From 85208fe98a088222c3436bea28cbefcd03b98b74 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Fri, 27 Apr 2018 14:12:19 -0500 Subject: [PATCH] LDAP: Move ldap chart to openstack-helm-infra This moves the ldap chart to openstack-helm-infra from openstack-helm, allowing for ldap to provide an authentication mechanism for components of the LMA stack, and can still be used for keystone in openstack-helm, as openstack-helm-infra is a required project Change-Id: I211bc47c7a3ae875614102c8f64daa1099f702e8 --- ldap/.helmignore | 21 ++ ldap/Chart.yaml | 19 ++ ldap/requirements.yaml | 16 ++ ldap/templates/_helpers.tpl | 22 ++ ldap/templates/bin/_bootstrap.sh.tpl | 8 + ldap/templates/configmap-bin.yaml | 27 ++ ldap/templates/configmap-etc.yaml | 27 ++ ldap/templates/job-bootstrap.yaml | 18 ++ ldap/templates/job-image-repo-sync.yaml | 20 ++ ldap/templates/service.yaml | 30 +++ ldap/templates/statefulset.yaml | 86 +++++++ ldap/values.yaml | 236 ++++++++++++++++++ playbooks/osh-infra-dev-deploy.yaml | 26 +- playbooks/osh-infra-multinode-deploy.yaml | 26 +- .../deployment/common/000-install-packages.sh | 25 ++ tools/deployment/common/005-deploy-k8s.sh | 20 ++ tools/deployment/common/030-ldap.sh | 32 +++ ...e-metrics.sh => 060-kube-state-metrics.sh} | 0 ...-node-exporter.sh => 070-node-exporter.sh} | 0 ...-exporter.sh => 080-openstack-exporter.sh} | 0 .../common/{120-kibana.sh => 130-kibana.sh} | 0 .../developer/000-install-packages.sh | 26 +- tools/deployment/developer/005-deploy-k8s.sh | 21 +- tools/deployment/developer/030-ldap.sh | 1 + .../{030-prometheus.sh => 040-prometheus.sh} | 0 ...40-alertmanager.sh => 050-alertmanager.sh} | 0 .../developer/050-kube-state-metrics.sh | 1 - .../developer/060-kube-state-metrics.sh | 1 + .../deployment/developer/060-node-exporter.sh | 1 - .../deployment/developer/070-node-exporter.sh | 1 + .../developer/070-openstack-exporter.sh | 1 - .../developer/080-openstack-exporter.sh | 1 + .../{080-grafana.sh => 090-grafana.sh} | 0 .../{090-nagios.sh => 100-nagios.sh} | 0 ...-elasticsearch.sh => 110-elasticsearch.sh} | 0 ...luent-logging.sh => 120-fluent-logging.sh} | 0 tools/deployment/developer/120-kibana.sh | 1 - tools/deployment/developer/130-kibana.sh | 1 + tools/deployment/multinode/030-ldap.sh | 1 + .../{030-prometheus.sh => 040-prometheus.sh} | 0 ...40-alertmanager.sh => 050-alertmanager.sh} | 0 .../multinode/050-kube-state-metrics.sh | 1 - .../multinode/060-kube-state-metrics.sh | 1 + .../deployment/multinode/060-node-exporter.sh | 1 - .../deployment/multinode/070-node-exporter.sh | 1 + .../multinode/070-openstack-exporter.sh | 1 - .../multinode/080-openstack-exporter.sh | 1 + .../{080-grafana.sh => 090-grafana.sh} | 0 .../{090-nagios.sh => 100-nagios.sh} | 0 ...-elasticsearch.sh => 110-elasticsearch.sh} | 0 ...luent-logging.sh => 120-fluent-logging.sh} | 0 tools/deployment/multinode/120-kibana.sh | 1 - tools/deployment/multinode/130-kibana.sh | 1 + 53 files changed, 651 insertions(+), 73 deletions(-) create mode 100644 ldap/.helmignore create mode 100644 ldap/Chart.yaml create mode 100644 ldap/requirements.yaml create mode 100644 ldap/templates/_helpers.tpl create mode 100644 ldap/templates/bin/_bootstrap.sh.tpl create mode 100644 ldap/templates/configmap-bin.yaml create mode 100644 ldap/templates/configmap-etc.yaml create mode 100644 ldap/templates/job-bootstrap.yaml create mode 100644 ldap/templates/job-image-repo-sync.yaml create mode 100644 ldap/templates/service.yaml create mode 100644 ldap/templates/statefulset.yaml create mode 100644 ldap/values.yaml create mode 100755 tools/deployment/common/000-install-packages.sh create mode 100755 tools/deployment/common/005-deploy-k8s.sh create mode 100755 tools/deployment/common/030-ldap.sh rename tools/deployment/common/{050-kube-state-metrics.sh => 060-kube-state-metrics.sh} (100%) rename tools/deployment/common/{060-node-exporter.sh => 070-node-exporter.sh} (100%) rename