Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Rebasing openstack-helm repo
Changes from below commits are been added as part of rebase

Cinder: allow Ceph RBD pool params to be tuned

This PS exposes the Ceph RBD pool params to the cinder chart, allowing
them to be tuned.

Change-Id: I615e999928948193b24cc4978efb31bd1b36f8f7

Armada check: Enable storage for OSH-infra services

This enables storage for the osh-infra services running in the
armada job

Change-Id: Ic0f11a9d161529c6fb58474e856032745b07a032

remove trailing ws

Change-Id: Ida8e4a5d072f8dff635dfffd4336d697ab1d4753

Add ldap support

This patch set adds python ldap support  to keystone.

Change-Id: I420612555d92f6fb932f2f210cc36f3f7f5afc97
Signed-off-by: Tin Lam <tin@irrational.io>

Reduce the number of workers spawned by services

This PS reduces the number of processes spawned by services, as
with Kubernetes load distribution can be better managed by a larger
number of single threaded pods (up to a certain point) and doing so
also provides both increased avilibility, leading to smoother rolling
updates. In addtion when running single replicas resource consuption
is reduced.

Change-Id: Ifb7494a0804913d843a072e10d26c6ec53c3bd16

DB-Drop-Jobs: consolidate to helm-toolkit

This PS consolidates the DB-Drop Job to helm-toolkit.

Change-Id: Ia2b035d730bf612086a9fd9b5d14aba494f56dc7

Add trustee domain

This patch set allows for searching the trustee user in a specified
domain rather than just the "default" domain.

Change-Id: I53ee6816e02c25e577244015fe5aea0870e0fd32
Signed-off-by: Tin Lam <tin@irrational.io>

Add Makefile

This patchset adds a Makefile for each component under tools/images

Change-Id: I84d8bda0313e921f0921dfef10d14469ed26ff5c

Ingress controller service: consolidate to helm-toolkit

This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.

Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe

Cinder: Fix sudoers reference in configmap

The cinder_sudoers entry in the cinder configmap-etc was consuming
the neutron_sudoers entry in the values.yaml. This corrects it to
point at cinder_sudoers instead

Change-Id: I214912b3ed4185a201f4f94e82eaa50d6d321018

Cinder: Fix default uid for cinder user with loci images

This PS corrects the UID for the cinder user used with loci images
in the cinder chart.

Change-Id: I1001711928fb47e77f01c8e83f88ec317a46498e

glance-api: add dependency on message bus

without this the api starts up in a non-working state, the bootstrap
job then runs and give is images which are stuck queued

Change-Id: Ie3e03620618b1c46882c05b3a5ef8745c78af6a3

Neutron: SR-IOV support

This PS adds SR-IOV Support to OSH.

Change-Id: Ia744c6d7c4a45be7728bba3213b50f1246b897db

Cinder: add qemu profile to cinder images

This PS adds the qemu profile to cinder images

Change-Id: I91f457471b0b9ae7d83a29ff6521ee319eea44f7

Add LDAP-backed domain gate

This patch set adds a nv-gating with an OpenLDAP server with some sample
data loaded for development or testing use using a bootstrap job.
This patch set also adds confirming authentication works using  domain-
specific configuration for keystone.

Consolidated change from: https://review.openstack.org/#/c/552976/
Co-Authored-By: Gage Hugo <gagehugo@gmail.com>

Change-Id: I1aeccffc018d0fcefc8e2b15a4ac6b83cb2be8b6
Signed-off-by: Tin Lam <tin@irrational.io>

Nova: Fix sudoers location in nova-etc configmap

The nova_sudoers entry in the nova configmap-etc was consuming
the neutron_sudoers entry in the values.yaml. This corrects it to
point at nova_sudoers instead

Change-Id: I621c817c579cc1c31fa51b1a0f49a43a652784a2

neutron: allow creation of ovs bridges with no ports

it's valid to create a bridge and not add ports; this restores that
ability

Change-Id: I46881fe3ee48a56a796abe8cf2036eba9e4064e1

Use pod dependencies in nova chart

Changes nova chart to depend on neutron pod labels instead of daemonsets
in order to prepare for utilizing daemonset overrides in neutron chart,
Utilizes a new feature of kubernetes-entrypoint, pod dependencies, added
to kubernetes-entrypoint in v0.3.0.

