Fix overrides for DevStack
Change-Id: I57a8c25ae2d1fc4b0a0c4b40338abf2935cdf110 Fix fernet-keys Change-Id: Id4c8dbc0df2d56288efc3f07cce051aacacc94d8
This commit is contained in:

committed by
okozachenko

parent
c242d65a85
commit
639de843c3
1
Makefile
1
Makefile
@@ -1,5 +1,6 @@
|
||||
images:
|
||||
docker build images/horizon -t vexxhost/horizon:latest
|
||||
docker build images/keystone -t vexxhost/keystone:latest
|
||||
docker build images/ceilometer --target ceilometer-agent-notification -t vexxhost/ceilometer-agent-notification:latest
|
||||
docker build images/mcrouter -t vexxhost/mcrouter:latest
|
||||
docker build images/mcrouter-exporter -t vexxhost/mcrouter-exporter:latest
|
||||
|
81
devstack/lib/common
Normal file
81
devstack/lib/common
Normal file
@@ -0,0 +1,81 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2020 VEXXHOST, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
function get_kubernetes_service_ip {
|
||||
local svc="$1"
|
||||
|
||||
for i in {1..30}; do
|
||||
ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1;
|
||||
done
|
||||
|
||||
echo "$ip"
|
||||
}
|
||||
|
||||
function kubernetes_rollout_status {
|
||||
local deployment="$1"
|
||||
|
||||
for i in {1..30}; do
|
||||
kubectl get deploy/$deployment && break || sleep 1;
|
||||
done
|
||||
|
||||
kubectl rollout status deploy/$deployment
|
||||
}
|
||||
|
||||
function proxy_pass_to_kubernetes {
|
||||
local url=$1
|
||||
local svc=$2
|
||||
|
||||
local ip=$(get_kubernetes_service_ip $svc)
|
||||
local apache_conf=$(apache_site_config_for $svc)
|
||||
|
||||
echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf
|
||||
|
||||
enable_apache_site $svc
|
||||
restart_apache_server
|
||||
}
|
||||
|
||||
# Gets or creates service
|
||||
# Usage: get_or_create_service <name> <type> <description>
|
||||
function get_or_create_service {
|
||||
cat <<EOF | kubectl apply -f-
|
||||
---
|
||||
apiVersion: identity.openstack.org/v1alpha1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ${1//_/-}
|
||||
spec:
|
||||
type: $2
|
||||
description: $3
|
||||
EOF
|
||||
}
|
||||
export -f get_or_create_service
|
||||
|
||||
# Create an endpoint with a specific interface
|
||||
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
|
||||
function _get_or_create_endpoint_with_interface {
|
||||
cat <<EOF | kubectl apply -f-
|
||||
---
|
||||
apiVersion: identity.openstack.org/v1alpha1
|
||||
kind: Endpoint
|
||||
metadata:
|
||||
name: ${1//_/-}-$2
|
||||
spec:
|
||||
service: $1
|
||||
interface: $2
|
||||
url: $3
|
||||
EOF
|
||||
}
|
||||
export -f _get_or_create_endpoint_with_interface
|
@@ -14,47 +14,47 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
function get_kubernetes_service_ip {
|
||||
local svc="$1"
|
||||
|
||||
for i in {1..30}; do
|
||||
ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1;
|
||||
done
|
||||
|
||||
return $ip
|
||||
}
|
||||
|
||||
function proxy_pass_to_kubernetes {
|
||||
local url=$1
|
||||
local svc=$2
|
||||
|
||||
local ip=$(get_kubernetes_service_ip $svc)
|
||||
local apache_conf=$(apache_site_config_for $name)
|
||||
|
||||
echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf
|
||||
|
||||
enable_apache_site $name
|
||||
restart_apache_server
|
||||
}
|
||||
|
||||
# Gets or creates service
|
||||
# Usage: get_or_create_service <name> <type> <description>
|
||||
function get_or_create_service {
|
||||
cat <<EOF | kubectl apply -f-
|
||||
---
|
||||
apiVersion: identity.openstack.org/v1alpha1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ${1//_/-}
|
||||
spec:
|
||||
type: $2
|
||||
description: $3
|
||||
EOF
|
||||
}
|
||||
export -f get_or_create_service
|
||||
|
||||
# install_keystone() - Collect source and prepare
|
||||
function install_keystone {
|
||||
echo "Both installation and startup are included in the deployment of keystone crd."
