starlingx/config
Code Issues Proposed changes

Configurable Host HTTP/HTTPS Port Binding

Browse Source 
In order to avoid conflicts with containerized services
binding to standard HTTP (80) / HTTPS (443) port numbers,
the default port numbers are changed to 8080 and 8443.
Furthermore, CLI commands are provided to allow binding
to alternate port numbers.

List of changes:
. Add service parameters for HTTP and HTTPS port
. Configure the lighttpd ports via puppet and use port
  8008 for platform horizon
. Add http port to platform.conf for the config scripts
. Support helm repo URL update
. Add helm-toolkit plugin for location override
. Override Armada manifest location
. Add installer base URL option to pxeboot-update
  script
. Add a patching run time class to restart patch-agent
  when the port config is changed
. Add a semantic check to block port config when a
  patching operation is in progress or a host is not
  in unlocked/enabled state

CLI commands for viewing and updating port numbers are:
system service-parameter-list --service http
system service-parameter-modify lighttpd port http=8090
system service-parameter-apply  lighttpd

Tests Performed:
Non-containerized deployment installation and sanity
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+4+6 System: Sanity and Nightly automated test suite

Kubernetes deployment on VBox:
AIO-SX: application apply and launch instance
AIO-DX: application apply and launch instance
2+2 System: application apply and launch instance

HTTP/HTTPS port configuration
Enable/Disable https

Story: 2004642
Task: 28592

Change-Id: I65029e0c15aaf626acb56ab71e7bbde64c7e76a8
Signed-off-by: Tao Liu <tao.liu@windriver.com>
This commit is contained in:
Tao Liu 2019-01-29 21:16:44 -06:00
parent 9af6e766e8
commit 0b4f304be9
24 changed files with 305 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controllerconfig/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="controllerconfig"
TIS_PATCH_VER=149
TIS_PATCH_VER=150

4
controllerconfig/controllerconfig/scripts/controller_config
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2013-2017 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -229,7 +229,7 @@ start()
fi
# Check whether our installed load matches the active controller
CONTROLLER_UUID=`curl -sf http://controller/feed/rel-${SW_VERSION}/install_uuid`
CONTROLLER_UUID=`curl -sf http://controller:${http_port}/feed/rel-${SW_VERSION}/install_uuid`
if [ $? -ne 0 ]
then
fatal_error "Unable to retrieve installation uuid from active controller"

19
puppet-manifests/src/modules/openstack/manifests/horizon.pp
View File

@ -17,6 +17,9 @@ class openstack::horizon::params (
$tpm_object = undef,
$tpm_engine = '/usr/lib64/openssl/engines/libtpm2.so',
$http_port = 8080,
$https_port = 8443,
) { }
@ -198,9 +201,9 @@ class openstack::horizon::firewall
# of HTTPS for external protocols. The horizon
# server runs on port 8080 behind the proxy server.
if $enable_https {
$firewall_port = 443
$firewall_port = $https_port
} else {
$firewall_port = 80
$firewall_port = $http_port
}
platform::firewall::rule { 'dashboard':
@ -233,3 +236,15 @@ class openstack::horizon::runtime {
stage => post
}
}
class openstack::lighttpd::runtime
inherits ::openstack::horizon::params {
Class[$name] -> Class['::platform::helm::runtime']
file {'/etc/lighttpd/lighttpd.conf':
ensure => present,
content => template('openstack/lighttpd.conf.erb')
}
-> platform::sm::restart {'lighttpd': }
}

18
puppet-manifests/src/modules/openstack/manifests/swift.pp
View File

@ -11,9 +11,11 @@ class openstack::swift::params (
class openstack::swift::firewall
inherits ::openstack::swift::params {
platform::firewall::rule { 'swift-api':
service_name => 'swift',
ports => $api_port,
if $service_enabled {
platform::firewall::rule { 'swift-api':
service_name => 'swift',
ports => $api_port,
}
}
}
@ -21,10 +23,12 @@ class openstack::swift::firewall
class openstack::swift::haproxy
inherits ::openstack::swift::params {
platform::haproxy::proxy { 'swift-restapi':
server_name => 's-swift',
public_port => $api_port,
private_port => $api_port,
if $service_enabled {
platform::haproxy::proxy { 'swift-restapi':
server_name => 's-swift',
public_port => $api_port,
private_port => $api_port,
}
}
}