tools/deployment/common/{070-openstack-exporter.sh => 080-openstack-exporter.sh} (100%) rename tools/deployment/common/{120-kibana.sh => 130-kibana.sh} (100%) mode change 100755 => 120000 tools/deployment/developer/000-install-packages.sh mode change 100755 => 120000 tools/deployment/developer/005-deploy-k8s.sh create mode 120000 tools/deployment/developer/030-ldap.sh rename tools/deployment/developer/{030-prometheus.sh => 040-prometheus.sh} (100%) rename tools/deployment/developer/{040-alertmanager.sh => 050-alertmanager.sh} (100%) delete mode 120000 tools/deployment/developer/050-kube-state-metrics.sh create mode 120000 tools/deployment/developer/060-kube-state-metrics.sh delete mode 120000 tools/deployment/developer/060-node-exporter.sh create mode 120000 tools/deployment/developer/070-node-exporter.sh delete mode 120000 tools/deployment/developer/070-openstack-exporter.sh create mode 120000 tools/deployment/developer/080-openstack-exporter.sh rename tools/deployment/developer/{080-grafana.sh => 090-grafana.sh} (100%) rename tools/deployment/developer/{090-nagios.sh => 100-nagios.sh} (100%) rename tools/deployment/developer/{100-elasticsearch.sh => 110-elasticsearch.sh} (100%) rename tools/deployment/developer/{110-fluent-logging.sh => 120-fluent-logging.sh} (100%) delete mode 120000 tools/deployment/developer/120-kibana.sh create mode 120000 tools/deployment/developer/130-kibana.sh create mode 120000 tools/deployment/multinode/030-ldap.sh rename tools/deployment/multinode/{030-prometheus.sh => 040-prometheus.sh} (100%) rename tools/deployment/multinode/{040-alertmanager.sh => 050-alertmanager.sh} (100%) delete mode 120000 tools/deployment/multinode/050-kube-state-metrics.sh create mode 120000 tools/deployment/multinode/060-kube-state-metrics.sh delete mode 120000 tools/deployment/multinode/060-node-exporter.sh create mode 120000 tools/deployment/multinode/070-node-exporter.sh delete mode 120000 tools/deployment/multinode/070-openstack-exporter.sh create mode 120000 tools/deployment/multinode/080-openstack-exporter.sh rename tools/deployment/multinode/{080-grafana.sh => 090-grafana.sh} (100%) rename tools/deployment/multinode/{090-nagios.sh => 100-nagios.sh} (100%) rename tools/deployment/multinode/{100-elasticsearch.sh => 110-elasticsearch.sh} (100%) rename tools/deployment/multinode/{110-fluent-logging.sh => 120-fluent-logging.sh} (100%) delete mode 120000 tools/deployment/multinode/120-kibana.sh create mode 120000 tools/deployment/multinode/130-kibana.sh diff --git a/ldap/.helmignore b/ldap/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/ldap/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/ldap/Chart.yaml b/ldap/Chart.yaml new file mode 100644 index 000000000..de67527eb --- /dev/null +++ b/ldap/Chart.yaml @@ -0,0 +1,19 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm LDAP +name: ldap +version: 0.1.0 +home: https://www.openldap.org/ +maintainers: + - name: OpenStack-Helm Authors diff --git a/ldap/requirements.yaml b/ldap/requirements.yaml new file mode 100644 index 000000000..5669e12cf --- /dev/null +++ b/ldap/requirements.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/ldap/templates/_helpers.tpl b/ldap/templates/_helpers.tpl new file mode 100644 index 000000000..c2a40b882 --- /dev/null +++ b/ldap/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "splitdomain" -}} +{{- $name := index . 0 -}} +{{- $local := dict "first" true }} +{{- range $k, $v := splitList "." $name }}{{- if not $local.first -}},{{- end -}}dc={{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/ldap/templates/bin/_bootstrap.sh.tpl b/ldap/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 000000000..3e65185a0 --- /dev/null +++ b/ldap/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,8 @@ +#!