[WIP] Refactor deployment scripts
Change-Id: I3bad13cc332fd439b3b56cfa5fc596255bc466f2
This commit is contained in:
parent
67fae419b8
commit
731a1ba149
|
@ -1 +0,0 @@
|
|||
../common/000-install-packages.sh
|
|
@ -1 +0,0 @@
|
|||
../common/001-setup-apparmor-profiles.sh
|
|
@ -1 +0,0 @@
|
|||
../../gate/deploy-k8s.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-logging/020-ceph.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-logging/025-ceph-ns-activate.sh
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make mariadb
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
helm upgrade --install mariadb ./mariadb \
|
||||
--namespace=osh-infra \
|
||||
--set monitoring.prometheus.enabled=true \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=mariadb,release_group=mariadb,component=test --namespace=osh-infra --ignore-not-found
|
||||
#NOTE: Validate the deployment
|
||||
helm test mariadb --namespace osh-infra
|
|
@ -1,79 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
namespace="osh-infra"
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached)"}
|
||||
|
||||
# NOTE: Lint and package chart
|
||||
make memcached
|
||||
|
||||
tee /tmp/memcached.yaml <<EOF
|
||||
images:
|
||||
tags:
|
||||
apparmor_loader: google/apparmor-loader:latest
|
||||
pod:
|
||||
mandatory_access_control:
|
||||
type: apparmor
|
||||
memcached:
|
||||
memcached: runtime/default
|
||||
EOF
|
||||
|
||||
# NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
helm upgrade --install memcached ./memcached \
|
||||
--namespace=$namespace \
|
||||
--set pod.replicas.server=1 \
|
||||
--values=/tmp/memcached.yaml \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_MEMCACHED}
|
||||
|
||||
# NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh $namespace
|
||||
|
||||
# Run a test. Note: the simple "cat /proc/1/attr/current" verification method
|
||||
# will not work, as memcached has multiple processes running, so we have to
|
||||
# find out which one is the memcached application process.
|
||||
pod=$(kubectl -n $namespace get pod | grep memcached | awk '{print $1}')
|
||||
unsorted_process_file="/tmp/unsorted_proc_list"
|
||||
sorted_process_file="/tmp/proc_list"
|
||||
expected_profile="docker-default (enforce)"
|
||||
|
||||
# Grab the processes (numbered directories) from the /proc directory,
|
||||
# and then sort them. Highest proc number indicates most recent process.
|
||||
kubectl -n $namespace exec $pod -- ls -1 /proc | grep -e "^[0-9]*$" > $unsorted_process_file
|
||||
sort --numeric-sort $unsorted_process_file > $sorted_process_file
|
||||
|
||||
# The last/latest process in the list will actually be the "ls" command above,
|
||||
# which isn't running any more, so remove it.
|
||||
sed -i '$ d' $sorted_process_file
|
||||
|
||||
while IFS='' read -r process || [[ -n "$process" ]]; do
|
||||
echo "Process ID: $process"
|
||||
proc_name=`kubectl -n $namespace exec $pod -- cat /proc/$process/status | grep "Name:" | awk -F' ' '{print $2}'`
|
||||
echo "Process Name: $proc_name"
|
||||
profile=`kubectl -n $namespace exec $pod -- cat /proc/$process/attr/current`
|
||||
echo "Profile running: $profile"
|
||||
if test "$profile" != "$expected_profile"
|
||||
then
|
||||
if test "$proc_name" == "pause"
|
||||
then
|
||||
echo "Root process (pause) can run docker-default, it's ok."
|
||||
else
|
||||
echo "$profile is the WRONG PROFILE!!"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
done < $sorted_process_file
|
|
@ -1,175 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make libvirt
|
||||
|
||||
tee /tmp/libvirt.yaml <<EOF
|
||||
images:
|
||||
tags:
|
||||
apparmor_loader: google/apparmor-loader:latest
|
||||
pod:
|
||||
mandatory_access_control:
|
||||
type: apparmor
|
||||
configmap_apparmor: true
|
||||
libvirt-libvirt-default:
|
||||
libvirt-libvirt-default: localhost/my-apparmor-v1
|
||||
apparmor-loader: unconfined
|
||||
conf:
|
||||
apparmor_profiles:
|
||||
my-apparmor-v1.profile: |-
|
||||
#include <tunables/global>
|
||||
@{LIBVIRT}="libvirt"
|
||||
profile my-apparmor-v1 flags=(attach_disconnected) {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/dbus>
|
||||
|
||||
capability kill,
|
||||
capability audit_write,
|
||||
capability audit_control,
|
||||
capability net_admin,
|
||||
capability net_raw,
|
||||
capability setgid,
|
||||
capability sys_admin,
|
||||
capability sys_module,
|
||||
capability sys_ptrace,
|
||||
capability sys_pacct,
|
||||
capability sys_nice,
|
||||
capability sys_chroot,
|
||||
capability setuid,
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
capability fowner,
|
||||
capability chown,
|
||||
capability setpcap,
|
||||
capability mknod,
|
||||
capability fsetid,
|
||||
capability audit_write,
|
||||
capability ipc_lock,
|
||||
|
||||
# Needed for vfio
|
||||
capability sys_resource,
|
||||
|
||||
mount options=(rw,rslave) -> /,
|
||||
mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
|
||||
|
||||
mount options=(rw, move) /dev/ -> /{var/,}run/libvirt/qemu/*.dev/,
|
||||
mount options=(rw, move) /dev/hugepages/ -> /{var/,}run/libvirt/qemu/*.hugepages/,
|
||||
mount options=(rw, move) /dev/mqueue/ -> /{var/,}run/libvirt/qemu/*.mqueue/,
|
||||
mount options=(rw, move) /dev/pts/ -> /{var/,}run/libvirt/qemu/*.pts/,
|
||||
mount options=(rw, move) /dev/shm/ -> /{var/,}run/libvirt/qemu/*.shm/,
|
||||
|
||||
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.dev/ -> /dev/,
|
||||
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.hugepages/ -> /dev/hugepages/,