Change-Id: Ic79ddc1b7f477195c5b3dfd630df4d78d7589030

Use pod dependencies in neutron chart

Changes neutron chart to depend on pod labels instead of daemonsets.

Change-Id: Ieaa2f2863864229a4f6587c3e66fa661b9b7ef81

Add tls support for ldap

This patch set adds TLS support for keystone LDAP.

External-tracking: OSH#555

Change-Id: Ice32a31a712b8534a5d1a8f90a8a203710bdb9a9
Signed-off-by: Tin Lam <tin@irrational.io>

Barbican: Include missing image build

This PS adds the misisng image build commands for the barbican image.

Change-Id: I72085d20a098005bf79074f0f3297658de69f54c

Libvirt: Update ubuntu package version

This PS updates the libvirt package version.

Change-Id: I3d5f0cfc25412c1dcc4c70d5f060bc9a1541e68a

Polish TLS patch set

This patch set performs non-critical polish fix to [0].

[0] https://review.openstack.org/#/c/552171/

Change-Id: I5bbb64d5af65782665fd659886e55e25bac61452
Signed-off-by: Tin Lam <tin@irrational.io>

Document usage of pod dependencies

Replace references to daemonset dependencies with pod dependencies in
docs.

Change-Id: I252089006929d7e218ebfc4f98d49c4650143a7e

Use v0.3.0 of kubernetes-entrypoint

This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.

Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8

Document node and label specific configurations

This PS adds documentation for node and label specific configurations.

Change-Id: I2bb02bfa028a61b2d8a9206eaff305590664946f

Ingress: support arbitary hostnames.

This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.

Change-Id: I44411687f756968d00178d487af66c2393e6bde0

Revert "Changed MariaDB version to 10.2.13"

This reverts commit 81bf5f3 back to
MariaDB 10.1.23 which we know works with clustering enabled
(pod.replicas.server > 1).

Change-Id: Ibf70dbab78f03d32e1ec96e99ac8db59d23cb96e

Horizon enable v3 keystone support.

This PS enables v3 kesytone support in horizon.

Change-Id: If176617d37efc19925c2dc5a65d992086442fd70

Neutron: agent host targetting

This PS adds the ablity to target different configs to different
hosts for the nutron agents, in the same manner as nova-compute.

Change-Id: Iebd87e30014d6cac2127c7e1a14259b10d74fbf8

Detect and enable hugepage support for QEMU

Change-Id: I3284c0f8f8946a36a63871dc57e287fbe7260490

MariaDB: Update to 10.2.13; patching wsrep_sst_xtrabackup-v2

Recent versions of MariaDB (10.1.31, 10.2.13) have a regression that
breaks clustering.  See MariaDB/server#457 and
MariaDB/server@4e6dab9
for an in depth explanation.

We need 10.2.13+ for Barbican to function correctly (see bug #1734329)
but we also need the fix above to support MariaDB clustering.

This work-around can be removed later on when MariaDB 10.2.x releases
contain the needed script fix.

Thanks to Sam Yample <sam@yaple.net> for helping track this down.

Change-Id: Ifd09d7effe7d382074ca9e6678df36bdd4bce0af

gate: fix ceph on centos

Change-Id: Id006bc4c81cfb4b3d72168f1da4ff1220c758e34

Neutron: SR-IOV agent template fix

This PS fixes the template rendered in the neutron SR-IOV agent
manifest.

Change-Id: Ib221213c8df94613a2dcf12e2615442db0684794

Nova: Update endpoint path to 2.1

This PS updates the Nova endpoint to use v2.1, which makes tempest
happy.

Change-Id: I1fbda225820cdc3b40be27198cc44caa15fac156

MariaDB: use multiple replicas in multinode gates

Change-Id: Ibea3f0270bed830c8b13eafc5f196f30601c13c3

fix typos in documentation

Change-Id: Idb156b0141e177041de5c79b2118d682808d45aa

Neutron: Move all config to be directly values driven.

