tee /tmp/kibana.yaml << EOF
images:
tags:
kibana: docker.elastic.co/kibana/kibana:7.1.0
conf:
kibana:
xpack:
security:
enabled: false
spaces:
enabled: false
apm:
enabled: false
graph:
enabled: false
ml:
enabled: false
monitoring:
enabled: false
reporting:
enabled: false
canvas:
enabled: false
EOF
#NOTE: Deploy command
helm upgrade --install kibana ./kibana \
--namespace=osh-infra \
--values=/tmp/kibana.yaml
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

1
tools/deployment/elastic-beats/070-kube-state-metrics.sh
View File

@ -1 +0,0 @@
../common/070-kube-state-metrics.sh

42
tools/deployment/elastic-beats/080-elastic-metricbeat.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elastic-metricbeat
tee /tmp/metricbeat.yaml << EOF
images:
tags:
metricbeat: docker.elastic.co/beats/metricbeat:7.1.0
conf:
metricbeat:
setup:
ilm:
enabled: false
endpoints:
elasticsearch:
namespace: osh-infra
kibana:
namespace: osh-infra
EOF
#NOTE: Deploy command
helm upgrade --install elastic-metricbeat ./elastic-metricbeat \
--namespace=kube-system \
--values=/tmp/metricbeat.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system

42
tools/deployment/elastic-beats/090-elastic-filebeat.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elastic-filebeat
tee /tmp/filebeat.yaml << EOF
images:
tags:
filebeat: docker.elastic.co/beats/filebeat:7.1.0
conf:
filebeat:
setup:
ilm:
enabled: false
endpoints:
elasticsearch:
namespace: osh-infra
kibana:
namespace: osh-infra
EOF
#NOTE: Deploy command
helm upgrade --install elastic-filebeat ./elastic-filebeat \
--namespace=kube-system \
--values=/tmp/filebeat.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system

42
tools/deployment/elastic-beats/100-elastic-packetbeat.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elastic-packetbeat
tee /tmp/packetbeat.yaml << EOF
images:
tags:
filebeat: docker.elastic.co/beats/packetbeat:7.1.0
conf:
packetbeat:
setup:
ilm:
enabled: false
endpoints:
elasticsearch:
namespace: osh-infra
kibana:
namespace: osh-infra
EOF
#NOTE: Deploy command
helm upgrade --install elastic-packetbeat ./elastic-packetbeat \
--namespace=kube-system \
--values=/tmp/packetbeat.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system

1
tools/deployment/federated-monitoring/000-install-packages.sh
View File

@ -1 +0,0 @@
../common/000-install-packages.sh

1
tools/deployment/federated-monitoring/005-deploy-k8s.sh
View File

@ -1 +0,0 @@
../../gate/deploy-k8s.sh

1
tools/deployment/keystone-auth/030-nfs-provisioner.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/030-nfs-provisioner.sh

1
tools/deployment/keystone-auth/040-rabbitmq.sh
View File

@ -1 +0,0 @@
../openstack-support/030-rabbitmq.sh

1
tools/deployment/keystone-auth/050-memcached.sh
View File

@ -1 +0,0 @@
../openstack-support/040-memcached.sh

1
tools/deployment/mariadb-operator-cluster/000-prepare-k8s.sh
View File

@ -1 +0,0 @@
../common/prepare-k8s.sh

1
tools/deployment/mariadb-operator-cluster/010-deploy-docker-registry.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/010-deploy-docker-registry.sh

1
tools/deployment/mariadb-operator-cluster/012-setup-client.sh
View File

@ -1 +0,0 @@
../common/setup-client.sh

1
tools/deployment/mariadb-operator-cluster/030-nfs-provisioner.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/030-nfs-provisioner.sh

1
tools/deployment/mariadb-operator-cluster/040-rabbitmq.sh
View File

@ -1 +0,0 @@
../keystone-auth/040-rabbitmq.sh

12
tools/deployment/mariadb-operator-cluster/045-mariadb-operator-cluster.sh
View File

