diff options
author | Alexis de Talhouët <adetalhouet89@gmail.com> | 2018-01-23 11:04:43 -0500 |
---|---|---|
committer | Alexis de Talhouët <adetalhouet89@gmail.com> | 2018-01-23 13:58:42 -0500 |
commit | f6c0855f03b99fcca9f411370221fe9ffa48e889 (patch) | |
tree | 079b0a6f1a3a5ed7ae5b8001a0650911ee697874 /kubernetes/config/docker/init/src | |
parent | bbfe29d8cabfd347fa75e947a5753f7aa9a24177 (diff) |
Do not cache host resolution in DCAEGEN2 nginx
And fix DNS Designate proxy setup
Change-Id: I46c265ba8f66f81503b8cdc8c0f90f9e5956da86
Issue-ID: OOM-608
Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
Diffstat (limited to 'kubernetes/config/docker/init/src')
11 files changed, 165 insertions, 35 deletions
diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/OOM-openrc-v2.sh b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DCAE-openrc-v2.sh index 3313ef6793..108a3ce290 100755 --- a/kubernetes/config/docker/init/src/config/dcaegen2/heat/OOM-openrc-v2.sh +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DCAE-openrc-v2.sh @@ -10,11 +10,11 @@ # OpenStack API is version 2.0. For example, your cloud provider may implement # Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is # only for the Identity API served through keystone. -export OS_AUTH_URL=OPENSTACK_KEYSTONE_IP_HERE/v2.0 +export OS_AUTH_URL=DCAE_OS_KEYSTONE_URL_HERE/v2.0 # With the addition of Keystone we have standardized on the term **tenant** # as the entity that owns the resources. -export OS_TENANT_ID=OPENSTACK_TENANT_ID_HERE -export OS_TENANT_NAME="OPENSTACK_TENANT_NAME_HERE" +export OS_TENANT_ID=DCAE_OS_TENANT_ID_HERE +export OS_TENANT_NAME="DCAE_OS_TENANT_NAME_HERE" # unsetting v3 items in case set unset OS_PROJECT_ID unset OS_PROJECT_NAME @@ -22,12 +22,12 @@ unset OS_USER_DOMAIN_NAME unset OS_INTERFACE # In addition to the owning entity (tenant), OpenStack stores the entity # performing the action as the **user**. -export OS_USERNAME="OPENSTACK_USERNAME_HERE" +export OS_USERNAME="DCAE_OS_USERNAME_HERE" # With Keystone you pass the keystone password. -export OS_PASSWORD=OPENSTACK_PASSWORD_HERE +export OS_PASSWORD=DCAE_OS_PASSWORD_HERE # If your configuration has multiple regions, we set that information here. # OS_REGION_NAME is optional and only valid in certain environments. -export OS_REGION_NAME="OPENSTACK_REGION_HERE" +export OS_REGION_NAME="DCAE_OS_REGION_HERE" # Don't leave a blank variable, unset it if it was empty if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi export OS_ENDPOINT_TYPE=publicURL diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/OOM-openrc-v3.sh b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DCAE-openrc-v3.sh index f8d0967fc3..026f3f0a04 100755 --- a/kubernetes/config/docker/init/src/config/dcaegen2/heat/OOM-openrc-v3.sh +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DCAE-openrc-v3.sh @@ -11,12 +11,12 @@ # OpenStack API is version 3. For example, your cloud provider may implement # Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is # only for the Identity API served through keystone. -export OS_AUTH_URL=OPENSTACK_KEYSTONE_IP_HERE/v3 +export OS_AUTH_URL=DCAE_OS_KEYSTONE_URL_HERE/v3 # With the addition of Keystone we have standardized on the term **project** # as the entity that owns the resources. -export OS_PROJECT_ID=OPENSTACK_TENANT_ID_HERE -export OS_PROJECT_NAME="OPENSTACK_TENANT_NAME_HERE" +export OS_PROJECT_ID=DCAE_OS_TENANT_ID_HERE +export OS_PROJECT_NAME="DCAE_OS_TENANT_NAME_HERE" export OS_USER_DOMAIN_NAME="Default" if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi @@ -26,14 +26,14 @@ unset OS_TENANT_NAME # In addition to the owning entity (tenant), OpenStack stores the entity # performing the action as the **user**. -export OS_USERNAME="OPENSTACK_USERNAME_HERE" +export OS_USERNAME="DCAE_OS_USERNAME_HERE" # With Keystone you pass the keystone password. -export OS_PASSWORD=OPENSTACK_PASSWORD_HERE +export OS_PASSWORD=DCAE_OS_PASSWORD_HERE # If your configuration has multiple regions, we set that information here. # OS_REGION_NAME is optional and only valid in certain environments. -export OS_REGION_NAME="OPENSTACK_REGION_HERE" +export OS_REGION_NAME="DCAE_OS_REGION_HERE" # Don't leave a blank variable, unset it if it was empty if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v2.sh b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v2.sh new file mode 100755 index 0000000000..9c9e3f0634 --- /dev/null +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v2.