/bin/bash +set -xe + +{{- $url := tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +{{- $port := tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +LDAPHOST="ldap://{{ $url }}:{{ $port }}" +ADMIN="cn={{ .Values.secrets.identity.admin }},{{ tuple .Values.openldap.domain . | include "splitdomain" }}" +ldapadd -x -D $ADMIN -H $LDAPHOST -w {{ .Values.openldap.password }} -f /etc/sample_data.ldif diff --git a/ldap/templates/configmap-bin.yaml b/ldap/templates/configmap-bin.yaml new file mode 100644 index 000000000..e3c1b4af0 --- /dev/null +++ b/ldap/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.configmap_bin }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ldap-bin +data: +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- end }} diff --git a/ldap/templates/configmap-etc.yaml b/ldap/templates/configmap-etc.yaml new file mode 100644 index 000000000..e724e6d71 --- /dev/null +++ b/ldap/templates/configmap-etc.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.configmap_etc }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ldap-etc +data: +{{- if .Values.bootstrap.enabled }} + sample_data.ldif: | +{{ .Values.data.sample | indent 4 }} +{{- end }} +{{- end }} diff --git a/ldap/templates/job-bootstrap.yaml b/ldap/templates/job-bootstrap.yaml new file mode 100644 index 000000000..bf9668283 --- /dev/null +++ b/ldap/templates/job-bootstrap.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "ldap" "configFile" "/etc/sample_data.ldif" "keystoneUser" "admin" "openrc" "false" -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/ldap/templates/job-image-repo-sync.yaml b/ldap/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..f6e9fcb98 --- /dev/null +++ b/ldap/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ldap" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/ldap/templates/service.yaml b/ldap/templates/service.yaml new file mode 100644 index 000000000..353db51c8 --- /dev/null +++ b/ldap/templates/service.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: ldap + port: {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + selector: +{{ tuple $envAll "ldap" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{- end }} diff --git a/ldap/templates/statefulset.yaml b/ldap/templates/statefulset.yaml new file mode 100644 index 000000000..3b89a7124 --- /dev/null +++ b/ldap/templates/statefulset.yaml @@ -0,0 +1,86 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} + +{{- $serviceAccountName := "ldap" }} +{{ tuple $envAll "ldap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: ldap +spec: + serviceName: {{ tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ .Values.pod.replicas.server }} + template: + metadata: + labels: +{{ tuple $envAll "ldap" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "ldap" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + initContainers: +{{ tuple $envAll "ldap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 6 }} + containers: + - name: ldap + image: {{ .Values.images.tags.ldap }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: LDAP_DOMAIN + value: {{ .Values.openldap.domain }} + - name: LDAP_ADMIN_PASSWORD + value: {{ .Values.openldap.password }} + ports: + - containerPort: {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + volumeMounts: + - name: ldap-data + mountPath: /var/lib/ldap + - name: ldap-config + mountPath: /etc/ldap/slapd.d +{{- if not .Values.storage.pvc.enabled }} + volumes: + - name: ldap-data + hostPath: + path: {{ .Values.storage.host.data_path }} + - name: ldap-config + hostPath: + path: {{ .Values.storage.host.config_path }} +{{- else }} + volumeClaimTemplates: + - metadata: + name: ldap-data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.storage.pvc.class_name }} + resources: + requests: + storage: {{ .Values.storage.pvc.size }} + - metadata: + name: ldap-config + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.storage.pvc.class_name }} + resources: + requests: + storage: {{ .Values.storage.pvc.size }} +{{- end }} +{{- end }} diff --git a/ldap/values.yaml b/ldap/values.yaml new file mode 100644 index 000000000..42b4fdd9d --- /dev/null +++ b/ldap/values.yaml @@ -0,0 +1,236 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for ldap. