diff --git a/.github/workflows/helm-loki.yaml b/.github/workflows/helm-loki.yaml index 569b5509a..70f561a91 100644 --- a/.github/workflows/helm-loki.yaml +++ b/.github/workflows/helm-loki.yaml @@ -28,9 +28,10 @@ jobs: run: | ${{ steps.helm.outputs.helm-path }} repo add grafana https://grafana.github.io/helm-charts ${{ steps.helm.outputs.helm-path }} repo update - ${{ steps.helm.outputs.helm-path }} template --values ${{ github.workspace }}/base-helm-configs/loki/loki-helm-minio-overrides-example.yaml \ + ${{ steps.helm.outputs.helm-path }} template -f ${{ github.workspace }}/base-helm-configs/loki/loki-helm-minio-overrides-example.yaml \ --set loki.useTestSchema=true \ --namespace grafana \ + --set loki.storage.bucketNames.chunks=chunky \ loki grafana/loki > /tmp/rendered.yaml - name: Return helm Build uses: actions/upload-artifact@v4 diff --git a/.github/workflows/helm-prometheus-mysql-exporter.yaml b/.github/workflows/helm-prometheus-mysql-exporter.yaml index f6703547c..fb4e537be 100644 --- a/.github/workflows/helm-prometheus-mysql-exporter.yaml +++ b/.github/workflows/helm-prometheus-mysql-exporter.yaml @@ -31,7 +31,7 @@ jobs: ${{ steps.helm.outputs.helm-path }} template prometheus-mysql-exporter prometheus-community/prometheus-mysql-exporter \ --create-namespace \ --namespace=prometheus \ - -f ${{ github.workspace }}//base-helm-configs/prometheus-mysql-exporter/values.yaml \ + -f ${{ github.workspace }}//base-helm-configs/prometheus-mysql-exporter/prometheus-mysql-exporter-helm-overrides.yaml \ --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ --post-renderer-args prometheus-mysql-exporter/${{ matrix.overlays }} > /tmp/rendered.yaml - name: Return helm Build diff --git a/.github/workflows/helm-prometheus-postgres-exporter.yaml b/.github/workflows/helm-prometheus-postgres-exporter.yaml index 0e4f509c3..96b7d7a8d 100644 --- a/.github/workflows/helm-prometheus-postgres-exporter.yaml +++ b/.github/workflows/helm-prometheus-postgres-exporter.yaml @@ -31,7 +31,7 @@ jobs: ${{ steps.helm.outputs.helm-path }} template prometheus prometheus-community/prometheus-postgres-exporter \ --create-namespace \ --namespace=prometheus \ - -f ${{ github.workspace }}//base-helm-configs/prometheus-postgres-exporter/values.yaml \ + -f ${{ github.workspace }}//base-helm-configs/prometheus-postgres-exporter/prometheus-postgres-exporter-helm-overrides.yaml \ --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ --post-renderer-args prometheus-postgres-exporter/${{ matrix.overlays }} > /tmp/rendered.yaml - name: Return helm Build diff --git a/.github/workflows/helm-prometheus-pushgateway.yaml b/.github/workflows/helm-prometheus-pushgateway.yaml index 20e94f389..64865185d 100644 --- a/.github/workflows/helm-prometheus-pushgateway.yaml +++ b/.github/workflows/helm-prometheus-pushgateway.yaml @@ -31,7 +31,7 @@ jobs: ${{ steps.helm.outputs.helm-path }} template prometheus-pushgateway prometheus-community/prometheus-pushgateway \ --create-namespace \ --namespace=prometheus \ - -f ${{ github.workspace }}//base-helm-configs/prometheus-pushgateway/values.yaml \ + -f ${{ github.workspace }}//base-helm-configs/prometheus-pushgateway/prometheus-pushgateway-helm-overrides.yaml \ --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ --post-renderer-args prometheus-pushgateway/${{ matrix.overlays }} > /tmp/rendered.yaml - name: Return helm Build diff --git a/.github/workflows/helm-redis-sentinel.yaml b/.github/workflows/helm-redis-sentinel.yaml new file mode 100644 index 000000000..bb2ab92af --- /dev/null +++ b/.github/workflows/helm-redis-sentinel.yaml @@ -0,0 +1,41 @@ +name: Helm GitHub Actions for redis-sentinel + +on: + pull_request: + paths: + - base-helm-configs/redis-sentinel/** + - base-kustomize/redis-sentinel/** + - .github/workflows/helm-redis-sentinel.yaml +jobs: + helm: + strategy: + matrix: + overlays: + - base + name: Helm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: azure/setup-helm@v3 + with: + version: latest + token: "${{ secrets.GITHUB_TOKEN }}" + id: helm + - name: Add ot-helm (redis) to helm + run: | + ${{ steps.helm.outputs.helm-path }} repo add ot-helm https://ot-container-kit.github.io/helm-charts/ + ${{ steps.helm.outputs.helm-path }} repo update + - name: Run Helm Template + run: | + ${{ steps.helm.outputs.helm-path }} template redis-sentinel ot-helm/redis-sentinel \ + --create-namespace \ + --namespace=redis-system \ + -f ${{ github.workspace }}//base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml \ + --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ + --post-renderer-args redis-sentinel/${{ matrix.overlays }} > /tmp/rendered.yaml + - name: Return helm Build + uses: actions/upload-artifact@v4 + with: + name: helm-redis-sentinel-artifact-${{ matrix.overlays }} + path: /tmp/rendered.yaml diff --git a/base-helm-configs/barbican/barbican-helm-overrides.yaml b/base-helm-configs/barbican/barbican-helm-overrides.yaml index 5b7346e29..bc8de02d8 100644 --- a/base-helm-configs/barbican/barbican-helm-overrides.yaml +++ b/base-helm-configs/barbican/barbican-helm-overrides.yaml @@ -1,18 +1,18 @@ --- images: tags: - barbican_api: "ghcr.io/rackerlabs/genestack-images/barbican:2024.1-latest" - barbican_db_sync: "ghcr.io/rackerlabs/genestack-images/barbican:2024.1-latest" - bootstrap: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - db_drop: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - db_init: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - dep_check: "ghcr.io/rackerlabs/genestack-images/kubernetes-entrypoint:latest" - image_repo_sync: null - ks_endpoints: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - ks_service: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - ks_user: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" - rabbit_init: null - scripted_test: "ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest" + barbican_api: ghcr.io/rackerlabs/genestack-images/barbican:2024.1-latest + barbican_db_sync: ghcr.io/rackerlabs/genestack-images/barbican:2024.1-latest + bootstrap: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + db_drop: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + db_init: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + dep_check: ghcr.io/rackerlabs/genestack-images/kubernetes-entrypoint:latest + image_repo_sync: + ks_endpoints: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + ks_service: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + ks_user: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest + rabbit_init: + scripted_test: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest # NOTE: (brew) CPU requests values based on a three node # hyperconverged lab (/scripts/hyperconverged-lab.sh). @@ -22,8 +22,8 @@ pod: enabled: true api: requests: - memory: "256Mi" - cpu: "100m" + memory: 256Mi + cpu: 100m limits: {} lifecycle: upgrades: @@ -37,7 +37,7 @@ pod: dependencies: static: db_sync: - jobs: null + jobs: api: jobs: - barbican-db-sync @@ -47,7 +47,7 @@ dependencies: conf: barbican: DEFAULT: - host_href: "http://barbican-api.openstack.svc.cluster.local:9311" + host_href: http://barbican-api.openstack.svc.cluster.local:9311 database: connection_debug: 0 connection_recycle_time: 600 diff --git a/base-helm-configs/envoyproxy-gateway/envoy-gateway-helm-overrides.yaml b/base-helm-configs/envoyproxy-gateway/envoyproxy-gateway-helm-overrides.yaml similarity index 100% rename from base-helm-configs/envoyproxy-gateway/envoy-gateway-helm-overrides.yaml rename to base-helm-configs/envoyproxy-gateway/envoyproxy-gateway-helm-overrides.yaml diff --git a/base-helm-configs/kubernetes-event-exporter/kubernetes-event-exporter-helm-overrides.yaml b/base-helm-configs/kubernetes-event-exporter/kubernetes-event-exporter-helm-overrides.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/base-helm-configs/kubernetes-event-exporter/kubernetes-event-exporter-helm-overrides.yaml @@ -0,0 +1 @@ +--- diff --git a/base-helm-configs/prometheus-kube-event-exporter/values.yaml b/base-helm-configs/prometheus-kube-event-exporter/values.yaml deleted file mode 100644 index 760aec345..000000000 --- a/base-helm-configs/prometheus-kube-event-exporter/values.yaml +++ /dev/null @@ -1,607 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - ## Security parameters - ## - security: - ## @param global.security.allowInsecureImages Allows skipping image verification - allowInsecureImages: false - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param apiVersions Override Kubernetes API versions reported by .Capabilities -## -apiVersions: [] -## @param nameOverride String to partially override kubernetes-event-exporter.fullname include (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override kubernetes-event-exporter.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] -## @section Kubernetes Event Exporter parameters - -## @param replicaCount Desired number of pod replicas -replicaCount: 1 -## -## @param revisionHistoryLimit Desired number of old ReplicaSets to retain -## Defaults to 10, if set to 0 old ReplicaSets will be garbage-collected -revisionHistoryLimit: 10 -## -## @param containerPorts.http HTTP container port -## -containerPorts: - http: 2112 -## @param extraContainerPorts Optionally specify extra list of additional port-mappings for the container -## -extraContainerPorts: [] -image: - ## @param image.registry [default: REGISTRY_NAME] Container image registry - ## @param image.repository [default: REPOSITORY_NAME/kubernetes-event-exporter] Container image name - ## @skip image.tag Container image tag - ## @param image.digest Container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param image.pullPolicy Container image pull policy - ## @param image.pullSecrets Specify docker-registry secret names as an array - ## - registry: docker.io - repository: bitnami/kubernetes-event-exporter - tag: 1.7.0-debian-12-r42 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: true -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## Kubernetes event exporter configuration, rendered as a template -## ref: https://github.com/resmoio/kubernetes-event-exporter#configuration -## @param config.logLevel Verbosity of the logs (options: `fatal`, `error`, `warn`, `info` or `debug`) -## @param config.logFormat How the logs are formatted. Allowed values: `pretty` or `json` -## @param config.clusterName The name of the kubernetes cluster that the events are originating from -## @param config.receivers [array] Array containing event receivers -## @param config.route.routes [array] Array containing event route configuration -## -config: - logLevel: debug - logFormat: json - kubeQPS: 100 - kubeBurst: 500 - maxEventAgeSeconds: 600 - metricsNamePrefix: 'event_exporter_' - clusterName: "flex" - receivers: - - name: "dump" - file: - path: "/dev/stdout" - layout: - message: "{{ .Message }}" - reason: "{{ .Reason }}" - type: "{{ .Type }}" - count: "{{ .Count }}" - kind: "{{ .InvolvedObject.Kind }}" - name: "{{ .InvolvedObject.Name }}" - namespace: "{{ .Namespace }}" - component: "{{ .Source.Component }}" - host: "{{ .Source.Host }}" - - name: "loki" - loki: - streamLabels: - application: kube-api - container: event-exporter - url: http://loki-gateway.grafana.svc.cluster.local:80/loki/api/v1/push - tls: - insecure: true - route: - routes: - - match: - - receiver: "loki" - - receiver: "dump" -rbac: - ## @param rbac.create Create the RBAC roles for API accessibility - ## - create: true - ## @param rbac.rules [array] List of rules for the cluster role - ## - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["get", "watch", "list"] -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. -## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## -serviceAccount: - create: true - name: "" - automountServiceAccountToken: false - annotations: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## SecurityContext holds pod-level security attributes and common container settings. -## @param podSecurityContext.enabled Enable security context -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Group ID for the container -## -podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 -## Pod disruption budget -## @param pdb.create Create a pdb -## @param pdb.minAvailable Minimum number / percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable -## -pdb: - create: true - minAvailable: "" - maxUnavailable: "" -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param lifecycleHooks Lifecycle for the container to automate configuration before or after startup -## -lifecycleHooks: {} -## Container resource requests and limits -## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "nano" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## Network Policies -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) - ## - kubeAPIServerPorts: [443, 6443, 8443] - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## Configure extra options for Kubernetes event exporter container's liveness, readiness and startup probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe on Kubernetes event exporter container -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 5 - successThreshold: 1 -## @param readinessProbe.enabled Enable readinessProbe on Kubernetes event exporter container -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 1 - successThreshold: 1 -## @param startupProbe.enabled Enable startupProbe on Kubernetes event exporter container -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 40 - periodSeconds: 10 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 1 -## Configure extra custom startup, liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param customStartupProbe Configure startup probe for Kubernetes event exporter pod -## -customStartupProbe: {} -## @param customLivenessProbe Configure liveness probe for Kubernetes event exporter pod -## -customLivenessProbe: {} -## @param customReadinessProbe Configure readiness probe for Kubernetes event exporter pod -## -customReadinessProbe: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## @param priorityClassName Set Priority Class Name to allow priority control over other pods -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param schedulerName Name of the k8s scheduler (other than default) -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment -## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## The value is evaluated as a template -## -topologySpreadConstraints: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param updateStrategy.type Deployment strategy type. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## e.g: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars Array containing extra env vars to be added to all containers -## For example: -## extraEnvVars: -## - name: MY_ENV_VAR -## value: env_var_value -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra env vars to be added to all containers -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars to be added to all containers -## -extraEnvVarsSecret: "" -## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) -## -extraVolumeMounts: [] -## @param extraVolumes Array to add extra volumes -## -extraVolumes: [] -## @param initContainers Attach additional init containers to pods -## For example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## -initContainers: [] -## @param sidecars Add additional sidecar containers to pods -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## Metrics configuration -## -metrics: - ## @param metrics.enabled Enable exposing statistics - ## ref: https://github.com/resmoio/kubernetes-event-exporter/blob/858089f2dc42243c0939a7f13a76fdd22e70be0f/main.go#L25 - ## - enabled: true - ## metrics service parameters - ## - service: - ## @param metrics.service.ports.http Metrics service HTTP port - ## - ports: - http: 2112 - ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.ports.http }}" - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: true - ## @param metrics.serviceMonitor.port Metrics service HTTP port - ## - port: http - ## @param metrics.serviceMonitor.endpoints [array] The endpoint configuration of the ServiceMonitor. Path is mandatory. Interval, timeout and labellings can be overwritten. - ## - endpoints: - - path: /metrics - ## @param metrics.serviceMonitor.path Metrics service HTTP path. Deprecated: Use @param metrics.serviceMonitor.endpoints instead - ## - path: "" - ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## Prometheus Operator alert rules configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create PrometheusRule Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus - ## - labels: {} - ## @param metrics.prometheusRule.groups Groups, containing the alert rules. - ## Example: - ## groups: - ## - name: KubernetesEventExporter - ## rules: - ## - alert: KubernetesEventExporterTooManyWatchErrors - ## annotations: - ## message: "Kubernetes Event Exporter instance in namespace {{ `{{` }} $labels.namespace {{ `}}` }} has reported too many watch errors in 5 minutes." - ## expr: | - ## sum(watch_errors{namespace="{{ include "common.names.namespace" . }}"}) - ## for: 5m - ## labels: - ## severity: critical - groups: [] -## @section Autoscaling -## -autoscaling: - vpa: - ## @param autoscaling.vpa.enabled Enable VPA - ## - enabled: false - ## @param autoscaling.vpa.annotations Annotations for VPA resource - ## - annotations: {} - ## @param autoscaling.vpa.recommenders Recommender responsible for generating recommendation for the object. - ## List should be empty (then the default recommender will generate the recommendation) or contain exactly one recommender. - ## For example: - ## recommenders: - ## - name: custom-recommender-performance - recommenders: [] - ## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - ## - controlledResources: [] - ## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod - ## cpu: 200m - ## memory: 100Mi - maxAllowed: {} - ## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod - ## cpu: 200m - ## memory: 100Mi - minAllowed: {} - ## @section VPA update policy - ## - updatePolicy: - ## @param autoscaling.vpa.updatePolicy.minReplicas Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction - minReplicas: 1 - ## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod - ## Possible values are "Off", "Initial", "Recreate", and "Auto". - ## - updateMode: Auto diff --git a/base-helm-configs/prometheus-mysql-exporter/prometheus-mysql-exporter-helm-overrides.yaml b/base-helm-configs/prometheus-mysql-exporter/prometheus-mysql-exporter-helm-overrides.yaml new file mode 100644 index 000000000..4b41cd1d9 --- /dev/null +++ b/base-helm-configs/prometheus-mysql-exporter/prometheus-mysql-exporter-helm-overrides.yaml @@ -0,0 +1,58 @@ +--- +serviceMonitor: + enabled: true + scrapeTimeout: 10s + namespace: openstack + multipleTarget: + enabled: true + targets: + - endpoint: mariadb-cluster-0.mariadb-cluster-internal + name: maria0 + - endpoint: mariadb-cluster-1.mariadb-cluster-internal + name: maria1 + - endpoint: mariadb-cluster-2.mariadb-cluster-internal + name: maria2 + sharedSecret: + enabled: true + name: "mariadb-monitor" + +nodeSelector: + openstack-control-plane: enabled + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/worker + operator: In + values: + - worker + +collectors: + auto_increment.columns: true + binlog_size: true + engine_innodb_status: false + # engine_tokudb_status: false + global_status: true + info_schema.innodb_metrics: true + info_schema.processlist: true + info_schema.query_response_time: true + info_schema.tablestats: true + info_schema.userstats: true + perf_schema.eventswaits: true + perf_schema.file_events: true + perf_schema.indexiowaits: true + perf_schema.tableiowaits: true + perf_schema.tablelocks: true + +# mysql connection params which build the my.cnf config +mysql: + host: "" + user: "monitoring" + existingConfigSecret: + name: "mariadb-monitor" + key: "my.cnf" + existingPasswordSecret: + name: "mariadb-monitoring" + key: "password" diff --git a/base-helm-configs/prometheus-mysql-exporter/values.yaml b/base-helm-configs/prometheus-mysql-exporter/values.yaml deleted file mode 100644 index 5d2205c69..000000000 --- a/base-helm-configs/prometheus-mysql-exporter/values.yaml +++ /dev/null @@ -1,233 +0,0 @@ -## Default values for prometheus-mysql-exporter. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -## namespaceOverride overrides the namespace which the resources will be deployed in -namespaceOverride: "" - -## override release name -fullnameOverride: "" - -replicaCount: 1 - -image: - registry: quay.io - repository: prometheus/mysqld-exporter - ## if not set charts appVersion var is used - tag: "" - pullPolicy: "IfNotPresent" - -# imagePullSecrets: -# - name: secret-name -imagePullSecrets: [] - -service: - labels: {} - annotations: {} - name: mysql-exporter - type: ClusterIP - externalPort: 9104 - internalPort: 9104 - -serviceMonitor: - # enabled should be set to true to enable prometheus-operator discovery of this service - enabled: true - # interval is the interval at which metrics should be scraped - interval: 30s - # scrapeTimeout is the timeout after which the scrape is ended - scrapeTimeout: 10s - namespace: openstack - # namespaceSelector: [] - # additionalLabels is the set of additional labels to add to the ServiceMonitor - additionalLabels: {} - jobLabel: "" - targetLabels: [] - podTargetLabels: [] - metricRelabelings: [] - # Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - relabelings: [] - multipleTarget: - enabled: true - targets: - # target connection information with name (required), endpoint (required) and port (optionnal) - # if sharedSecret is not enabled the name must match an entry client.{{ name }} existing in the secret - # - endpoint: mysql1.dns.local - # name: mysql1 - # port: 3307 - # - endpoint: mysql2.dns.local - # name: mysql2 - - endpoint: mariadb-cluster-0.mariadb-cluster-internal - name: maria0 - - endpoint: mariadb-cluster-1.mariadb-cluster-internal - name: maria1 - - endpoint: mariadb-cluster-2.mariadb-cluster-internal - name: maria2 - # Enable shared credentials for all targets - sharedSecret: - enabled: true - name: "mariadb-monitor" - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: false - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: - openstack-control-plane: enabled - -tolerations: [] - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/worker - operator: In - values: - - worker - -podLabels: {} - -# Extra Volume Mounts for the mysql exporter container -extraVolumeMounts: [] -# - name: example -# mountPath: /example - -# Extra Volumes for the pod -extraVolumes: [] -# - name: example -# configMap: -# name: example - -podSecurityContext: {} - # fsGroup: 65534 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 65534 - -annotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics" - prometheus.io/port: "9104" - -config: {} - # Allow to set specifc options on the exporter - # logLevel: info - # logFormat: "logger:stderr" - -collectors: - auto_increment.columns: true - binlog_size: true - # engine_innodb_status: false - # engine_tokudb_status: false - # global_status: true - # global_variables: true - # info_schema.clientstats: false - info_schema.innodb_metrics: true - # info_schema.innodb_tablespaces: false - # info_schema.innodb_cmp: false - # info_schema.innodb_cmpmem: false - info_schema.processlist: true - # info_schema.processlist.min_time: 0 - info_schema.query_response_time: true - # info_schema.tables: true - # info_schema.tables.databases: '*' - info_schema.tablestats: true - # info_schema.schemastats: false - info_schema.userstats: true - # perf_schema.eventsstatements: false - # perf_schema.eventsstatements.digest_text_limit: 120 - # perf_schema.eventsstatements.limit: false - # perf_schema.eventsstatements.timelimit: 86400 - perf_schema.eventswaits: true - perf_schema.file_events: true - # perf_schema.file_instances: false - perf_schema.indexiowaits: true - perf_schema.tableiowaits: true - perf_schema.tablelocks: true - # perf_schema.replication_group_member_stats: true - # slave_status: true - # slave_hosts: false - # heartbeat: false - # heartbeat.database: heartbeat - # heartbeat.table: heartbeat - -# mysql connection params which build the my.cnf config -mysql: - db: "" - host: "" - # config my.cnf https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html - additionalConfig: - # - connect-timeout=5 - # - debug - pass: "password" - port: 3306 - protocol: "" - user: "monitoring" - # secret with full config my.cnf - existingConfigSecret: - name: "mariadb-monitor" - key: "my.cnf" - # secret only containing the password - existingPasswordSecret: - name: "mariadb-monitoring" - key: "password" - -# cloudsqlproxy https://cloud.google.com/sql/docs/mysql/sql-proxy -cloudsqlproxy: - enabled: false - image: - repo: "gcr.io/cloud-sql-connectors/cloud-sql-proxy" - tag: "2.4.0" - pullPolicy: "IfNotPresent" - instanceConnectionName: "project:us-central1:dbname" - privateIp: false - port: "3306" - credentialsSecret: "" - # service account json - credentials: "" - workloadIdentity: - enabled: false - serviceAccountEmail: "" - extraArgs: "" - -## Custom PrometheusRules to be defined -## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart -## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions -prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: - [] - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current service. - # - alert: MysqlDown - # expr: mysql_up == 0 - # for: 5m - # labels: - # severity: critical - # annotations: - # summary: MySQL down (instance {{ $labels.instance }}) - # description: "MySQL instance is down on {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" diff --git a/base-helm-configs/prometheus-postgres-exporter/prometheus-postgres-exporter-helm-overrides.yaml b/base-helm-configs/prometheus-postgres-exporter/prometheus-postgres-exporter-helm-overrides.yaml new file mode 100644 index 000000000..b86d943ad --- /dev/null +++ b/base-helm-configs/prometheus-postgres-exporter/prometheus-postgres-exporter-helm-overrides.yaml @@ -0,0 +1,51 @@ +--- +service: + port: 9187 + +serviceMonitor: + enabled: true + namespace: openstack + +config: + datasource: + host: postgres-cluster + user: postgres + userSecret: {} + passwordSecret: + name: postgres.postgres-cluster.credentials.postgresql.acid.zalan.do + key: password + sslmode: require + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/worker + operator: In + values: + - worker + +annotations: { + prometheus.io/scrape: "true", + prometheus.io/path: "/metrics", + prometheus.io/port: "9187", +} + +# Configurable health checks +livenessProbe: + initialDelaySeconds: 0 + timeoutSeconds: 3 + +readinessProbe: + initialDelaySeconds: 0 + timeoutSeconds: 1 + +# Labels and annotations to attach to the deployment resource +deployment: + labels: {} + annotations: { + prometheus.io/scrape: "true", + prometheus.io/path: "/metrics", + prometheus.io/port: "9187", + } diff --git a/base-helm-configs/prometheus-postgres-exporter/values.yaml b/base-helm-configs/prometheus-postgres-exporter/values.yaml deleted file mode 100644 index 73b538187..000000000 --- a/base-helm-configs/prometheus-postgres-exporter/values.yaml +++ /dev/null @@ -1,267 +0,0 @@ -replicaCount: 1 - -image: - registry: quay.io - repository: prometheuscommunity/postgres-exporter - # if not set appVersion field from Chart.yaml is used - tag: "" - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -command: [] - -service: - type: ClusterIP - port: 9187 - targetPort: 9187 - name: http - labels: {} - annotations: {} - -automountServiceAccountToken: false - -serviceMonitor: - # When set true then use a ServiceMonitor to configure scraping - enabled: true - # Set the namespace the ServiceMonitor should be deployed - namespace: openstack - # Set how frequently Prometheus should scrape - # interval: 30s - # Set path to cloudwatch-exporter telemtery-path - # telemetryPath: /metrics - # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator - # labels: - # Set timeout for scrape - # timeout: 10s - # Set of labels to transfer from the Kubernetes Service onto the target - # targetLabels: [] - # MetricRelabelConfigs to apply to samples before ingestion - # metricRelabelings: [] - # Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - # relabelings: [] - -prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: [] - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current prometheus-postgres-exporter service. - # - alert: HugeReplicationLag - # expr: pg_replication_lag{service="{{ template "prometheus-postgres-exporter.fullname" . }}"} / 3600 > 1 - # for: 1m - # labels: - # severity: critical - # annotations: - # description: replication for {{ template "prometheus-postgres-exporter.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - -priorityClassName: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m -# memory: 128Mi - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Add annotations to the ServiceAccount, useful for EKS IAM Roles for Service Accounts or Google Workload Identity. - annotations: {} - -# Add a default ingress to allow namespace access to service.targetPort -# Helpful if other NetworkPolicies are configured in the namespace -networkPolicy: - # Specifies whether a NetworkPolicy should be created - enabled: false - # Set labels for the NetworkPolicy - labels: {} - -# The securityContext of the pod. -# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. -podSecurityContext: - runAsGroup: 1001 - runAsUser: 1001 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - -# The securityContext of the container. -# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - -hostAliases: [] - # Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ - # - ip: "127.0.0.1" - # hostnames: - # - "foo.local" -# - "bar.local" - -config: - ## The datasource properties on config are passed through helm tpl function. - ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function - datasource: - # Specify one of both datasource or datasourceSecret - host: postgres-cluster - user: postgres - userSecret: {} - # Secret name - # name: - # User key inside secret - # key: - # Only one of password, passwordFile, passwordSecret and pgpassfile can be specified - password: - # Specify passwordFile if DB password is stored in a file. - # For example, to use with vault-injector from Hashicorp - passwordFile: '' - # Specify passwordSecret if DB password is stored in secret. - passwordSecret: - name: postgres.postgres-cluster.credentials.postgresql.acid.zalan.do - key: password - # Secret name - # name: - # Password key inside secret - # key: - pgpassfile: '' - # If pgpassfile is set, it is used to initialize the PGPASSFILE environment variable. - # See https://www.postgresql.org/docs/14/libpq-pgpass.html for more info. - port: "5432" - database: '' - sslmode: require - extraParams: '' - datasourceSecret: {} - # Specifies if datasource should be sourced from secret value in format: postgresql://login:password@hostname:port/dbname?sslmode=disable - # Multiple Postgres databases can be configured by comma separated postgres connection strings - # Secret name - # name: - # Connection string key inside secret - # key: - disableCollectorDatabase: false - disableCollectorBgwriter: false - disableDefaultMetrics: false - disableSettingsMetrics: false - - # possible values debug, info, warn, error, fatal - logLevel: "" - # possible values logfmt, json - logFormat: "" - extraArgs: [] - - # postgres_exporter.yml - postgresExporter: "" - # auth_modules: - # first: - # type: userpass - # userpass: - # username: first - # password: firstpass - # options: - # sslmode: disable - -nodeSelector: {} - -tolerations: [] - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/worker - operator: In - values: - - worker - -annotations: { - prometheus.io/scrape: "true", - prometheus.io/path: "/metrics", - prometheus.io/port: "9187", -} - -podLabels: {} - -# Configurable health checks -livenessProbe: - initialDelaySeconds: 0 - timeoutSeconds: 3 - -readinessProbe: - initialDelaySeconds: 0 - timeoutSeconds: 1 - -# Labels and annotations to attach to the deployment resource -deployment: - labels: {} - annotations: { - prometheus.io/scrape: "true", - prometheus.io/path: "/metrics", - prometheus.io/port: "9187", - } - -# ExtraEnvs -extraEnvs: [] - # - name: EXTRA_ENV - # value: value - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: -# fieldPath: metadata.namespace - -# Init containers, e. g. for secrets creation before the exporter -initContainers: [] - # - name: - # image: - # volumeMounts: - # - name: creds -# mountPath: /creds - -# Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy -extraContainers: [] - -# Additional volumes, e. g. for secrets used in an extraContainer -extraVolumes: [] -# Uncomment for mounting custom ca-certificates -# - name: ssl-certs -# secret: -# defaultMode: 420 -# items: -# - key: ca-certificates.crt -# path: ca-certificates.crt -# secretName: ssl-certs - -# Additional volume mounts -extraVolumeMounts: [] -# Uncomment for mounting custom ca-certificates file into container -# - name: ssl-certs -# mountPath: /etc/ssl/certs/ca-certificates.crt -# subPath: ca-certificates.crt - -podDisruptionBudget: - enabled: false - maxUnavailable: 1 diff --git a/base-helm-configs/prometheus-pushgateway/prometheus-pushgateway-helm-overrides.yaml b/base-helm-configs/prometheus-pushgateway/prometheus-pushgateway-helm-overrides.yaml new file mode 100644 index 000000000..6b370a367 --- /dev/null +++ b/base-helm-configs/prometheus-pushgateway/prometheus-pushgateway-helm-overrides.yaml @@ -0,0 +1,15 @@ +--- +resources: + limits: + cpu: 200m + memory: 50Mi + requests: + cpu: 100m + memory: 30Mi + +nodeSelector: + openstack-control-plane: enabled + +serviceMonitor: + enabled: true + namespace: prometheus diff --git a/base-helm-configs/prometheus-pushgateway/values.yaml b/base-helm-configs/prometheus-pushgateway/values.yaml deleted file mode 100644 index f58d1017e..000000000 --- a/base-helm-configs/prometheus-pushgateway/values.yaml +++ /dev/null @@ -1,367 +0,0 @@ -# Default values for prometheus-pushgateway. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Provide a name in place of prometheus-pushgateway for `app:` labels -nameOverride: "" - -# Provide a name to substitute for the full names of resources -fullnameOverride: "" - -# Provide a namespace to substitude for the namespace on resources -namespaceOverride: "" - -image: - repository: quay.io/prometheus/pushgateway - # if not set appVersion field from Chart.yaml is used - tag: "" - pullPolicy: IfNotPresent - -# Optional pod imagePullSecrets -imagePullSecrets: [] - -service: - type: ClusterIP - port: 9091 - targetPort: 9091 - # nodePort: 32100 - portName: http - - # Optional - Can be used for headless if value is "None" - clusterIP: "" - - ipDualStack: - enabled: false - ipFamilies: ["IPv6", "IPv4"] - ipFamilyPolicy: "PreferDualStack" - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - -# Whether to automatically mount a service account token into the pod -automountServiceAccountToken: true - -# Optional pod annotations -podAnnotations: {} - -# Optional pod labels -podLabels: {} - -# Optional service annotations -serviceAnnotations: {} - -# Optional service labels -serviceLabels: {} - -# Optional serviceAccount labels -serviceAccountLabels: {} - -# Optional persistentVolume labels -persistentVolumeLabels: {} - -# Optional additional environment variables -extraVars: [] - -## Additional pushgateway container arguments -## -## example: -## extraArgs: -## - --persistence.file=/data/pushgateway.data -## - --persistence.interval=5m -extraArgs: [] - -## Additional InitContainers to initialize the pod -## -extraInitContainers: [] - -# Optional additional containers (sidecar) -extraContainers: [] - # - name: oAuth2-proxy - # args: - # - -https-address=:9092 - # - -upstream=http://localhost:9091 - # - -skip-auth-regex=^/metrics - # - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}} - # image: openshift/oauth-proxy:v1.1.0 - # ports: - # - containerPort: 9092 - # name: proxy - # resources: - # limits: - # memory: 16Mi - # requests: - # memory: 4Mi - # cpu: 20m - # volumeMounts: - # - mountPath: /etc/prometheus/secrets/pushgateway-tls - # name: secret-pushgateway-tls - -resources: - limits: - cpu: 200m - memory: 50Mi - requests: - cpu: 100m - memory: 30Mi - -# -- Sets web configuration -# To enable basic authentication, provide basicAuthUsers as a map -webConfiguration: {} - # basicAuthUsers: - # username: password - -liveness: - enabled: true - probe: - httpGet: - path: /-/healthy - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - -readiness: - enabled: true - probe: - httpGet: - path: /-/ready - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - -## Configure ingress resource that allow you to access the -## pushgateway installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Enable Ingress. - ## - enabled: false - # AWS ALB requires path of /* - className: "" - path: / - pathType: ImplementationSpecific - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## Annotations. - ## - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - pushgateway.domain.com - - ## TLS configuration. - ## Secrets must be manually created in the namespace. - ## - # tls: - # - secretName: pushgateway-tls - # hosts: - # - pushgateway.domain.com - -tolerations: [] - # - effect: NoSchedule - # operator: Exists - -## Node labels for pushgateway pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: - openstack-control-plane: enabled -replicaCount: 1 - -hostAliases: [] - # - ip: "127.0.0.1" - # hostnames: - # - "foo.local" - # - "bar.local" - # - ip: "10.1.2.3" - # hostnames: - # - "foo.remote" - # - "bar.remote" - -## When running more than one replica alongside with persistence, different volumes are needed -## per replica, since sharing a `persistence.file` across replicas does not keep metrics synced. -## For this purpose, you can enable the `runAsStatefulSet` to deploy the pushgateway as a -## StatefulSet instead of as a Deployment. -runAsStatefulSet: false - -## Security context to be added to push-gateway pods -## -securityContext: - fsGroup: 65534 - runAsUser: 65534 - runAsNonRoot: true - -## Security context to be added to push-gateway containers -## Having a separate variable as securityContext differs for pods and containers. -containerSecurityContext: {} -# allowPrivilegeEscalation: false -# readOnlyRootFilesystem: true -# runAsUser: 65534 -# runAsNonRoot: true - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -## Pod anti-affinity can prevent the scheduler from placing pushgateway replicas on the same node. -## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. -## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. -## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `affinity`). -## -podAntiAffinity: "" - -## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. -## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone -## -podAntiAffinityTopologyKey: kubernetes.io/hostname - -## Topology spread constraints for pods -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] - -# Enable this if you're using https://github.com/coreos/prometheus-operator -serviceMonitor: - enabled: true - namespace: prometheus - - # telemetryPath: HTTP resource path from which to fetch metrics. - # Telemetry path, default /metrics, has to be prefixed accordingly if pushgateway sets a route prefix at start-up. - # - telemetryPath: "/metrics" - - # Fallback to the prometheus default unless specified - # interval: 10s - - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - # scheme: "" - - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig - # tlsConfig: {} - - # bearerTokenFile: - # Fallback to the prometheus default unless specified - # scrapeTimeout: 30s - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - - # Retain the job and instance labels of the metrics pushed to the Pushgateway - # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape) - honorLabels: true - - ## Metric relabel configs to apply to samples before ingestion. - ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## Relabel configs to apply to samples before ingestion. - ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - -# The values to set in the PodDisruptionBudget spec (minAvailable/maxUnavailable) -# If not set then a PodDisruptionBudget will not be created -podDisruptionBudget: {} - -priorityClassName: - -# Deployment Strategy type -strategy: - type: Recreate - -persistentVolume: - ## If true, pushgateway will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: false - - ## pushgateway data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## pushgateway data Persistent Volume Claim annotations - ## - annotations: {} - - ## pushgateway data Persistent Volume existing claim name - ## Requires pushgateway.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## pushgateway data Persistent Volume mount root path - ## - mountPath: /data - - ## pushgateway data Persistent Volume size - ## - size: 2Gi - - ## pushgateway data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## Subdirectory of pushgateway data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - -extraVolumes: [] - # - name: extra - # emptyDir: {} -extraVolumeMounts: [] - # - name: extra - # mountPath: /usr/share/extras - # readOnly: true - -# Configuration for clusters with restrictive network policies in place: -# - allowAll allows access to the PushGateway from any namespace -# - customSelector is a list of pod/namespaceSelectors to allow access from -# These options are mutually exclusive and the latter will take precedence. -networkPolicy: {} - # allowAll: true - # customSelectors: - # - namespaceSelector: - # matchLabels: - # type: admin - # - podSelector: - # matchLabels: - # app: myapp - -# Array of extra K8s objects to deploy (evaluated as a template) -# The value can hold an array of strings as well as objects -extraManifests: [] diff --git a/base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml b/base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml index cdc678e4a..695f57ad0 100644 --- a/base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml +++ b/base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml @@ -1,178 +1,11 @@ --- redisSentinel: - name: "" - clusterSize: 3 image: quay.io/opstree/redis-sentinel tag: v8.2.2 - imagePullPolicy: IfNotPresent - imagePullSecrets: [] - # - name: Secret with Registry credentials - redisSecret: - secretName: "" - secretKey: "" - serviceType: ClusterIP resources: {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - ignoreAnnotations: [] - # - "redis.opstreelabs.in/ignore" - minReadySeconds: 0 - # -- Some fields of statefulset are immutable, such as volumeClaimTemplates. - # When set to true, the operator will delete the statefulset and recreate it. Default is false. - recreateStatefulSetOnUpdateInvalid: false - -# Overwite name for resources -# name: "" - -labels: {} -# foo: bar -# test: echo - -redisSentinelConfig: - redisReplicationName: "redis-replication" - redisReplicationPassword: - secretName: "" - secretKey: "" - masterGroupName: "" - resolveHostnames: "" - announceHostnames: "" - redisPort: "" - quorum: "" - parallelSyncs: "" - failoverTimeout: "" - downAfterMilliseconds: "" - -externalConfig: - enabled: false - data: | - tcp-keepalive 400 - slowlog-max-len 158 - stream-node-max-bytes 2048 - -externalService: - enabled: false - # annotations: - # foo: bar - serviceType: NodePort - port: 26379 - #nodePort: 31000 - -serviceMonitor: - enabled: false - interval: 30s - scrapeTimeout: 10s - namespace: monitoring - # -- extraLabels are added to the servicemonitor when enabled set to true - extraLabels: {} - # foo: bar - # team: devops - -redisExporter: - enabled: false - image: quay.io/opstree/redis-exporter - tag: "v1.44.0" - imagePullPolicy: IfNotPresent - resources: {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - env: [] - # - name: VAR_NAME - # value: "value1" - securityContext: {} - -initContainer: - enabled: false - image: "" - imagePullPolicy: "IfNotPresent" - resources: {} - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "128Mi" - # cpu: "500m" - env: [] - command: [] - args: [] - -sidecars: - name: "" - image: "" - imagePullPolicy: "IfNotPresent" - resources: - limits: - cpu: "100m" - memory: "128Mi" - requests: - cpu: "50m" - memory: "64Mi" - env: [] - # - name: MY_ENV_VAR - # value: "my-env-var-value" - -priorityClassName: "" - -nodeSelector: {} - # memory: medium - -podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 - -securityContext: {} - -affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: disktype - # operator: In - # values: - # - ssd - -tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - -serviceAccountName: "" - -TLS: - ca: ca.key - cert: tls.crt - key: tls.key - secret: - secretName: "" - -pdb: - enabled: false - minAvailable: 1 - maxUnavailable: null - -livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -env: [] - # - name: VAR_NAME - # value: "value1" + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi diff --git a/base-kustomize/cloudkitty/base/kustomization.yaml b/base-kustomize/cloudkitty/base/kustomization.yaml index f93267285..10663bac8 100644 --- a/base-kustomize/cloudkitty/base/kustomization.yaml +++ b/base-kustomize/cloudkitty/base/kustomization.yaml @@ -1,8 +1,4 @@ ---- sortOptions: order: fifo resources: - - cloudkitty-mariadb-database.yaml - - cloudkitty-rabbitmq-queue.yaml - all.yaml - - hpa-cloudkitty-api.yaml diff --git a/base-kustomize/envoyproxy-gateway/base/kustomization.yaml b/base-kustomize/envoyproxy-gateway/base/kustomization.yaml index aa708aa44..2590ce97c 100644 --- a/base-kustomize/envoyproxy-gateway/base/kustomization.yaml +++ b/base-kustomize/envoyproxy-gateway/base/kustomization.yaml @@ -1,10 +1,11 @@ sortOptions: order: fifo resources: - - envoy-gateway-namespace.yaml - - envoy-internal-gateway-issuer.yaml - - envoy-custom-proxy-config.yaml - - envoy-gatewayclass.yaml - - envoy-gateway.yaml - - envoy-endpoint-policies.yaml - - envoy-service-monitor.yaml +# - envoy-gateway-namespace.yaml +# - envoy-internal-gateway-issuer.yaml +# - envoy-custom-proxy-config.yaml +# - envoy-gatewayclass.yaml +# - envoy-gateway.yaml +# - envoy-endpoint-policies.yaml +# - envoy-service-monitor.yaml + - all.yaml diff --git a/base-kustomize/fluentbit/base/kustomization.yaml b/base-kustomize/fluentbit/base/kustomization.yaml index 10663bac8..c53866a7e 100644 --- a/base-kustomize/fluentbit/base/kustomization.yaml +++ b/base-kustomize/fluentbit/base/kustomization.yaml @@ -1,3 +1,4 @@ +--- sortOptions: order: fifo resources: diff --git a/base-kustomize/kubernetes-event-exporter/base/kustomization.yaml b/base-kustomize/kubernetes-event-exporter/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/kubernetes-event-exporter/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/longhorn/base/kustomization.yaml b/base-kustomize/longhorn/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/longhorn/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/metallb/base/kustomization.yaml b/base-kustomize/metallb/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/metallb/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/redis-operator-replication/base/kustomization.yaml b/base-kustomize/redis-operator-replication/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/redis-operator-replication/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/redis-replication/base/kustomization.yaml b/base-kustomize/redis-replication/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/redis-replication/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/redis-sentinel/base/kustomization.yaml b/base-kustomize/redis-sentinel/base/kustomization.yaml new file mode 100644 index 000000000..10663bac8 --- /dev/null +++ b/base-kustomize/redis-sentinel/base/kustomization.yaml @@ -0,0 +1,4 @@ +sortOptions: + order: fifo +resources: + - all.yaml diff --git a/base-kustomize/rook-cluster/base/toolbox.yaml b/base-kustomize/rook-cluster/base/toolbox.yaml index 7c36a5742..16029fa04 100644 --- a/base-kustomize/rook-cluster/base/toolbox.yaml +++ b/base-kustomize/rook-cluster/base/toolbox.yaml @@ -1,8 +1,9 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: name: rook-ceph-tools - namespace: rook-ceph # namespace:cluster + namespace: rook-ceph # namespace:cluster labels: app: rook-ceph-tools spec: @@ -21,10 +22,10 @@ spec: image: quay.io/ceph/ceph:v18.2.1 resources: limits: - memory: "1Gi" + memory: 1Gi requests: - cpu: "0.5" - memory: "512Mi" + cpu: '0.5' + memory: 512Mi command: - /bin/bash - -c @@ -98,7 +99,8 @@ spec: runAsUser: 2016 runAsGroup: 2016 capabilities: - drop: ["ALL"] + drop: + - ALL env: - name: ROOK_CEPH_USERNAME valueFrom: @@ -130,7 +132,7 @@ spec: - name: ceph-config emptyDir: {} tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" + - key: node.kubernetes.io/unreachable + operator: Exists + effect: NoExecute tolerationSeconds: 5 diff --git a/bin/install-argocd.sh b/bin/install-argocd.sh index 3ff557b43..eaeba5902 100755 --- a/bin/install-argocd.sh +++ b/bin/install-argocd.sh @@ -1,47 +1,96 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Default parameter value -TARGET=${1:-base} +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 -# Directory to check for YAML files -CONFIG_DIR="/etc/genestack/helm-configs/argocd" +# Service +SERVICE_NAME="argocd" +SERVICE_NAMESPACE="argocd" -# Read argocd version from helm-chart-versions.yaml +# Helm +HELM_REPO_NAME="bitnami" +HELM_REPO_URL="https://charts.bitnami.com/bitnami" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract argocd version using grep and sed -ARGOCD_VERSION=$(grep 'argocd:' "$VERSION_FILE" | sed 's/.*argocd: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$ARGOCD_VERSION" ]; then - echo "Error: Could not extract argocd version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -# Helm command setup -HELM_CMD="helm upgrade --install argocd bitnami/argo-cd \ - --version ${ARGOCD_VERSION} \ - --namespace=argocd \ - --timeout 120m \ - --post-renderer /etc/genestack/kustomize/kustomize.sh \ - --post-renderer-args argocd/${TARGET} \ - -f /opt/genestack/base-helm-configs/argocd/helm-argocd-overrides.yaml" - -# Check if YAML files exist in the specified directory -if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then - # Add all YAML files from the directory to the helm command - for yaml_file in "${CONFIG_DIR}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Base Override Files +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi -helm repo add bitnami https://charts.bitnami.com/bitnami +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -# Run the helm command -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 120m + --version "${SERVICE_VERSION}" + + "${overrides_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/$TARGET" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-barbican.sh b/bin/install-barbican.sh index 2328eb946..d4443cb47 100755 --- a/bin/install-barbican.sh +++ b/bin/install-barbican.sh @@ -1,54 +1,131 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -CONFIG_DIR="/etc/genestack/helm-configs/barbican" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read barbican version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +# The service name is used for both the release name and the chart name. +SERVICE_NAME="barbican" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract barbican version using grep and sed -BARBICAN_VERSION=$(grep 'barbican:' "$VERSION_FILE" | sed 's/.*barbican: *//') +# Extract version dynamically. +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$BARBICAN_VERSION" ]; then - echo "Error: Could not extract barbican version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install barbican openstack-helm/barbican --version ${BARBICAN_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -# Add the base overrides file -HELM_CMD+=" -f /opt/genestack/base-helm-configs/barbican/barbican-helm-overrides.yaml" - -# Append YAML files from the directories -for dir in "$GLOBAL_OVERRIDES_DIR" "$CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.barbican.password=\"$(kubectl --namespace openstack get secret barbican-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.barbican.password=\"$(kubectl --namespace openstack get secret barbican-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.barbican.password=\"$(kubectl --namespace openstack get secret barbican-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.barbican.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args barbican/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Base Override Files: Check the standard base directory. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include Global Overrides +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including global overrides from directory: $GLOBAL_OVERRIDES" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global override directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.barbican.password=$(kubectl --namespace openstack get secret barbican-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.barbican.password=$(kubectl --namespace openstack get secret barbican-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.barbican.password=$(kubectl --namespace openstack get secret barbican-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.barbican.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" diff --git a/bin/install-blazar.sh b/bin/install-blazar.sh index fd8c6300e..dbf4f3f71 100755 --- a/bin/install-blazar.sh +++ b/bin/install-blazar.sh @@ -1,57 +1,129 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/blazar" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/blazar/blazar-helm-overrides.yaml" +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 -# Read blazar version from helm-chart-versions.yaml +# Service +SERVICE_NAME="blazar" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract blazar version using grep and sed -BLAZAR_VERSION=$(grep 'blazar:' "$VERSION_FILE" | sed 's/.*blazar: *//') +# Extract version dynamically. +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$BLAZAR_VERSION" ]; then - echo "Error: Could not extract blazar version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install blazar openstack-helm/blazar --version ${BLAZAR_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -# Append YAML files from the directories -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.blazar.password=\"$(kubectl --namespace openstack get secret blazar-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret blazar-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.blazar.password=\"$(kubectl --namespace openstack get secret blazar-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.blazar.password=\"$(kubectl --namespace openstack get secret blazar-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.blazar.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" - -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args blazar/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Base Override Files: Check the standard base directory. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include Global Overrides +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including global overrides from directory: $GLOBAL_OVERRIDES" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global override directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.blazar.password=$(kubectl --namespace openstack get secret blazar-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.test.password=$(kubectl --namespace openstack get secret blazar-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.blazar.password=$(kubectl --namespace openstack get secret blazar-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.blazar.password=$(kubectl --namespace openstack get secret blazar-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.blazar.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-ceilometer.sh b/bin/install-ceilometer.sh index c53191162..bb2cb8198 100755 --- a/bin/install-ceilometer.sh +++ b/bin/install-ceilometer.sh @@ -1,48 +1,106 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/ceilometer" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/ceilometer/ceilometer-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read ceilometer version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="ceilometer" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract ceilometer version using grep and sed -CEILOMETER_VERSION=$(grep 'ceilometer:' "$VERSION_FILE" | sed 's/.*ceilometer: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$CEILOMETER_VERSION" ]; then - echo "Error: Could not extract ceilometer version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install ceilometer openstack-helm/ceilometer --version ${CEILOMETER_VERSION} \ - --namespace=openstack \ - --timeout 10m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -# Append any additional YAML override files from the specified directories -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.ceilometer.password=\"$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.username=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.username}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.ceilometer.password=\"$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.ceilometer.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.ceilometer.oslo_messaging.transport_url=\"rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer\"" -HELM_CMD+=" --set conf.ceilometer.notification.messaging_urls.values=\"{\ +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.ceilometer.password=$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.test.password=$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.username=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.username}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.ceilometer.password=$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.ceilometer.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.ceilometer.oslo_messaging.transport_url=rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer" + --set "conf.ceilometer.notification.messaging_urls.values={\ rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer,\ rabbit://keystone:$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/keystone,\ rabbit://glance:$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/glance,\ @@ -51,16 +109,30 @@ rabbit://neutron:$(kubectl --namespace openstack get secret neutron-rabbitmq-pas rabbit://cinder:$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/cinder,\ rabbit://heat:$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/heat,\ rabbit://octavia:$(kubectl --namespace openstack get secret octavia-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/octavia,\ -rabbit://magnum:$(kubectl --namespace openstack get secret magnum-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/magnum}\"" +rabbit://magnum:$(kubectl --namespace openstack get secret magnum-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/magnum}" +) -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args ceilometer/overlay" -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm -helm repo update +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) -HELM_CMD+=" $@" +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-cinder.sh b/bin/install-cinder.sh index 348c08ae2..7c01361af 100755 --- a/bin/install-cinder.sh +++ b/bin/install-cinder.sh @@ -1,54 +1,128 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/cinder" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/cinder/cinder-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read cinder version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="cinder" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract cinder version using grep and sed -CINDER_VERSION=$(grep 'cinder:' "$VERSION_FILE" | sed 's/.*cinder: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$CINDER_VERSION" ]; then - echo "Error: Could not extract cinder version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install cinder openstack-helm/cinder --version ${CINDER_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.cinder.password=\"$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.cinder.password=\"$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.cinder.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.cinder.database.slave_connection=\"mysql+pymysql://cinder:$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cinder\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.cinder.password=\"$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args cinder/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.cinder.password=$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.cinder.password=$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.cinder.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.cinder.database.slave_connection=mysql+pymysql://cinder:$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cinder" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.cinder.password=$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-cloudkitty.sh b/bin/install-cloudkitty.sh index 607c3a667..8e327b6ad 100755 --- a/bin/install-cloudkitty.sh +++ b/bin/install-cloudkitty.sh @@ -1,60 +1,128 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/cloudkitty" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/cloudkitty/cloudkitty-helm-overrides.yaml" +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 -# Read cloudkitty version from helm-chart-versions.yaml +# Service +SERVICE_NAME="cloudkitty" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract cloudkitty version using grep and sed -CLOUDKITTY_VERSION=$(grep 'cloudkitty:' "$VERSION_FILE" | sed 's/.*cloudkitty: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$CLOUDKITTY_VERSION" ]; then - echo "Error: Could not extract cloudkitty version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -#HELM_CMD="helm upgrade --install cloudkitty openstack-helm/cloudkitty --version ${CLOUDKITTY_VERSION} \ -# --namespace=openstack \ -# --timeout 10m" - -HELM_CMD="helm upgrade --install cloudkitty /opt/openstack-helm/cloudkitty \ - --namespace=openstack \ - --timeout 10m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"\$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.cloudkitty.password=\"\$(kubectl --namespace openstack get secret cloudkitty-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"\$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.cloudkitty.password=\"\$(kubectl --namespace openstack get secret cloudkitty-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"\$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.cloudkitty.keystone_authtoken.memcache_secret_key=\"\$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.cloudkitty.database.slave_connection=\"mysql+pymysql://cloudkitty:\$(kubectl --namespace openstack get secret cloudkitty-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cloudkitty\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"\$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.cloudkitty.password=\"\$(kubectl --namespace openstack get secret cloudkitty-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" - -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args cloudkitty/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.cloudkitty.password=$(kubectl --namespace openstack get secret cloudkitty-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.cloudkitty.password=$(kubectl --namespace openstack get secret cloudkitty-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.cloudkitty.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.cloudkitty.database.slave_connection=mysql+pymysql://cloudkitty:$(kubectl --namespace openstack get secret cloudkitty-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cloudkitty" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.cloudkitty.password=$(kubectl --namespace openstack get secret cloudkitty-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-envoy-gateway.sh b/bin/install-envoy-gateway.sh index 8873005cb..d17efde4b 100755 --- a/bin/install-envoy-gateway.sh +++ b/bin/install-envoy-gateway.sh @@ -1,58 +1,117 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -# -# NOTE: This script uses OCI registry format instead of traditional helm repo -# because Envoy Gateway only publishes charts to OCI registries (docker.io/envoyproxy). -# Unlike other scripts that use 'helm repo add', OCI registries are accessed directly. -# -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/envoyproxy-gateway" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/envoyproxy-gateway/envoy-gateway-helm-overrides.yaml" - -# Read envoy version from helm-chart-versions.yaml + +# Service +SERVICE_NAME="envoyproxy-gateway" +SERVICE_NAMESPACE="envoyproxy-gateway-system" + +# Helm +# NOTE: Using OCI registry format for the chart location. +HELM_REPO_NAME="oci://docker.io/envoyproxy" +HELM_REPO_URL="gateway-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract envoy version using grep and sed -ENVOY_VERSION=$(grep 'envoy:' "$VERSION_FILE" | sed 's/.*envoy: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$ENVOY_VERSION" ]; then - echo "Error: Could not extract envoy version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for 'envoy' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install envoyproxy-gateway oci://docker.io/envoyproxy/gateway-helm \ - --version ${ENVOY_VERSION} \ - --namespace envoyproxy-gateway-system \ - --create-namespace" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$HELM_REPO_URL" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" -HELM_CMD+=" -f ${BASE_OVERRIDES}" + "$@" +) -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if present in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -HELM_CMD+=" $@" +# Execute the command directly from the array +"${helm_command[@]}" -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +## Install egctl Binary (Post-Installation) # Install egctl if [ ! -f "/usr/local/bin/egctl" ]; then + echo "Installing egctl CLI..." sudo mkdir -p /opt/egctl-install pushd /opt/egctl-install || exit 1 - sudo wget "https://github.com/envoyproxy/gateway/releases/download/${ENVOY_VERSION}/egctl_${ENVOY_VERSION}_linux_amd64.tar.gz" -O egctl.tar.gz + # Use the extracted version for wget + sudo wget "https://github.com/envoyproxy/gateway/releases/download/${SERVICE_VERSION}/egctl_${SERVICE_VERSION}_linux_amd64.tar.gz" -O egctl.tar.gz sudo tar -xvf egctl.tar.gz sudo install -o root -g root -m 0755 bin/linux/amd64/egctl /usr/local/bin/egctl /usr/local/bin/egctl completion bash > /tmp/egctl.bash diff --git a/bin/install-fluentbit.sh b/bin/install-fluentbit.sh index eac1c5eed..fc88292a1 100755 --- a/bin/install-fluentbit.sh +++ b/bin/install-fluentbit.sh @@ -21,6 +21,9 @@ GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" +# Define the Global Overrides directory +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + # Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" @@ -30,7 +33,7 @@ if [ ! -f "$VERSION_FILE" ]; then fi # Extract version dynamically using the SERVICE_NAME variable -SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") if [ -z "$SERVICE_VERSION" ]; then echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 @@ -39,8 +42,8 @@ fi echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -# Prepare an array to collect --values arguments -values_args=() +# Prepare an array to collect -f arguments +overrides_args=() # Include all YAML files from the BASE configuration directory if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then @@ -49,7 +52,7 @@ if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then # Check that there is at least one match if [[ -e "$file" ]]; then echo " - $file" - values_args+=("--values" "$file") + overrides_args+=("-f" "$file") fi done else @@ -62,7 +65,7 @@ if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do if [[ -e "$file" ]]; then echo " - $file" - values_args+=("--values" "$file") + overrides_args+=("-f" "$file") fi done else @@ -80,7 +83,7 @@ helm_command=( --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m --version "${SERVICE_VERSION}" - "${values_args[@]}" + "${overrides_args[@]}" # Post-renderer configuration --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" diff --git a/bin/install-freezer.sh b/bin/install-freezer.sh index b05c08e99..690d44072 100755 --- a/bin/install-freezer.sh +++ b/bin/install-freezer.sh @@ -1,57 +1,127 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/freezer" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/freezer/freezer-helm-overrides.yaml" +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 -# Read freezer version from helm-chart-versions.yaml +# Service +SERVICE_NAME="freezer" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract freezer version using grep and sed -FREEZER_VERSION=$(grep 'freezer:' "$VERSION_FILE" | sed 's/.*freezer: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$FREEZER_VERSION" ]; then - echo "Error: Could not extract freezer version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install freezer openstack-helm/freezer --version ${FREEZER_VERSION} \ - --namespace=openstack \ - --timeout 120m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Prepare an array to collect -f arguments +overrides_args=() -# Append YAML files from the directories -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret freezer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.service.password=\"$(kubectl --namespace openstack get secret freezer-keystone-service-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.freezer.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args freezer/overlay" +echo -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.freezer.password=$(kubectl --namespace openstack get secret freezer-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.test.password=$(kubectl --namespace openstack get secret freezer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.service.password=$(kubectl --namespace openstack get secret freezer-keystone-service-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.freezer.password=$(kubectl --namespace openstack get secret freezer-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.freezer.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-glance.sh b/bin/install-glance.sh index 07f46c8aa..38d14ddb1 100755 --- a/bin/install-glance.sh +++ b/bin/install-glance.sh @@ -1,53 +1,127 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/glance" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/glance/glance-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read glance version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="glance" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract glance version using grep and sed -GLANCE_VERSION=$(grep 'glance:' "$VERSION_FILE" | sed 's/.*glance: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$GLANCE_VERSION" ]; then - echo "Error: Could not extract glance version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install glance openstack-helm/glance --version ${GLANCE_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.glance.password=\"$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.glance.password=\"$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.glance.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.glance.password=\"$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args glance/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.glance.password=$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.glance.password=$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.glance.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.glance.password=$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-gnocchi.sh b/bin/install-gnocchi.sh index 8b24c7852..c9d975f09 100755 --- a/bin/install-gnocchi.sh +++ b/bin/install-gnocchi.sh @@ -1,54 +1,128 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/gnocchi" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/gnocchi/gnocchi-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read gnocchi version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="gnocchi" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract gnocchi version using grep and sed -GNOCCHI_VERSION=$(grep 'gnocchi:' "$VERSION_FILE" | sed 's/.*gnocchi: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$GNOCCHI_VERSION" ]; then - echo "Error: Could not extract gnocchi version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install gnocchi openstack-helm/gnocchi --version ${GNOCCHI_VERSION} \ - --namespace=openstack \ - --timeout 10m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set conf.ceph.admin_keyring=\"\$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)\"" -HELM_CMD+=" --set conf.gnocchi.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.gnocchi.password=\"$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.gnocchi.password=\"$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db_postgresql.auth.admin.password=\"$(kubectl --namespace openstack get secret postgres.postgres-cluster.credentials.postgresql.acid.zalan.do -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db_postgresql.auth.gnocchi.password=\"$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args gnocchi/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "conf.ceph.admin_keyring=$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" + --set "conf.gnocchi.