|
||||
}
|
||||
export -f install_keystone
|
||||
|
||||
# init_keystone() - Initialize databases, etc.
|
||||
function init_keystone {
|
||||
|
||||
# NOTE(mnaser): Permissions here are bad but it's temporary so we don't care as much.
|
||||
sudo chmod -Rv 777 /etc/keystone
|
||||
|
||||
if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
|
||||
# (Re)create keystone database
|
||||
recreate_database keystone
|
||||
fi
|
||||
|
||||
# DB sync
|
||||
time_start "dbsync"
|
||||
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF db_sync
|
||||
time_stop "dbsync"
|
||||
|
||||
# Get fernet keys
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
|
||||
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
|
||||
mkdir "$KEYSTONE_CONF_DIR/fernet-keys/"
|
||||
sudo chmod -Rv 777 "$KEYSTONE_CONF_DIR/fernet-keys/"
|
||||
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF fernet_setup --keystone-user 65534 --keystone-group 65534
|
||||
fi
|
||||
|
||||
# Get credential keys
|
||||
rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
|
||||
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF credential_setup --keystone-user 65534 --keystone-group 65534
|
||||
|
||||
}
|
||||
export -f init_keystone
|
||||
|
||||
# start_keystone() - Start running processes
|
||||
function start_keystone {
|
||||
|
||||
# install keystone
|
||||
cat <<EOF | kubectl apply -f-
|
||||
---
|
||||
apiVersion: identity.openstack.org/v1alpha1
|
||||
@@ -64,32 +64,9 @@ metadata:
|
||||
spec:
|
||||
configDir: ${KEYSTONE_CONF_DIR}
|
||||
EOF
|
||||
}
|
||||
export -f install_keystone
|
||||
# rollout keystone
|
||||
kubernetes_rollout_status keystone-devstack
|
||||
|
||||
# init_keystone() - Initialize databases, etc.
|
||||
function init_keystone {
|
||||
if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
|
||||
# (Re)create keystone database
|
||||
recreate_database keystone
|
||||
fi
|
||||
|
||||
time_start "dbsync"
|
||||
kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF db_sync
|
||||
time_stop "dbsync"
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
|
||||
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
|
||||
kubectl exec deploy/keystone-devstack keystone-manage --config-file $KEYSTONE_CONF fernet_setup
|
||||
fi
|
||||
|
||||
rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
|
||||
kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF credential_setup
|
||||
}
|
||||
export -f init_keystone
|
||||
|
||||
# start_keystone() - Start running processes
|
||||
function start_keystone {
|
||||
# Get right service port for testing
|
||||
local service_port=$KEYSTONE_SERVICE_PORT
|
||||
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
|
||||
@@ -123,6 +100,16 @@ function start_keystone {
|
||||
}
|
||||
export -f start_keystone
|
||||
|
||||
# bootstrap_keystone() - Initialize user, role and project
|
||||
# This function uses the following GLOBAL variables:
|
||||
# - ``KEYSTONE_BIN_DIR``
|
||||
# - ``ADMIN_PASSWORD``
|
||||
# - ``IDENTITY_API_VERSION``
|
||||
# - ``KEYSTONE_AUTH_URI``
|
||||
# - ``REGION_NAME``
|
||||
# - ``KEYSTONE_SERVICE_PROTOCOL``
|
||||
# - ``KEYSTONE_SERVICE_HOST``
|
||||
# - ``KEYSTONE_SERVICE_PORT``
|
||||
function bootstrap_keystone {
|
||||
kubectl exec deploy/keystone-devstack -- keystone-manage bootstrap \
|
||||
--bootstrap-username admin \
|
||||
@@ -134,20 +121,4 @@ function bootstrap_keystone {
|
||||
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
|
||||
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
|
||||
}
|
||||
export -f bootstrap_keystone
|
||||
# Create an endpoint with a specific interface
|
||||
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
|
||||
function _get_or_create_endpoint_with_interface {
|
||||
cat <<EOF | kubectl apply -f-
|
||||
---
|
||||
apiVersion: identity.openstack.org/v1alpha1
|
||||
kind: Endpoint
|
||||
metadata:
|
||||
name: ${1//_/-}-$2
|
||||
spec:
|
||||
service: $1
|
||||
interface: $2
|
||||
url: $3
|
||||
EOF
|
||||
}
|
||||
export -f _get_or_create_endpoint_with_interface
|
||||
export -f bootstrap_keystone
|
@@ -18,3 +18,6 @@ define_plugin openstack-operator
|
||||
|
||||
disable_service etcd3
|
||||
disable_service rabbit
|
||||
|
||||
source $DEST/openstack-operator/devstack/lib/common
|
||||
source $DEST/openstack-operator/devstack/lib/keystone
|
@@ -26,6 +26,8 @@ COPY --from=builder /output/ /output
|
||||
RUN apt update && apt -y install git && \
|
||||
/output/install-from-bindep && \
|
||||
apt -y purge git && apt clean all
|
||||
RUN mkdir /var/log/keystone && \
|
||||
chmod 777 -R /var/log/keystone
|
||||
EXPOSE 5000
|
||||
ENV UWSGI_HTTP_SOCKET=:5000 \
|
||||
UWSGI_WSGI_FILE=/usr/local/bin/keystone-wsgi-public
|
||||
|
@@ -52,7 +52,7 @@ spec:
|
||||
requests:
|
||||
cpu: 1000m
|
||||
ephemeral-storage: 500M
|
||||
memory: 128M
|
||||
memory: 512M
|
||||
securityContext:
|
||||
runAsUser: 65534
|
||||
runAsGroup: 65534
|
||||
@@ -64,7 +64,6 @@ spec:
|
||||
hostPath:
|
||||
path: {{ spec['configDir'] }}
|
||||
type: Directory
|
||||
terminationGracePeriodSeconds: 5
|
||||
{% if 'nodeSelector' in spec %}
|
||||
nodeSelector:
|
||||
{{ spec.nodeSelector | to_yaml | indent(8) }}
|
||||
|
@@ -50,6 +50,7 @@
|
||||
CELLSV2_SETUP: singleconductor
|
||||
MEMCACHE_SERVERS: "{{ _memcached_ip.stdout }}:11211"
|
||||
RABBIT_HOST: "{{ _rabbitmq_ip.stdout }}"
|
||||
DATABASE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
||||
- name: Re-write local.conf
|
||||
include_role:
|
||||
name: write-devstack-local-conf
|
||||
|
Reference in New Issue
Block a user