This repository has been archived by the owner on Dec 8, 2020. It is now read-only.
/
plugin.sh
executable file
·219 lines (161 loc) · 6.78 KB
/
plugin.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
#!/usr/bin/env bash
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set -o xtrace
function install_qinling {
git_clone $QINLING_REPO $QINLING_DIR $QINLING_BRANCH
setup_develop $QINLING_DIR
}
function install_qinlingclient {
if use_library_from_git "python-qinlingclient"; then
git_clone $QINLINGCLIENT_REPO $QINLINGCLIENT_DIR $QINLINGCLIENT_BRANCH
setup_develop $QINLINGCLIENT_DIR
else
pip_install python-qinlingclient
fi
}
function install_k8s {
pushd $QINLING_DIR
source tools/gate/kubeadm/setup_gate.sh
popd
# Pre-fetch the default docker image for runtimes and image function
# test.
sudo docker pull $QINLING_PYTHON_RUNTIME_IMAGE
sudo docker pull $QINLING_NODEJS_RUNTIME_IMAGE
sudo docker pull $QINLING_SIDECAR_IMAGE
sudo docker pull openstackqinling/alpine-test
}
function create_qinling_accounts {
create_service_user "qinling" "admin"
local qinling_service=$(get_or_create_service "qinling" "function-engine" "Function Service")
qinling_api_url="$QINLING_SERVICE_PROTOCOL://$QINLING_SERVICE_HOST:$QINLING_SERVICE_PORT"
get_or_create_endpoint $qinling_service \
"$REGION_NAME" \
"$qinling_api_url" \
"$qinling_api_url" \
"$qinling_api_url"
# get or adds 'service' role to 'qinling' user on 'demo' project
get_or_add_user_project_role "service" "qinling" "demo"
}
function mkdir_chown_stack {
if [[ ! -d "$1" ]]; then
sudo mkdir -p "$1"
fi
sudo chown -R $STACK_USER:$STACK_USER "$1"
}
function configure_k8s_certificates {
pushd $QINLING_DIR
mkdir_chown_stack "$QINLING_CONF_DIR"/pki
mkdir_chown_stack "$QINLING_CONF_DIR"/pki/kubernetes
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /tmp/cfssl
chmod +x /tmp/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /tmp/cfssljson
chmod +x /tmp/cfssljson
sudo /tmp/cfssl gencert -ca=/etc/kubernetes/pki/ca.crt -ca-key=/etc/kubernetes/pki/ca.key -config=example/kubernetes/cfssl-ca-config.json -profile=client example/kubernetes/cfssl-client-csr.json | /tmp/cfssljson -bare client
# The command above outputs client-key.pem, client.pem and client.csr
mv client-key.pem "$QINLING_CONF_DIR"/pki/kubernetes/qinling.key
mv client.pem "$QINLING_CONF_DIR"/pki/kubernetes/qinling.crt
rm -f client.csr
cp /etc/kubernetes/pki/ca.crt "$QINLING_CONF_DIR"/pki/kubernetes/ca.crt
popd
}
function configure_etcd_certificates {
pushd $QINLING_DIR
mkdir_chown_stack $QINLING_CONF_DIR/pki/etcd
sudo cp /etc/kubernetes/pki/etcd/ca.crt $QINLING_CONF_DIR/pki/etcd/
# Re-use k8s api server etcd client cert
sudo cp /etc/kubernetes/pki/apiserver-etcd-client.crt $QINLING_CONF_DIR/pki/etcd/qinling-etcd-client.crt
sudo cp /etc/kubernetes/pki/apiserver-etcd-client.key $QINLING_CONF_DIR/pki/etcd/qinling-etcd-client.key
mkdir_chown_stack $QINLING_CONF_DIR/pki/etcd
# For the tempest user to read the key file when running tempest
chmod 644 $QINLING_CONF_DIR/pki/etcd/qinling-etcd-client.key
popd
}
function configure_qinling {
mkdir_chown_stack "$QINLING_AUTH_CACHE_DIR"
rm -rf "$QINLING_AUTH_CACHE_DIR"/*
mkdir_chown_stack "$QINLING_CONF_DIR"
rm -rf "$QINLING_CONF_DIR"/*
mkdir_chown_stack "$QINLING_FUNCTION_STORAGE_DIR"