This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: Ifcbc19b17aa1d145f12ed1aed8b15a69ca045bb7

Ceph: Increase period between livenessProbe checks

This PS udpates the frequency and initial delay on the mons
livenessProbe, to allow time for the cluster to restart if mons
get into a crashloop backoff following power outage.

Change-Id: Iea74c4d52882a157a84f4f12bc411f2014869f99

Gate: disable ubuntu multinode voting gate.

This PS disables the multinode ubuntu gate from voting, which has
been failing due to -infra issues - and severly hampering development
work as a result.

Change-Id: I411ebe20ba19c52475b559952712faf742343673

Cinder: Move all config to be directly values driven.

This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: I286af7434aab6de941f9700a7fbf70c6dd0ee4cb

Horizon: Move all config to be directly values driven.

This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: I7e16585c9ef49275327d19a48f00bad192dc4923

Update heat bootstrap scripts

This patch set adds in two roles for heat: heat_stack_owner
and heat_stack_user as outlined in the Newton [0] and Ocata [1],
as well as assigning roles.

[0] https://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
[1] https://docs.openstack.org/project-install-guide/orchestration/ocata/install-ubuntu.html

Change-Id: I8510ae114448cc1985c11e9b337b9697a379a920
Signed-off-by: Tin Lam <tin@irrational.io>
Co-Authored-By: Pete Birley <pete@port.direct>

Ingress: Give arbitary fqdns a different name from namespaced rules

This PS gives ingress rules attached to the cluster wide ingress
controller the suffix -fqdn to allow them to be used.

Change-Id: I7de85e349fb609b8380070030579b9b4767e72d1

Fix indent on Postgres pod resources

- Properly align the `resources` key in the Postgres
  server pod spec.

Change-Id: Ia17cdabd38291c1365aab7aca71dd59ee9a32b4f

fix the vms turn transient after libvirt pod restarts

After libvirt pod restarts, the virtual machines created before
turn transient ,then opetrate these vms ,nova-compute will throw
exception. This is because that the directory /etc/libivrt/qemu
in pod contains vitual machines xml files and it is temporary,
the xmls files disappear after the pod restarts, so we mount it
to hostpath /etc/libvirt/qemu.

Change-Id: I48fd712c2b0565cb2cfe850482e8501f4e5022a4
Closed-bug: 1760003

Gate: Update heat templates and enable cinder in ceph dev pipeline

This PS updates the heat templates, reducing the size of the
launched vm. In addition cinder is enabled in the ceph dev
pipeline, this is possible due to the resources no longer
consumed by the test vm.

Change-Id: I9efe6fe643c636b660dd54b60dfe7c8785d7fec2

Add gate for rbd storage backend.

This PS allows to test rbd storage backend when apply glance. Currently,
only radosgw is verified after ceph distribution.

Change-Id: Ia3c2c915a2e9a65b09123b8e1c47892069c9ae1b
Blueprint: add-rbd-gate

Ceph: Update images and references

This PS udpdates the Ceph charts images and references.

Change-Id: I52b6577cdad58a21848f7eb31abb66ebdc47d81e

Ceph: Move all config to be directly values driven.

This PS moves all the keyring templates to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: I7752cbfdeef85f71a1a084437556de062cbb5680

Helm-Toolkit: Reduce delta between OSH and OSH-Infra

This PS reduces the delta between OSH and OSH-Infra helm toolkits.

Change-Id: I5026b0238555513f8415a864adf4e91e81e3fbd8

Helm-Toolkit: Reduce delta between OSH and OSH-Infra to image repo

This PS reduces the delta between OSH and OSH-Infra helm toolkits
to simply the image repo management functions.

Change-Id: I62a169cff39a96f98ec2b5664d483db26c771e4c

Rally: remove unused config template

This PS removes an unused config template in the rally chart,
and also cleans up some whitespace issues.

Change-Id: Iaf6168e377aaf9a2b895af8c8a76b5cb420bb5e8

Rally: Move all heat templates to be directly values driven.