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + server: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + resources: + enabled: false + server: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + mounts: + ldap_data_load: + init_container: null + ldap_data_load: + +images: + tags: + bootstrap: "docker.io/osixia/openldap:1.2.0" + ldap: "docker.io/osixia/openldap:1.2.0" + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - ldap-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + ldap: + jobs: null + bootstrap: + services: + - endpoint: internal + service: ldap + server: + jobs: + - ldap-load-data + services: + - endpoint: internal + service: ldap + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +storage: + pvc: + enabled: true + size: 2Gi + class_name: general + host: + data_path: /data/openstack-helm/ldap + config_path: /data/openstack-helm/config + +labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +bootstrap: + enabled: false + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + path: null + scheme: 'http' + port: + ldap: + default: 389 + +data: + sample: | + dn: ou=People,dc=cluster,dc=local + objectclass: organizationalunit + ou: People + description: We the People + + # NOTE: Password is "password" without quotes + dn: uid=alice,ou=People,dc=cluster,dc=local + objectClass: inetOrgPerson + objectClass: top + objectClass: posixAccount + objectClass: shadowAccount + objectClass: person + sn: Alice + cn: alice + uid: alice + userPassword: {SSHA}+i3t/DLCgLDGaIOAmfeFJ2kDeJWmPUDH + description: SHA + gidNumber: 1000 + uidNumber: 1493 + homeDirectory: /home/alice + mail: alice@example.com + + # NOTE: Password is "password" without quotes + dn: uid=bob,ou=People,dc=cluster,dc=local + objectClass: inetOrgPerson + objectClass: top + objectClass: posixAccount + objectClass: shadowAccount + objectClass: person + sn: Bob + cn: bob + uid: bob + userPassword: {SSHA}fCJ5vuW1BQ4/OfOVkkx1qjwi7yHFuGNB + description: MD5 + gidNumber: 1000 + uidNumber: 5689 + homeDirectory: /home/bob + mail: bob@example.com + + dn: ou=Groups,dc=cluster,dc=local + objectclass: organizationalunit + ou: Groups + description: We the People + + dn: cn=cryptography,ou=Groups,dc=cluster,dc=local + objectclass: top + objectclass: posixGroup + gidNumber: 418 + cn: overwatch + description: Cryptography Team + memberUID: uid=alice,ou=People,dc=cluster,dc=local + memberUID: uid=bob,ou=People,dc=cluster,dc=local + + dn: cn=blue,ou=Groups,dc=cluster,dc=local + objectclass: top + objectclass: posixGroup + gidNumber: 419 + cn: blue + description: Blue Team + memberUID: uid=bob,ou=People,dc=cluster,dc=local + + dn: cn=red,ou=Groups,dc=cluster,dc=local + objectclass: top + objectclass: posixGroup + gidNumber: 420 + cn: red + description: Red Team + memberUID: uid=alice,ou=People,dc=cluster,dc=local + +secrets: + identity: + admin: admin + ldap: ldap + +openldap: + domain: cluster.local + password: password + +manifests: + configmap_bin: true + configmap_etc: true + job_bootstrap: true + job_image_repo_sync: true + statefulset: true + service: true diff --git a/playbooks/osh-infra-dev-deploy.yaml b/playbooks/osh-infra-dev-deploy.yaml index 1974069a7..7da09e263 100644 --- a/playbooks/osh-infra-dev-deploy.yaml +++ b/playbooks/osh-infra-dev-deploy.yaml @@ -42,63 +42,69 @@ ./tools/deployment/developer/020-lma-nfs-provisioner.sh args: chdir: "{{ zuul.project.src_dir }}" + - name: Deploy LDAP + shell: | + set -xe; + ./tools/deployment/developer/030-ldap.sh + args: + chdir: "{{ zuul.project.src_dir }}" - name: Deploy Prometheus shell: | set -xe; - ./tools/deployment/developer/030-prometheus.sh + ./tools/deployment/developer/040-prometheus.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Alertmanager shell: | set -xe; - ./tools/deployment/developer/040-alertmanager.sh + ./tools/deployment/developer/050-alertmanager.