10
puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
View File

@ -144,7 +144,7 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
######### Options that are good to be but not neccesary to be changed #######
## bind to port (default: 80)
#server.port = 81
server.port = <%= @http_port %>
## bind to localhost (default: all interfaces)
#server.bind = "grisu.home.kneschke.de"
@ -223,7 +223,7 @@ $HTTP["url"] !~ "^/(rel-[^/]*|feed|updates|static|helm_charts)/" {
( "localhost" =>
(
"host" => "127.0.0.1",
"port" => 8080
"port" => 8008
)
)
)
@ -247,11 +247,11 @@ $HTTP["url"] !~ "^/(rel-[^/]*|feed|updates|static|helm_charts)/" {
#
#### Listen to IPv6
$SERVER["socket"] == "[::]:80" { }
$SERVER["socket"] == "[::]:<%= @http_port %>" { }
<% if @enable_https %>
#### SSL engine
$SERVER["socket"] == ":443" {
$SERVER["socket"] == ":<%= @https_port %>" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/private/server-cert.pem"
ssl.use-sslv2 = "disable"
@ -259,7 +259,7 @@ $SERVER["socket"] == ":443" {
ssl.cipher-list = "ALL:!aNULL:!eNULL:!EXPORT:!TLSv1:!DES:!MD5:!PSK:!RC4:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!DHE-DSS-AES128-SHA:!DHE-DSS-AES256-SHA:!CAMELLIA128-SHA:!CAMELLIA256-SHA:!DHE-DSS-CAMELLIA128-SHA:!DHE-DSS-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA"
}
$SERVER["socket"] == "[::]:443" {
$SERVER["socket"] == "[::]:<%= @https_port %>" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/private/server-cert.pem"
ssl.use-sslv2 = "disable"

7
puppet-manifests/src/modules/platform/manifests/config.pp
View File

@ -36,6 +36,7 @@ class platform::config::file {
include ::platform::network::oam::params
include ::platform::network::cluster_host::params
include ::platform::kubernetes::params
include ::openstack::horizon::params
$kubernetes_enabled = $::platform::kubernetes::params::enabled
# dependent template variables
@ -166,6 +167,12 @@ class platform::config::file {
}
}
file_line { "${platform_conf} http_port":
path => $platform_conf,
line => "http_port=${::openstack::horizon::params::http_port}",
match => '^http_port=',
}
}

4
puppet-manifests/src/modules/platform/manifests/haproxy.pp
View File

@ -143,7 +143,9 @@ class platform::haproxy::runtime {
}
include ::openstack::keystone::haproxy
include ::openstack::neutron::haproxy
include ::openstack::nova::haproxy
if $::platform::kubernetes::params::enabled != true {
include ::openstack::nova::haproxy
}
include ::openstack::glance::haproxy
include ::openstack::cinder::haproxy
include ::openstack::aodh::haproxy

38
puppet-manifests/src/modules/platform/manifests/helm.pp
View File

@ -54,7 +54,7 @@ class platform::helm
# TODO(jrichard): Upversion tiller image to v2.11.1 once released.
-> exec { 'initialize helm':
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
command => 'helm init --skip-refresh --service-account tiller --node-selectors "node-role.kubernetes.io/master"="" --tiller-image=gcr.io/kubernetes-helm/tiller@sha256:022ce9d4a99603be1d30a4ca96a7fa57a45e6f2ef11172f4333c18aaae407f5b', # lint:ignore:140chars
command => 'helm init --skip-refresh --service-account tiller --node-selectors "node-role.kubernetes.io/master"="" --tiller-image=gcr.io/kubernetes-helm/tiller:v2.12.1', # lint:ignore:140chars
logoutput => true,
user => 'wrsroot',
group => 'wrs',
@ -65,6 +65,16 @@ class platform::helm
command => "mount -o bind -t ext4 ${source_helm_repo_dir} ${target_helm_repo_dir}",
require => Exec['add local starlingx helm repo']
}
# it needs to create the index file after the bind mount, otherwise
# helm repo could not be updated until application-upload adds index
-> exec { 'generate helm repo index on source':
command => "helm repo index ${source_helm_repo_dir}",
logoutput => true,
user => 'www',
group => 'www',
require => User['www']
}
} else {
exec { 'initialize helm':
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
@ -76,6 +86,8 @@ class platform::helm
}
}
include ::openstack::horizon::params
$port = $::openstack::horizon::params::http_port
exec { 'restart lighttpd for helm':
require => [File['/etc/lighttpd/lighttpd.conf', $target_helm_repo_dir], Exec['initialize helm']],
command => 'systemctl restart lighttpd.service',
@ -93,7 +105,7 @@ class platform::helm
-> exec { 'add local starlingx helm repo':
before => Exec['Stop lighttpd'],
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/wrsroot'],
command => 'helm repo add starlingx http://127.0.0.1/helm_charts',
command => "helm repo add starlingx http://127.0.0.1:${port}/helm_charts",
logoutput => true,
user => 'wrsroot',
group => 'wrs',
@ -102,3 +114,25 @@ class platform::helm
}
}
}
class platform::helm::runtime
{
include ::platform::kubernetes::params
if $::platform::kubernetes::params::enabled {
include ::platform::users
include ::openstack::horizon::params
$port = $::openstack::horizon::params::http_port
exec { 'update local starlingx helm repo':
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/wrsroot'],
command => "helm repo add starlingx http://127.0.0.1:${port}/helm_charts",
logoutput => true,
user => 'wrsroot',
group => 'wrs',
require => User['wrsroot']
}
}
}