This PS moves all the heat templates to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: Iebe382bd7945abe9bfbb30c4cf48c53f17fcb1f4

Glance: Move all config to be directly values driven.

This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: Ida5d9e312cc18cb50f5805a59f9fc4fef1a98658

Gnocchi: move to use templater for apache config

This PS moves gnocchi to use the templater function for its apache
config.

Change-Id: I9b179db066867f00b8cd8cdbf92d37ea2dc8836d

Ironic: Move all config to be directly values driven.

This PS moves all the config files to be directly values driven,
both simplifying over-ride and allowing configs to be targeted
to pods in future work.

Change-Id: I177ddfe8c932733aeacb0fdb9b3e60ef75881c6a

Fix document ref link

A link referencing software verion is broken (404). This patch set updates
the link the correct ansible var yaml file.

Change-Id: I9383ad2bee1fa4671606a9ce19fa3965adcc2c52
Signed-off-by: Tin Lam <tin@irrational.io>

Ceph: Make mon deployment compatible with k8s >= 1.10

This PS updates the ceph chart to work with newer versions of K8s
which always mounts configmaps as read-only.

Change-Id: If96dec4af385ed1ce210f2d4f63e09c89ec82c76

Ceph: Mgr: force key creation on each restart

This PS forces keyring creation on each start of the mgr container.

It resolves an issue found following k8s outage, where sometimes
the key is not created correctly the 1st time the container starts.

Change-Id: I7e642ca49883ac823196730362b796cd52cd841c

RabbitMQ: only request 256Mi for PVC by default

Change-Id: I94a30b16390a035fe6df3fd0f4a95b6ea000d8fe

Move openstack-helm-multinode-(centos|fedora) to experimental pipeline

To help conserve resources move the centos / fedora multinode jobs
into the experimental pipeline. The will mean we are no longer using
10 nodes on every patchset.

These jobs have been non-voting for 3+ months, and will help reduce
the number of nodes needed by the helm project.

The jobs can still be run using 'check experimental' but now on
demand. And once they have been properly fixed can be moved back into
check / gate pipelines.

Change-Id: I6f5c6362749b7beb3e9f0ccff2b75d6b99d809d8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

Storage: increase robustness of storage clean jobs

This PS increases the robustness of storage cleaning jobs by
precreating the service accounts and roles for the pod to consume,
and removes the potential for race conditions by removing the delete
hook.

Change-Id: I1f3c35fe2bd2a4325430e8025951349526f683af

Add robust ldap domain-specific config

This patch set provides PATCH capability for ldap-backed domain config,
and prevents silent failure if the configuration contains erroneous
setting.  This also moves from loading .conf files into DB directly,
and uses the API endpoints.

Change-Id: I17a19046fa96e0f3e8fb029c156ba79c924a0097
Signed-off-by: Tin Lam <tin@irrational.io>

osh-gate: Move to use roles from openstack-helm-infra

This moves to consume the roles from openstack-helm-infra
in the openstack-helm gates

Depends-On: https://review.openstack.org/559836
Change-Id: I3ed721333b899f8dde812f1843a9fcb074c63121

ldap: merge yaml for dependencies

Change-Id: I539a8dfa6903a60ccc013ee82dd4d3be4e3ff0df

senlin: yaml indentation fixes

Change-Id: I79c97747fa8494813ff27a471fac2be2b4b6ad5f

mistral: yaml indentation fixes

Change-Id: I93d1701cfc629dabc07550c0fbe0a754b77e7bcc

Add validation to domain logic

This patch set addresses the comments left in [0] by fixing the header
information in the python template file and adding logic to query the
domain specific logic.

[0]https://review.openstack.org/#/c/559191/

Change-Id: I656d7ac8158f9b40246ac739e4dc4fc88e1e43da
Signed-off-by: Tin Lam <tin@irrational.io>

openvswitch: use pidfile option

Make appctl to search pidfile for exit command as pid 1 is not
always the target process in some cases. For example, pid 1 is
"pause" when pid namespace sharing is enabled in your k8s cluster.

