openstack/openstack-helm
Code Issues Proposed changes

Ceph: Setup radosgw with increased swift support.

Browse Source 
This PS updates the cephs config to deploy radosgw with greater
swift compatibility. Allowing clients to use RGW as though it
were a real swift deployment.

Change-Id: Id0a27b42b7f9c0c9e4b5a197ef50feb612e6adfc
This commit is contained in:
Pete Birley 2018-05-10 23:40:42 -05:00
parent bff3b4378e
commit d342ac40cb
23 changed files with 208 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ceph-client/values.yaml
View File

@ -26,10 +26,10 @@ images:
tags: tags:
ceph_bootstrap: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_bootstrap: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
ceph_cephfs_provisioner: 'quay.io/external_storage/cephfs-provisioner:v0.1.1' ceph_cephfs_provisioner: 'quay.io/external_storage/cephfs-provisioner:v0.1.1'
ceph_config_helper: 'docker.io/port/ceph-config-helper:v1.10.1' ceph_config_helper: 'docker.io/port/ceph-config-helper:v1.10.2'
ceph_mds: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_mds: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
ceph_mgr: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_mgr: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
ceph_rbd_pool: 'docker.io/port/ceph-config-helper:v1.10.1' ceph_rbd_pool: 'docker.io/port/ceph-config-helper:v1.10.2'
ceph_rbd_provisioner: 'quay.io/external_storage/rbd-provisioner:v0.1.1' ceph_rbd_provisioner: 'quay.io/external_storage/rbd-provisioner:v0.1.1'
ceph_rgw: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_rgw: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.1' dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.1'
@ -275,8 +275,10 @@ conf:
config: config:
rgw_keystone_api_version: 3 rgw_keystone_api_version: 3
rgw_keystone_accepted_roles: "admin, _member_" rgw_keystone_accepted_roles: "admin, _member_"
rgw_keystone_implicit_tenants: true rgw_keystone_implicit_tenants: false
rgw_keystone_make_new_tenants: true
rgw_s3_auth_use_keystone: true rgw_s3_auth_use_keystone: true
rgw_swift_account_in_url: true
ceph: ceph:
global: global:
# auth # auth
@ -488,7 +490,7 @@ endpoints:
host_fqdn_override: host_fqdn_override:
default: null default: null
path: path:
default: /swift/v1 default: /swift/v1/KEY_$(tenant_id)s
scheme: scheme:
default: http default: http
port: port:

4
ceph-mon/values.yaml
View File

@ -20,9 +20,9 @@ images:
pull_policy: IfNotPresent pull_policy: IfNotPresent
tags: tags:
ceph_bootstrap: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_bootstrap: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
ceph_config_helper: 'docker.io/port/ceph-config-helper:v1.10.1' ceph_config_helper: 'docker.io/port/ceph-config-helper:v1.10.2'
ceph_mon: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04' ceph_mon: 'docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04'
ceph_mon_check: 'docker.io/port/ceph-config-helper:v1.10.1' ceph_mon_check: 'docker.io/port/ceph-config-helper:v1.10.2'
dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.0' dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.0'
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0
local_registry: local_registry:

4
cinder/values.yaml
View File

@ -56,9 +56,9 @@ images:
cinder_scheduler: docker.io/openstackhelm/cinder:newton cinder_scheduler: docker.io/openstackhelm/cinder:newton
cinder_volume: docker.io/openstackhelm/cinder:newton cinder_volume: docker.io/openstackhelm/cinder:newton
cinder_volume_usage_audit: docker.io/openstackhelm/cinder:newton cinder_volume_usage_audit: docker.io/openstackhelm/cinder:newton
cinder_storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 cinder_storage_init: docker.io/port/ceph-config-helper:v1.10.2
cinder_backup: docker.io/openstackhelm/cinder:newton cinder_backup: docker.io/openstackhelm/cinder:newton
cinder_backup_storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 cinder_backup_storage_init: docker.io/port/ceph-config-helper:v1.10.2
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"