|
||||
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.mqueue/ -> /dev/mqueue/,
|
||||
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.pts/ -> /dev/pts/,
|
||||
mount options=(rw, move) /{var/,}run/libvirt/qemu/*.shm/ -> /dev/shm/,
|
||||
|
||||
network inet stream,
|
||||
network inet dgram,
|
||||
network inet6 stream,
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
network packet dgram,
|
||||
network packet raw,
|
||||
|
||||
# for --p2p migrations
|
||||
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
|
||||
|
||||
ptrace (trace) peer=unconfined,
|
||||
ptrace (trace) peer=/usr/sbin/libvirtd,
|
||||
ptrace (trace) peer=/usr/sbin/dnsmasq,
|
||||
ptrace (trace) peer=libvirt-*,
|
||||
|
||||
signal (send) peer=/usr/sbin/dnsmasq,
|
||||
signal (read, send) peer=libvirt-*,
|
||||
signal (send) set=("kill", "term") peer=unconfined,
|
||||
|
||||
# For communication/control to qemu-bridge-helper
|
||||
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd//qemu_bridge_helper),
|
||||
signal (send) set=("term") peer=/usr/sbin/libvirtd//qemu_bridge_helper,
|
||||
|
||||
# Very lenient profile for libvirtd since we want to first focus on confining
|
||||
# the guests. Guests will have a very restricted profile.
|
||||
/ r,
|
||||
/** rwmkl,
|
||||
|
||||
/bin/* PUx,
|
||||
/sbin/* PUx,
|
||||
/usr/bin/* PUx,
|
||||
/usr/sbin/virtlogd pix,
|
||||
/usr/sbin/* PUx,
|
||||
/{usr/,}lib/udev/scsi_id PUx,
|
||||
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
|
||||
/usr/{lib,lib64}/xen/bin/* Ux,
|
||||
/usr/lib/xen-*/bin/libxl-save-helper PUx,
|
||||
|
||||
# Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
|
||||
# read and run an ebtables script.
|
||||
/var/lib/libvirt/virtd* ixr,
|
||||
|
||||
# force the use of virt-aa-helper
|
||||
audit deny /{usr/,}sbin/apparmor_parser rwxl,
|
||||
audit deny /etc/apparmor.d/libvirt/** wxl,
|
||||
audit deny /sys/kernel/security/apparmor/features rwxl,
|
||||
audit deny /sys/kernel/security/apparmor/matching rwxl,
|
||||
audit deny /sys/kernel/security/apparmor/.* rwxl,
|
||||
/sys/kernel/security/apparmor/profiles r,
|
||||
/usr/{lib,lib64}/libvirt/* PUxr,
|
||||
/usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
|
||||
/usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
|
||||
/etc/libvirt/hooks/** rmix,
|
||||
/etc/xen/scripts/** rmix,
|
||||
|
||||
# allow changing to our UUID-based named profiles
|
||||
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
|
||||
|
||||
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
|
||||
# child profile for bridge helper process
|
||||
profile qemu_bridge_helper {
|
||||
#include <abstractions/base>
|
||||
|
||||
capability setuid,
|
||||
capability setgid,
|
||||
capability setpcap,
|
||||
capability net_admin,
|
||||
|
||||
network inet stream,
|
||||
|
||||
# For communication/control from libvirtd
|
||||
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
|
||||
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
|
||||
|
||||
/dev/net/tun rw,
|
||||
/etc/qemu/** r,
|
||||
owner @{PROC}/*/status r,
|
||||
|
||||
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
|
||||
|
||||
helm upgrade --install libvirt ./libvirt \
|
||||
--namespace=openstack \
|
||||
--values=/tmp/libvirt.yaml \
|
||||
--set network.backend="null" \
|
||||
${OSH_EXTRA_HELM_ARGS} \
|
||||
${OSH_EXTRA_HELM_ARGS_LIBVIRT}
|
||||
|
||||
#NOTE: Validate Deployment info
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-alertmanager
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_ALERTMANAGER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-alertmanager)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus-alertmanager ./prometheus-alertmanager \
|
||||
--namespace=osh-infra \
|
||||
--set pod.replicas.alertmanager=1 \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_ALERTMANAGER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/050-prometheus.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/080-node-exporter.sh
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-openstack-exporter
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus-openstack-exporter \
|
||||
./prometheus-openstack-exporter \
|
||||
--namespace=openstack \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-blackbox-exporter
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-blackbox-exporter)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus-blackbox-exporter \
|
||||
./prometheus-blackbox-exporter \
|
||||
--namespace=openstack \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/090-process-exporter.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/110-grafana.sh
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make rabbitmq
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
helm upgrade --install rabbitmq ./rabbitmq \
|
||||
--namespace=osh-infra \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_RABBITMQ}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1,79 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elasticsearch
|
||||
|
||||
#NOTE: Deploy command
|
||||
tee /tmp/elasticsearch.yaml << EOF
|
||||
dependencies:
|
||||
static:
|
||||
tests:
|
||||
jobs: null
|
||||
storage:
|
||||
data:
|
||||
enabled: false
|
||||
master:
|
||||
enabled: false
|
||||
pod:
|
||||
mandatory_access_control:
|
||||
type: apparmor
|
||||
elasticsearch-master:
|
||||
elasticsearch-master: runtime/default
|
||||
elasticsearch-data:
|
||||
elasticsearch-data: runtime/default
|
||||
elasticsearch-client:
|
||||
elasticsearch-client: runtime/default
|
||||
replicas:
|
||||
client: 1
|
||||
data: 1
|
||||
master: 2
|
||||
conf:
|
||||
curator:
|
||||
schedule: "0 */6 * * *"
|
||||
action_file:
|
||||
actions:
|
||||
1:
|
||||
action: delete_indices
|
||||
description: >-
|
||||
"Delete indices older than 365 days"
|
||||
options:
|
||||
timeout_override:
|
||||
continue_if_exception: False
|
||||
ignore_empty_list: True
|
||||
disable_action: True
|
||||
filters:
|
||||
- filtertype: pattern
|
||||
kind: prefix
|
||||
value: logstash-
|
||||
- filtertype: age
|
||||
source: name
|
||||
direction: older
|
||||
timestring: '%Y.%m.%d'
|
||||
unit: days
|
||||
unit_count: 365
|
||||
|
||||
EOF
|
||||
helm upgrade --install elasticsearch ./elasticsearch \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/elasticsearch.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=elasticsearch,release_group=elasticsearch,component=test --namespace=osh-infra --ignore-not-found
|
||||
helm test elasticsearch --namespace osh-infra
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/120-nagios.sh
|
|
@ -1,37 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make fluentbit
|
||||
|
||||
tee /tmp/fluentbit.yaml <<EOF
|
||||
pod:
|
||||
mandatory_access_control:
|
||||
type: apparmor
|
||||
fluentbit:
|
||||
fluentbit: runtime/default