Change-Id: I90e202245a9522fe53bea7e1f047061a0a280834

memcached: yaml indentation fixes

Change-Id: Ib10c7f03d24cb39feb7f3eb7e35a21b0257b478c

keystone: yaml indentation fixes

Change-Id: Ic402d57f2b0a0a625164a294760476725faea3aa

nova: yaml indentation fixes

Change-Id: I45b6c691ce9ea4bb1cd4607efcf71a2dc068be3c

glance: yaml indentation fixes

Change-Id: Icf7366d44dbe8b6cba96a5ba781cd76a55278b18

cinder: yaml indentation fixes

Change-Id: Ia59b2822dbe40ab7431987b2dc55e00067275f86

heat: yaml indentation fixes

Change-Id: Ia514170edf2498abaedcf07872ea7e383e847f89

neutron: yaml indentation fixes

Change-Id: I579091fa21fcd0429bdc13df6cb2dfbeb8ae4a8e

Nova: NoVNCProxy Ingress

This PS adds ingress rules and config for nova's novncproxy.

Change-Id: Ibc89e67c8ee6c93d8ee3e798dec10e976c002cab

magnum: yaml indentation fixes

Change-Id: Ia504ee55f3b44250725043b240b9465e22491ded

RabbitMQ: recover from full cluster restart

This PS updates the RabbitMQ chart to name nodes via their hostnames
rather than IPs - allowing the cluster (and single nodes) to be
restarted without impact.

Additionally the rabbitmq managment interface is exposed and basic
helm tests have been added.

Change-Id: I84857d9f3697eaa8491aafaf6ee3b9d47dbf2191

zuul: yaml indent/cleanup

Change-Id: I915c40eb0d62949eaa7041ff1fe62e3a681763df

Fixes/Updates OSH Developer and Multinode install guide

This PS fixes few typos and adds DNS entry update section
to notify user.

Closes-Bug: #1765459
Change-Id: I59f5c90aaa06a5996c3ddb7a7b1bd3c4adfe0eb7
  • Loading branch information
madhukar32 authored and mnayakbomman@juniper.net committed Apr 19, 2018
1 parent eb0d16f commit 94b2d95
Show file tree
Hide file tree
Showing 254 changed files with 6,524 additions and 6,322 deletions.
73 changes: 4 additions & 69 deletions barbican/templates/job-db-drop.yaml
Expand Up @@ -15,73 +15,8 @@ limitations under the License.
*/}}

{{- if .Values.manifests.job_db_drop }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.static.db_drop }}

{{- $randStringSuffix := randAlphaNum 5 | lower }}

{{- $serviceAccountName := print "barbican-db-drop-" $randStringSuffix }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ print "barbican-db-drop-" $randStringSuffix }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
labels:
{{ tuple $envAll "barbican" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: barbican-db-drop
image: {{ .Values.images.tags.db_drop }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_drop | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/barbican/barbican.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: DEFAULT
- name: OPENSTACK_CONFIG_DB_KEY
value: sql_connection
command:
- /tmp/db-drop.py
volumeMounts:
- name: barbican-etc
mountPath: /etc/barbican
- name: barbican-bin
mountPath: /tmp/db-drop.py
subPath: db-drop.py
readOnly: true
- name: barbican-conf
mountPath: /etc/barbican/barbican.conf
subPath: barbican.conf
readOnly: true
volumes:
- name: barbican-etc
emptyDir: {}
- name: barbican-conf
configMap:
name: barbican-etc
defaultMode: 0444
- name: barbican-bin
configMap:
name: barbican-bin
defaultMode: 0555

