Merge pull request #77 from portdirect/heat

OpenStack Heat Initial Commit

Author: alanmeadows

Makefile

@@ -1,12 +1,12 @@
-.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron maas all clean
+.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron heat maas all clean
 
 B64_DIRS := common/secrets
 B64_EXCLUDE := $(wildcard common/secrets/*.b64)
 
-CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron maas openstack
+CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron heat maas openstack
 COMMON_TPL := common/templates/_globals.tpl
 
-all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron maas openstack
+all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron heat maas openstack
 
 common: build-common
 
@@ -27,6 +27,8 @@ glance: build-glance
 
 neutron: build-neutron
 
+heat: build-heat
+
 maas: build-maas
 
 memcached: build-memcached
@@ -44,4 +46,3 @@ build-%:
 	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
 	helm lint $*
 	helm package $*
-

common/templates/_endpoints.tpl

@@ -87,8 +87,51 @@
 {{- end -}}
 {{- end -}}
 
+# this function returns the endpoint uri for a service, it takes an tuple
+# input in the form: service-name, endpoint-class, port-name. eg:
+# { tuple "heat" "public" "api" . | include "endpoint_addr_lookup" }
+# will return the appropriate URI. Once merged this should phase out the above.
+
+{{- define "endpoint_addr_lookup" -}}
+{{- $name := index . 0 -}}
+{{- $endpoint := index . 1 -}}
+{{- $port := index . 2 -}}
+{{- $context := index . 3 -}}
+{{- $nameNorm := $name | replace "-" "_" }}
+{{- $endpointMap := index $context.Values.endpoints $nameNorm }}
+{{- $fqdn := $context.Release.Namespace -}}
+{{- if $context.Values.endpoints.fqdn -}}
+{{- $fqdn := $context.Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with $endpointMap -}}
+{{- $endpointScheme := .scheme }}
+{{- $endpointHost := index .hosts $endpoint | default .hosts.default}}
+{{- $endpointPort := index .port $port }}
+{{- $endpointPath := .path }}
+{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath  | quote -}}
+{{- end -}}
+{{- end -}}
+
+
+#-------------------------------
+# endpoint type lookup
+#-------------------------------
+
+# this function is used in endpoint management templates
+# it returns the service type for an openstack service eg:
+# { tuple heat . | include "ks_endpoint_type" }
+# will return "orchestration"
+
+{{- define "endpoint_type_lookup" -}}
+{{- $name := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $nameNorm := $name | replace "-" "_" }}
+{{- $endpointMap := index $context.Values.endpoints $nameNorm }}
+{{- $endpointType := index $endpointMap "type" }}
+{{- $endpointType | quote -}}
+{{- end -}}
+
 #-------------------------------
 # kolla helpers
 #-------------------------------
 {{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}}
-

common/templates/_funcs.tpl

@@ -21,4 +21,3 @@
 {{- $wtf := $context.Template.Name | replace $last $name -}}
 {{- include $wtf $context | sha256sum | quote -}}
 {{- end -}}
-

common/templates/scripts/_ks-domain-user.sh.tpl

@@ -0,0 +1,57 @@
+{{- define "common_keystone_domain_user" }}
+#!/bin/bash
+
+# Copyright 2017 Pete Birley
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+# Manage domain
+SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
+    --description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \
+    "${SERVICE_OS_DOMAIN_NAME}")
+
+# Display domain
+openstack domain show "${SERVICE_OS_DOMAIN_ID}"
+
+# Manage user
+SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \
+    --domain="${SERVICE_OS_DOMAIN_ID}" \
+    --description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \
+    --password="${SERVICE_OS_PASSWORD}" \
+    "${SERVICE_OS_USERNAME}")
+
+# Display user
+openstack user show "${SERVICE_OS_USERID}"
+
+# Manage role
+SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \
+    --domain="${SERVICE_OS_DOMAIN_ID}" \
+    "${SERVICE_OS_ROLE}" || openstack role create -f value -c id \
+    --domain="${SERVICE_OS_DOMAIN_ID}" \
+    "${SERVICE_OS_ROLE}" )
+
+# Manage user role assignment
+openstack role add \
+          --domain="${SERVICE_OS_DOMAIN_ID}" \
+          --user="${SERVICE_OS_USERID}" \
+          --user-domain="${SERVICE_OS_DOMAIN_ID}" \
+          "${SERVICE_OS_ROLE_ID}"
+
+# Display user role assignment
+openstack role assignment list \
+          --role="${SERVICE_OS_ROLE_ID}" \
+          --user-domain="${SERVICE_OS_DOMAIN_ID}" \
+          --user="${SERVICE_OS_USERID}"
+{{- end }}