@ -22,13 +22,9 @@ helm repo add mariadb-operator https://mariadb-operator.github.io/mariadb-operat
helm install mariadb-operator mariadb-operator/mariadb-operator --version ${MARIADB_OPERATOR_RELEASE} -n mariadb-operator
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh mariadb-operator
helm osh wait-for-pods mariadb-operator
#NOTE: Lint and package chart
make mariadb-cluster
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER:="$(./tools/deployment/common/get-values-overrides.sh mariadb-cluster)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER:="$(helm osh get-values-overrides -c mariadb-cluster ${FEATURES})"}
#NOTE: Deploy command
# Deploying downscaled cluster
@ -43,7 +39,7 @@ helm upgrade --install mariadb-cluster ./mariadb-cluster \
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
kubectl get pods --namespace=openstack -o wide
@ -61,7 +57,7 @@ helm upgrade --install mariadb-cluster ./mariadb-cluster \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
kubectl get pods --namespace=openstack -o wide

1
tools/deployment/mariadb-operator-cluster/050-memcached.sh
View File

@ -1 +0,0 @@
../keystone-auth/050-memcached.sh

6
tools/deployment/mariadb-operator-cluster/070-keystone.sh
View File

@ -17,10 +17,8 @@ set -xe
: ${OSH_PATH:="../openstack-helm"}
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
: ${OSH_EXTRA_HELM_ARGS:=""}
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(HELM_CHART_ROOT_PATH=${OSH_PATH} ./tools/deployment/common/get-values-overrides.sh keystone)"}
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(helm osh get-values-overrides -p ${OSH_PATH} -c keystone ${FEATURES})"}
# Install LDAP
make ldap
helm upgrade --install ldap ./ldap \
--namespace=openstack \
--set pod.replicas.server=1 \
@ -40,7 +38,7 @@ helm upgrade --install keystone ${OSH_PATH}/keystone \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_KEYSTONE}
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
# Testing basic functionality
export OS_CLOUD=openstack_helm

9
tools/deployment/mariadb-operator-cluster/090-mariadb-backup-test.sh
View File

@ -14,10 +14,7 @@
set -xe
#NOTE: Lint and package chart
make mariadb-backup
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP:="$(./tools/deployment/common/get-values-overrides.sh mariadb-backup)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP:="$(helm osh get-values-overrides -c mariadb-backup ${FEATURES})"}
#NOTE: Deploy command
# Deploying downscaled cluster
@ -30,11 +27,11 @@ helm upgrade --install mariadb-backup ./mariadb-backup \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP}
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
kubectl create job --from=cronjob/mariadb-backup mariadb-backup-manual-001 -n openstack
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
kubectl logs jobs/mariadb-backup-manual-001 -n openstack

7
tools/deployment/mariadb-operator-cluster/095-mariadb-prometheus-mysql-exporter.sh
View File

@ -14,10 +14,7 @@
set -xe
#NOTE: Lint and package chart
make prometheus-mysql-exporter
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_MYSQL_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-mysql-exporter)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_MYSQL_EXPORTER:="$(helm osh get-values-overrides -c prometheus-mysql-exporter ${FEATURES})"}
#NOTE: Deploy command
# Deploying downscaled cluster
@ -31,6 +28,6 @@ helm upgrade --install prometheus-mysql-exporter ./prometheus-mysql-exporter \
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
helm osh wait-for-pods openstack
kubectl get pods --namespace=openstack -o wide

