Fix overrides for DevStack
Change-Id: I57a8c25ae2d1fc4b0a0c4b40338abf2935cdf110 Fix fernet-keys Change-Id: Id4c8dbc0df2d56288efc3f07cce051aacacc94d8
This commit is contained in:
		 Mohammed Naser
					Mohammed Naser
				
			
				
					committed by
					
						 okozachenko
						okozachenko
					
				
			
			
				
	
			
			
			 okozachenko
						okozachenko
					
				
			
						parent
						
							c242d65a85
						
					
				
				
					commit
					639de843c3
				
			
							
								
								
									
										1
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								Makefile
									
									
									
									
									
								
							| @@ -1,5 +1,6 @@ | ||||
| images: | ||||
| 	docker build images/horizon -t vexxhost/horizon:latest | ||||
| 	docker build images/keystone -t vexxhost/keystone:latest | ||||
| 	docker build images/ceilometer --target ceilometer-agent-notification -t vexxhost/ceilometer-agent-notification:latest | ||||
| 	docker build images/mcrouter -t vexxhost/mcrouter:latest | ||||
| 	docker build images/mcrouter-exporter -t vexxhost/mcrouter-exporter:latest | ||||
|   | ||||
							
								
								
									
										81
									
								
								devstack/lib/common
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										81
									