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.gnocchi.password=$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.gnocchi.password=$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db_postgresql.auth.admin.password=$(kubectl --namespace openstack get secret postgres.postgres-cluster.credentials.postgresql.acid.zalan.do -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db_postgresql.auth.gnocchi.password=$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m # Set to standard 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-grafana.sh b/bin/install-grafana.sh index 1acc9c565..f299f3a1b 100755 --- a/bin/install-grafana.sh +++ b/bin/install-grafana.sh @@ -1,47 +1,119 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/grafana" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/grafana/grafana-helm-overrides.yaml" -# Read grafana version from helm-chart-versions.yaml +# Service +SERVICE_NAME="grafana" +SERVICE_NAMESPACE="grafana" + +# Helm +HELM_REPO_NAME="grafana" +HELM_REPO_URL="https://grafana.github.io/helm-charts" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract grafana version using grep and sed -GRAFANA_VERSION=$(grep 'grafana:' "$VERSION_FILE" | sed 's/.*grafana: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$GRAFANA_VERSION" ]; then - echo "Error: Could not extract grafana version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install grafana grafana/grafana \ - --version ${GRAFANA_VERSION} \ - --namespace=grafana \ - --create-namespace \ - --timeout 120m \ - --post-renderer /etc/genestack/kustomize/kustomize.sh \ - --post-renderer-args grafana/overlay" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Include all YAML files from the GLOBAL configuration directory +# UPDATED: Using GLOBAL_OVERRIDES variable +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi -HELM_CMD+=" $@" +echo -helm repo add grafana https://grafana.github.io/helm-charts +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Collect all --set arguments (empty for Grafana in the original script) +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-heat.sh b/bin/install-heat.sh index 6379ac883..197937dcb 100755 --- a/bin/install-heat.sh +++ b/bin/install-heat.sh @@ -1,55 +1,131 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/heat" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/heat/heat-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read heat version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="heat" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract heat version using grep and sed -HEAT_VERSION=$(grep 'heat:' "$VERSION_FILE" | sed 's/.*heat: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$HEAT_VERSION" ]; then - echo "Error: Could not extract heat version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install heat openstack-helm/heat --version ${HEAT_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.heat.password=\"$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.heat_trustee.password=\"$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.heat_stack_user.password=\"$(kubectl --namespace openstack get secret heat-stack-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.heat.password=\"$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.heat.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.heat.password=\"$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args heat/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.heat.password=$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.heat_trustee.password=$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.heat_stack_user.password=$(kubectl --namespace openstack get secret heat-stack-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.heat.password=$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.heat.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.heat.password=$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-horizon.sh b/bin/install-horizon.sh index 020606d37..1bd83725d 100755 --- a/bin/install-horizon.sh +++ b/bin/install-horizon.sh @@ -1,53 +1,126 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/horizon" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/horizon/horizon-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read horizon version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="horizon" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract horizon version using grep and sed -HORIZON_VERSION=$(grep 'horizon:' "$VERSION_FILE" | sed 's/.*horizon: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$HORIZON_VERSION" ]; then - echo "Error: Could not extract horizon version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install horizon openstack-helm/horizon --version ${HORIZON_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override if it matches - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.horizon.local_settings.config.horizon_secret_key=\"$(kubectl --namespace openstack get secret horizon-secret-key -o jsonpath='{.data.horizon_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.horizon.password=\"$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args horizon/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.horizon.local_settings.config.horizon_secret_key=$(kubectl --namespace openstack get secret horizon-secret-key -o jsonpath='{.data.horizon_secret_key}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.horizon.password=$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-ironic.sh b/bin/install-ironic.sh index 3fdb5117e..03f423771 100755 --- a/bin/install-ironic.sh +++ b/bin/install-ironic.sh @@ -1,58 +1,131 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/ironic" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/ironic/ironic-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read ironic version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="ironic" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract ironic version using grep and sed -IRONIC_VERSION=$(grep 'ironic:' "$VERSION_FILE" | sed 's/.*ironic: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$IRONIC_VERSION" ]; then - echo "Error: Could not extract ironic version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install ironic openstack-helm/ironic --version ${IRONIC_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override if it matches - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.ironic.password=\"$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.glance.password=\"$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.ironic.password=\"$(kubectl --namespace openstack get secret ironic-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.ironic.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.ironic.database.slave_connection=\"mysql+pymysql://ironic:$(kubectl --namespace openstack get secret ironic-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/ironic\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.ironic.password=\"$(kubectl --namespace openstack get secret ironic-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args ironic/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.ironic.password=$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.glance.password=$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.ironic.password=$(kubectl --namespace openstack get secret ironic-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.ironic.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.ironic.database.slave_connection=mysql+pymysql://ironic:$(kubectl --namespace openstack get secret ironic-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/ironic" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.ironic.password=$(kubectl --namespace openstack get secret ironic-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-keystone.sh b/bin/install-keystone.sh index de68bf2f8..cc8f72cab 100755 --- a/bin/install-keystone.sh +++ b/bin/install-keystone.sh @@ -1,54 +1,127 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/keystone" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/keystone/keystone-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read keystone version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="keystone" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract keystone version using grep and sed -KEYSTONE_VERSION=$(grep 'keystone:' "$VERSION_FILE" | sed 's/.*keystone: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$KEYSTONE_VERSION" ]; then - echo "Error: Could not extract keystone version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install keystone openstack-helm/keystone --version ${KEYSTONE_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it is in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.keystone.password=\"$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.keystone.password=\"$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args keystone/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_db.auth.keystone.password=$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.keystone.password=$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-kube-event-exporter.sh b/bin/install-kube-event-exporter.sh deleted file mode 100755 index 3c6d19a7c..000000000 --- a/bin/install-kube-event-exporter.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/prometheus-kube-event-exporter/values.yaml" - -# Read kube-event-exporter version from helm-chart-versions.yaml -VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" -if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" - exit 1 -fi - -# Extract kube-event-exporter version using grep and sed -KUBE_EVENT_EXPORTER_VERSION=$(grep 'kube-event-exporter:' "$VERSION_FILE" | sed 's/.*kube-event-exporter: *//') - -if [ -z "$KUBE_EVENT_EXPORTER_VERSION" ]; then - echo "Error: Could not extract kube-event-exporter version from $VERSION_FILE" - exit 1 -fi - -HELM_CMD="helm upgrade --install kube-event-exporter bitnami/kubernetes-event-exporter \ - --version ${KUBE_EVENT_EXPORTER_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if present in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" $@" - -helm repo add bitnami https://charts.bitnami.com/bitnami -helm repo update - -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" diff --git a/bin/install-kube-ovn.sh b/bin/install-kube-ovn.sh index 6e2db1479..705dd659e 100755 --- a/bin/install-kube-ovn.sh +++ b/bin/install-kube-ovn.sh @@ -1,60 +1,135 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/kube-ovn" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/kube-ovn/kube-ovn-helm-overrides.yaml" -# Read kube-ovn version from helm-chart-versions.yaml +# Service +SERVICE_NAME="kube-ovn" +SERVICE_NAMESPACE="kube-system" # Note: kube-ovn uses the kube-system namespace + +# Helm +HELM_REPO_NAME="kubeovn" +HELM_REPO_URL="https://kubeovn.github.io/kube-ovn" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract kube-ovn version using grep and sed -KUBE_OVN_VERSION=$(grep 'kube-ovn:' "$VERSION_FILE" | sed 's/.*kube-ovn: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$KUBE_OVN_VERSION" ]; then - echo "Error: Could not extract kube-ovn version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# --- Kube-OVN specific logic to determine masters and replica count --- MASTER_NODES=$(kubectl get nodes -l kube-ovn/role=master -o json | jq -r '[.items[].status.addresses[] | select(.type == "InternalIP") | .address] | join(",")' | sed 's/,/\\,/g') MASTER_NODE_COUNT=$(kubectl get nodes -l kube-ovn/role=master -o json | jq -r '.items[].status.addresses[] | select(.type=="InternalIP") | .address' | wc -l) if [ "${MASTER_NODE_COUNT}" -eq 0 ]; then - echo "No master nodes found" - echo "Be sure to label your master nodes with kube-ovn/role=master before running this script" - echo "Exiting" + echo "Error: No master nodes found labeled with 'kube-ovn/role=master'" >&2 + echo "Be sure to label your master nodes with 'kube-ovn/role=master' before running this script." >&2 exit 1 fi +echo "Found $MASTER_NODE_COUNT master node(s) with IPs: ${MASTER_NODES//\\,/ }." +# -------------------------------------------------------------------- + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -helm repo add kubeovn https://kubeovn.github.io/kube-ovn +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD="helm upgrade --install kube-ovn kubeovn/kube-ovn \ - --version ${KUBE_OVN_VERSION} \ - --namespace=kube-system \ - --set MASTER_NODES=\"${MASTER_NODES}\" \ - --set replicaCount=${MASTER_NODE_COUNT}" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if present in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args kube-ovn/overlay" -HELM_CMD+=" $@" - -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "MASTER_NODES=${MASTER_NODES}" + --set "replicaCount=${MASTER_NODE_COUNT}" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-kube-prometheus-stack.sh b/bin/install-kube-prometheus-stack.sh index 3b3e4a874..f814ca990 100755 --- a/bin/install-kube-prometheus-stack.sh +++ b/bin/install-kube-prometheus-stack.sh @@ -20,6 +20,8 @@ GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" # Define service-specific override directories based on the framework SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Prometheus Rules directory (specific to this service's needs) GENESTACK_PROMETHEUS_RULES_DIR="${SERVICE_BASE_OVERRIDES}/rules" # Read the desired chart version from VERSION_FILE @@ -31,7 +33,7 @@ if [ ! -f "$VERSION_FILE" ]; then fi # Extract version dynamically using the SERVICE_NAME variable -SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") if [ -z "$SERVICE_VERSION" ]; then echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 @@ -40,49 +42,49 @@ fi echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -# Prepare an array to collect --values arguments -values_args=() +# Prepare an array to collect -f arguments +overrides_args=() # Include all YAML files from the BASE configuration directory and the rules subdirectory if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then - echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" - - # Include YAML files directly in the base directory (e.g., specific overrides) - for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do - # Check that there is at least one match - if [[ -e "$file" ]]; then - echo " - $file (Base Config)" - values_args+=("--values" "$file") - fi - done - - # Include YAML files from the rules subdirectory (if it exists) - if [[ -d "$GENESTACK_PROMETHEUS_RULES_DIR" ]]; then - echo "Including rules files from: $GENESTACK_PROMETHEUS_RULES_DIR" - for file in "$GENESTACK_PROMETHEUS_RULES_DIR"/*.yaml; do - if [[ -e "$file" ]]; then - echo " - $file (Base Rules)" - values_args+=("--values" "$file") - fi + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + + # Include YAML files directly in the base directory (e.g., specific overrides) + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file (Base Config)" + overrides_args+=("-f" "$file") + fi done - else - echo "Info: Rules directory not found: $GENESTACK_PROMETHEUS_RULES_DIR" - fi + + # Include YAML files from the rules subdirectory (if it exists) + if [[ -d "$GENESTACK_PROMETHEUS_RULES_DIR" ]]; then + echo "Including rules files from: $GENESTACK_PROMETHEUS_RULES_DIR" + for file in "$GENESTACK_PROMETHEUS_RULES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file (Base Rules)" + overrides_args+=("-f" "$file") + fi + done + else + echo "Info: Rules directory not found: $GENESTACK_PROMETHEUS_RULES_DIR" + fi else - echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" fi # Include all YAML files from the custom SERVICE configuration directory if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then - echo "Including overrides from config directory:" - for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi echo @@ -91,16 +93,24 @@ echo helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update +# Collect all --set arguments (none in the original script) +set_args=() + + helm_command=( - helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" - --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace - "${values_args[@]}" + "${overrides_args[@]}" + "${set_args[@]}" # Post-renderer configuration --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" --post-renderer-args "$SERVICE_NAME/overlay" + "$@" ) diff --git a/bin/install-kubernetes-event-exporter.sh b/bin/install-kubernetes-event-exporter.sh new file mode 100755 index 000000000..73317de0a --- /dev/null +++ b/bin/install-kubernetes-event-exporter.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="kubernetes-event-exporter" +SERVICE_NAMESPACE="monitoring" + +# Helm +HELM_REPO_NAME="bitnami" +HELM_REPO_URL="https://charts.bitnami.com/bitnami" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically. Note: the service name in the YAML is 'kubernetes-event-exporter'. +SERVICE_VERSION=$(grep "kubernetes-event-exporter:" "$VERSION_FILE" | sed 's/.*kubernetes-event-exporter: *//') + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for 'kubernetes-event-exporter' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Base Override Files: Check the standard base directory. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 120m + --version "${SERVICE_VERSION}" + + "${overrides_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-libvirt.sh b/bin/install-libvirt.sh index 6ffa74c2e..3ea750b94 100755 --- a/bin/install-libvirt.sh +++ b/bin/install-libvirt.sh @@ -1,46 +1,120 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/libvirt" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/libvirt/libvirt-helm-overrides.yaml" -# Read libvirt version from helm-chart-versions.yaml +# Service +SERVICE_NAME="libvirt" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract libvirt version using grep and sed -LIBVIRT_VERSION=$(grep 'libvirt:' "$VERSION_FILE" | sed 's/.*libvirt: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$LIBVIRT_VERSION" ]; then - echo "Error: Could not extract libvirt version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install libvirt openstack-helm/libvirt --version ${LIBVIRT_VERSION} \ - --namespace=openstack \ - --timeout 120m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args libvirt/overlay" +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi -HELM_CMD+=" $@" +echo -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Collect all --set arguments (none in the original script) +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-longhorn.sh b/bin/install-longhorn.sh index 09b4d03d5..b46c99073 100755 --- a/bin/install-longhorn.sh +++ b/bin/install-longhorn.sh @@ -1,39 +1,122 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/longhorn" -# Read longhorn version from helm-chart-versions.yaml +# Service +SERVICE_NAME="longhorn" +SERVICE_NAMESPACE="longhorn-system" + +# Helm +HELM_REPO_NAME="longhorn" +HELM_REPO_URL="https://charts.longhorn.io" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract longhorn version using grep and sed -LONGHORN_VERSION=$(grep 'longhorn:' "$VERSION_FILE" | sed 's/.