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# To use an OpenStack cloud you need to authenticate against the Identity +# service named keystone, which returns a **Token** and **Service Catalog**. +# The catalog contains the endpoints for all services the user/tenant has +# access to - such as Compute, Image Service, Identity, Object Storage, Block +# Storage, and Networking (code-named nova, glance, keystone, swift, +# cinder, and neutron). +# +# *NOTE*: Using the 2.0 *Identity API* does not necessarily mean any other +# OpenStack API is version 2.0. For example, your cloud provider may implement +# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is +# only for the Identity API served through keystone. +export OS_AUTH_URL=DNSAAS_KEYSTONE_URL_HERE/v2.0 +# With the addition of Keystone we have standardized on the term **tenant** +# as the entity that owns the resources. +export OS_TENANT_ID=DNSAAS_TENANT_ID_HERE +export OS_TENANT_NAME="DNSAAS_TENANT_NAME_HERE" +# unsetting v3 items in case set +unset OS_PROJECT_ID +unset OS_PROJECT_NAME +unset OS_USER_DOMAIN_NAME +unset OS_INTERFACE +# In addition to the owning entity (tenant), OpenStack stores the entity +# performing the action as the **user**. +export OS_USERNAME="DNSAAS_USERNAME_HERE" +# With Keystone you pass the keystone password. +export OS_PASSWORD=DNSAAS_PASSWORD_HERE +# If your configuration has multiple regions, we set that information here. +# OS_REGION_NAME is optional and only valid in certain environments. +export OS_REGION_NAME="DNSAAS_REGION_HERE" +# Don't leave a blank variable, unset it if it was empty +if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi +export OS_ENDPOINT_TYPE=publicURL +export OS_IDENTITY_API_VERSION=2
\ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v3.sh b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v3.sh new file mode 100755 index 0000000000..eebf8357e1 --- /dev/null +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/DNS-openrc-v3.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +# To use an OpenStack cloud you need to authenticate against the Identity +# service named keystone, which returns a **Token** and **Service Catalog**. +# The catalog contains the endpoints for all services the user/tenant has +# access to - such as Compute, Image Service, Identity, Object Storage, Block +# Storage, and Networking (code-named nova, glance, keystone, swift, +# cinder, and neutron). +# +# *NOTE*: Using the 3 *Identity API* does not necessarily mean any other +# OpenStack API is version 3. For example, your cloud provider may implement +# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is +# only for the Identity API served through keystone. +export OS_AUTH_URL=DNSAAS_KEYSTONE_URL_HERE/v3 + +# With the addition of Keystone we have standardized on the term **project** +# as the entity that owns the resources. +export OS_PROJECT_ID=DNSAAS_TENANT_ID_HERE +export OS_PROJECT_NAME="DNSAAS_TENANT_NAME_HERE" +export OS_USER_DOMAIN_NAME="Default" +if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi + +# unset v2.0 items in case set +unset OS_TENANT_ID +unset OS_TENANT_NAME + +# In addition to the owning entity (tenant), OpenStack stores the entity +# performing the action as the **user**. +export OS_USERNAME="DNSAAS_USERNAME_HERE" + +# With Keystone you pass the keystone password. +export OS_PASSWORD=DNSAAS_PASSWORD_HERE + +# If your configuration has multiple regions, we set that information here. +# OS_REGION_NAME is optional and only valid in certain environments. +export OS_REGION_NAME="DNSAAS_REGION_HERE" +# Don't leave a blank variable, unset it if it was empty +if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi + +export OS_INTERFACE=public +export OS_IDENTITY_API_VERSION=3
\ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh b/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh index 85c5ee2b13..bbf47a9bac 100755 --- a/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh @@ -130,12 +130,12 @@ mv ./kubectl /usr/local/bin/kubectl # Get the Kubernetes Node IP hosting the DCAE NGINX pod NODE_IP=`kubectl get services dcaegen2 -o jsonpath='{.status.loadBalancer.ingress[0].ip}'` -# # Source OpenStack parameters -if [ "OPENSTACK_API_VERSION_HERE" = "v2.0" ] +# Source OpenStack parameters to deploy DCAE +if [ "DCAE_OS_API_VERSION_HERE" = "v2.0" ] then - source /opt/heat/OOM-openrc-v2.sh + source /opt/heat/DCAE-openrc-v2.sh else - source /opt/heat/OOM-openrc-v3.sh + source /opt/heat/DCAE-openrc-v3.sh fi # Create stasck if doens't exist @@ -153,6 +153,14 @@ then sed -i -e "s/DCAE_CONTROLLER_IP_HERE/$DCAE_CONTROLLER_IP/g" /opt/robot/vm_properties.py; fi +# Source OpenStack parameters for DNS Designate +if [ "DNSAAS_API_VERSION_HERE" = "v2.0" ] +then + source /opt/heat/DNS-openrc-v2.sh +else + source /opt/heat/DNS-openrc-v3.sh +fi + configure_dns_designate monitor_nginx_node_ip
\ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/heat/onap_dcae.env b/kubernetes/config/docker/init/src/config/dcaegen2/heat/onap_dcae.env index 363de40526..6b7caadbf3 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/heat/onap_dcae.env +++ b/kubernetes/config/docker/init/src/config/dcaegen2/heat/onap_dcae.env @@ -6,19 +6,19 @@ parameters: # # ############################################## - public_net_id: OPENSTACK_PUBLIC_NET_ID_HERE + public_net_id: DCAE_OS_PUBLIC_NET_ID_HERE - public_net_name: OPENSTACK_PUBLIC_NET_NAME_HERE + public_net_name: DCAE_OS_PUBLIC_NET_NAME_HERE ubuntu_1404_image: UBUNTU_14_IMAGE_NAME_HERE ubuntu_1604_image: UBUNTU_16_IMAGE_NAME_HERE - flavor_small: OPENSTACK_FLAVOUR_SMALL_HERE + flavor_small: OPENSTACK_FLAVOR_SMALL_HERE - flavor_medium: OPENSTACK_FLAVOUR_MEDIUM_HERE + flavor_medium: OPENSTACK_FLAVOR_MEDIUM_HERE - flavor_large: OPENSTACK_FLAVOUR_LARGE_HERE + flavor_large: OPENSTACK_FLAVOR_LARGE_HERE vm_base_name: DCAE_VM_BASE_NAME_HERE @@ -36,17 +36,17 @@ parameters: artifacts_version: DEMO_ARTIFACTS_VERSION_HERE - openstack_tenant_id: OPENSTACK_TENANT_ID_HERE + openstack_tenant_id: DCAE_OS_TENANT_ID_HERE - openstack_tenant_name: OPENSTACK_TENANT_NAME_HERE + openstack_tenant_name: DCAE_OS_TENANT_NAME_HERE - openstack_username: OPENSTACK_USERNAME_HERE + openstack_username: DCAE_OS_USERNAME_HERE - openstack_api_key: OPENSTACK_PASSWORD_HERE + openstack_api_key: DCAE_OS_PASSWORD_HERE - openstack_region: OPENSTACK_REGION_HERE + openstack_region: DCAE_OS_REGION_HERE - keystone_url: OPENSTACK_KEYSTONE_IP_HERE + keystone_url: DCAE_OS_KEYSTONE_URL_HERE cloud_env: openstack @@ -59,7 +59,7 @@ parameters: dns_list: DNS_LIST_HERE external_dns: EXTERNAL_DNS_HERE dns_forwarder: DNS_FORWARDER_HERE - oam_network_cidr: NETWORK_CIDR_WITH_ONAP_ROUTE_HERE + oam_network_cidr: DCAE_OS_OAM_NETWORK_CIDR_HERE ### Private IP addresses ### @@ -85,7 +85,7 @@ parameters: dnsaas_tenant_name: DNSAAS_TENANT_NAME_HERE dnsaas_username: DNSAAS_USERNAME_HERE dnsaas_password: DNSAAS_PASSWORD_HERE - dcae_keystone_url: DCAE_KEYSTONE_URL_HERE + dcae_keystone_url: DCAE_FINAL_KEYSTONE_URL_HERE dcae_centos_7_image: OPENSTACK_CENTOS_7_IMAGE_HERE dcae_domain: DCAE_DOMAIN_HERE dcae_public_key: OPENSTACK_PUB_KEY_HERE diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/aai-service.onap.org.conf b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/aai-service.onap.org.conf index 9cfb221771..4670f35ec3 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/aai-service.onap.org.conf +++ b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/aai-service.onap.org.conf @@ -8,12 +8,17 @@ server { server_name *.aai.simpledemo.onap.org; + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend https://aai-service.onap-aai.svc.cluster.local:8443; + location / { - proxy_pass https://aai-service.onap-aai:8443/; + rewrite ^/(.