{{- $serviceName := "barbican" -}}
{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "configDbSection" "DEFAULT" "configDbKey" "sql_connection" -}}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}
18 changes: 3 additions & 15 deletions barbican/templates/service-ingress-api.yaml
Expand Up @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.service_ingress_api }}
{{- $envAll := . }}
{{- if .Values.network.api.ingress.public }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "key-manager" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: 80
selector:
app: ingress-api
{{- end }}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "key-manager" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}
16 changes: 9 additions & 7 deletions barbican/values.yaml
Expand Up @@ -26,7 +26,7 @@ release_group: null
images:
tags:
bootstrap: docker.io/openstackhelm/heat:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0
scripted_test: docker.io/openstackhelm/heat:newton
db_init: docker.io/openstackhelm/heat:newton
barbican_db_sync: docker.io/openstackhelm/barbican:newton
Expand All @@ -43,11 +43,11 @@ pod:
barbican:
uid: 42424
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
barbican_api:
init_container: null
Expand Down Expand Up @@ -149,8 +149,10 @@ network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
Expand Down
Expand Up @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}

# This sudoers file supports rootwrap for both Kolla and LOCI Images.
Defaults !requiretty
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
cinder ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *, /var/lib/openstack/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "ceilometer" -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}
18 changes: 3 additions & 15 deletions ceilometer/templates/service-ingress-api.yaml
Expand Up @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.service_ingress_api }}
{{- $envAll := . }}
{{- if .Values.network.api.ingress.public }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "metering" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: 80
selector:
app: ingress-api
{{- end }}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "metering" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}
9 changes: 6 additions & 3 deletions ceilometer/values.yaml
Expand Up @@ -55,15 +55,17 @@ images:
ceilometer_collector: quay.io/larryrensing/ubuntu-source-ceilometer-collector:3.0.3
ceilometer_compute: quay.io/larryrensing/ubuntu-source-ceilometer-compute:3.0.3
ceilometer_notification: quay.io/larryrensing/ubuntu-source-ceilometer-notification:3.0.3
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0
pull_policy: "IfNotPresent"

network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
port: 8777
node_port:
Expand Down Expand Up @@ -1627,7 +1629,7 @@ bootstrap:
script: |
openstack token issue
# typically overriden by environmental
# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
Expand Down Expand Up @@ -1937,6 +1939,7 @@ manifests:
deployment_notification: true
ingress_api: true
job_bootstrap: true
job_db_drop: false
job_db_init: true
job_db_init_mongodb: true
job_db_sync: true
Expand Down
3 changes: 2 additions & 1 deletion ceph/templates/bin/mgr/_start.sh.tpl
Expand Up @@ -17,7 +17,8 @@ if [ ${CEPH_GET_ADMIN_KEY} -eq 1 ]; then
fi
fi

# Check to see if our MGR has been initialized
# Create a MGR keyring
rm -rf $MGR_KEYRING
if [ ! -e "$MGR_KEYRING" ]; then
# Create ceph-mgr key
timeout 10 ceph --cluster "${CLUSTER}" auth get-or-create mgr."${MGR_NAME}" mon 'allow profile mgr' osd 'allow *' mds 'allow *' -o "$MGR_KEYRING"
Expand Down
6 changes: 4 additions & 2 deletions ceph/templates/bin/mon/_start.sh.tpl
Expand Up @@ -68,9 +68,11 @@ get_mon_config

# If we don't have a monitor keyring, this is a new monitor
if [ ! -e "${MON_DATA_DIR}/keyring" ]; then
if [ ! -e ${MON_KEYRING} ]; then
echo "ERROR- ${MON_KEYRING} must exist. You can extract it from your current monitor by running 'ceph auth get mon. -o ${MON_KEYRING}' or use a KV Store"
if [ ! -e ${MON_KEYRING}.seed ]; then
echo "ERROR- ${MON_KEYRING}.seed must exist. You can extract it from your current monitor by running 'ceph auth get mon. -o ${MON_KEYRING}' or use a KV Store"
exit 1
else
cp -vf ${MON_KEYRING}.seed ${MON_KEYRING}
fi