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install fluentbit ./fluentbit \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/fluentbit.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=fluentbit,release_group=fluentbit,component=test --namespace=osh-infra --ignore-not-found
|
||||
helm test fluentbit --namespace osh-infra
|
|
@ -1,172 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make fluentd
|
||||
|
||||
tee /tmp/fluentd-daemonset.yaml <<EOF
|
||||
deployment:
|
||||
type: DaemonSet
|
||||
pod:
|
||||
security_context:
|
||||
fluentd:
|
||||
pod:
|
||||
runAsUser: 0
|
||||
mandatory_access_control:
|
||||
type: apparmor
|
||||
fluentd:
|
||||
fluentd: runtime/default
|
||||
conf:
|
||||
fluentd:
|
||||
template: |
|
||||
<source>
|
||||
bind 0.0.0.0
|
||||
port 24220
|
||||
@type monitor_agent
|
||||
</source>
|
||||
|
||||
<source>
|
||||
<parse>
|
||||
time_format %Y-%m-%dT%H:%M:%S.%NZ
|
||||
@type json
|
||||
</parse>
|
||||
path /var/log/containers/*.log
|
||||
read_from_head true
|
||||
tag kubernetes.*
|
||||
@type tail
|
||||
</source>
|
||||
|
||||
<filter kubernetes.**>
|
||||
@type kubernetes_metadata
|
||||
</filter>
|
||||
|
||||
<source>
|
||||
bind 0.0.0.0
|
||||
port "#{ENV['FLUENTD_PORT']}"
|
||||
@type forward
|
||||
</source>
|
||||
|
||||
<match fluent.**>
|
||||
@type null
|
||||
</match>
|
||||
|
||||
<match libvirt>
|
||||
<buffer>
|
||||
chunk_limit_size 500K
|
||||
flush_interval 5s
|
||||
flush_thread_count 8
|
||||
queue_limit_length 16
|
||||
retry_forever false
|
||||
retry_max_interval 30
|
||||
</buffer>
|
||||
host "#{ENV['ELASTICSEARCH_HOST']}"
|
||||
include_tag_key true
|
||||
logstash_format true
|
||||
logstash_prefix libvirt
|
||||
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
|
||||
port "#{ENV['ELASTICSEARCH_PORT']}"
|
||||
@type elasticsearch
|
||||
user "#{ENV['ELASTICSEARCH_USERNAME']}"
|
||||
</match>
|
||||
|
||||
<match qemu>
|
||||
<buffer>
|
||||
chunk_limit_size 500K
|
||||
flush_interval 5s
|
||||
flush_thread_count 8
|
||||
queue_limit_length 16
|
||||
retry_forever false
|
||||
retry_max_interval 30
|
||||
</buffer>
|
||||
host "#{ENV['ELASTICSEARCH_HOST']}"
|
||||
include_tag_key true
|
||||
logstash_format true
|
||||
logstash_prefix qemu
|
||||
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
|
||||
port "#{ENV['ELASTICSEARCH_PORT']}"
|
||||
@type elasticsearch
|
||||
user "#{ENV['ELASTICSEARCH_USERNAME']}"
|
||||
</match>
|
||||
|
||||
<match journal.**>
|
||||
<buffer>
|
||||
chunk_limit_size 500K
|
||||
flush_interval 5s
|
||||
flush_thread_count 8
|
||||
queue_limit_length 16
|
||||
retry_forever false
|
||||
retry_max_interval 30
|
||||
</buffer>
|
||||
host "#{ENV['ELASTICSEARCH_HOST']}"
|
||||
include_tag_key true
|
||||
logstash_format true
|
||||
logstash_prefix journal
|
||||
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
|
||||
port "#{ENV['ELASTICSEARCH_PORT']}"
|
||||
@type elasticsearch
|
||||
user "#{ENV['ELASTICSEARCH_USERNAME']}"
|
||||
</match>
|
||||
|
||||
<match kernel>
|
||||
<buffer>
|
||||
chunk_limit_size 500K
|
||||
flush_interval 5s
|
||||
flush_thread_count 8
|
||||
queue_limit_length 16
|
||||
retry_forever false
|
||||
retry_max_interval 30
|
||||
</buffer>
|
||||
host "#{ENV['ELASTICSEARCH_HOST']}"
|
||||
include_tag_key true
|
||||
logstash_format true
|
||||
logstash_prefix kernel
|
||||
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
|
||||
port "#{ENV['ELASTICSEARCH_PORT']}"
|
||||
@type elasticsearch
|
||||
user "#{ENV['ELASTICSEARCH_USERNAME']}"
|
||||
</match>
|
||||
|
||||
<match **>
|
||||
<buffer>
|
||||
chunk_limit_size 500K
|
||||
flush_interval 5s
|
||||
flush_thread_count 8
|
||||
queue_limit_length 16
|
||||
retry_forever false
|
||||
retry_max_interval 30
|
||||
</buffer>
|
||||
flush_interval 15s
|
||||
host "#{ENV['ELASTICSEARCH_HOST']}"
|
||||
include_tag_key true
|
||||
logstash_format true
|
||||
password "#{ENV['ELASTICSEARCH_PASSWORD']}"
|
||||
port "#{ENV['ELASTICSEARCH_PORT']}"
|
||||
@type elasticsearch
|
||||
type_name fluent
|
||||
user "#{ENV['ELASTICSEARCH_USERNAME']}"
|
||||
</match>
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install fluentd-daemonset ./fluentd \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/fluentd-daemonset.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=fluentd,release_group=fluentd-daemonset,component=test --namespace=osh-infra --ignore-not-found
|
||||
helm test fluentd-daemonset --namespace osh-infra
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/075-node-problem-detector.sh
|
|
@ -1 +0,0 @@
|
|||
../openstack-support/060-openvswitch.sh
|
|
@ -1,65 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_RGW:="$(./tools/deployment/common/get-values-overrides.sh ceph-rgw)"}
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
|
||||
make -C ${OSH_INFRA_PATH} ceph-rgw
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
tee /tmp/radosgw-openstack.yaml <<EOF
|
||||
endpoints:
|
||||
identity:
|
||||
namespace: openstack
|
||||
object_store:
|
||||
namespace: openstack
|
||||
ceph_mon:
|
||||
namespace: ceph
|
||||
network:
|
||||
public: 172.17.0.1/16
|
||||
cluster: 172.17.0.1/16
|
||||
deployment:
|
||||
ceph: true
|
||||
rgw_keystone_user_and_endpoints: true
|
||||
bootstrap:
|
||||
enabled: false
|
||||
conf:
|
||||
rgw_ks:
|
||||
enabled: true
|
||||
pod:
|
||||
replicas:
|
||||
rgw: 1
|
||||
EOF
|
||||
helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
|
||||
--namespace=openstack \
|
||||
--values=/tmp/radosgw-openstack.yaml \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_RGW}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
|
||||
#NOTE: Validate Deployment info
|
||||
export OS_CLOUD=openstack_helm
|
||||
sleep 60 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
|
||||
|
||||
openstack service list
|
||||
openstack endpoint list
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=ceph,release_group=radosgw-openstack,component=rgw-test --namespace=openstack --ignore-not-found
|
||||
helm test radosgw-openstack --namespace openstack --timeout 900s
|
|
@ -1 +0,0 @@
|
|||
../common/postgresql.sh
|
|
@ -14,9 +14,6 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make ceph-provisioners
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_EXTRA_HELM_ARGS:=""}
|
||||
tee /tmp/ceph-openstack-config.yaml <<EOF
|
||||
|
@ -39,7 +36,7 @@ conf:
|
|||
enabled: false
|
||||
EOF
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(helm osh get-values-overrides -c ceph-provisioners ${FEATURES})"}
|
||||
|
||||
helm upgrade --install ceph-openstack-config ./ceph-provisioners \
|
||||
--namespace=openstack \
|
||||
|
@ -48,7 +45,7 @@ helm upgrade --install ceph-openstack-config ./ceph-provisioners \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
helm test ceph-openstack-config --namespace openstack --timeout 600s
|
||||
|
|
@ -14,10 +14,7 @@