*) /$1 break; + proxy_pass $backend; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "https"; } ssl_certificate /etc/certs/aai-service.onap.org.pem; ssl_certificate_key /etc/certs/aai-service.onap.org.key; -} +}
\ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/dmaap.onap.org.conf b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/dmaap.onap.org.conf index 1015a22063..e9c38d5895 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/dmaap.onap.org.conf +++ b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/dmaap.onap.org.conf @@ -8,8 +8,13 @@ server { server_name *.mr.simpledemo.onap.org; + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend http://dmaap.onap-message-router.svc.cluster.local:3904; + location / { - proxy_pass http://dmaap.onap-message-router:3904/; + rewrite ^/(.*) /$1 break; + proxy_pass $backend; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "http"; } diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/open.onap.org.conf b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/open.onap.org.conf index ed62a32f20..de4d04321f 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/open.onap.org.conf +++ b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/open.onap.org.conf @@ -8,10 +8,37 @@ server { server_name *.openo.simpledemo.onap.org; + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend http://msb-iag.onap-msb.svc.cluster.local:80; + location / { - proxy_pass http://msb-iag.onap-msb:80/; + rewrite ^/(.*) /$1 break; + proxy_pass $backend; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "http"; } } +server { + listen 9005 ; + listen [::]:9005 ; + + root /var/www/html; + + index index.html index.htm index.nginx-debian.html; + + server_name *.openo.simpledemo.onap.org; + + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend http://multicloud-windriver.onap-multicloud.svc.cluster.local:9005; + + location / { + rewrite ^/(.*) /$1 break; + proxy_pass $backend; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto "http"; + } + +}
\ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/pdp.onap.org.conf b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/pdp.onap.org.conf index 2bbff5c6d4..72fe7be134 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/pdp.onap.org.conf +++ b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/pdp.onap.org.conf @@ -8,8 +8,13 @@ server { server_name *.policy.simpledemo.onap.org; + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend http://pdp.onap-policy.svc.cluster.local:8081; + location / { - proxy_pass http://pdp.onap-policy:8081/; + rewrite ^/(.*) /$1 break; + proxy_pass $backend; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "http"; } diff --git a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/sdc-be.onap.org.conf b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/sdc-be.onap.org.conf index 7f15044a97..0be9355b6d 100644 --- a/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/sdc-be.onap.org.conf +++ b/kubernetes/config/docker/init/src/config/dcaegen2/nginx/config/sdc-be.onap.org.conf @@ -8,8 +8,13 @@ server { server_name *.sdc.simpledemo.onap.org; + resolver KUBE_DNS_IP_HERE valid=1s; + + set $backend https://sdc-be.onap-sdc.svc.cluster.local:8443; + location / { - proxy_pass https://sdc-be.onap-sdc:8443/; + rewrite ^/(.*) /$1 break; + proxy_pass $backend; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "https"; } |