Merge "Use containerized Openstack client"
This commit is contained in:
Zuul
Gerrit Code Review
commit
7b4fbe601f
|
|
@ -15,7 +15,7 @@ client.
|
|||
cd ~/osh/openstack-helm
|
||||
./tools/deployment/common/setup-client.sh
|
||||
|
||||
At this point you have to keep in mind that the above script configures
|
||||
Please keep in mind that the above script configures
|
||||
OpenStack client so it uses internal Kubernetes FQDNs like
|
||||
`keystone.openstack.svc.cluster.local`. In order to be able to resolve these
|
||||
internal names you have to configure the Kubernetes authoritative DNS server
|
||||
|
|
@ -31,5 +31,26 @@ from outside the Kubernetes cluster, typically achieved through solutions like
|
|||
have set up proper FQDN resolution to map to the external IP address and
|
||||
create the necessary Ingress objects for the associated FQDN.
|
||||
|
||||
It is also important to note that the above script does not actually installs
|
||||
the Openstack client package on the host but instead it creates a bash
|
||||
script `/usr/local/bin/openstack` that runs the Openstack client in a
|
||||
Docker container. If you need to pass extra command line parameters to the
|
||||
`docker run` command use the environment variable
|
||||
`OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS`. For example if you need to mount a
|
||||
directory from the host file system, you can do the following
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
export OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="-v /data:/data"
|
||||
/usr/local/bin/openstack <subcommand> <options>
|
||||
|
||||
Remember that the container file system is ephemeral and is destroyed
|
||||
when you stop the container. So if you would like to use the
|
||||
Openstack client capabilities interfacing with the file system then you have to mount
|
||||
a directory from the host file system where you will read/write necessary files.
|
||||
For example, this is useful when you create a key pair and save the private key in a file
|
||||
which is then used for ssh access to VMs. Or it could be Heat recipes
|
||||
which you prepare in advance and then use with Openstack client.
|
||||
|
||||
.. _setup-client.sh: https://opendev.org/openstack/openstack-helm/src/branch/master/tools/deployment/common/setup-client.sh
|
||||
.. _MetalLB: https://metallb.universe.tf
|
||||
|
|
|
|||
|
|
@ -47,4 +47,9 @@ EOF
|
|||
kubectl apply -f /tmp/${NAMESPACE}-ns.yaml
|
||||
done
|
||||
|
||||
#NOTE: Build helm-toolkit, most charts depend on helm-toolkit
|
||||
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
|
||||
make -C ${HELM_CHART_ROOT_PATH} helm-toolkit
|
||||
|
||||
# Build all charts
|
||||
make all
|
||||
|
|
|
|||
|
|
@ -14,13 +14,6 @@
|
|||
|
||||
set -xe
|
||||
|
||||
sudo -H -E pip3 install --upgrade pip
|
||||
sudo -H -E pip3 install \
|
||||
-c${UPPER_CONSTRAINTS_FILE:=https://releases.openstack.org/constraints/upper/${OPENSTACK_RELEASE:-xena}} \
|
||||
cmd2 python-openstackclient python-heatclient --ignore-installed
|
||||
|
||||
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
|
||||
|
||||
sudo -H mkdir -p /etc/openstack
|
||||
sudo -H chown -R $(id -un): /etc/openstack
|
||||
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
|
||||
|
|
@ -54,5 +47,18 @@ else
|
|||
EOF
|
||||
fi
|
||||
|
||||
#NOTE: Build helm-toolkit, most charts depend on helm-toolkit
|
||||
make -C ${HELM_CHART_ROOT_PATH} helm-toolkit
|
||||
sudo tee /usr/local/bin/openstack << EOF
|
||||
#!/bin/bash
|
||||
args=("\$@")
|
||||
|
||||
sudo docker run \\
|
||||
--rm \\
|
||||
--network host \\
|
||||
-w / \\
|
||||
-v /etc/openstack/clouds.yaml:/etc/openstack/clouds.yaml \\
|
||||
-v /etc/openstack-helm:/etc/openstack-helm \\
|
||||
-e OS_CLOUD=\${OS_CLOUD} \\
|
||||
\${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} \\
|
||||
docker.io/openstackhelm/openstack-client:\${OPENSTACK_RELEASE:-2023.2} openstack "\${args[@]}"
|
||||
EOF
|
||||
sudo chmod +x /usr/local/bin/openstack
|
||||
|
|
|
|||
|
|
@ -15,6 +15,19 @@ set -xe
|
|||
|
||||
export OS_CLOUD=openstack_helm
|
||||
|
||||
: ${HEAT_DIR:="$(readlink -f ./tools/deployment/common)"}
|
||||
: ${SSH_DIR:="${HOME}/.ssh"}
|
||||
|
||||
if [[ -n ${HEAT_DIR} ]]; then
|
||||
OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} -v ${HEAT_DIR}:${HEAT_DIR}"
|
||||
fi
|
||||
|
||||
if [[ -n ${SSH_DIR} ]]; then
|
||||
OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} -v ${SSH_DIR}:${SSH_DIR}"
|
||||
fi
|
||||
|
||||
export OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS
|
||||
|
||||
: ${OSH_EXT_NET_NAME:="public"}
|
||||
: ${OSH_EXT_SUBNET_NAME:="public-subnet"}
|
||||
: ${OSH_EXT_SUBNET:="172.24.4.0/24"}
|
||||
|
|