if [ ! -e ${MONMAP} ]; then
Expand Down
14 changes: 7 additions & 7 deletions ceph/templates/configmap-templates.yaml
Expand Up @@ -23,15 +23,15 @@ metadata:
name: ceph-templates
data:
admin.keyring: |
{{ tuple "templates/_admin.keyring.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ .Values.conf.templates.keyring.admin | indent 4 }}
mon.keyring: |
{{ .Values.conf.templates.keyring.mon | indent 4 }}
bootstrap.keyring.mds: |
{{ tuple "templates/_bootstrap.keyring.mds.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ .Values.conf.templates.keyring.bootstrap.mds | indent 4 }}
bootstrap.keyring.mgr: |
{{ tuple "templates/_bootstrap.keyring.mgr.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ .Values.conf.templates.keyring.bootstrap.mgr | indent 4 }}
bootstrap.keyring.osd: |
{{ tuple "templates/_bootstrap.keyring.osd.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ .Values.conf.templates.keyring.bootstrap.osd | indent 4 }}
bootstrap.keyring.rgw: |
{{ tuple "templates/_bootstrap.keyring.rgw.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
mon.keyring: |
{{ tuple "templates/_mon.keyring.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ .Values.conf.templates.keyring.bootstrap.rgw | indent 4 }}
{{- end }}
18 changes: 9 additions & 9 deletions ceph/templates/daemonset-mon.yaml
Expand Up @@ -65,7 +65,7 @@ spec:
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ceph-init-dirs
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/init-dirs.sh
Expand All @@ -85,7 +85,7 @@ spec:
readOnly: false
containers:
- name: ceph-mon
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.mon | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
Expand Down Expand Up @@ -130,8 +130,8 @@ spec:
command:
- /tmp/mon-check.sh
- liveness
initialDelaySeconds: 60
periodSeconds: 60
initialDelaySeconds: 360
periodSeconds: 180
readinessProbe:
exec:
command:
Expand Down Expand Up @@ -161,21 +161,21 @@ spec:
subPath: ceph.client.admin.keyring
readOnly: true
- name: ceph-mon-keyring
mountPath: /etc/ceph/ceph.mon.keyring
mountPath: /etc/ceph/ceph.mon.keyring.seed
subPath: ceph.mon.keyring
readOnly: false
readOnly: true
- name: ceph-bootstrap-osd-keyring
mountPath: /var/lib/ceph/bootstrap-osd/ceph.keyring
subPath: ceph.keyring
readOnly: false
readOnly: true
- name: ceph-bootstrap-mds-keyring
mountPath: /var/lib/ceph/bootstrap-mds/ceph.keyring
subPath: ceph.keyring
readOnly: false
readOnly: true
- name: ceph-bootstrap-rgw-keyring
mountPath: /var/lib/ceph/bootstrap-rgw/ceph.keyring
subPath: ceph.keyring
readOnly: false
readOnly: true
- name: pod-var-lib-ceph
mountPath: /var/lib/ceph
readOnly: false
Expand Down
6 changes: 3 additions & 3 deletions ceph/templates/daemonset-osd.yaml
Expand Up @@ -42,7 +42,7 @@ spec:
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ceph-init-dirs
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_osd }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/init-dirs.sh
Expand Down Expand Up @@ -71,7 +71,7 @@ spec:
mountPath: /run
readOnly: false
- name: osd-init
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_osd }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.osd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
Expand Down Expand Up @@ -126,7 +126,7 @@ spec:
readOnly: false
containers:
- name: osd-pod
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_osd }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.osd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
Expand Down
4 changes: 2 additions & 2 deletions ceph/templates/deployment-mds.yaml
Expand Up @@ -41,7 +41,7 @@ spec:
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ceph-init-dirs
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mds }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/init-dirs.sh
Expand All @@ -61,7 +61,7 @@ spec:
readOnly: false
containers:
- name: ceph-mds
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mds }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.mds | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
Expand Down
4 changes: 2 additions & 2 deletions ceph/templates/deployment-mgr.yaml
Expand Up @@ -44,7 +44,7 @@ spec:
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ceph-init-dirs
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mgr }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/init-dirs.sh
Expand All @@ -66,7 +66,7 @@ spec:
mountPath: /etc/ceph
containers:
- name: ceph-mgr
image: {{ .Values.images.tags.ceph_daemon }}
image: {{ .Values.images.tags.ceph_mgr }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.mgr | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
Expand Down

0 comments on commit 94b2d95

Please sign in to comment.