15
puppet-manifests/src/modules/platform/manifests/patching.pp
View File

@ -70,3 +70,18 @@ class platform::patching::api (
include ::platform::patching::firewall
include ::platform::patching::haproxy
}
class platform::patching::agent::reload {
exec { 'restart sw-patch-agent':
command => '/usr/sbin/sw-patch-agent-restart',
logoutput => true,
}
}
class platform::patching::runtime {
class {'::platform::patching::agent::reload':
stage => post
}
}

2
storageconfig/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="storageconfig"
TIS_PATCH_VER=5
TIS_PATCH_VER=6

4
storageconfig/storageconfig/storage_config
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2013-2015 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -141,7 +141,7 @@ start()
fi
# Check whether our installed load matches the active controller
CONTROLLER_UUID=`curl -sf http://controller/feed/rel-${SW_VERSION}/install_uuid`
CONTROLLER_UUID=`curl -sf http://controller:${http_port}/feed/rel-${SW_VERSION}/install_uuid`
if [ $? -ne 0 ]
then
fatal_error "Unable to retrieve installation uuid from active controller"

1
sysinv/sysinv/sysinv/setup.cfg
View File

@ -97,6 +97,7 @@ systemconfig.helm_plugins =
panko = sysinv.helm.panko:PankoHelm
rabbitmq = sysinv.helm.rabbitmq:RabbitmqHelm
rbd-provisioner = sysinv.helm.rbd_provisioner:RbdProvisionerHelm
helm-toolkit = sysinv.helm.helm_toolkit:HelmToolkitHelm
sysinv.agent.lldp.drivers =
lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver

35
sysinv/sysinv/sysinv/sysinv/api/controllers/v1/service_parameter.py
View File

@ -10,6 +10,8 @@
import copy
import netaddr
import pecan
from fm_api import constants as fm_constants
from fm_api import fm_api
from pecan import rest
import six
import wsme
@ -938,6 +940,36 @@ class ServiceParameterController(rest.RestController):
))
raise wsme.exc.ClientSideError(msg)
@staticmethod
def _service_parameter_apply_semantic_check_http():
"""Semantic checks for the HTTP Service Type """
# check if a patching operation in progress
fm = fm_api.FaultAPIs()
alarms = fm.get_faults_by_id(fm_constants.
FM_ALARM_ID_PATCH_IN_PROGRESS)
if alarms is not None:
msg = _("Unable to apply %s service parameters. "
"A patching operation is in progress."
% constants.SERVICE_TYPE_HTTP)
raise wsme.exc.ClientSideError(msg)
# check if all hosts are unlocked/enabled
hosts = pecan.request.dbapi.ihost_get_list()
for host in hosts:
if (host['administrative'] == constants.ADMIN_UNLOCKED and
host['operational'] == constants.OPERATIONAL_ENABLED):
continue
else:
# the host name might be None for a newly discovered host
if not host['hostname']:
host_id = host['uuid']
else:
host_id = host['hostname']
raise wsme.exc.ClientSideError(
_("Host %s must be unlocked and enabled." % host_id))
def _service_parameter_apply_semantic_check(self, service):
"""Semantic checks for the service-parameter-apply command """
@ -987,6 +1019,9 @@ class ServiceParameterController(rest.RestController):
if service == constants.SERVICE_TYPE_PLATFORM:
self._service_parameter_apply_semantic_check_mtce()
if service == constants.SERVICE_TYPE_HTTP:
self._service_parameter_apply_semantic_check_http()
def _get_service(self, body):
service = body.get('service') or ""
if not service:

15
sysinv/sysinv/sysinv/sysinv/common/constants.py
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2013-2018 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -902,6 +902,7 @@ SERVICE_TYPE_AODH = 'aodh'
SERVICE_TYPE_GLANCE = 'glance'
SERVICE_TYPE_BARBICAN = 'barbican'
SERVICE_TYPE_DOCKER = 'docker'
SERVICE_TYPE_HTTP = 'http'
SERVICE_PARAM_SECTION_MURANO_RABBITMQ = 'rabbitmq'
SERVICE_PARAM_SECTION_MURANO_ENGINE = 'engine'
@ -1102,6 +1103,13 @@ SERVICE_PARAM_NAME_DOCKER_NO_PROXY = 'no_proxy'
# default filesystem size to 25 MB
SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25
# HTTP Service Parameters
SERVICE_PARAM_SECTION_HTTP_CONFIG = 'config'
SERVICE_PARAM_HTTP_PORT_HTTP = 'http_port'
SERVICE_PARAM_HTTP_PORT_HTTPS = 'https_port'
SERVICE_PARAM_HTTP_PORT_HTTP_DEFAULT = 8080
SERVICE_PARAM_HTTP_PORT_HTTPS_DEFAULT = 8443
# TIS part number, CPE = combined load, STD = standard load
TIS_STD_BUILD = 'Standard'
TIS_AIO_BUILD = 'All-in-one'
@ -1414,6 +1422,7 @@ HELM_CHART_OPENVSWITCH = 'openvswitch'
HELM_CHART_PANKO = 'panko'
HELM_CHART_RABBITMQ = 'rabbitmq'
HELM_CHART_RBD_PROVISIONER = 'rbd-provisioner'
HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
SUPPORTED_HELM_CHARTS = [
HELM_CHART_AODH,
@ -1439,6 +1448,7 @@ SUPPORTED_HELM_CHARTS = [
HELM_CHART_PANKO,
HELM_CHART_RABBITMQ,
HELM_CHART_RBD_PROVISIONER,
HELM_CHART_HELM_TOOLKIT,
]
# Helm: Supported application (aka chart bundles)
@ -1469,7 +1479,8 @@ SUPPORTED_HELM_APP_CHARTS = {
HELM_CHART_GNOCCHI,
HELM_CHART_CEILOMETER,
HELM_CHART_PANKO,
HELM_CHART_AODH
HELM_CHART_AODH,
HELM_CHART_HELM_TOOLKIT,
]
}

26
sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
View File

@ -1,4 +1,4 @@
# Copyright (c) 2017-2018 Wind River Systems, Inc.
# Copyright (c) 2017-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -1516,6 +1516,23 @@ DOCKER_PROXY_PARAMETER_RESOURCE = {
'platform::docker::params::no_proxy',
}
HTTPD_PORT_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_HTTP_PORT_HTTP,
constants.SERVICE_PARAM_HTTP_PORT_HTTPS,
]
HTTPD_PORT_PARAMETER_VALIDATOR = {
constants.SERVICE_PARAM_HTTP_PORT_HTTP: _validate_integer,
constants.SERVICE_PARAM_HTTP_PORT_HTTPS: _validate_integer,
}
HTTPD_PORT_PARAMETER_RESOURCE = {
constants.SERVICE_PARAM_HTTP_PORT_HTTP:
'openstack::horizon::params::http_port',
constants.SERVICE_PARAM_HTTP_PORT_HTTPS:
'openstack::horizon::params::https_port',
}
# Service Parameter Schema
SERVICE_PARAM_MANDATORY = 'mandatory'
SERVICE_PARAM_OPTIONAL = 'optional'
@ -1699,6 +1716,13 @@ SERVICE_PARAMETER_SCHEMA = {
SERVICE_PARAM_RESOURCE: DOCKER_PROXY_PARAMETER_RESOURCE,
},
},
constants.SERVICE_TYPE_HTTP: {
constants.SERVICE_PARAM_SECTION_HTTP_CONFIG: {
SERVICE_PARAM_OPTIONAL: HTTPD_PORT_PARAMETER_OPTIONAL,
SERVICE_PARAM_VALIDATOR: HTTPD_PORT_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: HTTPD_PORT_PARAMETER_RESOURCE,
},
},
}
SERVICE_PARAMETER_MAX_LENGTH = 255