1
tools/deployment/multinode/010-deploy-docker-registry.sh
View File

@ -1 +0,0 @@
../common/010-deploy-docker-registry.sh

136
tools/deployment/multinode/030-ceph.sh
View File

@ -1,136 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# setup loopback devices for ceph
free_loop_devices=( $(ls -1 /dev/loop[0-7] | while read loopdev; do losetup | grep -q $loopdev || echo $loopdev; done) )
./tools/deployment/common/setup-ceph-loopback-device.sh \
--ceph-osd-data ${CEPH_OSD_DATA_DEVICE:=${free_loop_devices[0]}} \
--ceph-osd-dbwal ${CEPH_OSD_DB_WAL_DEVICE:=${free_loop_devices[1]}}
#NOTE: Lint and package chart
make ceph-mon
make ceph-osd
make ceph-client
make ceph-provisioners
#NOTE: Deploy command
[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
CEPH_CLUSTER_NETWORK="${CEPH_PUBLIC_NETWORK}"
CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
#NOTE(portdirect): to use RBD devices with kernels < 4.5 this should be set to 'hammer'
. /etc/os-release
if [ "x${ID}" == "xcentos" ] || \
([ "x${ID}" == "xubuntu" ] && \
dpkg --compare-versions "$(uname -r)" "lt" "4.5"); then
CRUSH_TUNABLES=hammer
else
CRUSH_TUNABLES=null
fi
NUMBER_OF_OSDS="$(kubectl get nodes -l ceph-osd=enabled --no-headers | wc -l)"
tee /tmp/ceph.yaml << EOF
endpoints:
identity:
namespace: openstack
object_store:
namespace: ceph
ceph_mon:
namespace: ceph
network:
public: ${CEPH_PUBLIC_NETWORK}
cluster: ${CEPH_CLUSTER_NETWORK}
deployment:
storage_secrets: true
ceph: true
csi_rbd_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: true
conf:
ceph:
global:
fsid: ${CEPH_FS_ID}
mon_allow_pool_size_one: true
rgw_ks:
enabled: true
pool:
crush:
tunables: ${CRUSH_TUNABLES}
target:
osd: ${NUMBER_OF_OSDS}
pg_per_osd: 100
storage:
osd:
- data:
type: bluestore
location: ${CEPH_OSD_DATA_DEVICE}
block_db:
location: ${CEPH_OSD_DB_WAL_DEVICE}
size: "5GB"
block_wal:
location: ${CEPH_OSD_DB_WAL_DEVICE}
size: "2GB"
jobs:
ceph_defragosds:
# Execute every 15 minutes for gates
cron: "*/15 * * * *"
history:
# Number of successful job to keep
successJob: 1
# Number of failed job to keep
failJob: 1
concurrency:
# Skip new job if previous job still active
execPolicy: Forbid
startingDeadlineSecs: 60
storageclass:
cephfs:
provision_storage_class: false
manifests:
cronjob_defragosds: true
job_cephfs_client_key: false
EOF
for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
helm upgrade --install ${CHART} ./${CHART} \
--namespace=ceph \
--values=/tmp/ceph.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_DEPLOY:-$(./tools/deployment/common/get-values-overrides.sh ${CHART})}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph 1200
#NOTE: Validate deploy
MON_POD=$(kubectl get pods \
--namespace=ceph \
--selector="application=ceph" \
--selector="component=mon" \
--no-headers | awk '{ print $1; exit }')
kubectl exec -n ceph ${MON_POD} -- ceph -s
done
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph-osd,release_group=ceph-osd,component=test --namespace=ceph --ignore-not-found
helm test ceph-osd --namespace ceph --timeout 900s
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph-client,release_group=ceph-client,component=test --namespace=ceph --ignore-not-found
helm test ceph-client --namespace ceph --timeout 900s

56
tools/deployment/multinode/035-ceph-ns-activate.sh
View File

@ -1,56 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy command
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
CEPH_CLUSTER_NETWORK="${CEPH_PUBLIC_NETWORK}"
tee /tmp/ceph-osh-infra-config.yaml <<EOF
endpoints:
ceph_mon:
namespace: ceph
network:
public: ${CEPH_PUBLIC_NETWORK}
cluster: ${CEPH_CLUSTER_NETWORK}
deployment:
storage_secrets: false
ceph: false
csi_rbd_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
storageclass:
cephfs:
provision_storage_class: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: false
EOF
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
helm upgrade --install ceph-osh-infra-config ./ceph-provisioners \
--namespace=osh-infra \
--values=/tmp/ceph-osh-infra-config.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph,release_group=ceph-osh-infra-config,component=provisioner-test --namespace=osh-infra --ignore-not-found
helm test ceph-osh-infra-config --namespace osh-infra --timeout 600s

1
tools/deployment/multinode/040-ldap.sh
View File

@ -1 +0,0 @@
../common/040-ldap.sh

36
tools/deployment/multinode/045-mariadb.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make mariadb
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
helm upgrade --install mariadb ./mariadb \
--namespace=osh-infra \
--set monitoring.prometheus.enabled=true \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=mariadb,release_group=mariadb,component=test --namespace=osh-infra --ignore-not-found
#NOTE: Validate the deployment
helm test mariadb --namespace osh-infra