*longhorn: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$LONGHORN_VERSION" ]; then - echo "Error: Could not extract longhorn version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace" -HELM_CMD+=" --set persistence.defaultClass=false --version ${LONGHORN_VERSION}" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done +# Prepare an array to collect -f arguments +overrides_args=() -HELM_CMD+=" $@" +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi -helm repo add longhorn https://charts.longhorn.io +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "persistence.defaultClass=false" + --set "defaultSettings.createDefaultDiskAndStorageClass=false" +) + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration (Longhorn generally doesn't use this, but keeping for template adherence) + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-magnum.sh b/bin/install-magnum.sh index 4d48f07b5..6a7dc779a 100755 --- a/bin/install-magnum.sh +++ b/bin/install-magnum.sh @@ -1,56 +1,129 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/magnum" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/magnum/magnum-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read magnum version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="magnum" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract magnum version using grep and sed -MAGNUM_VERSION=$(grep 'magnum:' "$VERSION_FILE" | sed 's/.*magnum: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$MAGNUM_VERSION" ]; then - echo "Error: Could not extract magnum version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install magnum openstack-helm/magnum --version ${MAGNUM_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it is found in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.magnum.password=\"$(kubectl --namespace openstack get secret magnum-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.magnum.password=\"$(kubectl --namespace openstack get secret magnum-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.magnum.password=\"$(kubectl --namespace openstack get secret magnum-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.magnum.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args magnum/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.magnum.password=$(kubectl --namespace openstack get secret magnum-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.magnum.password=$(kubectl --namespace openstack get secret magnum-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.magnum.password=$(kubectl --namespace openstack get secret magnum-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.magnum.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-masakari.sh b/bin/install-masakari.sh index ff4682cc3..3f00ebad4 100755 --- a/bin/install-masakari.sh +++ b/bin/install-masakari.sh @@ -1,56 +1,129 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/masakari" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/masakari/masakari-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read masakari version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="masakari" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Define the Global Overrides directory used in the original script +GLOBAL_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract masakari version using grep and sed -MASAKARI_VERSION=$(grep 'masakari:' "$VERSION_FILE" | sed 's/.*masakari: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$MASAKARI_VERSION" ]; then - echo "Error: Could not extract masakari version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install masakari openstack-helm/masakari --version ${MASAKARI_VERSION} \ - --namespace=openstack \ - --timeout 10m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES" +fi -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it appears in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.masakari.password=\"$(kubectl --namespace openstack get secret masakari-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.masakari.password=\"$(kubectl --namespace openstack get secret masakari-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.masakari.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.masakari.password=\"$(kubectl --namespace openstack get secret masakari-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args masakari/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.masakari.password=$(kubectl --namespace openstack get secret masakari-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.masakari.password=$(kubectl --namespace openstack get secret masakari-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.masakari.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.masakari.password=$(kubectl --namespace openstack get secret masakari-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-metallb.sh b/bin/install-metallb.sh index df3ee724d..0d9c240ea 100755 --- a/bin/install-metallb.sh +++ b/bin/install-metallb.sh @@ -1,44 +1,107 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/metallb" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/metallb/metallb-helm-overrides.yaml" -# Read metallb version from helm-chart-versions.yaml +# Service +SERVICE_NAME="metallb" +SERVICE_NAMESPACE="metallb-system" + +# Helm +HELM_REPO_NAME="metallb" +HELM_REPO_URL="https://metallb.github.io/metallb" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract metallb version using grep and sed -METALLB_VERSION=$(grep 'metallb:' "$VERSION_FILE" | sed 's/.*metallb: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$METALLB_VERSION" ]; then - echo "Error: Could not extract metallb version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -helm repo add metallb https://metallb.github.io/metallb +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD="helm upgrade --install --namespace metallb-system metallb metallb/metallb --version ${METALLB_VERSION}" +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" -HELM_CMD+=" -f ${BASE_OVERRIDES}" + # Post-renderer configuration + # NOTE: Metallb doesn't typically require a post-renderer, but we keep it + # for template compliance. + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if present in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi - done - fi -done + "$@" +) -HELM_CMD+=" $@" +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-neutron.sh b/bin/install-neutron.sh index fffb200a6..67d44b5bc 100755 --- a/bin/install-neutron.sh +++ b/bin/install-neutron.sh @@ -1,66 +1,143 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/neutron" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/neutron/neutron-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read neutron version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="neutron" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract neutron version using grep and sed -NEUTRON_VERSION=$(grep 'neutron:' "$VERSION_FILE" | sed 's/.*neutron: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$NEUTRON_VERSION" ]; then - echo "Error: Could not extract neutron version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install neutron openstack-helm/neutron --version ${NEUTRON_VERSION} \ - --namespace=openstack \ - --timeout 120m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Prepare an array to collect -f arguments +overrides_args=() -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it appears in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done - fi -done - -HELM_CMD+=" --set conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret=\"$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret=\"$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.neutron.password=\"$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.nova.password=\"$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.placement.password=\"$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.designate.password=\"$(kubectl --namespace openstack get secret designate-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.ironic.password=\"$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.neutron.password=\"$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.neutron.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.neutron.password=\"$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set conf.neutron.ovn.ovn_nb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --set conf.neutron.ovn.ovn_sb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --set conf.plugins.ml2_conf.ovn.ovn_nb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --set conf.plugins.ml2_conf.ovn.ovn_sb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args neutron/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +# NOTE: Files here override base settings and are applied before service-specific ones. +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +# NOTE: This array contains OpenStack-specific secret retrievals and MUST be updated +# with the necessary --set arguments for your target SERVICE_NAME. +set_args=( + # Metadata proxy secret + --set "conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret=$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" + --set "conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret=$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.neutron.password=$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.nova.password=$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.placement.password=$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.designate.password=$(kubectl --namespace openstack get secret designate-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.ironic.password=$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.neutron.password=$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.neutron.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.neutron.password=$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "conf.neutron.ovn.ovn_nb_connection=tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" + --set "conf.neutron.ovn.ovn_sb_connection=tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" + --set "conf.plugins.ml2_conf.ovn.ovn_nb_connection=tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" + --set "conf.plugins.ml2_conf.ovn.ovn_sb_connection=tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-nova.sh b/bin/install-nova.sh index b01f87e71..bde4c9dc6 100755 --- a/bin/install-nova.sh +++ b/bin/install-nova.sh @@ -31,7 +31,7 @@ if [ ! -f "$VERSION_FILE" ]; then fi # Extract version dynamically using the SERVICE_NAME variable -SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") if [ -z "$SERVICE_VERSION" ]; then echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 @@ -40,47 +40,47 @@ fi echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -# Prepare an array to collect --values arguments -values_args=() +# Prepare an array to collect -f arguments +overrides_args=() -# Include all YAML files from the BASE configuration directory +# Include all YAML files from the BASE configuration directory if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then - echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" - for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do - # Check that there is at least one match - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" fi # Include all YAML files from the GLOBAL configuration directory if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then - echo "Including overrides from global config directory:" - for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" fi # Include all YAML files from the custom SERVICE configuration directory if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then - echo "Including overrides from service config directory:" - for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi echo @@ -89,14 +89,8 @@ echo helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -helm_command=( - helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" - --version "${SERVICE_VERSION}" - --namespace=openstack - --timeout 120m - - "${values_args[@]}" - +# Collect all --set arguments, executing commands and quoting safely +set_args=( --set "conf.nova.neutron.metadata_proxy_shared_secret=$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" --set "endpoints.identity.auth.nova.password=$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" @@ -114,9 +108,20 @@ helm_command=( --set "conf.nova.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" --set "endpoints.oslo_messaging.auth.nova.password=$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" - --set "network.ssh.public_key=$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)" --set "network.ssh.private_key=$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" # Post-renderer configuration --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" diff --git a/bin/install-octavia.sh b/bin/install-octavia.sh index 548316aed..74056a517 100755 --- a/bin/install-octavia.sh +++ b/bin/install-octavia.sh @@ -1,60 +1,150 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/octavia" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/octavia/octavia-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read octavia version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="octavia" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +# NOTE: These are framework-specific defaults; adjust if your environment uses different paths. +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE +# NOTE: Ensure this file exists and contains an entry for SERVICE_NAME. VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract octavia version using grep and sed -OCTAVIA_VERSION=$(grep 'octavia:' "$VERSION_FILE" | sed 's/.*octavia: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$OCTAVIA_VERSION" ]; then - echo "Error: Could not extract octavia version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install octavia openstack-helm/octavia --version ${OCTAVIA_VERSION} \ - --namespace=openstack \ - --timeout 120m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Prepare an array to collect -f arguments +overrides_args=() -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it appears in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.octavia.password=\"$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.octavia.password=\"$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db_persistence.auth.octavia.password=\"$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.octavia.password=\"$(kubectl --namespace openstack get secret octavia-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.octavia.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.octavia.certificates.ca_private_key_passphrase=\"$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set conf.octavia.ovn.ovn_nb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --set conf.octavia.ovn.ovn_sb_connection=\"tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args octavia/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +# NOTE: Files here override base settings and are applied before service-specific ones. +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +# NOTE: This array contains OpenStack-specific secret retrievals and MUST be updated +# with the necessary --set arguments for your target SERVICE_NAME. +set_args=( + # Keystone endpoint passwords + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.octavia.password=$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" + + # DB passwords + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.octavia.password=$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db_persistence.auth.octavia.password=$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)" + + # Messaging passwords + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.octavia.password=$(kubectl --namespace openstack get secret octavia-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + + # Memcache secrets + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.octavia.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + + # Certificate passphrase + --set "conf.octavia.certificates.ca_private_key_passphrase=$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" + + # OVN connections (dynamic clusterIP lookup) + --set "conf.octavia.ovn.ovn_nb_connection=tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" + --set "conf.octavia.ovn.ovn_sb_connection=tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + # NOTE: Update the path and args if your service uses a different kustomization overlay. + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-openstack-exporter.sh b/bin/install-openstack-exporter.sh old mode 100644 new mode 100755 index 7c935adc2..85e1b5a96 --- a/bin/install-openstack-exporter.sh +++ b/bin/install-openstack-exporter.sh @@ -16,7 +16,7 @@ fi find_unused_port() { local port=49152 while :; do - if ! kubectl get svc --all-namespaces -o jsonpath='{range .items[*]}{.spec.ports[*].port}{"\n"}{end}' | grep -q "^${port}$"; then + if ! kubectl get svc --all-namespaces -o jsonpath='{range .items[*]}{.spec.ports[*].port}{"\n"}{end}' | grep -q "${port}$"; then echo "$port" return 0 fi diff --git a/bin/install-placement.sh b/bin/install-placement.sh index d2382a3cb..142ac2c44 100755 --- a/bin/install-placement.sh +++ b/bin/install-placement.sh @@ -1,55 +1,141 @@ #!/bin/bash -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/placement" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/placement/placement-helm-overrides.yaml" +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -# Read placement version from helm-chart-versions.yaml +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="placement" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +# NOTE: These are framework-specific defaults; adjust if your environment uses different paths. +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE +# NOTE: Ensure this file exists and contains an entry for SERVICE_NAME. VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract placement version using grep and sed -PLACEMENT_VERSION=$(grep 'placement:' "$VERSION_FILE" | sed 's/.