17
sysinv/sysinv/sysinv/sysinv/common/utils.py
View File

@ -18,7 +18,7 @@
# License for the specific language governing permissions and limitations
# under the License.
#
# Copyright (c) 2013-2018 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
@ -1877,3 +1877,18 @@ def find_manifest_file(path):
return None
return mfiles
def get_http_port(dbapi):
http_port = constants.SERVICE_PARAM_HTTP_PORT_HTTP_DEFAULT
try:
http_port = int(dbapi.service_parameter_get_one(
constants.SERVICE_TYPE_HTTP,
constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
constants.SERVICE_PARAM_HTTP_PORT_HTTP).value)
except exception.NotFound:
LOG.error("Failed to find service parameter for %s,%s,%s" % (
constants.SERVICE_TYPE_HTTP,
constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
constants.SERVICE_PARAM_HTTP_PORT_HTTP))
return http_port

4
sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
View File

@ -673,13 +673,9 @@ class AppOperator(object):
missing_overrides = []
available_overrides = []
excluded = ['helm-toolkit']
for chart in charts:
overrides = chart.namespace + '-' + chart.name + '.yaml'
if chart.name in excluded:
LOG.debug("Skipping overrides %s " % overrides)
continue
overrides_file = os.path.join(common.HELM_OVERRIDES_PATH,
overrides)
if not os.path.exists(overrides_file):

44
sysinv/sysinv/sysinv/sysinv/conductor/manager.py
View File

@ -16,7 +16,7 @@
# License for the specific language governing permissions and limitations
# under the License.
#
# Copyright (c) 2013-2018 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
"""Conduct all activity related system inventory.
@ -517,6 +517,16 @@ class ConductorManager(service.PeriodicService):
'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT},
{'service': constants.SERVICE_TYPE_HTTP,
'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
'name': constants.SERVICE_PARAM_HTTP_PORT_HTTP,
'value': constants.SERVICE_PARAM_HTTP_PORT_HTTP_DEFAULT
},
{'service': constants.SERVICE_TYPE_HTTP,
'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
'name': constants.SERVICE_PARAM_HTTP_PORT_HTTPS,
'value': constants.SERVICE_PARAM_HTTP_PORT_HTTPS_DEFAULT
},
]
for i in range(2, constants.SERVICE_PARAM_MAX_HPE3PAR + 1):
@ -1054,6 +1064,9 @@ class ConductorManager(service.PeriodicService):
sw_version != tsc.SW_VERSION_1803:
install_opts += ['-k', system.security_feature]
base_url = "http://pxecontroller:%d" % cutils.get_http_port(self.dbapi)
install_opts += ['-l', base_url]
if host['mgmt_mac']:
dashed_mac = host["mgmt_mac"].replace(":", "-")
pxeboot_update = "/usr/sbin/pxeboot-update-%s.sh" % sw_version
@ -1068,7 +1081,6 @@ class ConductorManager(service.PeriodicService):
os.remove("/pxeboot/pxelinux.cfg/efi-01-" + dashed_mac)
except OSError:
pass
with open(os.devnull, "w") as fnull:
try:
subprocess.check_call(
@ -7086,6 +7098,12 @@ class ConductorManager(service.PeriodicService):
config_uuid = self._config_update_hosts(context,
[constants.CONTROLLER,
constants.WORKER])
elif service == constants.SERVICE_TYPE_HTTP:
config_uuid = self._config_update_hosts(context,
[constants.CONTROLLER,
constants.WORKER,
constants.STORAGE])
else:
# All other services
personalities = [constants.CONTROLLER]
@ -7199,6 +7217,28 @@ class ConductorManager(service.PeriodicService):
}
self._config_apply_runtime_manifest(context, config_uuid, config_dict)
elif service == constants.SERVICE_TYPE_HTTP:
# the platform::config class will be applied that will
# configure the http port
personalities = [constants.WORKER, constants.STORAGE]
config_dict = {
"personalities": personalities,
"classes": ['platform::patching::runtime']}
self._config_apply_runtime_manifest(context, config_uuid,
config_dict)
# the runtime classes on controllers will be applied
personalities = [constants.CONTROLLER]
config_dict = {
"personalities": personalities,
"classes": ['openstack::lighttpd::runtime',
'platform::helm::runtime',
'platform::firewall::runtime',
'platform::patching::runtime']
}
self._config_apply_runtime_manifest(context, config_uuid,
config_dict)
def update_security_feature_config(self, context):
"""Update the kernel options configuration"""
personalities = constants.PERSONALITIES