common/templates/scripts/_ks-endpoints.sh.tpl

@@ -0,0 +1,65 @@
+{{- define "common_keystone_endpoints" }}
+#!/bin/bash
+
+# Copyright 2017 Pete Birley
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+# Get Service ID
+OS_SERVICE_ID=$( openstack service list -f csv --quote none | \
+                  grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \
+                    sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" )
+
+# Get Endpoint ID if it exists
+OS_ENDPOINT_ID=$( openstack endpoint list  -f csv --quote none | \
+                  grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \
+                  awk -F ',' '{ print $1 }' )
+
+# Making sure only a single endpoint exists for a service within a region
+if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then
+  echo "More than one endpoint found, cleaning up"
+  for ENDPOINT_ID in $OS_ENDPOINT_ID; do
+    openstack endpoint delete ${ENDPOINT_ID}
+  done
+  unset OS_ENDPOINT_ID
+fi
+
+# Determine if Endpoint needs updated
+if [[ ${OS_ENDPOINT_ID} ]]; then
+  OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} --f value -c url)
+  if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then
+    echo "Endpoints Match: no action required"
+    OS_ENDPOINT_UPDATE="False"
+  else
+    echo "Endpoints Dont Match: removing existing entries"
+    openstack endpoint delete ${OS_ENDPOINT_ID}
+    OS_ENDPOINT_UPDATE="True"
+  fi
+else
+  OS_ENDPOINT_UPDATE="True"
+fi
+
+# Update Endpoint if required
+if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then
+  OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \
+    --region="${OS_REGION_NAME}" \
+    "${OS_SERVICE_ID}" \
+    ${OS_SVC_ENDPOINT} \
+    "${OS_SERVICE_ENDPOINT}" )
+fi
+
+# Display the Endpoint
+openstack endpoint show ${OS_ENDPOINT_ID}
+{{- end }}

common/templates/scripts/_ks-service.sh.tpl

@@ -0,0 +1,37 @@
+{{- define "common_keystone_service" }}
+#!/bin/bash
+
+# Copyright 2017 Pete Birley
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+# Service boilerplate description
+OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service"
+
+# Get Service ID if it exists
+unset OS_SERVICE_ID
+OS_SERVICE_ID=$( openstack service list -f csv --quote none | \
+                 grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \
+                 sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" )
+
+# If a Service ID was not found, then create the service
+if [[ -z ${OS_SERVICE_ID} ]]; then
+  OS_SERVICE_ID=$(openstack service create -f value -c id \
+                  --name="${OS_SERVICE_NAME}" \
+                  --description "${OS_SERVICE_DESC}" \
+                  --enable \
+                  "${OS_SERVICE_TYPE}")
+fi
+{{- end }}

common/templates/scripts/_ks-user.sh.tpl

@@ -0,0 +1,60 @@
+{{- define "common_keystone_user" }}
+#!/bin/bash
+
+# Copyright 2017 Pete Birley
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+# Manage user project
+USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}"
+USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
+    --domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \
+    --description="${USER_PROJECT_DESC}" \
+    "${SERVICE_OS_PROJECT_NAME}");
+
+# Display project
+openstack project show "${USER_PROJECT_ID}"
+
+# Manage user
+USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}"
+USER_ID=$(openstack user create --or-show --enable -f value -c id \
+    --domain="${SERVICE_OS_USER_DOMAIN_NAME}" \
+    --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \
+    --project="${USER_PROJECT_ID}" \
+    --description="${USER_DESC}" \
+    --password="${SERVICE_OS_PASSWORD}" \
+    "${SERVICE_OS_USERNAME}");
+
+# Display user
+openstack user show "${USER_ID}"
+
+# Manage user role
+USER_ROLE_ID=$(openstack role create --or-show -f value -c id \
+    "${SERVICE_OS_ROLE}");
+
+# Manage user role assignment
+openstack role add \
+    --user="${USER_ID}" \
+    --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \
+    --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \
+    --project="${USER_PROJECT_ID}" \
+    "${USER_ROLE_ID}"
+
+# Display user role assignment
+openstack role assignment list \
+    --role="${SERVICE_OS_ROLE}" \
+    --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \
+    --user="${USER_ID}"
+{{- end }}

common/templates/snippets/_ks_env_openrc.tpl

@@ -0,0 +1,40 @@
+{{- define "env_ks_openrc_tpl" }}
+{{- $ksUserSecret := .ksUserSecret }}
+- name: OS_IDENTITY_API_VERSION
+  value: "3"
+- name: OS_AUTH_URL
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_AUTH_URL
+- name: OS_REGION_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_REGION_NAME
+- name: OS_PROJECT_DOMAIN_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PROJECT_DOMAIN_NAME
+- name: OS_PROJECT_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PROJECT_NAME
+- name: OS_USER_DOMAIN_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_USER_DOMAIN_NAME
+- name: OS_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_USERNAME
+- name: OS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PASSWORD
+{{- end }}

common/templates/snippets/_ks_env_user_create_openrc.tpl

@@ -0,0 +1,33 @@
+{{- define "env_ks_user_create_openrc_tpl" }}
+{{- $ksUserSecret := .ksUserSecret }}
+- name: SERVICE_OS_REGION_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_REGION_NAME
+- name: SERVICE_OS_PROJECT_DOMAIN_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PROJECT_DOMAIN_NAME
+- name: SERVICE_OS_PROJECT_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PROJECT_NAME
+- name: SERVICE_OS_USER_DOMAIN_NAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_USER_DOMAIN_NAME
+- name: SERVICE_OS_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_USERNAME
+- name: SERVICE_OS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ksUserSecret }}
+      key: OS_PASSWORD
+{{- end }}