								
								devstack/lib/common
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,81 @@ | ||||
| #!/bin/bash | ||||
| # | ||||
| # Copyright 2020 VEXXHOST, Inc. | ||||
| # | ||||
| # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||||
| # not use this file except in compliance with the License. You may obtain | ||||
| # a copy of the License at | ||||
| # | ||||
| #    http://www.apache.org/licenses/LICENSE-2.0 | ||||
| # | ||||
| # Unless required by applicable law or agreed to in writing, software | ||||
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||||
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||||
| # License for the specific language governing permissions and limitations | ||||
| # under the License. | ||||
|  | ||||
| function get_kubernetes_service_ip { | ||||
| 	local svc="$1" | ||||
|  | ||||
| 	for i in {1..30}; do | ||||
| 		ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1; | ||||
| 	done | ||||
|  | ||||
| 	echo "$ip" | ||||
| } | ||||
|  | ||||
| function kubernetes_rollout_status { | ||||
| 	local deployment="$1" | ||||
|  | ||||
| 	for i in {1..30}; do | ||||
| 		kubectl get deploy/$deployment && break || sleep 1; | ||||
| 	done | ||||
|  | ||||
| 	kubectl rollout status deploy/$deployment | ||||
| } | ||||
|  | ||||
| function proxy_pass_to_kubernetes { | ||||
| 	local url=$1 | ||||
| 	local svc=$2 | ||||
|  | ||||
| 	local ip=$(get_kubernetes_service_ip $svc) | ||||
| 	local apache_conf=$(apache_site_config_for $svc) | ||||
|  | ||||
| 	echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf | ||||
|  | ||||
| 	enable_apache_site $svc | ||||
| 	restart_apache_server | ||||
| } | ||||
|  | ||||
| # Gets or creates service | ||||
| # Usage: get_or_create_service <name> <type> <description> | ||||
| function get_or_create_service { | ||||
| 	cat <<EOF | kubectl apply -f- | ||||
| --- | ||||
| apiVersion: identity.openstack.org/v1alpha1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: ${1//_/-} | ||||
| spec: | ||||
|   type: $2 | ||||
|   description: $3 | ||||
| EOF | ||||
| } | ||||
| export -f get_or_create_service | ||||
|  | ||||
| # Create an endpoint with a specific interface | ||||
| # Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region> | ||||
| function _get_or_create_endpoint_with_interface { | ||||
| 	cat <<EOF | kubectl apply -f- | ||||
| --- | ||||
| apiVersion: identity.openstack.org/v1alpha1 | ||||
| kind: Endpoint | ||||
| metadata: | ||||
|   name: ${1//_/-}-$2 | ||||
| spec: | ||||
|   service: $1 | ||||
|   interface: $2 | ||||
|   url: $3 | ||||
| EOF | ||||
| } | ||||
| export -f _get_or_create_endpoint_with_interface | ||||
| @@ -14,47 +14,47 @@ | ||||
| # License for the specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| function get_kubernetes_service_ip { | ||||
| 	local svc="$1" | ||||
| 
 | ||||
| 	for i in {1..30}; do | ||||
| 		ip=$(kubectl get svc/$svc -ojsonpath='{.spec.clusterIP}') && break || sleep 1; | ||||
| 	done | ||||
| 
 | ||||
| 	return $ip | ||||
| } | ||||
| 
 | ||||
| function proxy_pass_to_kubernetes { | ||||
| 	local url=$1 | ||||
| 	local svc=$2 | ||||
| 
 | ||||
| 	local ip=$(get_kubernetes_service_ip $svc) | ||||
| 	local apache_conf=$(apache_site_config_for $name) | ||||
| 
 | ||||
| 	echo "ProxyPass \"${url}\" \"http://${ip}/\"" | sudo tee -a $apache_conf | ||||
| 
 | ||||
| 	enable_apache_site $name | ||||
| 	restart_apache_server | ||||
| } | ||||
| 
 | ||||
| # Gets or creates service | ||||
| # Usage: get_or_create_service <name> <type> <description> | ||||
| function get_or_create_service { | ||||
| 	cat <<EOF | kubectl apply -f- | ||||
| --- | ||||
| apiVersion: identity.openstack.org/v1alpha1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: ${1//_/-} | ||||
| spec: | ||||
|   type: $2 | ||||
|   description: $3 | ||||
| EOF | ||||
| } | ||||
| export -f get_or_create_service | ||||
| 
 | ||||
| # install_keystone() - Collect source and prepare | ||||
| function install_keystone { | ||||
| 	echo "Both installation and startup are included in the deployment of keystone crd." | ||||
| } | ||||
| export -f install_keystone | ||||
| 
 | ||||
| # init_keystone() - Initialize databases, etc. | ||||
| function init_keystone { | ||||
| 
 | ||||
| 	# NOTE(mnaser): Permissions here are bad but it's temporary so we don't care as much. | ||||
| 	sudo chmod -Rv 777 /etc/keystone | ||||
| 
 | ||||
| 	if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then | ||||
| 		# (Re)create keystone database | ||||
| 		recreate_database keystone | ||||
| 	fi | ||||
| 
 | ||||
| 	# DB sync | ||||
| 	time_start "dbsync" | ||||
| 	sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF db_sync | ||||
| 	time_stop "dbsync" | ||||
| 
 | ||||
| 	# Get fernet keys | ||||
| 	if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then | ||||
| 		rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/" | ||||
| 		mkdir "$KEYSTONE_CONF_DIR/fernet-keys/" | ||||
| 		sudo chmod -Rv 777 "$KEYSTONE_CONF_DIR/fernet-keys/" | ||||
| 		sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF fernet_setup --keystone-user 65534 --keystone-group 65534 | ||||
| 	fi | ||||
| 
 | ||||