@ -26,7 +39,7 @@ openstack stack show "heat-public-net-deployment" || \
|
|||
--parameter subnet_name=${OSH_EXT_SUBNET_NAME} \
|
||||
--parameter subnet_cidr=${OSH_EXT_SUBNET} \
|
||||
--parameter subnet_gateway=${OSH_BR_EX_ADDR%/*} \
|
||||
-t ./tools/deployment/common/heat-public-net-deployment.yaml \
|
||||
-t ${HEAT_DIR}/heat-public-net-deployment.yaml \
|
||||
heat-public-net-deployment
|
||||
|
||||
: ${OSH_PRIVATE_SUBNET_POOL:="10.0.0.0/8"}
|
||||
|
|
@ -37,7 +50,7 @@ openstack stack show "heat-subnet-pool-deployment" || \
|
|||
--parameter subnet_pool_name=${OSH_PRIVATE_SUBNET_POOL_NAME} \
|
||||
--parameter subnet_pool_prefixes=${OSH_PRIVATE_SUBNET_POOL} \
|
||||
--parameter subnet_pool_default_prefix_length=${OSH_PRIVATE_SUBNET_POOL_DEF_PREFIX} \
|
||||
-t ./tools/deployment/common/heat-subnet-pool-deployment.yaml \
|
||||
-t ${HEAT_DIR}/heat-subnet-pool-deployment.yaml \
|
||||
heat-subnet-pool-deployment
|
||||
|
||||
: ${OSH_EXT_NET_NAME:="public"}
|
||||
|
|
@ -50,12 +63,12 @@ IMAGE_NAME=$(openstack image show -f value -c name \
|
|||
grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"'))
|
||||
|
||||
# Setup SSH Keypair in Nova
|
||||
mkdir -p ${HOME}/.ssh
|
||||
|
||||
mkdir -p ${SSH_DIR}
|
||||
|
||||
openstack keypair show "${OSH_VM_KEY_STACK}" || \
|
||||
openstack keypair create --private-key ${HOME}/.ssh/osh_key ${OSH_VM_KEY_STACK}
|
||||
chmod 600 ${HOME}/.ssh/osh_key
|
||||
openstack keypair create --private-key ${SSH_DIR}/osh_key ${OSH_VM_KEY_STACK}
|
||||
sudo chown $(id -un) ${SSH_DIR}/osh_key
|
||||
chmod 600 ${SSH_DIR}/osh_key
|
||||
|
||||
openstack stack show "heat-basic-vm-deployment" || \
|
||||
openstack stack create --wait \
|
||||
|
|
@ -64,7 +77,7 @@ openstack stack show "heat-basic-vm-deployment" || \
|
|||
--parameter ssh_key=${OSH_VM_KEY_STACK} \
|
||||
--parameter cidr=${OSH_PRIVATE_SUBNET} \
|
||||
--parameter dns_nameserver=${OSH_BR_EX_ADDR%/*} \
|
||||
-t ./tools/deployment/common/heat-basic-vm-deployment.yaml \
|
||||
-t ${HEAT_DIR}/heat-basic-vm-deployment.yaml \
|
||||
heat-basic-vm-deployment
|
||||
|
||||
FLOATING_IP=$(openstack stack output show \
|
||||
|
|
@ -104,13 +117,13 @@ EOF
|
|||
# note: ssh-keyscan should be re-enabled to prevent skip host key checking
|
||||
# ssh-keyscan does not use ssh_config so ignore host key checking for now
|
||||
#ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
|
||||
ssh -o "StrictHostKeyChecking no" -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
|
||||
ssh -o "StrictHostKeyChecking no" -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
|
||||
|
||||
# Check the VM can reach the metadata server
|
||||
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254
|
||||
ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254
|
||||
|
||||
# Check the VM can reach the keystone server
|
||||
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 keystone.openstack.svc.cluster.local
|
||||
ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 keystone.openstack.svc.cluster.local
|
||||
|
||||
# Check to see if cinder has been deployed, if it has then perform a volume attach.
|
||||
if openstack service list -f value -c Type | grep -q "^volume"; then
|
||||
|
|
@ -121,18 +134,18 @@ if openstack service list -f value -c Type | grep -q "^volume"; then
|
|||
|
||||
# Get the devices that are present on the instance
|
||||
DEVS_PRE_ATTACH=$(mktemp)
|
||||
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_PRE_ATTACH}
|
||||
ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_PRE_ATTACH}
|
||||
|
||||
openstack stack list show "heat-vm-volume-attach" || \
|
||||
# Create and attach a block device to the instance
|
||||
openstack stack create --wait \
|
||||
--parameter instance_uuid=${INSTANCE_ID} \
|
||||
-t ./tools/deployment/common/heat-vm-volume-attach.yaml \
|
||||
-t ${HEAT_DIR}/heat-vm-volume-attach.yaml \
|
||||
heat-vm-volume-attach
|
||||
|
||||
# Get the devices that are present on the instance
|
||||
DEVS_POST_ATTACH=$(mktemp)
|
||||
ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_POST_ATTACH}
|
||||
ssh -i ${SSH_DIR}/osh_key cirros@${FLOATING_IP} lsblk > ${DEVS_POST_ATTACH}
|
||||
|
||||
# Check that we have the expected number of extra devices on the instance post attach
|
||||
if ! [ "$(comm -13 ${DEVS_PRE_ATTACH} ${DEVS_POST_ATTACH} | wc -l)" -eq "1" ]; then
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@
|
|||
helm_version: "v3.6.3"
|
||||
yq_version: "v4.6.0"
|
||||
crictl_version: "v1.26.1"
|
||||
zuul_osh_relative_path: ../openstack-helm
|
||||
zuul_osh_infra_relative_path: ../openstack-helm-infra
|
||||
gate_scripts_relative_path: ../openstack-helm
|
||||
run_helm_tests: "no"
|
||||
|
|
|
|||
Loading…
Reference in New Issue