53
glance/templates/bin/_storage-init.sh.tpl
View File

@ -21,65 +21,74 @@ if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
SECRET=$(mktemp --suffix .yaml) SECRET=$(mktemp --suffix .yaml)
KEYRING=$(mktemp --suffix .keyring) KEYRING=$(mktemp --suffix .keyring)
function cleanup { function cleanup {
rm -f ${SECRET} ${KEYRING} rm -f "${SECRET}" "${KEYRING}"
} }
trap cleanup EXIT trap cleanup EXIT
fi fi
set -ex set -ex
if [ "x$STORAGE_BACKEND" == "xpvc" ] || [ "x$STORAGE_BACKEND" == "xswift" ]; then if [ "x$STORAGE_BACKEND" == "xpvc" ]; then
echo "No action required." echo "No action required."
elif [ "x$STORAGE_BACKEND" == "xswift" ]; then
OS_TOKEN="$(openstack token issue -f value -c id)"
OS_PROJECT_ID="$(openstack project show service -f value -c id)"
OS_SWIFT_ENDPOINT_PREFIX="$(openstack endpoint list --service swift --interface public -f value -c URL | awk -F '$' '{ print $1 }')"
OS_SWIFT_SCOPED_ENDPOINT="${OS_SWIFT_ENDPOINT_PREFIX}${OS_PROJECT_ID}"
curl -i -X POST "${OS_SWIFT_SCOPED_ENDPOINT}" \
-H "X-Auth-Token: ${OS_TOKEN}" \
-H "X-Account-Meta-Temp-URL-Key: ${SWIFT_TMPURL_KEY}"
elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then
ceph -s ceph -s
function ensure_pool () { function ensure_pool () {
ceph osd pool stats $1 || ceph osd pool create $1 $2 ceph osd pool stats "$1" || ceph osd pool create "$1" "$2"
local test_luminous=$(ceph tell osd.* version | egrep -c "12.2|luminous") local test_luminous
test_luminous=$(ceph tell osd.* version | egrep -c "12.2|luminous")
if [[ ${test_luminous} -gt 0 ]]; then if [[ ${test_luminous} -gt 0 ]]; then
ceph osd pool application enable $1 $3 ceph osd pool application enable "$1" "$3"
fi fi
} }
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "glance-image" ensure_pool "${RBD_POOL_NAME}" "${RBD_POOL_CHUNK_SIZE}" "glance-image"
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then if USERINFO=$(ceph auth get "client.${RBD_POOL_USER}"); then
KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') KEYSTR=$(echo "${USERINFO}" | sed 's/.*\( key = .*\) caps mon.*/\1/')
echo $KEYSTR > ${KEYRING} echo "${KEYSTR}" > "${KEYRING}"
else else
#NOTE(Portdirect): Determine proper privs to assign keyring #NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create client.${RBD_POOL_USER} \ ceph auth get-or-create "client.${RBD_POOL_USER}" \
mon "allow *" \ mon "allow *" \
osd "allow *" \ osd "allow *" \
mgr "allow *" \ mgr "allow *" \
-o ${KEYRING} -o "${KEYRING}"
fi fi
ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0) ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' "${KEYRING}" | base64 -w0)
cat > ${SECRET} <<EOF cat > "${SECRET}" <<EOF
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: "${RBD_POOL_SECRET}" name: "${RBD_POOL_SECRET}"
type: kubernetes.io/rbd type: kubernetes.io/rbd
data: data:
key: $( echo ${ENCODED_KEYRING} ) key: "${ENCODED_KEYRING}"
EOF EOF
kubectl apply --namespace ${NAMESPACE} -f ${SECRET} kubectl apply --namespace "${NAMESPACE}" -f "${SECRET}"
elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then elif [ "x${STORAGE_BACKEND}" == "xradosgw" ]; then
radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \ radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \
radosgw-admin user create \ radosgw-admin user create \
--uid="${RADOSGW_USERNAME}" \ --uid="${RADOSGW_USERNAME}" \
--display-name="${RADOSGW_USERNAME} user" --display-name="${RADOSGW_USERNAME} user"
radosgw-admin subuser create \ radosgw-admin subuser create \
--uid=${RADOSGW_USERNAME} \ --uid="${RADOSGW_USERNAME}" \
--subuser=${RADOSGW_USERNAME}:swift \ --subuser="${RADOSGW_USERNAME}:swift" \
--access=full --access=full
radosgw-admin key create \ radosgw-admin key create \
--subuser=${RADOSGW_USERNAME}:swift \ --subuser="${RADOSGW_USERNAME}:swift" \
--key-type=swift \ --key-type=swift \
--secret=${RADOSGW_PASSWORD} --secret="${RADOSGW_PASSWORD}"
radosgw-admin user modify \ radosgw-admin user modify \
--uid=${RADOSGW_USERNAME} \ --uid="${RADOSGW_USERNAME}" \
--temp-url-key=${RADOSGW_TMPURL_KEY} --temp-url-key="${RADOSGW_TMPURL_KEY}"
fi fi