36
tools/deployment/multinode/050-prometheus.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus
FEATURE_GATES="alertmanager,ceph,elasticsearch,kubernetes,nodes,openstack,postgresql"
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS:="$({ ./tools/deployment/common/get-values-overrides.sh prometheus;} 2> /dev/null)"}
#NOTE: Deploy command
helm upgrade --install prometheus ./prometheus \
--namespace=osh-infra \
--set pod.replicas.prometheus=2 \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=prometheus,release_group=prometheus,component=test --namespace=osh-infra --ignore-not-found
#NOTE: Run helm tests
helm test prometheus --namespace osh-infra

25
tools/deployment/multinode/060-alertmanager.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-alertmanager
#NOTE: Deploy command
helm upgrade --install alertmanager ./prometheus-alertmanager \
--namespace=osh-infra
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

1
tools/deployment/multinode/070-kube-state-metrics.sh
View File

@ -1 +0,0 @@
../common/070-kube-state-metrics.sh

1
tools/deployment/multinode/075-node-problem-detector.sh
View File

@ -1 +0,0 @@
../common/node-problem-detector.sh

1
tools/deployment/multinode/080-node-exporter.sh
View File

@ -1 +0,0 @@
../common/080-node-exporter.sh

1
tools/deployment/multinode/085-process-exporter.sh
View File

@ -1 +0,0 @@
../common/090-process-exporter.sh

1
tools/deployment/multinode/090-openstack-exporter.sh
View File

@ -1 +0,0 @@
../common/openstack-exporter.sh

36
tools/deployment/multinode/100-grafana.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make grafana
FEATURE_GATES="calico,ceph,containers,coredns,elasticsearch,kubernetes,nginx,nodes,openstack,prometheus"
: ${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA:="$({ ./tools/deployment/common/get-values-overrides.sh grafana;} 2> /dev/null)"}
#NOTE: Deploy command
helm upgrade --install grafana ./grafana \
--namespace=osh-infra \
--set pod.replicas.grafana=2 \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=grafana,release_group=grafana,component=test --namespace=osh-infra --ignore-not-found
#NOTE: Run helm tests
helm test grafana --namespace osh-infra

43
tools/deployment/multinode/110-nagios.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make nagios
#NOTE: Deploy command
tee /tmp/nagios.yaml << EOF
pod:
replicas:
nagios: 3
conf:
nagios:
query_es_clauses:
test_es_query:
hello: world
EOF
helm upgrade --install nagios ./nagios \
--namespace=osh-infra \
--values=/tmp/nagios.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Verify elasticsearch query clauses are functional by execing into pod
NAGIOS_POD=$(kubectl -n osh-infra get pods -l='application=nagios,component=monitoring' --output=jsonpath='{.items[0].metadata.name}')
kubectl exec $NAGIOS_POD -n osh-infra -c nagios -- cat /opt/nagios/etc/objects/query_es_clauses.json | python -m json.tool
#NOTE: Verify plugin for checking ceph health directly via ceph-mgr working as intended
kubectl exec $NAGIOS_POD -n osh-infra -c nagios -- python /usr/lib/nagios/plugins/check_exporter_health_metric.py --exporter_namespace "ceph" --label_selector "application=ceph,component=manager" --health_metric ceph_health_status --critical 2 --warning 1

70
tools/deployment/multinode/115-radosgw-osh-infra.sh
View File

@ -1,70 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ceph-rgw
#NOTE: Deploy command
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
CEPH_CLUSTER_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
tee /tmp/radosgw-osh-infra.yaml <<EOF
endpoints:
ceph_object_store:
namespace: osh-infra
ceph_mon:
namespace: ceph
network:
public: ${CEPH_PUBLIC_NETWORK}
cluster: ${CEPH_CLUSTER_NETWORK}
deployment:
storage_secrets: false
ceph: true
csi_rbd_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: false
rgw_s3:
enabled: true
network_policy:
ceph:
ingress:
- from:
- podSelector:
matchLabels:
application: elasticsearch
- podSelector:
matchLabels:
application: ceph
ports:
- protocol: TCP
port: 8088
manifests:
network_policy: true
EOF
helm upgrade --install radosgw-osh-infra ./ceph-rgw \
--namespace=osh-infra \
--values=/tmp/radosgw-osh-infra.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph,release_group=radosgw-osh-infra,component=rgw-test --namespace=osh-infra --ignore-not-found
helm test radosgw-osh-infra --namespace osh-infra --timeout 900s

