Fix overrides for DevStack

Change-Id: I57a8c25ae2d1fc4b0a0c4b40338abf2935cdf110

Fix fernet-keys

Change-Id: Id4c8dbc0df2d56288efc3f07cce051aacacc94d8
This commit is contained in:
Mohammed Naser
2020-05-04 19:30:43 -04:00
committed by okozachenko
parent c242d65a85
commit 639de843c3
7 changed files with 141 additions and 83 deletions

View File

@@ -1,5 +1,6 @@
images:
docker build images/horizon -t vexxhost/horizon:latest
docker build images/keystone -t vexxhost/keystone:latest
docker build images/ceilometer --target ceilometer-agent-notification -t vexxhost/ceilometer-agent-notification:latest
docker build images/mcrouter -t vexxhost/mcrouter:latest
docker build images/mcrouter-exporter -t vexxhost/mcrouter-exporter:latest

81
devstack/lib/common Normal file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
#
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
function get_kubernetes_service_ip {
local svc="$1"
for i in {1..30}; do
ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1;
done
echo "$ip"
}
function kubernetes_rollout_status {
local deployment="$1"
for i in {1..30}; do
kubectl get deploy/$deployment && break || sleep 1;
done
kubectl rollout status deploy/$deployment
}
function proxy_pass_to_kubernetes {
local url=$1
local svc=$2
local ip=$(get_kubernetes_service_ip $svc)
local apache_conf=$(apache_site_config_for $svc)
echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf
enable_apache_site $svc
restart_apache_server
}
# Gets or creates service
# Usage: get_or_create_service <name> <type> <description>
function get_or_create_service {
cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
kind: Service
metadata:
name: ${1//_/-}
spec:
type: $2
description: $3
EOF
}
export -f get_or_create_service
# Create an endpoint with a specific interface
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
kind: Endpoint
metadata:
name: ${1//_/-}-$2
spec:
service: $1
interface: $2
url: $3
EOF
}
export -f _get_or_create_endpoint_with_interface

View File

@@ -14,47 +14,47 @@
# License for the specific language governing permissions and limitations
# under the License.
function get_kubernetes_service_ip {
local svc="$1"
for i in {1..30}; do
ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1;
done
return $ip
}
function proxy_pass_to_kubernetes {
local url=$1
local svc=$2
local ip=$(get_kubernetes_service_ip $svc)
local apache_conf=$(apache_site_config_for $name)
echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
}
# Gets or creates service
# Usage: get_or_create_service <name> <type> <description>
function get_or_create_service {
cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
kind: Service
metadata:
name: ${1//_/-}
spec:
type: $2
description: $3
EOF
}
export -f get_or_create_service
# install_keystone() - Collect source and prepare
function install_keystone {
echo "Both installation and startup are included in the deployment of keystone crd."
}
export -f install_keystone
# init_keystone() - Initialize databases, etc.
function init_keystone {
# NOTE(mnaser): Permissions here are bad but it's temporary so we don't care as much.
sudo chmod -Rv 777 /etc/keystone
if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
# (Re)create keystone database
recreate_database keystone
fi
# DB sync
time_start "dbsync"
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF db_sync
time_stop "dbsync"
# Get fernet keys
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
mkdir "$KEYSTONE_CONF_DIR/fernet-keys/"
sudo chmod -Rv 777 "$KEYSTONE_CONF_DIR/fernet-keys/"
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF fernet_setup --keystone-user 65534 --keystone-group 65534
fi
# Get credential keys
rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF credential_setup --keystone-user 65534 --keystone-group 65534
}
export -f init_keystone
# start_keystone() - Start running processes
function start_keystone {
# install keystone
cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
@@ -64,32 +64,9 @@ metadata:
spec:
configDir: ${KEYSTONE_CONF_DIR}
EOF
}
export -f install_keystone
# rollout keystone
kubernetes_rollout_status keystone-devstack
# init_keystone() - Initialize databases, etc.
function init_keystone {
if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
# (Re)create keystone database
recreate_database keystone
fi
time_start "dbsync"
kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF db_sync
time_stop "dbsync"
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
kubectl exec deploy/keystone-devstack keystone-manage --config-file $KEYSTONE_CONF fernet_setup
fi
rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF credential_setup
}
export -f init_keystone
# start_keystone() - Start running processes
function start_keystone {
# Get right service port for testing
local service_port=$KEYSTONE_SERVICE_PORT
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
@@ -123,6 +100,16 @@ function start_keystone {
}
export -f start_keystone
# bootstrap_keystone() - Initialize user, role and project
# This function uses the following GLOBAL variables:
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
# - ``KEYSTONE_AUTH_URI``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
# - ``KEYSTONE_SERVICE_PORT``
function bootstrap_keystone {
kubectl exec deploy/keystone-devstack -- keystone-manage bootstrap \
--bootstrap-username admin \
@@ -134,20 +121,4 @@ function bootstrap_keystone {
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
}
export -f bootstrap_keystone
# Create an endpoint with a specific interface
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
cat <<EOF | kubectl apply -f-
---
apiVersion: identity.openstack.org/v1alpha1
kind: Endpoint
metadata:
name: ${1//_/-}-$2
spec:
service: $1
interface: $2
url: $3
EOF
}
export -f _get_or_create_endpoint_with_interface
export -f bootstrap_keystone

View File

@@ -18,3 +18,6 @@ define_plugin openstack-operator
disable_service etcd3
disable_service rabbit
source $DEST/openstack-operator/devstack/lib/common
source $DEST/openstack-operator/devstack/lib/keystone

View File

@@ -26,6 +26,8 @@ COPY --from=builder /output/ /output
RUN apt update && apt -y install git && \
/output/install-from-bindep && \
apt -y purge git && apt clean all
RUN mkdir /var/log/keystone && \
chmod 777 -R /var/log/keystone
EXPOSE 5000
ENV UWSGI_HTTP_SOCKET=:5000 \
UWSGI_WSGI_FILE=/usr/local/bin/keystone-wsgi-public

View File

@@ -52,7 +52,7 @@ spec:
requests:
cpu: 1000m
ephemeral-storage: 500M
memory: 128M
memory: 512M
securityContext:
runAsUser: 65534
runAsGroup: 65534
@@ -64,7 +64,6 @@ spec:
hostPath:
path: {{ spec['configDir'] }}
type: Directory
terminationGracePeriodSeconds: 5
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}

View File

@@ -50,6 +50,7 @@
CELLSV2_SETUP: singleconductor
MEMCACHE_SERVERS: "{{ _memcached_ip.stdout }}:11211"
RABBIT_HOST: "{{ _rabbitmq_ip.stdout }}"
DATABASE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
- name: Re-write local.conf
include_role:
name: write-devstack-local-conf