*placement: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$PLACEMENT_VERSION" ]; then - echo "Error: Could not extract placement version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install placement openstack-helm/placement --version ${PLACEMENT_VERSION} \ - --namespace=openstack \ - --timeout 120m" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -HELM_CMD+=" -f ${BASE_OVERRIDES}" +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +# NOTE: Files here override base settings and are applied before service-specific ones. +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - # Avoid re-adding the base override file if it appears in the service directory - if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then - HELM_CMD+=" -f ${yaml_file}" - fi +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.placement.password=\"$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.placement.password=\"$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.nova_api.password=\"$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set conf.placement.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args placement/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +# NOTE: This array contains OpenStack-specific secret retrievals and MUST be updated +# with the necessary --set arguments for your target SERVICE_NAME. +set_args=( + # Keystone endpoint passwords + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.placement.password=$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" + + # DB passwords + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.placement.password=$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" + + # DB access for Nova API (required by Placement) + --set "endpoints.oslo_db.auth.nova_api.password=$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" + + # Memcache secrets + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.placement.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + # NOTE: Update the path and args if your service uses a different kustomization overlay. + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-postgres-operator.sh b/bin/install-postgres-operator.sh index baa3cf73d..6045c7e79 100755 --- a/bin/install-postgres-operator.sh +++ b/bin/install-postgres-operator.sh @@ -1,47 +1,112 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -# Directory to check for YAML files -CONFIG_DIR="/etc/genestack/helm-configs/postgres-operator" -# Read postgres-operator version from helm-chart-versions.yaml +# Service +SERVICE_NAME="postgres-operator" +SERVICE_NAMESPACE="postgres-system" + +# Helm +HELM_REPO_NAME="postgres-operator-charts" +HELM_REPO_URL="https://opensource.zalando.com/postgres-operator/charts/postgres-operator" + +# Base directories provided by the environment +# NOTE: These are framework-specific defaults; adjust if your environment uses different paths. +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +# NOTE: Ensure this file exists and contains an entry for SERVICE_NAME. VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract postgres-operator version using grep and sed -POSTGRES_OPERATOR_VERSION=$(grep 'postgres-operator:' "$VERSION_FILE" | sed 's/.*postgres-operator: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$POSTGRES_OPERATOR_VERSION" ]; then - echo "Error: Could not extract postgres-operator version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -# Base helm command setup -HELM_CMD="helm upgrade --install postgres-operator postgres-operator-charts/postgres-operator \ - --version ${POSTGRES_OPERATOR_VERSION} \ - --namespace=postgres-system \ - --create-namespace \ - --timeout 120m" - -# Add the base overrides file -HELM_CMD+=" -f /opt/genestack/base-helm-configs/postgres-operator/postgres-operator-helm-overrides.yaml" - -# Check if YAML files exist in the specified directory -if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then - # Append all YAML files from the directory to the helm command - for yaml_file in "${CONFIG_DIR}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi -HELM_CMD+=" $@" +echo -helm repo add postgres-operator-charts https://opensource.zalando.com/postgres-operator/charts/postgres-operator +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -# Run the helm command -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Collect all --set arguments, executing commands and quoting safely +# NOTE: This array contains OpenStack-specific secret retrievals and MUST be updated +# with the necessary --set arguments for your target SERVICE_NAME. +# This is empty for postgres-operator. +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + # NOTE: Update the path and args if your service uses a different kustomization overlay. + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-prometheus-mysql-exporter.sh b/bin/install-prometheus-mysql-exporter.sh new file mode 100755 index 000000000..3af68cf2f --- /dev/null +++ b/bin/install-prometheus-mysql-exporter.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="prometheus-mysql-exporter" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="prometheus-community" +HELM_REPO_URL="https://prometheus-community.github.io/helm-charts" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-prometheus-postgres-exporter.sh b/bin/install-prometheus-postgres-exporter.sh new file mode 100755 index 000000000..902089400 --- /dev/null +++ b/bin/install-prometheus-postgres-exporter.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="prometheus-postgres-exporter" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="prometheus-community" +HELM_REPO_URL="https://prometheus-community.github.io/helm-charts" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-prometheus-pushgateway.sh b/bin/install-prometheus-pushgateway.sh new file mode 100755 index 000000000..17780317e --- /dev/null +++ b/bin/install-prometheus-pushgateway.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="prometheus-pushgateway" +SERVICE_NAMESPACE="prometheus" + +# Helm +HELM_REPO_NAME="prometheus-community" +HELM_REPO_URL="https://prometheus-community.github.io/helm-charts" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m + --version "${SERVICE_VERSION}" + + "${overrides_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-prometheus-rabbitmq-exporter.sh b/bin/install-prometheus-rabbitmq-exporter.sh index 78c15c032..afb464893 100755 --- a/bin/install-prometheus-rabbitmq-exporter.sh +++ b/bin/install-prometheus-rabbitmq-exporter.sh @@ -5,9 +5,9 @@ # Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -# Service +# Service SERVICE_NAME="prometheus-rabbitmq-exporter" -SERVICE_NAMESPACE="prometheus" +SERVICE_NAMESPACE="openstack" # Helm HELM_REPO_NAME="prometheus-community" @@ -18,8 +18,8 @@ GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" # Define service-specific override directories based on the framework -SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" -SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" # Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" @@ -30,7 +30,7 @@ if [ ! -f "$VERSION_FILE" ]; then fi # Extract version dynamically using the SERVICE_NAME variable -SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") if [ -z "$SERVICE_VERSION" ]; then echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 @@ -39,34 +39,36 @@ fi echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -# Prepare an array to collect --values arguments -values_args=() +# Prepare an array to collect -f arguments +overrides_args=() -# Base Override Files +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then - echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" - for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do - # Check that there is at least one match - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" fi # Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then - echo "Including overrides from config directory:" - for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do - if [[ -e "$file" ]]; then - echo " - $file" - values_args+=("--values" "$file") - fi - done + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done else - echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi echo @@ -75,16 +77,24 @@ echo helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + helm_command=( - helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" - --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace - "${values_args[@]}" + "${overrides_args[@]}" + "${set_args[@]}" # Post-renderer configuration --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" --post-renderer-args "$SERVICE_NAME/overlay" + "$@" ) diff --git a/bin/install-prometheus-snmp-exporter.sh b/bin/install-prometheus-snmp-exporter.sh index 9db9352c5..7768876a2 100755 --- a/bin/install-prometheus-snmp-exporter.sh +++ b/bin/install-prometheus-snmp-exporter.sh @@ -30,7 +30,7 @@ if [ ! -f "$VERSION_FILE" ]; then fi # Extract version dynamically using the SERVICE_NAME variable -SERVICE_VERSION=$(grep "${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") if [ -z "$SERVICE_VERSION" ]; then echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 @@ -39,8 +39,8 @@ fi echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" -# Prepare an array to collect --values arguments -values_args=() +# Prepare an array to collect -f arguments +overrides_args=() # Include all YAML files from the BASE configuration directory if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then @@ -49,7 +49,7 @@ if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then # Check that there is at least one match if [[ -e "$file" ]]; then echo " - $file" - values_args+=("--values" "$file") + overrides_args+=("-f" "$file") fi done else @@ -62,7 +62,7 @@ if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do if [[ -e "$file" ]]; then echo " - $file" - values_args+=("--values" "$file") + overrides_args+=("-f" "$file") fi done else @@ -80,7 +80,7 @@ helm_command=( --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 10m --version "${SERVICE_VERSION}" - "${values_args[@]}" + "${overrides_args[@]}" # Post-renderer configuration --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" diff --git a/bin/install-redis-operator.sh b/bin/install-redis-operator.sh index 928d8a19e..7345f7884 100755 --- a/bin/install-redis-operator.sh +++ b/bin/install-redis-operator.sh @@ -1,55 +1,123 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -CONFIG_DIR="/etc/genestack/helm-configs/redis-operator-replication" +# Service +SERVICE_NAME="redis-replication" +SERVICE_NAMESPACE="redis-systems" + +# Helm +HELM_REPO_NAME="ot-helm" +HELM_REPO_URL="https://ot-container-kit.github.io/helm-charts/" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" -# Read redis-operator version from helm-chart-versions.yaml +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/redis-operator-replication" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/redis-operator-replication" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +# Read the desired chart version from VERSION_FILE if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract redis-operator version using grep and sed +# Extract Redis Operator version REDIS_OPERATOR_VERSION=$(grep 'redis-operator:' "$VERSION_FILE" | sed 's/.*redis-operator: *//') - if [ -z "$REDIS_OPERATOR_VERSION" ]; then - echo "Error: Could not extract redis-operator version from $VERSION_FILE" + echo "Error: Could not extract version for 'redis-operator' from $VERSION_FILE" >&2 exit 1 fi +echo "Found version for redis-operator: $REDIS_OPERATOR_VERSION" -# Extract redis-replication version using grep and sed -REDIS_REPLICATION_VERSION=$(grep 'redis-replication:' "$VERSION_FILE" | sed 's/.*redis-replication: *//') +# Extract Redis Replication (main service) version +SERVICE_VERSION=$(grep 'redis-replication:' "$VERSION_FILE" | sed 's/.*redis-replication: *//') -if [ -z "$REDIS_REPLICATION_VERSION" ]; then - echo "Error: Could not extract redis-replication version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -# Add the redis-operator helm repository -helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/ +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Helm Repository and Operator/CRD Installation +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -# Install the Operator and CRDs that match the version defined -helm upgrade --install --namespace=redis-systems --create-namespace redis-operator ot-helm/redis-operator --version "${REDIS_OPERATOR_VERSION}" +echo "Installing Redis Operator (Step 1 of 2)..." +helm upgrade --install \ + --namespace="$SERVICE_NAMESPACE" \ + --create-namespace \ + redis-operator \ + "$HELM_REPO_NAME/redis-operator" \ + --version "${REDIS_OPERATOR_VERSION}" -# Helm command setup for Redis replication cluster -HELM_CMD="helm upgrade --install redis-replication ot-helm/redis-replication --version ${REDIS_REPLICATION_VERSION} \ - --namespace=redis-systems \ - --timeout 120m \ - -f /opt/genestack/base-helm-configs/redis-operator-replication/redis-replication-helm-overrides.yaml" +# Prepare an array to collect -f arguments +overrides_args=() -# Check if YAML files exist in the specified directory -if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then - # Add all YAML files from the directory to the helm command - for yaml_file in "${CONFIG_DIR}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" fi -HELM_CMD+=" $@" +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# Collect all --set arguments, executing commands and quoting safely +set_args=() + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -# Run the helm command -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-redis-sentinel.sh b/bin/install-redis-sentinel.sh index 9d16d6b4d..7fa81c30a 100755 --- a/bin/install-redis-sentinel.sh +++ b/bin/install-redis-sentinel.sh @@ -1,44 +1,96 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) # shellcheck disable=SC2124,SC2145,SC2294 -CONFIG_DIR="/etc/genestack/helm-configs/redis-sentinel" +# Service +SERVICE_NAME="redis-sentinel" +SERVICE_NAMESPACE="redis-systems" + +# Helm +HELM_REPO_NAME="ot-helm" +HELM_REPO_URL="https://ot-container-kit.github.io/helm-charts/" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${SERVICE_BASE_OVERRIDES:-$GENESTACK_BASE_DIR/base-helm-configs/$SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${SERVICE_CUSTOM_OVERRIDES:-$GENESTACK_OVERRIDES_DIR/helm-configs/$SERVICE_NAME}" -# Read redis-operator version from helm-chart-versions.yaml +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract redis-sentinel version using grep and sed -REDIS_SENTINEL_VERSION=$(grep 'redis-sentinel:' "$VERSION_FILE" | sed 's/.*redis-sentinel: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$REDIS_SENTINEL_VERSION" ]; then - echo "Error: Could not extract redis-sentinel version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -# Add the redis-operator helm repository -helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/ -helm repo update +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi -# Helm command setup for Redis Sentinel -HELM_CMD="helm upgrade --install redis-sentinel ot-helm/redis-sentinel --version ${REDIS_SENTINEL_VERSION} \ - --namespace=redis-systems \ - --timeout 120m \ - -f /opt/genestack/base-helm-configs/redis-sentinel/redis-sentinel-helm-overrides.yaml" - -# Check if YAML files exist in the specified directory -if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then - # Add all YAML files from the directory to the helm command - for yaml_file in "${CONFIG_DIR}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi done +else + echo "Warning: Config directory not found: $SERVICE_CUSTOM_OVERRIDES" fi -HELM_CMD+=" $@" +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME"/"$SERVICE_NAME" + --create-namespace --namespace="$SERVICE_NAMESPACE" --timeout 120m + --version "${SERVICE_VERSION}" + + "${overrides_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -# Run the helm command -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-service-template.sh b/bin/install-service-template.sh new file mode 100755 index 000000000..e15d94aeb --- /dev/null +++ b/bin/install-service-template.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. + +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 + +# Service +SERVICE_NAME="" +SERVICE_NAMESPACE="" + +# Helm +HELM_REPO_NAME="" +HELM_REPO_URL="" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE +VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + +if [ ! -f "$VERSION_FILE" ]; then + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 + exit 1 +fi + +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") + +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 + exit 1 +fi + +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" +helm repo update + +# Collect all --set arguments, executing commands and quoting safely +# In this section, you will include any additional helm commands (--set) that are +# needed to configure the service correctly +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo + +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/install-zaqar.sh b/bin/install-zaqar.sh old mode 100644 new mode 100755 index 6bbf960ec..f69b693e3 --- a/bin/install-zaqar.sh +++ b/bin/install-zaqar.sh @@ -1,58 +1,132 @@ #!/bin/bash +# Description: Fetches the version for SERVICE_NAME from the specified +# YAML file and executes a helm upgrade/install command with dynamic values files. -GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides" -SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/zaqar" -BASE_OVERRIDES="/opt/genestack/base-helm-configs/zaqar/zaqar-helm-overrides.yaml" +# Disable SC2124 (unused array), SC2145 (array expansion issue), SC2294 (eval) +# shellcheck disable=SC2124,SC2145,SC2294 -# Read zaqar version from helm-chart-versions.yaml +# Service +SERVICE_NAME="zaqar" +SERVICE_NAMESPACE="openstack" + +# Helm +HELM_REPO_NAME="openstack-helm" +HELM_REPO_URL="https://tarballs.opendev.org/openstack/openstack-helm" + +# Base directories provided by the environment +GENESTACK_BASE_DIR="${GENESTACK_BASE_DIR:-/opt/genestack}" +GENESTACK_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR:-/etc/genestack}" + +# Define service-specific override directories based on the framework +SERVICE_BASE_OVERRIDES="${GENESTACK_BASE_DIR}/base-helm-configs/${SERVICE_NAME}" +SERVICE_CUSTOM_OVERRIDES="${GENESTACK_OVERRIDES_DIR}/helm-configs/${SERVICE_NAME}" +GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides" + +# Read the desired chart version from VERSION_FILE VERSION_FILE="/etc/genestack/helm-chart-versions.yaml" + if [ ! -f "$VERSION_FILE" ]; then - echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" + echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE" >&2 exit 1 fi -# Extract zaqar version using grep and sed -ZAQAR_VERSION=$(grep 'zaqar:' "$VERSION_FILE" | sed 's/.