4
sysinv/sysinv/sysinv/sysinv/helm/base.py
View File

@ -64,6 +64,10 @@ class BaseHelm(object):
def quoted_str(value):
return quoted_str(value)
def get_chart_location(self, chart_name):
return 'http://controller:%s/helm_charts/%s-0.1.0.tgz' % (
utils.get_http_port(self.dbapi), chart_name)
@staticmethod
def _generate_random_password(length=16):
suffix = "Ti0*"

1
sysinv/sysinv/sysinv/sysinv/helm/common.py
View File

@ -23,6 +23,7 @@ HELM_NS_DEFAULT = 'default'
HELM_NS_KUBE_SYSTEM = 'kube-system'
HELM_NS_NFS = 'nfs'
HELM_NS_OPENSTACK = 'openstack'
HELM_NS_HELM_TOOLKIT = 'helm-toolkit'
# Services
# Matches configassistant.py value => Should change to STARLINGX

30
sysinv/sysinv/sysinv/sysinv/helm/helm.py
View File

@ -231,18 +231,42 @@ class HelmOperator(object):
LOG.info(e)
return overrides
@staticmethod
def _add_armada_override_header(chart_name, namespace, overrides):
def _get_helm_chart_location(self, chart_name):
"""Get supported chart location.
This method returns the download location for a given chart.
:param chart_name: name of the chart
:returns: a URL as location or None if the chart is not supported
"""
if chart_name in self.implemented_charts:
return self.chart_operators[chart_name].get_chart_location(
chart_name)
return None
def _add_armada_override_header(self, chart_name, namespace, overrides):
use_chart_name_only = [common.HELM_NS_HELM_TOOLKIT]
if namespace in use_chart_name_only:
name = chart_name
else:
name = namespace + '-' + chart_name
new_overrides = {
'schema': 'armada/Chart/v1',
'metadata': {
'schema': 'metadata/Document/v1',
'name': namespace + '-' + chart_name
'name': name
},
'data': {
'values': overrides
}
}
location = self._get_helm_chart_location(chart_name)
if location:
new_overrides['data'].update({
'source': {
'location': location
}
})
return new_overrides
def merge_overrides(self, file_overrides=[], set_overrides=[]):

38
sysinv/sysinv/sysinv/sysinv/helm/helm_toolkit.py Normal file
View File

@ -0,0 +1,38 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import constants
from sysinv.common import exception
from sysinv.openstack.common import log as logging
from sysinv.helm import common
from sysinv.helm import base
LOG = logging.getLogger(__name__)
class HelmToolkitHelm(base.BaseHelm):
"""Class to encapsulate helm operations for the helm toolkit"""
CHART = constants.HELM_CHART_HELM_TOOLKIT
SUPPORTED_NAMESPACES = [
common.HELM_NS_HELM_TOOLKIT,
]
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {
common.HELM_NS_HELM_TOOLKIT: {}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides

2
workerconfig/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="workerconfig"
TIS_PATCH_VER=11
TIS_PATCH_VER=12

4
workerconfig/workerconfig/worker_config
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2013-2016 Wind River Systems, Inc.
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -239,7 +239,7 @@ start()
if [ "$nodetype" = "worker" ]
then
# Check whether our installed load matches the active controller
CONTROLLER_UUID=`curl -sf http://controller/feed/rel-${SW_VERSION}/install_uuid`
CONTROLLER_UUID=`curl -sf http://controller:${http_port}/feed/rel-${SW_VERSION}/install_uuid`
if [ $? -ne 0 ]
then
fatal_error "Unable to retrieve installation uuid from active controller"