75
tools/deployment/multinode/120-elasticsearch.sh
View File

@ -1,75 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
jobs:
verify_repositories:
cron: "*/3 * * * *"
pod:
replicas:
data: 2
master: 2
conf:
elasticsearch:
env:
java_opts:
client: "-Xms512m -Xmx512m"
data: "-Xms512m -Xmx512m"
master: "-Xms512m -Xmx512m"
snapshots:
enabled: true
curator:
action_file:
actions:
1:
action: delete_indices
description: >-
"Delete indices older than 365 days"
options:
timeout_override:
continue_if_exception: False
ignore_empty_list: True
disable_action: True
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 365
monitoring:
prometheus:
enabled: true
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# Delete the test pod if it still exists
kubectl delete pods -l application=elasticsearch,release_group=elasticsearch,component=test --namespace=osh-infra --ignore-not-found
#NOTE: Run helm tests
helm test elasticsearch --namespace osh-infra

1
tools/deployment/multinode/125-fluentbit.sh
View File

@ -1 +0,0 @@
../common/fluentbit.sh

1
tools/deployment/multinode/130-fluentd.sh
View File

@ -1 +0,0 @@
../common/fluentd.sh

26
tools/deployment/multinode/140-kibana.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make kibana
#NOTE: Deploy command
helm upgrade --install kibana ./kibana \
--namespace=osh-infra \
--set pod.replicas.kibana=2
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

1
tools/deployment/multinode/150-falco.sh
View File

@ -1 +0,0 @@
../common/150-falco.sh

1
tools/deployment/multinode/170-postgresql.sh
View File

@ -1 +0,0 @@
../common/postgresql.sh

1
tools/deployment/multinode/600-grafana-selenium.sh
View File

@ -1 +0,0 @@
../common/grafana-selenium.sh

1
tools/deployment/multinode/610-nagios-selenium.sh
View File

@ -1 +0,0 @@
../common/nagios-selenium.sh

1
tools/deployment/multinode/620-prometheus-selenium.sh
View File

@ -1 +0,0 @@
../common/prometheus-selenium.sh

1
tools/deployment/multinode/630-kibana-selenium.sh
View File

@ -1 +0,0 @@
../common/kibana-selenium.sh

50
tools/deployment/multinode/kube-node-subnet.sh
View File

@ -1,50 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -e
UTILS_IMAGE=docker.io/openstackhelm/gate-utils:v0.1.0
NODE_IPS=$(mktemp)
kubectl get nodes -o json | jq -r '.items[].status.addresses[] | select(.type=="InternalIP").address' | sort -V > $NODE_IPS
function run_and_log_ipcalc {
POD_NAME="tmp-$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-z | head -c 5; echo)"
kubectl run ${POD_NAME} \
--generator=run-pod/v1 \
--wait \
--image ${UTILS_IMAGE} \
--restart=Never \
ipcalc -- "$1"
end=$(($(date +%s) + 900))
until kubectl get pod/${POD_NAME} -o go-template='{{.status.phase}}' | grep -q Succeeded; do
now=$(date +%s)
[ $now -gt $end ] && echo containers failed to start. && \
kubectl get pod/${POD_NAME} -o wide && exit 1
done
kubectl logs pod/${POD_NAME}
kubectl delete pod/${POD_NAME}
}
FIRST_IP_SUBNET=$(run_and_log_ipcalc "$(head -n 1 ${NODE_IPS})/24" | awk '/^Network/ { print $2 }')
LAST_IP_SUBNET=$(run_and_log_ipcalc "$(tail -n 1 ${NODE_IPS})/24" | awk '/^Network/ { print $2 }')
rm -f $NODE_IPS
function ip_diff {
echo $(($(echo $LAST_IP_SUBNET | awk -F '.' "{ print \$$1}") - $(echo $FIRST_IP_SUBNET | awk -F '.' "{ print \$$1}")))
}
for X in {1..4}; do
if ! [ "$(ip_diff ${X})" -eq "0" ]; then
SUBMASK=$((((${X} - 1 )) * 8))
break
elif [ ${X} -eq "4" ]; then
SUBMASK=24
fi
done
echo ${FIRST_IP_SUBNET%/*}/${SUBMASK}