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Kube-State-Metrics shell: | set -xe; - ./tools/deployment/developer/050-kube-state-metrics.sh + ./tools/deployment/developer/060-kube-state-metrics.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Node Exporter shell: | set -xe; - ./tools/deployment/developer/060-node-exporter.sh + ./tools/deployment/developer/070-node-exporter.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Prometheus OpenStack Exporter shell: | set -xe; - ./tools/deployment/developer/070-openstack-exporter.sh + ./tools/deployment/developer/080-openstack-exporter.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Grafana shell: | set -xe; - ./tools/deployment/developer/080-grafana.sh + ./tools/deployment/developer/090-grafana.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Nagios shell: | set -xe; - ./tools/deployment/developer/090-nagios.sh + ./tools/deployment/developer/100-nagios.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Elasticsearch shell: | set -xe; - ./tools/deployment/developer/100-elasticsearch.sh + ./tools/deployment/developer/110-elasticsearch.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Fluent-Logging shell: | set -xe; - ./tools/deployment/developer/110-fluent-logging.sh + ./tools/deployment/developer/120-fluent-logging.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Kibana shell: | set -xe; - ./tools/deployment/developer/120-kibana.sh + ./tools/deployment/developer/130-kibana.sh args: chdir: "{{ zuul.project.src_dir }}" diff --git a/playbooks/osh-infra-multinode-deploy.yaml b/playbooks/osh-infra-multinode-deploy.yaml index 68c0564db..958659779 100644 --- a/playbooks/osh-infra-multinode-deploy.yaml +++ b/playbooks/osh-infra-multinode-deploy.yaml @@ -26,63 +26,69 @@ ./tools/deployment/developer/020-lma-nfs-provisioner.sh args: chdir: "{{ zuul.project.src_dir }}" + - name: Deploy LDAP + shell: | + set -xe; + ./tools/deployment/multinode/030-ldap.sh + args: + chdir: "{{ zuul.project.src_dir }}" - name: Deploy Prometheus shell: | set -xe; - ./tools/deployment/multinode/030-prometheus.sh + ./tools/deployment/multinode/040-prometheus.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Alertmanager shell: | set -xe; - ./tools/deployment/multinode/040-alertmanager.sh + ./tools/deployment/multinode/050-alertmanager.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Kube-State-Metrics shell: | set -xe; - ./tools/deployment/multinode/050-kube-state-metrics.sh + ./tools/deployment/multinode/060-kube-state-metrics.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Node Exporter shell: | set -xe; - ./tools/deployment/multinode/060-node-exporter.sh + ./tools/deployment/multinode/070-node-exporter.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Prometheus OpenStack Exporter shell: | set -xe; - ./tools/deployment/multinode/070-openstack-exporter.sh + ./tools/deployment/multinode/080-openstack-exporter.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Grafana shell: | set -xe; - ./tools/deployment/multinode/080-grafana.sh + ./tools/deployment/multinode/090-grafana.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Nagios shell: | set -xe; - ./tools/deployment/multinode/090-nagios.sh + ./tools/deployment/multinode/100-nagios.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Elasticsearch shell: | set -xe; - ./tools/deployment/multinode/100-elasticsearch.sh + ./tools/deployment/multinode/110-elasticsearch.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Fluent-Logging shell: | set -xe; - ./tools/deployment/multinode/110-fluent-logging.sh + ./tools/deployment/multinode/120-fluent-logging.sh args: chdir: "{{ zuul.project.src_dir }}" - name: Deploy Kibana shell: | set -xe; - ./tools/deployment/multinode/120-kibana.sh + ./tools/deployment/multinode/130-kibana.sh args: chdir: "{{ zuul.project.src_dir }}" diff --git a/tools/deployment/common/000-install-packages.sh b/tools/deployment/common/000-install-packages.sh new file mode 100755 index 000000000..4b3129b07 --- /dev/null +++ b/tools/deployment/common/000-install-packages.