|
|||
|
||||
set -xe
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_LDAP:="$(./tools/deployment/common/get-values-overrides.sh ldap)"}
|
||||
|
||||
#NOTE: Pull images and lint chart
|
||||
make ldap
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_LDAP:="$(helm osh get-values-overrides -c ldap ${FEATURES})"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install ldap ./ldap \
|
||||
|
@ -26,4 +23,4 @@ helm upgrade --install ldap ./ldap \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_LDAP}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
helm osh wait-for-pods osh-infra
|
||||
|
|
|
@ -14,15 +14,12 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-kube-state-metrics
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS:="$(./tools/deployment/common/get-values-overrides.sh prometheus-kube-state-metrics)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS:="$(helm osh get-values-overrides -c prometheus-kube-state-metrics ${FEATURES})"}
|
||||
|
||||
helm upgrade --install prometheus-kube-state-metrics \
|
||||
./prometheus-kube-state-metrics --namespace=kube-system \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_STATE_METRICS}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
||||
helm osh wait-for-pods kube-system
|
||||
|
|
|
@ -14,15 +14,12 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-node-exporter
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-node-exporter)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER:="$(helm osh get-values-overrides -c prometheus-node-exporter ${FEATURES})"}
|
||||
|
||||
helm upgrade --install prometheus-node-exporter \
|
||||
./prometheus-node-exporter --namespace=kube-system \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_NODE_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
||||
helm osh wait-for-pods kube-system
|
||||
|
|
|
@ -14,15 +14,12 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-process-exporter
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-process-exporter)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER:="$(helm osh get-values-overrides -c prometheus-process-exporter ${FEATURES})"}
|
||||
|
||||
helm upgrade --install prometheus-process-exporter \
|
||||
./prometheus-process-exporter --namespace=kube-system \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROCESS_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
||||
helm osh wait-for-pods kube-system
|
||||
|
|
|
@ -14,12 +14,9 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-blackbox-exporter
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus-blackbox-exporter \
|
||||
./prometheus-blackbox-exporter --namespace=osh-infra
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
helm osh wait-for-pods osh-infra
|
||||
|
|
|
@ -14,10 +14,7 @@
|
|||
set -xe
|
||||
|
||||
namespace="metacontroller"
|
||||
: ${HELM_ARGS_DAEMONJOB_CONTROLLER:="$(./tools/deployment/common/get-values-overrides.sh daemonjob-controller)"}
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make daemonjob-controller
|
||||
: ${HELM_ARGS_DAEMONJOB_CONTROLLER:="$(helm osh get-values-overrides -c daemonjob-controller ${FEATURES})"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install daemonjob-controller ./daemonjob-controller \
|
||||
|
@ -26,7 +23,7 @@ helm upgrade --install daemonjob-controller ./daemonjob-controller \
|
|||
${HELM_ARGS_DAEMONJOB_CONTROLLER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh daemonjob-controller
|
||||
helm osh wait-for-pods daemonjob-controller
|
||||
|
||||
#NOTE: CompositeController succesfully deployed
|
||||
composite_controller_cr=$(kubectl get compositecontrollers | awk '{print $1}')
|
||||
|
|
|
@ -14,11 +14,6 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package charts for deploying a local docker registry
|
||||
make nfs-provisioner
|
||||
make redis
|
||||
make registry
|
||||
|
||||
for NAMESPACE in docker-nfs docker-registry; do
|
||||
tee /tmp/${NAMESPACE}-ns.yaml << EOF
|
||||
apiVersion: v1
|
||||
|
@ -64,7 +59,7 @@ helm upgrade --install docker-registry ./registry \
|
|||
--values=/tmp/docker-registry.yaml
|
||||
|
||||
#NOTE: Wait for deployments
|
||||
./tools/deployment/common/wait-for-pods.sh docker-registry
|
||||
helm osh wait-for-pods docker-registry
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=redis,release_group=docker-registry-redis,component=test --namespace=docker-registry --ignore-not-found
|
|
@ -14,9 +14,7 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make fluentd
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD:="$(./tools/deployment/common/get-values-overrides.sh fluentd)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD:="$(helm osh get-values-overrides -c fluentd ${FEATURES})"}
|
||||
|
||||
tee /tmp/fluentd.yaml << EOF
|
||||
pod:
|
||||
|
@ -185,4 +183,4 @@ helm upgrade --install fluentd ./fluentd \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTD}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
helm osh wait-for-pods osh-infra
|
||||
|
|
|
@ -14,10 +14,7 @@
|
|||
set -xe
|
||||
|
||||
namespace="metacontroller"
|
||||
: ${HELM_ARGS_METACONTROLLER:="$(./tools/deployment/common/get-values-overrides.sh metacontroller)"}
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make metacontroller
|
||||
: ${HELM_ARGS_METACONTROLLER:="$(helm osh get-values-overrides -c metacontroller ${FEATURES})"}
|
||||
|
||||
#NOTE: Check no crd exists of APIGroup metacontroller.k8s.io
|
||||
crds=$(kubectl get crd | awk '/metacontroller.k8s.io/{print $1}')
|
||||
|
@ -45,7 +42,7 @@ helm upgrade --install metacontroller ./metacontroller \
|
|||
${HELM_ARGS_METACONTROLLER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh metacontroller
|
||||
helm osh wait-for-pods metacontroller
|
||||
|
||||
#NOTE: Check crds of APIGroup metacontroller.k8s.io successfully created
|
||||
crds=$(kubectl get crd | awk '/metacontroller.k8s.io/{print $1}')
|
||||
|
|
|
@ -14,9 +14,6 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make namespace-config
|
||||
|
||||
#NOTE: Deploy namespace configs
|
||||
for NAMESPACE in kube-system ceph openstack; do
|
||||
helm upgrade --install ${NAMESPACE}-namespace-config ./namespace-config \
|
|
@ -13,9 +13,6 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make kubernetes-node-problem-detector
|
||||
|
||||
#NOTE: Deploy command
|
||||
tee /tmp/kubernetes-node-problem-detector.yaml << EOF
|
||||
monitoring:
|
||||
|
@ -32,4 +29,4 @@ helm upgrade --install kubernetes-node-problem-detector \
|
|||
--values=/tmp/kubernetes-node-problem-detector.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
||||
helm osh wait-for-pods kube-system
|
||||
|
|
|
@ -14,11 +14,8 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-openstack-exporter
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(helm osh get-values-overrides -c prometheus-openstack-exporter ${FEATURES})"}