1
tools/deployment/openstack-support-rook/000-install-packages.sh
View File

@ -1 +0,0 @@
../common/000-install-packages.sh

1
tools/deployment/openstack-support-rook/000-prepare-k8s.sh
View File

@ -1 +0,0 @@
../common/prepare-k8s.sh

1
tools/deployment/openstack-support-rook/005-deploy-k8s.sh
View File

@ -1 +0,0 @@
../../gate/deploy-k8s.sh

24
tools/deployment/openstack-support-rook/007-namespace-config.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make namespace-config
#NOTE: Deploy namespace configs
for NAMESPACE in kube-system ceph openstack; do
helm upgrade --install ${NAMESPACE}-namespace-config ./namespace-config \
--namespace=${NAMESPACE}
done

34
tools/deployment/openstack-support-rook/050-libvirt.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: ${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
#NOTE: Lint and package chart
make libvirt
#NOTE: Deploy command
helm upgrade --install libvirt ./libvirt \
--namespace=openstack \
--set network.backend="null" \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT}
#NOTE: Please be aware that a network backend might affect
#The loadability of this, as some need to be asynchronously
#loaded. See also:
#https://github.com/openstack/openstack-helm-infra/blob/b69584bd658ae5cb6744e499975f9c5a505774e5/libvirt/values.yaml#L151-L172
if [[ "${WAIT_FOR_PODS:=True}" == "True" ]]; then
./tools/deployment/common/wait-for-pods.sh openstack
fi

76
tools/deployment/openstack-support-rook/051-libvirt-ssl.sh
View File

@ -1,76 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: ${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
CERT_DIR=$(mktemp -d)
cd ${CERT_DIR}
openssl req -x509 -new -nodes -days 1 -newkey rsa:2048 -keyout cacert.key -out cacert.pem -subj "/CN=libvirt.org"
openssl req -newkey rsa:2048 -days 1 -nodes -keyout client-key.pem -out client-req.pem -subj "/CN=libvirt.org"
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 1 \
-CA cacert.pem -CAkey cacert.key -set_serial 01 \
-out client-cert.pem
openssl req -newkey rsa:2048 -days 1 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=libvirt.org"
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 1 \
-CA cacert.pem -CAkey cacert.key -set_serial 01 \
-out server-cert.pem
cd -
cat <<EOF | kubectl apply -f-
apiVersion: v1
kind: Secret
metadata:
name: libvirt-tls-client
namespace: openstack
type: Opaque
data:
cacert.pem: $(cat ${CERT_DIR}/cacert.pem | base64 -w0)
clientcert.pem: $(cat ${CERT_DIR}/client-cert.pem | base64 -w0)
clientkey.pem: $(cat ${CERT_DIR}/client-key.pem | base64 -w0)
EOF
cat <<EOF | kubectl apply -f-
apiVersion: v1
kind: Secret
metadata:
name: libvirt-tls-server
namespace: openstack
type: Opaque
data:
cacert.pem: $(cat ${CERT_DIR}/cacert.pem | base64 -w0)
servercert.pem: $(cat ${CERT_DIR}/server-cert.pem | base64 -w0)
serverkey.pem: $(cat ${CERT_DIR}/server-key.pem | base64 -w0)
EOF
#NOTE: Lint and package chart
make libvirt
#NOTE: Deploy command
helm upgrade --install libvirt ./libvirt \
--namespace=openstack \
--set network.backend="null" \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT}
#NOTE: Please be aware that a network backend might affect
#The loadability of this, as some need to be asynchronously
#loaded. See also:
#https://github.com/openstack/openstack-helm-infra/blob/b69584bd658ae5cb6744e499975f9c5a505774e5/libvirt/values.yaml#L151-L172
if [[ "${WAIT_FOR_PODS:=True}" == "True" ]]; then
./tools/deployment/common/wait-for-pods.sh openstack
fi

25
tools/deployment/openstack-support-rook/060-openvswitch.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch)"}
#NOTE: Deploy command
helm upgrade --install openvswitch ./openvswitch \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

Some files were not shown because too many files have changed in this diff Show More