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +sudo apt-get update +sudo apt-get install --no-install-recommends -y \ + ca-certificates \ + git \ + make \ + nmap \ + curl diff --git a/tools/deployment/common/005-deploy-k8s.sh b/tools/deployment/common/005-deploy-k8s.sh new file mode 100755 index 000000000..b0a3e8cc8 --- /dev/null +++ b/tools/deployment/common/005-deploy-k8s.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +make dev-deploy setup-host +make dev-deploy k8s diff --git a/tools/deployment/common/030-ldap.sh b/tools/deployment/common/030-ldap.sh new file mode 100755 index 000000000..e49406060 --- /dev/null +++ b/tools/deployment/common/030-ldap.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ldap + +#NOTE: Deploy command +helm upgrade --install ldap ./ldap \ + --namespace=openstack \ + --set storage.pvc.class_name=openstack-helm-lma-nfs \ + --set bootstrap.enabled=true + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Validate Deployment info +helm status ldap diff --git a/tools/deployment/common/050-kube-state-metrics.sh b/tools/deployment/common/060-kube-state-metrics.sh similarity index 100% rename from tools/deployment/common/050-kube-state-metrics.sh rename to tools/deployment/common/060-kube-state-metrics.sh diff --git a/tools/deployment/common/060-node-exporter.sh b/tools/deployment/common/070-node-exporter.sh similarity index 100% rename from tools/deployment/common/060-node-exporter.sh rename to tools/deployment/common/070-node-exporter.sh diff --git a/tools/deployment/common/070-openstack-exporter.sh b/tools/deployment/common/080-openstack-exporter.sh similarity index 100% rename from tools/deployment/common/070-openstack-exporter.sh rename to tools/deployment/common/080-openstack-exporter.sh diff --git a/tools/deployment/common/120-kibana.sh b/tools/deployment/common/130-kibana.sh similarity index 100% rename from tools/deployment/common/120-kibana.sh rename to tools/deployment/common/130-kibana.sh diff --git a/tools/deployment/developer/000-install-packages.sh b/tools/deployment/developer/000-install-packages.sh deleted file mode 100755 index 4b3129b07..000000000 --- a/tools/deployment/developer/000-install-packages.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -sudo apt-get update -sudo apt-get install --no-install-recommends -y \ - ca-certificates \ - git \ - make \ - nmap \ - curl diff --git a/tools/deployment/developer/000-install-packages.sh b/tools/deployment/developer/000-install-packages.sh new file mode 120000 index 000000000..d702c4899 --- /dev/null +++ b/tools/deployment/developer/000-install-packages.sh @@ -0,0 +1 @@ +../common/000-install-packages.sh \ No newline at end of file diff --git a/tools/deployment/developer/005-deploy-k8s.sh b/tools/deployment/developer/005-deploy-k8s.sh deleted file mode 100755 index b0a3e8cc8..000000000 --- a/tools/deployment/developer/005-deploy-k8s.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -make dev-deploy setup-host -make dev-deploy k8s diff --git a/tools/deployment/developer/005-deploy-k8s.sh b/tools/deployment/developer/005-deploy-k8s.sh new file mode 120000 index 000000000..257a39f7a --- /dev/null +++ b/tools/deployment/developer/005-deploy-k8s.sh @@ -0,0 +1 @@ +../common/005-deploy-k8s.sh \ No newline at end of file diff --git a/tools/deployment/developer/030-ldap.sh b/tools/deployment/developer/030-ldap.sh new file mode 120000 index 000000000..6ffe1c65a --- /dev/null +++ b/tools/deployment/developer/030-ldap.sh @@ -0,0 +1 @@ +../common/030-ldap.sh \ No newline at end of file diff --git a/tools/deployment/developer/030-prometheus.sh b/tools/deployment/developer/040-prometheus.sh similarity index 100% rename from tools/deployment/developer/030-prometheus.sh