7
glance/templates/job-storage-init.yaml
View File

@ -116,6 +116,13 @@ spec:
- name: RADOSGW_TMPURL_KEY - name: RADOSGW_TMPURL_KEY
value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }} value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
{{ end }} {{ end }}
{{- if eq .Values.storage "swift" }}
- name: SWIFT_TMPURL_KEY
value: {{ .Values.endpoints.object_store.auth.glance.tmpurlkey | quote }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
{{ end }}
command: command:
- /tmp/storage-init.sh - /tmp/storage-init.sh
volumeMounts: volumeMounts:

21
glance/values.yaml
View File

@ -39,7 +39,7 @@ release_group: null
images: images:
tags: tags:
test: docker.io/kolla/ubuntu-source-rally:4.0.0 test: docker.io/kolla/ubuntu-source-rally:4.0.0
glance_storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 glance_storage_init: docker.io/port/ceph-config-helper:v1.10.2
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
glance_db_sync: docker.io/openstackhelm/glance:newton glance_db_sync: docker.io/openstackhelm/glance:newton
db_drop: docker.io/openstackhelm/heat:newton db_drop: docker.io/openstackhelm/heat:newton
@ -411,6 +411,8 @@ dependencies:
- endpoint: internal - endpoint: internal
service: image service: image
storage_init: storage_init:
jobs:
- glance-ks-user
services: null services: null
tests: tests:
services: services:
@ -578,6 +580,23 @@ endpoints:
default: 5672 default: 5672
http: http:
default: 15672 default: 15672
object_store:
name: swift
namespace: ceph
auth:
glance:
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /swift/v1/KEY_$(tenant_id)s
scheme:
default: http
port:
api:
default: 8088
ceph_object_store: ceph_object_store:
name: radosgw name: radosgw
namespace: ceph namespace: ceph

2
gnocchi/values.yaml
View File

@ -24,7 +24,7 @@ release_group: null
images: images:
tags: tags:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
gnocchi_storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 gnocchi_storage_init: docker.io/port/ceph-config-helper:v1.10.2
db_init_indexer: docker.io/postgres:9.5 db_init_indexer: docker.io/postgres:9.5
# using non-kolla images until kolla supports postgres as # using non-kolla images until kolla supports postgres as
# an indexer # an indexer

1
ironic/templates/bin/_ironic-api.sh.tpl
View File

@ -22,6 +22,7 @@ COMMAND="${@:-start}"
function start () { function start () {
exec ironic-api \ exec ironic-api \
--config-file /etc/ironic/ironic.conf \ --config-file /etc/ironic/ironic.conf \
--config-file /tmp/pod-shared/swift.conf \
--config-file /tmp/pod-shared/cleaning-network.conf --config-file /tmp/pod-shared/cleaning-network.conf
} }

1
ironic/templates/bin/_ironic-conductor.sh.tpl
View File

@ -24,4 +24,5 @@ mkdir -p /var/lib/openstack-helm/ironic/master_images
exec ironic-conductor \ exec ironic-conductor \
--config-file /etc/ironic/ironic.conf \ --config-file /etc/ironic/ironic.conf \
--config-file /tmp/pod-shared/conductor-local-ip.conf \ --config-file /tmp/pod-shared/conductor-local-ip.conf \
--config-file /tmp/pod-shared/swift.conf \
--config-file /tmp/pod-shared/cleaning-network.conf --config-file /tmp/pod-shared/cleaning-network.conf