|
||||
|
||||
tee /tmp/prometheus-openstack-exporter.yaml << EOF
|
||||
manifests:
|
||||
|
@ -37,4 +34,4 @@ helm upgrade --install prometheus-openstack-exporter \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
|
|
@ -14,12 +14,9 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make postgresql
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL:="$(./tools/deployment/common/get-values-overrides.sh postgresql)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL:="$(helm osh get-values-overrides -c postgresql ${FEATURES})"}
|
||||
|
||||
helm upgrade --install postgresql ./postgresql \
|
||||
--namespace=osh-infra \
|
||||
|
@ -31,4 +28,4 @@ helm upgrade --install postgresql ./postgresql \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_POSTGRESQL}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
helm osh wait-for-pods osh-infra
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -ex
|
||||
|
||||
# Build all OSH charts
|
||||
make all
|
|
@ -44,5 +44,3 @@ EOF
|
|||
|
||||
kubectl apply -f /tmp/${NAMESPACE}-ns.yaml
|
||||
done
|
||||
|
||||
make all
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../../gate/deploy-k8s.sh
|
|
@ -1 +0,0 @@
|
|||
../multinode/030-ceph.sh
|
|
@ -1 +0,0 @@
|
|||
../multinode/035-ceph-ns-activate.sh
|
|
@ -1 +0,0 @@
|
|||
../common/040-ldap.sh
|
|
@ -1,62 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elasticsearch
|
||||
|
||||
#NOTE: Deploy command
|
||||
tee /tmp/elasticsearch.yaml << EOF
|
||||
manifests:
|
||||
cron_curator: false
|
||||
configmap_bin_curator: false
|
||||
configmap_etc_curator: false
|
||||
images:
|
||||
tags:
|
||||
elasticsearch: docker.io/openstackhelm/elasticsearch-s3:7_1_0-20191115
|
||||
storage:
|
||||
data:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
master:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
jobs:
|
||||
verify_repositories:
|
||||
cron: "*/10 * * * *"
|
||||
monitoring:
|
||||
prometheus:
|
||||
enabled: false
|
||||
pod:
|
||||
replicas:
|
||||
client: 1
|
||||
data: 1
|
||||
master: 2
|
||||
conf:
|
||||
elasticsearch:
|
||||
config:
|
||||
xpack:
|
||||
security:
|
||||
enabled: false
|
||||
ilm:
|
||||
enabled: false
|
||||
|
||||
EOF
|
||||
helm upgrade --install elasticsearch ./elasticsearch \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/elasticsearch.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make kibana
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA:="$(./tools/deployment/common/get-values-overrides.sh kibana)"}
|
||||
|
||||
tee /tmp/kibana.yaml << EOF
|
||||
images:
|
||||
tags:
|
||||
kibana: docker.elastic.co/kibana/kibana:7.1.0
|
||||
conf:
|
||||
kibana:
|
||||
xpack:
|
||||
security:
|
||||
enabled: false
|
||||
spaces:
|
||||
enabled: false
|
||||
apm:
|
||||
enabled: false
|
||||
graph:
|
||||
enabled: false
|
||||
ml:
|
||||
enabled: false
|
||||
monitoring:
|
||||
enabled: false
|
||||
reporting:
|
||||
enabled: false
|
||||
canvas:
|
||||
enabled: false
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install kibana ./kibana \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/kibana.yaml
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_KIBANA}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1 +0,0 @@
|
|||
../common/070-kube-state-metrics.sh
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elastic-metricbeat
|
||||
|
||||
tee /tmp/metricbeat.yaml << EOF
|
||||
images:
|
||||
tags:
|
||||
metricbeat: docker.elastic.co/beats/metricbeat:7.1.0
|
||||
conf:
|
||||
metricbeat:
|
||||
setup:
|
||||
ilm:
|
||||
enabled: false
|
||||
endpoints:
|
||||
elasticsearch:
|
||||
namespace: osh-infra
|
||||
kibana:
|
||||
namespace: osh-infra
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install elastic-metricbeat ./elastic-metricbeat \
|
||||
--namespace=kube-system \
|
||||
--values=/tmp/metricbeat.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elastic-filebeat
|
||||
|
||||
tee /tmp/filebeat.yaml << EOF
|
||||
images:
|
||||
tags:
|
||||
filebeat: docker.elastic.co/beats/filebeat:7.1.0
|
||||
conf:
|
||||
filebeat:
|
||||
setup:
|
||||
ilm:
|
||||
enabled: false
|
||||
endpoints:
|
||||
elasticsearch:
|
||||
namespace: osh-infra
|
||||
kibana:
|
||||
namespace: osh-infra
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install elastic-filebeat ./elastic-filebeat \
|
||||
--namespace=kube-system \
|
||||
--values=/tmp/filebeat.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elastic-packetbeat
|
||||
|
||||
tee /tmp/packetbeat.yaml << EOF
|
||||
images:
|
||||
tags:
|
||||
filebeat: docker.elastic.co/beats/packetbeat:7.1.0
|
||||
conf:
|
||||
packetbeat:
|
||||
setup:
|
||||
ilm:
|
||||
enabled: false
|
||||
endpoints:
|
||||
elasticsearch:
|
||||
namespace: osh-infra
|
||||
kibana:
|
||||
namespace: osh-infra
|
||||
EOF
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install elastic-packetbeat ./elastic-packetbeat \
|
||||
--namespace=kube-system \
|
||||
--values=/tmp/packetbeat.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh kube-system
|
|
@ -1 +0,0 @@
|
|||
../common/000-install-packages.sh
|
|
@ -1 +0,0 @@
|
|||
../../gate/deploy-k8s.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/030-nfs-provisioner.sh
|
|
@ -1 +0,0 @@
|
|||
../openstack-support/030-rabbitmq.sh
|
|
@ -1 +0,0 @@
|
|||
../openstack-support/040-memcached.sh
|
|
@ -1 +0,0 @@
|
|||
../common/prepare-k8s.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/010-deploy-docker-registry.sh
|
|
@ -1 +0,0 @@
|
|||
../common/setup-client.sh
|
|
@ -1 +0,0 @@
|
|||
../osh-infra-monitoring/030-nfs-provisioner.sh
|
|
@ -1 +0,0 @@
|
|||
../keystone-auth/040-rabbitmq.sh
|
|
@ -22,13 +22,9 @@ helm repo add mariadb-operator https://mariadb-operator.github.io/mariadb-operat
|
|||
helm install mariadb-operator mariadb-operator/mariadb-operator --version ${MARIADB_OPERATOR_RELEASE} -n mariadb-operator
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh mariadb-operator
|
||||
helm osh wait-for-pods mariadb-operator
|
||||
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make mariadb-cluster
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER:="$(./tools/deployment/common/get-values-overrides.sh mariadb-cluster)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER:="$(helm osh get-values-overrides -c mariadb-cluster ${FEATURES})"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
# Deploying downscaled cluster
|
||||
|
@ -43,7 +39,7 @@ helm upgrade --install mariadb-cluster ./mariadb-cluster \
|
|||
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
kubectl get pods --namespace=openstack -o wide
|
||||
|
||||
|
@ -61,7 +57,7 @@ helm upgrade --install mariadb-cluster ./mariadb-cluster \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_CLUSTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
kubectl get pods --namespace=openstack -o wide