*zaqar: *//') +# Extract version dynamically using the SERVICE_NAME variable +SERVICE_VERSION=$(grep "^[[:space:]]*${SERVICE_NAME}:" "$VERSION_FILE" | sed "s/.*${SERVICE_NAME}: *//") -if [ -z "$ZAQAR_VERSION" ]; then - echo "Error: Could not extract zaqar version from $VERSION_FILE" +if [ -z "$SERVICE_VERSION" ]; then + echo "Error: Could not extract version for '$SERVICE_NAME' from $VERSION_FILE" >&2 exit 1 fi -HELM_CMD="helm upgrade --install zaqar openstack-helm/zaqar --version ${ZAQAR_VERSION} \ - --namespace=openstack \ - --timeout 120m" - -HELM_CMD+=" -f ${BASE_OVERRIDES}" - -# Append YAML files from the directories -for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do - if compgen -G "${dir}/*.yaml" > /dev/null; then - for yaml_file in "${dir}"/*.yaml; do - HELM_CMD+=" -f ${yaml_file}" - done - fi -done - -HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.zaqar.password=\"$(kubectl --namespace openstack get secret zaqar-admin -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret zaqar-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_db.auth.zaqar.password=\"$(kubectl --namespace openstack get secret zaqar-db-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.admin.password=\"$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_messaging.auth.zaqar.password=\"$(kubectl --namespace openstack get secret zaqar-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)\"" -HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.zaqar.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\"" -HELM_CMD+=" --set conf.zaqar.signed_url.secret_key=\"$(kubectl --namespace openstack get secret zaqar-signed-url-secret-key -o jsonpath='{.data.zaqar_signed_url_secret_key}' | base64 -d)\"" - -HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh" -HELM_CMD+=" --post-renderer-args zaqar/overlay" - -helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm +echo "Found version for $SERVICE_NAME: $SERVICE_VERSION" + +# Prepare an array to collect -f arguments +overrides_args=() + +# Include all YAML files from the BASE configuration directory +# NOTE: Files in this directory are included first. +if [[ -d "$SERVICE_BASE_OVERRIDES" ]]; then + echo "Including base overrides from directory: $SERVICE_BASE_OVERRIDES" + for file in "$SERVICE_BASE_OVERRIDES"/*.yaml; do + # Check that there is at least one match + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Base override directory not found: $SERVICE_BASE_OVERRIDES" +fi + +# Include all YAML files from the GLOBAL configuration directory +# NOTE: Files here override base settings and are applied before service-specific ones. +if [[ -d "$GLOBAL_OVERRIDES_DIR" ]]; then + echo "Including overrides from global config directory:" + for file in "$GLOBAL_OVERRIDES_DIR"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Global config directory not found: $GLOBAL_OVERRIDES_DIR" +fi + +# Include all YAML files from the custom SERVICE configuration directory +# NOTE: Files here have the highest precedence. +if [[ -d "$SERVICE_CUSTOM_OVERRIDES" ]]; then + echo "Including overrides from service config directory:" + for file in "$SERVICE_CUSTOM_OVERRIDES"/*.yaml; do + if [[ -e "$file" ]]; then + echo " - $file" + overrides_args+=("-f" "$file") + fi + done +else + echo "Warning: Service config directory not found: $SERVICE_CUSTOM_OVERRIDES" +fi + +echo + +# --- Helm Repository and Execution --- +helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" helm repo update -HELM_CMD+=" $@" +# Collect all --set arguments, executing commands and quoting safely +set_args=( + --set "endpoints.identity.auth.admin.password=$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.zaqar.password=$(kubectl --namespace openstack get secret zaqar-admin -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.identity.auth.test.password=$(kubectl --namespace openstack get secret zaqar-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_db.auth.admin.password=$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" + --set "endpoints.oslo_db.auth.zaqar.password=$(kubectl --namespace openstack get secret zaqar-db-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.admin.password=$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_messaging.auth.zaqar.password=$(kubectl --namespace openstack get secret zaqar-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" + --set "endpoints.oslo_cache.auth.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.zaqar.keystone_authtoken.memcache_secret_key=$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" + --set "conf.zaqar.signed_url.secret_key=$(kubectl --namespace openstack get secret zaqar-signed-url-secret-key -o jsonpath='{.data.zaqar_signed_url_secret_key}' | base64 -d)" +) + + +helm_command=( + helm upgrade --install "$SERVICE_NAME" "$HELM_REPO_NAME/$SERVICE_NAME" + --version "${SERVICE_VERSION}" + --namespace="$SERVICE_NAMESPACE" + --timeout 120m + --create-namespace + + "${overrides_args[@]}" + "${set_args[@]}" + + # Post-renderer configuration + --post-renderer "$GENESTACK_OVERRIDES_DIR/kustomize/kustomize.sh" + --post-renderer-args "$SERVICE_NAME/overlay" + + "$@" +) + +echo "Executing Helm command (arguments are quoted safely):" +printf '%q ' "${helm_command[@]}" +echo -echo "Executing Helm command:" -echo "${HELM_CMD}" -eval "${HELM_CMD}" +# Execute the command directly from the array +"${helm_command[@]}" diff --git a/bin/setup-infrastructure.sh b/bin/setup-infrastructure.sh index c4ddedbff..6a75ea917 100755 --- a/bin/setup-infrastructure.sh +++ b/bin/setup-infrastructure.sh @@ -135,7 +135,7 @@ kubectl apply -k /etc/genestack/kustomize/openstack/base # Deploy envoy /opt/genestack/bin/install-envoy-gateway.sh -echo "Waiting for the envoy-gateway to be available" +echo "Waiting for the envoyproxy-gateway to be available" kubectl -n envoyproxy-gateway-system wait --timeout=5m deployments.apps/envoy-gateway --for=condition=available /opt/genestack/bin/setup-envoy-gateway.sh -e ${ACME_EMAIL} -d ${GATEWAY_DOMAIN} diff --git a/docs/genestack-structure-and-files.md b/docs/genestack-structure-and-files.md index ef66746a6..80e9d78c3 100644 --- a/docs/genestack-structure-and-files.md +++ b/docs/genestack-structure-and-files.md @@ -16,7 +16,7 @@ This directory stores Helm configuration overrides for individual services and g - **Structure**: - `/etc/genestack/helm-configs/global_overrides`: Contains YAML files with global Helm configuration overrides applied to all services. These settings are typically used to enforce consistent configurations across the deployment. - `/etc/genestack/helm-configs/`: Each service (e.g., `keystone`, `nova`, `grafana`) has its own subdirectory containing service-specific override YAML files, such as `-helm-overrides.yaml`. These files customize Helm chart settings for the respective service. -- **Usage**: The installation scripts (e.g., `install-.sh`) reference these YAML files using the `--values` flag in Helm commands to customize deployments. +- **Usage**: The installation scripts (e.g., `install-.sh`) reference these YAML files using the `-f` flag in Helm commands to customize deployments. #### `/etc/genestack/kustomize` diff --git a/docs/infrastructure-loki.md b/docs/infrastructure-loki.md index 3067c03ec..aa49e3978 100644 --- a/docs/infrastructure-loki.md +++ b/docs/infrastructure-loki.md @@ -15,7 +15,7 @@ ou will need to make changes depending on how you want to configure loki. Exampl ``` shell helm upgrade --install \ - --values /etc/genestack/helm-configs/loki/loki-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/loki/loki-helm-overrides.yaml \ loki grafana/loki \ --create-namespace \ --namespace grafana \ diff --git a/docs/infrastructure-mariadb-ops.md b/docs/infrastructure-mariadb-ops.md index 092a955d7..d2c6460b4 100644 --- a/docs/infrastructure-mariadb-ops.md +++ b/docs/infrastructure-mariadb-ops.md @@ -47,10 +47,10 @@ mysqldump --host=$(kubectl -n openstack get service mariadb-cluster -o jsonpath= Run the `/opt/genestack/bin/backup-mariadb.sh` script to dump all databases as individual files in `~/backup/mariadb/$(date +%s)`. -??? example "Database Backup Script: `/opt/genestack/bin/backup-mariadb.sh`" +??? example "Database Backup Script: `/opt/genestack/scripts/backup-mariadb.sh`" ``` shell - --8<-- "bin/backup-mariadb.sh" + --8<-- "scripts/backup-mariadb.sh" ``` ### Automated All Database Backups diff --git a/helm-chart-versions.yaml b/helm-chart-versions.yaml index 024359a72..d730bc926 100644 --- a/helm-chart-versions.yaml +++ b/helm-chart-versions.yaml @@ -5,7 +5,7 @@ charts: ceilometer: 2024.2.115+13651f45-628a320c cinder: 2024.2.409+13651f45-628a320c cloudkitty: 2025.1.2+ebb1488dc - envoy: v1.5.3 + envoyproxy-gateway: v1.5.3 fluentbit: 2025.1.1+95bf0bf6e freezer: 2025.1.2+cdd5c6c55 glance: 2024.2.396+13651f45-628a320c @@ -15,7 +15,7 @@ charts: horizon: 2024.2.264+13651f45-628a320c ironic: 2024.2.121+13651f45-628a320c keystone: 2024.2.386+13651f45-628a320c - kube-event-exporter: 3.6.3 + kubernetes-event-exporter: 3.6.3 kube-ovn: v1.14.11 libvirt: 2024.2.94+912f85d38 loki: 6.43.0 @@ -39,4 +39,7 @@ charts: zaqar: 2025.2.0+2d37d445c prometheus-snmp-exporter: 9.8.1 prometheus-rabbitmq-exporter: 1.13.0 + prometheus-mysql-exporter: 2.11.0 + prometheus-postgres-exporter: 7.3.0 + prometheus-pushgateway: 3.4.2 prometheus-blackbox-exporter: 11.4.1 diff --git a/manifests/longhorn/longhorn-general-storageclass.yaml b/manifests/longhorn/longhorn-general-storageclass.yaml index 8c775bb1e..a852af695 100644 --- a/manifests/longhorn/longhorn-general-storageclass.yaml +++ b/manifests/longhorn/longhorn-general-storageclass.yaml @@ -5,12 +5,15 @@ metadata: name: general annotations: storageclass.kubernetes.io/is-default-class: "true" + helm.sh/hook: "pre-install" + helm.sh/hook-delete-policy: "before-hook-creation" + helm.sh/resource-policy: "keep" provisioner: driver.longhorn.io allowVolumeExpansion: true reclaimPolicy: Delete volumeBindingMode: Immediate parameters: - numberOfReplicas: "2" # This example uses a single replica, but you can adjust this value as needed + numberOfReplicas: "2" dataLocality: "best-effort" staleReplicaTimeout: "2880" fromBackup: "" diff --git a/openstack-components.yaml b/openstack-components.yaml new file mode 100644 index 000000000..acbfe120f --- /dev/null +++ b/openstack-components.yaml @@ -0,0 +1,21 @@ +--- +# This file is used to determine which services will be installed automatically +# via the hyperconverged lab and in a future release the genestack-installed. +components: + keystone: true + glance: true + heat: false + barbican: false + blazar: false + cloudkitty: false + cinder: true + freezer: false + placement: true + nova: true + neutron: true + magnum: false + octavia: false + masakari: false + ceilometer: false + gnocchi: false + skyline: true diff --git a/bin/backup-mariadb.sh b/scripts/backup-mariadb.sh similarity index 100% rename from bin/backup-mariadb.sh rename to scripts/backup-mariadb.sh diff --git a/bin/cleanup-openstack-completed-jobs.sh b/scripts/cleanup-openstack-completed-jobs.sh similarity index 100% rename from bin/cleanup-openstack-completed-jobs.sh rename to scripts/cleanup-openstack-completed-jobs.sh diff --git a/scripts/find_ovn_duplicate_ip.sh b/scripts/find_ovn_duplicate_ip.sh new file mode 100755 index 000000000..f4494a9e3 --- /dev/null +++ b/scripts/find_ovn_duplicate_ip.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Script to use 'kubectl get ip' to list all Kube-OVN allocated IP records +# and check for duplicates. It also checks if the referenced Pod still exists. + +echo "--- Fetching all Kube-OVN IP records (ips.kubeovn.io) across all namespaces..." +echo "Note: This command relies on the Kube-OVN 'IP' Custom Resource Definition (CRD)." + +# 1. Fetch all IP records using the custom resource 'ip' +# The output format for each record is: +# The 'kubectl get ip -A' output columns are NAME, NAMESPACE, IPADDRESS, MACADDRESS, SUBNET, NODE, PODNAME +IP_DATA=$(kubectl get ip -A -o custom-columns=IPADDRESS:.spec.ipAddress,NAMESPACE:.spec.namespace,PODNAME:.spec.podName --no-headers 2>/dev/null) + +if [ -z "$IP_DATA" ]; then + echo "ERROR: No Kube-OVN 'IP' records found. Ensure Kube-OVN is running correctly." >&2 + exit 1 +fi + +ALL_IPS=$(echo "$IP_DATA" | awk '{print $1}') + +# sort | uniq -c: counts unique lines (IPs) +# awk '$1 > 1': filters for IPs that appeared more than once +DUPLICATE_IPS=$(echo "$ALL_IPS" | sort | uniq -c | awk '$1 > 1 {print $2}') + +# --- Function to Check Pod Existence --- +# Checks if the pod exists in the given namespace and returns a status string. +check_pod_status() { + local ns="$1" + local pod="$2" + # Try to get the pod, suppressing errors, and check the exit code + if kubectl get pod "$pod" -n "$ns" --no-headers &>/dev/null; then + echo "Active" + else + echo "Missing" + fi +} +export -f check_pod_status + +# --- Output Results --- + +if [ -z "$DUPLICATE_IPS" ]; then + echo "" + echo "*** Success: No duplicate Kube-OVN IP addresses found across the cluster." +else + echo "" + echo "*** Duplicate IP Addresses Found! ATTENTION" + echo "-------------------------------------" + + echo "$DUPLICATE_IPS" | while read DUP_IP; do + echo "IP: ${DUP_IP} is used by:" + # Use grep to filter the original data for the duplicate IP + # Then iterate over the resulting lines + echo "$IP_DATA" | grep "^${DUP_IP}\s" | while read -r IP NS POD; do + POD_STATUS=$(check_pod_status "$NS" "$POD") + + # The name of the IP CRD is always . + IP_CRD_NAME="${POD}.${NS}" + + # Use '\t' (tab) for indentation + if [[ "$POD_STATUS" == "Active" ]]; then + echo -e "\t- namespace: ${NS} podname: ${POD} | Status: ${POD_STATUS}" + else + echo -e "\t- *** namespace: ${NS} podname: ${POD} | Status: ${POD_STATUS} (Stale CRD?)" + echo -e "\t= *** Resolution: kubectl delete ip ${IP_CRD_NAME}" + fi + done + done + echo "-------------------------------------" + echo "Action Required: Investigate the pods and the kube-ovn-controller logs." + echo "Duplicate IPs and 'Missing' Pods often indicate stale IP records (CRDs) that need cleanup." +fi diff --git a/scripts/find_ovn_stale_ip_crd.sh b/scripts/find_ovn_stale_ip_crd.sh new file mode 100755 index 000000000..7d11cbf63 --- /dev/null +++ b/scripts/find_ovn_stale_ip_crd.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# Configuration Defaults +KUBECTL_OPTS="" # Add any kubectl options here +IP_CRD_KIND="ip" # The Kube-OVN IP CRD kind +DRY_RUN=true # Default: True (safe mode) +TARGET_SUBNET="ovn-default" # Limit processing to this subnet + +# --- Argument Parsing --- +while [[ "$#" -gt 0 ]]; do + case $1 in + -d|--dry-run) DRY_RUN=true; shift ;; + -r|--run) DRY_RUN=false; shift ;; + *) echo "Unknown parameter passed: $1"; exit 1 ;; + esac +done +# ------------------------ + +# Function to check if a Pod exists +check_pod_exists() { + local namespace="$1" + local pod_name="$2" + kubectl ${KUBECTL_OPTS} get pod "${pod_name}" -n "${namespace}" --ignore-not-found --no-headers 2>/dev/null | grep -q "${pod_name}" +} + +echo "Starting Kube-OVN Stale IP CRD Cleanup Script" + +## Script Configuration and Status + +echo "--------------------------------------------------------" +echo "TARGETING SUBNET: ${TARGET_SUBNET}" +if $DRY_RUN; then + echo "MODE: DRY RUN (Safe Mode): No resources will be deleted. Delete commands are logged." +else + echo "MODE: LIVE EXECUTION: Stale IP CRDs WILL BE DELETED." +fi +echo "--------------------------------------------------------" + +ALL_IPS=$(kubectl ${KUBECTL_OPTS} get "${IP_CRD_KIND}" --all-namespaces -l ovn.kubernetes.io/subnet=${TARGET_SUBNET} -o json) + +# Process each IP CRD +echo "${ALL_IPS}" | jq -c '.items[]' | while read -r IP_CRD; do + IP_NAME=$(echo "${IP_CRD}" | jq -r '.metadata.name') + + # Extract Pod info + POD_NAMESPACE=$(echo "${IP_CRD}" | jq -r '.spec.namespace' 2>/dev/null) + POD_NAME=$(echo "${IP_CRD}" | jq -r '.spec.podName' 2>/dev/null) # Uses the corrected 'podName' field + + DELETE_COMMAND="kubectl ${KUBECTL_OPTS} delete ${IP_CRD_KIND} ${IP_NAME} -n ${POD_NAMESPACE}" + + if [[ -z "$POD_NAME" || "$POD_NAME" == "null" || -z "$POD_NAMESPACE" || "$POD_NAMESPACE" == "null" ]]; then + # This catches resources where the spec fields are truly missing + echo "MANUAL REVIEW REQUIRED: IP CRD ${IP_NAME} is missing Pod association fields." + echo " -> This likely refers to a non-Pod workload or a broken resource." + echo " -> MANUAL CHECK: Verify the status of the associated external workload." + continue + fi + + + # Check if the associated pod exists + if check_pod_exists "${POD_NAMESPACE}" "${POD_NAME}"; then + echo "ACTIVE: IP ${POD_NAMESPACE}/${IP_NAME} (Associated Pod ${POD_NAMESPACE}/${POD_NAME} exists and is running)." + else + echo "STALE: IP ${POD_NAMESPACE}/${IP_NAME} (Associated Pod ${POD_NAMESPACE}/${POD_NAME} not found)." + + if ! $DRY_RUN; then + echo " -> Executing delete command: ${DELETE_COMMAND}" + if eval "${DELETE_COMMAND}"; then + echo " -> Successfully deleted." + else + echo " -> ERROR deleting IP CRD. Check finalizers or permissions." + fi + else + echo " -> DELETE CMD: ${DELETE_COMMAND}" + echo " -> (Dry Run: Would have deleted the stale IP CRD.)" + fi + fi +done + +echo "--------------------------------------------------------" +echo "Script finished. Only IPs from ${TARGET_SUBNET} were inspected." diff --git a/scripts/hyperconverged-lab.sh b/scripts/hyperconverged-lab.sh index 8582bdabb..caeb0775b 100755 --- a/scripts/hyperconverged-lab.sh +++ b/scripts/hyperconverged-lab.sh @@ -21,7 +21,8 @@ if ! yq --version 2> /dev/null; then fi -# Default components file +# Default openstack components file +# this controls which openstack service will be installed ##...needed until default config is upstream... OS_CONFIG=" components: @@ -526,6 +527,14 @@ all: EOF fi +# Service Configurqation Section +# +if [ ! -f "/etc/genestack/helm-configs/envoyproxy-gateway/envoyproxy-gateway-helm-overrides.yaml" ]; then +cat > /etc/genestack/helm-configs/envoyproxy-gateway/envoyproxy-gateway-helm-overrides.yaml < /etc/genestack/helm-configs/barbican/barbican-helm-overrides.yaml <