35
ironic/templates/bin/_retreive-swift-config.sh.tpl Normal file
View File

@ -0,0 +1,35 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
OS_SWIFT_ENDPOINT="$(openstack endpoint list \
--service swift \
--interface public \
-f value \
-c URL | head -1 )"
OS_SWIFT_HOST_AND_PATH_PREFIX="$(echo "${OS_SWIFT_ENDPOINT}" | awk -F "/${OS_SWIFT_API_VERSION}" '{ print $1 }')"
OS_SWIFT_ACCOUNT_PREFIX="$(echo "${OS_SWIFT_ENDPOINT}" | awk -F "/${OS_SWIFT_API_VERSION}/" '{ print $NF }' | awk -F '$' '{ print $1 }')"
OS_PROJECT_ID="$(openstack project show ${OS_PROJECT_NAME} -f value -c id)"
OS_SWIFT_ACCOUNT="$(echo "${OS_SWIFT_ACCOUNT_PREFIX}${OS_PROJECT_ID}")"
tee /tmp/pod-shared/swift.conf <<EOF
[glance]
swift_endpoint_url: "${OS_SWIFT_HOST_AND_PATH_PREFIX}"
swift_account: "${OS_SWIFT_ACCOUNT}"
EOF

2
ironic/templates/configmap-bin.yaml
View File

@ -34,6 +34,8 @@ data:
{{ tuple "bin/_manage-cleaning-network.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_manage-cleaning-network.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
retreive-cleaning-network.sh: | retreive-cleaning-network.sh: |
{{ tuple "bin/_retreive-cleaning-network.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_retreive-cleaning-network.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
retreive-swift-config.sh: |
{{ tuple "bin/_retreive-swift-config.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-init.py: | db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} {{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: | db-sync.sh: |

16
ironic/templates/configmap-etc.yaml
View File

@ -68,19 +68,19 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.glance "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.glance "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.project_name -}} {{- if empty .Values.conf.ironic.glance.project_name -}}
{{- set .Values.conf.ironic.glance "project_name" .Values.endpoints.identity.auth.ironic.project_name | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.project_domain_name -}} {{- if empty .Values.conf.ironic.glance.project_domain_name -}}
{{- set .Values.conf.ironic.glance "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.user_domain_name -}} {{- if empty .Values.conf.ironic.glance.user_domain_name -}}
{{- set .Values.conf.ironic.glance "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.username -}} {{- if empty .Values.conf.ironic.glance.username -}}
{{- set .Values.conf.ironic.glance "username" .Values.endpoints.identity.auth.ironic.username | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.password -}} {{- if empty .Values.conf.ironic.glance.password -}}
{{- set .Values.conf.ironic.glance "password" .Values.endpoints.identity.auth.ironic.password | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -173,11 +173,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.swift_endpoint_url -}} {{- if empty .Values.conf.ironic.glance.swift_endpoint_url -}}
{{- tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| trimSuffix .Values.endpoints.ceph_object_store.path.default | set .Values.conf.ironic.glance "swift_endpoint_url" | quote | trunc 0 -}} {{- tuple "object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| trimSuffix .Values.endpoints.object_store.path.default | set .Values.conf.ironic.glance "swift_endpoint_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.glance.swift_temp_url_key -}} {{- if empty .Values.conf.ironic.glance.swift_temp_url_key -}}
{{- set .Values.conf.ironic.glance "swift_temp_url_key" .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote | trunc 0 -}} {{- set .Values.conf.ironic.glance "swift_temp_url_key" .Values.endpoints.object_store.auth.glance.tmpurlkey | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.api.port -}} {{- if empty .Values.conf.ironic.api.port -}}
@ -196,4 +196,4 @@ data:
{{ toJson .Values.conf.policy | indent 4 }} {{ toJson .Values.conf.policy | indent 4 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file") | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file") | indent 2 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf") | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf") | indent 2 }}
{{- end }} {{- end }}

19
ironic/templates/deployment-api.yaml
View File

@ -46,6 +46,25 @@ spec:
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
initContainers: initContainers:
{{ tuple $envAll "api" $mounts_ironic_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "api" $mounts_ironic_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ironic-retrive-swift-config
image: {{ .Values.images.tags.ironic_retrive_swift_config }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: OS_SWIFT_API_VERSION
value: {{ .Values.conf.ironic.glance.swift_api_version | quote }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command:
- /tmp/retreive-swift-config.sh
volumeMounts:
- name: ironic-bin
mountPath: /tmp/retreive-swift-config.sh
subPath: retreive-swift-config.sh
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
- name: ironic-retrive-cleaning-net - name: ironic-retrive-cleaning-net
image: {{ .Values.images.tags.ironic_retrive_cleaning_network }} image: {{ .Values.images.tags.ironic_retrive_cleaning_network }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}