| 	# Get credential keys | ||||
| 	rm -rf "$KEYSTONE_CONF_DIR/credential-keys/" | ||||
| 	sudo docker run -v /etc/keystone:/etc/keystone vexxhost/keystone:latest keystone-manage --config-file $KEYSTONE_CONF credential_setup --keystone-user 65534 --keystone-group 65534 | ||||
| 
 | ||||
| } | ||||
| export -f init_keystone | ||||
| 
 | ||||
| # start_keystone() - Start running processes | ||||
| function start_keystone { | ||||
| 
 | ||||
| 	# install keystone | ||||
| 	cat <<EOF | kubectl apply -f- | ||||
| --- | ||||
| apiVersion: identity.openstack.org/v1alpha1 | ||||
| @@ -64,32 +64,9 @@ metadata: | ||||
| spec: | ||||
|   configDir: ${KEYSTONE_CONF_DIR} | ||||
| EOF | ||||
| } | ||||
| export -f install_keystone | ||||
| 	# rollout keystone | ||||
| 	kubernetes_rollout_status keystone-devstack | ||||
| 
 | ||||
| # init_keystone() - Initialize databases, etc. | ||||
| function init_keystone { | ||||
| 	if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then | ||||
| 		# (Re)create keystone database | ||||
| 		recreate_database keystone | ||||
| 	fi | ||||
| 
 | ||||
| 	time_start "dbsync" | ||||
| 	kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF db_sync | ||||
| 	time_stop "dbsync" | ||||
| 
 | ||||
| 	if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then | ||||
| 		rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/" | ||||
| 		kubectl exec deploy/keystone-devstack keystone-manage --config-file $KEYSTONE_CONF fernet_setup | ||||
| 	fi | ||||
| 
 | ||||
| 	rm -rf "$KEYSTONE_CONF_DIR/credential-keys/" | ||||
| 	kubectl exec deploy/keystone-devstack -- keystone-manage --config-file $KEYSTONE_CONF credential_setup | ||||
| } | ||||
| export -f init_keystone | ||||
| 
 | ||||
| # start_keystone() - Start running processes | ||||
| function start_keystone { | ||||
| 	# Get right service port for testing | ||||
| 	local service_port=$KEYSTONE_SERVICE_PORT | ||||
| 	local auth_protocol=$KEYSTONE_AUTH_PROTOCOL | ||||
| @@ -123,6 +100,16 @@ function start_keystone { | ||||
| } | ||||
| export -f start_keystone | ||||
| 
 | ||||
| # bootstrap_keystone() - Initialize user, role and project | ||||
| # This function uses the following GLOBAL variables: | ||||
| # - ``KEYSTONE_BIN_DIR`` | ||||
| # - ``ADMIN_PASSWORD`` | ||||
| # - ``IDENTITY_API_VERSION`` | ||||
| # - ``KEYSTONE_AUTH_URI`` | ||||
| # - ``REGION_NAME`` | ||||
| # - ``KEYSTONE_SERVICE_PROTOCOL`` | ||||
| # - ``KEYSTONE_SERVICE_HOST`` | ||||
| # - ``KEYSTONE_SERVICE_PORT`` | ||||
| function bootstrap_keystone { | ||||
| 	kubectl exec deploy/keystone-devstack -- keystone-manage bootstrap \ | ||||
| 		--bootstrap-username admin \ | ||||
| @@ -135,19 +122,3 @@ function bootstrap_keystone { | ||||
| 		--bootstrap-public-url "$KEYSTONE_SERVICE_URI" | ||||
| } | ||||
| export -f bootstrap_keystone | ||||
| # Create an endpoint with a specific interface | ||||
| # Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region> | ||||
| function _get_or_create_endpoint_with_interface { | ||||
| 	cat <<EOF | kubectl apply -f- | ||||
| --- | ||||
| apiVersion: identity.openstack.org/v1alpha1 | ||||
| kind: Endpoint | ||||
| metadata: | ||||
|   name: ${1//_/-}-$2 | ||||
| spec: | ||||
|   service: $1 | ||||
|   interface: $2 | ||||
|   url: $3 | ||||
| EOF | ||||
| } | ||||
| export -f _get_or_create_endpoint_with_interface | ||||
| @@ -18,3 +18,6 @@ define_plugin openstack-operator | ||||
|  | ||||
| disable_service etcd3 | ||||
| disable_service rabbit | ||||
|  | ||||
| source $DEST/openstack-operator/devstack/lib/common | ||||
| source $DEST/openstack-operator/devstack/lib/keystone | ||||
| @@ -26,6 +26,8 @@ COPY --from=builder /output/ /output | ||||
| RUN apt update && apt -y install git && \ | ||||
|     /output/install-from-bindep && \ | ||||
|     apt -y purge git && apt clean all | ||||
| RUN mkdir /var/log/keystone && \ | ||||
|     chmod 777 -R /var/log/keystone | ||||
| EXPOSE 5000 | ||||
| ENV UWSGI_HTTP_SOCKET=:5000 \ | ||||
|     UWSGI_WSGI_FILE=/usr/local/bin/keystone-wsgi-public | ||||
|   | ||||
| @@ -52,7 +52,7 @@ spec: | ||||
|           requests: | ||||
|             cpu: 1000m | ||||
|             ephemeral-storage: 500M | ||||
|             memory: 128M | ||||
|             memory: 512M | ||||
|         securityContext: | ||||
|           runAsUser: 65534 | ||||
|           runAsGroup: 65534 | ||||
| @@ -64,7 +64,6 @@ spec: | ||||
|         hostPath: | ||||
|           path: {{ spec['configDir'] }} | ||||
|           type: Directory | ||||
|       terminationGracePeriodSeconds: 5 | ||||
| {% if 'nodeSelector' in spec %} | ||||
|       nodeSelector: | ||||
|         {{ spec.nodeSelector | to_yaml | indent(8) }} | ||||
|   | ||||
| @@ -50,6 +50,7 @@ | ||||
|           CELLSV2_SETUP: singleconductor | ||||
|           MEMCACHE_SERVERS: "{{ _memcached_ip.stdout }}:11211" | ||||
|           RABBIT_HOST: "{{ _rabbitmq_ip.stdout }}" | ||||
|           DATABASE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}" | ||||
|     - name: Re-write local.conf | ||||
|       include_role: | ||||
|         name: write-devstack-local-conf | ||||
|   | ||||
		Reference in New Issue
	
	Block a user