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../keystone-auth/050-memcached.sh
|
|
@ -17,10 +17,8 @@ set -xe
|
|||
: ${OSH_PATH:="../openstack-helm"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
: ${OSH_EXTRA_HELM_ARGS:=""}
|
||||
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(HELM_CHART_ROOT_PATH=${OSH_PATH} ./tools/deployment/common/get-values-overrides.sh keystone)"}
|
||||
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(helm osh get-values-overrides -p ${OSH_PATH} -c keystone ${FEATURES})"}
|
||||
|
||||
# Install LDAP
|
||||
make ldap
|
||||
helm upgrade --install ldap ./ldap \
|
||||
--namespace=openstack \
|
||||
--set pod.replicas.server=1 \
|
||||
|
@ -40,7 +38,7 @@ helm upgrade --install keystone ${OSH_PATH}/keystone \
|
|||
${OSH_EXTRA_HELM_ARGS} \
|
||||
${OSH_EXTRA_HELM_ARGS_KEYSTONE}
|
||||
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
# Testing basic functionality
|
||||
export OS_CLOUD=openstack_helm
|
||||
|
|
|
@ -14,10 +14,7 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make mariadb-backup
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP:="$(./tools/deployment/common/get-values-overrides.sh mariadb-backup)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP:="$(helm osh get-values-overrides -c mariadb-backup ${FEATURES})"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
# Deploying downscaled cluster
|
||||
|
@ -30,11 +27,11 @@ helm upgrade --install mariadb-backup ./mariadb-backup \
|
|||
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_BACKUP}
|
||||
|
||||
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
|
||||
kubectl create job --from=cronjob/mariadb-backup mariadb-backup-manual-001 -n openstack
|
||||
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
kubectl logs jobs/mariadb-backup-manual-001 -n openstack
|
||||
|
|
|
@ -14,10 +14,7 @@
|
|||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-mysql-exporter
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_MYSQL_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-mysql-exporter)"}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB_MYSQL_EXPORTER:="$(helm osh get-values-overrides -c prometheus-mysql-exporter ${FEATURES})"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
# Deploying downscaled cluster
|
||||
|
@ -31,6 +28,6 @@ helm upgrade --install prometheus-mysql-exporter ./prometheus-mysql-exporter \
|
|||
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
helm osh wait-for-pods openstack
|
||||
|
||||
kubectl get pods --namespace=openstack -o wide
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../common/010-deploy-docker-registry.sh
|
|
@ -1,136 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
# setup loopback devices for ceph
|
||||
free_loop_devices=( $(ls -1 /dev/loop[0-7] | while read loopdev; do losetup | grep -q $loopdev || echo $loopdev; done) )
|
||||
./tools/deployment/common/setup-ceph-loopback-device.sh \
|
||||
--ceph-osd-data ${CEPH_OSD_DATA_DEVICE:=${free_loop_devices[0]}} \
|
||||
--ceph-osd-dbwal ${CEPH_OSD_DB_WAL_DEVICE:=${free_loop_devices[1]}}
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make ceph-mon
|
||||
make ceph-osd
|
||||
make ceph-client
|
||||
make ceph-provisioners
|
||||
|
||||
#NOTE: Deploy command
|
||||
[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
|
||||
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
|
||||
CEPH_CLUSTER_NETWORK="${CEPH_PUBLIC_NETWORK}"
|
||||
CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
|
||||
|
||||
#NOTE(portdirect): to use RBD devices with kernels < 4.5 this should be set to 'hammer'
|
||||
. /etc/os-release
|
||||
if [ "x${ID}" == "xcentos" ] || \
|
||||
([ "x${ID}" == "xubuntu" ] && \
|
||||
dpkg --compare-versions "$(uname -r)" "lt" "4.5"); then
|
||||
CRUSH_TUNABLES=hammer
|
||||
else
|
||||
CRUSH_TUNABLES=null
|
||||
fi
|
||||
|
||||
NUMBER_OF_OSDS="$(kubectl get nodes -l ceph-osd=enabled --no-headers | wc -l)"
|
||||
tee /tmp/ceph.yaml << EOF
|
||||
endpoints:
|
||||
identity:
|
||||
namespace: openstack
|
||||
object_store:
|
||||
namespace: ceph
|
||||
ceph_mon:
|
||||
namespace: ceph
|
||||
network:
|
||||
public: ${CEPH_PUBLIC_NETWORK}
|
||||
cluster: ${CEPH_CLUSTER_NETWORK}
|
||||
deployment:
|
||||
storage_secrets: true
|
||||
ceph: true
|
||||
csi_rbd_provisioner: true
|
||||
client_secrets: false
|
||||
rgw_keystone_user_and_endpoints: false
|
||||
bootstrap:
|
||||
enabled: true
|
||||
conf:
|
||||
ceph:
|
||||
global:
|
||||
fsid: ${CEPH_FS_ID}
|
||||
mon_allow_pool_size_one: true
|
||||
rgw_ks:
|
||||
enabled: true
|
||||
pool:
|
||||
crush:
|
||||
tunables: ${CRUSH_TUNABLES}
|
||||
target:
|
||||
osd: ${NUMBER_OF_OSDS}
|
||||
pg_per_osd: 100
|
||||
storage:
|
||||
osd:
|
||||
- data:
|
||||
type: bluestore
|
||||
location: ${CEPH_OSD_DATA_DEVICE}
|
||||
block_db:
|
||||
location: ${CEPH_OSD_DB_WAL_DEVICE}
|
||||
size: "5GB"
|
||||
block_wal:
|
||||
location: ${CEPH_OSD_DB_WAL_DEVICE}
|
||||
size: "2GB"
|
||||
|
||||
jobs:
|
||||
ceph_defragosds:
|
||||
# Execute every 15 minutes for gates
|
||||
cron: "*/15 * * * *"
|
||||
history:
|
||||
# Number of successful job to keep
|
||||
successJob: 1
|
||||
# Number of failed job to keep
|
||||
failJob: 1
|
||||
concurrency:
|
||||
# Skip new job if previous job still active
|
||||
execPolicy: Forbid
|
||||
startingDeadlineSecs: 60
|
||||
storageclass:
|
||||
cephfs:
|
||||
provision_storage_class: false
|
||||
manifests:
|
||||
cronjob_defragosds: true
|
||||
job_cephfs_client_key: false
|
||||
EOF
|
||||
|
||||
for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
|
||||
helm upgrade --install ${CHART} ./${CHART} \
|
||||
--namespace=ceph \
|
||||
--values=/tmp/ceph.yaml \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_DEPLOY:-$(./tools/deployment/common/get-values-overrides.sh ${CHART})}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh ceph 1200
|
||||
|
||||
#NOTE: Validate deploy
|
||||
MON_POD=$(kubectl get pods \
|
||||
--namespace=ceph \
|
||||
--selector="application=ceph" \
|
||||
--selector="component=mon" \
|
||||
--no-headers | awk '{ print $1; exit }')
|
||||
kubectl exec -n ceph ${MON_POD} -- ceph -s
|
||||
done
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=ceph-osd,release_group=ceph-osd,component=test --namespace=ceph --ignore-not-found
|
||||
helm test ceph-osd --namespace ceph --timeout 900s
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=ceph-client,release_group=ceph-client,component=test --namespace=ceph --ignore-not-found
|
||||
helm test ceph-client --namespace ceph --timeout 900s
|
|
@ -1,56 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Deploy command
|
||||
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
|
||||
CEPH_CLUSTER_NETWORK="${CEPH_PUBLIC_NETWORK}"
|
||||
tee /tmp/ceph-osh-infra-config.yaml <<EOF
|
||||
endpoints:
|
||||
ceph_mon:
|
||||
namespace: ceph
|
||||
network:
|
||||