rm -rf "$QINLING_FUNCTION_STORAGE_DIR"/*
cp $QINLING_DIR/etc/policy.json.sample $QINLING_POLICY_FILE
# Generate Qinling configuration file and configure common parameters.
oslo-config-generator --config-file $QINLING_DIR/tools/config/config-generator.qinling.conf --output-file $QINLING_CONF_FILE
iniset $QINLING_CONF_FILE oslo_policy policy_file $QINLING_POLICY_FILE
iniset $QINLING_CONF_FILE DEFAULT debug $QINLING_DEBUG
iniset $QINLING_CONF_FILE DEFAULT server all
iniset $QINLING_CONF_FILE DEFAULT logging_context_format_string "%(asctime)s %(process)d %(color)s %(levelname)s [%(request_id)s] %(message)s %(resource)s (%(name)s)"
iniset $QINLING_CONF_FILE storage file_system_dir $QINLING_FUNCTION_STORAGE_DIR
# Setup keystone_authtoken section
configure_auth_token_middleware $QINLING_CONF_FILE qinling $QINLING_AUTH_CACHE_DIR
iniset $QINLING_CONF_FILE keystone_authtoken www_authenticate_uri $KEYSTONE_AUTH_URI_V3
iniset $QINLING_CONF_FILE keystone_authtoken region_name "$REGION_NAME"
# Setup RabbitMQ credentials
iniset_rpc_backend qinling $QINLING_CONF_FILE
# Configure the database.
iniset $QINLING_CONF_FILE database connection `database_connection_url qinling`
# Configure Kubernetes API server certificates for qinling if required.
if [ "$QINLING_K8S_APISERVER_TLS" == "True" ]; then
iniset $QINLING_CONF_FILE kubernetes kube_host https://$(hostname -f):6443
configure_k8s_certificates
sudo kubectl create -f $QINLING_DIR/example/kubernetes/k8s_qinling_role.yaml
else
iniset $QINLING_CONF_FILE kubernetes use_api_certificate False
fi
# Config etcd TLS certs
configure_etcd_certificates
iniset $QINLING_CONF_FILE kubernetes replicas 5
}
function init_qinling {
# (re)create qinling database
recreate_database qinling utf8
$QINLING_BIN_DIR/qinling-db-manage --config-file $QINLING_CONF_FILE upgrade head
}
function start_qinling {
run_process qinling-engine "$QINLING_BIN_DIR/qinling-engine --config-file $QINLING_CONF_FILE"
run_process qinling-api "$QINLING_BIN_DIR/qinling-api --config-file $QINLING_CONF_FILE"
}
function stop_qinling {
local serv
for serv in qinling-api qinling-engine; do
stop_process $serv
done
}
function cleanup_qinling {
sudo rm -rf $QINLING_AUTH_CACHE_DIR/*
sudo rm -rf $QINLING_CONF_DIR/*
}
# check for service enabled
if is_service_enabled qinling; then
if [[ "$1" == "stack" && "$2" == "install" ]]; then
# Perform installation of service source
echo_summary "Installing qinling"
install_qinling
echo_summary "Installing qinlingclient"
install_qinlingclient
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
# Configure after the other layer 1 and 2 services have been configured
echo_summary "Configuring qinling"
if is_service_enabled key; then
create_qinling_accounts
fi
echo_summary "Installing kubernetes cluster"
install_k8s
configure_qinling
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
# Initialize and start the qinling service
echo_summary "Initializing qinling"
init_qinling
start_qinling
fi
if [[ "$1" == "unstack" ]]; then
echo_summary "Shutting down qinling"
stop_qinling
fi
if [[ "$1" == "clean" ]]; then
echo_summary "Cleaning qinling"
cleanup_qinling
fi
fi
# Restore xtrace
$XTRACE