2
ironic/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ironic" }} {{- range $key1, $userClass := tuple "admin" "ironic" "glance" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

19
ironic/templates/statefulset-conductor.yaml
View File

@ -96,6 +96,25 @@ spec:
readOnly: true readOnly: true
- name: pod-shared - name: pod-shared
mountPath: /tmp/pod-shared mountPath: /tmp/pod-shared
- name: ironic-retrive-swift-config
image: {{ .Values.images.tags.ironic_retrive_swift_config }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: OS_SWIFT_API_VERSION
value: {{ .Values.conf.ironic.glance.swift_api_version | quote }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command:
- /tmp/retreive-swift-config.sh
volumeMounts:
- name: ironic-bin
mountPath: /tmp/retreive-swift-config.sh
subPath: retreive-swift-config.sh
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
- name: ironic-retrive-cleaning-net - name: ironic-retrive-cleaning-net
image: {{ .Values.images.tags.ironic_retrive_cleaning_network }} image: {{ .Values.images.tags.ironic_retrive_cleaning_network }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}

50
ironic/values.yaml
View File

@ -34,6 +34,7 @@ images:
tags: tags:
ironic_manage_cleaning_network: docker.io/openstackhelm/heat:newton ironic_manage_cleaning_network: docker.io/openstackhelm/heat:newton
ironic_retrive_cleaning_network: docker.io/openstackhelm/heat:newton ironic_retrive_cleaning_network: docker.io/openstackhelm/heat:newton
ironic_retrive_swift_config: docker.io/openstackhelm/heat:newton
# Bootstrap image requires curl # Bootstrap image requires curl
bootstrap: docker.io/openstackhelm/heat:newton bootstrap: docker.io/openstackhelm/heat:newton
db_init: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton
@ -109,7 +110,10 @@ conf:
glance: glance:
auth_type: password auth_type: password
swift_temp_url_duration: 86400 swift_temp_url_duration: 86400
temp_url_endpoint_type: radosgw temp_url_endpoint_type: swift
swift_container: glance
swift_api_version: v1
auth_section: glance
inspector: inspector:
auth_type: password auth_type: password
keystone_authtoken: keystone_authtoken:
@ -117,7 +121,6 @@ conf:
auth_version: v3 auth_version: v3
neutron: neutron:
auth_type: password auth_type: password
cleaning_network_uuid: null
pxe: pxe:
pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1" pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1"
images_path: /var/lib/openstack-helm/ironic/images images_path: /var/lib/openstack-helm/ironic/images
@ -280,6 +283,7 @@ secrets:
identity: identity:
admin: ironic-keystone-admin admin: ironic-keystone-admin
ironic: ironic-keystone-user ironic: ironic-keystone-user
glance: ironic-glance-keystone-user
oslo_db: oslo_db:
admin: ironic-db-admin admin: ironic-db-admin
ironic: ironic-db-user ironic: ironic-db-user
@ -314,6 +318,14 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
glance:
role: admin
region_name: RegionOne
username: glance
password: password
project_name: service
user_domain_name: default
project_domain_name: default
ironic: ironic:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
@ -368,23 +380,6 @@ endpoints:
api: api:
default: 9292 default: 9292
public: 80 public: 80
ceph_object_store:
name: radosgw
namespace: ceph
auth:
glance:
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
oslo_db: oslo_db:
auth: auth:
admin: admin:
@ -451,6 +446,23 @@ endpoints:
api: api:
default: 9696 default: 9696
public: 80 public: 80
object_store:
name: swift
namespace: ceph
auth:
glance:
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /swift/v1/KEY_$(tenant_id)s
scheme:
default: http
port:
api:
default: 8088
pod: pod:
affinity: affinity:

0
tools/deployment/baremetal/080-keystone.sh → tools/deployment/baremetal/070-keystone.sh
View File

1
tools/deployment/baremetal/080-ceph-radosgateway.sh Symbolic link
View File

@ -0,0 +1 @@
../developer/ceph/110-ceph-radosgateway.sh

2
tools/deployment/developer/ceph/120-glance.sh
View File

@ -22,7 +22,7 @@ make glance
#NOTE: Deploy command #NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""} : ${OSH_EXTRA_HELM_ARGS:=""}
#NOTE(portdirect), this could be: radosgw, rbd, swift or pvc #NOTE(portdirect), this could be: radosgw, rbd, swift or pvc
: ${GLANCE_BACKEND:="radosgw"} : ${GLANCE_BACKEND:="swift"}
helm upgrade --install glance ./glance \ helm upgrade --install glance ./glance \
--namespace=openstack \ --namespace=openstack \
--set storage=${GLANCE_BACKEND} \ --set storage=${GLANCE_BACKEND} \

8
tools/gate/playbooks/ironic-deploy.yaml
View File

@ -75,7 +75,13 @@
- name: Deploy Keystone - name: Deploy Keystone
shell: | shell: |
set -xe; set -xe;
./tools/deployment/baremetal/080-keystone.sh ./tools/deployment/baremetal/070-keystone.sh
args:
chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy Ceph RadosGW Endpoints
shell: |
set -xe;
./tools/deployment/baremetal/080-ceph-radosgateway.sh
args: args:
chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
- name: Deploy Glance - name: Deploy Glance

14
tools/images/ceph-config-helper/Dockerfile
View File

@ -1,7 +1,7 @@
FROM docker.io/ubuntu:xenial FROM docker.io/ubuntu:xenial
MAINTAINER pete.birley@att.com MAINTAINER pete.birley@att.com
ARG KUBE_VERSION=v1.10.1 ARG KUBE_VERSION=v1.10.2
ARG CEPH_RELEASE=luminous ARG CEPH_RELEASE=luminous
ADD https://download.ceph.com/keys/release.asc /etc/apt/ceph-release.asc ADD https://download.ceph.com/keys/release.asc /etc/apt/ceph-release.asc
@ -19,13 +19,21 @@ RUN set -ex ;\
ca-certificates \ ca-certificates \
ceph \ ceph \
curl \ curl \
gcc \
python \ python \
python-dev \
jq ;\ jq ;\
curl -sSL https://bootstrap.pypa.io/get-pip.py | python ;\ curl -sSL https://bootstrap.pypa.io/get-pip.py | python ;\
pip --no-cache-dir install --upgrade \ pip --no-cache-dir install --upgrade \
crush \ crush \
six ;\ six \
python-openstackclient \
python-swiftclient ;\
curl -sSL https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz | tar -zxv --strip-components=1 ;\ curl -sSL https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz | tar -zxv --strip-components=1 ;\
mv ${TMP_DIR}/client/bin/kubectl /usr/bin/kubectl ;\ mv ${TMP_DIR}/client/bin/kubectl /usr/bin/kubectl ;\
chmod +x /usr/bin/kubectl ;\ chmod +x /usr/bin/kubectl ;\
rm -rf ${TMP_DIR} rm -rf ${TMP_DIR} ;\
apt-get purge -y --auto-remove \
python-dev \
gcc ;\
rm -rf /var/lib/apt/lists/*

2
tools/images/ceph-config-helper/Makefile
View File

@ -19,7 +19,7 @@ DOCKER_REGISTRY ?= docker.io
IMAGE_NAME ?= ceph-config-helper IMAGE_NAME ?= ceph-config-helper
IMAGE_PREFIX ?= openstackhelm IMAGE_PREFIX ?= openstackhelm
IMAGE_TAG ?= latest IMAGE_TAG ?= latest
KUBE_VERSION ?= v1.10.1 KUBE_VERSION ?= v1.10.2
LABEL ?= putlabelshere LABEL ?= putlabelshere
IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG} IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}

2
tools/images/ceph-config-helper/README.rst
View File

@ -31,7 +31,7 @@ repo run:
.. code:: bash .. code:: bash
export KUBE_VERSION=v1.10.1 export KUBE_VERSION=v1.10.2
sudo docker build \ sudo docker build \
--network host \ --network host \
--build-arg KUBE_VERSION=${KUBE_VERSION} \ --build-arg KUBE_VERSION=${KUBE_VERSION} \