public: ${CEPH_PUBLIC_NETWORK}
|
||||
cluster: ${CEPH_CLUSTER_NETWORK}
|
||||
deployment:
|
||||
storage_secrets: false
|
||||
ceph: false
|
||||
csi_rbd_provisioner: false
|
||||
client_secrets: true
|
||||
rgw_keystone_user_and_endpoints: false
|
||||
storageclass:
|
||||
cephfs:
|
||||
provision_storage_class: false
|
||||
bootstrap:
|
||||
enabled: false
|
||||
conf:
|
||||
rgw_ks:
|
||||
enabled: false
|
||||
EOF
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE:="$(./tools/deployment/common/get-values-overrides.sh ceph-provisioners)"}
|
||||
|
||||
helm upgrade --install ceph-osh-infra-config ./ceph-provisioners \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/ceph-osh-infra-config.yaml \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_CEPH_NS_ACTIVATE}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=ceph,release_group=ceph-osh-infra-config,component=provisioner-test --namespace=osh-infra --ignore-not-found
|
||||
helm test ceph-osh-infra-config --namespace osh-infra --timeout 600s
|
|
@ -1 +0,0 @@
|
|||
../common/040-ldap.sh
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make mariadb
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb)"}
|
||||
|
||||
helm upgrade --install mariadb ./mariadb \
|
||||
--namespace=osh-infra \
|
||||
--set monitoring.prometheus.enabled=true \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=mariadb,release_group=mariadb,component=test --namespace=osh-infra --ignore-not-found
|
||||
#NOTE: Validate the deployment
|
||||
helm test mariadb --namespace osh-infra
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus
|
||||
|
||||
FEATURE_GATES="alertmanager,ceph,elasticsearch,kubernetes,nodes,openstack,postgresql"
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS:="$({ ./tools/deployment/common/get-values-overrides.sh prometheus;} 2> /dev/null)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus ./prometheus \
|
||||
--namespace=osh-infra \
|
||||
--set pod.replicas.prometheus=2 \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=prometheus,release_group=prometheus,component=test --namespace=osh-infra --ignore-not-found
|
||||
#NOTE: Run helm tests
|
||||
helm test prometheus --namespace osh-infra
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-alertmanager
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install alertmanager ./prometheus-alertmanager \
|
||||
--namespace=osh-infra
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1 +0,0 @@
|
|||
../common/070-kube-state-metrics.sh
|
|
@ -1 +0,0 @@
|
|||
../common/node-problem-detector.sh
|
|
@ -1 +0,0 @@
|
|||
../common/080-node-exporter.sh
|
|
@ -1 +0,0 @@
|
|||
../common/090-process-exporter.sh
|
|
@ -1 +0,0 @@
|
|||
../common/openstack-exporter.sh
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make grafana
|
||||
|
||||
FEATURE_GATES="calico,ceph,containers,coredns,elasticsearch,kubernetes,nginx,nodes,openstack,prometheus"
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA:="$({ ./tools/deployment/common/get-values-overrides.sh grafana;} 2> /dev/null)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install grafana ./grafana \
|
||||
--namespace=osh-infra \
|
||||
--set pod.replicas.grafana=2 \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_GRAFANA}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=grafana,release_group=grafana,component=test --namespace=osh-infra --ignore-not-found
|
||||
#NOTE: Run helm tests
|
||||
helm test grafana --namespace osh-infra
|
|
@ -1,43 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make nagios
|
||||
|
||||
#NOTE: Deploy command
|
||||
tee /tmp/nagios.yaml << EOF
|
||||
pod:
|
||||
replicas:
|
||||
nagios: 3
|
||||
conf:
|
||||
nagios:
|
||||
query_es_clauses:
|
||||
test_es_query:
|
||||
hello: world
|
||||
EOF
|
||||
helm upgrade --install nagios ./nagios \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/nagios.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
#NOTE: Verify elasticsearch query clauses are functional by execing into pod
|
||||
NAGIOS_POD=$(kubectl -n osh-infra get pods -l='application=nagios,component=monitoring' --output=jsonpath='{.items[0].metadata.name}')
|
||||
kubectl exec $NAGIOS_POD -n osh-infra -c nagios -- cat /opt/nagios/etc/objects/query_es_clauses.json | python -m json.tool
|
||||
|
||||
#NOTE: Verify plugin for checking ceph health directly via ceph-mgr working as intended
|
||||
kubectl exec $NAGIOS_POD -n osh-infra -c nagios -- python /usr/lib/nagios/plugins/check_exporter_health_metric.py --exporter_namespace "ceph" --label_selector "application=ceph,component=manager" --health_metric ceph_health_status --critical 2 --warning 1
|
|
@ -1,70 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make ceph-rgw
|
||||
|
||||
#NOTE: Deploy command
|
||||
CEPH_PUBLIC_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
|
||||
CEPH_CLUSTER_NETWORK="$(./tools/deployment/multinode/kube-node-subnet.sh)"
|
||||
tee /tmp/radosgw-osh-infra.yaml <<EOF
|
||||
endpoints:
|
||||
ceph_object_store:
|
||||
namespace: osh-infra
|
||||
ceph_mon:
|
||||
namespace: ceph
|
||||
network:
|
||||
public: ${CEPH_PUBLIC_NETWORK}
|
||||
cluster: ${CEPH_CLUSTER_NETWORK}
|
||||
deployment:
|
||||
storage_secrets: false
|
||||
ceph: true
|
||||
csi_rbd_provisioner: false
|
||||
client_secrets: false
|
||||
rgw_keystone_user_and_endpoints: false
|
||||
bootstrap:
|
||||
enabled: false
|
||||
conf:
|
||||
rgw_ks:
|
||||
enabled: false
|
||||
rgw_s3:
|
||||
enabled: true
|
||||
network_policy:
|
||||
ceph:
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
application: elasticsearch
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
application: ceph
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8088
|
||||
manifests:
|
||||
network_policy: true
|
||||
EOF
|
||||
helm upgrade --install radosgw-osh-infra ./ceph-rgw \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/radosgw-osh-infra.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=ceph,release_group=radosgw-osh-infra,component=rgw-test --namespace=osh-infra --ignore-not-found
|
||||
helm test radosgw-osh-infra --namespace osh-infra --timeout 900s
|
|
@ -1,75 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make elasticsearch
|
||||
|
||||
#NOTE: Deploy command
|
||||
tee /tmp/elasticsearch.yaml << EOF
|
||||
jobs:
|
||||
verify_repositories:
|
||||
cron: "*/3 * * * *"
|
||||
pod:
|
||||
replicas:
|
||||
data: 2
|
||||
master: 2
|
||||
conf:
|
||||
elasticsearch:
|
||||
env:
|
||||
java_opts:
|
||||
client: "-Xms512m -Xmx512m"
|
||||
data: "-Xms512m -Xmx512m"
|
||||
master: "-Xms512m -Xmx512m"
|
||||
snapshots:
|
||||
enabled: true
|
||||
curator:
|
||||
action_file:
|
||||
actions:
|
||||
1:
|
||||
action: delete_indices
|
||||
description: >-
|
||||
"Delete indices older than 365 days"
|
||||
options:
|
||||
timeout_override:
|
||||
continue_if_exception: False
|
||||