rename to tools/deployment/developer/040-prometheus.sh diff --git a/tools/deployment/developer/040-alertmanager.sh b/tools/deployment/developer/050-alertmanager.sh similarity index 100% rename from tools/deployment/developer/040-alertmanager.sh rename to tools/deployment/developer/050-alertmanager.sh diff --git a/tools/deployment/developer/050-kube-state-metrics.sh b/tools/deployment/developer/050-kube-state-metrics.sh deleted file mode 120000 index c1537e38c..000000000 --- a/tools/deployment/developer/050-kube-state-metrics.sh +++ /dev/null @@ -1 +0,0 @@ -../common/050-kube-state-metrics.sh \ No newline at end of file diff --git a/tools/deployment/developer/060-kube-state-metrics.sh b/tools/deployment/developer/060-kube-state-metrics.sh new file mode 120000 index 000000000..337fdf944 --- /dev/null +++ b/tools/deployment/developer/060-kube-state-metrics.sh @@ -0,0 +1 @@ +../common/060-kube-state-metrics.sh \ No newline at end of file diff --git a/tools/deployment/developer/060-node-exporter.sh b/tools/deployment/developer/060-node-exporter.sh deleted file mode 120000 index 5c4daa1b9..000000000 --- a/tools/deployment/developer/060-node-exporter.sh +++ /dev/null @@ -1 +0,0 @@ -../common/060-node-exporter.sh \ No newline at end of file diff --git a/tools/deployment/developer/070-node-exporter.sh b/tools/deployment/developer/070-node-exporter.sh new file mode 120000 index 000000000..7d1d767f5 --- /dev/null +++ b/tools/deployment/developer/070-node-exporter.sh @@ -0,0 +1 @@ +../common/070-node-exporter.sh \ No newline at end of file diff --git a/tools/deployment/developer/070-openstack-exporter.sh b/tools/deployment/developer/070-openstack-exporter.sh deleted file mode 120000 index cb0b54753..000000000 --- a/tools/deployment/developer/070-openstack-exporter.sh +++ /dev/null @@ -1 +0,0 @@ -../common/070-openstack-exporter.sh \ No newline at end of file diff --git a/tools/deployment/developer/080-openstack-exporter.sh b/tools/deployment/developer/080-openstack-exporter.sh new file mode 120000 index 000000000..52ddfb6eb --- /dev/null +++ b/tools/deployment/developer/080-openstack-exporter.sh @@ -0,0 +1 @@ +../common/080-openstack-exporter.sh \ No newline at end of file diff --git a/tools/deployment/developer/080-grafana.sh b/tools/deployment/developer/090-grafana.sh similarity index 100% rename from tools/deployment/developer/080-grafana.sh rename to tools/deployment/developer/090-grafana.sh diff --git a/tools/deployment/developer/090-nagios.sh b/tools/deployment/developer/100-nagios.sh similarity index 100% rename from tools/deployment/developer/090-nagios.sh rename to tools/deployment/developer/100-nagios.sh diff --git a/tools/deployment/developer/100-elasticsearch.sh b/tools/deployment/developer/110-elasticsearch.sh similarity index 100% rename from tools/deployment/developer/100-elasticsearch.sh rename to tools/deployment/developer/110-elasticsearch.sh diff --git a/tools/deployment/developer/110-fluent-logging.sh b/tools/deployment/developer/120-fluent-logging.sh similarity index 100% rename from tools/deployment/developer/110-fluent-logging.sh rename to tools/deployment/developer/120-fluent-logging.sh diff --git a/tools/deployment/developer/120-kibana.sh b/tools/deployment/developer/120-kibana.sh deleted file mode 120000 index 8f9030c60..000000000 --- a/tools/deployment/developer/120-kibana.sh +++ /dev/null @@ -1 +0,0 @@ -../common/120-kibana.sh \ No newline at end of file diff --git a/tools/deployment/developer/130-kibana.sh b/tools/deployment/developer/130-kibana.sh new file mode 120000 index 000000000..65eac6c6f --- /dev/null +++ b/tools/deployment/developer/130-kibana.sh @@ -0,0 +1 @@ +../common/130-kibana.sh \ No newline at end of file diff --git a/tools/deployment/multinode/030-ldap.sh b/tools/deployment/multinode/030-ldap.sh new file mode 120000 index 000000000..6ffe1c65a --- /dev/null +++ b/tools/deployment/multinode/030-ldap.sh @@ -0,0 +1 @@ +../common/030-ldap.sh \ No newline at end of file diff --git a/tools/deployment/multinode/030-prometheus.sh b/tools/deployment/multinode/040-prometheus.sh similarity index 100% rename from tools/deployment/multinode/030-prometheus.sh rename to tools/deployment/multinode/040-prometheus.sh diff --git a/tools/deployment/multinode/040-alertmanager.sh b/tools/deployment/multinode/050-alertmanager.sh similarity index 100% rename from tools/deployment/multinode/040-alertmanager.sh rename to tools/deployment/multinode/050-alertmanager.sh diff --git a/tools/deployment/multinode/050-kube-state-metrics.sh b/tools/deployment/multinode/050-kube-state-metrics.sh deleted file mode 120000 index c1537e38c..000000000 --- a/tools/deployment/multinode/050-kube-state-metrics.sh +++ /dev/null @@ -1 +0,0 @@ -../common/050-kube-state-metrics.sh \ No newline at end of file diff --git a/tools/deployment/multinode/060-kube-state-metrics.sh b/tools/deployment/multinode/060-kube-state-metrics.sh new file mode 120000 index 000000000..337fdf944 --- /dev/null +++ b/tools/deployment/multinode/060-kube-state-metrics.sh @@ -0,0 +1 @@ +../common/060-kube-state-metrics.sh \ No newline at end of file diff --git a/tools/deployment/multinode/060-node-exporter.sh b/tools/deployment/multinode/060-node-exporter.sh deleted file mode 120000 index 5c4daa1b9..000000000 --- a/tools/deployment/multinode/060-node-exporter.sh +++ /dev/null @@ -1 +0,0 @@ -../common/060-node-exporter.sh \ No newline at end of file diff --git a/tools/deployment/multinode/070-node-exporter.sh b/tools/deployment/multinode/070-node-exporter.sh new file mode 120000 index 000000000..7d1d767f5 --- /dev/null +++ b/tools/deployment/multinode/070-node-exporter.sh @@ -0,0 +1 @@ +../common/070-node-exporter.sh \ No newline at end of file diff --git a/tools/deployment/multinode/070-openstack-exporter.sh b/tools/deployment/multinode/070-openstack-exporter.sh deleted file mode 120000 index cb0b54753..000000000 --- a/tools/deployment/multinode/070-openstack-exporter.sh +++ /dev/null @@ -1 +0,0 @@ -../common/070-openstack-exporter.sh \ No newline at end of file diff --git a/tools/deployment/multinode/080-openstack-exporter.sh b/tools/deployment/multinode/080-openstack-exporter.sh new file mode 120000 index 000000000..52ddfb6eb --- /dev/null +++ b/tools/deployment/multinode/080-openstack-exporter.sh @@ -0,0 +1 @@ +../common/080-openstack-exporter.sh \ No newline at end of file diff --git a/tools/deployment/multinode/080-grafana.sh b/tools/deployment/multinode/090-grafana.sh similarity index 100% rename from tools/deployment/multinode/080-grafana.sh rename to tools/deployment/multinode/090-grafana.sh diff --git a/tools/deployment/multinode/090-nagios.sh b/tools/deployment/multinode/100-nagios.sh similarity index 100% rename from tools/deployment/multinode/090-nagios.sh rename to tools/deployment/multinode/100-nagios.sh diff --git a/tools/deployment/multinode/100-elasticsearch.sh b/tools/deployment/multinode/110-elasticsearch.sh similarity index 100% rename from tools/deployment/multinode/100-elasticsearch.sh rename to tools/deployment/multinode/110-elasticsearch.sh diff --git a/tools/deployment/multinode/110-fluent-logging.sh b/tools/deployment/multinode/120-fluent-logging.sh similarity index 100% rename from tools/deployment/multinode/110-fluent-logging.sh rename to tools/deployment/multinode/120-fluent-logging.sh diff --git a/tools/deployment/multinode/120-kibana.sh b/tools/deployment/multinode/120-kibana.sh deleted file mode 120000 index 8f9030c60..000000000 --- a/tools/deployment/multinode/120-kibana.sh +++ /dev/null @@ -1 +0,0 @@ -../common/120-kibana.sh \ No newline at end of file diff --git a/tools/deployment/multinode/130-kibana.sh b/tools/deployment/multinode/130-kibana.sh new file mode 120000 index 000000000..65eac6c6f --- /dev/null +++ b/tools/deployment/multinode/130-kibana.sh @@ -0,0 +1 @@ +../common/130-kibana.sh \ No newline at end of file