ignore_empty_list: True
|
||||
disable_action: True
|
||||
filters:
|
||||
- filtertype: pattern
|
||||
kind: prefix
|
||||
value: logstash-
|
||||
- filtertype: age
|
||||
source: name
|
||||
direction: older
|
||||
timestring: '%Y.%m.%d'
|
||||
unit: days
|
||||
unit_count: 365
|
||||
monitoring:
|
||||
prometheus:
|
||||
enabled: true
|
||||
|
||||
EOF
|
||||
helm upgrade --install elasticsearch ./elasticsearch \
|
||||
--namespace=osh-infra \
|
||||
--values=/tmp/elasticsearch.yaml
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
||||
|
||||
# Delete the test pod if it still exists
|
||||
kubectl delete pods -l application=elasticsearch,release_group=elasticsearch,component=test --namespace=osh-infra --ignore-not-found
|
||||
#NOTE: Run helm tests
|
||||
helm test elasticsearch --namespace osh-infra
|
|
@ -1 +0,0 @@
|
|||
../common/fluentbit.sh
|
|
@ -1 +0,0 @@
|
|||
../common/fluentd.sh
|
|
@ -1,26 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make kibana
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install kibana ./kibana \
|
||||
--namespace=osh-infra \
|
||||
--set pod.replicas.kibana=2
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh osh-infra
|
|
@ -1 +0,0 @@
|
|||
../common/150-falco.sh
|
|
@ -1 +0,0 @@
|
|||
../common/postgresql.sh
|
|
@ -1 +0,0 @@
|
|||
../common/grafana-selenium.sh
|
|
@ -1 +0,0 @@
|
|||
../common/nagios-selenium.sh
|
|
@ -1 +0,0 @@
|
|||
../common/prometheus-selenium.sh
|
|
@ -1 +0,0 @@
|
|||
../common/kibana-selenium.sh
|
|
@ -1,50 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -e
|
||||
|
||||
UTILS_IMAGE=docker.io/openstackhelm/gate-utils:v0.1.0
|
||||
NODE_IPS=$(mktemp)
|
||||
kubectl get nodes -o json | jq -r '.items[].status.addresses[] | select(.type=="InternalIP").address' | sort -V > $NODE_IPS
|
||||
function run_and_log_ipcalc {
|
||||
POD_NAME="tmp-$(cat /dev/urandom | env LC_CTYPE=C tr -dc a-z | head -c 5; echo)"
|
||||
kubectl run ${POD_NAME} \
|
||||
--generator=run-pod/v1 \
|
||||
--wait \
|
||||
--image ${UTILS_IMAGE} \
|
||||
--restart=Never \
|
||||
ipcalc -- "$1"
|
||||
end=$(($(date +%s) + 900))
|
||||
until kubectl get pod/${POD_NAME} -o go-template='{{.status.phase}}' | grep -q Succeeded; do
|
||||
now=$(date +%s)
|
||||
[ $now -gt $end ] && echo containers failed to start. && \
|
||||
kubectl get pod/${POD_NAME} -o wide && exit 1
|
||||
done
|
||||
kubectl logs pod/${POD_NAME}
|
||||
kubectl delete pod/${POD_NAME}
|
||||
}
|
||||
FIRST_IP_SUBNET=$(run_and_log_ipcalc "$(head -n 1 ${NODE_IPS})/24" | awk '/^Network/ { print $2 }')
|
||||
LAST_IP_SUBNET=$(run_and_log_ipcalc "$(tail -n 1 ${NODE_IPS})/24" | awk '/^Network/ { print $2 }')
|
||||
rm -f $NODE_IPS
|
||||
function ip_diff {
|
||||
echo $(($(echo $LAST_IP_SUBNET | awk -F '.' "{ print \$$1}") - $(echo $FIRST_IP_SUBNET | awk -F '.' "{ print \$$1}")))
|
||||
}
|
||||
for X in {1..4}; do
|
||||
if ! [ "$(ip_diff ${X})" -eq "0" ]; then
|
||||
SUBMASK=$((((${X} - 1 )) * 8))
|
||||
break
|
||||
elif [ ${X} -eq "4" ]; then
|
||||
SUBMASK=24
|
||||
fi
|
||||
done
|
||||
echo ${FIRST_IP_SUBNET%/*}/${SUBMASK}
|
|
@ -1 +0,0 @@
|
|||
../common/000-install-packages.sh
|
|
@ -1 +0,0 @@
|
|||
../common/prepare-k8s.sh
|
|
@ -1 +0,0 @@
|
|||
../../gate/deploy-k8s.sh
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make namespace-config
|
||||
|
||||
#NOTE: Deploy namespace configs
|
||||
for NAMESPACE in kube-system ceph openstack; do
|
||||
helm upgrade --install ${NAMESPACE}-namespace-config ./namespace-config \
|
||||
--namespace=${NAMESPACE}
|
||||
done
|
|
@ -1,34 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make libvirt
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install libvirt ./libvirt \
|
||||
--namespace=openstack \
|
||||
--set network.backend="null" \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT}
|
||||
|
||||
#NOTE: Please be aware that a network backend might affect
|
||||
#The loadability of this, as some need to be asynchronously
|
||||
#loaded. See also:
|
||||
#https://github.com/openstack/openstack-helm-infra/blob/b69584bd658ae5cb6744e499975f9c5a505774e5/libvirt/values.yaml#L151-L172
|
||||
if [[ "${WAIT_FOR_PODS:=True}" == "True" ]]; then
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
fi
|
|
@ -1,76 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"}
|
||||
|
||||
CERT_DIR=$(mktemp -d)
|
||||
cd ${CERT_DIR}
|
||||
openssl req -x509 -new -nodes -days 1 -newkey rsa:2048 -keyout cacert.key -out cacert.pem -subj "/CN=libvirt.org"
|
||||
openssl req -newkey rsa:2048 -days 1 -nodes -keyout client-key.pem -out client-req.pem -subj "/CN=libvirt.org"
|
||||
openssl rsa -in client-key.pem -out client-key.pem
|
||||
openssl x509 -req -in client-req.pem -days 1 \
|
||||
-CA cacert.pem -CAkey cacert.key -set_serial 01 \
|
||||
-out client-cert.pem
|
||||
openssl req -newkey rsa:2048 -days 1 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=libvirt.org"
|
||||
openssl rsa -in server-key.pem -out server-key.pem
|
||||
openssl x509 -req -in server-req.pem -days 1 \
|
||||
-CA cacert.pem -CAkey cacert.key -set_serial 01 \
|
||||
-out server-cert.pem
|
||||
cd -
|
||||
|
||||
cat <<EOF | kubectl apply -f-
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: libvirt-tls-client
|
||||
namespace: openstack
|
||||
type: Opaque
|
||||
data:
|
||||
cacert.pem: $(cat ${CERT_DIR}/cacert.pem | base64 -w0)
|
||||
clientcert.pem: $(cat ${CERT_DIR}/client-cert.pem | base64 -w0)
|
||||
clientkey.pem: $(cat ${CERT_DIR}/client-key.pem | base64 -w0)
|
||||
EOF
|
||||
|
||||
|
||||
cat <<EOF | kubectl apply -f-
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: libvirt-tls-server
|
||||
namespace: openstack
|
||||
type: Opaque
|
||||
data:
|
||||
cacert.pem: $(cat ${CERT_DIR}/cacert.pem | base64 -w0)
|
||||
servercert.pem: $(cat ${CERT_DIR}/server-cert.pem | base64 -w0)
|
||||
serverkey.pem: $(cat ${CERT_DIR}/server-key.pem | base64 -w0)
|
||||
EOF
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make libvirt
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install libvirt ./libvirt \
|
||||
--namespace=openstack \
|
||||
--set network.backend="null" \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT}
|
||||
|
||||
#NOTE: Please be aware that a network backend might affect
|
||||
#The loadability of this, as some need to be asynchronously
|
||||
#loaded. See also:
|
||||
#https://github.com/openstack/openstack-helm-infra/blob/b69584bd658ae5cb6744e499975f9c5a505774e5/libvirt/values.yaml#L151-L172
|
||||
if [[ "${WAIT_FOR_PODS:=True}" == "True" ]]; then
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
fi
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
set -xe
|
||||
|
||||
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install openvswitch ./openvswitch \
|
||||
--namespace=openstack \
|
||||
${OSH_EXTRA_HELM_ARGS} \
|
||||
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue